Archive for endpoints

Feb 15, 2011 – Episode 200

Posted in Conference Coverage, Legislation, Show Notes, The CyberJungle with tags , , , , on February 15, 2011 by datasecurityblog

Episode 200 of  The CyberJungle  is 27 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly- great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interview is about 8 minutes long and it starts at about the 18:25 mark.

To listen to Episode 200 via the flash player:

Interviews

Simple Physical Security – Without the “security system tax/fee.” We talk with Andrew Saldana with SecurityMan

Tales From The Dark Web

HBGary’s exposed for trying to counter-attack Wikileaks, security institute issues rare request related to counter-counter-attack

Our Take on The Week’s News

No man’s personal identity is safe while the legislature is in session

RSA Conference report: CipherCloud, businesses can encrypt data on popular cloud services like Salesforce.com

RSA Conference report: Invincea has a new technology that combines virtual machine browsers with behavior-based malware blocking.

RSA Conference report: Entersect from South Africa has a very interesting twist to 2-factor authentication.

Ira is at RSA San Francisco 2011. Ira will post reports in Conference Notes. Reports sponsored by LogLogic – The IT Data Management company. Meet Ira in the LogLogic booth #828 during Tuesday night’s RSA pub crawl and drink some Travis Smith’s 510 nano-brew, served fresh in the booth.

October 24, 2010 – Episode 183

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on October 23, 2010 by datasecurityblog

Episode 183:

This week’s regular episode of  The Cyberjungle  is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 183 via the flash player:

Interview

Joe Levy, Chief Technical Officer with  Solera Networks, stops by to discuss the Zeus Trojan variant that’s making its way around the IRS offices.  Joe’s  interview is 6 minutes long, and it begins about 25 minutes into Episode 183.

Tales from the Dark Web

If cybercrime were a disease, it would be a pandemic and the whole world would be sick. So says a report from Kroll and The Economist Intelligence Unit

Our Take on This Week’s News

School bus surveillance cams - School buses equipped with traffic cams.  It’s an experiment in a Maryland school district, where officials say the little darlings are in more danger as they alight from the bus than any other time, although no child in Maryland has ever been hit while alighting from a school bus.

Insurance companies view social networkers as burglary risks – Duh.  A survey by an insurance trade group indicates a significant number of Facebook and Twitter post their locations, and it’s worth considering whether to reflect this in their insurance rates.

And while we’re ragging on Facebook - Are gay users of Facebook being outed to advertisers for targeted product marketing? Duh again.

Ten oreos, two handfuls of fritos, a pint of Ben and Jerry’s - Are you aware that when you make use of web tools that allow you to keep track your personal behavior, that information could become discoverable in court? (Diet websites come to mind.)

Participants wanted- A new project to monitor BlackBerry traffic as it is sent from various countries. The results will help researchers and users understand what’s happening to the communications as RIM is pressured to cooperate with repressive governments.

More BlackBerry news -  The how and why of BlackBerry eavesdropping, and why it might not be what you think.

A new tool for good guys,- And bad guys, parents, employers, forensic investigators, and everyone who needs to keep tabs on someone.  ElcomSoft tool cracks web browser passwords.

CyberJungle FAQ

Shockwave Zero-day Attack In the Wild

Fake Microsoft Security Essentials Attack

July 31, 2010 – Episode 159

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle with tags , , , , , , , , on August 2, 2010 by datasecurityblog

You can hear episode 159 by clicking on the Flash player below, or if your device does not support Flash, you can visit our  listening options page for other ways to receive the show. Episode 159 is one hour and 9 minutes long.

Interviews

Interview #1 – Jeremiah Grossman, CEO of White Hat Security,  discovered an odd security flaw in the Apple Safari Browser. Alas, he tried to notify Apple, only to be rebuffed. He posted the story on his blog, and he decided to go public at Black Hat, and just about the time we finished this interview with him, Apple acknowledged the problem.  Fix pending.  Hear an overview of Jeremiah’s presentation in Episode 159. It’s 11 minutes long, starting about 12 minutes into the show.

Interview #2 – Mickey Boodaei, CEO of security firm Trusteer, has been hard at work on the banking trojan problem, and they’ve got a problem that may help. We discuss it with him in Episode 159. It’s 10 minutes long, starting at 55:00.

Tales from the dark web

Mariposa Botnet facilitator arrested. (You may remember that Panda Security was on top of Mariposa months ago, as we reported in this interview from the RSA Security Conference2010.)

Our take on this week’s news:

Virulent Microsoft link attack affects just about everyone. The prediction is that this one will be big. UPDATE: MICROSOFT ISSUES EMERGENCY PATCH

A really insulting  psychological profile of iPad users. The only thing they left out is that iPad users pull the whiskers off kittens.

Krebs on security writes about the victims of scareware – they end up buying the stuff, and then they’re embarrassed to go to the police. Good piece

Banks have long since stopped moving paper checks from one location to another, preferring the economy of scanning. What if someone broke into the digital repository where they store all those pictures of checks?… Someone did.

Episode 125 – April 3, 2010

Posted in Breach, Court Cases, darkweb, Legislation, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , , on April 3, 2010 by datasecurityblog

Interviews, Episode 125:  Big Batches of Patches! Following huge releases on Patch Tuesday from Microsoft, Apple, Sun/Java, Mozilla Firefox, and Mozilla Thunderbird, we talk with patch management expert Jason Miller. He’s Data and Security Team Manager from Shavlik Technologies. Jason’s interview starts about 22 minutes into the program.

We also talked with Randy Sarafan, the Author of 62 Projects to Make With a Dead Computer.  Fun stuff.  Interview starts about 53 minutes into the show. You can download the file from our XML feed, from iTunes, and other sites. See the Listening Options page, or use the flash player below:

Our Take on This Week’s News

CNN presents a glowing story about the success of airport whole body scanners, which have found drugs and other junk in people’s pockets. The TSA plans to roll out 1000 more of the machines.  Meanwhile, the Electronic Privacy Information Center posted this doc, in which the TSA contradicts itself to congress regarding the ability of the machines to store and transmit images. See item # 8, where they claim that the airport scanning machines are not capable of transmitting images, BUT, the images they transmit to remote viewing facilities are encrypted.

A new web service allows businesses to monitor the social networking communications of their employees. Facebook and Twitter users, you should probably just assume that what you post publicly is being monitored by your employer. Employers, you should probably assume that your employees post a lot of stuff that shouldn’t be shared.

Quip app security hole shares private photos. People who used a free service to send naked photos of themselves were exposed. Hey wait a minute… doesn’t the Apple app store performed extensive reviews before they accept a product?

iPad is coming to the office, and we found some security applications for it.  iTeleport: Jaadu VNC is encrypted remote access allows a secure connection between the iPad and a desktop comupter.  ALSO — in PC World, Tom Bradly Reports another option from Array Networks: “One app that is not yet available, but has significant promise for leveraging the iPad to connect with Microsoft Windows systems is Array Networks Desktop Direct.

Report: 64% of all Microsoft vulnerabilities for 2009 mitigated by Least Privilege accounts.

Way cool! Open PDF Links Directly In Google Docs Viewer

Whole Foods Scam on Facebook. Free gift cards worth $500 for the first 12,000 users. Uh-huh.

Cleveland Plain Dealer exposes identity of community leader who posts anonymous comments. Starts debate about privacy versus the public’s right to know. We wonder why just anyone at the newspaper can look at the email registry.

News Outlet Reports “Hacking” and Makes Itself a Target for More “Hacking”

Posted in The CyberJungle with tags , on January 30, 2010 by datasecurityblog

The web sites of nearly 50 Members of Congress were defaced just prior to Obama’s State of the Union address.

The Hotline political site (part of The National Journal), covered the story. In their story on the topic, they included the screen shot below showing the web defacement. It appears that the computer that was/is used by The Hotline for this story, is itself open to exploit. Note the icons on the lower right of the screen shot below. The system is not properly patched.

Screen Show of Defacement Reveals Something More...

Screen Shot of Defacement Reveals Something More...

Read the original story at The Hotline

The CyberJungle Episode 101 – Jan 10 2010

Posted in Annoucements, Breach, Court Cases, darkweb, eMail Security, Legislation, Podcast, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on January 10, 2010 by datasecurityblog

Security, Your Privacy, and The Law

On this week’s program:

* Houston DA Tweets the names of people arrested for DUI

* WiFi for passive aggressives

* You won’t believe the password to launch nuclear war

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 101 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive.

Show Notes for Episode 101 of the CyberJungle

* Conversation: Ira and Samantha interview Houston civil rights attorney Randall Kallinen about the Houston Texas-area DA Tweeting the names of those arrested for DUI.

*How Google collects information

*Google Near Me Now application

* Digital piracy hits the book industry

* Mind-reading at the airports

*WiFi for passive aggressive

*Nuclear launch passcodes

*Ransomware – buy back your own files?

*One in ten botnets are engaged in the Zues attack

*Ironkey CEO speaks about the USB crypto flaw

*FTC says FCC needs to consider the dangers of cloud computing

Follow

Get every new post delivered to your Inbox.

Join 1,121 other followers