Archive for HIPAA

August 15 2012, Episode 269, Show Notes

Posted in Breach, Conference Coverage, Exclusive, Show Notes, Vulnerabilities with tags , , , , , , on August 15, 2012 by datasecurityblog

Episode 268 of The CyberJungle is about 28 minutes long.  You can hear it by clicking on the flash player below. The interview with Skip Duckwall from Pass The Hash blog begins at about 16min.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 269 via the flash player:

Interview

Skip Duckwall from Still Passing The Hash. Demos from his BlackHat2012 talk.  Plus info on the tool’s addition to the Backtrack tool kit.

Tales From The Dark Web

Medical records held hostage by cyber attackers

Our Take on This Weeks News

Fake SocialNetworking

Smartphone-based attack wreaks havoc on Android and iOS smartphones

Wrap

Mark Zuckerberg Topless; Photo Was on Facebook

Episodes 108 and 109 – February 6, 2010

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, Show Notes, Vulnerabilities with tags , , , , , on February 6, 2010 by datasecurityblog

Show notes from Episode 108

Episode 108 is the su root edition. Interview with Gretchen Hellman of Vormetric, expert in HIPAA and encryption.  Gretchen discusses the 2009 “son of HIPAA” passed by congress, called “HIPAA high tech,” and a Connecticut HIPAA lawsuit against Health Net, involving the loss of thousands of unencrypted records. Read about the lawsuit here.

Shownotes from Episode 109

Google approaches the National Security Agency for help in securing its networks.  National Security Agency says yes.  Neither is commenting publicly.  NSA will perform a range of tasks for Google that are widely available from private information security companies.  Is Google getting IT Security on the taxpayer dime? What’s Google offering the NSA in return? ?  Is there more to Chinese Google attack than we’ve been told? Read the Washington Post report.

Speaking of China…  they’ll get around to everyone sooner or later.  This week it was the Iowa Gaming and Racing Commission.  The Desmoines Register describes the attack, which exposed personal information belonging to 80,000 current and former casino employees, jockeys, horse and greyhound owners, and more.  Desmoines Register reports.

Major patch Tuesday for Microsoft.  This batch will include patches for 26 holes in multiple versions of Windows.

News from Black Hat D.C. A researcher points out holes in Cisco’s wiretapping architecture.

Biggest threats to databases come not from SQL injections, but from poor account management.

Law Enforcement is pushing for ISPs and other service provides to develop a web interface to make it easier and faster for police investigators seeking customer records.  cnet’s Declan McCullough  is on top of it.

Data Security Podcast Episode 86, Dec 21 2009

Posted in Breach, Podcast, Vulnerabilities with tags , , , , , , , , on December 20, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Twitter’s DNS hijacked

* Fingerprinting credit card mag strips

* Our take on this week’s news

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 86 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 86 of the Data Security Podcast

* Ira talks with Dr. Robert Morley  about the unique digital fingerprints on every credit card and ATM magnetic strip, and how that fingerprint can fight card cloning fraud. Read about Dr. Morley.  Dr. Morley’s work has been commercialized into products like MagnePrint,  mentioned in the segment.

* Tales From The Dark Web:  Ira gave his take on the reporting by Brian Krebs in the Security Fix blog at the Washington Post site.

* From Our Take on The News: Ira gave his take on the very interesting blog posting by Robert Graham entitled SkyGrabber vs. Predator .

* From Our Take on The News:  Why did a department of health worker in Detroit have electronic copies of thousands of birth certificates in her car? That’s where the records were (on a flash drive) when they were stolen. We give our take on this story in the Detroit Free Press.

* From Out Take on The News:  A program that allows Seattle Area employers to subsidize commuting — it saves employees a lot of money.Only problem is, your travel records are available to your boss. All he has to do is ask.

The Identity Theft Prevention Stamp

The Identity Theft Prevention Stamp

* The Wrap:  A rubber stamp that renders printed personal information illegible (pictured) .  Read more.

Data Security Podcast Episode 83, Nov 30 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Podcast, Vulnerabilities with tags , , , , , , on November 29, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* New highly damaging attack plays on the very fear of being attacked

* Stopping insider attacks with the right internal controls

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 83 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 83 of the Data Security Podcast

* Ira has a conversation with Cheryl Traverse President/ Chief Executive Officer with Xceedium, a company that provides centralized, secure IT operations management.  Ira and Cheryl talk about the controls that protect against insider threats, and help put organizations in compliance with data security and privacy mandates.

* Tales From The Dark Web:  Bank attacks hides in ‘software update’ links. This attack combines the fear of not properly patching with attacks that empty business bank accounts. Hat tip to the story in Darkreading.com .

* From Out Take on The News: Reuters news story on the under-reporting of cyber attacks.

What Happens In Vegas...Goes Where??

* From Our Take on The News: Las Vegas Metro Police admits to large databreach of background check data.  Hat tip to excellent work by The Las Vegas Sun newspaper.

*  From The Wrap: We comment on the news that the Ikee worm author gets job at iPhone app firm, as posted by Graham Cluley.

Data Security Podcast Episode 57 – June 15 2009

Posted in Breach, Business Continuity, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Podcast, Vulnerabilities, web server security with tags , , , , , on June 14, 2009 by datasecurityblog

30 minutes each week on data security, privacy, and the law…. (plus or minus five)

On this week’s program:

  • Is Al-Qaida getting funding by stealing minutes from business phone systems?
  • $10,000 was paid out to the security researchers that uncovered the flaws in StrongWebMail. Could your email be vulnerable to that same attack?  A conversation with  StrongWebMail’s top executive.
  • EXCLUSIVE – New proof of concept browser sniffer hack that does NOT use scripting attacks.
  • Plus, our take on this week’s news.
  • More details and links in the show notes section below the audio listening instructions.

–>NEW! Stream This Week’s Show with our Built-In Flash Player: (or scroll down to try the Odeo link for a very firewall friendly player)

This week’s show is 32 minutes long

–> Stream, subscribe or download Episode 57 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–>  A simple way to listen to the show from with stricter firewalls:  Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

Show Notes for Episode 57 of the Data Security Podcast

  • Ira has a conversation with Darren Berkovitz, COO of StrongWebMail.com and Telesign.com, about why he offered $10,000 to anyone who could break into the StrongWebMail system.
  • Tales From The Dark Web: The US Justice Department files indictments against three suspected terror suspects. They are charged with stealing business phone minutes, illegally re-selling those minutes, and using the proceeds to fund Al-Qaida terror activities.
  • From The News: EXCLUSIVE TO THE DATA SECURITY PODCAST, Brendon Boshell a web developer has created a unique remote browser sniffer that does NOT use the highly common, and easily blocked, scripting attacks. This is his proof of concept, but his site only explains part of the approach. We explain more in the show.
  • From The News: Hawaii sends woman to jail for using her medical records access to post HIV-AIDS patient’s medical information on MySpace.
  • From The News: The Las Vegas Review Journal got a visit from the Feds after publishing this story … with a subpeona demanding the identities of newspaper readers who posted comments.

Data Security Podcast Episode 40 – Feb 16 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Exclusive, Podcast, Vulnerabilities with tags , , , , , , , , on February 15, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Data leaks at Google Calendar? Are so-called smart electric meters a 4th Amendment violation? Plus, this week’s news.

–> Stream, subscribe or download Episode 40 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 40

-From The News: Are RFID-enabled Passport PASSCards, and Enhanced Driver’s Licences vulnerable to war driving attacks that threaten personal information? Chris Paget, RSA, students at MIT, Washington Universtity, and many others have reasearched the vulnerabilities in most deployments of RFID. Here is a video of Chris’ $250 “war driving” for PASSCard RFID Passport cards issued by the United States:

-From The News: Meta Data Exposed…read the AP story about the lawsuit.

-From The News: Virut reverse engineering by Nicolas Brulez,  of Websense Security Labs

- Tales From The Dark Web: Google Calendar suffers data ‘leak’

- Conversation: Samantha talks with USC Law Professor Jack Lerner about demand response untility metering, and why law enforcement (and criminals) might be interested in your electric enerty usage. Read more in this Stanford Technology Law Review Article, mentioned in the show.
CLARIFICATION:   Professor Lerner notes that demand response is a very promising technology and that the California Energy Commission and California Public Utilities Commission have engaged in fact finding related to the privacy and security implications of demand response technology.  In addition to the article we referenced in this program, which Professor Lerner wrote with Professor Deirdre Mulligan, Professors Lerner and Mulligan contributed to a study prepared for the California Energy Commission’s Public Interest Energy Research Group titled “Network Security Architecture for Demand Response/Sensor Networks.”

- Wrap Up: Get this… Microsoft is offering a $250,000 reward for information leading to the arrest and conviction of those responsible for the Conficker worm. Hey, Microsoft, how about telling us HOW and WHO to contact with the information, because you didn’t include THAT info in the press release, and we can’t find it anywhere on the web, or on your site!

Follow

Get every new post delivered to your Inbox.

Join 1,121 other followers