Data Security Podcast Episode 76, Nov 02 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Placing an online bet for the World Series? Employees of online betting sites might be selling customer data online.

* Google Book Search: What data is Google storing about readers of online books?

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 76 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 76 of the Data Security Podcast

* Conversation:  Samantha talks with Rebecca Jeschke  of the Electronic Frontier Foundation (EFF). There are lots of privacy objections to the Google book search settlement… EFF is leading the way on the privacy objections. Read about it here. And here’s the legal document filed by EFF… the settlement hearing has been indefinitely postponed.

* Tales From The Dark Web:  Are online casinos leaking information about their customers? Hard to say, as we saw the original web posting about this is only available in the Google Cache. Here is a story from TightPoker.com about the original posting. That story lists the original site at AustralianGambling.au, but the URL should be AustralianGambling.com.au .

* From Our Take on The News:  Lobbyists beware: judge rules metadata is public record. This story also talks about the Google metadata leak.

* From Our Take on The News: A MUST READ – Samantha writes at the ReasonableReporter.com about social engineering and how the technique is used in real life, and in the new movie Law Abiding Citizen:

* Wrap: Ira talked about the launch of Digital Forensics Magazine.

Obama: $3.4B Toward ‘Smart’ Power Grid – What About Smart Security and Privacy for The Grid?

President Obama is annoucing $3.4b in stimulus monies for the “Smart” Power Grid today (see story here).

But, here is part of the story that is not getting much, if any, coverage: What are the security and privacy issues in deploying the Smart Grid and Smart Meters?

While I am not an expert on energy, I am knowledgable on the data security and privacy issues on this topic. This is an issue that could literally impact every citizen and business in the US, and impact the very foundation of the economy.

There are advanced technologies that could truly help secure the delivery of power. There are rules that can be put into place to help protect privacy. But, these items do not appear to be on the agenda today, and get little attention in day-to-day coverage.

Early deployments of the Smart Grid and Smart Meters have not made security and privacy a priority, much beyond lip service.

There will be some very negative outcomes for this program if  security and privacy are not truly “baked in” at the beginning of this next wave of deployments.

Written By: Ira Victor, GIAC G17799 GCFA GPCI GSEC   ISACA CGEIT

Data Security Podcast Episode 75, Oct 25 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Everyone loves retail gift cards…they are quick and easy for consumers, and for web application “hackers.”

* Some Time Warner cable internet users are vulnerable to serious attacks — when will Time Warner release a fix?

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 75 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 75 of the Data Security Podcast

Time Warner-supplied SMC cable modems: Open for Exploit?

* Conversation:  Ira talks with David Chen of Pip.io with an update on the critical vulnerabilities he discovered in a batch of Time Warner cable modems (made by SMC). TW now acknowledges the flaw, and they have made statements elsewhere that a fix is being deployed. David Chen tells us that as of this past weekend the vulnerabilities remain.  Both David Chen and The Data Security Podcast have attempted to get an update on a fix. Time Warner cable has not replied to written requests from David Chen, or from this program.  David Chen is blogging with recommendation on how he thinks Time Warner Cable could mitigate these flaws… see his latest blog here.

* Tales From The Dark Web: Retail gift cards are potentially vulnerable to attacks. One that jumps out: web application attacks. Read the entire report by Corsaire.

* From Our Take on The News: Jurors are using smartphone from the jury box and the deliberation room – potentially putting trial outcomes into jeopardy.

* From Our Take on The News: Treasury Strategies Sees Possible Bank Failures Due to Fraud Losses

* The Kicker: Long Island Teen Uses Hidden Video to Catch a Thief

Modern Bank Robbers Could Shutter As Many As 10 Financial Institutions

Data Security Podcast Episode 74, Oct 18 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.

* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 74 of the Data Security Podcast

* Conversation:  Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.

* Tales From The Dark Web:  Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out.  If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.

Rogueware with new Ransomware Technology

Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security.  Take note that the malware icon disappears from the computer, and when it does, the attack is in place.  If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:

WNDS-TGN15-RFF29-AASDJ-ASD65
WNDS-U94KO-LF4G4-1V8S1-2CRFE
WNDS-6W954-FX65B-41VDF-8G4JI
WNDS-G84H6-S854F-79ZA8-W4ERS
WNDS-TTUYJ-7UO54-G561H-J1D6F
WNDS-A1SDF-6AS4D-RF5RE-79G84
WNDS-A1SDF-RY4E8-7U98D-F1GB2
WNDS-5SRTS-AEHUF-YA54S-D6F35
WNDS-P9685-4H41A-DSW3A-2R64T
WNDS-2AE32-1VFC2-B6894-G67YU
WNDS-4TS8R-D6F5D-4JH8T-U4JK5
WNDS-FGS5D-649RG-4S53D-412SF
WNDS-452S3-ER00F-TSE35-S8FSD
WNDS-SERFH-2642S-F04SD-64FG1
WNDS-F40SA-1ER5H-4FG5D-F8412
WNDS-5D1V2-XB0D5-JT1TY-97DS3
WNDS-4BGY2-JY4KO-IT98Y-7HJ43
WNDS-G8FB6-1V87S-DRT1S-63SRG
WNDS-HFVDR-9844O-U54DA-5TBSC
WNDS-89OF7-7324R-5SAD4-TG68U
WNDS-JUYH3-24GHJ-HGKSH-FKLSD

* From Our Take on The News:  Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory. 

