Archive for December, 2009

Data Security Podcast Episode 87, Dec 28 2009

Posted in Breach, Court Cases, criminal forensics, ediscovery, Exclusive, Podcast, Zero Day Project with tags , , on December 27, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* One semi-colon could expose your web server, and there’s no patch

* World Exclusive Interview:  Researcher uncovers Adobe Flash programming flaw that impacts millions of web users.

* Our take on this week’s news

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 87 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 87 of the Data Security Podcast

* Ira talks with Eugene Dokukin about flaws in the programming of Adobe Flash.  Read more on Eugene’s site, including how to change the code in the Adobe Flash files your company creates.

* From Our Take on The News:  More people report debit info stolen at gas pumps . Read more here.

Ohio Supreme Court

Ohio Supreme Court

* From Our Take on The News:  The Semi‐Colon Attack: Microsoft IIS Zero-Day Vulnerability.  Read more here, including work-arounds.

* From Out Take on The News:  Ohio Supreme Court rules on cell-phone search and seizure.  Read the opinion here.

Data Security Podcast Episode 86, Dec 21 2009

Posted in Breach, Podcast, Vulnerabilities with tags , , , , , , , , on December 20, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Twitter’s DNS hijacked

* Fingerprinting credit card mag strips

* Our take on this week’s news

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 86 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 86 of the Data Security Podcast

* Ira talks with Dr. Robert Morley  about the unique digital fingerprints on every credit card and ATM magnetic strip, and how that fingerprint can fight card cloning fraud. Read about Dr. Morley.  Dr. Morley’s work has been commercialized into products like MagnePrint,  mentioned in the segment.

* Tales From The Dark Web:  Ira gave his take on the reporting by Brian Krebs in the Security Fix blog at the Washington Post site.

* From Our Take on The News: Ira gave his take on the very interesting blog posting by Robert Graham entitled SkyGrabber vs. Predator .

* From Our Take on The News:  Why did a department of health worker in Detroit have electronic copies of thousands of birth certificates in her car? That’s where the records were (on a flash drive) when they were stolen. We give our take on this story in the Detroit Free Press.

* From Out Take on The News:  A program that allows Seattle Area employers to subsidize commuting — it saves employees a lot of money.Only problem is, your travel records are available to your boss. All he has to do is ask.

The Identity Theft Prevention Stamp

The Identity Theft Prevention Stamp

* The Wrap:  A rubber stamp that renders printed personal information illegible (pictured) .  Read more.

Data Security Podcast Episode 85, Dec 14 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , , , , on December 14, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* New surge in attacks targeting bank accounts

* Data security requires physical security

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 85 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 85 of the Data Security Podcast

* Ira talks with Marc Weber Tobias  about lock security. Read more at the in.security.org blog site.  The book authored by Marc, mentioned in the segment, Open in Thirty Seconds.

* Tales From The Dark Web:  New surge in bank stealing attacks, via SQL injection.  Read more at The Register.  Part II: Top Cyber Attack Vectors of 2009, as documented by Verizon. Read the report here.

* From Our Take on The News: It’s confirmed Cybercriminals are now hiring hit men just like the real mafia. Read more at LawFuel.com .

* From Our Take on The News:  Bruce Schneier (of Schneier on Security) says he missed this story… and pointed us to the Top Ten Stories You Missed this year, posted by a publication called “Foreign Policy.  Here’s story number 7. How to get an American passport for a fake person..

* The Wrap:  Holiday attacks target Facebook users, read more from PandaLabs .

UPDATE: iTunes Access Up and Doing Well

Posted in Annoucements with tags on December 14, 2009 by datasecurityblog

As we get ready to post Episode 85 today, we want to inform you about an iTunes issue.

The Data Security Podcast made some DNS changes two weeks ago, and it has affected those who listen through the iTunes Store. The iTunes Store is not iTunesshowing episodes past #82.

UPDATE: Apple has yet to reply to our emails and postings on their Forum. We are now seeking your help.  See more below.

UPDATE #2:  Thanks to everyone who emailed us, AND to the folks at Apple for the assistance in restoring our iTunes feed!

We are working to resolve this issue, and we hope to have our library restored to iTunes shortly. We apologize for the inconvenience. Thanks to everyone that contacted us to alert us to the problem.

In the meantime, you can get the latest episodes from this site here:

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, or other popular sites.

UPDATE, MORE

From our posting (as yet unanswered) on the Apple Support Forum this weekend….

I am the co-host of the popular Data Security Podcast. We have posted a new program every week for about 18 months. About two weeks ago, we made some DNS changes. Since those changes, we have posted Episode 83, 84, and we are shortly going to post 85. BUT, the iTunes Store (iTS), will only display up to Episode 82.

We have gone through the XML, and there are no issues there that would stop the feed. We adjusted the DNS to return it back to the “82 era.” But the new shows won’t post. Of course since DNS is slow to update, we have burned a lot of time getting to the point of trying DNS changes. We have many listeners emailing us about the lack of iTS updates.

We found some info about re-submitting the show, with a different title, and a and link (leading to the same info). Here are my questions:

1. Will that “solve” the problem?

2. If we re-submit the show, will the “old” show listeners be merged into the “new” show or will they have to discover that we have a “new show” that is really the old show, but re-submitted?

3. Is there a better way to do this?

FYI: You can find out show in the Podcasting section of iTunes and search for Data Securtity Podcast .

Our XML feed is here: http://security.talkworkshop.com/datasecurity.xml

On behalf of my co-host Samantha Stone, and our listeners, thanks for your help.

——

We are now turning to you, our listeners. We know you are a smart audience. Please go to the Contact tab above to message us. Thanks in advance for your help.

Data Security Podcast Episode 84, Dec 7 2009

Posted in Breach, Court Cases, criminal forensics, ediscovery, Legislation, Podcast with tags , , on December 7, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Is there is a Russian connection to the “Climategate” attack?

* ‘Take Back Your Privacy’ — A new nation-wide effort ramps up

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 84 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 84 of the Data Security Podcast

* Samantha has a conversation with Leslie Harris, president and CEO of The Center for Democracy and Technology. They are a D.C. group launching a consumer privacy campaign. They want to educate consumers, pressure businesses, and push for a new law. Read more at the “Take Back Our Privacy” area of their site.

* Tales From The Dark Web:  What, if any connection is there between Russian and the “Climategate” attack? Read more in the The UK Daily Mail story. And, Adobe to release critical security patches tomorrow .

* From Our Take on The News: SC police academy IT chief nabbed in Web sting‘Accidental’ Download Sending Man To Prison.

* From Our Take on The News:  Department of Defense misses its own deadline for removing social security numbers from military ID cards. Read about it at Stars and Stripes.

* From Our Take on The News: Sprint received 8 million requests from Law Enforcement for GPS location data. EFF is on the case, but this story has a fascinating origin… and an almost instantaneous rebuttal from Sprint. (Which doesn’t deny the 8 million figure, but attempts to give it some context… The company is, of course, a regulated industry stuck in the middle, between the demands of its customers and the demands of congress, law enforcement and FTC… ). Read more at EFF.

* From Our Take on The News: The economics of security advice; a very interesting MSFT research paper, and a related SANS posting. Read more at The SANS Internet Storm Center.

* The Wrap:  Many More Government Records Compromised in 2009 than Year Ago, Report Claims. Read more at databreaches.net .

Follow

Get every new post delivered to your Inbox.

Join 1,139 other followers