Archive for the Report Security Flaws Category

August 1, 2011 – Episode 224

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on August 1, 2011 by datasecurityblog

Episode 224 of  The CyberJungle is about 40 minutes long this week, due to extended preview coverage of BlackHat, SecurityBSides, and DefCon.  You can hear it by clicking on the flash player below. The first interview begins at about 17min, and the second interview at about 27min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 224 via the flash player:

Interviews

Brian Kennish, Founder of Anti-Web tracking tool maker Disconnect, on tracking the web trackers

Tyler Shields of Vericode, Owning your MobilePhone at every layer

Our Take On This Week’s News

The GMail Man – watch the Office365 Official Video

US Appeals Court: Ok to Check DNS of Those Arrested, from the Pittsburgh Post-Gazette


Tales From The Dark Web

Three-fourths of all rootkits on decade-old OS, says antivirus firm. Hat tip: Computerworld story by Gregg Keizer

Conference Coverage

The CyberJungle goes to BlackHat, SecurityBSides and DefCon this week. Get the reports in Conference Notes. Send your questions for Tyler Shields of Vericode via The CyberJungle Contact Form.

July 25, 2011 – Episode 223

Posted in Court Cases, darkweb, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on July 25, 2011 by datasecurityblog

Episode 223 of  The CyberJungle is about 31 minutes long.  You may hear it by clicking on the flash player below. The interview begins at about 15min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show, including a direct link to our audio feeds.

To listen to Episode 223 via the flash player:

Interviews

Imperva CTO, Amichai Shulman on the web app attack preso you won’t see at BlackHat Las Vegas.  As a part of their ongoing Hacker Intelligence Initiative, Imperva has compiled a Web Application Attack Report (WAAR) that gives a new insight into attacks against the top 30 web applications based on more than 10 million individual attacks over the last 6 months.  WAAR outlines the frequency, type and geography of origin of each attack.  Surprisingly a little known type of attack has become very common. Blog.Imperva.com was the link mentioned in the segment

Our Take On This Week’s News

The CyberJungle Radio’s take on this Las Vegas Review Journal news story: Providing Wi-Fi as a perk has a price for businesses

Mac battery cyberflaw exposes explosive risk?

Wrap

No Soup For You! No over the air updates for jailbroken iOS5 powered devices, according to the ZDNet posting


Conference Coverage

The CyberJungle goes to BlackHat Las Vegas and DefCon19  week. Get the reports in Conference Notes starting the middle of next week.

July 19, 2011 – Episode 222

Posted in Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on July 18, 2011 by datasecurityblog

Episode 222 of  The CyberJungle is about 35 minutes long, the interview starts at ~16:00 minutes.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 222 via the flash player:

Interview

What role does social engineering play in APT? We talk with Gretchen Hellman of Vormetric.

Our Take On This Week’s News

Microsoft Internet Explorer 8, 9, beats Firefox, Chrome and Safari in crucial web protection? Read the complete NSSLabs Report

Smashing hard drive leads to conviction for obstruction under SOX

Tales From the Dark Web

Crowd-sourcing the reporting of webmail hijacks

July 11, 2011 – Episode 221

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , on July 10, 2011 by datasecurityblog

Episode 221 of  The CyberJungle is about 26 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. The  interview starts at about 14:00 into the show. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 221 via the flash player:

Interview

T-Mobile USA’s CISO, Bill Boni, has a different approach to fighting cybercriminals: Use the techniques he learned while working in US Counter Intelligence. Bill Boni is the author of this book mentioned in the interview –  Netspionage: The Global Threat to Information

Our Take On This Week’s News

Hewlett Packard’s Laptop Lock Takes Only Seconds To Crack. Read the story, and see the video, in Marc Weber Tobias’ Forbes Column, TravelGeek.

Prosecutors Demanding Encryption Keys a Violation of The 5th Amendment?  EFF Urges Court to Uphold Privilege Against Self-Incrimination

Tales From The Dark Web

Android malware spies on your SMS messages – but is it part of the Zeus family?

Wrap

Picking the Lock of Google’s Local Search

June 27, 2011 – Episode 219

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Interview Only Edition, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on June 27, 2011 by datasecurityblog

Episode 219 of  The CyberJungle is about 55 minutes long, due to extended coverage from The Gartner Security Summit 2011.  You can hear it by clicking on the flash player below. The first interview begins at about 19min, and the second interview at about 40min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 219 via the flash player:

Interviews

John Bace, Gartner, Congress just put a bounty on your boss; how one whistleblower earned $90million

Debra Logan, Gartner, on why a judge slapped a million dollar eDiscovery-related fine on a careless company

Our Take On This Week’s News

The IRS fails a security audit (again)

Does the TSA care about your tablet getting stolen at a checkpoint?

Tales From The Dark Web

Department of Justice Disrupts International Cyber Crime Rings Distributing Scareware

Wrap

The end of the supermarket club card?


Conference Coverage

The CyberJungle went to the 2011 Gartner Security Summit this week. Get the reports in Conference Notes.

