Archive for Social Networks

Episode 125 – April 3, 2010

Posted in Breach, Court Cases, darkweb, Legislation, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , , , on April 3, 2010 by datasecurityblog

Interviews, Episode 125:  Big Batches of Patches! Following huge releases on Patch Tuesday from Microsoft, Apple, Sun/Java, Mozilla Firefox, and Mozilla Thunderbird, we talk with patch management expert Jason Miller. He’s Data and Security Team Manager from Shavlik Technologies. Jason’s interview starts about 22 minutes into the program.

We also talked with Randy Sarafan, the Author of 62 Projects to Make With a Dead Computer.  Fun stuff.  Interview starts about 53 minutes into the show. You can download the file from our XML feed, from iTunes, and other sites. See the Listening Options page, or use the flash player below:

Our Take on This Week’s News

CNN presents a glowing story about the success of airport whole body scanners, which have found drugs and other junk in people’s pockets. The TSA plans to roll out 1000 more of the machines.  Meanwhile, the Electronic Privacy Information Center posted this doc, in which the TSA contradicts itself to congress regarding the ability of the machines to store and transmit images. See item # 8, where they claim that the airport scanning machines are not capable of transmitting images, BUT, the images they transmit to remote viewing facilities are encrypted.

A new web service allows businesses to monitor the social networking communications of their employees. Facebook and Twitter users, you should probably just assume that what you post publicly is being monitored by your employer. Employers, you should probably assume that your employees post a lot of stuff that shouldn’t be shared.

Quip app security hole shares private photos. People who used a free service to send naked photos of themselves were exposed. Hey wait a minute… doesn’t the Apple app store performed extensive reviews before they accept a product?

iPad is coming to the office, and we found some security applications for it.  iTeleport: Jaadu VNC is encrypted remote access allows a secure connection between the iPad and a desktop comupter.  ALSO — in PC World, Tom Bradly Reports another option from Array Networks: “One app that is not yet available, but has significant promise for leveraging the iPad to connect with Microsoft Windows systems is Array Networks Desktop Direct.

Report: 64% of all Microsoft vulnerabilities for 2009 mitigated by Least Privilege accounts.

Way cool! Open PDF Links Directly In Google Docs Viewer

Whole Foods Scam on Facebook. Free gift cards worth $500 for the first 12,000 users. Uh-huh.

Cleveland Plain Dealer exposes identity of community leader who posts anonymous comments. Starts debate about privacy versus the public’s right to know. We wonder why just anyone at the newspaper can look at the email registry.

Data Security Podcast Episode 88, Jan 04 2010

Posted in Annoucements, Breach, darkweb, Legislation, Podcast, The CyberJungle with tags , , , , , , , on January 3, 2010 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Bad guys buying services to evade anti-virus

* Special announcement

* Our take on this week’s news

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 88 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 88 of the Data Security Podcast

* Tales From The Dark Web: Bad guys buying services evade anti-virus. Brian Krebs (formerly with The Washington Post) does his usual outstanding work on the topic, from his brand new blog. Read more here.

* From Our Take on The News: Body scanning machines; here’s a story from the UK that dismisses their effectiveness in cases where a guy stuffs a chemical explosive in his underwear. (But they are very effective at revealing the other junk in your underwear.) Read more here.

Meanwhile, Logan International in Boston and the Newark Liberty Airport in New Jersey will both get the body imaging machines. (Both were points of origin for the September 11 attacks.) Read more here from The Star Ledger. And read more here from Boston Globe.

* From Our Take on The News: TSA nominee misled Congress about accessing confidential records. Read more here from The Washington Post.

* From Our Take on The News:  How embarrassing! The Chairman of the FCC sends a facebook spam. Read more here from The New York Times blog.

* Special Announcement:  The Data Security Podcast will go LIVE this week as the nation’s first  call-in talk show on security, privacy and the law. You can listen on a web stream or terrestrial radio every Saturday, starting this Saturday, Jan 9th from 10 a. m. until noon Pacific Time.  Be sure to tune into the web stream of KKOH-780am, here is a link to their site, click on the’ Listen Live’ link on the upper right hand corner.

We are changing the name of the show to The CyberJungle. We will keep this site active, and we will keep the current iTunes site active for a while, as we transition to the new name and site.   We will  continue to post our interviews with security experts. The material that’s too technical for the radio will be posted here.

We want to thank all of you for  the support and feedback for the last 18 months. We are grateful that you chose to spend your time with us. Our sponsors have also been very good to us. If you enjoy the show, please try their products, and please let the know you heard about them from us.

A big thanks also to the management of KOH Radio. They “get it,” and we salute them for understanding that the time is right for this show.

KOH Call-In for The New Show

Data Security Podcast Episode 71, Sep 28 2009

Posted in Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , on September 27, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* $4k per day scamming fake Viagra? That’s just the tip of the iceberg.

* Business bank accounts are the targets of attacks, businesses are responding with lawsuits against banks.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 71 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 71 of the Data Security Podcast

* Conversation: Samantha talks with attorney Dan Mitchell, of Bernstein Shur. His business client was the victim of one of the bank account attacks, resulting in a cash loss of over $500,000. His client is suing the bank. Coverage in Computerworld.

* Tales From The Dark Web: Pharma scams earn $4k per day for members of the Dark Wek.  Read that and a LOT more in Dimitry Samosseiko of SophosLabs paper he presented to the Virus Bulletin Conference in Geneva Switzerland. That event wrapped up last Friday.

* From Our Take on The News:  Waves of Twitter attacks erode trustworthiness of Tweets.

How much should you trust Tweets?

How much should you trust Tweets?

* From Our Take on The News:  How much of your business data should you trust to web mail?

* From Our Take on The News:  Cameras keep track of all cars entering Medina Washington.

Data Security Podcast Episode 18 – Sep 16 2008

Posted in Podcast with tags , , , , , , on September 16, 2008 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: Law enforcement using social networking sites, virtual worlds, and multi-player game data to prosecute criminals and fight money laundering. Plus, the latest security news, including reports on virtualization / VM security from IT Security World in San Francisco.

–> Stream, subscribe or download Episode 18 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by DeviceLock

Program Notes for Episode 18

News:

The county recorder in Arizona has adopted a policy to prevent ID theft and protect privacy — after you’re dead. The Maricopa County Recorder no longer posts death certificates. Hats off. If only government entities would protect your privacy while you’re alive.

Authorities in New York City are urging citizens to help the cops beef up their crime surveillance efforts — by using camera phones to record crimes in progress.
Ira reports this week from IT Security World in San Francisco. Reports on virtualization / VM security, and the failures of traditional anti-virus.

Conversation: Lt. Chuck Cohen from The Indiana State Police on law enforcement using social networks, virtual worlds, and multi-user game platforms as a source of investigatory information in criminal cases.

Follow

Get every new post delivered to your Inbox.

Join 1,114 other followers