PFCLObfuscate, DerbyCon, Drunken Security News - Episode 345 - September 12, 2013

Pete Finnigan works as an independant Oracle security consultant for his own company PeteFinnigan.com Limited . Pete specialises in performing detailed Oracle security IT Health checks against Oracle databases using a detailed methodology developed by Pete from many years of experience in securing databases.

We've got a good one for you this week. Paul and Jack were in studio we were treated with a visit from the DerbyCon organizers. Dave "Rel1k" Kennedy, Adrian "Irongeek" Crenshaw, Martin "PureHate_" Bos and Nick "Nick8ch" Hitchcock. Derby is one of those cons that that sells out within minutes or less, so they're surely not here to sell tickets for the September 25-29th even in Louisville, Kentucky. Listen to find out all the great things they have in store for this year's event. They've expanded with six tracks this year, two nights of big events and will have The Crystal Method playing on Saturday night! Dave also mentioned that his choice of Weird Al Yankovic got vetoed, but if I had any kind of vote, I'd love to see Al. In addition to some of the best talks on the planet, you'll see some games such as "Are You Smarter Than a CISSP?" and "Whose Slide Is It Anyway?" One of the other great things about DerbyCon is they make many, if not all of the videos available for people to view, in near real time, thanks to the kickass video guy Adrian.

Then on to the stories. Talking with the Derby guys is always so much fun, and with the weekly Stogie Geeks podcast immediately after, there wasn't much time left for stories. Paul and Jack got into Marissa Mayer not locking her iPhone and people trying to board commercial aircraft with hand grenades. Yeah. According to the article, TSA found 83 people with hand grenades in either their carry-on or checked luggage. But when we dig a little deeper in the article, we see those 83 also included "The majority of these grenades were inert, replica, or novelty items". The basically took away toys. I guess that sounds silly at first until you figure the hassle someone could cause by pulling out a toy but real-looking grenade mid-flight. Who's going to confirm that it's just a toy? It'd make for one heckuva stressful flight. So leave your grenades at home.

The only other story the guys talked about was Yahoo! CEO Marissa Mayer and how she avoids the hassle of locking her iPhone with a passcode. The article is an interesting one where one side wonders why she takes mobile security so casually? If hers fell into the wrong hands, first imagine the phishing that someone could pull off. But also what kind of trove of data is available on there from upcoming plans at Yahoo! (a publicly traded company) to private email conversations with other executives at the company. But then the other side wonders if the security advice for Mayer has the same level of appropriateness as for an average user. Maybe Mayer takes better physical precautions with her iPhone than a typical 16 year old high school student. Is her point valid that the extra step of entering a passcode isn't worth the ease of getting into her device many times a day to conduct business? Seems like an interesting question at least.