Archive for January, 2011

January 25, 2011 – Episode 197

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on January 25, 2011 by datasecurityblog

Episode 197 of  The CyberJungle  is 25 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 197 via the flash player:

Interviews

Ira talks with HP Security Evangelist, Rafel Los. Topic: Business Application Security, and a different way to weigh risk.

Tales From The Dark Web

Just because they are behind bars doesn’t mean your safe from members of the Dark Web.

Our Take on This Week’s News

Record a cop, go to jail – Two Chicago residents who recorded their interactions with the police are facing felony charges… one is in jail… and their cases are drawing attention to an eavesdropping law that may be obsolete in the age of smart phones with audio and video recording capabilities.

Before we had Facebook, we had yearbooks – At the end of each year of high school, we’d write messages by hand, with a pen, never expecting anyone except the book’s owner (and a select few friends) would see them. Now classmates dot com is buying up old yearbooks, and scanning and posting the contents, including our most private heartfelt messages. Read this account of describing one man’s yearbooks, bought at an auction of the contents of his mother’s basement, and the various personal messages from girls during his high school years… including a lengthy breakup letter from a serious relationship during his senior year.

In a potential windfall to attorneys that sue businesses that send out spam –  California Appeals court has ruled that businesses can be held strictly liable for actions done by their affiliates (and sub-affiliates).

Trapster Hacked – If you own a smarphone, you might be using the free app Trapster. Trapster alerts you when you are driving near speed traps and traffic cams, and other law enforcement hazards. Attackers may have stolen email addresses, passwords, and other data.

January 28, 2011 is Data Privacy Day. Privacy Projects, is the official sponsor of  Data Privacy Day.  The goal is to put additional pressure on companies and to gain a better understanding that everyone’s privacy is at stake.


 

Record a cop, go to jail - Two Chicago residents who recorded their interactions with the police are facing felony charges… one is in jail… and their cases are drawing attention to an eavesdropping law that may be obsolete in the age of smart phones with audio and video recording capabilites.

January 18, 2011 – Episode 196

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Legislation, Podcast, Show Notes with tags , , , , , , on January 17, 2011 by datasecurityblog

Episode 196 of  The CyberJungle  is 30 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 196 via the flash player:

Interviews

Earlier this month, while we were strolling on the floor at CES in Las Vegas, we had a chance to chat with Tony Kainuma, the Director of Navigation and Detection products at  Cobra Electronic Corporation.  We discussed Cobra’s new smartphone app that watches for red light cameras, traffic congestion and cops with radar, and relays the information to all Cobra users who subscribe.

Tales From The Dark Web

Creepy stalker uses info from  Facebook to break into email accounts and steal stuff from women.

Our Take on This Week’s News

Silliest use of the Computer Fraud and Abuse Act? We (respectfully) disagree with law professor Orin Kerr, who says Sony’s lawyers should win this prize for this argument:  You’re guilty of felony computer hacking crimes if you access your own computer in a way that violates a contractual restriction found in the fine print of the licensing restriction of the product imposed by the manufacturer. We think the honor for dopiest use of the CFAA still belongs to the prosecutors of MySpace Mom Lori Drew.

Stuxnet news: The New York Times reports the Stuxnet worm was a joint project of the U.S. and Israel, engineered to destroy the uranium centrifuges that Iran uses in it’s nuclear weapons program. As a result of this worm, the Iranian nuke program has suffered serious set-backs. All without a shot being fired.

Federal judge supports Federal Government –  Says plaintiff  EPIC did not convince him that DHS should turn over 2,000 naked images from the airport body scanners.

A proposal in congress for a law that would clarify the rights of Americans returning home from abroad, only to have their  digital devices are seized by customs agents.  Our take – for the time being, consider the  U.S border a hostile zone for  business and personal data in your laptop or smart phone.


January 11, 2011 – Episode 195

Posted in Conference Coverage, Exclusive News, The CyberJungle, Vulnerabilities with tags , , , on January 11, 2011 by datasecurityblog

Episode 195 of  The Cyberjungle  is 43 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 195 via the flash player:

Our Take on CES2011

The CyberJungle goes to the 2011 Consumer Electronic Show in Las Vegas: Our security perspective on the world’s largest consumer electronic show.

Interview #1 – The CyberJungle gets a private briefing on the BlackBerry Playbook: We talked security and policy on the new tablet. We were briefed by two RIM executives…Jeff Gadway, Global Brand Manager, and Shelly Sofer, Director of Public Relations.

Interview #2 – The CyberJungle talks with Chris Deutschen of Direct Energy: Topics include servicing the home area network, and smart grid security. Yes, the  industry takes security very seriously, according to Deutschen

Get more from CES2011 on our Conference Notes page. And follow (or just read) Ira on Twitter for comments and nuggets of interest.

January 04, 2011 – Episode 194

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on January 4, 2011 by datasecurityblog

Episode 194 of  The Cyberjungle  is 33 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 194 via the flash player:

Our Take on This Week’s News

Facing Threat From WikiLeaks, Bank Plays Defense: On Nov. 29,2010, the director of WikiLeaks, Julian Assange, said in an interview that he intended to “take down” a major American bank and reveal an “ecosystem of corruption” with a cache of data from an executive’s hard drive. Bank of America executives sprung into action the next day according to The New York Times Ira mentioned 10minutemail.com as a free tool to keep your real email address more private.

Upon launching the Spokeo website, they cleverly remind you that “it’s not your grandma’s phonebook,” which is not only a hacky reference but also literally true: the old meatspace phonebooks didn’t automatically expose all of your private information like age, income, home value, credit score, relationship status and map to your house. Who the Eff are these freaks? How did they get ALL of your info? I don’t know, but all of mine was there. Fortunately, there’s an easy way to remove yourself from the database of these privacy rapists currently thriving in Zuckerberg’s America. Hat Tip to: Chris Hardwick at The Nerdist Blog.

From the “This-Affects-Just-About-Everyone” File: Security researcher Julia Wolf of FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe PDF files. Microsoft warns of Word attacks; RTF-based exploits making the rounds, apply patch pronto.

Tales From The Dark Web

A new twist on an older attack: Attackers re-use older versions of the Zues bank trojan to steal government and private sector information. See the Netwitness Blog: Cyber-Crime or Cyber-Espionage?

Interviews

Ira Victor talks with Chrisother Hadnagy, ethical Social Engineer and author of the new book, “Social Engineering: The Art of Human Hacking

Wrap-up

The CyberJungle goes to the 2011 Las Vegas Consumer Electronic Show (CES) this week. CES is the largest electronics show in the world. The CyberJungle will bring you a security, privacy and legal perspective on the technologies featured CES. Get our reports in Conference Notes. And follow (or just read) Ira on Twitter for comments and nuggets of interest.


Follow

Get every new post delivered to your Inbox.

Join 1,121 other followers