The Hacker Factor Blog

I'm always looking for security-oriented podcasts to listen to when I'm traveling. Some of the ones that I have found are pretty bad, while others are truly excellent.

2600

The 2600 radio show "Off The Hook" has been around since 1988. They have had episodes available for download as MP3 files since before "podcast" became a word. So one would think that, with over 20 years of experience, they would finally learn how to use the mixing board! For a technical forum, these jokers can barely make the phone lines work; every other podcast that I have heard has been cleaner and more professionally produced than this one.

Getting past the quality issues are the topics and advice. While they do discuss current topics related to security and privacy, they often take the viewpoint of someone intentionally doing something wrong. In some cases, they actively promote and advocate illegal activities. If you heed their advice and get caught, then you will probably end up in jail. (No wonder many of their letters to the editor published in 2600: The Hacker's Quarterly are from people in prison... and some of the hosts have felony convictions.)

I cannot recommend this show to anyone. It is an hour of your life that you will never get back. I give it two frownies:

2600's Emmanuel Goldstein also has a show called "Off The Wall". It is basically a baseless rant and topic-less meander with really bad background music. Three frownies: . You'd be better off and more satisfied by spending an hour staring at a blank wall.

CyberSpeak

CyberSpeak is a semimonthly podcast hosted by Ovie Carroll (Director, Cybercrime Lab at U.S. Department of Justice Computer Crime and Intellectual Property Section) and Bret Padres (Director, Digital Forensics at Stroz Friedberg, LLC). One would think that, with their backgrounds in law enforcement, this would be a dry and boring podcast -- but one would be very wrong! The hosts are hysterical (they constantly crack each other up, and usually make me laugh out loud at least once per episode).

For topics, they cover recent issues in computer security, computer forensics, and privacy. Unlike 2600, Ovie and Bret never advocate illegal activities, but they do not always support laws and legal requirements. They are usually very critical in their evaluations of legal topics and usually see both sides of an issue.

This hour-long show contains discussions about current topics, reviews of new tools, lists of cool web sites, and interviews with people involved in the field. While they do evaluate tools and interview software developers, they don't actively push products.

This podcast is a must-follow for anyone interested in computer security, forensics, and privacy. I give this podcast my highest rating, three smilies:

My only criticism: When he gets excited, Ovie shouts a lot. Be prepared to lose an eardrum if you wear headphones.

Crypto-Gram

Security guru Bruce Schneier has a monthly newsletter called the "Crypto-Gram". In it, he voices his opinion about various computer privacy related issues. The articles are actually a combination of his blog postings and mass media essays. While I don't always agree with him (I agree about 90% of the time), his arguments are well written and clearly presented. If you are looking for a speech and debate topic, he provides plenty of great starting points.

Unlike other podcasts, this one does not review technologies or dive into deep technical discussions. Instead, Schneier stays at the 1000-foot level, focusing on the forest and not the trees. You won't learn a new hack or how to apply a new program, but you will gain insight into the implications.

Shortly after his newsletter is published, the "Crypto-Gram Security Podcast" is updated. The podcast is someone other than Schneier reading the newsletter. The podcasts vary in length, but are usually 10-20 minutes long. If you only have a few minutes for something that will stimulate your brain, then this is a great choice.

Two smilies:

Speaking of Security

RSA has a weekly podcast called "Speaking of Security". This podcast is short -- usually 10 minutes -- and includes sponsor advertisements. All of the interviews involve RSA partners and affiliates.

Having said that, the topics do give a good idea about available security oriented products and services. Of the product pushing podcasts, this is one of the better ones. One smiley:

PaulDotCom

There is a security podcast called "PaulDotCom Security Weekly". This podcast ranges from 45 minutes to 1.5 hours. But, it is almost all product placement, advertisements, and unrelated tangents. The banter between the hosts may be funny to them, but rarely even gets a smirk from me. Some episodes have over 10 minutes of nothing (ads, music, and tangents) before discussing anything security related.

In Episode 199, they mentioned not having any listener winners. Perhaps it is because they don't have any listeners... The technical coverage is mainly personal experience and comments like "and then I used the blah program to do blah" without details or context. One frownie:

This Week in Computer Hardware

The video podcast "This Week in Computer Hardware with Ryan Shrout" is not security focused. However, it discusses hardware and other issues that directly impact security, privacy, and forensics. The host is very knowledgeable, the discussions are focused and detailed, and the hour-long podcast is entertaining without the need for humorous tangents. Two smilies:

Other Podcasts

Computer security and forensics really require timely topics. Thus, I'm not reviewing podcasts like "The Security Roundtable" and "SploitCast" since they haven't released new episodes in years.

Are they other (free) security podcasts that are worth listening to? If you know of other security-related podcasts, let me know! I'll update this blog entry with the podcast name, your rating (from three frownies to three smilies) and your brief description of the podcast. Be sure to include a link to the podcast's feed!

Other Recommentations

David Garrard recommends the Australian podcast, "Risky Business". David didn't provide a description, so I just listened to two episodes. They cover technical topics with some depth (not enough to program by, but enough to get you started) and discuss current issues in security and privacy. It is like CyberSpeak, but without the funny banter and with an Australian accent. Three smilies:

Paul Wilkins, Keith, and King recommend "Security Now". Paul gave it two smileys , while Keith recommended two to three smilies. Keith included this excellent description:

I've not listened to any of the other podcasts you listed, so I can't compare to them. But I've found "Security Now" (http://twit.tv/sn, http://grc.com/sn, http://itunes.apple.com/us/podcast/security-now/id79016499) to be excellent. Each week, Steve Gibson and Leo Laporte review the week in security news, provide errata and updates to previous shows, and then spend alternate weeks either doing listener Q&A or covering some interesting topic (frequently not security related, but always interesting to geeks). I'd give it three smileys for what it is; some may give it two smileys because it's more consumer oriented and not NSA-level hard core. 1.5 - 2 hours, and always entertaining. Contains 2-3 product placement spots, but even those are entertaining, as Leo does them in his characteristic homey, Arthur Godfrey style.

King added:

Another vote for Security Now, it's a good overview of timely security information and chosen topics. Leo is a professional radio/tv guy from way back (as well as fairly techy) and Steve is deeply techy but can still talk to "regular" people. They make a good team, even when you already know the topic, they're entertaining.

I recently listened to the "Security Now" podcast and agree with Paul, Keith, and King. I give it a solid two smilies: