Episode 203 of The CyberJungle is about 53 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.
To listen to Episode 203 via the flash player:
Interviews
Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.
Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer
Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:
Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.
Wrap
OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test
You can hear episode 159 by clicking on the Flash player below, or if your device does not support Flash, you can visit our listening options page for other ways to receive the show. Episode 159 is one hour and 9 minutes long.
Interviews
Interview #1 – Jeremiah Grossman, CEO of White Hat Security, discovered an odd security flaw in the Apple Safari Browser. Alas, he tried to notify Apple, only to be rebuffed. He posted the story on his blog, and he decided to go public at Black Hat, and just about the time we finished this interview with him, Apple acknowledged the problem. Fix pending. Hear an overview of Jeremiah’s presentation in Episode 159. It’s 11 minutes long, starting about 12 minutes into the show.
Interview #2 – Mickey Boodaei, CEO of security firm Trusteer, has been hard at work on the banking trojan problem, and they’ve got a problem that may help. We discuss it with him in Episode 159. It’s 10 minutes long, starting at 55:00.
Krebs on security writes about the victims of scareware – they end up buying the stuff, and then they’re embarrassed to go to the police. Good piece
Banks have long since stopped moving paper checks from one location to another, preferring the economy of scanning. What if someone broke into the digital repository where they store all those pictures of checks?… Someone did.
You can hear episode 145 of The CyberJungle by clicking on the Flash player below, or go to our listening options page for other ways to listen. Episode 145 is 69 minutes long.
To listen to Episode 145 via the flash player:
Interview Segments:
We talked with Jason Miller from Shavlik about why some businesses are still playing catch-up from the big Patch Tuesday… and about the Adobe Flash flaw that affects just about everyone on the planet. Check the patch management site for help. The interview starts about 21 minutes into Episode 145.
We also played an interview from earlier this year with David Shroyer from Bank of America. This is a short excerpt from a longer conversation about the reaction of the financial services industry to the Zeus banking attacks. The 7-minute segment we aired today is about the “money mules” who launder cash for cybercriminals. The mules are generally suckers who fall for the “work at home in your pajamas and make thousands of dollars with your computer” schemes. This interview starts about 56 minutes into Episode 145.
AT&T web application flaw combines with Apple business model flaw to allow a major hack of iPad user email addresses. The story was widely told this week. Here’s one version. There are a lot more angles to this story than the mainstream press has covered.
British Petroleum is in for an e-discovery gusher once the Gulf oil spill litigation begins. Court orders for documents will follow, and cost of discovery could top $100 million, according to this post.
FIFA 2010 World Cup is inspiring a wave of malicious spam tailored to soccer fans. Symantec has a good overview of “Crimes Against Football Fans” here.
Google has hired an independent firm to investigate its Street View “snafu,” in which its photographer’s vehicles snarfed up information from thousands of private wifi networks, violating privacy and perhaps breaking the law. The report from the company’s own investigators suggests criminal intent.
Prepaid cell phones are the last available communication device that offers privacy and anonymity. But two U.S. Senators would like to put an end to it. Schumer (NY) and Cornyn (TX) want to register the ID of phone purchasers and require the carriers to keep the data for 18 months after deactivation.
Google expands location tags – and other popular location services are riddled with bugs, according to this report.
Beverly High School students in Boston will be required to have a laptop next fall. But not just any laptop. Parents will have to shell out $900 for a MacBook. School administrators say PCs will be incompatible with the school’s network. What?
Our Tether contest – win wireless access for your BlackBerry
Thanks to Tether for providing a generous number of full-value licenses to award as prizes for listeners of The CyberJungle. We love the product, and have given away 10 licenses each in episodes 141 and 143. You can still enter by sending an email to comments@thecyberjungle.com, and telling us which version of the BlackBerry software you’re running. (Find this by going to “settings ->options->about” on your BB.) We award the prize to the first ten requests of the week. Our week runs Saturday-through-Friday. If you win, we ask that you send an acknowledgment once you’ve received your key, so we know you got it. Then we will delete your email, as a gesture of respect for your privacy.
BTW — there is a :60 second Tether commercial in these shows. We are running them as a thank-you to Tether for the software keys. We want to acknowledge the people who created some of the components in the spot. The Free Sound Project is an awesome organization for people like us, whose ears are bigger than our budgets when it comes to production. The audio effects in the Tether spot cam from the site, and we thank the creative producers who post their work. Especially — someone with the handle kkz who created a file called “t-weak bass” … someone with the handle dland who created a file called “to hell with vinyl”… and someone with the handle Halleck, who created “crash reverse.” All can be heard in the Tether spot, which airs at approximately 29:50 in episode 143.
We talk with Gary Biller, Executive Director of the National Motorists Association, about an Ohio Supreme Court decision that says law enforcement officers do not need to back up their vehicle speed estimate with reports from a radar reading; eyeballing it is good enough. The Ohio press reports. The interview starts about 20 minutes into Episode 143.
Federal Trade Commission settles with CyberSpy Software, LLC. Settlement requires the company to stop instructing its customers how to send its keylogging product in a stealth email attachment. Also must notify the receiving computer that the software is about to download, and receive consent. This will put a chill on the spying.
Our Tether contest – win wireless access for your BlackBerry
Thanks to Tether for providing a generous number of full-value licenses to award as prizes for listeners of The CyberJungle. We love the product, and have given away 10 licenses each in episodes 141 and 143. You can still enter by sending an email to comments@thecyberjungle.com, and telling us which version of the BlackBerry software you’re running. (Find this by going to “settings ->options->about” on your BB.) We award the prize to the first ten requests of the week. Our week runs Saturday-through-Friday. If you win, we ask that you send an acknowledgment once you’ve received your key, so we know you got it. Then we will delete your email, as a gesture of respect for your privacy.
BTW — there is a :60 second Tether commercial in these shows. We are running them as a thank-you to Tether for the software keys. We want to acknowledge the people who created some of the components in the spot. The Free Sound Project is an awesome organization for people like us, whose ears are bigger than our budgets when it comes to production. The audio effects in the Tether spot cam from the site, and we thank the creative producers who post their work. Especially — someone with the handle kkz who created a file called “t-weak bass” … someone with the handle dland who created a file called “to hell with vinyl”… and someone with the handle Halleck, who created “crash reverse.” All can be heard in the Tether spot, which airs at approximately 29:50 in episode 143.
MessageLabs Intelligence is tracking a new targeted attack pretending to be from the New York Times. Beware if you are introduced to a new “helpful applications:” The New York “Times Reader” software. Details On Episode 115 of TheCyberJungle and on the live program Saturday morning.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* FBI Report: Latest target for the cybercriminal? Law Firms and PR Firms
* Adobe Speaks: special segment with their senior security officers
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 82 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 82 of the Data Security Podcast
* Ira has a conversation with two security officers at Adobe Systems about the allegations made by web security researcher Mike Bailey of unpatchable “Same Origin Flaws” in Adobe Flash. Brad Arkin, Director of Product Security and Privacy, and Peleus Uhley, Senior Security Researcher give their take on Mike Bailey’s claims. Here are the links mentioned in the segment:
- Browser Security Handbook, Part 2—Information on the Same-Origin Policy.
- Peleus Uhley’s article on creating more secure Flash applications / “Understanding that SWFs are Code”
* Tales From The Dark Web: FBI WARNING: U.S. LAW FIRMS AND PUBLIC RELATIONS FIRMS. That link is a copy of the FBI posting. The FBI does not contain a permanent link, so it may become hard to find as new stories are posted above this law firm alert.
* From The Wrap: Read the SANS Internet Storm Center’s reports on IE6 and IE7 web browser 0-Day Flaw, and an Update. No patch available (yet?), but Microsoft has some mitigation suggestions, linked through the Update.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* The odds of unknowingly logging onto an ‘evil twin’ of your online banking site is increasing due to new broadband hazards.
* A revised Google Book Settlement was submitted to the courts . It doesn’t address privacy at all.
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 79 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 79 of the Data Security Podcast
* Program note about this week’s Conversation: Ira will have an extended, technical conversation with Pedro Bustamante, Senior Security Researcher with PandaSecurity. Ira and Pedro will discuss web drive-by downloads and other security issues in a special interview segment that will appear in a separate posting later this week. You can listen to the segment by streaming on this site, on iTunes, or other RSS feeds you use to listen to the Data Security Podcast.
* Tales From The Dark Web: What if you typed in your bank’s web address, but unknown to you, you were taken to an evil twin of your bank, controlled by cyber criminals? Well, the odds of that happening is increasing, due to Domain Name System (DNS) issues in a significant number of broadband modems and routers. Many other attacks can use these DNS flaws. Hat tip to the coverage by Robert McMillan of the IDG News Service.
* From Our Take on The News: Airport security in Saint Louis hassled one guy for half an hour, because he was carrying $4,700 in a cash box, which he placed on the x-ray conveyor belt and subjected to TSA scrutiny, as is required for all carry-on cargo. The money was connected with his (legal) job with Campaign for Liberty. The guy recorded the abusive inquisition on his iPhone. The ACLU sued the TSA. Now the airport security rules have changed. Read the coverage in The Washington Times.
* From Our Take on The News: A flaw in Adobe Flash has a huge impact on web usage, especially those businesses that use Google Gmail/Google Apps/PHP Discussions, and sites the scores of sites that allow the upload of information to the site. Mike Bailey, an expert on web application security, has an excellent infosec write up at the Foreground Security blog. Faster read in Computerworld.
* From The Wrap: Revised Google Book Settlement was submitted to the court late Friday night. It doesn’t address privacy at all, even after EFF and other parties submitted a legal brief outlining legitimate fears that Google can track, and is likely to share individual book search information with law enforcement and anyone else who issues a subpoena. Google will retain book-search details, right down to page number and how long you lingered there, for every book you search. Read this account of the revised settlement.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Everyone loves retail gift cards…they are quick and easy for consumers, and for web application “hackers.”
* Some Time Warner cable internet users are vulnerable to serious attacks — when will Time Warner release a fix?
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 75 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 75 of the Data Security Podcast
Time Warner-supplied SMC cable modems: Open for Exploit?
* Conversation: Ira talks with David Chen of Pip.io with an update on the critical vulnerabilities he discovered in a batch of Time Warner cable modems (made by SMC). TW now acknowledges the flaw, and they have made statements elsewhere that a fix is being deployed. David Chen tells us that as of this past weekend the vulnerabilities remain. Both David Chen and The Data Security Podcast have attempted to get an update on a fix. Time Warner cable has not replied to written requests from David Chen, or from this program. David Chen is blogging with recommendation on how he thinks Time Warner Cable could mitigate these flaws… see his latest blog here.
* Tales From The Dark Web: Retail gift cards are potentially vulnerable to attacks. One that jumps out: web application attacks. Read the entire report by Corsaire.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.
* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 74 of the Data Security Podcast
* Conversation: Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.
* Tales From The Dark Web: Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out. If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.
Rogueware with new Ransomware Technology
Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security. Take note that the malware icon disappears from the computer, and when it does, the attack is in place. If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:
* From Our Take on The News: Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Major patching in store this week, due in part to flaws revealed this summer in Las Vegas?
* A fresh look at a Zeus banking attack counter-measure
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 73 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 73 of the Data Security Podcast
* Conversation: Ira takes a new look at a counter-measure for the latest wave of Zeus banking attacks in his conversation with Steven Dispensa, CTO of PhoneFactor.
* Tales From The Dark Web: It’s like clockwork…two months after security events BlackHat and Defcon every summer in Las Vegas, we see a surge in patches for attacks that were highlighted at these events. Microsoft Security Bulletin Advance Notification for October 13th 2009. Security Advisory for Adobe Reader and Acrobat for October 13th 2009, including the CVE number.
* From Our Take on The News: Danger Will Robinson! Danger! Update on Danger’s Sidekick Massive Data Loss. Read the FAQ for tips on trying to salvage your data.
* Ira has a conversation with two security officers at Adobe Systems about the allegations made by web security researcher Mike Bailey of unpatchable “Same Origin Flaws” in Adobe Flash. Brad Arkin, Director of Product Security and Privacy, and Peleus Uhley, Senior Security Researcher give their take on Mike Bailey’s claims. Here are the links mentioned in the segment:
