Archive for March, 2011

March 28, 2011 – Episode 206

Posted in Breach, criminal forensics, darkweb, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on March 27, 2011 by datasecurityblog

Episode 206 of  The CyberJungle is about 48 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 38:05 mark.

To listen to Episode 206 via the flash player:

Interview

RIM caves in. Blackberry maker bows to political pressure and removes the DUI checkpoint app. The app maker says the app will save lives by scaring people out of their cars when they have been drinking. We talk to Joe Scott, the CEO of Phantom Alert.

Our Take on The Week’s News

Big Brother crawls up your nose: The state’s war on cold medicine continues, driven by the federal effort to curb its use as an ingredient in methamphetamine. Read more about how law enforcement and the drug companies have teamed up to database everyone who purchases decongestants. Read more  at the Reasonable Reporter.

Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? Detecting Certificate Authority compromises and web browser collusion. How-to guide for browser changes to block revoked digital certificates.

Have the inmates have taken over the asylum at RIM?

Tales from the Dark Web: This ain’t logistics. That shipping alert in your email might have more than a tracking number. How a successful old attack is making a comeback. An excellent, detailed dissection of the attack on the WebRoot blog.

March 21, 2011 – Episode 205

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, The CyberJungle, Vulnerabilities, web server security with tags , , , , on March 20, 2011 by datasecurityblog

Episode 205 of  The CyberJungle is about 43 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.

To listen to Episode 205 via the flash player:

Interview

Interview: Peter Schlampp, VP Product Management, Solara Networks on the RSA SecureID breach and network forensics

Our Take on The Week’s News

Web browser anti-tracking: Read, “Do not track tools push firms to crossroad,” by James Temple in the SF Gate.

RSA SecureID breach: An Analytical Brief by NSS Labs

Does transparency webapp threaten citizen data when authenticating users? Read “Big Brother Has Been Watching

Civil court action used to take down evil botnet: Read “With Rustock, a New Twist on Fighting Internet Crime” by IDG’s Robert McMillan. CORRECTION: FireEye worked on this takedown, not eEye, as stated by Ira.

Ghostery allows you to block scripts from companies that you don’t trust, delete local shared objects, and even block images and iframes. Ghostery.com.

BetterPrivacy is a Firefox plug-in which protects from usually not deletable LSOs.

Tales from the Dark Web: What do you get when you stir up a pot full of natural disasters, social media alerts, Java exploits and rogue anti-virus? Read the M86 analysis.

Wrap

Supreme Court To Hear Arguments in ID Search Case: The case concerns an unlawful police stop. Defendant asserts that police had no basis for pulling his car over and then running his license.  EPIC’s amicus brief.

March 14, 2011 – Episode 204

Posted in Breach, criminal forensics, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on March 13, 2011 by datasecurityblog

Episode 204 of  The CyberJungle is about 39 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.

To listen to Episode 204 via the flash player:

Interview

Interview: Trevor Dietrich, VP and Co-Founder of Bayalink Solutions, on a virtulization app to secure iPads + more. He’s seeking beta testers. Trevor’s Twitter Feed.

Our Take on The Week’s News

A federal district court in New Jersey has decided that a social worker and special education instructor employed by the school board are liable for violating a high school student’sprivacy… after the teacher handed out a poorly-redacted copy of the studen’t psychological evaluation as a teaching tool. Read the story here, or read the court’s decision.

Industrial Espionage at Renault, or poor forensics, or both? Some details in this Economist story.

California’s top utility regulator has given gave Pacific Gas and Electric Co. two weeks to propose a way for customers to opt out of receiving the company’s controversial wireless SmartMeters.

The iPhone 4 falls at CanSecWest Pwn2Own Contest, and Blackberry.

Tales From The Dark Web

Vehicle hacking via trojan MP3? Read the story here.


Pwn2Own Update: Charlie Miller Changes Course, Now Headed to “Hacker” Contest

Posted in Conference Coverage, Exclusive News with tags , , on March 7, 2011 by datasecurityblog

Charlie Miller has changed his mind and he will now attend CanSecWest and the Pwn2Own contest. CyberJungle Radio just talked with Charlie Miller, the only three times in a row winner of the CanSecWest “hacker conference.” The CyberJungle broke the story last week that Charlie had decided to stay home this year, due to a disagreement over the contest rules.  CyberJungle Radio is running an interview with Charlie Miller on Episode 203. Following the posting of that interview, Charlie Miller told CyberJungle Radio that he has changed course again, and he will now attend the conference. Although he still disagrees with the rules, for the good of the security community, he has decided to attend this week’s events in Vancouver, British Columbia. Charlie said that he did not speak with the conference organizer regarding his decision.

March 7, 2011 – Episode 203

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, Exclusive News, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , , , , , on March 7, 2011 by datasecurityblog

Episode 203 of  The CyberJungle is about 53 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.

To listen to Episode 203 via the flash player:

Interviews

Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.

Tales From The Dark Web

Exactly what is the “boy-in-the-browser attack?”

Our Take on The Week’s News

Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer

Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:

Via the flash player:

More mobile security news, Keeping Tabs on Android Smartphone Activity.

Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.

Wrap

OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test

Charlie Miller Looses Interest in CanSecWest Pwn2Own Contest, Stays Home

Posted in Conference Coverage, Exclusive with tags , , on March 3, 2011 by datasecurityblog

For the first time in years, Charlie Miller will not be attending CanSecWest, where he holds a record-breaking hat trick winning streak in the Pwn2Own vulnerability contest. Charlie Miller told CyberJungle Radio tonight that he is staying away due in part, to the winner-take-all, entrants picked at random, nature of the rules.

The Pwn2Own contest is a high-profile event that highlights the solitary work of security researchers that stare in front of code looking for vulnerabilities, or run fuzzing programs that try to find combinations of characters that spring open a previously-unpublished pathway further into a system. Successful contestants can win tens of thousands at Pwn2Own, and significant notoriety.

According to the contest rules, the first contest entrant to successfully breach IE, Firefox, Safari, Chrome browser, or a Google Android, Blackberry, or Windows 7 Phone wins $15,000 ($20,000 if Chrome is breaches). But there is the rub. The contestants don’t start at the same time. Each contestants are randomly chosen to determine their order in demonstrating their attack. Only the first contestant to breach one browser, and the first contestant to breach one phone wins one of the two cash prizes.

In previous years, there were just a handful of contestants, so the odds were pretty good for a skilled security researcher to get a crack at either a browser or phone platform. But with the success and popularity of the contest, a much larger number of contestant entered this year. So many entrants have entered this year, that Charlie Miller feels that luck will play a greater roll than skill, and others will win the contest before he can even get his hands on a keyboard. If by chance the entrants before Miller fail to breach a browser and a phone, Charlie told CyberJungle radio that a proxy contestant at the event will follow Miller’s instructions using successful attacks Miller has created.

CyberJungle Radio also spoke with CanSecWest spokesperson, Dragos. Dragos said that Charlie Miller’s complaints may have some validity. According to Dragos, it is probably too late to change the rules this year, but the rules may be changed next year due to the complaints highlighted by Mr. Miller.

We’ll have more on this story in the next episode of CyberJungle Radio.

March 1, 2011 – Episode 202

Posted in Breach, Court Cases, criminal forensics, darkweb, Legislation, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , on March 1, 2011 by datasecurityblog

Episode 202 of  The CyberJungle is about 33 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly- great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interview is about 8 minutes long and it starts at about the 18:25 mark.

To listen to Episode 202 via the flash player:

Interviews

Interview: Brett Kingstone, The author of The Real War Against America, on industrial espionage featuring Chinese spies paying American employees to steal intellectual property.

Tales From The Dark Web

Zues Trojan meets Crank Yankers in a social engineering scheme to drain bank accounts by phone

Our Take on The Week’s News

Police Department officer indicted on federal wire fraud and identity theft charges

London Stock Exchange and Morgan Stanley: Added to the list of financial services companies breached by cyber criminals

A woman in a child custody battle with her ex decided it might help if she had recordings of everything

Is that a RAT in your Mac, or have you just been pwnd?

Follow

Get every new post delivered to your Inbox.

Join 1,141 other followers