Archive for the Legislation Category

April 11, 2011 – Episode 208

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , on April 10, 2011 by datasecurityblog

Episode 208 of  The CyberJungle is about 30 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 16:50 mark.

To listen to Episode 208 via the flash player:

Interview

Brian Fox, the creator of BASH (BASH makes a lot of Linux tasks easier), is working on a brand-new project to simplify browser security called Coccoon.  According to the company, with the Cocoon Plugin you get: “No tracking. No viruses. No spam. And your browsing history truly private.”

Our Take on The Week’s News

State of IT Security: Ponemon Institute Study of Utilities and Energy Companies. Global energy and utilities organizations face a number of emerging security challenges that are unique to their industry. Ponemon Research surveyed 291 IT and IT security practitioners within the energy and utilities market, and found that most don’t take IT security seriously. Download this research paper to learn more.

Calls for revisions to an auto accident privacy law. Originally intended to protect citizens, but is it being used to block government transparency?

Disable Geolocation in popular web browsers and social tools with this handy guide by Fred de Vries. And, check out Comodo Dragon, a version of Google Chrome with tracking disabled. Comodo Dragon browser also highlights revoked SSL certs, and by default routes traffic to more secure DNS. Only for Windows users right now.

Tales from the Dark Web

Epsilon Marketing Breach: What did Epsilon know about a pending attack and when did they know it?

Wrap

Anatomy of a Tweet.  Very handy forensic guide, called “map-of-a-tweet” by

March 28, 2011 – Episode 206

Posted in Breach, criminal forensics, darkweb, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on March 27, 2011 by datasecurityblog

Episode 206 of  The CyberJungle is about 48 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 38:05 mark.

To listen to Episode 206 via the flash player:

Interview

RIM caves in. Blackberry maker bows to political pressure and removes the DUI checkpoint app. The app maker says the app will save lives by scaring people out of their cars when they have been drinking. We talk to Joe Scott, the CEO of Phantom Alert.

Our Take on The Week’s News

Big Brother crawls up your nose: The state’s war on cold medicine continues, driven by the federal effort to curb its use as an ingredient in methamphetamine. Read more about how law enforcement and the drug companies have teamed up to database everyone who purchases decongestants. Read more  at the Reasonable Reporter.

Iranian hackers obtain fraudulent HTTPS certificates: How close to a Web security meltdown did we get? Detecting Certificate Authority compromises and web browser collusion. How-to guide for browser changes to block revoked digital certificates.

Have the inmates have taken over the asylum at RIM?

Tales from the Dark Web: This ain’t logistics. That shipping alert in your email might have more than a tracking number. How a successful old attack is making a comeback. An excellent, detailed dissection of the attack on the WebRoot blog.

March 21, 2011 – Episode 205

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, The CyberJungle, Vulnerabilities, web server security with tags , , , , on March 20, 2011 by datasecurityblog

Episode 205 of  The CyberJungle is about 43 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.

To listen to Episode 205 via the flash player:

Interview

Interview: Peter Schlampp, VP Product Management, Solara Networks on the RSA SecureID breach and network forensics

Our Take on The Week’s News

Web browser anti-tracking: Read, “Do not track tools push firms to crossroad,” by James Temple in the SF Gate.

RSA SecureID breach: An Analytical Brief by NSS Labs

Does transparency webapp threaten citizen data when authenticating users? Read “Big Brother Has Been Watching

Civil court action used to take down evil botnet: Read “With Rustock, a New Twist on Fighting Internet Crime” by IDG’s Robert McMillan. CORRECTION: FireEye worked on this takedown, not eEye, as stated by Ira.

Ghostery allows you to block scripts from companies that you don’t trust, delete local shared objects, and even block images and iframes. Ghostery.com.

BetterPrivacy is a Firefox plug-in which protects from usually not deletable LSOs.

Tales from the Dark Web: What do you get when you stir up a pot full of natural disasters, social media alerts, Java exploits and rogue anti-virus? Read the M86 analysis.

Wrap

Supreme Court To Hear Arguments in ID Search Case: The case concerns an unlawful police stop. Defendant asserts that police had no basis for pulling his car over and then running his license.  EPIC’s amicus brief.

March 7, 2011 – Episode 203

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, Exclusive News, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , , , , , on March 7, 2011 by datasecurityblog

Episode 203 of  The CyberJungle is about 53 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.

To listen to Episode 203 via the flash player:

Interviews

Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.

Tales From The Dark Web

Exactly what is the “boy-in-the-browser attack?”