Data Security Podcast Episode 73, Oct 11 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Major patching in store this week, due in part to flaws revealed this summer in Las Vegas?

* A fresh look at a Zeus banking attack counter-measure

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 73 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 73 of the Data Security Podcast

* Conversation:  Ira takes a new look at a counter-measure for the latest wave of Zeus banking attacks in his conversation with Steven Dispensa, CTO of PhoneFactor.

* Tales From The Dark Web: It’s like clockwork…two months after security events BlackHat and Defcon every summer in Las Vegas, we see a surge in patches for attacks that were highlighted at these events.  Microsoft Security Bulletin Advance Notification for October 13th 2009. Security Advisory for Adobe Reader and Acrobat for October 13th 2009, including the CVE number.

* From Our Take on The News:  Danger Will Robinson! Danger!  Update on Danger’s Sidekick Massive Data Loss.  Read the FAQ for tips on trying to salvage your data.

* From Our Take on The News:  Computer Network Denial Of Service Denial

* From Our Take on The News: Twitter shuts down legit security researcher, Mikko Hypponen.  Reports from his blog here, and an update here.

Twitter Shuts Legit Down Security Researcher's Account

Data Security Podcast Episode 72, Oct 04 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Polymorphic malware – every time it attacks it has a new signature.

* The balance on your bank account looks find, too bad all your money’s gone.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 72 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 72 of the Data Security Podcast

* Conversation:  Ira talks about a dangerous new twist to the banking attacks Yuval Ben-Izhak the CTO of security company Finjan. Here is the link to the Finjan Report on the new Zeus bank Trojan mentioned in the segment.

* Tales From The Dark Web: Polymorphic malware – every time it attacks it has a different signature.  That means you anti-virus won’t recognize it.  Ira talked about the presentation at ISACA Security and Risk Conference by Stuart Staniford, the Chief Scientist at FireEye.  Read the related Anti-Phishing Working Group paper on the topic.

* From Our Take on The News:  From Wired.com – Probe Targets Archives’ Handling of Data on 70 Million Vets

* From Our Take on The News:  Secure Flight Program by the TSA. EPIC (The Electronic Privacy Information Center) follows the surveillance and profiling of airline passengers. Their most recent post on the TSA “Secure Flight” program was in 2007, when the organization recommended that “secure flight should be grounded” due to privacy concerns. The program is now being expanded to require airline passengers to provide their date of birth when they purchase an airline ticket.  See: http://epic.org/privacy/airtravel/secureflight.html

BREAKING NEWS – New Twist to Zeus Bank Trojan; Well-Known Penetration Tester at ISACA Conference Calls Revelation “Disastrous”

Reporting from the ISACA Security and Risk Management Conference in Las Vegas, we have breaking security news this morning.

Organized cyber criminals have added a new damaging element to an already viscous cyber attack. Yuval Ben-Itzhak, CTO of Finjan spoke by phone with the Data Security Podcast about a frightening new twist to the surge of bank account stealing Trojan attacks.

First some background: This news program, and other media outlets, have been reporting in the last few months about a wave of bank account Trojans that have been stealing money from small and medium sized businesses, and local governments. Theses well organized cyber criminals have been combining web drive-by attacks, with unauthorized electronic funds transfers. The cyber criminals then use innocent money mules to launder the money. The mules are typically lured into popular “make cash at home” schemes.

A construction company in Maine lost $588,000 from a recent attack, and they are now suing their bank. It’s important to note that while consumers generally have 60 days to “unwind” an unauthorized electronic funds transfer, businesses accounts are only protected if the bank is alerted within 48 hours of an unauthorized transfer. On The Data Security Podcast earlier this week, we interviewed the lawyer representing the construction company that suffered the $588,000 loss, see link below.

The Data Security Podcast can now report a dangerous new element to these attacks. Ben-Izthak tells the Data Security Podcast that Finjin security researchers have seen the cyber criminals actually alter the “account view” online screens that a victim sees. Of course the altered screen views do not show suspicious transactions. This means that a business will probably lose the chance to catch unauthorized transactions within the 48 hour window.

Here’s the process – The business uses a computer(s) to do online business banking, and uses that same computer to do web activities, email, and other standard business internet tasks. The attackers use those normal internet activities to plant a version of Zeus banking Trojan onto the business computer systems. These attacks are designed to by-pass most firewalls and many popular anti-virus programs.

The Trojan captures log-in info, challenge question/answers, and account numbers, right from the business computer systems…all the info the criminals need to conduct unauthorized electronic funds transfers.

