Archive for iPhone

June 26, 2010 – Episode 149

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Legislation, Report Security Flaws, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , on June 26, 2010 by datasecurityblog

You can listen to Episode 149 by clicking on the flash player below, or go to our listening options page for a list of other ways to receive the show.  Episode 149 is one hour and 15 minutes long.

To listen to Episode 149 via the flash player:

Interviews:

Your employees will use social media whether you like it or not… and our expert says fully20 percent of current business communication is done via social media. So why not take control of the situation, and create ground rules and guidelines, so you’re in charge of how it’s used?  Our interview with Gartner Research Director Andrew Walls is 8 minutes long and starts about 24 minutes into the show. This is an excerpt. We also posted the entire 25-minute interview on our conference notes page, if you’d like to hear it.

In our interview with Ed Rowley of M86 Security, we discuss a new iPhone scam……… The interview starts 61 minutes into the show.

Tales from the Dark Web

Polymorphic attacks are making the lastest drive-by infected web sites mostly invisible to signature-based anti-virus.

Our Take on This Week’s News

iPhone 4 and Motorola Droid X released in the same week.  Guess which phone won the hype war?  The press coverage of the iPhone release centered on the ecstatic throngs of Apple heads waiting all night on the sidewalk outside the stores.  The Android roundup consisted of dry product reviews and analysis of the platform’s future prospects.

Meanwhile smart phone security is a hot topic, and Ira just returned from the Gartner Security and Risk Management Summit, where there was a comprehensive session on the subject.

Speaking of phones… congress is holding hearings on cellphone tracking of citizens by government.

Employers are in denial about the sensitive information that lives on the laptops and smart phones of their employees. Listen to our interview with Kevin Beaver of Principle Logic, who found an interesting gap between perception and reality while he was conducting security audits.  The interview is just over 4 minutes long, taped at the Gartner conference. Look for it on our conference notes page.

Scotland Yard cuffs teens alleged to be participants in the largest English-speaking cybercrime forum in the world.

Lawyers breach medical records during discovery. Anthem spokesperson says, not to worry, the data was only accessible for a short period of time.  Thank goodness!

FBI released information about a new approach to banking attacks with a simultaneous denial of service attack on the account holdder’s phone lines.  Very complicated.

Happy Birthday to George Orwell.  His influence cannot be understated.  He would have been 107 years old on June 25, 201o.

June 20, 2010 – Episodes 147 and 146

Posted in Breach, Court Cases, criminal forensics, darkweb, eMail Security, Legislation, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on June 19, 2010 by datasecurityblog

Episode 147 is the this week’s full episode of The CyberJungle.  Episode 146 is the su root edition for advanced listeners – too technical for the radio.

Episode 147-

This week’s show is 1 hour and 14 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 147 via the flash player:

Interviews:

David Perry, Global Director of Education for TrendMicro. David just flew back from the international Anti-Phishing Working Group Conference in Sao Palo Brazil. David became really animated when I asked him about details regarding a huge cybercrime armies in China.  David recommends the Counter-Measures Blog by TrendMicro. This conversation is about 9 minutes long, and starts about 21 minutes into the show.  For the full 36-minute interview, which was too long and technical to air on the radio, scroll down to Episode 146.

ALSO – Security Software entrepreneur Phil Lieberman President of Lieberman Software, who has been serving as an adviser to members of the U.S, Senate on the cybersecurity bill…. sweeping new legislation that could impact every department in the Federal Government, and data security at the Ssate level.  That interview begins about 58 minutes into the show.

Tales from the Dark Web:

A 21-year-old cybercriminal parlayed his talent into  a Porsche, expensive watches and £30,000 in gold bullion. He’s been arrested.

Our Take on This Week’s News:

The rush to deploy smart meters:  Federal stimulus money can get you high, and it makes decision-makers really stupid.  The smart meters are among several advanced systems being deployed before they’re really ready, in terms of their vulnerability to cybercrime. BTW — Kudos to cnet’s Elinor Mills who wrote the article above. Well researched and thorough.

Buy a Chevy Volt – Get a Free Government Surveillance Device! Yes, if you’re one of the first to purchase, you’ll receive a super-fast charger for your garage… and it reports back to big brother on the details of your daily driving.

And if you like reporting to big brother about your driving habits, maybe you should move to the UK, where the cops have stored 7.6 billion images of cars moving through the streets.  HMP Britain is an interesting blog that’s posted the response to its FOIA request about the use of the data taken from CCTV —  a surveillance method ubiquitous in Britain.  HMP stands for “Her Majesty’s Prison” and it’s a prefix in the name of the slammer in every jurisdiction.  HMP Nottingham, etc…. The name of the website suggests the entire nation is a prison, according to its proprietor.

Sorry, wrong number:  Another week, AT&T and Apple team up for another giant blunder. Customers who logged onto their AT&T accounts to order the new iPhone 4 were greeted with someone else’s account information. Has anyone at these companies heard of web application security?

Goatse Security published a serious security flaw in Safari browser that impacts on the iPhone/iPad back in March. Apple has still not patched that flaw, and the code is available on the internet for any attacker to see.

The Disgruntled Employee Chronicles, Chapter 359:  How many times does this story have to play out before managers begin to realize that when you fire someone,  you have to terminate their user name and password.  This former employee was creating havoc inside the hospital’s network after he no longer worked there.

A serious flaw in Windows XP – No patch available. Bad guys taking advantage of the situation. Time to upgrade to Win 7 already? (Come on, Tommy Turtle… do it.)  Go here for information about some other measures you can take.

At last! A data breach story with a happy ending!  Department of the Interior lost a CD containing personal data for 7500 federal employees… but wait a minute…. The data was encrypted and password protected.  And the department reviewed its procedures to make sure it doesn’t happen again.  And they disclosed the loss of the disk within 10 days.  And then pigs started flying out the windows of the Department of the Interior building.  (Just kidding.  We salute the Department of the Interior. If only other federal agencies would implement and follow best practices.)

The good folks at EFF offer yet another great privacy and security idea!   HTTPS everywhere. It’s a Firefox plug-in that encrypts popular search engine and social media sites.  Also allows you to customize sites you visit frequently. Check it out.

More about the Google StreetView debacle.  The roaming hacker cars grabbled user names and passwords, including for email accounts.

Everything Old is New Again. The USB typewriter, for instance.  Cute, but can you imagine hauling it onto an airplane?

Episode 146- su root Edition:

This is our unedited interview wth David Perry, Global Director of Education for TrendMicro. We had a long conversation about iPhone security, web application security, and malware attacks. ALSO — David discusses an army of 300,000 Chinese cybercriminals.  The interview is 36 minutes long. Click on the flash player below, or go to our listening options page and browse for other was to hear the show.

To listen to Episode 146 via the flash player:

June 12, 2010 – Episode 145

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , on June 14, 2010 by datasecurityblog

You can hear episode 145 of The CyberJungle by clicking on the Flash player below, or go to our listening options page for other ways to listen. Episode 145 is 69 minutes long.

To listen to Episode 145 via the flash player:

Interview Segments:

We talked with Jason Miller from Shavlik about why some businesses are still playing catch-up from the big Patch Tuesday… and about the Adobe Flash flaw that affects just about everyone on the planet.  Check the patch management site for help. The interview starts about 21 minutes into Episode 145.

We also played an interview from earlier this year with David Shroyer from Bank of America.  This is a short excerpt from a longer conversation about the reaction of the financial services industry to the Zeus banking attacks.  The 7-minute segment we aired today  is about the “money mules” who launder cash for cybercriminals.  The mules are generally suckers who fall for the “work at home in your pajamas and make thousands of dollars with your computer” schemes. This interview starts about 56 minutes into Episode 145.

Tales from the Dark Web:

Visitors to adult sites might encounter some naughtiness that has nothing to do with sex. See the BBC story: ‘Shady’ porn site practices put visitors at risk

Show notes:

AT&T web application flaw combines with Apple business model flaw to allow a major hack of iPad user email addresses.  The story was widely told this week. Here’s one version.  There are a lot more angles to this story than the mainstream press has covered.

British Petroleum is in for an e-discovery gusher once the Gulf oil spill litigation begins.  Court orders for documents will follow, and cost of discovery could top $100 million, according to this post.

Adobe Flash and Adobe PDF attack surge.

FIFA 2010 World Cup is inspiring a wave of malicious spam tailored to soccer fans.  Symantec has a good overview of “Crimes Against Football Fans” here.

Google has hired an independent firm to investigate its Street View “snafu,” in which its photographer’s vehicles snarfed up information from thousands of private wifi networks, violating privacy and perhaps breaking the law.  The report from the company’s own investigators suggests criminal intent.

Prepaid cell phones are the last available communication device that offers privacy and anonymity.  But two U.S. Senators would like to put an end to it.  Schumer (NY) and Cornyn (TX) want to register the ID of phone purchasers and require the carriers to keep the data for 18 months after deactivation.

Google expands location tags – and other popular location services are riddled with bugs, according to this report.

Beverly High School students in Boston will be required to have a laptop next fall. But not just any laptop.  Parents will have to shell out $900 for a MacBook.  School administrators say PCs will be incompatible with the school’s network. What?

Our Tether contest – win wireless access for your BlackBerry

Thanks to Tether for providing a generous number of full-value licenses to award as prizes for listeners of The CyberJungle. We love the product, and have given away 10 licenses each in episodes 141 and 143.   You can still enter by sending an email to comments@thecyberjungle.com, and telling us which version of the BlackBerry software you’re running. (Find this by going to “settings ->options->about” on your BB.)  We award the prize to the first ten requests of the week.  Our week runs Saturday-through-Friday. If you win, we ask that you send an acknowledgment once you’ve received your key, so we know you got it. Then we will delete your email, as a gesture of respect for your privacy.

BTW — there is a :60 second Tether commercial in these shows.  We are running them as a thank-you to Tether for the software keys.  We want to acknowledge the people who created some of the components in the spot.  The Free Sound Project is an awesome organization for people like us, whose ears are bigger than our budgets when it comes to production.  The audio effects in the Tether spot cam from the site, and we thank the creative producers who post their work. Especially — someone with the handle kkz who created a file called “t-weak bass” … someone with the handle dland who created a file called “to hell with vinyl”… and someone with the handle Halleck, who created “crash reverse.”  All can be heard in the Tether spot, which airs at approximately 29:50 in episode 143.

June 6, 2010 – Episode 143

Posted in Court Cases, darkweb, Legislation, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , , , , , , on June 6, 2010 by datasecurityblog

Episode 143 is 71 minutes long. You can listen by clicking the flash player below, or you can click here for more listening options.

To listen to Episode 143 via the flash player:

Interview segment

We talk with Gary Biller, Executive Director of the National Motorists Association, about an Ohio Supreme Court decision that says law enforcement officers do not need to back up their vehicle speed estimate with reports from a radar reading; eyeballing it is good enough. The Ohio press reports. The interview starts about 20 minutes into Episode 143.

Tales From The Dark Web

Mac Attack: Spyware trojan hitching ride on third-party screensavers for the Mac.

Advice to those sent their questions to the CyberJungle mailbox

Site for alternative PDF readers:  http://pdfreaders.org

Site for scrubbing hard drive before you give your computer away: Darik’s Boot And Nuke

Our take on this week’s news

Researchers from the mobile industry and academia are analyzing the detailed call and text record databases from mobile phones, along with users’ geographic movement.  Information about how and when people move about promises a handsome revenue stream for cell phone carriers.

Wall Street Journal report on smartphone attacks. MasterCard launches iPhone, iPad payment app

Fake software sales on criagslist draw attention.  Pirated software can also find its way into retail stores occasionally, too. Microsoft provides a site that helps you figure out whether your software is legit.

Federal Trade Commission settles with CyberSpy Software, LLC.  Settlement requires the company to stop instructing its customers how to send its keylogging product in a stealth email attachment. Also must notify the receiving computer that the software is about to download, and receive consent.  This will put a chill on the spying.

Hackers like the Facebook “Like” button. Only six weeks after its introduction, the Like button is being used for mischief.

Legal intrigue after Digital River  management was alerted that a big batch of the company’s data was circulating , and offered for sale on the black market. Civil and criminal law in play.

Our Tether contest – win wireless access for your BlackBerry

Thanks to Tether for providing a generous number of full-value licenses to award as prizes for listeners of The CyberJungle. We love the product, and have given away 10 licenses each in episodes 141 and 143.   You can still enter by sending an email to comments@thecyberjungle.com, and telling us which version of the BlackBerry software you’re running. (Find this by going to “settings ->options->about” on your BB.)  We award the prize to the first ten requests of the week.  Our week runs Saturday-through-Friday. If you win, we ask that you send an acknowledgment once you’ve received your key, so we know you got it. Then we will delete your email, as a gesture of respect for your privacy.

BTW — there is a :60 second Tether commercial in these shows.  We are running them as a thank-you to Tether for the software keys.  We want to acknowledge the people who created some of the components in the spot.  The Free Sound Project is an awesome organization for people like us, whose ears are bigger than our budgets when it comes to production.  The audio effects in the Tether spot cam from the site, and we thank the creative producers who post their work. Especially — someone with the handle kkz who created a file called “t-weak bass” … someone with the handle dland who created a file called “to hell with vinyl”… and someone with the handle Halleck, who created “crash reverse.”  All can be heard in the Tether spot, which airs at approximately 29:50 in episode 143.

Episode 126 and 127 – April 10, 2010

Posted in Breach, Court Cases, criminal forensics, eMail Security, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on April 11, 2010 by datasecurityblog

Interviews:  Peter Schlampp, VP of Marketing and New Products, from Solera Networks, who discussed a new approach to uncovering the source of attacks:  network forensics.  Stuart Staniford Chief Scientist from FireEye, who discussed research to help counter the attacks that bypass firewalls and antivirus.  And world famous white-hat hacker Charlie Miller talks with us about Apple Security, how he won the CanSec West PWNtoOwn contest… and the security implications of Apple’s announcement about location-aware advertising, and  multitasking on the iPhone OS 4 platform. Dr. Miller is also a researcher at Security Evaluators. The full show can be streamed with via the Flash player here:

Download the Episode 127 MP3 file here or visit the Listening Options page for more ways to hear the program.

Episode 126 is the su root version of The CyberJungle.  It features only these three unedited versions of the interviews with these three men. We have also featured partial versions of the interview along with all the other regular content  in the full version of the show. Listen via the Flash player here:

Download the Episode 126 MP3 file here or visit the Listening Options page for more ways to hear the program.

Our Take on This Week’s News

Class action suit against Countrywide Financial: Plaintiffs ask $20 million after Countrywide employee stole and sold tens of thousands (or millions?) of customer records.

Another inside job: Bank of America Employee Charged With Planting Malware on ATMs.

German Government Pays Hacker For Stolen Bank Account Data Gov pays cybercriminals for data stolen from banks in tax haven countries, and uses the info to catch tax cheats.

Computer Hacker Sentenced to 37 Months in Prison in Manhattan Federal Court for Scheme to Steal and Launder Money from Brokerage Accounts.  This guy got three years for perpetrating something that sounds like the Zeus attack… in addition to credit card fraud and other counts.  No wonder cybercrime is proliferating.

Phishing Attacks on Taxpayers Rise in the Weeks Leading up to April 15th IRS Tax Filing. Sonic wall offers an online quiz to test your phishing IQ.  Ten questions. It’s actually harder than you think, but it’s fun. We recommend you give this quiz to employees, bosses, family… anyone who might benefit from learning the difference between legitimate email and a phishing attack.

Looking for Tiger Woods’ Nike advert could lead to users  into visiting malicious sites.

Sierra Nevada Infragard announcement:

InfraGard Sierra Nevada April Lunch Event

KEYNOTER: Stuart Staniford, Chief Scientist with security firm FireEye has a long history in the intrusion detection field, starting in the research arena at UC Davis back in 1994. He was conducting a variety of research projects with government contractor Silicon Defense before joining FireEye.

WHERE: The Washoe County Regional Public Safety Training Center, 5190 Spectrum Blvd. Room 105, in Reno, Nevada.

WHEN: Thursday, April 15, 2010; 11:15am-1PM, includes lunch

DONATION: $10 for InfraGard members with advanced purchase before April 13th, 2010;

$15 at the door and for non-members.

To register for the Infragard lunch event, please follow this link

If you heard Ira Victor live on The John Sanchez Show (the live program that follows The CybeJungle on KKOH.com), Ira mentioned the web site to report phishing and other scams:

Episode 125 – April 3, 2010

Posted in Breach, Court Cases, darkweb, Legislation, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , , on April 3, 2010 by datasecurityblog

Interviews, Episode 125:  Big Batches of Patches! Following huge releases on Patch Tuesday from Microsoft, Apple, Sun/Java, Mozilla Firefox, and Mozilla Thunderbird, we talk with patch management expert Jason Miller. He’s Data and Security Team Manager from Shavlik Technologies. Jason’s interview starts about 22 minutes into the program.

We also talked with Randy Sarafan, the Author of 62 Projects to Make With a Dead Computer.  Fun stuff.  Interview starts about 53 minutes into the show. You can download the file from our XML feed, from iTunes, and other sites. See the Listening Options page, or use the flash player below:

Our Take on This Week’s News

CNN presents a glowing story about the success of airport whole body scanners, which have found drugs and other junk in people’s pockets. The TSA plans to roll out 1000 more of the machines.  Meanwhile, the Electronic Privacy Information Center posted this doc, in which the TSA contradicts itself to congress regarding the ability of the machines to store and transmit images. See item # 8, where they claim that the airport scanning machines are not capable of transmitting images, BUT, the images they transmit to remote viewing facilities are encrypted.

A new web service allows businesses to monitor the social networking communications of their employees. Facebook and Twitter users, you should probably just assume that what you post publicly is being monitored by your employer. Employers, you should probably assume that your employees post a lot of stuff that shouldn’t be shared.

Quip app security hole shares private photos. People who used a free service to send naked photos of themselves were exposed. Hey wait a minute… doesn’t the Apple app store performed extensive reviews before they accept a product?

iPad is coming to the office, and we found some security applications for it.  iTeleport: Jaadu VNC is encrypted remote access allows a secure connection between the iPad and a desktop comupter.  ALSO — in PC World, Tom Bradly Reports another option from Array Networks: “One app that is not yet available, but has significant promise for leveraging the iPad to connect with Microsoft Windows systems is Array Networks Desktop Direct.

Report: 64% of all Microsoft vulnerabilities for 2009 mitigated by Least Privilege accounts.

Way cool! Open PDF Links Directly In Google Docs Viewer

Whole Foods Scam on Facebook. Free gift cards worth $500 for the first 12,000 users. Uh-huh.

Cleveland Plain Dealer exposes identity of community leader who posts anonymous comments. Starts debate about privacy versus the public’s right to know. We wonder why just anyone at the newspaper can look at the email registry.

Episode 123 – March 27, 2010

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Show Notes, Vulnerabilities with tags , , , , , , on March 28, 2010 by datasecurityblog

Episode 123 features two interviews, and the show is 72 minutes long.

First — an amazing story about a scareware company that sold hundreds of millions worth of fake antivirus. A big, big, business with offices across the globe, 650 employees, and a tech support operation for the “customers” who bought the fake software. Writer Jim Giles tells the story. Jim’s interview starts about 21 minutes into the show. His article for New Scientist is featured here.

Later in the show – we talk to the Director of Global Electronics Systems Engineering at Ford Motor Company, Jim Buczkowski. Ford has put a firewall between the dashboard, where you jack in with your mobile device, and the car’s computer systems.  The thinking is, if your device is infected,we  wouldn’t want it to cause break failure or something like that! Ford is ahead of the game on this. Ford’s Sync system is multi-functional communication system in the dashboard. Here’s hoping it lives up to its promise. The interview starts approximately 58 minutes into the show.

Our Take on This Week’s News:

Lead story? This article in the U.K.Telegraph touts “typeprint analysis” as as if it were a hot new development, and reports that British researchers are looking for a grant to study it further as a way to monitor whether there are pedophiles online, chatting with the kids. Is anyone else sick of pedophilia and other sex crimes as a frame on which to hang funding requests and tax increases? This article doesn’t read well, and it certainly doesn’t break any technology news. The researchers mention that there are private sector uses for their work. All well and good, particularly since positive ID for banking transactions is among them. So why hide behind the pedophiles?  And why did the reporter not dig deeper into what’s new and different about this use of an established technology?

It’s tax season, and of course, the cybercriminals are focused on whatever preoccupies the rest of us. A new email scam features a fake IRS email notice… which leads to a zeus attack. NOTE TO EMPLOYERS AND I T ADMINS: This could show up in your employees’ inbox as an email from your company…. as in: “we have overcalculated your social security tax, and we need to fix it before April 15.” Or some such nonsense. You should write a memo immediately, alerting employees that they are to ignore any email that induces them to action regarding taxes.

Federal employees have received 12 months probation and community service as punishment for viewing (collectively) 900 confidential passport applications. Nobody appears to have been fired for this. At least the justice department press release doesn’t mention any firings.

Here’s a story we picked up at RSA in San Francisco. Tom Murphy, Chief Strategy Officer of  Bit9,  discusses (among other things) targeted attacks that are narrower than spam, viruses and botnets. They are customized to specific organizations to steal specific information. Bit9 has some free security tools that could help.

CanSecWest hacking contest: The predictions were correct. iPhone fell first (it took 20 seconds). Then Apple Safari. Then IE8 on Windows 7. See references below.

iPhone: http://blogs.zdnet.com/security/?p=5836&tag=col1;post-5846

Apple OSX and Apple Safari: http://blogs.zdnet.com/security/?p=5846&tag=col1;post-5855

Windows7 IE8: http://blogs.zdnet.com/security/?p=5855&tag=content;col2

Nonetheless, your employees will be bringing their new iPads to work. Tony Bradley offers a lot of security questions businesses need to ask. Ask them this week, before the iPad hits the stores. (Tony Bradley is co-author of Unified Communications for Dummies . He tweets as @Tony_BradleyPCW . You can follow him on his Facebook page , or contact him by email at tony_bradley@pcworld.com) .

Security training can be – well – boring. The employees sit in a seminar and listen to abstract descriptions of attacks. And they never get a chance to practice what they learn. So that’s why researchers at Carnegie Mellon University decided to try training that includes “microgames.” Little games employees can play in a few minutes. The objective is to teach them about phishing attacks…. How to discern a “good URL” from a “bad URL.” Then the researchers measured whether the gamers retained the information. And most did. The fun interaction with the phishing lesson made a difference. CMU’s Dr. Jason Hong directed the research. We have posted an interview with him on the conference notes page. His team is marketing their training games now. The company is called Wombat Security.

Virtual Machines – an attractive solution in these times when money is tight. But before you virtualize, update your security plan. Here are some tips from F5 Netorks.

Hate to say we told you so…. Airport worker given police warning for ‘misusing’ body scanner. If by “misusing” you mean “taking a picture of your co-worker as she walks through it.”

March 20, 2010 – Episode 121

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, eMail Security, Exclusive, Show Notes, web server security with tags , , , , , , , , on March 20, 2010 by datasecurityblog

Episode 121 is 70 minutes long. Our interview segment is a major highlight- not to be missed! Patrick Peterson, Cisco Fellow, explains how modern web attacks work, amd why anti-virus and firewalls are failing. The interview is about ten minutes long, and it starts about 22 minutes into the show. You may go to listening options to download the program or find other options to hear the program; or you may stream the program using the flash player below:

Our Take on This Week’s News:

MySpace user data is offered for sale on InfoChimps.org. This lengthy blog post on ReadWriteWeb contemplates the state of “big data.”  PC world reports it, too.

Annual report from the internet crime complaint center (IC3) was released this week. The FBI’s cybercrime investigation unit – which was launched in 2000 — reports that complaints were up 22 percent in 2009 over 2008… and that the loss from all cases referred was more than half a billion dollars… descriptions of top scams start on page 13 of the report.

Madoff’s computer programmers indicted.

Ponemon Institute study on the level of trust in the banks by commercial customesr. A wakeup call to the banking industry: Get serious about Zeus or you customers will walk.

CanSecWest (Canadian Security conference) starts Wednesday: Microsoft’s Internet Explorer 8 will be easily penetrated in the Pwn2Own hacking challenge.

Plus Chmapion hacker Charlie Miller says he has 20 vulnerabilites to bring down Apple Safari browser on Mac OS X.

Hancock Fabrics – Bad guys swap PIN pads at cashier desks. Here’s a letter from the President and CEO of the stores:

Vodafone distributes Mariposa botnet attack.

Remember the former auto dealership employee who hacked the remote communication system and started disabling customer vehicles?   We interview executives from the company that makes the system,  Pay Technologies.  Jim Kreuger and David Ronisky are the co-founders.

Teen hacks code for Walmart public address system, makes racially charged announcement to customers.

Episodes 114 and 115 – February 27, 2010

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Show Notes, Vulnerabilities with tags , , , , on February 28, 2010 by datasecurityblog

The CyberJungle episode 115 features an interview with Simon Bransfield-Garth, CEO of CellCrypt on the growing potential for cell phone eavesdropping; also, an interview with information activist John Young, whose website cryptome.org was shut down on orders from Microsoft attorneys after he posted a document the company considers proprietary.Bransfield-Garth’s interview starts approximately 21 minutes into the podcast.  Young’s interview can be found approximately 53 minutes into the podcast.

We have posted a separate, unedited version of the Simon Bransfield-Garth interview, as our “su root” edition this week. The su root interview is always longer and more technically sophisticated than the podcast versions, which have been edited for radio. This su root offering is labeled episode 114.

Click Here to Listen to Episode 115. Shownotes below.

The Chuck Norris attack… so named because of references to the action film star in the code…. It’s targeting the D-Link router.

Wyndham Hotels Breached for the third time – And the Wyndam Privacy and Security Policy indicates privacy and security might not be a top priority… also reveals the large number of brand name hospitality establishments owned by Wyndam.

Inventory documents from the Department of Homeland Security show that 985 computers were lost by the Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) in fiscal 2008. In addition the departments lost hundreds of night vision scopes, computer switchers worth $92,000 apiece, and an international harvester truck. All of this loss was considered by the feds to be within acceptable loss limits.

Eric Schmidt, privacy hypocrite: We’re ordering a T-shirt for Google CEO Eric Schmidt, who famously proclaimed in a recent CNBC interview that “if you have something you don’t want anyone to know, maybe you should be doing it in the first place.” Schmidt apparently had his employees take down a blog from Google Blogspot, in which his mistress made numerous references to him. So fortunate that he runs the company where his privacy was breached. His new motto will be “Privacy for me, but not for thee.” Thanks to Valley Wag for this delicious morsel.

Just in case you’ve been living under a rock, parents of high school students in Lower Merion School District are suing after the district activated the cameras in school-issued laptops and spied on the kids while they were at home. The lawsuit slaps the district with violations of all of the following laws:

Electronic Communications Privacy Act, The Computer Fraud Abuse Act, the Stored Communications Act, a section of the Civil Rights Act, the Fourth Amendment of the U.S. Constitution, the Pennsylvania Wiretapping and Electronic Surveillance Act and Pennsylvania common law.

Not so fast, says Orin Kerr, law professor at George Washington University, and regular contributor to the Volokh Conspiracy. Kerr’s analysis shows how specific these laws are, and how tough it is to prosecute violations of federal computer protection laws. The only real case against the school district, says Kerr, is a Fourth Amendment case.

Follow

Get every new post delivered to your Inbox.

Join 1,114 other followers