Archive for iPhone

Data Security Podcast Episode 83, Nov 30 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Podcast, Vulnerabilities with tags , , , , , , on November 29, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* New highly damaging attack plays on the very fear of being attacked

* Stopping insider attacks with the right internal controls

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 83 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 83 of the Data Security Podcast

* Ira has a conversation with Cheryl Traverse President/ Chief Executive Officer with Xceedium, a company that provides centralized, secure IT operations management.  Ira and Cheryl talk about the controls that protect against insider threats, and help put organizations in compliance with data security and privacy mandates.

* Tales From The Dark Web:  Bank attacks hides in ‘software update’ links. This attack combines the fear of not properly patching with attacks that empty business bank accounts. Hat tip to the story in Darkreading.com .

* From Out Take on The News: Reuters news story on the under-reporting of cyber attacks.

What Happens In Vegas...Goes Where??

* From Our Take on The News: Las Vegas Metro Police admits to large databreach of background check data.  Hat tip to excellent work by The Las Vegas Sun newspaper.

*  From The Wrap: We comment on the news that the Ikee worm author gets job at iPhone app firm, as posted by Graham Cluley.

Data Security Podcast Episode 79, Nov 16 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , , , , , , , on November 16, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* The odds of unknowingly logging onto an ‘evil twin’ of your online banking site is increasing due to new broadband hazards.

* A revised Google Book Settlement was submitted to the courts . It doesn’t address privacy at all.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 79 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 79 of the Data Security Podcast

* Program note about this week’s Conversation:  Ira will have an extended, technical conversation with Pedro Bustamante, Senior Security Researcher with PandaSecurity.  Ira and Pedro will discuss web drive-by downloads and other security issues in a special interview segment that will appear in a separate posting later this week. You can listen to the segment by streaming on this site, on iTunes, or other RSS feeds you use to listen to the Data Security Podcast.

* Tales From The Dark Web: What if you typed in your bank’s web address, but unknown to you, you were taken to an evil twin of your bank, controlled by cyber criminals? Well, the odds of that happening is increasing, due to Domain Name System (DNS)  issues in a significant number of broadband modems and routers.  Many other attacks can use these DNS flaws. Hat tip to the coverage by Robert McMillan of the IDG News Service.

* From Our Take on The News:  Airport security in Saint Louis hassled one guy for half an hour, because he was carrying $4,700 in a cash box, which he placed on the x-ray conveyor belt and subjected to TSA scrutiny, as is required for all carry-on cargo. The money was connected with his (legal) job with Campaign for Liberty. The guy recorded the abusive inquisition on his iPhone. The ACLU sued the TSA. Now the airport security rules have changed. Read the coverage in The Washington Times.

* From Our Take on The News:  A flaw in Adobe Flash has a huge impact on web usage, especially those businesses that use Google Gmail/Google Apps/PHP Discussions, and sites the scores of sites that allow the upload of information to the site.  Mike Bailey, an expert on web application security, has an excellent infosec write up at the Foreground Security blog.  Faster read in Computerworld.

*  From The Wrap:  Revised Google Book Settlement was submitted to the court late Friday night. It doesn’t address privacy at all, even after EFF and other parties submitted a legal brief outlining legitimate fears that Google can track, and is likely to share individual book search information with law enforcement and anyone else who issues a subpoena. Google will retain book-search details, right down to page number and how long you lingered there, for every book you search. Read this account of the revised settlement.

Data Security Podcast Episode 78, Nov 09 2009

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Report Security Flaws, Vulnerabilities, web server security with tags , , , , , , , , , , , , on November 8, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Why are web drive-by downloads proliferating like cockroaches?

* Sixty Minutes just covered a data security story. We rate the coverage.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 78 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 78 of the Data Security Podcast

* Conversation:  Ira talks with Georg Hess, CEO and Co-Founder, Art of Defence, about network scans versus web application scans. OWASP AppSec DC 2009 takes place this week,  November 10-13th, in Washington, DC. The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Their mission is to make application security visible,  so that people and organizations can make informed decisions about true application security risks.

OWASP Conf 2009 Wash DC

* Tales From The Dark Web:  Our take on the 60 Minutes segment Sabotaging The System:  Could hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal? Be sure to watch this video segment with the highest level non-technical boss in your organization. Also, make sure you, and your non-technical boss watch the “Web Extras” from this segment.  One of the stunning parts of the segment was the claim that private companies are more vulnerable because the companies only care about profit. Unlike government networks, which are more secure (uh?).  If that was the case, how can that be squared against the portion of the segment that revealed that the Feds lost 12TB of data from the DOD, DOE, DOC and possible NASA, in 2007? Where was the profit motive that stopped good security in those organizations? Security expert Robert Graham explores this, and other issues, in this posting: Brazil outage NOT caused by hackers.

* From Our Take on The News:  New open-source voting technology – the developer is looking for jurisdictions to try it for free.  Read the Wired account.

* From Our Take on The News:  A technical overview of the newly discovered SSL vulnerabilities and possible mitigation. Ben Laurie has excellent, technical blog postings about the SSL protocol flaw.

* From Our Take on The News:  Voters hate traffic surveillance cameras — proven in three U. S. cities in last week’s elections. (As if we still need proof.) Great coverage of traffic surveillance and related matters in Maryland. (But the topic is universal).

* From The Wrap:  First iPhone worm found, details at F-Secure.  A how-to for changing the SSH default password in your jailbroken iPhone; one uses a computer connected to your iPhone to change the SSH settings.  Note: If you are not using a jailbroken iPhone, you don’t need to make changes to be protected from this particular attack.

Data Security Podcast Episode 75, Oct 25 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Legislation, Podcast, Report Security Flaws, Vulnerabilities, web server security with tags , , , , , , , , , , on October 25, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Everyone loves retail gift cards…they are quick and easy for consumers, and for web application “hackers.”

* Some Time Warner cable internet users are vulnerable to serious attacks — when will Time Warner release a fix?

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 75 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 75 of the Data Security Podcast

Time Warner-supplied SMC cable modem: open for exploit?

Time Warner-supplied SMC cable modems: Open for Exploit?

* Conversation:  Ira talks with David Chen of Pip.io with an update on the critical vulnerabilities he discovered in a batch of Time Warner cable modems (made by SMC). TW now acknowledges the flaw, and they have made statements elsewhere that a fix is being deployed. David Chen tells us that as of this past weekend the vulnerabilities remain.  Both David Chen and The Data Security Podcast have attempted to get an update on a fix. Time Warner cable has not replied to written requests from David Chen, or from this program.  David Chen is blogging with recommendation on how he thinks Time Warner Cable could mitigate these flaws… see his latest blog here.

* Tales From The Dark Web: Retail gift cards are potentially vulnerable to attacks. One that jumps out: web application attacks. Read the entire report by Corsaire.

* From Our Take on The News: Jurors are using smartphone from the jury box and the deliberation room – potentially putting trial outcomes into jeopardy.

* From Our Take on The News: Treasury Strategies Sees Possible Bank Failures Due to Fraud Losses

* The Kicker: Long Island Teen Uses Hidden Video to Catch a Thief

Modern Bank Robbers Could Shutter As Many As 10 Financial Institutions

Data Security Podcast Episode 69, Sep 14 2009

Posted in Breach, darkweb, ediscovery, eMail Security, Legislation, Podcast, Report Security Flaws, Vulnerabilities, web server security with tags , , , , , on September 13, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* Beware the non-delivery email notice – it might really be an attack.

* Apple has added an anti-phishing feature to the new iphone but few people have been able to get it to work right.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 69 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 69 of the Data Security Podcast

*  Ira talks with Michael Sutton, vice president of research at Zscaler about issues with the new Apple iPhone anti-phishing feature in Safari for the iPhone.  Read the details on how to fix this issue in this LoopInsight.com posting.

* Tales From The Dark Web: 2000% rise in non-delivery report spam, according to a PandaLabs report.

* From the News:  Brian Mastenbrook: How I cross-site scripted Twitter in 15 minutes, and why you shouldn’t store important data on 37signals’ applications. Update: Response from 37signals, including a change in their policy. Also, check out ReportSecurityFlaws.com .

* Topics From the News:   Tracking employee internet usage;  iPhone man in the middle SSL attack;  Should public officials be banned from using Blackberry PIN-to-PIN, and other text messages during hearings?

Wrap: iPhone 3.1 breaks Exchange Sync for pre-3GS phones from the discussion boards of DSL Reports.

iPhone Exchange Fail

iPhone Exchange Headaches?

Data Security Podcast Episode 65 – Aug 9 2009

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, eMail Security, Exclusive, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , , , on August 9, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law….(plus or minus five)

On this week’s program:

* More DefCon17 Coverage: How safe are Cloud Computing applications?

* Melissa Hathaway is leaving her White House job as top cyber security official, why is the main stream press not spending time on this story?

* Our take on this week’s news.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:

This week’s show is 34 minutes.

–> Stream, subscribe or download Episode 65 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 64 of the Data Security Podcast

* Tales From The Dark Web: Ira and Samantha talk with the team from Sensepost about Cloud Computing Security

*From the News: The site we mention that was able to successfully repel the attacks last week against Twitter/Facebook/LiveJournal: Fotik

* From the News:  A 20 year old man attacks the communication system of the Chicago Transit Authority, and the Chicago Loop.  And here’s the announcement about the federal homeland security grant to CTA for bomb-sniffing dogs and other physical security measures.  Wow… think transportation officials might have their eye on the wrong ball?

Chicago Loop

The Chicago Loop

Data Security Podcast Episode 63 – July 27 2009

Posted in Breach, Conference Coverage, darkweb, ediscovery, eMail Security, Podcast, Vulnerabilities with tags , , , , , , , on July 27, 2009 by datasecurityblog

30 minutes each week on data security, privacy, and the law….(plus or minus five)

On this week’s program:

* iPhone Security. Is that an oxymoron?

* Google Chrome Browser uses sandboxing for security.  We talk to a security engineer that says his firm has built a better sandbox.

* Our take on this week’s news.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:

This week’s show is 30 minutes.

–> Stream, subscribe or download Episode 63 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 63 of the Data Security Podcast

* Conversation: Ira talks with Matt Hite, an engineer with Check Point security, about sandbox security software,  and how they are trying to leapfrog the sandbox security software included in Google’s Chrome Browser.

* Tales From The Dark Web:  iPhone Security. Is that an oxymoron? Take a look at this video by Jonathan Zdziarksi from the extensive write-up in at Wired.

* Tales From The Dark Web: Finjan’s Malicious Code Research Center (MCRC) has detected yet another case of a 0-day attack “in the wild”. This time, hackers are exploiting a vulnerability (CVE-2009-1862) in Adobe Acrobat/Reader and Flash player. By exploiting this vulnerability, the hackers can download and execute malicious code on the victim’s PC. Patch due from Adobe on July 31, 2009. Get ready now to roll out the patch(es).

* From the News: Advance notification by Microsoft for emergency patches for release tomorrow, July 28th, 2009. Get ready now to roll out the patch(es).

* From the News:  Exposed: Repair Shops Hack Your Laptops.

* Wrap: Ira will be traveling to DefCon, the World’s Largest Hacker Event, this weekend. DefCon is held in Las Vegas, Nevada. Ira will be tweeting from the show, you can follow his comments at his Twitter site, http://twitter.iravictor.net . If you plan to attend DefCon, follow his tweets,  find him, and say hello.

* Correction:  When Ira spoke about iPhone security, he did not credit Jonathan Zdziarski for the comments about screen captures and keylogging. We apologize for the mistake.

Data Security Podcast Episode 55 – June 01 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , , on June 1, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – Polymorphic drive-by download attack targets tens of thousands of legit business and government web sites. SSL can be used for good or evil, find out how to tell the difference. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for this week’s The Data Security Podcast

–> Ira has a conversation with Dan Proch, with Netronome about SSL security. Secure Socket Layer can be used for good or evil. We talk about how to detect the difference. Learn more with white papers and webinars by Netronome.

–> Tales From The Dark Web: Polymorphic drive-by download attack targets the visitors of tens of thousands of legit business and government web sites. The attack is slipping past AV, and exploits desktop vulnerabilities. Read more about it in the Websense blog posting, and a article at TheRegister.com .

–> From The News: Dutch Researchers expose potential vulnerabilities in NXP MIFARE RFID Smart Cards. Billions of these cards are in use for transit fares and building access control. Here is an excellent proof of concept video of how to attack these systems:

–> From The News:  Read  Maribel Lopez detailed report comparing the security of Blackberry, iPhone and Windows Mobile .

–> From The News: The White House is planning major cyber security intervention. Here is official video on the topic from the White House:

Data Security Podcast Episode 28 – Nov 25 2008

Posted in Podcast with tags , , , , , , , , , on November 25, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, your privacy, and the law.

This weeks program: Classmates.com gets sued, are they committing fraud?; Internet activists take on phone spammers;  And, this week’s security news.

–> Stream, subscribe or download Episode 28 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by DeviceLock

Program Notes for Episode 28

Domain Registration Hijack

Domain Registration Hijack

From the news: Details on how members of the Dark Web could hijack YOUR domain if you use a popular email service.

From the news: ISACA Survey: Organizations fail to educate employees about risks from online shopping ; IBM Warning: Holidays To Bring Blizzard Of New Attacks on Consumers

Attention iPhone and iTouch users: You can now download this podcast directly to your device, and by-pass connecting it to a computer. Since this podcast is over 10mb, you can prep the download in 3G mode, but the download itself will need to happen in a Wi-Fi hotspot. If you listen to podcasts in your car, just make sure your WiFi signal can reach your car! Details on the Apple 2.2 upgrade at Ars Technica.

Conversation: Scott A. Kamber, a plaintiff’s attorney with Kamber Edelson, talks with Samantha about the implications of a new lawsuit against Classmates.com for deceptive practices. (BTW, we tried to contact Classmates.com for a response…they did not respond).

Conversation: Julie Forte founder of the anti-phone spam web sites 800notes.com and WhoCallsMe.com talks with Ira about fighting back against these scammers. Reports phone spammers to The Internet Crime Complaint Center: IC3.

Data Security Podcast Episode 21 – Oct 07 2008

Posted in Podcast with tags , , , , , on October 7, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Massive cache of web server logins uncovered, web application security honeypots, and the latest data security news.

–> Stream, subscribe or download Episode 21 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by DeviceLock

Program Notes for Episode 21

News:

1. Remember the San Francisco IT employee who brought the city’s business to a halt when he hijacked its network? Apparently, hostile employees do this from time-to-time, and they fit a certain profile.

2. iPhone Forensics, a new book authored by Jonathan Zdziarski

3. An Ohio woman has permission to sue her county after a scanned image of a traffic violation allowed her identity to be stolen.. Resulting in $20,000 in bogus purchases.

4. UFO/military systems hacker did his work over 56k modem.

5. “It’s not an Orwellian thing…” So says Denver law enforcement of their plan to have civilians monitor the city’s beefed up network of surveillance cameras. After hosting the Democratic National Convention the city has four times as many cameras as it did before.

6. The Payment Card Industry Data Security Standard (DSS) v 1.2 replaced the DSS v. 1.1 on October 1, 2008. This Summary of Changes document provides an overview of the significant differences between the two versions.

Tales From The DarkWeb: Security researcher with Aladdin uncovers cache of 200,000 site credentials for Fortune 500 firms, weapons makers, governments

Conversation: Ira talks with Ryan Barnett with The Web Application Security Consortium (WASC). “From a counter-intelligence perspective, standard honeypot/honeynet technologies have not bared much fruit in the way of web attack data….[The WASC Open Proxy Honyepot] project will use one of the web attacker’s most trusted tools against him – the Open Proxy server.” The project is looking for your help in reading logs, hosting honeypots, and other tasks. Read more

Follow

Get every new post delivered to your Inbox.

Join 1,106 other followers