Here’s the new twist: The attackers are now altering the web screens that display business account information. The bank’s computers are not altered, but rather the business customer’s view of their own accounts, as seen from their own computers. This is known in security-speak as an integrity attack: when authorized persons are unable to trust the accuracy of their own information

Ira Victor, Co-Host of The Data Security Podcast, is covering the ISACA Las Vegas Conference and had an exclusive sit-down interview with well-known data security researcher and penetration testing expert ‘Famous Peter Woods’ (as he is known), about this new attack.  Peter Woods is the COO of First Base, a security company in the UK.  Mr. Woods is also a keynote speaker at the conference.

Peter Woods characterized this new variation of the Zeus bank Trojan “as a disaster.”  Mr. Woods recommended that business engage is a serious round of new user awareness training. When we asked Mr. Woods about technical counter-measures the banks could undertake, he questioned the willingness of many banks to invest in counter-measures that would truly be effective against these types of attacks. He thought that many banks would be more likely to add new legal disclosures in an attempt to indemnify themselves from financial loss.

Indeed, some banks are now putting new warnings on their web sites that encourage customers to “update anti-virus” and to “update system-patches.” Other speakers at the ISACA conference in Las Vegas generally agree that while that those measures are good for stopping certain attacks, they are mostly insufficient to thwart these newer types of attacks.

In Data Security Podcast Episode 71, Samantha Stone has an eye-opening interview with the attorney of the Maine construction company that lost $588,000 in a cyber attack, and is suing their bank. The cause of action? The plaintiff claims the bank breached it fiduciary duty when it failed to protect against the loss of the $588,000.  We suspect that a variant of  the Zeus banking Trojan attack was used to steal the money.

Be sure to listen to subscribe to our RSS feed and listen Data Security Podcast Episode 72. When that show posts, it will include our interview with Yuval Ben-Yitzhak of Finjan. Here is the link to the Finjan Report on the new Zeus bank Trojan.

Data Security Podcast Episode 71, Sep 28 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* $4k per day scamming fake Viagra? That’s just the tip of the iceberg.

* Business bank accounts are the targets of attacks, businesses are responding with lawsuits against banks.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 71 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 71 of the Data Security Podcast

* Conversation: Samantha talks with attorney Dan Mitchell, of Bernstein Shur. His business client was the victim of one of the bank account attacks, resulting in a cash loss of over $500,000. His client is suing the bank. Coverage in Computerworld.

* Tales From The Dark Web: Pharma scams earn $4k per day for members of the Dark Wek.  Read that and a LOT more in Dimitry Samosseiko of SophosLabs paper he presented to the Virus Bulletin Conference in Geneva Switzerland. That event wrapped up last Friday.

* From Our Take on The News:  Waves of Twitter attacks erode trustworthiness of Tweets.

How much should you trust Tweets?

* From Our Take on The News:  How much of your business data should you trust to web mail?

* From Our Take on The News:  Cameras keep track of all cars entering Medina Washington.

Data Security Podcast Episode 70, Sep 21 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* Full access to anyone’s Facebook account for $100?

* Update on confidential data case in Maricopa County, AZ

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 70 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 70 of the Data Security Podcast

* Tales From The Dark Web:  According to a PandaLabs report, for $100, members of the Dark Web will provide you with the password on any Facebook user.  What else are they doing with the data?

$100 for a Facebook User's Password?

* From the News:  The SANS Institute releases The Top Cyber Security Risks report.  It’s a must read .

* From the News: An Ohio children’s hospital experienced a data breach when man tried to spy on ex-girlfriend using malware. Excellent coverage by Robert McMillan of IDG News Service.

*  From the News:   According to a new study: eCommerce Merchants “…Can Convert 11% More Digital Window Shoppers by Adding Security Trustmarks”

Data Security Podcast Episode 69, Sep 14 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* Beware the non-delivery email notice – it might really be an attack.

* Apple has added an anti-phishing feature to the new iphone but few people have been able to get it to work right.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 69 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 69 of the Data Security Podcast

*  Ira talks with Michael Sutton, vice president of research at Zscaler about issues with the new Apple iPhone anti-phishing feature in Safari for the iPhone.  Read the details on how to fix this issue in this LoopInsight.com posting.

* Tales From The Dark Web: 2000% rise in non-delivery report spam, according to a PandaLabs report.

* From the News:  Brian Mastenbrook: How I cross-site scripted Twitter in 15 minutes, and why you shouldn’t store important data on 37signals’ applications. Update: Response from 37signals, including a change in their policy. Also, check out ReportSecurityFlaws.com .

* Topics From the News:   Tracking employee internet usage;  iPhone man in the middle SSL attack;  Should public officials be banned from using Blackberry PIN-to-PIN, and other text messages during hearings?

Wrap: iPhone 3.1 breaks Exchange Sync for pre-3GS phones from the discussion boards of DSL Reports.

iPhone Exchange Headaches?