December 19, 2011 – Episode 242

Episode 242 of The CyberJungle is about 25 minutes long.  You can hear it by clicking on the flash player below. The interview with Sean Morrissey of Katana Forensics begins at about 13min.  You may download the file directly – great for listening on many smartphones. Or, you  may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 242 via the flash player:

Interview

Sean Morrissey of Katana Forensics launches LaternLite iOS Forensics tool this week

Our Take On This Week’s News

Forensic innovator Jonathan Grier has developed tools that use statistical analysis of file access data to reconstruct timelines. According to Mr. Gerier, his method can be used to determine what, if data was exfiltrated from the system. Read more in: Detecting data theft using stochastic forensics.

Excellent work by c|net’s Elinor Mills on the software by CarrierIQ that some have labeled as an illegal “root kit.” Read: Sprint disabling Carrier IQ on phones.

Tales From The Dark Web

Passwords hard coded into industrial control systems – What could possibly go wrong?

Wrap

New job opportunity for those with Photoshop forensics skills? US watchdog bans photoshopping in cosmetics ads. Wow, and I thought all those models had perfect faces and perfect bodies all of the time…

November 7, 2010 – Episode 186

Episode 186:

This week’s regular episode of  The Cyberjungle  is 27 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 186 via the flash player:

Interview

Kevin Johnson, web security expert with Secure Ideas, stops by to discuss the Firesheep WiFi sidejacking attack. Protect yourself from snoopers at Wi-Fi hotspots by using a free VPN service, like Anchorfree.com. Ira also recommends ForceTLS, and/or HTTPS Everywhere by the EFF.

Tales from the Dark Web

There’s a Hacker App for That: Critical security holes uncovered in bank and stock broker iPhone and Andriod Smartphone apps

Our Take on This Week’s News

Throwing Salt on A Data Breach Wound- Imagine this: Business has proprietary info potentially worth millions, stolen by an employee. Employee is caught, and during the court trial, the very proprietary info stolen could be revealed again in a public court trial.  Get the details, and a link to the case

Voters Reject Traffic Surveillance Systems- Voters across the country rejected government surveillance where ever their ballots presented the opportunity.

The CyberJungle goes to The Paraben Forensic Innovations Conference, Nov 7-10th in Park City Utah. Get our reports in Conference Notes. And follow Ira on Twitter for comments and nuggets of interest.

September 25, 2010 – Episode 175

Episode 175:

This week’s regular episode of  The Cyberjungle  is 1 hour and 25 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 175 via the flash player:

Interview

Lance Spitzner from the SANS “Securing the Human” project joins us to discuss the final (and largest) hole in network security. It’s the users, stupid.  Millions of hours and billions of brain cells have been spent securing computers and networks.  The job will never be done until we secure the humans.  Our interview with Lance is about 5 minutes long, and it starts about 25 minutes into the show. Lance’s blog posting with slides from his presentation at SANS Las Vegas.

Tales from the Dark Web

Twitter attack is warning to social network users

We all love to give our opinions.  Apparently, the bad guys know it. The latest dark web scam involves online and email surveys.

Our Take on This Week’s News

Teacher fired for posting a blog that included references to various students. The article in the Austin Statesman is unclear, but the reader comments help us piece together the story. Apparently this teacher, who was last year’s teacher of the year, wrote a blog on which she contemplated how to approach teaching challenges presented by some of her individual students.  Her mistake was probably posting photos.  One comment indicates that she did not identify any of the students by name.  We are inclined to blame the administration for failure to make clear the policies regarding federal student privacy laws (FERPA).

“Respondent May NOT Use Internet in Any Manner to Communicate About Petitioner Ever Again.” An order handed down in a divorce case.  The question on the Volokh Conspiracy is whether the order in constitutional.  (Remember free speech?) You can’t libel someone, and maybe you can be gagged during litigation, but the government can’t permanently keep you from trashing your ex.

Wonder how many jobs this created or saved? Federal stimulus dollars are being used for an RFID program to track preschoolers.    ACLU and EFF open a can of whip-ass.

Lawyers heart Facebook! Best not to post photos of yourself looking healthy and robust on Facbook if you’re in litigation for a personal injury.  A judge has ordered  the private portions of plaintiff’s Facebook are discoverable,  since the public portions suggest she’s having more fun that she claims her physical condition permits.

U.S. Cybercommand proposing an internet “safe zone” for government and such critical industries as utilities and banking.  A super-safe segregated network might raise as many questions as it answers. Read various versions below for a variety of angles.

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092302171.html

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092305431.html

http://www.nytimes.com/2010/09/24/us/24cyber.html?_r=1&ref=technology

http://www.wired.com/dangerroom/2010/09/militarys-cyber-commander-swears-no-role-on-civilian-networks/

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227500515

Worm attack on Iranian nuke facility. Is this malware part of a nation-state attack?

Top ten internal threats to network security – This how the risks stack up according to researchers at Fortinet.

Think Different: Citibank iPhone Risks Banking Data

Citibank announced today a major flaw in its iPhone/iPad banking app. The app leaves account information on the device. What is this bad? Well, iPhone/iPad/iOS  does not support whole disc encryption.

At last month’s Gartner Security and Risk Conference in DC, I sat next to a Senior Executive with one of the larger anti-virus companies. According to this executive, the company wants to make and sell a whole disc crypto product, but Apple will not open its API (application program interface) to support whole disc encryption.

Citi iPhone App

Today’s announcement by Citibank about a flaw in their app, comes as little surprise. While this particular flaw can be fixed with an update, the fact remains: The foundation is sitting on shifting sands.  The iOS is first and foremost a consumer media platform. It has a great bright interface, and plays music and videos really well. It has a great eBook reader. But, these devices were not and are not built with security and privacy at their foundation.

When you mistype a word, iOS saves, it, unencrypted. When you use a map, iOS saves it, unencrypted. When info is “erased.” the platform saves it, unencrypted.  As a forensic analysis, the iOS is a boon to uncovering information that the owner of the device would be shocked to learn can be discovered.

Some will say, “all devices are like this.” Well, that is just not so. The Blackberry platform was built with security in mind, rather than an after thought. That’s why the UAE government views the Blackberry as a security threat. Not the iPhone.

I am realistic. Many people are gaga for every device Apple makes. To borrow a phrase: “If Apple took a brick and called it an iPhone you would still want it.” For these people, buying a smartdevice is all about being trendy and the purchase is almost all based upon emotions. I doubt that anything they read about poor security on the iOS will change their behavior.

For others, I suggest  “Think Different.” Resist the temptation to use an unprotected consumer device for business. Use your iPhone/iPad as a media device, and use Blackberries (with the Blackberry Enterprise Server), for business use. It looks like the industry will release business-oriented slate devices to compete with iPad. That may turn out to be smarter for business use.

Until Apple addresses the underlying security issues in the platform, it’s a safe prediction that we will hear other stories about security flaws hurting iOS users.

July 4th, 2010 – Episode 151

You can hear Episode 151 by clicking on the flash player below, or you can go to our listening options page, and find other ways to receive the show. Episode 151 is one hour and ten minutes long.

Interview Segments:

Interview – Laptop security – it’s part psychology, part technology. Dr. Larry Ponemon from the Ponemon Institute shares his research on laptop theft.  The interview is about ten minutes long, and it starts about 54 minutes into the show.

Interview – David Thompson is co-author of Wild West 2.0, a book that explains what’s happening as the wild web matures, and becomes civilized.  The book takes a historical approach, by drawing parallels between the internet and the wild American frontier, and the disruptions to society as “gentrification” occured — and newbies began to inhabit those spaces.

Event Announcement- Sierra Nevada Infragard

Get smart about smart phone policy in the workplace:

The InfraGard Sierra Nevada Members Alliance is holding its summer meeting on Thursday, July 15, 2010, on the topic of an urgent workplace hazard: Employee-Owned Smartphones—Accessing Workplace Email and Data. A panel of data security and legal experts will cover the technology, human resource, and legal issues related to smartphones in the workplace.

This is a lunch-time event. Donation is $8 buys a light lunch and the admission.  The location is: The Regional Public Safety Training Center, 5190 Spectrum Boulevard, Room #102A, Reno, Nevada

Pre-registration/RSVP

Our Take on This Week’s News

America is riddled with politically motivated surveillance,or so reports the American Civil Liberties Union. Here’s the ACLU report on police infiltration and monitoring of citizen activity in 33 states and the District of Columbia.

Don’t think about lying in family court… divorce lawyers are finding out the real scoop on facebook.

Best Buy tries to fire employee for satire.  The employee was worked three years selling mobile phones for Best Buy.  But the company didn’t appreciate it when its mobile phone expert created a video poking fun at the irrational appetite for iPhone. WARNING: Do not listen to this at work without headphones; potty mouth alert!

Voice mail hacking -  an example of an app that allows  CallerID spoofing.  Anyone can get into many voice mail accounts without a password, and can listen to messages, alter settings, or even create a new voice mail greeting.

Growing risks of advanced attack threats — eighty percent of businesses have been hit.

The government of India has ordered Skype, RIM (Blackberry) and Google to provide a way for its security agencies to intercept messages.  Why is this important? Two reasons:  1) we all do business with India in some indirect fashion.  Someone you are doing business with is doing business with companies in India.  2)  Giving a back door to the Indian government is, in effect, giving it to the world.  The companies have 15 days to comply with the order or be banned from doing business in India.

FBI’s Internet Crime Complaint Center (IC3) reports a spam attack that appears to come from one of your friends who is stuck overseas without money or passport.  Needs help.

The accused Russian Spies had an interesting bag of tricks that included the use of steganography. That’s the art and science of hiding messages in plain site, by embedding the information in the text of another document, or in a photo or a piece of art.  It’s not just a tool for spies. You, too, can use steganography to protect your privacy.

The CyberJungle Episode 101 – Jan 10 2010

Security, Your Privacy, and The Law

On this week’s program:

* Houston DA Tweets the names of people arrested for DUI

* WiFi for passive aggressives

* You won’t believe the password to launch nuclear war

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 101 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive.

Show Notes for Episode 101 of the CyberJungle

* Conversation: Ira and Samantha interview Houston civil rights attorney Randall Kallinen about the Houston Texas-area DA Tweeting the names of those arrested for DUI.

*How Google collects information

*Google Near Me Now application

* Digital piracy hits the book industry

* Mind-reading at the airports

*WiFi for passive aggressive

*Nuclear launch passcodes

*Ransomware – buy back your own files?

*One in ten botnets are engaged in the Zues attack

*Ironkey CEO speaks about the USB crypto flaw

*FTC says FCC needs to consider the dangers of cloud computing

The CyberJungle LIVE Call-In Talk Show Launches – Sat 10am-Noon PT

The Data Security Podcast will go LIVE this week as the nation’s first call-in talk show on security, privacy and the law. You can listen on a web stream or terrestrial radio every Saturday, starting this Saturday, Jan 9th from 10 a. m. until noon Pacific Time.  Be sure to tune into the web stream of KKOH-780am, here is a link to their site, click on the’ Listen Live’ link on the upper right hand corner.

We are changing the name of the show to The CyberJungle. We will keep this site active, and we will keep the current iTunes site active for a while, as we transition to the new name and site.   We will  continue to post our interviews with security experts. The material that’s too technical for the radio will be posted here.

We want to thank all of you for  the support and feedback for the last 18 months. We are grateful that you chose to spend your time with us. Our sponsors have also been very good to us. If you enjoy the show, please try their products, and please let the know you heard about them from us.

A big thanks also to the management of KOH Radio. They “get it,” and we salute them for understanding that the time is right for this show.

Data Security Podcast Episode 88, Jan 04 2010

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Bad guys buying services to evade anti-virus

* Special announcement

* Our take on this week’s news

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 88 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 88 of the Data Security Podcast

* Tales From The Dark Web: Bad guys buying services evade anti-virus. Brian Krebs (formerly with The Washington Post) does his usual outstanding work on the topic, from his brand new blog. Read more here.

* From Our Take on The News: Body scanning machines; here’s a story from the UK that dismisses their effectiveness in cases where a guy stuffs a chemical explosive in his underwear. (But they are very effective at revealing the other junk in your underwear.) Read more here.

Meanwhile, Logan International in Boston and the Newark Liberty Airport in New Jersey will both get the body imaging machines. (Both were points of origin for the September 11 attacks.) Read more here from The Star Ledger. And read more here from Boston Globe.

* From Our Take on The News: TSA nominee misled Congress about accessing confidential records. Read more here from The Washington Post.

* From Our Take on The News:  How embarrassing! The Chairman of the FCC sends a facebook spam. Read more here from The New York Times blog.

* Special Announcement:  The Data Security Podcast will go LIVE this week as the nation’s first  call-in talk show on security, privacy and the law. You can listen on a web stream or terrestrial radio every Saturday, starting this Saturday, Jan 9th from 10 a. m. until noon Pacific Time.  Be sure to tune into the web stream of KKOH-780am, here is a link to their site, click on the’ Listen Live’ link on the upper right hand corner.

We are changing the name of the show to The CyberJungle. We will keep this site active, and we will keep the current iTunes site active for a while, as we transition to the new name and site.   We will  continue to post our interviews with security experts. The material that’s too technical for the radio will be posted here.

We want to thank all of you for  the support and feedback for the last 18 months. We are grateful that you chose to spend your time with us. Our sponsors have also been very good to us. If you enjoy the show, please try their products, and please let the know you heard about them from us.

A big thanks also to the management of KOH Radio. They “get it,” and we salute them for understanding that the time is right for this show.

KOH Call-In for The New Show

UPDATE: iTunes Access Up and Doing Well

As we get ready to post Episode 85 today, we want to inform you about an iTunes issue.

The Data Security Podcast made some DNS changes two weeks ago, and it has affected those who listen through the iTunes Store. The iTunes Store is not showing episodes past #82.

UPDATE: Apple has yet to reply to our emails and postings on their Forum. We are now seeking your help.  See more below.

UPDATE #2:  Thanks to everyone who emailed us, AND to the folks at Apple for the assistance in restoring our iTunes feed!

We are working to resolve this issue, and we hope to have our library restored to iTunes shortly. We apologize for the inconvenience. Thanks to everyone that contacted us to alert us to the problem.

In the meantime, you can get the latest episodes from this site here:

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, or other popular sites.

UPDATE, MORE

From our posting (as yet unanswered) on the Apple Support Forum this weekend….

I am the co-host of the popular Data Security Podcast. We have posted a new program every week for about 18 months. About two weeks ago, we made some DNS changes. Since those changes, we have posted Episode 83, 84, and we are shortly going to post 85. BUT, the iTunes Store (iTS), will only display up to Episode 82.

We have gone through the XML, and there are no issues there that would stop the feed. We adjusted the DNS to return it back to the “82 era.” But the new shows won’t post. Of course since DNS is slow to update, we have burned a lot of time getting to the point of trying DNS changes. We have many listeners emailing us about the lack of iTS updates.

We found some info about re-submitting the show, with a different title, and a and link (leading to the same info). Here are my questions:

1. Will that “solve” the problem?

2. If we re-submit the show, will the “old” show listeners be merged into the “new” show or will they have to discover that we have a “new show” that is really the old show, but re-submitted?

3. Is there a better way to do this?

FYI: You can find out show in the Podcasting section of iTunes and search for Data Securtity Podcast .

Our XML feed is here: http://security.talkworkshop.com/datasecurity.xml

On behalf of my co-host Samantha Stone, and our listeners, thanks for your help.

——

We are now turning to you, our listeners. We know you are a smart audience. Please go to the Contact tab above to message us. Thanks in advance for your help.

Program Note – Data Security Podcast 82

Episode 82 of the Data Security Podcast is scheduled to post Monday over night/Tuesday early morning, Greenwich Mean Time.  In the meantime listen to Ira Victor’s two-part infosec special interviews on fighting web drive-by downloads. We posted a two part special edition last Thursday and Friday, Episode #80 and #81.