Episode 238 of The CyberJungle is about 21 minutes long. You can hear it by clicking on the flash player below. The first interview (with Sean Morrissey of Katana Forensics) begins at about 03min. The second interview (with Ryan Washington of AR-Forensics) begins at about 10min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.
To listen to Episode 238 via the flash player:
We break from our normal programming schedule. The CyberJungle went to the Paraben Forensics Innovator’s Conference last week. We have special extended coverage with Ryan Washington of AR-Forensics, on so-called “anti-forensics” techniques. And, Sean Morrissey, CEO of Katana Forensics gives us his take on Apple’s moves against a well-respected security researcher.
Episode 223 of The CyberJungle is about 31 minutes long. You may hear it by clicking on the flash player below. The interview begins at about 15min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show, including a direct link to our audio feeds.
To listen to Episode 223 via the flash player:
Interviews
Imperva CTO, Amichai Shulman on the web app attack preso you won’t see at BlackHat Las Vegas. As a part of their ongoing Hacker Intelligence Initiative, Imperva has compiled a Web Application Attack Report (WAAR) that gives a new insight into attacks against the top 30 web applications based on more than 10 million individual attacks over the last 6 months. WAAR outlines the frequency, type and geography of origin of each attack. Surprisingly a little known type of attack has become very common. Blog.Imperva.com was the link mentioned in the segment
Charlie Miller has changed his mind and he will now attend CanSecWest and the Pwn2Own contest. CyberJungle Radio just talked with Charlie Miller, the only three times in a row winner of the CanSecWest “hacker conference.” The CyberJungle broke the story last week that Charlie had decided to stay home this year, due to a disagreement over the contest rules. CyberJungle Radio is running an interview with Charlie Miller on Episode 203. Following the posting of that interview, Charlie Miller told CyberJungle Radio that he has changed course again, and he will now attend the conference. Although he still disagrees with the rules, for the good of the security community, he has decided to attend this week’s events in Vancouver, British Columbia. Charlie said that he did not speak with the conference organizer regarding his decision.
For the first time in years, Charlie Miller will not be attending CanSecWest, where he holds a record-breaking hat trick winning streak in the Pwn2Own vulnerability contest. Charlie Miller told CyberJungle Radio tonight that he is staying away due in part, to the winner-take-all, entrants picked at random, nature of the rules.
The Pwn2Own contest is a high-profile event that highlights the solitary work of security researchers that stare in front of code looking for vulnerabilities, or run fuzzing programs that try to find combinations of characters that spring open a previously-unpublished pathway further into a system. Successful contestants can win tens of thousands at Pwn2Own, and significant notoriety.
According to the contest rules, the first contest entrant to successfully breach IE, Firefox, Safari, Chrome browser, or a Google Android, Blackberry, or Windows 7 Phone wins $15,000 ($20,000 if Chrome is breaches). But there is the rub. The contestants don’t start at the same time. Each contestants are randomly chosen to determine their order in demonstrating their attack. Only the first contestant to breach one browser, and the first contestant to breach one phone wins one of the two cash prizes.
In previous years, there were just a handful of contestants, so the odds were pretty good for a skilled security researcher to get a crack at either a browser or phone platform. But with the success and popularity of the contest, a much larger number of contestant entered this year. So many entrants have entered this year, that Charlie Miller feels that luck will play a greater roll than skill, and others will win the contest before he can even get his hands on a keyboard. If by chance the entrants before Miller fail to breach a browser and a phone, Charlie told CyberJungle radio that a proxy contestant at the event will follow Miller’s instructions using successful attacks Miller has created.
CyberJungle Radio also spoke with CanSecWest spokesperson, Dragos. Dragos said that Charlie Miller’s complaints may have some validity. According to Dragos, it is probably too late to change the rules this year, but the rules may be changed next year due to the complaints highlighted by Mr. Miller.
We’ll have more on this story in the next episode of CyberJungle Radio.
You can hear episode 157 by clicking on the Flash player below, or if your device does not support Flash, you can visit our listening options page for other ways to receive the show. Episode 157 is one hour and 10 minutes long.
Interviews
Dr. Charlie Miller, Principal Analyst for Independent Security Evaluators, offers a preview of his DefCon presentation about cyberwarfare to be given in Las Vegas at the end of the month. “Kim Jong-il and Me.” (Yes he’s that Charlie Miller.) Charlie says he really didn’t feel qualified to address the topic of cyberwarfare when he was first asked, but then decided to treat the request as an opportunity to play a game in he pretended he was approached by a rogue government for the purpose of building a cyberarmy. What would it take? Hear Charlie’s interview about 23 minutes into episode 157.
Retraction
The CyberJungle mistakenly reported that it is not possible to turn off an Apple iPad and iPhone feature that reports the owner’s location to the Big A twice daily. We oversimplified this story and we got it wrong. We have been informed by our favorite Apple connoisseurs that it is possible to turn the feature off. We apologize for the misinformation. We have removed the segment from the podcast, so it won’t be heard again, and we will note in next week’s radio show that we were incorrect.
A consumer survey that measured for the first time customer satisfaction with social media sites reports that — are you sitting down? — people hate Facebook. It scored lower than the airlines and the cable companies, and even lower than the IRS.
A watchdog organization reports that White House Emails Show More Extensive Improper Contact With Google. The National Law and Policy Center posts links to its letter to the House Committee on Oversight and Government Reform, asking for an investigation of the relationship between Google and its former lobbyist who now occupies the top advisory position to president Obama on internet policy. There are also links to some of the emails, which seem to support the conclusion that Deputy Chief Technology Officer Andrew McLaughlin is helping to stack the policy deck in Google’s favor on a number of issues.
Get comfy on the patio with a cold brew and read this great story about a fake infosec chick who persuaded her social networking pals — mostly guys who know secrets related to national security — to forget themselves and reveal a lot of stuff they aren’t supposed to give up. To anyone. The girl — Robin Sage — was named after a military training exercise, which was just one of many clues that “screamed fake,” according to her creator, a security researcher whose ruse has demonstrated something we all knew. Only James Bond can flirt with an exotic hottie and not get burned.
GM suffers theft of hybrid technology worth an estimated $40million. Insider stole information by using a portable USB drive. Data allegedly sold to at least one Chinese auto maker, Chery.
Interviews: Peter Schlampp, VP of Marketing and New Products, from Solera Networks, who discussed a new approach to uncovering the source of attacks: network forensics. Stuart Staniford Chief Scientist from FireEye, who discussed research to help counter the attacks that bypass firewalls and antivirus. And world famous white-hat hacker Charlie Miller talks with us about Apple Security, how he won the CanSec West PWNtoOwn contest… and the security implications of Apple’s announcement about location-aware advertising, and multitasking on the iPhone OS 4 platform. Dr. Miller is also a researcher at Security Evaluators. The full show can be streamed with via the Flash player here:
Episode 126 is the su root version of The CyberJungle. It features only these three unedited versions of the interviews with these three men. We have also featured partial versions of the interview along with all the other regular content in the full version of the show. Listen via the Flash player here:
Computer Hacker Sentenced to 37 Months in Prison in Manhattan Federal Court for Scheme to Steal and Launder Money from Brokerage Accounts. This guy got three years for perpetrating something that sounds like the Zeus attack… in addition to credit card fraud and other counts. No wonder cybercrime is proliferating.
Phishing Attacks on Taxpayers Rise in the Weeks Leading up to April 15th IRS Tax Filing. Sonic wall offers an online quiz to test your phishing IQ. Ten questions. It’s actually harder than you think, but it’s fun. We recommend you give this quiz to employees, bosses, family… anyone who might benefit from learning the difference between legitimate email and a phishing attack.
KEYNOTER: Stuart Staniford, Chief Scientist with security firm FireEye has a long history in the intrusion detection field, starting in the research arena at UC Davis back in 1994. He was conducting a variety of research projects with government contractor Silicon Defense before joining FireEye.
WHERE: The Washoe County Regional Public Safety Training Center, 5190 Spectrum Blvd. Room 105, in Reno, Nevada.
WHEN: Thursday, April 15, 2010; 11:15am-1PM, includes lunch
DONATION: $10 for InfraGard members with advanced purchase before April 13th, 2010;
$15 at the door and for non-members.
To register for the Infragard lunch event, please follow this link
If you heard Ira Victor live on The John Sanchez Show (the live program that follows The CybeJungle on KKOH.com), Ira mentioned the web site to report phishing and other scams:
