Archive for July, 2009

Data Security Podcast Episode 63 – July 27 2009

Posted in Breach, Conference Coverage, darkweb, ediscovery, eMail Security, Podcast, Vulnerabilities with tags , , , , , , , on July 27, 2009 by datasecurityblog

30 minutes each week on data security, privacy, and the law….(plus or minus five)

On this week’s program:

* iPhone Security. Is that an oxymoron?

* Google Chrome Browser uses sandboxing for security.  We talk to a security engineer that says his firm has built a better sandbox.

* Our take on this week’s news.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:


This week’s show is 30 minutes.

–> Stream, subscribe or download Episode 63 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 63 of the Data Security Podcast

* Conversation: Ira talks with Matt Hite, an engineer with Check Point security, about sandbox security software,  and how they are trying to leapfrog the sandbox security software included in Google’s Chrome Browser.

* Tales From The Dark Web:  iPhone Security. Is that an oxymoron? Take a look at this video by Jonathan Zdziarksi from the extensive write-up in at Wired.

* Tales From The Dark Web: Finjan’s Malicious Code Research Center (MCRC) has detected yet another case of a 0-day attack “in the wild”. This time, hackers are exploiting a vulnerability (CVE-2009-1862) in Adobe Acrobat/Reader and Flash player. By exploiting this vulnerability, the hackers can download and execute malicious code on the victim’s PC. Patch due from Adobe on July 31, 2009. Get ready now to roll out the patch(es).

* From the News: Advance notification by Microsoft for emergency patches for release tomorrow, July 28th, 2009. Get ready now to roll out the patch(es).

* From the News:  Exposed: Repair Shops Hack Your Laptops.

* Wrap: Ira will be traveling to DefCon, the World’s Largest Hacker Event, this weekend. DefCon is held in Las Vegas, Nevada. Ira will be tweeting from the show, you can follow his comments at his Twitter site, http://twitter.iravictor.net . If you plan to attend DefCon, follow his tweets,  find him, and say hello.

* Correction:  When Ira spoke about iPhone security, he did not credit Jonathan Zdziarski for the comments about screen captures and keylogging. We apologize for the mistake.

Data Security Podcast Episode 62 – July 21 2009

Posted in Breach, darkweb, ediscovery, eMail Security, Exclusive, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , on July 20, 2009 by datasecurityblog

30 minutes each week on data security, privacy, and the law….(plus or minus five)

On this week’s program:

* EXCLUSIVE: New tool to fight web attacks, and add to your privacy

* Combining data loss prevention and identity management to protect confidential business data from security breaches.

* Our take on this week’s news.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:


This week’s show is 33 minutes.

–> Stream, subscribe or download Episode 62 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 62 of the Data Security Podcast

* Conversation: Ira talks with Tarique Mustafa, CEO and founder of data loss prevention firm, nexTier.

* Tales From The Dark Web Exclusive:  A new browser tool that blocks browser trackers, annoying pop-unders, AND some malicious web banner adverts. It’s Ghostery version 2, and  it goes live this week.  Be sure to get version 2, as version one is only logging, not blocking!

* From the News: Beaver County school district hit by cyber fraud.

* From the News:  Erin Andrews peephole video leads to malware. Read more about this attack on Graham Clueley’s Blog.

* From The News: Details on the vulnerability in Firefox 3.5.

* Correction From The News:  When Ira spoke about two factor authentication he meant to say that a password is something that you know. He apologizes for the mistake.

Update: This Week’s Data Security Podcast

Posted in Uncategorized on July 20, 2009 by datasecurityblog

Note to listeners: Although we typically post on Sunday night, this week’s program is again sceduled to be posted on Tuesday.

We are working on the following stories for you:  EXCLUSIVE: New tool to fight drive-by downloads.  A take on the corporate Twitter attack you have not heard elsewhere.

These stories, and more, coming up on Episode 62 of The Data Security Podcast; 30 minutes every week on data security, privacy, and the law with Ira Victor and Samantha Stone.

Data Security Podcast Episode 61 – July 14 2009

Posted in Annoucements, Breach, darkweb, Podcast, Vulnerabilities, web server security with tags , , , , , , , on July 14, 2009 by datasecurityblog

30 minutes each week on data security, privacy, and the law….(plus or minus five)

On this week’s program:

* A double whammy…. two critical zero day attacks hit users of Microsoft products.

* A non-profit security group has a plan to fight web drive-by downloads.

* Our take on this week’s news.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:


This week’s show is 28.5 minutes

–> Stream, subscribe or download Episode 61 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 61 of the Data Security Podcast

* Conversation:  StopBadware.org is a non-profit security group with a plan to fight web drive-by downloads. We spoke with Maxim Weinstein, the Executive director of the project. They will help you if your site is blacklisted, and they are looking for help from the security community in uncovering and fighting web drive-by downloads.

* Tales From The Dark Web: Two Zero Day Attacks in the news this week-

ActiveX  Video Flaw.  Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution. Option 1, apply the work around in the Microsoft Advisory, or upgrade all systems to Microsoft Internet Explorer 8. This Zero Day impacts users of Windows XP and Windows 2003 running IE6 or IE7. UPDATE: Microsoft’s “patch tuesday” (monthly patch cycle by Microsoft) includes a fix for this issue

Microsoft Office. Read the detailed SANS Internet Storm Center Alert: Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution.  There is a long list of Windows products impacted by this flaw. Be sure to go through the Microsoft Advisory.

* From The News: Does Google Know Too Much About You?  Read the details in Ian Paul’s story in PCWorld.

* From The News: Point; at Foxnews: Wireless Cybercriminals Target Clueless Vacationers.  Counter Point;  Summer Time, and Wireless Fear Mongering Is in the Air by Glenn Fleishman at WifiNetNews.

A non-profit security group has a plan to fight web drive-by downloads. That’s in our interview segment later in the show.

Update: This Week’s Data Security Podcast

Posted in Annoucements with tags , on July 13, 2009 by datasecurityblog

Note to listeners: Although we usually post on Sunday night, this week’s program will be posted within the next 24 hours.

We are working on the following stories for you:  Who’s behind the latest web site break-ins?  How a non-profit organization can help shield you from attacks by The Darkweb.

These stories, and more, coming up on Episode 61 of The Data Security Podcast; 30 minutes every week on data security, privacy, and the law.

Data Security Podcast Episode 60 – July 06 2009

Posted in Breach, Conference Coverage, criminal forensics, darkweb, ediscovery, eMail Security, Podcast, Vulnerabilities with tags , , , on July 5, 2009 by datasecurityblog

30 minutes each week on data security, privacy, and the law…. (plus or minus five)

On this week’s program:

  • Tracking stolen laptops uncovers some frightening evidence.
  • Was the exposure of Governor Mark Sanford’s mistress a result of poor email security?
  • Our take on this week’s news.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:



This week’s show is 31 minutes long

–> Stream, subscribe or download Episode 60 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–>  A simple way to listen to the show from with stricter firewalls:  Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

Show Notes for Episode 60 of the Data Security Podcast

  • Conversation:  Did poor data security play a role in the disclosure of South Carolina Governor Mark Sandford’s mistress in Argentina? Ira talks with David Setzer at Mailprotector. David’s blog entry on the Sanford email issues.
  • Tales From The Dark Web:  Firmware level laptop tracking software installed on systems before the theft leads law enforcement to ID theft ring in North Carolina.
Follow

Get every new post delivered to your Inbox.

Join 1,064 other followers