Archive for patching

January 04, 2011 – Episode 194

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on January 4, 2011 by datasecurityblog

Episode 194 of  The Cyberjungle  is 33 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 194 via the flash player:

Our Take on This Week’s News

Facing Threat From WikiLeaks, Bank Plays Defense: On Nov. 29,2010, the director of WikiLeaks, Julian Assange, said in an interview that he intended to “take down” a major American bank and reveal an “ecosystem of corruption” with a cache of data from an executive’s hard drive. Bank of America executives sprung into action the next day according to The New York Times Ira mentioned 10minutemail.com as a free tool to keep your real email address more private.

Upon launching the Spokeo website, they cleverly remind you that “it’s not your grandma’s phonebook,” which is not only a hacky reference but also literally true: the old meatspace phonebooks didn’t automatically expose all of your private information like age, income, home value, credit score, relationship status and map to your house. Who the Eff are these freaks? How did they get ALL of your info? I don’t know, but all of mine was there. Fortunately, there’s an easy way to remove yourself from the database of these privacy rapists currently thriving in Zuckerberg’s America. Hat Tip to: Chris Hardwick at The Nerdist Blog.

From the “This-Affects-Just-About-Everyone” File: Security researcher Julia Wolf of FireEye pointed out numerous, previously hardly known, security problems in connection with Adobe PDF files. Microsoft warns of Word attacks; RTF-based exploits making the rounds, apply patch pronto.

Tales From The Dark Web

A new twist on an older attack: Attackers re-use older versions of the Zues bank trojan to steal government and private sector information. See the Netwitness Blog: Cyber-Crime or Cyber-Espionage?

Interviews

Ira Victor talks with Chrisother Hadnagy, ethical Social Engineer and author of the new book, “Social Engineering: The Art of Human Hacking

Wrap-up

The CyberJungle goes to the 2011 Las Vegas Consumer Electronic Show (CES) this week. CES is the largest electronics show in the world. The CyberJungle will bring you a security, privacy and legal perspective on the technologies featured CES. Get our reports in Conference Notes. And follow (or just read) Ira on Twitter for comments and nuggets of interest.


October 17, 2010 – Episode 181

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, The CyberJungle, Vulnerabilities with tags , , , , , on October 17, 2010 by datasecurityblog

Episode 181:

This week’s regular episode of  The Cyberjungle  is 1 hour and 13 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 181 via the flash player:

Interview

Jason Miller, patch management expert with Shavlik Technologies, tells us how to deal with the biggest patch release in modern IT history… which took place on Tuesday, October 12.  Jason’s  interview is 8 minutes long, and it begins about 24 minutes into Episode 181.

Tales from the Dark Web

You’ve  heard of  “software as a service”… Now there’s “crimeware as service” —  a convenient way for the bad guys to outsource their criminal acts.

Our Take on This Week’s News

What’s in your medicine cabinet? The Feds and 34 states are putting together a giant prescription drug database so they can review the contents.

What did he know, and when did he know it? At least one IT staffer in the Lower Marion School District waxed fondly about the remote tracking capabilities on the laptops issued to students who later sued the district for spying on them.

Bullying is bad, um-kay? President Obama holds a town hall with MTV viewers, during which he tells them there should be zero tolerance for bullying — cyber or otherwise.

Security tradeoff: caution for coolness – Device Reputation Service Reveals iPhone at Top of Mobile Transaction Fraud Risk.

Your building pass could be more valuable than ever – Some federal employees will see their CACs (common access RFID cards) expanded. They’ll still get the card holder into a building or a computer system. But the cards will be expanded to include to include mass transit fares, debit payment, and ATM functionality… all in one card.

Mixing business and pleasure – Explosive growth of mobile devices leads to security risks as workers use their own devices to store and transmit work data.

Fun finder or stalker tool? The website wheretheladies.at monitors social networking sites to help dudes locate gatherings of women.  But blogger Jason Stamper conducted an experiment that points out the dangers women might face when they publish all the details of their daily lives.

Kudos for baking it in! New version of Opera to have extensions with software code check for security.

May 15, 2010 – Episode 137

Posted in Court Cases, criminal forensics, darkweb, ediscovery, Report Security Flaws, The CyberJungle, Vulnerabilities, web server security with tags , , , , on May 15, 2010 by datasecurityblog

Interview Segment – Jason Miller, Data and Security Team Manager for Shavlik Technologies on patch management.  It’s not a sexy topic, but it’s critically important. Jason says patching should be determined by the needs of the business, rather than the importance rating issued by Microsoft or other vendors. The interview is 7 minutes 38 seconds long, and it starts at about 21 minutes into episode 137.

You may listen to to Episode 137 on via the flash player:

Or go to the listening options page to choose another method of receiving the program.

Our Take on This Week’s News

Privacy: Did Facebook’s Zuckerberg describe early users of his product as  “dumb F**ks” for submitting private information when they signed up?

And Google admits that its Street View cars have been slurping up wireless access point information. There’s a lot of anger over this, and we’re predicting an advertiser backlash against the privacy violators.

As if Goldman Sachs doesn’t have enough problems… Now the company is being sued for intellectual property theft.

Nine  former employees of an education agency in Iowa were indicted for sneaking a peak at Presidential candidate Barack Obama’s student loan records.

A new twist on a familiar theme.  A big company with a security flaw on its website;  a security expert discovers it and tries to report it, but the company ignores him or pats him on the head and tells him to go away.  This happens with surprising regularity. In this case, Smackdown blogger Michael VanDeMer writes about a spate of hacks to blogs hosted by GoDaddy.

Web security firm Dasient reports: In Q1 2010, we estimate that over 720,000 web sites were infected.

Twitter links are safer than Google links.

Critical zero-day flaw found in Apple’s Safari browser.

FAQ:  To delete Apple Safari browser (and other applications) in WindowsXP, in Windows7.

Browser alternatives to Safari on iPhone: Opera Mobil (versions also available for BlackBerry. Ira also like Bolt Browser for BlackBerry.

Flashback: Remember Mikeyy the (self-proclaimed) teenaged Twitter Hacker?

Episode 125 – April 3, 2010

Posted in Breach, Court Cases, darkweb, Legislation, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , , on April 3, 2010 by datasecurityblog

Interviews, Episode 125:  Big Batches of Patches! Following huge releases on Patch Tuesday from Microsoft, Apple, Sun/Java, Mozilla Firefox, and Mozilla Thunderbird, we talk with patch management expert Jason Miller. He’s Data and Security Team Manager from Shavlik Technologies. Jason’s interview starts about 22 minutes into the program.

We also talked with Randy Sarafan, the Author of 62 Projects to Make With a Dead Computer.  Fun stuff.  Interview starts about 53 minutes into the show. You can download the file from our XML feed, from iTunes, and other sites. See the Listening Options page, or use the flash player below:

Our Take on This Week’s News

CNN presents a glowing story about the success of airport whole body scanners, which have found drugs and other junk in people’s pockets. The TSA plans to roll out 1000 more of the machines.  Meanwhile, the Electronic Privacy Information Center posted this doc, in which the TSA contradicts itself to congress regarding the ability of the machines to store and transmit images. See item # 8, where they claim that the airport scanning machines are not capable of transmitting images, BUT, the images they transmit to remote viewing facilities are encrypted.

A new web service allows businesses to monitor the social networking communications of their employees. Facebook and Twitter users, you should probably just assume that what you post publicly is being monitored by your employer. Employers, you should probably assume that your employees post a lot of stuff that shouldn’t be shared.

Quip app security hole shares private photos. People who used a free service to send naked photos of themselves were exposed. Hey wait a minute… doesn’t the Apple app store performed extensive reviews before they accept a product?

iPad is coming to the office, and we found some security applications for it.  iTeleport: Jaadu VNC is encrypted remote access allows a secure connection between the iPad and a desktop comupter.  ALSO — in PC World, Tom Bradly Reports another option from Array Networks: “One app that is not yet available, but has significant promise for leveraging the iPad to connect with Microsoft Windows systems is Array Networks Desktop Direct.

Report: 64% of all Microsoft vulnerabilities for 2009 mitigated by Least Privilege accounts.

Way cool! Open PDF Links Directly In Google Docs Viewer

Whole Foods Scam on Facebook. Free gift cards worth $500 for the first 12,000 users. Uh-huh.

Cleveland Plain Dealer exposes identity of community leader who posts anonymous comments. Starts debate about privacy versus the public’s right to know. We wonder why just anyone at the newspaper can look at the email registry.

News Outlet Reports “Hacking” and Makes Itself a Target for More “Hacking”

Posted in The CyberJungle with tags , on January 30, 2010 by datasecurityblog

The web sites of nearly 50 Members of Congress were defaced just prior to Obama’s State of the Union address.

The Hotline political site (part of The National Journal), covered the story. In their story on the topic, they included the screen shot below showing the web defacement. It appears that the computer that was/is used by The Hotline for this story, is itself open to exploit. Note the icons on the lower right of the screen shot below. The system is not properly patched.

Screen Show of Defacement Reveals Something More...

Screen Shot of Defacement Reveals Something More...

Read the original story at The Hotline

Follow

Get every new post delivered to your Inbox.

Join 1,126 other followers