Archive for TSA

June 27, 2011 – Episode 219

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Interview Only Edition, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on June 27, 2011 by datasecurityblog

Episode 219 of  The CyberJungle is about 55 minutes long, due to extended coverage from The Gartner Security Summit 2011.  You can hear it by clicking on the flash player below. The first interview begins at about 19min, and the second interview at about 40min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 219 via the flash player:

Interviews

John Bace, Gartner, Congress just put a bounty on your boss; how one whistleblower earned $90million

Debra Logan, Gartner, on why a judge slapped a million dollar eDiscovery-related fine on a careless company

Our Take On This Week’s News

The IRS fails a security audit (again)

Does the TSA care about your tablet getting stolen at a checkpoint?

Tales From The Dark Web

Department of Justice Disrupts International Cyber Crime Rings Distributing Scareware

Wrap

The end of the supermarket club card?


Conference Coverage

The CyberJungle went to the 2011 Gartner Security Summit this week. Get the reports in Conference Notes.

December 28, 2010 – Episode 193

Posted in Court Cases, criminal forensics, ediscovery, eMail Security, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on December 28, 2010 by datasecurityblog

Episode 193 of  The Cyberjungle  is 33 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 193 via the flash player:

Our Take on This Week’s News

Taking a week off from the news.  But we anticipate a big news year in 2011.

Interviews

#1-  Attorney Don Werno A commercial pilot videos a flaw in TSA security…responsible disclosure or aiding terrorist? We talk to the pilot’s lawyer, Don Werno. Note: The TSA security interview was recorded before the decision to make the pilot’s name public. Don mentions that the pilot may go public in the future, and he did, two days after the interview was taped. The pilot’s name is: Chris Liu.

#2 – Author Lynn Powell was a neighbor of a Cynthia Stewart, a woman whose prosecution made national headlines after she took photos of her 8-year-old daughter rinsing off with the shower hose after a bath. The incident is now a decade old, and settled. It did not involve digital photography or a computer. But we asked Lynn Powell to talk with us about her book, “Framing Innocence,” which tells the story of Stewart’s struggle to keep her daughter, and to stay out of jail. We offer this interview for two reasons. One – law enforcement is still seizing innocent photos of bare-bottomed kids, and videos of nudity shot by parents in playful moments, in an ever-widening search for child porn. This issue has not been resolved. Two – the story reminds us that most big issues in life are rooted in principle, not technology. Cynthia Stewart did not even own a computer, and while the questions in these cases may be more technical in 2011, the principles are the same.

Wrap-up

Is reading your spouse’s e-mail a crime? One DA thinks so.

November 16, 2010 – Episode 187

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Podcast, Show Notes with tags , , on November 16, 2010 by datasecurityblog

Episode 187:

This week’s regular episode of  The Cyberjungle  is 37 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 187 via the flash player:

Interview

Greg Kipper, Futurist with General Dynamics. Mr. Kipper and Ira Victor discuss the future of airport screen technologies. Recorded at The Paraben Forensic Innovator’s Conference in Park City Utah.

Tales from the Dark Web

Myth Busting Web Security Report: Websense releases a report on web threats. The report bust some of the most pervasive myths about how users can protect themselves from attacks by sticking to “safe” web sites.

Cybercrime and Security News

Flyer’s Rights Launches ‘ScannergGate’ Petition to Protest Use of Scanners and ‘Enhanced’ Pat Down - Find out more at Flyer’s Rights, and We Won’t Fly.

New Trojan Carrying Machine? From the NYTimes: “Google wants the next generation of Android phones to replace credit cards, Eric E. Schmidt, Google’s chief executive, said Monday at the Web 2.0 Summit in San Francisco.”

The CyberJungle went to The Paraben Forensic Innovations Conference, Nov 7-10th in Park City Utah. Get his report in Conference Notes. And follow Ira on Twitter for comments and nuggets of interest.

Data Security Podcast Episode 79, Nov 16 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , , , , , , , on November 16, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* The odds of unknowingly logging onto an ‘evil twin’ of your online banking site is increasing due to new broadband hazards.

* A revised Google Book Settlement was submitted to the courts . It doesn’t address privacy at all.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 79 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 79 of the Data Security Podcast

* Program note about this week’s Conversation:  Ira will have an extended, technical conversation with Pedro Bustamante, Senior Security Researcher with PandaSecurity.  Ira and Pedro will discuss web drive-by downloads and other security issues in a special interview segment that will appear in a separate posting later this week. You can listen to the segment by streaming on this site, on iTunes, or other RSS feeds you use to listen to the Data Security Podcast.

* Tales From The Dark Web: What if you typed in your bank’s web address, but unknown to you, you were taken to an evil twin of your bank, controlled by cyber criminals? Well, the odds of that happening is increasing, due to Domain Name System (DNS)  issues in a significant number of broadband modems and routers.  Many other attacks can use these DNS flaws. Hat tip to the coverage by Robert McMillan of the IDG News Service.

* From Our Take on The News:  Airport security in Saint Louis hassled one guy for half an hour, because he was carrying $4,700 in a cash box, which he placed on the x-ray conveyor belt and subjected to TSA scrutiny, as is required for all carry-on cargo. The money was connected with his (legal) job with Campaign for Liberty. The guy recorded the abusive inquisition on his iPhone. The ACLU sued the TSA. Now the airport security rules have changed. Read the coverage in The Washington Times.

* From Our Take on The News:  A flaw in Adobe Flash has a huge impact on web usage, especially those businesses that use Google Gmail/Google Apps/PHP Discussions, and sites the scores of sites that allow the upload of information to the site.  Mike Bailey, an expert on web application security, has an excellent infosec write up at the Foreground Security blog.  Faster read in Computerworld.

*  From The Wrap:  Revised Google Book Settlement was submitted to the court late Friday night. It doesn’t address privacy at all, even after EFF and other parties submitted a legal brief outlining legitimate fears that Google can track, and is likely to share individual book search information with law enforcement and anyone else who issues a subpoena. Google will retain book-search details, right down to page number and how long you lingered there, for every book you search. Read this account of the revised settlement.

Data Security Podcast Episode 72, Oct 04 2009

Posted in Breach, Business Continuity, Conference Coverage, Court Cases, darkweb, Podcast, Vulnerabilities, web server security with tags , , , , , on October 4, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Polymorphic malware – every time it attacks it has a new signature.

* The balance on your bank account looks find, too bad all your money’s gone.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 72 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 72 of the Data Security Podcast

* Conversation:  Ira talks about a dangerous new twist to the banking attacks Yuval Ben-Izhak the CTO of security company Finjan. Here is the link to the Finjan Report on the new Zeus bank Trojan mentioned in the segment.

* Tales From The Dark Web: Polymorphic malware – every time it attacks it has a different signature.  That means you anti-virus won’t recognize it.  Ira talked about the presentation at ISACA Security and Risk Conference by Stuart Staniford, the Chief Scientist at FireEye.  Read the related Anti-Phishing Working Group paper on the topic.

* From Our Take on The News:  From Wired.com – Probe Targets Archives’ Handling of Data on 70 Million Vets

* From Our Take on The News:  Secure Flight Program by the TSA. EPIC (The Electronic Privacy Information Center) follows the surveillance and profiling of airline passengers. Their most recent post on the TSA “Secure Flight” program was in 2007, when the organization recommended that “secure flight should be grounded” due to privacy concerns. The program is now being expanded to require airline passengers to provide their date of birth when they purchase an airline ticket.  See: http://epic.org/privacy/airtravel/secureflight.html

Follow

Get every new post delivered to your Inbox.

Join 1,141 other followers