Our Take on The Week’s News

Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer

Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:

Via the flash player:

More mobile security news, Keeping Tabs on Android Smartphone Activity.

Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.

Wrap

OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test

March 1, 2011 – Episode 202

Posted in Breach, Court Cases, criminal forensics, darkweb, Legislation, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , on March 1, 2011 by datasecurityblog

Episode 202 of  The CyberJungle is about 33 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly- great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interview is about 8 minutes long and it starts at about the 18:25 mark.

To listen to Episode 202 via the flash player:

Interviews

Interview: Brett Kingstone, The author of The Real War Against America, on industrial espionage featuring Chinese spies paying American employees to steal intellectual property.

Tales From The Dark Web

Zues Trojan meets Crank Yankers in a social engineering scheme to drain bank accounts by phone

Our Take on The Week’s News

Police Department officer indicted on federal wire fraud and identity theft charges

London Stock Exchange and Morgan Stanley: Added to the list of financial services companies breached by cyber criminals

A woman in a child custody battle with her ex decided it might help if she had recordings of everything

Is that a RAT in your Mac, or have you just been pwnd?

Feb 15, 2011 – Episode 200

Posted in Conference Coverage, Legislation, Show Notes, The CyberJungle with tags , , , , on February 15, 2011 by datasecurityblog

Episode 200 of  The CyberJungle  is 27 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly- great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interview is about 8 minutes long and it starts at about the 18:25 mark.

To listen to Episode 200 via the flash player:

Interviews

Simple Physical Security – Without the “security system tax/fee.” We talk with Andrew Saldana with SecurityMan

Tales From The Dark Web

HBGary’s exposed for trying to counter-attack Wikileaks, security institute issues rare request related to counter-counter-attack

Our Take on The Week’s News

No man’s personal identity is safe while the legislature is in session

RSA Conference report: CipherCloud, businesses can encrypt data on popular cloud services like Salesforce.com

RSA Conference report: Invincea has a new technology that combines virtual machine browsers with behavior-based malware blocking.

RSA Conference report: Entersect from South Africa has a very interesting twist to 2-factor authentication.

Ira is at RSA San Francisco 2011. Ira will post reports in Conference Notes. Reports sponsored by LogLogic – The IT Data Management company. Meet Ira in the LogLogic booth #828 during Tuesday night’s RSA pub crawl and drink some Travis Smith’s 510 nano-brew, served fresh in the booth.

Feb 8, 2011 – Episode 199

Posted in Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on February 8, 2011 by datasecurityblog

Episode 199 of  The CyberJungle  is 27 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great or listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interview is about 8 minutes long and it starts at about the 17:30 mark.

To listen to Episode 199 via the flash player:

Interviews

Google Tracks You…We Don’t” – A new web site takes on Google, by NOT tracking you. We talk with Gabriel Weinberg of DuckDuckGo.com .

Tales From The Dark Web

Milwaukee has beer, San Jose has software, and Las Vegas has Casinos. In our Tales from the Dark Web segment, we tell you about a city where the #1 industry is CyberCrime.

Our Take on The Week’s News

Judge orders juror to reveal private Facebook postings in California criminal case

What NASDAQ is and isn’t saying about another high-profile cyber attack

Surge in Adobe PDF attacks impacting Windows, Mac and Linux users

Texas AG pushes for new anti-sexting law – but with a twist

Ira heads to RSA San Francisco 2011. Ira will post reports in Conference Notes. Reports sponsored by LogLogic – The IT Data Management company. Meet Ira in the LogLogic booth #828 during Tuesday night’s RSA pub crawl and drink some Travis Smith’s 510 nano-brew, served fresh in the booth.

Feb 1, 2011 – Episode 198

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Legislation, Podcast, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on February 1, 2011 by datasecurityblog

Episode 198 of  The CyberJungle  is 32 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 198 via the flash player:

Interviews

Hey, is that an SMS botnet in your pocket? Straight from Shmoocon 2011, Georgia Weidman tells how the most popular smartphone platforms can be silently seized by the bad guys. Major computer forensic repercussions? The CyberJungle has the first radio interview with Georgia Weidman following Shmoocon. Proof-of-concepts and slides from Shmoocon 2011. The interview starts at about the 20:20 mark.

Tales From The Dark Web

Last may, the Dow plummeted in seconds. Fat-finger error, or something more sinister?

Our Take on The Week’s News

Wired magazine in the UK has jolted some of its subscribers by sending them an issue with the most personal details about their lives on the cover.  Imagine pulling the mag out of your mailbox and there’s your name, along with comments about your latest ebay purchase, your divorce, your kids, and your new boss.

