Archive for DefCon

Sept 7th 2013, Episode 314, Show Notes

Posted in Business Continuity, Conference Coverage, Exclusive, Interview Only Edition, Podcast, Show Notes, The CyberJungle with tags , , , , on September 6, 2013 by datasecurityblog

Episode 314 of The CyberJungle is about 26 minutes long.  We break again from our normal format this week, to bring you content from Black Hat 2013 in Las Vegas and DefCon21 in Las Vegas. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 314 via the flash player:


Interviews

Dave Porcello Founder of PwnieExpress. Here is a link to their blog.

Sergei Belokamen of Bugcrowd.

Brian Lowe of Unknown.com, here is a link to their content on their site covered in the segment.

Tales From The Dark Web and Our Take on This Week’s News

On a break due to content from BlackHat and DefCon 2013 in Las Vegas

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

Aug 8th 2013, Episode 311, Show Notes

Posted in Conference Coverage, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on July 30, 2013 by datasecurityblog

Episode 311 of The CyberJungle is about 31 minutes long.  We break with our normal format to bring you two digital newsmaker segments from the floor of DefCon21 and BSides Las Vegas. Craig Young’s segment begins at the top of the program, Joe Kovacic’s segment at about 17:30min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 311 via the flash player:


Interviews

Craig Young, Tripwire researcher on critical GoogleAppsGmailAndroid logic flaw. Follow Craig Young on Twitter

Joe Kovacic, itsosafe, on vulnerabilities in Application Whitelisting.  YouTube link mentioned in the segment

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

December 10 2012, Episode 285, Show Notes

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on December 12, 2012 by datasecurityblog

Episode 285 of The CyberJungle is about 30 minutes long.  You can hear it by clicking on the flash player below. The interview with Tom Scholtz from Gartner, begins at about the 13min mark.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 285 via the flash player:


Interview

Gartner Expert Tom Scholtz on greater security through fewer controls

Mentioned in the interview: Hans Monderman (1945 – 2008), a Dutch traffic engineer.

Tales From The Dark Web

Rolling Stone – The Rise and Fall of Jeremy Hammond: Enemy of the State

The Verge Summary of the Rolling Stones story

A rare moment in DefCon history (from 2004): A speaker named Jeremy Hammond gets his talk pulled by “The Pope” of DefCon. Is this the same Jeremy Hammond?

Our Take on This Weeks News

From ABC News: Calif. Sues Delta Airlines Over Mobile App Privacy

From FoxNews:  Hack the Hackers? Companies Itching To Go On Cyber Offense

 

August 9 2012, Episode 268, Show Notes

Posted in Breach, Conference Coverage, Exclusive, Show Notes, Vulnerabilities with tags , , , , , , on August 9, 2012 by datasecurityblog

Episode 268 of The CyberJungle is about 49 minutes long.  You can hear it by clicking on the flash player below. The interview with Kevin Mitnick begins at about 6:30min.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 268 via the flash player:


Interview

Kevin Mitnick is an American computer security consultant, author, convicted criminal, and old school hacker.

Tales From The Dark Web

Still on a break. Word is that Tales From The Dark Web drank a bit much at DefCon parties, and has one heck of a hangover.

Our Take on This Weeks News

Cybercriminals destroy a reporters digital life

July 24, 2012, Episode 266, Show Notes

Posted in Breach, Conference Coverage, darkweb, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on July 24, 2012 by datasecurityblog

Episode 266 of The CyberJungle is about 29 minutes long.  You can hear it by clicking on the flash player below. The interview with Josh Sokol on “Symbiotic Security,” begins at about 16min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 266 via the flash player:


Interview

Exclusive: From SecurityBSidesLV, Josh Sokol on “Symbiotic Security”

Tales From The Dark Web

Tales From The Dark Web: Gaming Site Breach Reveals Attacker Tactics

Our Take on This Weeks News

Warning to HR Departments Using SocialMedia

ASLR in Android to Help Thwart Malware

Easy Attack on Hotel Door Locks

Wrap

Follow Ira Victor on Twitter for updates from BlackHat, SecurityBSides, and DefCon. As news warrants, content may appear in CyberJungle Conference Notes.

October 7, 2011 – Episode 237

Posted in Breach, Conference Coverage, Interview Only Edition, Show Notes, The CyberJungle with tags , on November 6, 2011 by datasecurityblog

Episode 237  of  The CyberJungle is about 36 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you  may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 237 via the flash player:


We break with our normal programming schedule. With the release of the DefCon Social Engineering Report, we have special extended coverage with Chris Hadnagy of Social-Engineer.com.

Here is the link to the DefCon Social Engineering Report mentioned in this segment. 

August 15, 2011 – Episode 225

Posted in Breach, Conference Coverage, criminal forensics, darkweb, ediscovery, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on August 14, 2011 by datasecurityblog

Episode 225 of  The CyberJungle is about 32 minutes long.  You can hear it by clicking on the flash player below. The interview begins at about 23min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 225 via the flash player:


Interviews

Cracking iPhone/iPad encryption;  Andrey Belenko the developer of a new iOS encryption cracking tool by ElcomSoft

Our Take On This Week’s News

A Bay Area Rapid Transit (Bart) Site Attacked by Anonymous,  thousands of rider email addresses and passwords exposed.

Unmanned areal vehicle boom? Two takes:

Open source edition: The Quadshot is a new kind of remote-control aircraft. It melds advanced open-source hardware, software and a unique airframe to provide the best parts of flying quadrocopters and airplanes. I saw the Quadshot while in the hallways of DefCon19. The creators claim it can be equipped with surveillance cameras. The next frontier in digital forensics? Quadshot is a Kickstart project, and the creators are looking to raise $25,000. Donors get the device once the funds are raised. See the link to the Kickstarter project, and all the details on the FlyQuadShot site. Download a conversation with Peter, one of the creators of Quadshot, recorded at DefCon19.

To listen to the interview with Peter, one of the creators of Quadshot, via the flash player:


Closed source edition:  Lockheed’s Maple Seed “Drone”

Read More: Will Drones Save Privacy Law? by of ConcurringOpinions.com

Tales From The Dark Web

Anonymous creating more sophisticated DoS tools: New hacking tools being developed to attack websites

Wrap

Apple Releases Full Page Welcome to IBM 30 Years Ago Yesterday

Las Vegas Hotel Point of Sale System Repeatedly “Hacked?” Read Samantha Stone’s DefCon story in the Las Vegas Review Journal

August 1, 2011 – Episode 224

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on August 1, 2011 by datasecurityblog

Episode 224 of  The CyberJungle is about 40 minutes long this week, due to extended preview coverage of BlackHat, SecurityBSides, and DefCon.  You can hear it by clicking on the flash player below. The first interview begins at about 17min, and the second interview at about 27min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 224 via the flash player:


Interviews

Brian Kennish, Founder of Anti-Web tracking tool maker Disconnect, on tracking the web trackers

Tyler Shields of Vericode, Owning your MobilePhone at every layer

Our Take On This Week’s News

The GMail Man – watch the Office365 Official Video

US Appeals Court: Ok to Check DNS of Those Arrested, from the Pittsburgh Post-Gazette


Tales From The Dark Web

Three-fourths of all rootkits on decade-old OS, says antivirus firm. Hat tip: Computerworld story by Gregg Keizer

Conference Coverage

The CyberJungle goes to BlackHat, SecurityBSides and DefCon this week. Get the reports in Conference Notes. Send your questions for Tyler Shields of Vericode via The CyberJungle Contact Form.

July 25, 2011 – Episode 223

Posted in Court Cases, darkweb, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on July 25, 2011 by datasecurityblog

Episode 223 of  The CyberJungle is about 31 minutes long.  You may hear it by clicking on the flash player below. The interview begins at about 15min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show, including a direct link to our audio feeds.

To listen to Episode 223 via the flash player:


Interviews

Imperva CTO, Amichai Shulman on the web app attack preso you won’t see at BlackHat Las Vegas.  As a part of their ongoing Hacker Intelligence Initiative, Imperva has compiled a Web Application Attack Report (WAAR) that gives a new insight into attacks against the top 30 web applications based on more than 10 million individual attacks over the last 6 months.  WAAR outlines the frequency, type and geography of origin of each attack.  Surprisingly a little known type of attack has become very common. Blog.Imperva.com was the link mentioned in the segment

Our Take On This Week’s News

The CyberJungle Radio’s take on this Las Vegas Review Journal news story: Providing Wi-Fi as a perk has a price for businesses

Mac battery cyberflaw exposes explosive risk?

Wrap

No Soup For You! No over the air updates for jailbroken iOS5 powered devices, according to the ZDNet posting


Conference Coverage

The CyberJungle goes to BlackHat Las Vegas and DefCon19  week. Get the reports in Conference Notes starting the middle of next week.

September 19, 2010 – Episode 173

Posted in Breach, Court Cases, criminal forensics, darkweb with tags , , , , on September 18, 2010 by datasecurityblog

Episode 173:

This week’s regular episode of  The Cyberjungle  is 1 hour and 13 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 173 via the flash player:


Interview

Chris Hadnagy from Social-Engineer.org, which organized a social engineering contest at this year’s DefCon conference.  The contestants assumed made-up identities, and placed phone calls to 15 major American companies. Objective: cajole as much information as possible about company operations out of the employee on the other end of the phone. (The info would be of value to bad guys trying to cook up an attack.) Social-Engineer released its report this week on the results of the exercise. Our interview with Chris starts about 23 minutes into episode 173.  The interview is 7 minutes long.

Tales from the Dark Web

If you enjoy the occasional online porn adventure, heed this:  a trojan that monitors what you’re watching, then blackmails you.  “Pay us or we’ll tell the world what you’re watching.”

Ira’s recommendation: Change your computer to dual-boot with Linux as the other operating system. I like LinuxMint, VectorLinux, and (fav) PeppermintIce. These systems are best for web surfing, email, and word processing.

Our Take on This Week’s News

Texting money to politicians: Ready to text your political campaign donations? Politico reports on the legal issues surrounding campaign finance compliance. But says nothing about the security issues related to sending money via SMS.

Has Google’s HR department ever heard of a psychological profile? Google Engineer Repeatedly Accessed Customer data, Spied on Communications

Is the guy  in the next booth packing heat? Before you leave for dinner, check this website, launched last week in response to a new Tennessee law that allows permit holders to carry their firearms into bars and restaurants. The site indicates two categories of dining establishments –- those who allow guns and those who don’t.

Facebook alternative apparently has some security holes: What if you could have the convenience of Facebook, but strong privacy and security? That was the idea behind Diaspora. Some college students from NYU came up with the idea,  and posted the project on a web site where people can donate money to support new start-up business ideas. The students thought they needed $10k to build the code. They were written up in a New York Times story, and they raised nearly a quarter million dollars. Well, the very, very first version of the code is out, and the privacy and security experts are weighing in with harsh criticism.

SF law enforcement formula — treat the citizens like criminals: San Francisco mayor has ordered the cops to beef up security at nightclubs in the city, to prevent violence like the recent spate of shootings that included the killing of a German tourist near a comedy club. Cops want more cameras, metal detectors, police patrols paid by club owners, and ID scanners to capture the drivers license info from customers… which will be stored for 15 days.

New tool from Google:  Alerts to let you know if your web site is hijacked. Read more in a blog posting by Kelvin Newman at Site Visibility.

The Ninth Circuit lets the air out of its own ruling: An earlier ruling issued guidelines  for law enforcement to follow during searches of computers by law enforcements. The feds said the guidelines were “complicating” prosecutions, so the court overturned itself… sort of.  Read this. It’s not trivial.

The cost of free entertainment: Internet services and sites that offer free ring tones, movies, and other entertainment content, have a higher probability of delivering malware to your computer, according to a new report by Mack-ah-fee.

CyberJungle FAQ: Ira Mentioned HauteSecure, but their tool is now throwing errors. He will research alternatives and report back in a future episode of The CyberJungle.

Follow

Get every new post delivered to your Inbox.

Join 1,064 other followers