May 16th 2013, Episode 301, Show Notes

Episode 301 of The CyberJungle is about 32 minutes long.  The interview with the Dr. Kerry Nemovicher on Washington State Court System Breach begins at about the 20min mark, following Tales from The Dark Web. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 301 via the flash player:

Download: thecyberjungle_301.mp38

Interview

Dr. Kerry Nemovicher on Washington State Court System Breach

Tales From The Dark Web

Anatomy of TheOnion Breach

Our Take On This Week’s News

OJ Hearing Focuses on Lack of Digital Forensics Experts

$45mil Bank Breach Could Land Banks and Processors in Civil Court

Adding Honeywords to Password Databases

Wrap

Saudi Telcom Seeks Mobile App Eavesdropping

Please support our sponsors, as they support The CyberJungle

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

May 7th 2013, Episode 300, Show Notes

Episode 300 of The CyberJungle is about 33 minutes long.  The interview with the Kurt Opsahl, Staff Attorney with EFF, on BitCoin Hijacking begins at about the 130min mark, following Tales from The Dark Web. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 300 via the flash player:

Download: thecyberjungle_300.mp38

Interview

Kurt Opsahl, Staff Attorney with The Electronic Frontier Foundation

Tales From The Dark Web

Rogue Employee Turns Gaming Network Into Private Bitcoin Mine

Learn more about protecting a BitCoin Key

Our Take On This Week’s News

Ultra-hackable Google Glass could be a security nightmare: Easy root access opens spyware floodgates

Saurak’s posting that drills down into Google Glass root forensics and security

Microsoft admits zero-day bug in IE8, pledges patch

Microsoft: IE9, 10 will never run on Windows XP

Use a Software Bug to Win Video Poker? That’s a Federal Hacking Case

Wrap

Worried about an unmanned plane looking into your window? This small detector could alert you when robot planes buzz past

Please support our sponsors, as they support The CyberJungle

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

March 7, 2011 – Episode 203

Episode 203 of  The CyberJungle is about 53 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.

To listen to Episode 203 via the flash player:

Interviews

Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.

Tales From The Dark Web

Exactly what is the “boy-in-the-browser attack?”

Our Take on The Week’s News

Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer

Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:

Via the flash player:

More mobile security news, Keeping Tabs on Android Smartphone Activity.

Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.

Wrap

OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test

Feb 1, 2011 – Episode 198

Episode 198 of  The CyberJungle  is 32 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 198 via the flash player:

Interviews

Hey, is that an SMS botnet in your pocket? Straight from Shmoocon 2011, Georgia Weidman tells how the most popular smartphone platforms can be silently seized by the bad guys. Major computer forensic repercussions? The CyberJungle has the first radio interview with Georgia Weidman following Shmoocon. Proof-of-concepts and slides from Shmoocon 2011. The interview starts at about the 20:20 mark.

Tales From The Dark Web

Last may, the Dow plummeted in seconds. Fat-finger error, or something more sinister?

Our Take on The Week’s News

Wired magazine in the UK has jolted some of its subscribers by sending them an issue with the most personal details about their lives on the cover.  Imagine pulling the mag out of your mailbox and there’s your name, along with comments about your latest ebay purchase, your divorce, your kids, and your new boss.

Data retention law does not help law enforcement fight crime, study reveals.

The backlash against smart meters is growing. Joining the privacy advocates and the anti-corporatists are those suffering from “electromagnetic sensitivity.”

The cost of non-compliance with security mandates can be more expensive than the cost of investing in security, says Ponemon Institute.

Slammed: An attempt to regulate computer forensics pros in the State of Virginia

Ira heads to RSA San Francisco 2011. Ira will post reports in Conference Notes. Reports sponsored by LogLogic – The IT Data Management company. Meet Ira in the LogLogic booth #828 during Tuesday night’s RSA pub crawl and drink some Travis Smith’s 510 nano-brew, served fresh in the booth. Ira mentioned the Cryto Adapter by hiddn in this segment.

January 25, 2011 – Episode 197

Episode 197 of  The CyberJungle  is 25 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 197 via the flash player:

Interviews

Ira talks with HP Security Evangelist, Rafel Los. Topic: Business Application Security, and a different way to weigh risk.

Tales From The Dark Web

Just because they are behind bars doesn’t mean your safe from members of the Dark Web.

Our Take on This Week’s News

Record a cop, go to jail – Two Chicago residents who recorded their interactions with the police are facing felony charges… one is in jail… and their cases are drawing attention to an eavesdropping law that may be obsolete in the age of smart phones with audio and video recording capabilities.

Before we had Facebook, we had yearbooks – At the end of each year of high school, we’d write messages by hand, with a pen, never expecting anyone except the book’s owner (and a select few friends) would see them. Now classmates dot com is buying up old yearbooks, and scanning and posting the contents, including our most private heartfelt messages. Read this account of describing one man’s yearbooks, bought at an auction of the contents of his mother’s basement, and the various personal messages from girls during his high school years… including a lengthy breakup letter from a serious relationship during his senior year.

In a potential windfall to attorneys that sue businesses that send out spam -  California Appeals court has ruled that businesses can be held strictly liable for actions done by their affiliates (and sub-affiliates).

Trapster Hacked – If you own a smarphone, you might be using the free app Trapster. Trapster alerts you when you are driving near speed traps and traffic cams, and other law enforcement hazards. Attackers may have stolen email addresses, passwords, and other data.

January 28, 2011 is Data Privacy Day. Privacy Projects, is the official sponsor of  Data Privacy Day.  The goal is to put additional pressure on companies and to gain a better understanding that everyone’s privacy is at stake.

 

Record a cop, go to jail - Two Chicago residents who recorded their interactions with the police are facing felony charges… one is in jail… and their cases are drawing attention to an eavesdropping law that may be obsolete in the age of smart phones with audio and video recording capabilites.

January 18, 2011 – Episode 196

Episode 196 of  The CyberJungle  is 30 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 196 via the flash player:

Interviews

Earlier this month, while we were strolling on the floor at CES in Las Vegas, we had a chance to chat with Tony Kainuma, the Director of Navigation and Detection products at  Cobra Electronic Corporation.  We discussed Cobra’s new smartphone app that watches for red light cameras, traffic congestion and cops with radar, and relays the information to all Cobra users who subscribe.

Tales From The Dark Web

Creepy stalker uses info from  Facebook to break into email accounts and steal stuff from women.

Our Take on This Week’s News

Silliest use of the Computer Fraud and Abuse Act? We (respectfully) disagree with law professor Orin Kerr, who says Sony’s lawyers should win this prize for this argument:  You’re guilty of felony computer hacking crimes if you access your own computer in a way that violates a contractual restriction found in the fine print of the licensing restriction of the product imposed by the manufacturer. We think the honor for dopiest use of the CFAA still belongs to the prosecutors of MySpace Mom Lori Drew.

Stuxnet news: The New York Times reports the Stuxnet worm was a joint project of the U.S. and Israel, engineered to destroy the uranium centrifuges that Iran uses in it’s nuclear weapons program. As a result of this worm, the Iranian nuke program has suffered serious set-backs. All without a shot being fired.

Federal judge supports Federal Government -  Says plaintiff  EPIC did not convince him that DHS should turn over 2,000 naked images from the airport body scanners.

A proposal in congress for a law that would clarify the rights of Americans returning home from abroad, only to have their  digital devices are seized by customs agents.  Our take – for the time being, consider the  U.S border a hostile zone for  business and personal data in your laptop or smart phone.

November 23, 2010 – Episode 188

Episode 188:

This week’s regular episode of  The Cyberjungle  is 40 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 188 via the flash player:

Interview

Interview with Kevin Ripa, a forensics expert with Computer Evidence Recovery, on the mis-handling of computer forensic data.. Recorded at The Paraben Forensic Innovator’s Conference in Park City Utah.

Our Take On This Week’s News

CCTVs, public schools, and forensic data: What should the due process rules be for the viewing and management of this type of forensic data? Read more here.

New layers of security for Adobe PDF users: Adobe launches a ‘sandboxed’ edition of it’s popular PDF reader: Reader X.  Invincea’s take on Reader X, and how it compares

Major security flaw (still) on over 90 million ATT wireless accounts: Easy disconnect for lost or stolen phones. ATT says the flaw is “fixed.” But is it?  What could go wrong? Maybe using the last four digits of someone’s Social Security Number is not really secure?

Tales from the Dark Web

Members of the Dark Web target common web-cams - Another reason for users to take security more seriously.

Wrap

National opt-out day at airports across the US.

November 16, 2010 – Episode 187

Episode 187:

This week’s regular episode of  The Cyberjungle  is 37 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 187 via the flash player:

Interview

Greg Kipper, Futurist with General Dynamics. Mr. Kipper and Ira Victor discuss the future of airport screen technologies. Recorded at The Paraben Forensic Innovator’s Conference in Park City Utah.

Tales from the Dark Web

Myth Busting Web Security Report: Websense releases a report on web threats. The report bust some of the most pervasive myths about how users can protect themselves from attacks by sticking to “safe” web sites.

Cybercrime and Security News

Flyer’s Rights Launches ‘ScannergGate’ Petition to Protest Use of Scanners and ‘Enhanced’ Pat Down - Find out more at Flyer’s Rights, and We Won’t Fly.

New Trojan Carrying Machine? From the NYTimes: “Google wants the next generation of Android phones to replace credit cards, Eric E. Schmidt, Google’s chief executive, said Monday at the Web 2.0 Summit in San Francisco.”

The CyberJungle went to The Paraben Forensic Innovations Conference, Nov 7-10th in Park City Utah. Get his report in Conference Notes. And follow Ira on Twitter for comments and nuggets of interest.

November 7, 2010 – Episode 186

Episode 186:

This week’s regular episode of  The Cyberjungle  is 27 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 186 via the flash player:

Interview

Kevin Johnson, web security expert with Secure Ideas, stops by to discuss the Firesheep WiFi sidejacking attack. Protect yourself from snoopers at Wi-Fi hotspots by using a free VPN service, like Anchorfree.com. Ira also recommends ForceTLS, and/or HTTPS Everywhere by the EFF.

Tales from the Dark Web

There’s a Hacker App for That: Critical security holes uncovered in bank and stock broker iPhone and Andriod Smartphone apps

Our Take on This Week’s News

Throwing Salt on A Data Breach Wound- Imagine this: Business has proprietary info potentially worth millions, stolen by an employee. Employee is caught, and during the court trial, the very proprietary info stolen could be revealed again in a public court trial.  Get the details, and a link to the case

Voters Reject Traffic Surveillance Systems- Voters across the country rejected government surveillance where ever their ballots presented the opportunity.

The CyberJungle goes to The Paraben Forensic Innovations Conference, Nov 7-10th in Park City Utah. Get our reports in Conference Notes. And follow Ira on Twitter for comments and nuggets of interest.

October 3, 2010- Episode 177

Episode 177:

This week’s regular episode of  The Cyberjungle  is 1 hour and 16 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 177 via the flash player:

Interview

Dr. Eric Cole is an instructor at the SANS Institute and a CTO with McAfee.  He discusses data security based upon actions, rather than just signatures of attacks.  Dr. Cole’s interview begins about 25 minutes into Episode 177.

Tales from the Dark Web

Restaurant Security Fails – $200,000 in fraudulent credit card charges made after a restaurant purchased a new PCI compliant point of sale system, but failed to take the other steps needed to secure the information. Many businesses are failing to secure their point of sale systems and other parts of their business. They run out of date software, insecure systems. Most small businesses still don’t think they are a target for cyber criminals.

Our Take on This Week’s News

Obama Administration seeks wiretap access through backdoors to all online communication channels. The effort would include a requirement for access to encrypted communications. The EFF points out this battle has already been won once.

Rat on your neighbor, part II – Meanwhile, Department of Homeland Security launches a suspicious activity report database.

Poor Tyler Clementi, the Rutgers student whose gay tryst was available to his roommate’s chat partners via webcam, has not yet been laid to rest, and a state lawmaker is seizing upon his suicide to get attention for herself. Thumbs way down to these vultures who climb upon the bones of dead teenagers to get publicity or to shill for legislation that would otherwise go nowhere. This is all too common.

Another episode of Databreach Theater – Courthouse News reports on a databreach case originating in a Kansas prison.  The Six Circuit Court apparently concluded that an act can be simultaneously “inadvertent” and “willful.”

Zeus arrests - Bank Account Takeover Attack gang members arrested in three countries. The Zues attacks nonetheless continue, with one of many variants now targeting mobile banking users.

Judge acquits speeding motorcyclist who used a helmet cam to record traffic antics and a traffic stop by an armed plain-clothes cop.

Stuxnet Update- The Saga Continues: Could this attack ‘inspire’ similar attacks? Was the attack targeting India rather than Iran? China has also had a taste of Stuxnet.

Bug Bounty -Should major cloud services/sites set up a bounty system for web app bugs?

CyberJungle FAQ:

Skip the Adobe PDF mess and download Foxitsoftware’s PDF reader

For easy, much more secure tool one can use for online banking, use Webconverger