Episode 268 of The CyberJungle is about 28 minutes long. You can hear it by clicking on the flash player below. The interview with Skip Duckwall from Pass The Hash blog begins at about 16min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.
To listen to Episode 269 via the flash player:
Interview
Skip Duckwall from Still Passing The Hash. Demos from his BlackHat2012 talk. Plus info on the tool’s addition to the Backtrack tool kit.
This week’s regular episode of The Cyberjungle is 1 hour and 14 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 169 via the flash player:
Interview
Sean Paul Correll from Panda Security discusses a survey of small and mid-sized businesses, and discusses what he’s learned about the attitudes and the habits they have when it comes to security.
Read the PandaSecurity report on small and medium sized business security. And Sean-Paul mentioned a free USB anti-malware tool, you may find it here.
Tales from the Dark Web
Fake my traffic - is it a scam, or is it just someone who wants to help you perpetrate a scam?
Our Take on This Week’s News
We hate Google, writ large – Consumer Watchdog has produced a hilarious video taking a jab at Google and Eric Schmidt. Worth watching… and a lot of folks are seeing it since it’s playing on the jumbo tron in Times Square. Schmidt as evil ice cream man offering kids free goodies while taking a body scan from his good humor truck. But we wonder about asking congress to create a “don’t track me” list. That’s like asking the three stooges to clean out the tool shed without hurting each other.
Some newer scanners offer a web-based remote document retrieval feature that serves as a hacking tool.
Tales from The Dark Web: Big web traffic means big bucks … but have we uncovered a big Dark Web scam?
Be careful of email messages that appear to come from Symantec products via email. It just might be a scam. See more at Martin Hall’s Blog, The Test Manager
Brian Krebs continues his excellent coverage of the banking Trojans and the people who carry out the attacks. This time the criminals told a money mule that cash stolen from a Catholic diocese was intended for victims of sexual abuse.
Microsoft DLL Flaw New Fixit tool from Microsoft, to be used in conjunction with other mitigation techniques.
Episode 108 is the su root edition. Interview with Gretchen Hellman of Vormetric, expert in HIPAA and encryption. Gretchen discusses the 2009 “son of HIPAA” passed by congress, called “HIPAA high tech,” and a Connecticut HIPAA lawsuit against Health Net, involving the loss of thousands of unencrypted records. Read about the lawsuit here.
Google approaches the National Security Agency for help in securing its networks. National Security Agency says yes. Neither is commenting publicly. NSA will perform a range of tasks for Google that are widely available from private information security companies. Is Google getting IT Security on the taxpayer dime? What’s Google offering the NSA in return? ? Is there more to Chinese Google attack than we’ve been told? Read the Washington Post report.
Speaking of China… they’ll get around to everyone sooner or later. This week it was the Iowa Gaming and Racing Commission. The Desmoines Register describes the attack, which exposed personal information belonging to 80,000 current and former casino employees, jockeys, horse and greyhound owners, and more. Desmoines Register reports.
Biggest threats to databases come not from SQL injections, but from poor account management.
Law Enforcement is pushing for ISPs and other service provides to develop a web interface to make it easier and faster for police investigators seeking customer records. cnet’s Declan McCullough is on top of it.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Twitter’s DNS hijacked
* Fingerprinting credit card mag strips
* Our take on this week’s news
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 86 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 86 of the Data Security Podcast
* Ira talks with Dr. Robert Morley about the unique digital fingerprints on every credit card and ATM magnetic strip, and how that fingerprint can fight card cloning fraud. Read about Dr. Morley. Dr. Morley’s work has been commercialized into products like MagnePrint, mentioned in the segment.
* Tales From The Dark Web: Ira gave his take on the reporting by Brian Krebs in the Security Fix blog at the Washington Post site.
* From Our Take on The News: Ira gave his take on the very interesting blog posting by Robert Graham entitled SkyGrabber vs. Predator .
* From Our Take on The News: Why did a department of health worker in Detroit have electronic copies of thousands of birth certificates in her car? That’s where the records were (on a flash drive) when they were stolen. We give our take on this story in the Detroit Free Press.
* From Out Take on The News: A program that allows Seattle Area employers to subsidize commuting — it saves employees a lot of money.Only problem is, your travel records are available to your boss. All he has to do is ask.
The Identity Theft Prevention Stamp
* The Wrap: A rubber stamp that renders printed personal information illegible (pictured) . Read more.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* New highly damaging attack plays on the very fear of being attacked
* Stopping insider attacks with the right internal controls
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 83 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 83 of the Data Security Podcast
* Ira has a conversation with Cheryl Traverse President/ Chief Executive Officer with Xceedium, a company that provides centralized, secure IT operations management. Ira and Cheryl talk about the controls that protect against insider threats, and help put organizations in compliance with data security and privacy mandates.
* Tales From The Dark Web: Bank attacks hides in ‘software update’ links. This attack combines the fear of not properly patching with attacks that empty business bank accounts. Hat tip to the story in Darkreading.com .
* From Our Take on The News: Las Vegas Metro Police admits to large databreach of background check data. Hat tip to excellent work by The Las Vegas Sun newspaper.
30 minutes each week on data security, privacy, and the law…. (plus or minus five)
On this week’s program:
Is Al-Qaida getting funding by stealing minutes from business phone systems?
$10,000 was paid out to the security researchers that uncovered the flaws in StrongWebMail. Could your email be vulnerable to that same attack? A conversation with StrongWebMail’s top executive.
EXCLUSIVE – New proof of concept browser sniffer hack that does NOT use scripting attacks.
Plus, our take on this week’s news.
More details and links in the show notes section below the audio listening instructions.
–>NEW! Stream This Week’s Show with our Built-In Flash Player: (or scroll down to try the Odeo link for a very firewall friendly player)
This week’s show is 32 minutes long
–> Stream, subscribe or download Episode 57 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Show Notes for Episode 57 of the Data Security Podcast
Ira has a conversation with Darren Berkovitz, COO of StrongWebMail.com and Telesign.com, about why he offered $10,000 to anyone who could break into the StrongWebMail system.
Tales From The Dark Web: The US Justice Department files indictments against three suspected terror suspects. They are charged with stealing business phone minutes, illegally re-selling those minutes, and using the proceeds to fund Al-Qaida terror activities.
From The News: EXCLUSIVE TO THE DATA SECURITY PODCAST, Brendon Boshell a web developer has created a unique remote browser sniffer that does NOT use the highly common, and easily blocked, scripting attacks. This is his proof of concept, but his site only explains part of the approach. We explain more in the show.
From The News: Hawaii sends woman to jail for using her medical records access to post HIV-AIDS patient’s medical information on MySpace.
From The News: The Las Vegas Review Journal got a visit from the Feds after publishing this story … with a subpeona demanding the identities of newspaper readers who posted comments.
The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.
This weeks program: Data leaks at Google Calendar? Are so-called smart electric meters a 4th Amendment violation? Plus, this week’s news.
–> Stream, subscribe or download Episode 40 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
-From The News: Are RFID-enabled Passport PASSCards, and Enhanced Driver’s Licences vulnerable to war driving attacks that threaten personal information? Chris Paget, RSA, students at MIT, Washington Universtity, and many others have reasearched the vulnerabilities in most deployments of RFID. Here is a video of Chris’ $250 “war driving” for PASSCard RFID Passport cards issued by the United States:
- Conversation: Samantha talks with USC Law Professor Jack Lerner about demand response untility metering, and why law enforcement (and criminals) might be interested in your electric enerty usage. Read more in this Stanford Technology Law Review Article, mentioned in the show.
CLARIFICATION: Professor Lerner notes that demand response is a very promising technology and that the California Energy Commission and California Public Utilities Commission have engaged in fact finding related to the privacy and security implications of demand response technology. In addition to the article we referenced in this program, which Professor Lerner wrote with Professor Deirdre Mulligan, Professors Lerner and Mulligan contributed to a study prepared for the California Energy Commission’s Public Interest Energy Research Group titled “Network Security Architecture for Demand Response/Sensor Networks.”
- Wrap Up: Get this… Microsoft is offering a $250,000 reward for information leading to the arrest and conviction of those responsible for the Conficker worm. Hey, Microsoft, how about telling us HOW and WHO to contact with the information, because you didn’t include THAT info in the press release, and we can’t find it anywhere on the web, or on your site!