June 19, 2011 – Episode 218

Posted in Court Cases, criminal forensics, ediscovery, Interview Only Edition, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on June 19, 2011 by datasecurityblog

Episode 218 of  The CyberJungle is about 35 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 218 via the flash player:

Interviews

InfoSec researcher Casey Halverson discovers an unusual tracking “feature” in his Nissan Leaf. Details on his blog.

Marc Maiffret, CTO of eEye Digital on how the simple cyberattacks distract us from the more serious ones . Read Marc’s Blog

Casey’s interview starts at about 08:30 into the show, and Marc’s interview starts about 20:00 into the show.

Our Take On This Week’s News

Remote PC tracking software strikes again. Remember the Lower Marion School District?  A retailer is in similar trouble for snapping remote images of PC users.

Conference Coverage

The CyberJungle goes to the 2011 Gartner Security Summit this week. Get the reports in Conference Notes, starting Tuesday June 21st. And follow (or just read) Ira on Twitter for comments and nuggets of interest from the show.

June 6, 2011 – Episode 216

Posted in Breach, criminal forensics, darkweb, eMail Security, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , on June 6, 2011 by datasecurityblog

Episode 216 of  The CyberJungle is about 35 minutes long.  You can hear it by clicking on the flash player below.  The first interview starts at ~16min, and the second one starts at about ~28min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 14:30 mark.

To listen to Episode 216 via the flash player:

Interviews

Stina Ehrensvärd, CEO & Founder of Yubico on the wave of RSASecureID-related breaches. Yubico Radius open source server.

Jeff Hudson CEO of Venafi, with his take on the wave of RSASecureID-related breaches

Our Take on The Week’s News

The wave of server breaches spread: Track many of them on Pastebin.com’s trending page. Plus read this story for background on PasteBin.com

Tales from the Dark Web

Worm uses built-in DHCP server to spread

May 16, 2011 – Episode 213

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Report Security Flaws, Show Notes, The CyberJungle with tags , , , , , on May 15, 2011 by datasecurityblog

Episode 212 of  The CyberJungle is about 38 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The first interview start at about the 9min mark lasts about 11min. The second interview starts at about the 25min mark, and it’s about 12 minutes long.

To listen to Episode 212 via the flash player:

Interviews

Scott Cleland, author of  Search and Destroy, Why You Can’t Trust Google Inc.  And for the other links mentioned in the interview, look on the right column here.

Alyn Hockey, Director of Product Management at security firm Clearswift. Here is their blog.

Our Take on The Week’s News

PCI Compliance Risks for Small Merchants and where they are failing: Excellent summary, with actionable information, from Brian Pennington’s blog about IT security and compliance.

Additional Information Mentioned On The Show

TechEd Atlanta 2011:  Large Microsoft technical conference

CEIC Forensics Conference: Digital Investigations Show, Orlando, Florida

AccessData 2011 Las VegasDigital Forensics Conference

May 9, 2011 – Episode 212

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Report Security Flaws, Show Notes, The CyberJungle, web server security with tags , , , , , , on May 8, 2011 by datasecurityblog

Episode 212 of  The CyberJungle is about 35 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:34 mark.

To listen to Episode 212 via the flash player:

Interview

What went wrong at Sony? Well, it was more than a technical failure. Maybe management shrugged their shoulders at information security. We talk with Marc Maiffret, the co-founder of E-eye Digital SecurityMarc mentioned: blog.eeye.com and forums.eeye.com in this segment.

Our Take on The Week’s News

Ponemon Study: Most cloud service providers admit to not protecting data on their networks

Law Enforcement child porn raids and locking down WiFi networks

Tales from the Dark Web

Attention Mac Users: You are now a target for a new wave of Mac rogue/fake anti-virus 

Attention Mac Users: Skype vulnerability can hit 5.x users. Update just released by Skype.

Wrap

Ira heads to AccessData Forensics Conference next week (Monday May 16). Look for news in The CyberJungle Conference Notes. And Tweets for small items of interest from the conference.

May 1, 2011 – Episode 211

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Report Security Flaws, Show Notes, The CyberJungle, web server security with tags , , , , on May 1, 2011 by datasecurityblog

Episode 211 of  The CyberJungle is about 35 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 14:30 mark.

To listen to Episode 211 via the flash player:

Interview

Vladimir Katalov, CEO of Elcomsoft: ElcomSoft Discovers Vulnerability in Nikon’s Image Authentication System. Here are some sample faked photos that Elcomsoft claims could be “authenticated” as real. Vladimir Katalov’s blog posting on this discovery.  Elcomsoft’s main web site.

Our Take on The Week’s News

Sony sued for PlayStation Network data breach: This is probably one of many suits related to the SonyPSN breach.

ThreatMatrix and the Ponemon Institute have released the findings of their joint study on Consumers and their awareness and appreciation of online fraud. Hat tip: Brian Pennington

Tales from the Dark Web

Zeus Trojan adds investment fraud to its bag of tricks

Wrap

Verizon says it will put location warning labels on mobiles

Follow

Get every new post delivered to your Inbox.

Join 1,106 other followers