Archive for May, 2009

Data Security Podcast Episode 54 – May 24 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , , , on May 24, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – Does that shiny new computer come pre-installed with malware?  A new project fights viruses in home PCs FROM the cloud. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for this week’s The Data Security Podcast

–> Ira has a conversation with Pedro Bustamante, Security Researcher Advisor of Panda, about the testing of a cloud based anti-virus for home PC users.  Check out the blog mentioned in the show at: http://blog.cloudantivirus.com .

Privacy advocates have launched a campaign against whole body imaging in U.S. airports

Privacy advocates have launched a campaign against whole body imaging in U.S. airports

–> Tales From The Dark Web: Does that shiny new computer come pre-installed with malware?

–> From The News: The Fight Against Whole Body Imaging at US Airports. We were afraid nobody was going to object to this!

After a terrifyingly silent public response to news that TSA workers at six major American airports are using whole body imaging technology — Otherwise known as “naked pictures”  — of airline passengers, CNN reports this week that privacy advocates have launched a campaign against the machines.  You can read the petition here against the “virtual strip search” of citizens by Homeland Security.

–> From The News: 9 Month Old Critical Java Vuln. Still Not Patched in Mac OS X

–> From The News:  C. Harwick’s Thrica.com blog posting on potentially harmful privacy issues with Safari 4 beta

–> Wrap Up: Massachusetts Supreme Judicial Court Tosses Out Warrant in Boston College Case, Says No Probable Cause Existed

Data Security Podcast Episode 53 – May 18 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities, web server security with tags , , , , , , , on May 17, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – One web malware variant overtakes all others; Smart cards INSIDE MiniSD for two factor auth via cell phone. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> Stream, subscribe, or download via our page at Podcast.com.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for this week’s The Data Security Podcast

Combining smart cards and memory on a MiniSD for two factor ID

Combining smart cards and memory on a MiniSD for two factor ID

–> Ira has a conversation with William Holmes, of Go Trust. They have developed technology to merge smart cards with MiniSD memory. This technology can be used to make rather smart two-factor authentication. Go Trust is looking for people that want to develop applications that leverage this new security technology.

–> Tales From The Dark Web: According to Graham Cluely’s Blog at Sophos, Malicious JSRedir-R script found to be biggest malware threat on the web, at least for the next 15 minutes..

–> Be sure to read a new feature on our web site: Lame Excuses, the dumb statements by people who should have been responsible for securing information.  A new entry was added this week, and we welcome your contributions.

–> From The News: The Federal Computer Week story,  Homeland Security Information Network suffers intrusions.

–> From The News: U.S. attorney’s office tells employees not to log on to Drudge Report, as reported by Jonathan Martin at POLITICO.com .

Data Security Podcast Episode 52 – May 11 2009

Posted in Breach, darkweb, Podcast, Vulnerabilities, web server security with tags , , , , on May 11, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – Cross Site Forgery Attacks; A different approach to stopping malicious code. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> Stream, subscribe, or download via our page at Podcast.com.

This week’s show is sponsored by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

The Show Notes Page for Episode 52 of The Data Security Podcast

-> Ira has a conversation with Tom Murphy, Senior Strategist with Bit9 about whitelisting approved applications, rather than a signature based approach to blocking.  Bit9 offers white papers on the topic.

-> Tales From The Dark Web: Cross Site Forgery Attacks and other attacks targeting sites using Web2.0 applications are highlighted in this report.

–> Be sure to read a new feature on our web site: Lame Excuses, the dumb statements by people who should have been responsible for securing information.  We welcome your contributions.

-From The News: Report: Web application security and IDS in air traffic control systems.

Data Security Podcast Episode 51 – May 04 2009

Posted in Breach, Business Continuity, Conference Coverage, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, Podcast, Vulnerabilities with tags , , , , , , on May 4, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – Swing Flu IT Security Tactics; A work around for the latest Adobe PDF Zero-day; And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.  Tune in or subscribe via our page at Podcast.com.

This week’s show is sponsored by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

The Show Notes Page for Episode 51 of The Data Security Podcast

-From The News: FTC delays full enforcement of it’s Red Flag Rules

-From The News: WRAL Report, Mom says Patriot Act stripped son of due process

-From the News: A fresh attack against Twitter.

-> Tales From The Dark Web: Another Adobe PDF Zero-Day

-> Ira has a conversation with Ed Cohen, VP, Corporate Development at SonicWall on IT Security planning in the event of a second wave of Swind Flu. SonicWall offers an ebook on the top trends in teleworking, and a white paper on the cost savings from teleworking.

-> Wrap-up: Ira enjoyed using the Bracktron Grip-It to hold his smartphone and listen to podcasts and other internet content when he drove from Nevada to the RSA Security Conference in San Francisco. Ira reports that it is highly adjustable, so it can accommodate a variety of devices. The Grip-It keeps devices hands free, and at eye-level. No drilling required, and it can be removed from the dash when parking to help keep away interested theives. He reports that it was stable at highway speeds, and in the sweeepers.

Bracketron Grip-It vent mount for smartphones, MP3 players, and GPS devices

Bracketron Grip-It vent mount for smartphones, MP3 players, and GPS devices

Follow

Get every new post delivered to your Inbox.

Join 1,151 other followers