Archive for October, 2008

Data Security Podcast Episode 24 – Oct 28 2008

Posted in Podcast with tags , , , , on October 27, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Cross Site Scripting impacts Yahoo; eVoting security; Congress wants iPhones, what are the security impacts? Plus, the latest data security news.

–> Stream, subscribe or download Episode 24 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by DeviceLock

Program Notes for Episode 24

From the news: Capital Hill wants taxpayer supplied iPhones, potentially impacting data security.

Tales From The DarkWeb – Cross Site Scripting Attacks hit Yahoo users.

Conversation with Jacob West about eVoting security. Read the Fortify Software report on eVoting security.

Data Security Podcast Episode 23 – Oct 21 2008

Posted in Podcast with tags , , , on October 21, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: FBI Cyber Division sees a large increase in sophisticated attacks; Is anti-virus is almost useless? Plus, the latest data security news.

–> Stream, subscribe or download Episode 23 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by DeviceLock

Program Notes for Episode 23

News:

Motorola Brick Cell Phone

Motorola Brick Cell Phone Turns 25 yrs old

1. The modern mobile phone turns 25 years old

2. Cellular botnets coming soon: Part of a multi-threat Georgia Tech Report on emerging attacks

3. IRS fails another internal (in)security audit

4. Will the UK require government IDs to buy pay-as-you-go cell phones?

Tales From The DarkWeb – The FBI Cyber Division sees a large increase in attacks against US businesses and government networks

Conversation: Randy Abrahms, with ESET Anti-Virus software challenges the claims at this year’s IT Security World show that anti-virus is almost useless.  Sandboxie, the free security program that Randy mentioned for isolating the web browser from the rest of the system.

Data Security Podcast Episode 22 – Oct 14 2008

Posted in Podcast with tags , , , , , on October 13, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Massive cache of web server logins uncovered, web application security honeypots, and the latest data security news.

–> Stream, subscribe or download Episode 22 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by DeviceLock

Program Notes for Episode 22

News:

1. Blue Cross and Blue Shield data breach of agent Social Security data

2. High-speed fiber optic controversy in the city of Montecello, Minnesota

3. Campaign strategy data appears to be the target of lap-top theft

4. Business owners who handle or store credit card details seem to be largely unaware of new PCI standards. This Summary of Changes document provides an overview of the significant differences between the two versions.

5. New phishing attacks target fears over the international fiscal problems

Tales From The DarkWeb – High-Performance Distributed Password Recovery to Crack WPA Wi-Fi ; Black Alchemy’s Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP’s cacophony of beacon frames. As part of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables.

Conversation: Ira talks with Steven K. Sprague, President and CEO of Wave Systems about a simple and more secure approach to two-factor authentication using the TPM chip that is already built into millions of PCs. This technology can be used to secure cloud computing data and for better security on wireless networks using WPA and TPM.

Data Security Podcast Episode 21 – Oct 07 2008

Posted in Podcast with tags , , , , , on October 7, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Massive cache of web server logins uncovered, web application security honeypots, and the latest data security news.

–> Stream, subscribe or download Episode 21 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by DeviceLock

Program Notes for Episode 21

News:

1. Remember the San Francisco IT employee who brought the city’s business to a halt when he hijacked its network? Apparently, hostile employees do this from time-to-time, and they fit a certain profile.

2. iPhone Forensics, a new book authored by Jonathan Zdziarski

3. An Ohio woman has permission to sue her county after a scanned image of a traffic violation allowed her identity to be stolen.. Resulting in $20,000 in bogus purchases.

4. UFO/military systems hacker did his work over 56k modem.

5. “It’s not an Orwellian thing…” So says Denver law enforcement of their plan to have civilians monitor the city’s beefed up network of surveillance cameras. After hosting the Democratic National Convention the city has four times as many cameras as it did before.

6. The Payment Card Industry Data Security Standard (DSS) v 1.2 replaced the DSS v. 1.1 on October 1, 2008. This Summary of Changes document provides an overview of the significant differences between the two versions.

Tales From The DarkWeb: Security researcher with Aladdin uncovers cache of 200,000 site credentials for Fortune 500 firms, weapons makers, governments

Conversation: Ira talks with Ryan Barnett with The Web Application Security Consortium (WASC). “From a counter-intelligence perspective, standard honeypot/honeynet technologies have not bared much fruit in the way of web attack data….[The WASC Open Proxy Honyepot] project will use one of the web attacker’s most trusted tools against him – the Open Proxy server.” The project is looking for your help in reading logs, hosting honeypots, and other tasks. Read more

Follow

Get every new post delivered to your Inbox.

Join 1,106 other followers