Archive for the Annoucements Category

Feb 19 2014, Episode 329, Show Notes

Posted in Annoucements, Conference Coverage, criminal forensics, ediscovery, Podcast, Show Notes, The CyberJungle with tags , , , , on February 19, 2014 by datasecurityblog

Episode 329 of The CyberJungle is about 33 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 329 via the flash player:

su root Edition

Brian Carrier, creator of open source Autopsy, VP Basis Technology

Peter Allor, IBM Security Strategist on new NIST Framework for Improving Critical Infrastructure Cybersecurity . The link for Peter’s blog postings will be updated here as we receive it.

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

December 19, 2011 – Episode 242

Posted in Annoucements, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive News, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on December 19, 2011 by datasecurityblog

Episode 242 of The CyberJungle is about 25 minutes long.  You can hear it by clicking on the flash player below. The interview with Sean Morrissey of Katana Forensics begins at about 13min.  You may download the file directly – great for listening on many smartphones. Or, you  may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 242 via the flash player:

Interview

Sean Morrissey of Katana Forensics launches LaternLite iOS Forensics tool this week

Our Take On This Week’s News

Forensic innovator Jonathan Grier has developed tools that use statistical analysis of file access data to reconstruct timelines. According to Mr. Gerier, his method can be used to determine what, if data was exfiltrated from the system. Read more in: Detecting data theft using stochastic forensics.

Excellent work by c|net’s Elinor Mills on the software by CarrierIQ that some have labeled as an illegal “root kit.” Read: Sprint disabling Carrier IQ on phones.

Tales From The Dark Web

Passwords hard coded into industrial control systems – What could possibly go wrong?

Wrap

New job opportunity for those with Photoshop forensics skills? US watchdog bans photoshopping in cosmetics ads. Wow, and I thought all those models had perfect faces and perfect bodies all of the time…

November 7, 2010 – Episode 186

Posted in Annoucements, Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, The CyberJungle, Vulnerabilities with tags , , on November 7, 2010 by datasecurityblog

Episode 186:

This week’s regular episode of  The Cyberjungle  is 27 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 186 via the flash player:

Interview

Kevin Johnson, web security expert with Secure Ideas, stops by to discuss the Firesheep WiFi sidejacking attack. Protect yourself from snoopers at Wi-Fi hotspots by using a free VPN service, like Anchorfree.com. Ira also recommends ForceTLS, and/or HTTPS Everywhere by the EFF.

Tales from the Dark Web

There’s a Hacker App for That: Critical security holes uncovered in bank and stock broker iPhone and Andriod Smartphone apps

Our Take on This Week’s News

Throwing Salt on A Data Breach Wound- Imagine this: Business has proprietary info potentially worth millions, stolen by an employee. Employee is caught, and during the court trial, the very proprietary info stolen could be revealed again in a public court trial.  Get the details, and a link to the case

Voters Reject Traffic Surveillance Systems- Voters across the country rejected government surveillance where ever their ballots presented the opportunity.

The CyberJungle goes to The Paraben Forensic Innovations Conference, Nov 7-10th in Park City Utah. Get our reports in Conference Notes. And follow Ira on Twitter for comments and nuggets of interest.

September 25, 2010 – Episode 175

Posted in Annoucements, Breach, Conference Coverage, Court Cases, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , on September 26, 2010 by datasecurityblog

Episode 175:

This week’s regular episode of  The Cyberjungle  is 1 hour and 25 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 175 via the flash player:

Interview

Lance Spitzner from the SANS “Securing the Human” project joins us to discuss the final (and largest) hole in network security. It’s the users, stupid.  Millions of hours and billions of brain cells have been spent securing computers and networks.  The job will never be done until we secure the humans.  Our interview with Lance is about 5 minutes long, and it starts about 25 minutes into the show. Lance’s blog posting with slides from his presentation at SANS Las Vegas.

Tales from the Dark Web

Twitter attack is warning to social network users

We all love to give our opinions.  Apparently, the bad guys know it. The latest dark web scam involves online and email surveys.

Our Take on This Week’s News

Teacher fired for posting a blog that included references to various students. The article in the Austin Statesman is unclear, but the reader comments help us piece together the story. Apparently this teacher, who was last year’s teacher of the year, wrote a blog on which she contemplated how to approach teaching challenges presented by some of her individual students.  Her mistake was probably posting photos.  One comment indicates that she did not identify any of the students by name.  We are inclined to blame the administration for failure to make clear the policies regarding federal student privacy laws (FERPA).

“Respondent May NOT Use Internet in Any Manner to Communicate About Petitioner Ever Again.” An order handed down in a divorce case.  The question on the Volokh Conspiracy is whether the order in constitutional.  (Remember free speech?) You can’t libel someone, and maybe you can be gagged during litigation, but the government can’t permanently keep you from trashing your ex.

Wonder how many jobs this created or saved? Federal stimulus dollars are being used for an RFID program to track preschoolers.    ACLU and EFF open a can of whip-ass.

Lawyers heart Facebook! Best not to post photos of yourself looking healthy and robust on Facbook if you’re in litigation for a personal injury.  A judge has ordered  the private portions of plaintiff’s Facebook are discoverable,  since the public portions suggest she’s having more fun that she claims her physical condition permits.

U.S. Cybercommand proposing an internet “safe zone” for government and such critical industries as utilities and banking.  A super-safe segregated network might raise as many questions as it answers. Read various versions below for a variety of angles.

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092302171.html

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092305431.html

http://www.nytimes.com/2010/09/24/us/24cyber.html?_r=1&ref=technology

http://www.wired.com/dangerroom/2010/09/militarys-cyber-commander-swears-no-role-on-civilian-networks/

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227500515

Worm attack on Iranian nuke facility. Is this malware part of a nation-state attack?

Top ten internal threats to network securityThis how the risks stack up according to researchers at Fortinet.

Think Different: Citibank iPhone Risks Banking Data

Posted in Annoucements, Breach, eMail Security with tags , , , on July 26, 2010 by datasecurityblog

Citibank announced today a major flaw in its iPhone/iPad banking app. The app leaves account information on the device. What is this bad? Well, iPhone/iPad/iOS  does not support whole disc encryption.

At last month’s Gartner Security and Risk Conference in DC, I sat next to a Senior Executive with one of the larger anti-virus companies. According to this executive, the company wants to make and sell a whole disc crypto product, but Apple will not open its API (application program interface) to support whole disc encryption.

Citi iPhone App

Citi iPhone App

Today’s announcement by Citibank about a flaw in their app, comes as little surprise. While this particular flaw can be fixed with an update, the fact remains: The foundation is sitting on shifting sands.  The iOS is first and foremost a consumer media platform. It has a great bright interface, and plays music and videos really well. It has a great eBook reader. But, these devices were not and are not built with security and privacy at their foundation.

When you mistype a word, iOS saves, it, unencrypted. When you use a map, iOS saves it, unencrypted. When info is “erased.” the platform saves it, unencrypted.  As a forensic analysis, the iOS is a boon to uncovering information that the owner of the device would be shocked to learn can be discovered.

Some will say, “all devices are like this.” Well, that is just not so. The Blackberry platform was built with security in mind, rather than an after thought. That’s why the UAE government views the Blackberry as a security threat. Not the iPhone.

I am realistic. Many people are gaga for every device Apple makes. To borrow a phrase: “If Apple took a brick and called it an iPhone you would still want it.” For these people, buying a smartdevice is all about being trendy and the purchase is almost all based upon emotions. I doubt that anything they read about poor security on the iOS will change their behavior.

For others, I suggest  “Think Different.” Resist the temptation to use an unprotected consumer device for business. Use your iPhone/iPad as a media device, and use Blackberries (with the Blackberry Enterprise Server), for business use. It looks like the industry will release business-oriented slate devices to compete with iPad. That may turn out to be smarter for business use.

Until Apple addresses the underlying security issues in the platform, it’s a safe prediction that we will hear other stories about security flaws hurting iOS users.

July 4th, 2010 – Episode 151

Posted in Annoucements, Breach, Court Cases, criminal forensics, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on July 3, 2010 by datasecurityblog

You can hear Episode 151 by clicking on the flash player below, or you can go to our listening options page, and find other ways to receive the show. Episode 151 is one hour and ten minutes long.

Interview Segments:

Interview – Laptop security – it’s part psychology, part technology. Dr. Larry Ponemon from the Ponemon Institute shares his research on laptop theft.  The interview is about ten minutes long, and it starts about 54 minutes into the show.

Interview – David Thompson is co-author of Wild West 2.0, a book that explains what’s happening as the wild web matures, and becomes civilized.  The book takes a historical approach, by drawing parallels between the internet and the wild American frontier, and the disruptions to society as “gentrification” occured — and newbies began to inhabit those spaces.

Event Announcement- Sierra Nevada Infragard

Get smart about smart phone policy in the workplace:

The InfraGard Sierra Nevada Members Alliance is holding its summer meeting on Thursday, July 15, 2010, on the topic of an urgent workplace hazard: Employee-Owned Smartphones—Accessing Workplace Email and Data. A panel of data security and legal experts will cover the technology, human resource, and legal issues related to smartphones in the workplace.

This is a lunch-time event. Donation is $8 buys a light lunch and the admission.  The location is: The Regional Public Safety Training Center, 5190 Spectrum Boulevard, Room #102A, Reno, Nevada

Pre-registration/RSVP

Our Take on This Week’s News

America is riddled with politically motivated surveillance,or so reports the American Civil Liberties Union. Here’s the ACLU report on police infiltration and monitoring of citizen activity in 33 states and the District of Columbia.

Don’t think about lying in family court… divorce lawyers are finding out the real scoop on facebook.

Best Buy tries to fire employee for satire.  The employee was worked three years selling mobile phones for Best Buy.  But the company didn’t appreciate it when its mobile phone expert created a video poking fun at the irrational appetite for iPhone. WARNING: Do not listen to this at work without headphones; potty mouth alert!

Voice mail hacking –  an example of an app that allows  CallerID spoofing.  Anyone can get into many voice mail accounts without a password, and can listen to messages, alter settings, or even create a new voice mail greeting.

Growing risks of advanced attack threats — eighty percent of businesses have been hit.

The government of India has ordered Skype, RIM (Blackberry) and Google to provide a way for its security agencies to intercept messages.  Why is this important? Two reasons:  1) we all do business with India in some indirect fashion.  Someone you are doing business with is doing business with companies in India.  2)  Giving a back door to the Indian government is, in effect, giving it to the world.  The companies have 15 days to comply with the order or be banned from doing business in India.

FBI’s Internet Crime Complaint Center (IC3) reports a spam attack that appears to come from one of your friends who is stuck overseas without money or passport.  Needs help.

The accused Russian Spies had an interesting bag of tricks that included the use of steganography. That’s the art and science of hiding messages in plain site, by embedding the information in the text of another document, or in a photo or a piece of art.  It’s not just a tool for spies. You, too, can use steganography to protect your privacy.

The CyberJungle Episode 101 – Jan 10 2010

Posted in Annoucements, Breach, Court Cases, darkweb, eMail Security, Legislation, Podcast, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on January 10, 2010 by datasecurityblog

Security, Your Privacy, and The Law

On this week’s program:

* Houston DA Tweets the names of people arrested for DUI

* WiFi for passive aggressives

* You won’t believe the password to launch nuclear war

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 101 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive.

Show Notes for Episode 101 of the CyberJungle

* Conversation: Ira and Samantha interview Houston civil rights attorney Randall Kallinen about the Houston Texas-area DA Tweeting the names of those arrested for DUI.

*How Google collects information

*Google Near Me Now application

* Digital piracy hits the book industry

* Mind-reading at the airports

*WiFi for passive aggressive

*Nuclear launch passcodes

*Ransomware – buy back your own files?

*One in ten botnets are engaged in the Zues attack

*Ironkey CEO speaks about the USB crypto flaw

*FTC says FCC needs to consider the dangers of cloud computing

Follow

Get every new post delivered to your Inbox.

Join 1,126 other followers