Archive for the Business Continuity Category

Aug 15, 2014, Episode 347, Show Notes

Posted in Business Continuity, Conference Coverage, criminal forensics, darkweb, eMail Security, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on August 14, 2014 by datasecurityblog

Episode 347 of The CyberJungle is about 36 minutes long.  Daniel Ayoub’s Kickstarter project for SOHO infosec starts at 13min. Adam Shostack on transparent incident response starts at about 21min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 347 via the flash player:

Interview

Daniel Ayoub’s Kickstarter project for SOHO infosec

Adam Shostack on transparent incident response

Our Take on This Week’s News

SOHOpelessly Broken SOHO router/firewall

IRA failed to perform background checks on contractors

 

Tales from The Dark Web

Urgent Adobe PDF patching, or install alternatives now

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

 

May 13 2014, Episode 337, Show Notes

Posted in Business Continuity, Conference Coverage, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on May 11, 2014 by datasecurityblog

Episode 337 of The CyberJungle is about 25 minutes long. Steve Ross on cybersecurity and process, IT workers targeted, and “Heartbroken.” You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 337 via the flash player:

Interview

Risk Masters’ Steve Ross on cybersecurity and process

Our Take on This Week’s News

Foreign intelligence agencies are targeting IT workers

Surveillance camera clears woman hit by police car 

Tales from The Dark Web

Silly sysadmins ADDING Heartbleed to servers

Wrap

DEA to release man mistaken for drug dealer that stole his ID

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

 

Feb 12 2014, Episode 328, Show Notes

Posted in Breach, Business Continuity, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on February 12, 2014 by datasecurityblog

Episode 328 of The CyberJungle is about 35 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 328 via the flash player:

Interviews

Does Chip+Pin Solve The Breach Problem? We talk to Michael Santarcangelo. Here is the story talked about in the segment.

Our Take on This Week’s News

Public Uneasy About Security, Privacy and SelfDriveAutos

Toyota Nears $1Bil Penalty For Alleged Software Failure

Remote Access Lessons From Target Breach

Tales From The Dark Web

Law Firm Incident Response Failure to CryptoLocker.

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Sept 7th 2013, Episode 314, Show Notes

Posted in Business Continuity, Conference Coverage, Exclusive, Interview Only Edition, Podcast, Show Notes, The CyberJungle with tags , , , , on September 6, 2013 by datasecurityblog

Episode 314 of The CyberJungle is about 26 minutes long.  We break again from our normal format this week, to bring you content from Black Hat 2013 in Las Vegas and DefCon21 in Las Vegas. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 314 via the flash player:

Interviews

Dave Porcello Founder of PwnieExpress. Here is a link to their blog.

Sergei Belokamen of Bugcrowd.

Brian Lowe of Unknown.com, here is a link to their content on their site covered in the segment.

Tales From The Dark Web and Our Take on This Week’s News

On a break due to content from BlackHat and DefCon 2013 in Las Vegas

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

March 7, 2011 – Episode 203

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, Exclusive News, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , , , , , on March 7, 2011 by datasecurityblog

Episode 203 of  The CyberJungle is about 53 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.

To listen to Episode 203 via the flash player:

Interviews

Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.

Tales From The Dark Web

Exactly what is the “boy-in-the-browser attack?”

Our Take on The Week’s News

Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer

Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:

Via the flash player:

More mobile security news, Keeping Tabs on Android Smartphone Activity.

Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.

Wrap

OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test

April 24, 2010 – Episode 131

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, eMail Security, Exclusive, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , on April 24, 2010 by datasecurityblog

Interview: Evan Ratliff joins us to discuss his attempt to vanish for a month, with Wired Magazine challenging readers to find him, and a $5,000 reward for anyone who snapped his photo and said the word “fluke.”  An online posse developed, Evan ducked discovery for 25 days, and was caught in New Orleans, a few days shy of his goal.  The interview is about 14 minutes long, and it starts about 57 minutes into Episode 131. You may stream the program here:

You may download Episode 131 here. Or visit the Listening Options page for more ways to hear the program.

Discussion: The texting case that made it to the U.S. Supreme Court.  We discuss with ACLU Attorney Lee Rowland Fourth Amendment protections as they apply (or don’t apply — that’s what the court is considering)  to text messages, and under what circumstances.  Our discussion with Lee is about 20 minutes long, and starts about 22  minutes into Episode 131

Our Take on This Week’s News

Amazon is fighting off a demand from the North Carolina Department of Revenue (the state tax collectors). The state wants a record of all Amazon purchases made by its residents, and it wants names, so it can collect the sales tax.  Amazon says “privacy violation.”  And remember Amazon’s original business was books, which have a special place in the law when it comes to protecting their owners from government intrusion.

