Archive for the Exclusive News Category

Dec 9th 2013, Episode 322, Show Notes

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Exclusive News, Podcast, Show Notes, The CyberJungle with tags , , on December 9, 2013 by datasecurityblog

Episode 322 of The CyberJungle is about 25 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 322 via the flash player:

Our Take on This Week’s News

Bitcoin fraud and cybercrimes: Inside BitCoin Conference; In the Murky World of Bitcoin, Fraud Is Quicker Than the Law; Buying a Tesla with bitcoin? Not so fast

Does LE have a new approach to fighting cyber crime? 13 members of the criminal community, “gained” via Internet virus about 70 million rubles were arrested; Russia charges ‘criminal organization’ behind Blackhole malware kit

Tales From The Dark Web

RICO used in Cybercrime Conviction

Wrap

Luxury toilet users warned of hardware flaw

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. * File recovery for NTFS (all versions), Ext 2/3/4, HFS, HFS+, HFSX, ExFAT, FAT16, FAT32

Find out more at Atola.com

 

Nov 27 2013, Episode 321, Show Notes

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Exclusive News, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on November 27, 2013 by datasecurityblog

Episode 321 of The CyberJungle is about 25 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 321 via the flash player:

Interviews

Amber Schroader, CEO of Paraben Forensics

Our Take on This Week’s News

Ground-breaking cyber crime case, and the Gmail flaw talked about in the segment

Malware predictions for 2014

Tales From The Dark Web

CryptoLocker surge led by drop in value in IDs?

Wrap

New technique for late night IT work?

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases:

* Excellent disk imaging speed up to 180 MB/s

* Checksum calculation: MD5, SHA (1, 224, 256, 384, 512)

* Forensic data erasure methods including DoD 5220.22-M, Security Erase, NIST 800-88, Pattern Erase

* Case management system

* ATA Password removal

* File recovery for NTFS (all versions), Ext 2/3/4, HFS, HFS+, HFSX, ExFAT, FAT16, FAT32

* High performance of the multi-pass imaging for damaged drives

* Authentic Atola HDD diagnostics that creates a detailed report in minutes.

Find out more at Atola.com

 

December 19, 2011 – Episode 242

Posted in Annoucements, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive News, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on December 19, 2011 by datasecurityblog

Episode 242 of The CyberJungle is about 25 minutes long.  You can hear it by clicking on the flash player below. The interview with Sean Morrissey of Katana Forensics begins at about 13min.  You may download the file directly – great for listening on many smartphones. Or, you  may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 242 via the flash player:

Interview

Sean Morrissey of Katana Forensics launches LaternLite iOS Forensics tool this week

Our Take On This Week’s News

Forensic innovator Jonathan Grier has developed tools that use statistical analysis of file access data to reconstruct timelines. According to Mr. Gerier, his method can be used to determine what, if data was exfiltrated from the system. Read more in: Detecting data theft using stochastic forensics.

Excellent work by c|net’s Elinor Mills on the software by CarrierIQ that some have labeled as an illegal “root kit.” Read: Sprint disabling Carrier IQ on phones.

Tales From The Dark Web

Passwords hard coded into industrial control systems – What could possibly go wrong?

Wrap

New job opportunity for those with Photoshop forensics skills? US watchdog bans photoshopping in cosmetics ads. Wow, and I thought all those models had perfect faces and perfect bodies all of the time…

October 24, 2011 – Episode 235

Posted in Breach, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive News, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , on October 24, 2011 by datasecurityblog

Episode 235  of  The CyberJungle is about 25 minutes long.  You can hear it by clicking on the flash player below. The interview begins at about 12min. You may download the file directly – great for listening on many smartphones. Or, you  may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 235 via the flash player:

Interview

EXCLUSIVE: Does ‘Son of Stuxnet’ hold a clue to another SSL CA breach? Jeff Hudson of Venafi give us his take

Our Take On This Week’s News

Another online video breach victim: Microsoft . Read more at Geekwire.

iPad Smart Cover Security Flaw. Read more at PCWorld

Tales From The Dark Web

NASDAQ attackers target business executives. Read more at the Chicago Tribune.

Wrap

What if, two years before the 9/11 attacks the U.S. had been given complete digital forensic access to al-Qaeda and Taliban calls and data? Read more in the long, but very worthwhile, Vanity Fair story.


Michigan TrackerGate: ACLU Speaks To CyberJungle Radio

Posted in criminal forensics, ediscovery, Exclusive News, The CyberJungle with tags , , on April 21, 2011 by datasecurityblog

The row continutes between the Michigan ACLU and the Michigan Law Enforcment tonight. The Michigan ACLU leveled the charge earlier this week that Michigan Law Enforement was asking for hundreds of thousands for dollars for records related to the possible forensic imaging of mobile devices using the well-known Cellebrite UFED.  Michigan Law Enforcement has responded.  In a statement, The Michigan State Police said, “The DEDs [Digital Extraction Devices] are not being used to extract citizens’ personal information during routine traffic stops.” The Michgan State Police also said that there are been no claims that law enforcement has broken any laws in the use of these DEDs.

I interviewed ACLU Staff Attorney Mark Fancher today for a segment in next week’s CyberJungle Radio.  Mark Fancher is with the Racial Jucstice Project at the Michigan ACLU.  The CyberJungle felt it was too important to hold this interview until Monday’s scheduled release at part of the next episode of CyberJungle Radio.

You can hear the interview by clicking on the flash player below. You may download the file directly – great for listening on many smartphones.

To listen to the CyberJungle Radio interview with Mark Fancher of the Michigan ACLU, via the flash player:

Members of the media, please credit CyberJungleRadio.com

by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA-CGEIT. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator’s Association (HTCIA). Follow Ira’s security and forensics tweets: @ira_victor .

Pwn2Own Update: Charlie Miller Changes Course, Now Headed to “Hacker” Contest

Posted in Conference Coverage, Exclusive News with tags , , on March 7, 2011 by datasecurityblog

Charlie Miller has changed his mind and he will now attend CanSecWest and the Pwn2Own contest. CyberJungle Radio just talked with Charlie Miller, the only three times in a row winner of the CanSecWest “hacker conference.” The CyberJungle broke the story last week that Charlie had decided to stay home this year, due to a disagreement over the contest rules.  CyberJungle Radio is running an interview with Charlie Miller on Episode 203. Following the posting of that interview, Charlie Miller told CyberJungle Radio that he has changed course again, and he will now attend the conference. Although he still disagrees with the rules, for the good of the security community, he has decided to attend this week’s events in Vancouver, British Columbia. Charlie said that he did not speak with the conference organizer regarding his decision.

March 7, 2011 – Episode 203

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, Exclusive News, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , , , , , on March 7, 2011 by datasecurityblog

Episode 203 of  The CyberJungle is about 53 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.

To listen to Episode 203 via the flash player:

Interviews

Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.

Tales From The Dark Web

Exactly what is the “boy-in-the-browser attack?”

Our Take on The Week’s News

Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer

Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:

Via the flash player:

More mobile security news, Keeping Tabs on Android Smartphone Activity.

Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.

Wrap

OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test

January 11, 2011 – Episode 195

Posted in Conference Coverage, Exclusive News, The CyberJungle, Vulnerabilities with tags , , , on January 11, 2011 by datasecurityblog

Episode 195 of  The Cyberjungle  is 43 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 195 via the flash player:

Our Take on CES2011

The CyberJungle goes to the 2011 Consumer Electronic Show in Las Vegas: Our security perspective on the world’s largest consumer electronic show.

Interview #1 – The CyberJungle gets a private briefing on the BlackBerry Playbook: We talked security and policy on the new tablet. We were briefed by two RIM executives…Jeff Gadway, Global Brand Manager, and Shelly Sofer, Director of Public Relations.

Interview #2 – The CyberJungle talks with Chris Deutschen of Direct Energy: Topics include servicing the home area network, and smart grid security. Yes, the  industry takes security very seriously, according to Deutschen

Get more from CES2011 on our Conference Notes page. And follow (or just read) Ira on Twitter for comments and nuggets of interest.

May 1, 2010- Episode 133

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive News, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on May 1, 2010 by datasecurityblog

Interview segment:

Jon Pironti, President of IP Architects, LLC,  talks with us about risk management for businesses. Ira met John at the Interop Business Technology Conference in Las Vegas, where John presented a session on developing an information risk management and security strategy.  The interview 9s 12 minutes long, and it starts about 22 minutes into Episode 133.  The standalone interview is also posted on our conference notes page.

You may listen to to Episode 133 on via the flash player:

You may download the MP3 file here; or go to the listening options page for other ways to hear the program.

Our take on this week’s news

Former city of San Francisco network engineer convicted of computer tampering for locking city officials out of the network when he got wind of impending layoffs.

Microsoft issues work-around, advice for SharePoint zero-day attack.

Sarah Palin’s email hacker convicted. The following account is from WBIR in Knoxville, TN.  Ira has his own detailed version, as he kept close track of the initial events that led to David Kernell’s arrest. Ira’s account starts about 45 minutes into episode 133

A federal jury found former UT student David Kernell guilty of obstruction of justice and unauthorized access in the breach of Sarah Palin’s e-mail. It happened in September 2008, when Palin was running for U.S. Vice President. The obstruction of justice conviction makes Kernell a felon. David Kernall tried to cover up his actions by erasing the hard drive of the computer he used in the crimes. The case is a mistrial on count one, the charge of identity theft. The jury found Kernell not guilty on count 2, the charge of wire fraud. Unauthorized access is a misdemeanor lesser included charge from count three, which accused Kernell of felony unlawful computer access. The jury found Kernell guilty of obstruction of justice. That carries a maximum sentence of 20 years in prison, with a fine up to $250,000.

Report from the Interop Business Technology Conference in Las Vegas

Hot Topics at Interop 2010 Las Vegas: Cloud Computing, Virtualization, IT Security and Risk Management, VoIP and Unified Communications, Mobile Business Communications.  Ira discusses the conference, starting about 11 minutes into episode 133.

Ira spoke with Michael Saitow, CIO of Liquor Distributor, MS Walker;  and Philippe Winthrop, Managing Director, The Enterprise Mobility Foundation, both were panelist on a mobile communications and policy seminar at Interop.

Money laundering operation shut down, as an entrepreneur is indicted:  ACH Transactions Used to move money for internet gambling operations

Another indictment: conspirator in hospital scheme to sell trauma patient medical records to personal injury attorneys.

Credit unions lose almost $2 million to an IT contractor who had unlimited remote access to their networks.

Episode 129 – April 17, 2010

Posted in Breach, Court Cases, criminal forensics, darkweb, Exclusive News, Legislation, Podcast, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , on April 17, 2010 by datasecurityblog

Interview Segment:  Physicians, citizen groups, and many states are lining up to sue the federal government over the new individual health insurance mandate.  But there’s a unique case coming out of Mississippi, where an attorney has filed a suit claiming the new health care reform violates the right to medical privacy.  Our interview with Doug Lee starts about 22 minutes into the show, and it’s about 9 minutes long.

The full show can be streamed on the flash player below.

Or download Episode 129 here. Or visit the Listening Options page for more ways to hear the program.

Our take on this week’s news:

News coming out the the Computer-Human Interaction conference meeting in Atlanta this week, Where researchers announced their findings about possible security problems with advanced wireless medical devices.

Another example of a big company that offers no means to report security flaws on its website. This is something we’ve complained about for years.  How can you help these people if they won’t help you by offering a communication channel?

High marks for entrepreneurship – these two New York City companies facilitate a match-up, via text or tweet,  between people who need a parking space, and people who are vacating a parking space.  Find a need and fill it.  We wish these guys the best, but we sure hope they don’t end up facilitating a rape or robbery in the middle of the night. (I ‘m a bad guy with a parking space at 3 a.m…. come and get it, little girl.)

Congress passes the “Truth in Caller ID Act of 2010″:  Under the bill, it becomes illegal “to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud or deceive.”

Security sucks, according to formern national cybersecurity advisor Amit Yoran… everywhere he looks… he sees the same cluelessness,  Why your information security stinks, and what to do about it

Federal Agencies Falling Short On OMB’s Federal Desktop Core Configuration Mandate. No agency has fully implemented all the configuration settings on applicable PCs

Critical Java update:  Oracle issues emergency Java patch to stop zero-day attacks.

Follow

Get every new post delivered to your Inbox.

Join 1,100 other followers