December 19, 2011 – Episode 242

Episode 242 of The CyberJungle is about 25 minutes long.  You can hear it by clicking on the flash player below. The interview with Sean Morrissey of Katana Forensics begins at about 13min.  You may download the file directly – great for listening on many smartphones. Or, you  may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 242 via the flash player:

Interview

Sean Morrissey of Katana Forensics launches LaternLite iOS Forensics tool this week

Our Take On This Week’s News

Forensic innovator Jonathan Grier has developed tools that use statistical analysis of file access data to reconstruct timelines. According to Mr. Gerier, his method can be used to determine what, if data was exfiltrated from the system. Read more in: Detecting data theft using stochastic forensics.

Excellent work by c|net’s Elinor Mills on the software by CarrierIQ that some have labeled as an illegal “root kit.” Read: Sprint disabling Carrier IQ on phones.

Tales From The Dark Web

Passwords hard coded into industrial control systems – What could possibly go wrong?

Wrap

New job opportunity for those with Photoshop forensics skills? US watchdog bans photoshopping in cosmetics ads. Wow, and I thought all those models had perfect faces and perfect bodies all of the time…

October 24, 2011 – Episode 235

Episode 235  of  The CyberJungle is about 25 minutes long.  You can hear it by clicking on the flash player below. The interview begins at about 12min. You may download the file directly – great for listening on many smartphones. Or, you  may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 235 via the flash player:

Interview

EXCLUSIVE: Does ‘Son of Stuxnet’ hold a clue to another SSL CA breach? Jeff Hudson of Venafi give us his take

Our Take On This Week’s News

Another online video breach victim: Microsoft . Read more at Geekwire.

iPad Smart Cover Security Flaw. Read more at PCWorld

Tales From The Dark Web

NASDAQ attackers target business executives. Read more at the Chicago Tribune.

Wrap

What if, two years before the 9/11 attacks the U.S. had been given complete digital forensic access to al-Qaeda and Taliban calls and data? Read more in the long, but very worthwhile, Vanity Fair story.

Michigan TrackerGate: ACLU Speaks To CyberJungle Radio

The row continutes between the Michigan ACLU and the Michigan Law Enforcment tonight. The Michigan ACLU leveled the charge earlier this week that Michigan Law Enforement was asking for hundreds of thousands for dollars for records related to the possible forensic imaging of mobile devices using the well-known Cellebrite UFED.  Michigan Law Enforcement has responded.  In a statement, The Michigan State Police said, ”The DEDs [Digital Extraction Devices] are not being used to extract citizens’ personal information during routine traffic stops.” The Michgan State Police also said that there are been no claims that law enforcement has broken any laws in the use of these DEDs.

I interviewed ACLU Staff Attorney Mark Fancher today for a segment in next week’s CyberJungle Radio.  Mark Fancher is with the Racial Jucstice Project at the Michigan ACLU.  The CyberJungle felt it was too important to hold this interview until Monday’s scheduled release at part of the next episode of CyberJungle Radio.

You can hear the interview by clicking on the flash player below. You may download the file directly – great for listening on many smartphones.

To listen to the CyberJungle Radio interview with Mark Fancher of the Michigan ACLU, via the flash player:

Members of the media, please credit CyberJungleRadio.com

by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA-CGEIT. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator’s Association (HTCIA). Follow Ira’s security and forensics tweets: @ira_victor .

Pwn2Own Update: Charlie Miller Changes Course, Now Headed to “Hacker” Contest

Charlie Miller has changed his mind and he will now attend CanSecWest and the Pwn2Own contest. CyberJungle Radio just talked with Charlie Miller, the only three times in a row winner of the CanSecWest “hacker conference.” The CyberJungle broke the story last week that Charlie had decided to stay home this year, due to a disagreement over the contest rules.  CyberJungle Radio is running an interview with Charlie Miller on Episode 203. Following the posting of that interview, Charlie Miller told CyberJungle Radio that he has changed course again, and he will now attend the conference. Although he still disagrees with the rules, for the good of the security community, he has decided to attend this week’s events in Vancouver, British Columbia. Charlie said that he did not speak with the conference organizer regarding his decision.

March 7, 2011 – Episode 203

Episode 203 of  The CyberJungle is about 53 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.

To listen to Episode 203 via the flash player:

Interviews

Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.

Tales From The Dark Web

Exactly what is the “boy-in-the-browser attack?”

Our Take on The Week’s News

Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer

Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:

Via the flash player:

More mobile security news, Keeping Tabs on Android Smartphone Activity.

Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.

Wrap

OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test

January 11, 2011 – Episode 195

Episode 195 of  The Cyberjungle  is 43 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 195 via the flash player:

Our Take on CES2011

The CyberJungle goes to the 2011 Consumer Electronic Show in Las Vegas: Our security perspective on the world’s largest consumer electronic show.

Interview #1 – The CyberJungle gets a private briefing on the BlackBerry Playbook: We talked security and policy on the new tablet. We were briefed by two RIM executives…Jeff Gadway, Global Brand Manager, and Shelly Sofer, Director of Public Relations.

Interview #2 – The CyberJungle talks with Chris Deutschen of Direct Energy: Topics include servicing the home area network, and smart grid security. Yes, the  industry takes security very seriously, according to Deutschen

Get more from CES2011 on our Conference Notes page. And follow (or just read) Ira on Twitter for comments and nuggets of interest.

May 1, 2010- Episode 133

Interview segment:

Jon Pironti, President of IP Architects, LLC,  talks with us about risk management for businesses. Ira met John at the Interop Business Technology Conference in Las Vegas, where John presented a session on developing an information risk management and security strategy.  The interview 9s 12 minutes long, and it starts about 22 minutes into Episode 133.  The standalone interview is also posted on our conference notes page.

You may listen to to Episode 133 on via the flash player:

You may download the MP3 file here; or go to the listening options page for other ways to hear the program.

Our take on this week’s news

Former city of San Francisco network engineer convicted of computer tampering for locking city officials out of the network when he got wind of impending layoffs.

Microsoft issues work-around, advice for SharePoint zero-day attack.

Sarah Palin’s email hacker convicted. The following account is from WBIR in Knoxville, TN.  Ira has his own detailed version, as he kept close track of the initial events that led to David Kernell’s arrest. Ira’s account starts about 45 minutes into episode 133

A federal jury found former UT student David Kernell guilty of obstruction of justice and unauthorized access in the breach of Sarah Palin’s e-mail. It happened in September 2008, when Palin was running for U.S. Vice President. The obstruction of justice conviction makes Kernell a felon. David Kernall tried to cover up his actions by erasing the hard drive of the computer he used in the crimes. The case is a mistrial on count one, the charge of identity theft. The jury found Kernell not guilty on count 2, the charge of wire fraud. Unauthorized access is a misdemeanor lesser included charge from count three, which accused Kernell of felony unlawful computer access. The jury found Kernell guilty of obstruction of justice. That carries a maximum sentence of 20 years in prison, with a fine up to $250,000.

Report from the Interop Business Technology Conference in Las Vegas

Hot Topics at Interop 2010 Las Vegas: Cloud Computing, Virtualization, IT Security and Risk Management, VoIP and Unified Communications, Mobile Business Communications.  Ira discusses the conference, starting about 11 minutes into episode 133.

Ira spoke with Michael Saitow, CIO of Liquor Distributor, MS Walker;  and Philippe Winthrop, Managing Director, The Enterprise Mobility Foundation, both were panelist on a mobile communications and policy seminar at Interop.

Money laundering operation shut down, as an entrepreneur is indicted:  ACH Transactions Used to move money for internet gambling operations

Another indictment: conspirator in hospital scheme to sell trauma patient medical records to personal injury attorneys.

Credit unions lose almost $2 million to an IT contractor who had unlimited remote access to their networks.

Episode 129 – April 17, 2010

Interview Segment:  Physicians, citizen groups, and many states are lining up to sue the federal government over the new individual health insurance mandate.  But there’s a unique case coming out of Mississippi, where an attorney has filed a suit claiming the new health care reform violates the right to medical privacy.  Our interview with Doug Lee starts about 22 minutes into the show, and it’s about 9 minutes long.

The full show can be streamed on the flash player below.

Or download Episode 129 here. Or visit the Listening Options page for more ways to hear the program.

Our take on this week’s news:

News coming out the the Computer-Human Interaction conference meeting in Atlanta this week, Where researchers announced their findings about possible security problems with advanced wireless medical devices.

Another example of a big company that offers no means to report security flaws on its website. This is something we’ve complained about for years.  How can you help these people if they won’t help you by offering a communication channel?

High marks for entrepreneurship – these two New York City companies facilitate a match-up, via text or tweet,  between people who need a parking space, and people who are vacating a parking space.  Find a need and fill it.  We wish these guys the best, but we sure hope they don’t end up facilitating a rape or robbery in the middle of the night. (I ‘m a bad guy with a parking space at 3 a.m…. come and get it, little girl.)

Congress passes the “Truth in Caller ID Act of 2010″:  Under the bill, it becomes illegal “to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud or deceive.”

Security sucks, according to formern national cybersecurity advisor Amit Yoran… everywhere he looks… he sees the same cluelessness,  Why your information security stinks, and what to do about it

Federal Agencies Falling Short On OMB’s Federal Desktop Core Configuration Mandate. No agency has fully implemented all the configuration settings on applicable PCs

Critical Java update:  Oracle issues emergency Java patch to stop zero-day attacks.

Show Notes: The CyberJungle Episodes 103 and 102 Jan 12 2010

Two episodes this week: Episode 103 is a podcast version of the live radio program.

Episode 102 is our ‘su root’ podcast, in-depth technical interviews for the more advanced listener.

Overview of this week’s program.  More detailed notes and links provided below under “show notes.”

*Episode 103 the broadcast- Breaking News:  Do airport checkpoint whole body scanners have logging and auditing to enforce security and privacy policies?  We’re not sure after talking with a representative of one of the companies that makes the machines.  Seems the TSA may not have included an audit function in its specifications.   And, our guest tells us what happened to the “puffer machine” that would have detected the underwear bomber’s chemical payload on Christmas Day.

We also talked with an attorney from EPIC, the organization that sought and won the TSA specification documents revealing that body scanning machines are indeed capable of retaining and transmitting the naked images of the passengers they scan. This is NOT what TSA told the American public.

*Episode 102 (the su root interiews… requires above-average technology background). Click fraud is running rampant… ripping off internet advertisers. A new, more serious attack that not only steals credit for click-through purchases, but hijack’s the end user’s computer. This is a must-listen for marketing, security, and legal personnel. Discussion on the live show, with the full interview online.

*Episode 102 (the su root interviews…requires above-average technology background.) A new user credential – your cell phone calls you for a voice print… and then lets you into your email, bank account, authorizes credit card purchases or VPN remote access. Great idea? We have an exclusive audio interview with the co-founder of the company.

–> Listen This Week’s Show through our Main Site

Show Notes for Episode 103 of the CyberJungle

*ZeroDay Flaw in some versions of Microsoft Internet Explorer (MSIE) web browser.  Microsoft’s TechNet site has posted detailed information about the flaw. If you have not checked your MSIE browser version, do it now. Launch MSIE, find the Help Icon (usually the far right menu/icon, depending on the version of MSIE you are running), and select About Internet Explorer. If you are not running MSIE verson 8, you need to update your browser. Read more here. Update your browser to MSIE 8 here.

* People around the world are searching the web for the latest updates on Haiti earthquake. Members of the Dark Web use major events like this to spread their malicious code. Read more on this attack at the WebSense Security site. Ira mentioned the Google Trends site, a site that tracks hot topics on The Web.

* Samantha had a conversation with Ginger McCall, Esq., with the Electronic Privacy Information Center (EPIC). They talked  about the DHS airport body scanners, and a Freedom of Information lawsuit by EPIC. Read more at this EPIC-sponsored site.

* Samantha and Ira had a conversation Brook Miller, VP with Smiths Detection, the makers of “the puffer” machine, and the whole body scanners.

* Samantha had a conversation with Dr. Kerry Kerry Nemovicher, Ph.D. about “The Human Firewall” event by  InfraGard. This event takes place on Thursday, Jan 21st at Boomtown Casino, in Reno Nevada. This lunch event runs from 11.15am to 1.15pm. $15 donation when you reserve your ticket by Monday at 9:00am, $20 at the door.

Show Notes for Episode 102 of The CyberJungle, an ‘su root’ program, in-depth technical interviews and analysis

*Ira has a conversation with Dr. Ben Edelman, from the Harvard Business School, about a new type of online advertising “click fraud” that takes over customer’s computers. Read more on Dr. Edelman’s site. On the main site you can listen to the full, detailed, and technical conversation. Look for the “su root” podcast (Episode 102) on the main site, www.TheCyberJungle.com.

* Ira has a conversation with Steven Dispensa, CTO and co-founder of PhoneTrust, about voice print authentication. On the main site you can listen to the full, detailed, and technical conversation. Look for the “su root” podcast (Episode 102) on the main site, www.TheCyberJungle.com.