Here’s the story as reported by c|net, and here’s Amazon’s complaint.

Cyberattack on Google Said to Hit Password System.  More has been revealed about the extent of the Aurora attack on Google.  This story was apparently leaked to the New York Times by someone familiar with the investigation.  It suggests huge implications for the security of all Google applications.

Facebook is becoming quite brazen about exposing user profile information. This opinion piece at EFF explains the latest piece of information to be taken out of the user’s control.

Related:  The Facebook “like it” button, coming soon to websites everywhere.

About the most straightforward information-sharing scheme we’ve seen yet:  Blippy mines your email and credit card statements (with  your permission) and posts every purchase you make.  Blippy is the VC flavor of the month, having just received $11 million.  Too bad some credit card numbers belonging to Blippy users turned up when some curious surfers hit Google with search strings containing the words “Blippy.com” and “from card”.  Will Blippy survive?  Probably, even in the face of a less-than-apologetic stance from the company (Co-founded by the infamous Pud, of the infamous FuckedCompany.com site from the “dot-bomb” period.)  Why anyone would want to be part of Blippy, especially now,  is a separate discussion.

Highly-paid SEC lawyers and accountants spent their days surfing porn sites while Bernie Madoff was making off with a whole lotta other people’s money. We ask why, in an entity whose mission revolves around audits and controls, were there no audit trails and controls to call attention to an employee with 16,000 attempts to access porn?  Shouldn’t this have been nipped in the bud before it spiraled out of control?

You probably read about some of the chaos that ensued from McAfee’s latest update.  But this story by a SANS incident handler takes the prize.

Malware mules:  We all know about drug mules and money mules.  But the black market for email credentials is creating some new opportunities.

Show Notes: The CyberJungle Episodes 105 and 104- Jan 23 2010

Posted in Program Preview, The CyberJungle, Vulnerabilities with tags on January 22, 2010 by datasecurityblog

This week’s features-

Interview with Joe Grand, electrical engineer, hardware hacker and proprietor of Grand Idea Studio. Ira and Joe discuss hardware hacking.  Hobbyists, researchers, and innovators are modifying electronic devices in greater numbers

The 23-minute  interview (too long for radio) is posted by itself as episode 104. There’s a partial version of the interview contained in the show,  episode 105 of theCyberJungle.

Hardware Hacking Extra:  Cell phone as vehicle starter- We got quite a few comments about this. visit: “Dave Hacks, Well, not really hack, but I definitely ‘modify’ things.”

http://davehacks.troublem8ker.com/wordpress/?p=4

AND —  You probably didn’t know this, but Thursday January 28 is International Data Privacy Day. Does the market reward  businesses that protect customer privacy? There must be some reward, because there’s growing field of certified privacy professionals… and their organization has thousands of members.

PLUS — Our take on this week’s news:

A new generation of card skimmers. Photos below.

Source: Krebsonsecurity.com and Mikko Hypponen:

Could you detect the ATM card skimmer here?

Pin-hole camera to capture PIN numbers

Indonesian Police Intensifying Efforts To Investigate ATM Scams http://ow.ly/16p52r

Data hung out to dry as 4,500 USBs are left in Dry Cleaners  http://www.credant.com/news-a-events/press-releases/376-dry-cleaners.html

Microsoft Patches IE, Admits it Knew of Bug Last August: As Microsoft patched the Internet Explorer zero-day … http://bit.ly/8p2JnG

Emergency IE patch goes live as exploits proliferate: Hundreds of sights locked and loaded  http://www.theregister.co.uk/2010/01/21/ie_emergency_patch_released/

80% of gov’t Web sites miss DNS security deadline  http://www.computerworld.com/s/article/9147018/80_of_gov_t_Web_sites_miss_DNS_security_deadline

Microsoft confirms 17-year-old Windows bug  http://www.computerworld.com/s/article/9146820/Microsoft_confirms_17_year_old_Windows_bug

Poisoned PDF pill used to attack US military contractors  http://www.f-secure.com/weblog/archives/00001859.html

NTSB recommends camera surveillance in train locomotives, after investigating a crash that killed 25. The engineer was texting and using his cell phone at the time of the crash. The union representing train engineers has objected to the recommendation on privacy grounds. Salient fact in the story – the texting engineer had 5 reprimands in his personnel file, issued over a two-and-a-half year period.  Now the feds should install cameras to watch ALL engineers (including the ones who follow the rules) just because railroad management failed to fire the loose cannon in their ranks?

http://www.ble.org/pr/news/headline.asp?id=29037

And Microsoft pushes congress for a cloud computing law.

http://thehill.com/blogs/hillicon-valley/technology/77155-microsoft-pushes-cloud-computing-act

Follow

Get every new post delivered to your Inbox.

Join 1,120 other followers