SSCC 82 – Sophos Security Threat Report, DMARC and mobile phone number leaks

Chet Chat logoPaul Ducklin is my guest for the Chet Chat this week getting back to our normal security news you can use mantra.

We kicked off our discussion with the Sophos Security Threat Report 2012. We talked about a few of the highlights like the commonality of exploit kits like Black Hole, the latest trends in mobile malware and the current state of security regarding the cloud.

Paul has been looking into the recently unveiled Domain-based Message Authentication, Reporting & Conformance (DMARC) proposal by industry giants like Facebook, AOL, Google, Paypal and Microsoft.

We discussed the challenges with the proposal and how the first step requires proper deployment of technologies like Sender Policy Framework (SPF).

Lastly we debated the privacy mess created by mobile carrier O2 in the United Kingdom when it was discovered they were including customers mobile phone numbers in HTTP headers to every website they visit from their mobile phone.

Aside from the Chet Chat, Paul and I have been working with the rest of the team on our plans for RSA Conference USA 2012, including an awesome new t-shirt with an all new crypto puzzle.

If you are visiting RSA, be sure to come by and meet Paul, the Sophos team and I and grab one of our limited edition shirts.

If you are not able to attend this year we will be posting the puzzle to Naked Security and Twitter so everyone can participate.

(3 February 2012, duration 14:13 minutes, size 13.7 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 82, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.