Archive for December, 2010

December 28, 2010 – Episode 193

Posted in Court Cases, criminal forensics, ediscovery, eMail Security, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on December 28, 2010 by datasecurityblog

Episode 193 of  The Cyberjungle  is 33 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 193 via the flash player:

Our Take on This Week’s News

Taking a week off from the news.  But we anticipate a big news year in 2011.

Interviews

#1-  Attorney Don Werno A commercial pilot videos a flaw in TSA security…responsible disclosure or aiding terrorist? We talk to the pilot’s lawyer, Don Werno. Note: The TSA security interview was recorded before the decision to make the pilot’s name public. Don mentions that the pilot may go public in the future, and he did, two days after the interview was taped. The pilot’s name is: Chris Liu.

#2 – Author Lynn Powell was a neighbor of a Cynthia Stewart, a woman whose prosecution made national headlines after she took photos of her 8-year-old daughter rinsing off with the shower hose after a bath. The incident is now a decade old, and settled. It did not involve digital photography or a computer. But we asked Lynn Powell to talk with us about her book, “Framing Innocence,” which tells the story of Stewart’s struggle to keep her daughter, and to stay out of jail. We offer this interview for two reasons. One – law enforcement is still seizing innocent photos of bare-bottomed kids, and videos of nudity shot by parents in playful moments, in an ever-widening search for child porn. This issue has not been resolved. Two – the story reminds us that most big issues in life are rooted in principle, not technology. Cynthia Stewart did not even own a computer, and while the questions in these cases may be more technical in 2011, the principles are the same.

Wrap-up

Is reading your spouse’s e-mail a crime? One DA thinks so.

December 21, 2010 – Episode 192

Posted in Breach, criminal forensics, darkweb, ediscovery, Show Notes, Vulnerabilities with tags , , on December 21, 2010 by datasecurityblog

Episode 192 of  The Cyberjungle  is 40 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 192 via the flash player:

Or, download the file directly – great for listening on many smartphones

Interview

Before there was WikiLeaks, there was crytome, where publisher and information activist John Young has posted leaked documents since 1996.  Last year Young found himself in a legal scuffle with Microsoft for publishing its law enforcement guide, and we spoke with him after the company used provisions of the DMCA to briefly shut down his site.  Young has recently been seen on BBC and other news outlets offering criticism of Julian Assange, with whom he’s worked in the past.  In light of the recent spotlight on Young, we decided to run his interview again. The interview is just over 9 minutes long, and it starts about 25 minutes into the show.

Tales from the Dark Web

Database of private SSL keys for embedded devices : Yet another major security flaw in low-cost router/firewalls.

Our Take On This Week’s News

Rat on your neighbor, while you drive - A mobile phone app that lets you report the left-lane hog, the jackass who doesn’t use his turn signal, and the guy with a nicer car and a hotter girlfriend than yours.  The target of your report is entered into a database that’s being actively hawked to the insurance industry. And the developer sees no privacy issues with this.

Gawker Data Breach Could Lead to Attacks on Government Agencies: Details on the Gawker breach, as covered by The PBS Newshour.

What private does data goes to your App developers? The Wall Street Journal: Your Apps are Watching You

Major data breach at Ohio State University – 750,000 records, including students, faculty and people who did business with the university. Questions arise.  Like why is this still happening?  And why isn’t the news coverage smarter? Come on, you news organizations. You’ve had years to get up to speed on this issue!

Wrap

Why do we let this creepy company called Google spy on our emails?


December 14, 2010 – Episode 191

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Show Notes, The CyberJungle with tags , , , , , on December 14, 2010 by datasecurityblog

Episode 191 of  The Cyberjungle  is 36 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 191 via the flash player:

Interview

Dr. Larry Ponemon releases surprising results in a new smartgrid study.

Tales from the Dark Web

McDonald’s hacked, customer data stolen, chain says. Raf Los, HP’s Security Evangelist: McDonalds Database Compromise – 3rd Party Lessons

Our Take On This Week’s News

Gawker Data Breach Could Lead to Attacks on Government Agencies: Details on the Gawker breach, as covered by The PBS Newshour.

Judge Won’t Alter Award in Equifax ID Theft Case: Eric Drew, a cancer survivor who won more than $1 million from Equifax for improperly handling his identity theft report, can keep the full award, a federal judge ruled.

Lawsuit Alleges Interclick ‘History Sniffing’ Violates Fed Computer Fraud And Wiretap Laws: A New York resident sued behavioral targeting network Interclick for allegedly using Flash cookies and history-sniffing techniques to thwart her attempts to prevent online tracking.

Wrap

Why do we let this creepy company called Google spy on our emails?


December 7, 2010 – Episode 190

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Uncategorized, Vulnerabilities with tags , , , on December 7, 2010 by datasecurityblog

Episode 190 of  The Cyberjungle  is 36 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 190 via the flash player:

Interview

Interview with Marc Maiffret, eEye CTO, on 0days, and a new free 0day detection tool. Read the announcement: eEye Delivers Centralized, End-to-End Vulnerability and Compliance Management Solution. White paper from eEye.

Tales from the Dark Web

The King of Spam gets busted while shopping for custom car accessories at SEMA Las Vegas.

Our Take On This Week’s News

Warrantless tracking of car rentals, credit card sales, and even supermarket club cards: Researcher Christopher Soghoian discovered law enforcement uses something called a “hotwatch order” that allows real-time surveillance of purchases and movement.

Think Hillary Clinton is p o’d at Julian Assange? What about this woman, whose chats, emails, photos, and facebook messages were turned over to New York Magazine, reportedly by Wikileaks. Poor Claire… now friends know she hates their weddings, and her boss knows what she thinks about him. Nice of New York Mag to redact the name of Claire’s boss, but it was kind of a meaningless gesture since they posted a photo of her.

Sherrif’s Department Data Breach could put people at risk. IT staffer posts confidential law enforcement data to an unprotected web server. Poor policy, poor procedures, or both?


November 30, 2010 – Episode 189

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on December 1, 2010 by datasecurityblog

Episode 189:

This week’s regular episode of  The Cyberjungle  is 36.5 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 189 via the flash player:

Interview

Interview with Brook Miller, VP of Government Affairs, with Smith’s Detection, on the TSA “Puffer” detection machines.

Our Take On This Week’s News

Virginia’s Attorney General issues guidance to teachers viewing ‘cyberbullying’ data on mobile devices; no mention of proper forensics. What could go wrong? Read more in this story from The Daily Progress, and the report from the AG.

Next target for Wikileaks: businesses? Andy Greenberg from Forbes broke this excellent story with an interview with Julian Assange of Wikileaks. It’s a long read, AND well worth it.  A great article to give to non-technical managers.

Tales from the Dark Web

Members of the Dark Web target recipients of packages – Asprox Botnet Sending Fake DHL Spam

Wrap

Department of Homeland Security Office of Inspector General: Transportation Security Administration’s Management of Its Screening Workforce Training Program Can Be Improved

Follow

Get every new post delivered to your Inbox.

Join 1,126 other followers