Data retention law does not help law enforcement fight crime, study reveals.

The backlash against smart meters is growing. Joining the privacy advocates and the anti-corporatists are those suffering from “electromagnetic sensitivity.”

The cost of non-compliance with security mandates can be more expensive than the cost of investing in security, says Ponemon Institute.

Slammed: An attempt to regulate computer forensics pros in the State of Virginia

Ira heads to RSA San Francisco 2011. Ira will post reports in Conference Notes. Reports sponsored by LogLogic – The IT Data Management company. Meet Ira in the LogLogic booth #828 during Tuesday night’s RSA pub crawl and drink some Travis Smith’s 510 nano-brew, served fresh in the booth. Ira mentioned the Cryto Adapter by hiddn in this segment.

January 18, 2011 – Episode 196

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Legislation, Podcast, Show Notes with tags , , , , , , on January 17, 2011 by datasecurityblog

Episode 196 of  The CyberJungle  is 30 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 196 via the flash player:

Interviews

Earlier this month, while we were strolling on the floor at CES in Las Vegas, we had a chance to chat with Tony Kainuma, the Director of Navigation and Detection products at  Cobra Electronic Corporation.  We discussed Cobra’s new smartphone app that watches for red light cameras, traffic congestion and cops with radar, and relays the information to all Cobra users who subscribe.

Tales From The Dark Web

Creepy stalker uses info from  Facebook to break into email accounts and steal stuff from women.

Our Take on This Week’s News

Silliest use of the Computer Fraud and Abuse Act? We (respectfully) disagree with law professor Orin Kerr, who says Sony’s lawyers should win this prize for this argument:  You’re guilty of felony computer hacking crimes if you access your own computer in a way that violates a contractual restriction found in the fine print of the licensing restriction of the product imposed by the manufacturer. We think the honor for dopiest use of the CFAA still belongs to the prosecutors of MySpace Mom Lori Drew.

Stuxnet news: The New York Times reports the Stuxnet worm was a joint project of the U.S. and Israel, engineered to destroy the uranium centrifuges that Iran uses in it’s nuclear weapons program. As a result of this worm, the Iranian nuke program has suffered serious set-backs. All without a shot being fired.

Federal judge supports Federal Government -  Says plaintiff  EPIC did not convince him that DHS should turn over 2,000 naked images from the airport body scanners.

A proposal in congress for a law that would clarify the rights of Americans returning home from abroad, only to have their  digital devices are seized by customs agents.  Our take – for the time being, consider the  U.S border a hostile zone for  business and personal data in your laptop or smart phone.


October 24, 2010 – Episode 183

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on October 23, 2010 by datasecurityblog

Episode 183:

This week’s regular episode of  The Cyberjungle  is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 183 via the flash player:

Interview

Joe Levy, Chief Technical Officer with  Solera Networks, stops by to discuss the Zeus Trojan variant that’s making its way around the IRS offices.  Joe’s  interview is 6 minutes long, and it begins about 25 minutes into Episode 183.

Tales from the Dark Web

If cybercrime were a disease, it would be a pandemic and the whole world would be sick. So says a report from Kroll and The Economist Intelligence Unit

Our Take on This Week’s News

School bus surveillance cams - School buses equipped with traffic cams.  It’s an experiment in a Maryland school district, where officials say the little darlings are in more danger as they alight from the bus than any other time, although no child in Maryland has ever been hit while alighting from a school bus.

Insurance companies view social networkers as burglary risks – Duh.  A survey by an insurance trade group indicates a significant number of Facebook and Twitter post their locations, and it’s worth considering whether to reflect this in their insurance rates.

And while we’re ragging on Facebook - Are gay users of Facebook being outed to advertisers for targeted product marketing? Duh again.

Ten oreos, two handfuls of fritos, a pint of Ben and Jerry’s - Are you aware that when you make use of web tools that allow you to keep track your personal behavior, that information could become discoverable in court? (Diet websites come to mind.)

Participants wanted- A new project to monitor BlackBerry traffic as it is sent from various countries. The results will help researchers and users understand what’s happening to the communications as RIM is pressured to cooperate with repressive governments.

More BlackBerry news -  The how and why of BlackBerry eavesdropping, and why it might not be what you think.

A new tool for good guys,- And bad guys, parents, employers, forensic investigators, and everyone who needs to keep tabs on someone.  ElcomSoft tool cracks web browser passwords.

CyberJungle FAQ

Shockwave Zero-day Attack In the Wild

Fake Microsoft Security Essentials Attack

Follow

Get every new post delivered to your Inbox.

Join 1,106 other followers