March 27 2013, Episode 295, Show Notes

Episode 295 of The CyberJungle is about 35 minutes long.  The interview with the Founder of Stop the Hackers begins at about the 20min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 295 via the flash player:

Interview

Dr. Anirban Banerjee is the lead Primary Investigator, the VP of Research and Development, and co-founder of StopTheHacker Inc. He graduated with his Ph.D. in Computer Science, from the University of California at Riverside in 2008. Dr. Banerjee’s thesis research includes well over twenty published papers in the areas of internet security, measurements and web technology.

Tales From The Dark Web

Industrial espionage is ripping off SA firms

Our Take On This Week’s News

South Korea bank attacks should prompt rethink in U.S.

Of 1,800 serious malware NSS Labs tested, some always managed to get through — no matter what combination of protection was used

What You Didn’t Post, Facebook May Still Know

Please support our sponsors, as they support The CyberJungle

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

March 26, 2012, Episode 252, Show Notes

Episode 252 of The CyberJungle is about 27 minutes long.  You can hear it by clicking on the flash player below. The interview with  Dr. Thibadeau of Wave Systems begins at about 17:30min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 252 via the flash player:

Interview

From the floor of RSA Security Conference, we talk with Dr. Robert Thibadeau of Wave Systems about the challenges of data wiping and digital forensics on solid state drives (SSD)

Tales From The Dark Web

We take a break from our format this week, and therefore no Tales from The Dark Web

Our Take on This Weeks News

Facebook Threatens Legal Action Against Employers Asking for Your Password

Facebook responds to workplace password releases

Report: Some GSM networks can be easily breached

Seattle Startup Offers Solution for Apps Rejected by Apple for Using UDID

Wrap

Web 0.2: Today I Learned Buick “Created A Website” Before There Was Even A Web

Feb 8, 2011 – Episode 199

Episode 199 of  The CyberJungle  is 27 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great or listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interview is about 8 minutes long and it starts at about the 17:30 mark.

To listen to Episode 199 via the flash player:

Interviews

Google Tracks You…We Don’t” – A new web site takes on Google, by NOT tracking you. We talk with Gabriel Weinberg of DuckDuckGo.com .

Tales From The Dark Web

Milwaukee has beer, San Jose has software, and Las Vegas has Casinos. In our Tales from the Dark Web segment, we tell you about a city where the #1 industry is CyberCrime.

Our Take on The Week’s News

Judge orders juror to reveal private Facebook postings in California criminal case

What NASDAQ is and isn’t saying about another high-profile cyber attack

Surge in Adobe PDF attacks impacting Windows, Mac and Linux users

Texas AG pushes for new anti-sexting law – but with a twist

Ira heads to RSA San Francisco 2011. Ira will post reports in Conference Notes. Reports sponsored by LogLogic – The IT Data Management company. Meet Ira in the LogLogic booth #828 during Tuesday night’s RSA pub crawl and drink some Travis Smith’s 510 nano-brew, served fresh in the booth.

January 25, 2011 – Episode 197

Episode 197 of  The CyberJungle  is 25 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 197 via the flash player:

Interviews

Ira talks with HP Security Evangelist, Rafel Los. Topic: Business Application Security, and a different way to weigh risk.

Tales From The Dark Web

Just because they are behind bars doesn’t mean your safe from members of the Dark Web.

Our Take on This Week’s News

Record a cop, go to jail – Two Chicago residents who recorded their interactions with the police are facing felony charges… one is in jail… and their cases are drawing attention to an eavesdropping law that may be obsolete in the age of smart phones with audio and video recording capabilities.

Before we had Facebook, we had yearbooks – At the end of each year of high school, we’d write messages by hand, with a pen, never expecting anyone except the book’s owner (and a select few friends) would see them. Now classmates dot com is buying up old yearbooks, and scanning and posting the contents, including our most private heartfelt messages. Read this account of describing one man’s yearbooks, bought at an auction of the contents of his mother’s basement, and the various personal messages from girls during his high school years… including a lengthy breakup letter from a serious relationship during his senior year.

In a potential windfall to attorneys that sue businesses that send out spam -  California Appeals court has ruled that businesses can be held strictly liable for actions done by their affiliates (and sub-affiliates).

Trapster Hacked – If you own a smarphone, you might be using the free app Trapster. Trapster alerts you when you are driving near speed traps and traffic cams, and other law enforcement hazards. Attackers may have stolen email addresses, passwords, and other data.

January 28, 2011 is Data Privacy Day. Privacy Projects, is the official sponsor of  Data Privacy Day.  The goal is to put additional pressure on companies and to gain a better understanding that everyone’s privacy is at stake.

 

Record a cop, go to jail - Two Chicago residents who recorded their interactions with the police are facing felony charges… one is in jail… and their cases are drawing attention to an eavesdropping law that may be obsolete in the age of smart phones with audio and video recording capabilites.

January 18, 2011 – Episode 196

Episode 196 of  The CyberJungle  is 30 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 196 via the flash player:

Interviews

Earlier this month, while we were strolling on the floor at CES in Las Vegas, we had a chance to chat with Tony Kainuma, the Director of Navigation and Detection products at  Cobra Electronic Corporation.  We discussed Cobra’s new smartphone app that watches for red light cameras, traffic congestion and cops with radar, and relays the information to all Cobra users who subscribe.

Tales From The Dark Web

Creepy stalker uses info from  Facebook to break into email accounts and steal stuff from women.

Our Take on This Week’s News

Silliest use of the Computer Fraud and Abuse Act? We (respectfully) disagree with law professor Orin Kerr, who says Sony’s lawyers should win this prize for this argument:  You’re guilty of felony computer hacking crimes if you access your own computer in a way that violates a contractual restriction found in the fine print of the licensing restriction of the product imposed by the manufacturer. We think the honor for dopiest use of the CFAA still belongs to the prosecutors of MySpace Mom Lori Drew.

Stuxnet news: The New York Times reports the Stuxnet worm was a joint project of the U.S. and Israel, engineered to destroy the uranium centrifuges that Iran uses in it’s nuclear weapons program. As a result of this worm, the Iranian nuke program has suffered serious set-backs. All without a shot being fired.

Federal judge supports Federal Government -  Says plaintiff  EPIC did not convince him that DHS should turn over 2,000 naked images from the airport body scanners.

A proposal in congress for a law that would clarify the rights of Americans returning home from abroad, only to have their  digital devices are seized by customs agents.  Our take – for the time being, consider the  U.S border a hostile zone for  business and personal data in your laptop or smart phone.

June 6, 2010 – Episode 143

Episode 143 is 71 minutes long. You can listen by clicking the flash player below, or you can click here for more listening options.

To listen to Episode 143 via the flash player:

Interview segment

We talk with Gary Biller, Executive Director of the National Motorists Association, about an Ohio Supreme Court decision that says law enforcement officers do not need to back up their vehicle speed estimate with reports from a radar reading; eyeballing it is good enough. The Ohio press reports. The interview starts about 20 minutes into Episode 143.

Tales From The Dark Web

Mac Attack: Spyware trojan hitching ride on third-party screensavers for the Mac.

Advice to those sent their questions to the CyberJungle mailbox

Site for alternative PDF readers:  http://pdfreaders.org

Site for scrubbing hard drive before you give your computer away: Darik’s Boot And Nuke

Our take on this week’s news

Researchers from the mobile industry and academia are analyzing the detailed call and text record databases from mobile phones, along with users’ geographic movement.  Information about how and when people move about promises a handsome revenue stream for cell phone carriers.

Wall Street Journal report on smartphone attacks. MasterCard launches iPhone, iPad payment app

Fake software sales on criagslist draw attention.  Pirated software can also find its way into retail stores occasionally, too. Microsoft provides a site that helps you figure out whether your software is legit.

Federal Trade Commission settles with CyberSpy Software, LLC.  Settlement requires the company to stop instructing its customers how to send its keylogging product in a stealth email attachment. Also must notify the receiving computer that the software is about to download, and receive consent.  This will put a chill on the spying.

Hackers like the Facebook “Like” button. Only six weeks after its introduction, the Like button is being used for mischief.

Legal intrigue after Digital River  management was alerted that a big batch of the company’s data was circulating , and offered for sale on the black market. Civil and criminal law in play.

Our Tether contest – win wireless access for your BlackBerry

Thanks to Tether for providing a generous number of full-value licenses to award as prizes for listeners of The CyberJungle. We love the product, and have given away 10 licenses each in episodes 141 and 143.   You can still enter by sending an email to comments@thecyberjungle.com, and telling us which version of the BlackBerry software you’re running. (Find this by going to “settings ->options->about” on your BB.)  We award the prize to the first ten requests of the week.  Our week runs Saturday-through-Friday. If you win, we ask that you send an acknowledgment once you’ve received your key, so we know you got it. Then we will delete your email, as a gesture of respect for your privacy.

BTW — there is a :60 second Tether commercial in these shows.  We are running them as a thank-you to Tether for the software keys.  We want to acknowledge the people who created some of the components in the spot.  The Free Sound Project is an awesome organization for people like us, whose ears are bigger than our budgets when it comes to production.  The audio effects in the Tether spot cam from the site, and we thank the creative producers who post their work. Especially — someone with the handle kkz who created a file called “t-weak bass” … someone with the handle dland who created a file called “to hell with vinyl”… and someone with the handle Halleck, who created “crash reverse.”  All can be heard in the Tether spot, which airs at approximately 29:50 in episode 143.

May 23, 2010 – Episode 139

Interview Segment:

Josh Levy, a writer, internet strategist, and the organizer of a project called “pledge to leave facebook.” The interview is 9 minutes long, and it starts about 56 minutes into the show. Episode 139 is 1 hour and 12 minutes long. You can hear it by clicking on the flash player below, or click on the listening options page for other ways to listen.

To listen to Episode 139 via the flash player:

Our take on this week’s news:

Co-host Ira Victor is out of town.  Lee Rowland from the ACLU of Nevada sits in as guest co-host for a first-hour privacy round-up.  Recent issues include:

The Houston Police Department recently held a secret (no media allowed) event where the invited guests contemplated the use of drone aircraft for domestic law enforcement.  Nonetheless,  one news outlet got wind of it, and stationed its television cameras on the property next door. They caught the launch of the drone on camera.  Cops say they aren’t sure how they’ll use the technology, but aren’t ruling out anything. Watch the whole report.  It’s about four minutes long.

Incoming U.C. Berkeley freshmen are being encouraged to offer a  DNA sample.  And why were RFID chips implanted in Alzheimers patients without proper oversight?

TSA continues to roll out the full body scanning machines to airports across the nation.  Passengers don’t seem to be aware that they can opt for a pat-down instead of a virtual strip search.

Tough week for Facebook.  The Wall Street Journal reports the company gave personal info to advertisers. EFF offers insight.

On the heels of a CBS news investigative report about the data left on copy machine hard drives, the FTC is applying pressure to the makers of the machines to educate customers about scrubbing the hard drives.  (Xerox is leading the pack, according to one account.)

The first-ever jail sentence for a HIPAA violation has been imposed. We wonder why this guy was informed he was about to be fired, and then allowed to hang around and access patient records repeatedly.

Todd Davis of LifeLock told the world his social security number as an advertising gimmick, trying to prove a point, of course.  His identity has been successfully stolen 13 times since being “covered” by LifeLock.

Not cool enough for a mac?  Why the Apple Store refused to sell an iPad to a disabled woman. (She wanted to pay cash. Apple’s iPad policy was credit or debit card only.) And why Apple relented, and delivered the device to her home a few days later. (San Francisco television consumer reporter Michael Finney and his news feature “7 on Your Side” shamed them into it.)

May 15, 2010 – Episode 137

Interview Segment – Jason Miller, Data and Security Team Manager for Shavlik Technologies on patch management.  It’s not a sexy topic, but it’s critically important. Jason says patching should be determined by the needs of the business, rather than the importance rating issued by Microsoft or other vendors. The interview is 7 minutes 38 seconds long, and it starts at about 21 minutes into episode 137.

You may listen to to Episode 137 on via the flash player:

Or go to the listening options page to choose another method of receiving the program.

Our Take on This Week’s News

Privacy: Did Facebook’s Zuckerberg describe early users of his product as  “dumb F**ks” for submitting private information when they signed up?

And Google admits that its Street View cars have been slurping up wireless access point information. There’s a lot of anger over this, and we’re predicting an advertiser backlash against the privacy violators.

As if Goldman Sachs doesn’t have enough problems… Now the company is being sued for intellectual property theft.

Nine  former employees of an education agency in Iowa were indicted for sneaking a peak at Presidential candidate Barack Obama’s student loan records.

A new twist on a familiar theme.  A big company with a security flaw on its website;  a security expert discovers it and tries to report it, but the company ignores him or pats him on the head and tells him to go away.  This happens with surprising regularity. In this case, Smackdown blogger Michael VanDeMer writes about a spate of hacks to blogs hosted by GoDaddy.

Web security firm Dasient reports: In Q1 2010, we estimate that over 720,000 web sites were infected.

Twitter links are safer than Google links.

Critical zero-day flaw found in Apple’s Safari browser.

FAQ:  To delete Apple Safari browser (and other applications) in WindowsXP, in Windows7.

Browser alternatives to Safari on iPhone: Opera Mobil (versions also available for BlackBerry. Ira also like Bolt Browser for BlackBerry.

Flashback: Remember Mikeyy the (self-proclaimed) teenaged Twitter Hacker?

April 24, 2010 – Episode 131

Interview: Evan Ratliff joins us to discuss his attempt to vanish for a month, with Wired Magazine challenging readers to find him, and a $5,000 reward for anyone who snapped his photo and said the word “fluke.”  An online posse developed, Evan ducked discovery for 25 days, and was caught in New Orleans, a few days shy of his goal.  The interview is about 14 minutes long, and it starts about 57 minutes into Episode 131. You may stream the program here:

You may download Episode 131 here. Or visit the Listening Options page for more ways to hear the program.

Discussion: The texting case that made it to the U.S. Supreme Court.  We discuss with ACLU Attorney Lee Rowland Fourth Amendment protections as they apply (or don’t apply — that’s what the court is considering)  to text messages, and under what circumstances.  Our discussion with Lee is about 20 minutes long, and starts about 22  minutes into Episode 131

Our Take on This Week’s News

Amazon is fighting off a demand from the North Carolina Department of Revenue (the state tax collectors). The state wants a record of all Amazon purchases made by its residents, and it wants names, so it can collect the sales tax.  Amazon says “privacy violation.”  And remember Amazon’s original business was books, which have a special place in the law when it comes to protecting their owners from government intrusion.

Here’s the story as reported by c|net, and here’s Amazon’s complaint.

Cyberattack on Google Said to Hit Password System.  More has been revealed about the extent of the Aurora attack on Google.  This story was apparently leaked to the New York Times by someone familiar with the investigation.  It suggests huge implications for the security of all Google applications.

Facebook is becoming quite brazen about exposing user profile information. This opinion piece at EFF explains the latest piece of information to be taken out of the user’s control.

Related:  The Facebook “like it” button, coming soon to websites everywhere.

About the most straightforward information-sharing scheme we’ve seen yet:  Blippy mines your email and credit card statements (with  your permission) and posts every purchase you make.  Blippy is the VC flavor of the month, having just received $11 million.  Too bad some credit card numbers belonging to Blippy users turned up when some curious surfers hit Google with search strings containing the words “Blippy.com” and “from card”.  Will Blippy survive?  Probably, even in the face of a less-than-apologetic stance from the company (Co-founded by the infamous Pud, of the infamous FuckedCompany.com site from the “dot-bomb” period.)  Why anyone would want to be part of Blippy, especially now,  is a separate discussion.

Highly-paid SEC lawyers and accountants spent their days surfing porn sites while Bernie Madoff was making off with a whole lotta other people’s money. We ask why, in an entity whose mission revolves around audits and controls, were there no audit trails and controls to call attention to an employee with 16,000 attempts to access porn?  Shouldn’t this have been nipped in the bud before it spiraled out of control?

You probably read about some of the chaos that ensued from McAfee’s latest update.  But this story by a SANS incident handler takes the prize.

Malware mules:  We all know about drug mules and money mules.  But the black market for email credentials is creating some new opportunities.

Data Security Podcast Episode 71, Sep 28 2009

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* $4k per day scamming fake Viagra? That’s just the tip of the iceberg.

* Business bank accounts are the targets of attacks, businesses are responding with lawsuits against banks.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 71 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 71 of the Data Security Podcast

* Conversation: Samantha talks with attorney Dan Mitchell, of Bernstein Shur. His business client was the victim of one of the bank account attacks, resulting in a cash loss of over $500,000. His client is suing the bank. Coverage in Computerworld.

* Tales From The Dark Web: Pharma scams earn $4k per day for members of the Dark Wek.  Read that and a LOT more in Dimitry Samosseiko of SophosLabs paper he presented to the Virus Bulletin Conference in Geneva Switzerland. That event wrapped up last Friday.

* From Our Take on The News:  Waves of Twitter attacks erode trustworthiness of Tweets.

How much should you trust Tweets?

* From Our Take on The News:  How much of your business data should you trust to web mail?

* From Our Take on The News:  Cameras keep track of all cars entering Medina Washington.