Archive for Drive-by download

November 15 2012, Episode 281, Show Notes

Posted in Breach, Conference Coverage, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , on November 15, 2012 by datasecurityblog

Episode 281 of The CyberJungle is about 30 minutes long.  You can hear it by clicking on the flash player below. The interview with Conrad Constantine of Alien Vault, begins at about the 19min mark.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 281 via the flash player:


Interview

Gregory Kipper, Futurist and Author

Tales From The Dark Web

Drive-by Downloads targeting un-patched IE and Word users.

Our Take on This Weeks News

Ira’s take CIA Director Petraeus scandal

The U.S.-China Economic and Security Review Commission has released its 2012 Annual Report to Congress.

“This year’s report covers recent developments in the U.S.-China trade and economic relationship; the role of state-owned enterprises in China, the U.S.-China trade and investment relationship, recent developments in China’s military, China’s cyber capabilities, developments in China’s nuclear and strategic abilities, China in the South China Sea, Taiwan, Hong Kong, China in Europe, China’s demand and control of global resources, China’s efforts to become a more innovative society, and the Chinese political transition.”

Wrap

Ira’s take on tracking John McAffe

March 21, 2011 – Episode 205

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, The CyberJungle, Vulnerabilities, web server security with tags , , , , on March 20, 2011 by datasecurityblog

Episode 205 of  The CyberJungle is about 43 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.

To listen to Episode 205 via the flash player:


Interview

Interview: Peter Schlampp, VP Product Management, Solara Networks on the RSA SecureID breach and network forensics

Our Take on The Week’s News

Web browser anti-tracking: Read, “Do not track tools push firms to crossroad,” by James Temple in the SF Gate.

RSA SecureID breach: An Analytical Brief by NSS Labs

Does transparency webapp threaten citizen data when authenticating users? Read “Big Brother Has Been Watching

Civil court action used to take down evil botnet: Read “With Rustock, a New Twist on Fighting Internet Crime” by IDG’s Robert McMillan. CORRECTION: FireEye worked on this takedown, not eEye, as stated by Ira.

Ghostery allows you to block scripts from companies that you don’t trust, delete local shared objects, and even block images and iframes. Ghostery.com.

BetterPrivacy is a Firefox plug-in which protects from usually not deletable LSOs.

Tales from the Dark Web: What do you get when you stir up a pot full of natural disasters, social media alerts, Java exploits and rogue anti-virus? Read the M86 analysis.

Wrap

Supreme Court To Hear Arguments in ID Search Case: The case concerns an unlawful police stop. Defendant asserts that police had no basis for pulling his car over and then running his license.  EPIC’s amicus brief.

March 14, 2011 – Episode 204

Posted in Breach, criminal forensics, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on March 13, 2011 by datasecurityblog

Episode 204 of  The CyberJungle is about 39 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.

To listen to Episode 204 via the flash player:


Interview

Interview: Trevor Dietrich, VP and Co-Founder of Bayalink Solutions, on a virtulization app to secure iPads + more. He’s seeking beta testers. Trevor’s Twitter Feed.

Our Take on The Week’s News

A federal district court in New Jersey has decided that a social worker and special education instructor employed by the school board are liable for violating a high school student’sprivacy… after the teacher handed out a poorly-redacted copy of the studen’t psychological evaluation as a teaching tool. Read the story here, or read the court’s decision.

Industrial Espionage at Renault, or poor forensics, or both? Some details in this Economist story.

California’s top utility regulator has given gave Pacific Gas and Electric Co. two weeks to propose a way for customers to opt out of receiving the company’s controversial wireless SmartMeters.

The iPhone 4 falls at CanSecWest Pwn2Own Contest, and Blackberry.

Tales From The Dark Web

Vehicle hacking via trojan MP3? Read the story here.


January 04, 2011 – Episode 194

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on January 4, 2011 by datasecurityblog

Episode 194 of  The Cyberjungle  is 33 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 194 via the flash player:


Our Take on This Week’s News

Facing Threat From WikiLeaks, Bank Plays Defense: On Nov. 29,2010, the director of WikiLeaks, Julian Assange, said in an interview that he intended to “take down” a major American bank and reveal an “ecosystem of corruption” with a cache of data from an executive’s hard drive. Bank of America executives sprung into action the next day according to The New York Times Ira mentioned 10minutemail.com as a free tool to keep your real email address more private.

Upon launching the Spokeo website, they cleverly remind you that “it’s not your grandma’s phonebook,” which is not only a hacky reference but also literally true: the old meatspace phonebooks didn’t automatically expose all of your private information like age, income, home value, credit score, relationship status and map to your house. Who the Eff are these freaks? How did they get ALL of your info? I don’t know, but all of mine was there. Fortunately, there’s an easy way to remove yourself from the database of these privacy rapists currently thriving in Zuckerberg’s America. Hat Tip to: Chris Hardwick at The Nerdist Blog.

From the “This-Affects-Just-About-Everyone” File: Security researcher Julia Wolf of FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe PDF files. Microsoft warns of Word attacks; RTF-based exploits making the rounds, apply patch pronto.

Tales From The Dark Web

A new twist on an older attack: Attackers re-use older versions of the Zues bank trojan to steal government and private sector information. See the Netwitness Blog: Cyber-Crime or Cyber-Espionage?

Interviews

Ira Victor talks with Chrisother Hadnagy, ethical Social Engineer and author of the new book, “Social Engineering: The Art of Human Hacking

Wrap-up

The CyberJungle goes to the 2011 Las Vegas Consumer Electronic Show (CES) this week. CES is the largest electronics show in the world. The CyberJungle will bring you a security, privacy and legal perspective on the technologies featured CES. Get our reports in Conference Notes. And follow (or just read) Ira on Twitter for comments and nuggets of interest.


October 24, 2010 – Episode 183

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on October 23, 2010 by datasecurityblog

Episode 183:

This week’s regular episode of  The Cyberjungle  is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 183 via the flash player:


Interview

Joe Levy, Chief Technical Officer with  Solera Networks, stops by to discuss the Zeus Trojan variant that’s making its way around the IRS offices.  Joe’s  interview is 6 minutes long, and it begins about 25 minutes into Episode 183.

Tales from the Dark Web

If cybercrime were a disease, it would be a pandemic and the whole world would be sick. So says a report from Kroll and The Economist Intelligence Unit

Our Take on This Week’s News

School bus surveillance cams - School buses equipped with traffic cams.  It’s an experiment in a Maryland school district, where officials say the little darlings are in more danger as they alight from the bus than any other time, although no child in Maryland has ever been hit while alighting from a school bus.

Insurance companies view social networkers as burglary risks – Duh.  A survey by an insurance trade group indicates a significant number of Facebook and Twitter post their locations, and it’s worth considering whether to reflect this in their insurance rates.

And while we’re ragging on Facebook - Are gay users of Facebook being outed to advertisers for targeted product marketing? Duh again.

Ten oreos, two handfuls of fritos, a pint of Ben and Jerry’s - Are you aware that when you make use of web tools that allow you to keep track your personal behavior, that information could become discoverable in court? (Diet websites come to mind.)

Participants wanted- A new project to monitor BlackBerry traffic as it is sent from various countries. The results will help researchers and users understand what’s happening to the communications as RIM is pressured to cooperate with repressive governments.

More BlackBerry news -  The how and why of BlackBerry eavesdropping, and why it might not be what you think.

A new tool for good guys,- And bad guys, parents, employers, forensic investigators, and everyone who needs to keep tabs on someone.  ElcomSoft tool cracks web browser passwords.

CyberJungle FAQ

Shockwave Zero-day Attack In the Wild

Fake Microsoft Security Essentials Attack

August 15, 2010 – Episodes 162 and 163

Posted in Breach, criminal forensics, darkweb, ediscovery, eMail Security, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , on August 15, 2010 by datasecurityblog

Episode 163 is the this week’s full episode of The CyberJungle, posted immediately below.  Episode 162 is the su root edition for advanced listeners – material that’s too technical for the radio.  The advanced material consists of an interview with Wayne Huang,  who did early research that led to the discovery of the drive-by download.  Scroll down to the end of this batch of show notes to find it.

