They’ll nail down the top IT security threats facing the industry today, as well as how demands in our increasingly mobile world are complicating things. Regulatory agencies continue to modify requirements to put some checks in place, but are they working? And how can banks meet these requirements in today’s tough financial market?

This promises to be a lively and enlightening discussion with an industry leader who really has his finger on the pulse of banking technology today.

Tom Field is an award-winning journalist with over 20 years experience in newspapers, magazines, books, events and electronic media. He is currently Editorial Director at Information Security Media Group, which includes www.bankinfosecurity.com and www.govinfosecurity.com. Field has developed and moderated scores of podcasts, webcasts, roundtables and conferences, and he has appeared on C-SPAN, The History Channel and Travel Channel television programs. He is also a published book author.

Listen Friday, August 21st- 9:00am PT / 12:00pm ET

Jimmy Ray Purser, technical co-host for Cisco Systems’ TechWise and BizWise TV, as well as the popular Network World blog Networking Geek to Geek, joins Steve to talk about exactly what these attacks are, how they are used, and how we can stop them.

You don’t want to miss these two tech gurus in this high energy show!

Listen at:

Joining Steve Dispensa on Friday, June 19th, to talk about this newly developed federal government role is Danny Bradbury, US bureau chief and US editor of InfoSecurity magazine. Danny has spent many years as a technology journalist, and additionally edits two newsletters, Computer Fraud and Security and Network Security.

Steve and Danny will talk about what they feel the top priorities of this new position should be based on the biggest threats in our current IT security landscape. They’ll also talk about what skills this new person and their core team should have. For instance, should there be a true hacker in the mix to really know how to protect us?

This isn’t a political debate, it’s a security rundown. Don’t miss this episode, our first hour-long Security Break Live!

Listen at:

On Friday, May 22nd, Christopher Beier from Fiserv, the leading global provider of information management and electronic commerce systems for the financial services industry, will join Steve as guest co-host to talk about the concept of Security 2.0, some of the emerging technologies and requirements that are helping to shape how we approach security, and Fiserv’s experience implementing it.

Listen at:

Mobile devices offer a growing number of opportunities for the bad guys to infiltrate your world. On Friday, May 8th, Steve and guest co-host Dan Thormodsgaard, Director of Solutions Architecture at FishNet Security, will examine some of the top threats associated with this trend toward mobility, as well as discuss the best ways to stop attackers in their tracks.

In his role at FishNet, Thormosdsgaard serves as strategic advisor of Fortune 50, enterprise accounts and government institutions. He listens, discusses and supports organizations’ long-term security infrastructure initiatives as well as evaluates security tools and provides technology recommendations for customers and FishNet Security’s partner program.

Listen at:

This episode is the second in our two-part series, The Perpetual Password Threat. In the first installment we talked about why passwords really don’t work and how you can make your company more secure. This time Steve and co-host Derek Brink, Vice President & Research Fellow at the Aberdeen Group, dive into the really sinister attacks that we need to protect against.

This special episode will air live from the RSA conference floor (booth 233) in San Francisco where the leaders in IT security are talking about the most cutting-edge methodologies to protect ourselves from these unknown assailants.

Listen at:

This episode will be the first of a 2-part series: The Perpetual Password Threat. There are so many types of passwords attacks now, we couldn’t cover it in just one show.

Dispensa and Costa will kick off the series talking about why password quality is still terrible, why passwords are easy to intercept, and how easy they are to abuse. By the time they’ve told you the straight story on why passwords just don’t work and discuss approaches to make your company safer, you’ll be on red alert for other sinister attacks and their solutions. That’s coming up on the 2nd episode which will air live from the RSA conference in San Francisco on Thursday, April 24th. There Steve and his co-host will take on extremely sinister approaches to passwords: how to crack them, how to steal them with Man-in-the-Middle attacks, and how to protect them with two-factor authentication. Don’t miss this series!

Listen at:

One of the biggest problems with passwords is that they can be shared. In fact, some of you may remember share-level security back in the days of Windows 3.x. This system required that everyone with access to the share know the password, which essentially meant that any user could make decisions about whom to give the password to – totally insecure.

When user-level security arrived on the scene (well, the Microsoft scene; most other OSes had had user-based security for ages), it was quickly adopted as a best practice, because it didn’t require the sharing of passwords.

And, for a decade and a half now, that’s where we’ve stayed. Passwords are not required to be shared, but they’re still fundamentally shareable, which is the attribute of passwords that all of the attacks in my previous posts exploit. Passwords are just something you know, which makes them easy to remember, write down, copy, share, lose, and so on.”

If passwords were merely secrets, the situation would be better, but they’re not absolute secrets: you tell them to someone (or something) every time you log in. And there’s the problem. You can’t be sure you can trust the system you’re telling. You can’t be sure the system you’re telling is really the system you think it is. You can’t be sure you’re not being overheard, by a wide variety of means.

Once you’ve been overheard, it’s game-over. Bad Guy can just run around impersonating you to the systems until he gets caught, which could take a while. Meanwhile, generally, you can’t tell this is going on, so you have no way to stop it. Administrators will only notice if the access pattern looks suspicious for some reason.

This is why the industry has evolved again, this time from simple user- level authentication with passwords to strong (and, increasingly, mutual) authentication of security principals. The technologies in play are varied; different approaches are appropriate for different contexts, but the bottom line is the same: if you make it impossible to share (intentionally or not) authentication credentials, you have a dramatically more secure system.

You’d be a victim of a Man-in-the-Middle attack (MITM), a cryptographic form of eavesdropping. This threat to businesses is enormous and getting worse every day. Phishing, SSL proxy, autoproxy, Man-in-the-Browser, DNS poisoning such as Hotspots and Kaminsky attacks, IPSec+XAUTH MITM, and OTP via a botnet client are all extremely dangerous MITM attacks.

On Friday, March 27th, join Steve Dispensa and co-host David Strom as they share solutions to MITM attacks, and discuss possible new threats.

David Strom is an internationally respected author and professional speaker who has been writing about security and networking issues for more than 20 years. He was the founding editor-in-chief at Network Computing magazine and DigitalLanding.com, and has written two computer networking books and thousands of magazine articles for nearly every IT publication.

Listen at:

What’s in your e-mail?

On Friday, March 13th, Security Break Live addresses many of the traps you may not know about, as well as some ways to protect your e-mail environment moving forward.

Steve will be joined by Wayne Rash, a veteran computer journalist for more than 30 years. Wayne was Executive Editor of the eWEEK Knowledge Center and Ziff Davis Events. Now he is the President of Wayne Rash & Associates, which houses a testing lab. He continues to write, specializing in enteprise technology and development.

Listen at: