Episode 203 of The CyberJungle is about 53 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.
To listen to Episode 203 via the flash player:
Interviews
Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.
Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer
Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:
Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.
Wrap
OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test
Interview:Evan Ratliff joins us to discuss his attempt to vanish for a month, with Wired Magazine challenging readers to find him, and a $5,000 reward for anyone who snapped his photo and said the word “fluke.” An online posse developed, Evan ducked discovery for 25 days, and was caught in New Orleans, a few days shy of his goal. The interview is about 14 minutes long, and it starts about 57 minutes into Episode 131. You may stream the program here:
Discussion:The texting case that made it to the U.S. Supreme Court. We discuss with ACLU Attorney Lee Rowland Fourth Amendment protections as they apply (or don’t apply — that’s what the court is considering) to text messages, and under what circumstances. Our discussion with Lee is about 20 minutes long, and starts about 22 minutes into Episode 131
Our Take on This Week’s News
Amazon is fighting off a demand from the North Carolina Department of Revenue (the state tax collectors). The state wants a record of all Amazon purchases made by its residents, and it wants names, so it can collect the sales tax. Amazon says “privacy violation.” And remember Amazon’s original business was books, which have a special place in the law when it comes to protecting their owners from government intrusion.
Cyberattack on Google Said to Hit Password System. More has been revealed about the extent of the Aurora attack on Google. This story was apparently leaked to the New York Times by someone familiar with the investigation. It suggests huge implications for the security of all Google applications.
Facebook is becoming quite brazen about exposing user profile information. This opinion piece at EFF explains the latest piece of information to be taken out of the user’s control.
About the most straightforward information-sharing scheme we’ve seen yet: Blippy mines your email and credit card statements (with your permission) and posts every purchase you make. Blippy is the VC flavor of the month, having just received $11 million. Too bad some credit card numbers belonging to Blippy users turned up when some curious surfers hit Google with search strings containing the words “Blippy.com” and “from card”. Will Blippy survive? Probably, even in the face of a less-than-apologetic stance from the company (Co-founded by the infamous Pud, of the infamous FuckedCompany.com site from the “dot-bomb” period.) Why anyone would want to be part of Blippy, especially now, is a separate discussion.
Highly-paid SEC lawyers and accountants spent their days surfing porn sites while Bernie Madoff was making off with a whole lotta other people’s money. We ask why, in an entity whose mission revolves around audits and controls, were there no audit trails and controls to call attention to an employee with 16,000 attempts to access porn? Shouldn’t this have been nipped in the bud before it spiraled out of control?
Interview with Joe Grand, electrical engineer, hardware hacker and proprietor of Grand Idea Studio. Ira and Joe discuss hardware hacking. Hobbyists, researchers, and innovators are modifying electronic devices in greater numbers
The 23-minute interview (too long for radio) is posted by itself as episode 104. There’s a partial version of the interview contained in the show, episode 105 of theCyberJungle.
Hardware Hacking Extra: Cell phone as vehicle starter- We got quite a few comments about this. visit: “Dave Hacks, Well, not really hack, but I definitely ‘modify’ things.”
AND – You probably didn’t know this, but Thursday January 28 is International Data Privacy Day. Does the market reward businesses that protect customer privacy? There must be some reward, because there’s growing field of certified privacy professionals… and their organization has thousands of members.
NTSB recommends camera surveillance in train locomotives, after investigating a crash that killed 25. The engineer was texting and using his cell phone at the time of the crash. The union representing train engineers has objected to the recommendation on privacy grounds. Salient fact in the story – the texting engineer had 5 reprimands in his personnel file, issued over a two-and-a-half year period. Now the feds should install cameras to watch ALL engineers (including the ones who follow the rules) just because railroad management failed to fire the loose cannon in their ranks?
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.
* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 74 of the Data Security Podcast
* Conversation: Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.
* Tales From The Dark Web: Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out. If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.
Rogueware with new Ransomware Technology
Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security. Take note that the malware icon disappears from the computer, and when it does, the attack is in place. If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:
* From Our Take on The News: Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Major patching in store this week, due in part to flaws revealed this summer in Las Vegas?
* A fresh look at a Zeus banking attack counter-measure
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 73 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 73 of the Data Security Podcast
* Conversation: Ira takes a new look at a counter-measure for the latest wave of Zeus banking attacks in his conversation with Steven Dispensa, CTO of PhoneFactor.
* Tales From The Dark Web: It’s like clockwork…two months after security events BlackHat and Defcon every summer in Las Vegas, we see a surge in patches for attacks that were highlighted at these events. Microsoft Security Bulletin Advance Notification for October 13th 2009. Security Advisory for Adobe Reader and Acrobat for October 13th 2009, including the CVE number.
* From Our Take on The News: Danger Will Robinson! Danger! Update on Danger’s Sidekick Massive Data Loss. Read the FAQ for tips on trying to salvage your data.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Polymorphic malware – every time it attacks it has a new signature.
* The balance on your bank account looks find, too bad all your money’s gone.
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 72 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 72 of the Data Security Podcast
* Conversation: Ira talks about a dangerous new twist to the banking attacks Yuval Ben-Izhak the CTO of security company Finjan. Here is the link to the Finjan Report on the new Zeus bank Trojan mentioned in the segment.
* Tales From The Dark Web: Polymorphic malware – every time it attacks it has a different signature. That means you anti-virus won’t recognize it. Ira talked about the presentation at ISACA Security and Risk Conference by Stuart Staniford, the Chief Scientist at FireEye. Read the related Anti-Phishing Working Group paper on the topic.
* From Our Take on The News: Secure Flight Program by the TSA. EPIC (The Electronic Privacy Information Center) follows the surveillance and profiling of airline passengers. Their most recent post on the TSA “Secure Flight” program was in 2007, when the organization recommended that “secure flight should be grounded” due to privacy concerns. The program is now being expanded to require airline passengers to provide their date of birth when they purchase an airline ticket. See: http://epic.org/privacy/airtravel/secureflight.html
30 minutes each week on data security, privacy, and the law…. (plus or minus five)
On this week’s program:
Is Al-Qaida getting funding by stealing minutes from business phone systems?
$10,000 was paid out to the security researchers that uncovered the flaws in StrongWebMail. Could your email be vulnerable to that same attack? A conversation with StrongWebMail’s top executive.
EXCLUSIVE – New proof of concept browser sniffer hack that does NOT use scripting attacks.
Plus, our take on this week’s news.
More details and links in the show notes section below the audio listening instructions.
–>NEW! Stream This Week’s Show with our Built-In Flash Player: (or scroll down to try the Odeo link for a very firewall friendly player)
This week’s show is 32 minutes long
–> Stream, subscribe or download Episode 57 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Show Notes for Episode 57 of the Data Security Podcast
Ira has a conversation with Darren Berkovitz, COO of StrongWebMail.com and Telesign.com, about why he offered $10,000 to anyone who could break into the StrongWebMail system.
Tales From The Dark Web: The US Justice Department files indictments against three suspected terror suspects. They are charged with stealing business phone minutes, illegally re-selling those minutes, and using the proceeds to fund Al-Qaida terror activities.
From The News: EXCLUSIVE TO THE DATA SECURITY PODCAST, Brendon Boshell a web developer has created a unique remote browser sniffer that does NOT use the highly common, and easily blocked, scripting attacks. This is his proof of concept, but his site only explains part of the approach. We explain more in the show.
From The News: Hawaii sends woman to jail for using her medical records access to post HIV-AIDS patient’s medical information on MySpace.
From The News: The Las Vegas Review Journal got a visit from the Feds after publishing this story … with a subpeona demanding the identities of newspaper readers who posted comments.
The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.
This weeks program – Swing Flu IT Security Tactics; A work around for the latest Adobe PDF Zero-day; And, our take on this week’s news.
–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
This week’s show is sponsored by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
The Show Notes Page for Episode 51 of The Data Security Podcast
-> Wrap-up: Ira enjoyed using the Bracktron Grip-It to hold his smartphone and listen to podcasts and other internet content when he drove from Nevada to the RSA Security Conference in San Francisco. Ira reports that it is highly adjustable, so it can accommodate a variety of devices. The Grip-It keeps devices hands free, and at eye-level. No drilling required, and it can be removed from the dash when parking to help keep away interested theives. He reports that it was stable at highway speeds, and in the sweeepers.
Bracketron Grip-It vent mount for smartphones, MP3 players, and GPS devices
Swine Flu is impacting locations in Mexico, the US, Canada, Asia, and Australia. We recommend that you review your business continuity plan now. Even if the outbreak is contained, if it occurs where you have employees, your business could feel the full impact of the flu.
According to health officials at the UK NHS: “This virus is contagious and is spreading from human to human.” In the event of an outbreak in your area, many of your employees would need to become teleworkers. The time to plan is BEFORE a disruption occurs.
The Data Security Podcast is working on stories now to help with planning. Subscribe to our RSS feed for updates.