Episode 163:

This week’s regular episode of  The Cyberjungle  is 1 hour and 19 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 163 via the flash player:


Interview

Wayne Huang is an executive at Armorize, working in Taiwan. His early research led to the discovery of what we now call drive-by downloads.  This episode of the Cyberjungle has a 7-minute interview with Wayne, which is a bit more elementary than the 35-minute su root version at the bottom of this set of show notes.  The 7-minute interview starts at about 24 minutes into episode 163.

Free Open Source Project to fight drive-by downloads is at Drivesploit.

Tales from the Dark Web

When your patch reminders pop up on your screen automatically, that’s a convenience.  When they arrive by email, that’s a scam.

Our Take on This Week’s News

Is Google buying microdrones like the ones in this vide0? And if so, what will Goolge do with them? Seems unclear at this point, but the implications kind of freak us out.

This is about as low as it gets: Cybercriminals pose as American military men — even fallen soldiers — creating fake dating profiles to ensnare women romantically and then ask them for money.

Everyone wants an iPad… we wonder if elected officials are willing to contort financial reality and ignore open meeting law requirements in order to play with an iPad on the taxpayers dime.  This USA today report says city councils are buying iPads to save the cost of paper.  But they might be buying a whole lot of trouble that will make the paper budget seem trivial.

City of San Francisco’s former network administrator Terry Childs was sentenced to 4 years for locking the city out of its network.  He’s been cooling his heels in jail for two years during the trial, and now it looks like he’ll serve about another 6 months with credit for time served. The San Francisco Weekly had the best summary of the case, and seems to be the only media outlet that truly grasps the moral of the Terry Childs story.

Attention merchants and other businesses relying on credit card purchases. PCI 2.0 is coming in October, and will probably become effective in January.  Yes, it will require more of you. Here is the current standard. The new standard will require web application logging, and better accountability and tracking of credit card number within the business network.

Apple iPhone Patches have been distributed for devices affected by the jailbreakme flaw.  Problem is, the patches work selectively. They do not apply to all devices.  Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later. Here’s Apple’s report on the flaw.  Jay Freeman (Saurik) has made an unofficial patch for one (CVE-2010-1797) of the two vulnerabilities patched by Apple. It’s available for Jailbroken devices via Cydia,  and will work also on the older devices that have not yet received any updates from Apple, plus new devices if you don’t want to use Apple’s update.

Adobe Flash problems aren’t solved after upgrades.

Cybercriminals are already gearing up for the holidays, creating booby traps for likely Halloween and Thanksgiving search terms.

Did your shrink leave town for a convention this week?  If (s)he is attending the San Diego gathering of the American Psychological Association, you might want to text him or her, and warn about the social networking app the convention organizers have made available.  Seems the attendee code on the ID badges double as the log-in codes for the shrink network.  Oops… one wrong digit and you can view someone else’s conference registration data.

CyberJungle FAQ

1. From Steve: Our small business is running rather old PCs. Many of them are over 7 years old, and they take for ever to boot up. We are on a tight budget, we are seeing refurbished PCs with XP and new PCs with Windows7, is it worth the extra money to upgrade to Windows7? Will we get improved security?

A: YES, and your company can purchase refurbished PCs running Windows7. Get the 64 bit version, and upgrade to Office2010, for improved security and productivity.

2. From Malik: We are having a lot problems with our business email server. We are a company with less than 20 employees, but we are spending a lot of money with our IT guy on the server, where the email, and our filesve. He says we should buy a new server. The one we have is about 5 years old. Should we buy a new server, or, should we look at switching to something like gmail?

A: Get a new, smaller file server that runs Windows2008, or (even better) Linux. Buy business-grade email services from a quality firm that offers hosted Microsoft Exchange, or Open Source Zimbra.

3. Andrew: Our employees want to use their own iPads at work. They want to access work files, do email, take notes, and do other tasks. If they want to buy the iPads on their own, what are the risks to our business.

A: Plenty. Ediscovery, loss of business data, are just two. Wait a few months as business-grade alternatives to iPads are released. They are just about to be launched into the market for just your situation.

Episode 162 – su root edition:

This is our unedited edition, featuring a longer and more technical conversation with Wayne Huang of Armorize, discussing his early research that led to the discovery of drive-by downloads  The audio file is 35 minutes long.

You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to su root edition (episode 162)  via the flash player:


August 8, 2010 – Episode 160 and 161 from DefCon 18

Posted in Conference Coverage, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , , , , on August 7, 2010 by datasecurityblog

Episode 161 is the this week’s full episode of The CyberJungle, posted immediately below.  Episode 160 is the su root edition for advanced listeners – material that’s too technical for the radio.  The advanced material consists of three conversations  from DefCon 18.  Scroll down to the end of this batch of shownotes to find it.

Episode 161:

This week’s regular episode of  The Cyberjungle  is 1 hour and 12 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 161 via the flash player:


Interview:

Security Researcher Craig Hefner offers an alarming discovery about the consumer grade routers you buy at the big box store.  He’s found major flaws in these router/firewalls.  This interview is about 8 minutes long, and it begins at 59 minutes into Episode 161.  Or you can just listen to the interview by going to our conference notes page.  Also, here are some links to more information about Craig’s work:

Craigs Hefner’s White Paper on this attack

Craigs Hefner’s DefCon18 presentation slides

Craigs Hefner’s Proof-of-Concept code

Tales from the Dark Web:

Our dramatic audio taken at a DefCon 18 press conference, in which the host of the press conference begins (quite out of the blue) to describe his personal relationship with Adrian Lamo, one of the central characters in the Wikileaks incident.  We posted this story, and six minutes of audio featuring cybersecurity researcher and self-described white-hat hacker Chet Uber on the last day of DefCon. In it, Uber discusses how he persuaded Lamo to turn in accused leaker Pfc Bradley Manning.  There is a disputed fact in Uber’s account. Uber said he helped Lamo determine that documents in his possession were classified.  Lamo now denies that he ever had possession of top secret documents.  The facts will come out at Bradley Manning’s trial. No matter who is correct, the sound file offers some interesting insight into how a high-level meeting with federal law enforcement is arranged, and what top secret documents look like. The file is at the bottom of this story, if you want to hear it.

Our Take on This Week’s News:

The National Science Foundation has a porn problem according to Senator Chuck Grassley.  Seems the science guys are passing around porn despite technical measures taken by the agency to block it.  Oh, and there’s one guy who reportedly spends 20 percent of his time looking at porn, at an estimated cost to the taxpayer of $58,000.  So do the math.  This guy makes $290k per year???  WTF!!!

BlackBerry Ban – RIM Coming To Agreement With Middle-Eastern and Asian Nations on Eavesdropping. The question that we are still researching: What about a foreigner that uses BES in one of the nations? Is the traffic routed to one of these local RIM servers, or back to Canada?

Apple remote jailbreak flaw. Major Flaw Uncovered in Apple iPhone/iPad/iPod

Salute to the Wall Street Journal for its series this week on web tracking, cell tracking and other privacy issues.

We stumbled over the Social Engineering contest at DefCon18.   A super fun event to watch, as contestants placed phone calls to major U.S. corporations, and charmed employees into revealing a wide range of information about company operations — everything from the name of the dumpster service to the details of the IT architecture. (We posted a story about it here, describing a call to Apple that yielded a whole lotta info.  Boy, Steve’s gonna be mad. There’s also an audio file with a three-minute explanation of the contest by its organizers, an group called Social-Engineer.  The audio file is located about half-way through the story.)  Read about the Social Engineering organization here.

The annual session on physical lock security is always a hit. (This year there was more than one.)  We attended the presentation by Marc Weber Tobias.  His team demonstrated flaws in five different locks, from the plain-vanilla pin tumbler lock on your back door, to the $200  fingerprint biometric, the electronic RFID military lock and even a personal safe.  You can see the videos here, demonstrating how the locks were breached.

Speaking of physical security — a state agency head in California sent an email message to 175 employees announcing that the lock at the south end of their office building was malfunctioning, and there was no budget to fix it. This column in the Sacramento Bee offers an unintentionally comical account of the way this broken lock was broadly communicated to the world when one of the employees faxed a copy of the email to a state worker newsletter. The info apparently ended up — we’re not sure how — on the desk of the SacBee reporter who wrote the column.  The major point of the story is that California has no money, and even getting approval to fix a broken lock on a state building in a bad neighborhood is a tough uphill climb. But the funny part is how nobody ever stopped to consider that inside this building, where unemployment benefit checks are written, there is a whopping amount of personal information about the citizens of the State Formerly Known as Golden.  Wow… If we were bad guys we’d probably keep an eye on this place even after the lock is fixed, because it might be a really easy target.

Adobe plans emergency patch for critical Reader bug

If we don’t laugh, we’ll probably cry.  For laughs – a national association of perverts has offered an endorsement of body scanning machines in airports.  Now read this and weep – The feds love these machines so much that they’ve decided to deploy them at federal courthouses as well as airports. Where next, the public library?  And yes, they do store images, the feds now admit, after repeated denials that the machines had such capabilities.  Duh.  Did we think they would perform a visual inspection for contraband, and then fail to store the image for evidence during prosecution?

Episode 160 – su root edition:

This is our unedited edition, featuring three interviews straight from DefCon 18.  The audio file is 34 minutes long. This is a special DefCon18 edition featuring interviews with David Bryan on building a network to withstand thousands of hackers, and using low-cost equipment and volunteers. He has lessons for anyone building a network today. Then we have an interview with Chris Drake of Firehost web hosting on web application security. Finally the third interview is with Suhil Ahmed of Airwave Security about his discovery of a flaw in the WPA WiFi security protocol that can reveal confidential information, and has no patch. But, there is a workaround.

You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to su root edition (episode 160)  via the flash player:


July 31, 2010 – Episode 159

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle with tags , , , , , , , , on August 2, 2010 by datasecurityblog

You can hear episode 159 by clicking on the Flash player below, or if your device does not support Flash, you can visit our  listening options page for other ways to receive the show. Episode 159 is one hour and 9 minutes long.


Interviews

Interview #1 – Jeremiah Grossman, CEO of White Hat Security,  discovered an odd security flaw in the Apple Safari Browser. Alas, he tried to notify Apple, only to be rebuffed. He posted the story on his blog, and he decided to go public at Black Hat, and just about the time we finished this interview with him, Apple acknowledged the problem.  Fix pending.  Hear an overview of Jeremiah’s presentation in Episode 159. It’s 11 minutes long, starting about 12 minutes into the show.

Interview #2 – Mickey Boodaei, CEO of security firm Trusteer, has been hard at work on the banking trojan problem, and they’ve got a problem that may help. We discuss it with him in Episode 159. It’s 10 minutes long, starting at 55:00.

Tales from the dark web

Mariposa Botnet facilitator arrested. (You may remember that Panda Security was on top of Mariposa months ago, as we reported in this interview from the RSA Security Conference2010.)

Our take on this week’s news:

Virulent Microsoft link attack affects just about everyone. The prediction is that this one will be big. UPDATE: MICROSOFT ISSUES EMERGENCY PATCH

A really insulting  psychological profile of iPad users. The only thing they left out is that iPad users pull the whiskers off kittens.

Krebs on security writes about the victims of scareware – they end up buying the stuff, and then they’re embarrassed to go to the police. Good piece

Banks have long since stopped moving paper checks from one location to another, preferring the economy of scanning. What if someone broke into the digital repository where they store all those pictures of checks?… Someone did.

July 18, 2010- Episode 155

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, Legislation, The CyberJungle, Vulnerabilities with tags , , , , , , on July 17, 2010 by datasecurityblog

You can hear episode 155 by clicking on the Flash player below, or if your device does not support Flash, you can visit our  listening options page for other ways to receive the show. Episode 155 is one hour and 14 minutes long.


Interviews

Jeff Bryner from pOwnlabs offers a preview of his DefCon presentation to be given in Las Vegas at the end of the month.  “Google Toolbar – The NARC Within” — how the tool bar spies on you. Jeff”s  interview is about 9 minutes long, and it begins 22 minutes into the episode.

Penetration Tester David Bryan, speaking for himself, (not his company,) will also present at DefCon –  “Cloud Computing as a Weapon of Mass Destruction.” His interview is just over 9 minutes long and begins at about 54 minutes into the episode.

Our Take on This Week’s News

The state of Utah is investigating the origins of a 29-page list of personally identifying information belonging to more than a thousand people the leakers say are illegal immigrants receiving benefits from the taxpayers.  This topic stirred up the immigration issue on the talk shows, but we’re interested in these questions:  What was the data access policy — who had access to this data and for what purpose? And should there be a set of guidelines for ethical whistleblowing (if that’s what the leakers were trying to do) where electronically stored information is involved?

The Bureau of Motor Vehicles in the state of Ohio is selling personal information about its licensed drivers.  For some reason, the primary beef is that the state isn’t making enough money selling the identities of its citizens.

NSA whistleblower facing 35 years in prison

Bank Account Takeover Attack Now Mimicking Credit Card SecureCode Systems

New  zero day Attack using USB drives. There is a Microsoft advisory for dealing with it.

Bluetooth is making it easier for cybercriminals to steal debit card numbers at the gas pump.

Google get patent on technology that monitors on your mouse movements as it relates to search results. And Google is becoming quite an established presence on Capitol Hill.

Photos taken with certain camera-enabled devices can reveal you location with geotags attached to the metadata.  Mayhemic Labs has scanned a couple of million photo links on Twitter, and was able to pinpoint location of the user in about three percent of them.  Then they created icanstlku.com to prove it.

Chinese Cyber Army presentation pulled at BlackHat under pressure from Taiwan.

July 11, 2010 – Episode 153

Posted in Breach, Court Cases, criminal forensics, ediscovery, Show Notes, Vulnerabilities with tags , , , on July 10, 2010 by datasecurityblog

You can hear episode 153 by clicking on the Flash player below, or if your device does not support Flash, you can visit our  listening options page for other ways to receive the show. Episode 153 is one hour and 15 minutes long.


Interviews

Gunter Ollman from Damballa offers a preview of his Black Hat Briefings presentation to be given in Las Vegas at the end of the month.  “Becoming the Six Million Dollar Man” will discuss how cybercriminals get filthy rich using other people’s computers. Gunter’s interview is about 10 minutes long, and it begins 22 minutes into the episode.

Tony Flick, Principal at Fyrm Associates and Justin Morehouse, speaking for himself, (not his company,) discuss what will happen as the smart meters “goes social.”  Smart grid proponents are promoting the idea of networking the smart grid with social networking accounts

Speaking of the smart grid, this story says Maryland public utilities regulators sent Baltimore’s power company back to the drawing board last month, with a rejection of its smart grid plan.  The public objection, as in most cases, was based on cost to ratepayers rather than any security or privacy issues.

Our take on this week’s news

Top story -  soldier charged with theft of secret DOD files

Meanwhile, Congresswoman Jane Harmon has open, unencrypted WiFi at her home. (p.s. she’s a senior member of the Homeland Security Committee, and Chair of its Intelligence and Terrorism Risk Assessment Subcommittee)

Automakers working with silicon valley to create “connected car”

NSA Perfect Citizen – Big Brother has arrived.

Swiss Bank security guy steals customer data… offers it to tax authorities.

Survey- ex employees and IT staff are snooping on business

Game publisher Blizzard announces a real ID program for World of Warcraft forum…. No more screen names. But the market spoke, and the company withdrew the plan.

Airport body scanners will be the primary security check at U.S. airports.

Follow

Get every new post delivered to your Inbox.

Join 1,064 other followers