Archive for the web server security Category

Apr 30 2014, Episode 336, Show Notes

Posted in Breach, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on April 30, 2014 by datasecurityblog

Episode 336 of The CyberJungle is about 30 minutes long You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 336 via the flash player:

Interview

SecureAuth’s Garret Grajeck on Enterprise 2FA . Garret’s blog postings.

Our Take on This Week’s NewsHeartbleed flaw hits Chrome and Android users

Heartbleed flaw hits Chrome and Android users

NSA weaponizing 0days

Blackphone gets good initial response

Welcome aboard ISACA members

 

Tales from The Dark Web

MISE 0Day mitigated by firewall rule? Read background on the flaw here.

Wrap

The Wrap is on a break this week

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

——————————————————————————-

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level.

ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

 

Apr 20 2014, Episode 335, Show Notes

Posted in Breach, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , on April 21, 2014 by datasecurityblog

Episode 335 of The CyberJungle is about 28 minutes long, and the interview starts at about 15:30min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 335 via the flash player:

Interview

Nimmy Reichenberg on the AlgoSec Report- The State of Network Security 2014: Attitudes and Opinions

Our Take on This Week’s News

Healthcare.gov users exposed to Heartbleed

Netcraft releases Heartbleed indicator for Chrome, Firefox, and Opera

Tales from The Dark Web

Attackers Exploit the Heartbleed OpenSSL Vulnerability to Circumvent Multi-factor Authentication on VPNs

Wrap

OpenSSL bug hunt: Find NEXT Heartbleed, earn $$$

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

——————————————————————————-

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level.

ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

 

Apr 14 2014, Episode 334, Show Notes

Posted in Breach, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , on April 13, 2014 by datasecurityblog

Episode 334 of The CyberJungle is about 42 minutes long.  This su root edition focuses on Heartbleed, with Dr. Kerry Nemovicher, cryptographer. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 334 via the flash player:

su root edition on the Heartbleed flaw

Dr. Kerry Nemovicher, cryptographer. You can email Dr. Kerry by “decoding” this email address: kerry [insert the at symbol here] c-kerry.com

Testing for “reverse” Heartbleed

Please support our sponsors, as they support The CyberJungle

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

The leading provider of software solutions for extracting meaningful intelligence from multilingual text

———————————————————————————————————————————————————-

ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Apr 1 2014, Episode 333, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on March 31, 2014 by datasecurityblog

Episode 333 of The CyberJungle is about 37 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 333 via the flash player:

Tales from The Dark Web

Did Russians frame Ukrainian hacktivists for alleged leak of 7 million credit, debit cards?

Hey, Glasshole: That cool app? It has turned you into a SPY DRONE

Our Take on This Week’s News

Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information

Capital Hill hearing: Online Data Security Breaches, take special notice at 20, and 40min into the video

N.S.A. Breached Huawei Servers

How a Chinese Tech Firm Became the NSA’s Surveillance Nightmare

 

Please support our sponsors, as they support The CyberJungle

OUR SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Jan 30 2014, Episode 327, Show Notes

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , on January 29, 2014 by datasecurityblog

Episode 327 of The CyberJungle is about 41 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 327 via the flash player:

Interview

Billy Rios, Director of Vulnerability Research and Threat Intelligence for Qualys. Here is the link mentioned in the segment.

Tales From The Dark Web

Major security holes found in 90% of top mobile banking apps 

Russian SpyEye author pleads guilty to starting malware onslaught

Our Take on This Week’s News

Gmail bug means users may have accidentally deleted mail, says Google

How Google Calendar can be a spammer’s best friend

Altcoins will DESTROY the IT industry and spawn an infosec NIGHTMARE

 

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Oct 23 2013, Episode 318, Show Notes

Posted in Breach, Conference Coverage, darkweb, Exclusive, Podcast, Show Notes, The CyberJungle, web server security with tags , , , , , on October 23, 2013 by datasecurityblog

Episode 318 of The CyberJungle is about 30 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 318 via the flash player:

Interviews

Fast and Furious Forensics with Rob Schroeder of Paraben 

Our Take on This Week’s News

Huawei calls for security standards; What not ISO27k?

NSA Accessed Mexican President’s Email

Law Enforcement recognizing citizen privacy in tech age

Tales From The Dark Web

PR services targeted

Wrap

Musk. Elon Musk.

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases:

* Excellent disk imaging speed up to 180 MB/s

* Checksum calculation: MD5, SHA (1, 224, 256, 384, 512)

* Forensic data erasure methods including DoD 5220.22-M, Security Erase, NIST 800-88, Pattern Erase

* Case management system

* ATA Password removal

* File recovery for NTFS (all versions), Ext 2/3/4, HFS, HFS+, HFSX, ExFAT, FAT16, FAT32

* High performance of the multi-pass imaging for damaged drives

* Authentic Atola HDD diagnostics that creates a detailed report in minutes.

Find out more at Atola.com

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

June 4th 2013, Episode 303, Show Notes

Posted in Breach, Conference Coverage, darkweb, eMail Security, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , on June 3, 2013 by datasecurityblog

Episode 303 of The CyberJungle is about 41 minutes long.  The interview with the Kevin Fiscus begins at about the 24min mark, following Tales from The Dark Web. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 303 via the flash player: http://dataclonelabs.com/security_talkworkshop/thecyberjungle_303.mp38

Interview

Links mentioned  in the interview with Kevin Fiscus, SANS Institute Instructor, and principal with Cyber Defense Advisors

Tales From The Dark Web

Oracle Tackles Java Security Holes

Our Take On This Week’s News

BT has dumped Yahoo! as email provider to its six million broadband customers following months of customer complaints over breaches

Beginning the week of June 3, 2013, older versions of Yahoo! Mail (including Yahoo! Mail Classic) will no longer be available

Yahoo Shuts Down Mail Classic, Forces Switch To New Version That Scans Your Emails

StartMail, the private email service being developed by StartPage

Evernote Adds Basic Two-Factor Authentication, Other Security Features After Hack Attempt

Wrap

Seat of Power: the computer workstation for the person with everything

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

SpectorSoft

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

May 28th 2013, Episode 302, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on May 28, 2013 by datasecurityblog

Episode 302 of The CyberJungle is about 38 minutes long.  The interview with the Dr. Eric Cole, SANS Fellow begins at about the 20min mark, following Tales from The Dark Web. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 303 via the flash player: http://dataclonelabs.com/security_talkworkshop/thecyberjungle_302.mp38

Interview

Links mentioned  in the interview with Dr. Eric Cole; Author, Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization; and SecureAnchor

Tales From The Dark Web

Security lapse discovered by reporters exposes data

Our Take On This Week’s News

Iran fingered for attacks on US power firms; Syrian group tried to disrupt Haifa water system

Clearwire limiting Huawei footprint

Experts give their take on Twitter’s 2FA

Wrap

Corporate Security’s Weak Link: Click-Happy CEOs [subscription required]

 

Please support our sponsors, as they support The CyberJungle

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

SpectorSoft

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

May 16th 2013, Episode 301, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on May 15, 2013 by datasecurityblog

Episode 301 of The CyberJungle is about 32 minutes long.  The interview with the Dr. Kerry Nemovicher on Washington State Court System Breach begins at about the 20min mark, following Tales from The Dark Web. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 301 via the flash player: http://dataclonelabs.com/security_talkworkshop/thecyberjungle_301.mp38

Interview

Dr. Kerry Nemovicher on Washington State Court System Breach

Tales From The Dark Web

Anatomy of TheOnion Breach

Our Take On This Week’s News

OJ Hearing Focuses on Lack of Digital Forensics Experts

$45mil Bank Breach Could Land Banks and Processors in Civil Court

Adding Honeywords to Password Databases

Wrap

Saudi Telcom Seeks Mobile App Eavesdropping

Please support our sponsors, as they support The CyberJungle

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

SpectorSoft

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

May 7th 2013, Episode 300, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on May 7, 2013 by datasecurityblog

Episode 300 of The CyberJungle is about 33 minutes long.  The interview with the Kurt Opsahl, Staff Attorney with EFF, on BitCoin Hijacking begins at about the 130min mark, following Tales from The Dark Web. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 300 via the flash player: http://dataclonelabs.com/security_talkworkshop/thecyberjungle_300.mp38

Interview

Kurt Opsahl, Staff Attorney with The Electronic Frontier Foundation

Tales From The Dark Web

Rogue Employee Turns Gaming Network Into Private Bitcoin Mine

Learn more about protecting a BitCoin Key

Our Take On This Week’s News

Ultra-hackable Google Glass could be a security nightmare: Easy root access opens spyware floodgates

Saurak’s posting that drills down into Google Glass root forensics and security

Microsoft admits zero-day bug in IE8, pledges patch

Microsoft: IE9, 10 will never run on Windows XP

Use a Software Bug to Win Video Poker? That’s a Federal Hacking Case

Wrap

Worried about an unmanned plane looking into your window? This small detector could alert you when robot planes buzz past

Please support our sponsors, as they support The CyberJungle

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

SpectorSoft

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

Follow

Get every new post delivered to your Inbox.

Join 1,106 other followers