Archive for EFF

Data Security Podcast Episode 84, Dec 7 2009

Posted in Breach, Court Cases, criminal forensics, ediscovery, Legislation, Podcast with tags , , on December 7, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Is there is a Russian connection to the “Climategate” attack?

* ‘Take Back Your Privacy’ — A new nation-wide effort ramps up

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 84 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 84 of the Data Security Podcast

* Samantha has a conversation with Leslie Harris, president and CEO of The Center for Democracy and Technology. They are a D.C. group launching a consumer privacy campaign. They want to educate consumers, pressure businesses, and push for a new law. Read more at the “Take Back Our Privacy” area of their site.

* Tales From The Dark Web:  What, if any connection is there between Russian and the “Climategate” attack? Read more in the The UK Daily Mail story. And, Adobe to release critical security patches tomorrow .

* From Our Take on The News: SC police academy IT chief nabbed in Web sting‘Accidental’ Download Sending Man To Prison.

* From Our Take on The News:  Department of Defense misses its own deadline for removing social security numbers from military ID cards. Read about it at Stars and Stripes.

* From Our Take on The News: Sprint received 8 million requests from Law Enforcement for GPS location data. EFF is on the case, but this story has a fascinating origin… and an almost instantaneous rebuttal from Sprint. (Which doesn’t deny the 8 million figure, but attempts to give it some context… The company is, of course, a regulated industry stuck in the middle, between the demands of its customers and the demands of congress, law enforcement and FTC… ). Read more at EFF.

* From Our Take on The News: The economics of security advice; a very interesting MSFT research paper, and a related SANS posting. Read more at The SANS Internet Storm Center.

* The Wrap:  Many More Government Records Compromised in 2009 than Year Ago, Report Claims. Read more at databreaches.net .

Data Security Podcast Episode 79, Nov 16 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , , , , , , , on November 16, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* The odds of unknowingly logging onto an ‘evil twin’ of your online banking site is increasing due to new broadband hazards.

* A revised Google Book Settlement was submitted to the courts . It doesn’t address privacy at all.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 79 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 79 of the Data Security Podcast

* Program note about this week’s Conversation:  Ira will have an extended, technical conversation with Pedro Bustamante, Senior Security Researcher with PandaSecurity.  Ira and Pedro will discuss web drive-by downloads and other security issues in a special interview segment that will appear in a separate posting later this week. You can listen to the segment by streaming on this site, on iTunes, or other RSS feeds you use to listen to the Data Security Podcast.

* Tales From The Dark Web: What if you typed in your bank’s web address, but unknown to you, you were taken to an evil twin of your bank, controlled by cyber criminals? Well, the odds of that happening is increasing, due to Domain Name System (DNS)  issues in a significant number of broadband modems and routers.  Many other attacks can use these DNS flaws. Hat tip to the coverage by Robert McMillan of the IDG News Service.

* From Our Take on The News:  Airport security in Saint Louis hassled one guy for half an hour, because he was carrying $4,700 in a cash box, which he placed on the x-ray conveyor belt and subjected to TSA scrutiny, as is required for all carry-on cargo. The money was connected with his (legal) job with Campaign for Liberty. The guy recorded the abusive inquisition on his iPhone. The ACLU sued the TSA. Now the airport security rules have changed. Read the coverage in The Washington Times.

* From Our Take on The News:  A flaw in Adobe Flash has a huge impact on web usage, especially those businesses that use Google Gmail/Google Apps/PHP Discussions, and sites the scores of sites that allow the upload of information to the site.  Mike Bailey, an expert on web application security, has an excellent infosec write up at the Foreground Security blog.  Faster read in Computerworld.

*  From The Wrap:  Revised Google Book Settlement was submitted to the court late Friday night. It doesn’t address privacy at all, even after EFF and other parties submitted a legal brief outlining legitimate fears that Google can track, and is likely to share individual book search information with law enforcement and anyone else who issues a subpoena. Google will retain book-search details, right down to page number and how long you lingered there, for every book you search. Read this account of the revised settlement.

Data Security Podcast Episode 76, Nov 02 2009

Posted in Annoucements, Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Podcast, Vulnerabilities with tags , , , , , , , , , , , on November 1, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Placing an online bet for the World Series? Employees of online betting sites might be selling customer data online.

* Google Book Search: What data is Google storing about readers of online books?

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 76 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 76 of the Data Security Podcast

* Conversation:  Samantha talks with Rebecca Jeschke  of the Electronic Frontier Foundation (EFF). There are lots of privacy objections to the Google book search settlement… EFF is leading the way on the privacy objections. Read about it here. And here’s the legal document filed by EFF… the settlement hearing has been indefinitely postponed.

* Tales From The Dark Web:  Are online casinos leaking information about their customers? Hard to say, as we saw the original web posting about this is only available in the Google Cache. Here is a story from TightPoker.com about the original posting. That story lists the original site at AustralianGambling.au, but the URL should be AustralianGambling.com.au .

* From Our Take on The News:  Lobbyists beware: judge rules metadata is public record. This story also talks about the Google metadata leak.

* From Our Take on The News: A MUST READ – Samantha writes at the ReasonableReporter.com about social engineering and how the technique is used in real life, and in the new movie Law Abiding Citizen:

* Wrap: Ira talked about the launch of Digital Forensics Magazine.

Data Security Podcast Episode 57 – June 15 2009

Posted in Breach, Business Continuity, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Podcast, Vulnerabilities, web server security with tags , , , , , on June 14, 2009 by datasecurityblog

30 minutes each week on data security, privacy, and the law…. (plus or minus five)

On this week’s program:

  • Is Al-Qaida getting funding by stealing minutes from business phone systems?
  • $10,000 was paid out to the security researchers that uncovered the flaws in StrongWebMail. Could your email be vulnerable to that same attack?  A conversation with  StrongWebMail’s top executive.
  • EXCLUSIVE – New proof of concept browser sniffer hack that does NOT use scripting attacks.
  • Plus, our take on this week’s news.
  • More details and links in the show notes section below the audio listening instructions.

–>NEW! Stream This Week’s Show with our Built-In Flash Player: (or scroll down to try the Odeo link for a very firewall friendly player)

This week’s show is 32 minutes long

–> Stream, subscribe or download Episode 57 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–>  A simple way to listen to the show from with stricter firewalls:  Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

Show Notes for Episode 57 of the Data Security Podcast

  • Ira has a conversation with Darren Berkovitz, COO of StrongWebMail.com and Telesign.com, about why he offered $10,000 to anyone who could break into the StrongWebMail system.
  • Tales From The Dark Web: The US Justice Department files indictments against three suspected terror suspects. They are charged with stealing business phone minutes, illegally re-selling those minutes, and using the proceeds to fund Al-Qaida terror activities.
  • From The News: EXCLUSIVE TO THE DATA SECURITY PODCAST, Brendon Boshell a web developer has created a unique remote browser sniffer that does NOT use the highly common, and easily blocked, scripting attacks. This is his proof of concept, but his site only explains part of the approach. We explain more in the show.
  • From The News: Hawaii sends woman to jail for using her medical records access to post HIV-AIDS patient’s medical information on MySpace.
  • From The News: The Las Vegas Review Journal got a visit from the Feds after publishing this story … with a subpeona demanding the identities of newspaper readers who posted comments.

Data Security Podcast Episode 55 – June 01 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , , on June 1, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – Polymorphic drive-by download attack targets tens of thousands of legit business and government web sites. SSL can be used for good or evil, find out how to tell the difference. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for this week’s The Data Security Podcast

–> Ira has a conversation with Dan Proch, with Netronome about SSL security. Secure Socket Layer can be used for good or evil. We talk about how to detect the difference. Learn more with white papers and webinars by Netronome.

–> Tales From The Dark Web: Polymorphic drive-by download attack targets the visitors of tens of thousands of legit business and government web sites. The attack is slipping past AV, and exploits desktop vulnerabilities. Read more about it in the Websense blog posting, and a article at TheRegister.com .

–> From The News: Dutch Researchers expose potential vulnerabilities in NXP MIFARE RFID Smart Cards. Billions of these cards are in use for transit fares and building access control. Here is an excellent proof of concept video of how to attack these systems:

–> From The News:  Read  Maribel Lopez detailed report comparing the security of Blackberry, iPhone and Windows Mobile .

–> From The News: The White House is planning major cyber security intervention. Here is official video on the topic from the White House:

Data Security Podcast Episode 51 – May 04 2009

Posted in Breach, Business Continuity, Conference Coverage, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, Podcast, Vulnerabilities with tags , , , , , , on May 4, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – Swing Flu IT Security Tactics; A work around for the latest Adobe PDF Zero-day; And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.  Tune in or subscribe via our page at Podcast.com.

This week’s show is sponsored by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

The Show Notes Page for Episode 51 of The Data Security Podcast

-From The News: FTC delays full enforcement of it’s Red Flag Rules

-From The News: WRAL Report, Mom says Patriot Act stripped son of due process

-From the News: A fresh attack against Twitter.

-> Tales From The Dark Web: Another Adobe PDF Zero-Day

-> Ira has a conversation with Ed Cohen, VP, Corporate Development at SonicWall on IT Security planning in the event of a second wave of Swind Flu. SonicWall offers an ebook on the top trends in teleworking, and a white paper on the cost savings from teleworking.

-> Wrap-up: Ira enjoyed using the Bracktron Grip-It to hold his smartphone and listen to podcasts and other internet content when he drove from Nevada to the RSA Security Conference in San Francisco. Ira reports that it is highly adjustable, so it can accommodate a variety of devices. The Grip-It keeps devices hands free, and at eye-level. No drilling required, and it can be removed from the dash when parking to help keep away interested theives. He reports that it was stable at highway speeds, and in the sweeepers.

Bracketron Grip-It vent mount for smartphones, MP3 players, and GPS devices

Bracketron Grip-It vent mount for smartphones, MP3 players, and GPS devices

Data Security Podcast Episode 48 – Apr 13 2009

Posted in Breach, criminal forensics, darkweb, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , , , , on April 12, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Twitter worm a case study in web app security; Will Congress give sweeping cyber authority to the White House?  And our take on the news.

–> Stream, subscribe or download Episode 48 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 48 of The Data Security Podcast

-From The News: Patch those third party apps, not just the OS! That’s the takeaway from the latest edition of The Microsoft Security Intelligence Report.

- From The News: IRS to Boost Oversight of Security, Accuracy of E-Filings, as posted in the Washington Post

- From The News: FTC’s attempt to fight fraud with the so-called “Red Flags Rules” Here is a link to the FTC’s How-To Guide for Business. Physicians are on the list of many types of business that need to comply.

-Tales From The Dark Web: We covered XSS and web application security. OWASP is an excellent resource for free, standards-based web application security information.

-Conversation:  Ira speaks with Lee Tien of the Electronic Frontier Foundation. Read more about the Cybersecurity Bill of 2009, including a link to the EFF blog posting on the issue.

- Wrap up:  HOWTO: Protect Yourself On Twitter (Lessons Learned From The StalkDaily Twitter Hack)

Follow

Get every new post delivered to your Inbox.

Join 1,139 other followers