Archive for USB security

Aug 16th 2013, Episode 312, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on August 15, 2013 by datasecurityblog

Episode 312 of The CyberJungle is about 27 minutes long.  The interview with Chris Payne from SecurityBSidesLV begin at about the 11min mark. The interview with Barry Shteiman, of Imperva begin at about the 15min mark. The interview with Chris Payne from SecurityBSidesLV begin at about the 11min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 312 via the flash player:

Interviews

Chris Payne is part of the GrrrCon crew

Barry Shteiman, is a Sr. Security Strategist with Imperva. Here is a link to their blog.

Our Take On This Week’s News

Google reveals what their real stance is on privacy

What mega tech companies should tell The Feds when it comes to surveillance

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

July 24th 2013, Episode 309, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on July 24, 2013 by datasecurityblog

Episode 309 of The CyberJungle is about 30 minutes long.  The interview with Lance James on DDOS attacks begin at about the 17min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 309 via the flash player:

Interviews

Nick Cavalancia, VP SpectorSoft, on the Human Firewall. Boardroom study on security mentioned in the segment. SpectorSoft Blog for organizations.

Tales From The Dark Web

Phone attackers threaten public safety

Our Take On This Week’s News

SharePoint and USB drives source of Snowden leaks

InfoSec a mess at US State Department?

RFID a bust in Texas public school

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

July 11, 2012, Episode 264, Show Notes

Posted in Breach, criminal forensics, darkweb, Exclusive, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on July 11, 2012 by datasecurityblog

Episode 264 of The CyberJungle is about 32 minutes long.  You can hear it by clicking on the flash player below.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 264 via the flash player:

Interview

F. Michael Maloof: China: ‘Pervasive access’ to 80% of telecoms ; G2 Bulletin

Tales From The Dark Web

USB Drive, Malware and Industrial Control Systems. Read the CERT Report.

Our Take on This Weeks News

Uncovering Privacy Issues With Mobile App Advertising

Patch Tuesday: Microsoft pushes nine fixes for 16 flaws

Anon in Buenos Ares Argentina?

Wrap

A Twitter client for Mac System 6? Oh Yea!

October 17, 2010 – Episode 181

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, The CyberJungle, Vulnerabilities with tags , , , , , on October 17, 2010 by datasecurityblog

Episode 181:

This week’s regular episode of  The Cyberjungle  is 1 hour and 13 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 181 via the flash player:

Interview

Jason Miller, patch management expert with Shavlik Technologies, tells us how to deal with the biggest patch release in modern IT history… which took place on Tuesday, October 12.  Jason’s  interview is 8 minutes long, and it begins about 24 minutes into Episode 181.

Tales from the Dark Web

You’ve  heard of  “software as a service”… Now there’s “crimeware as service” —  a convenient way for the bad guys to outsource their criminal acts.

Our Take on This Week’s News

What’s in your medicine cabinet? The Feds and 34 states are putting together a giant prescription drug database so they can review the contents.

What did he know, and when did he know it? At least one IT staffer in the Lower Marion School District waxed fondly about the remote tracking capabilities on the laptops issued to students who later sued the district for spying on them.

Bullying is bad, um-kay? President Obama holds a town hall with MTV viewers, during which he tells them there should be zero tolerance for bullying — cyber or otherwise.

Security tradeoff: caution for coolness – Device Reputation Service Reveals iPhone at Top of Mobile Transaction Fraud Risk.

Your building pass could be more valuable than ever – Some federal employees will see their CACs (common access RFID cards) expanded. They’ll still get the card holder into a building or a computer system. But the cards will be expanded to include to include mass transit fares, debit payment, and ATM functionality… all in one card.

Mixing business and pleasure – Explosive growth of mobile devices leads to security risks as workers use their own devices to store and transmit work data.

Fun finder or stalker tool? The website wheretheladies.at monitors social networking sites to help dudes locate gatherings of women.  But blogger Jason Stamper conducted an experiment that points out the dangers women might face when they publish all the details of their daily lives.

Kudos for baking it in! New version of Opera to have extensions with software code check for security.

August 28, 2010 – Episodes 166 and 167

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on August 29, 2010 by datasecurityblog

Episode 167 is the this week’s full episode of The CyberJungle, posted immediately below.  Episode 166 is the su root edition for advanced listeners – material that’s too technical for the radio.  The advanced material consists of a couple of conversations with experts who share our alarm at the news that businesses are having a love affair with the iPad… it’s a perfectly wonderful device for watching movies, playing games, and personal communications… but for business, we’ve seen too much evidence that iPad is lacking in security infrastructure, and our two guests agree.  Amber Schroeder is CEO of  Paraben. She joins us in a 17 minute conversation.  And we talk with Raf Los, security evangelist for HP,  for 22 minutes.  Scroll down to the end of this batch of show notes to find it.

Episode 167:

This week’s regular episode of  The Cyberjungle  is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 167 via the flash player:

Interviews

Abbreviated versions of the two interviews described above, regarding iPhone security. Amber Schroeder’s short version  interview begins approximately 23 minutes into episode 167.  The abbreviated interview with Raf Los begins about and hour into the show. For the complete versions of both interviews, scroll down to episode 166.

Tales from the Dark Web

Girl who had sex with 5,000 men… or so she says… makes a great subject to be exploited by sleazy Facebook scammers

Our Take on This Week’s News

Forget Big Brother. Steve Jobs Is Watching You-  Apple wants to patent spyware technology to record the faces, voices and heartbeats of its iPhone users… EFF predicts the product will be used not only to track lost or stolen phones, but to retaliate against iPhone jailbreakers.

Supercookies - Lawsuit against advertising firm Specificmedia for using cookies even after a customer wants them deleted is extremely complex, but worth understanding.  BTW — test your browser to see how many Supercookies are hiding there without your knowledge. Here’s a tool that Ira talked about to delete Supercookies:  BetterPrivacy

Kids as guinea pigs? Connecticut high school is being courted by manufacturer of RFID tags, so the company can get $100k in federal grant money for an experiment.

Defense department is officially disclosing the biggest cyberattack against the U.S. military.  It originated from a USB device, and by the way, why now? To raise public awareness and concern just in time for a cybersecurity provision in the Defense Authorization Bill.

Firewall frustrations: CIOs Surveyed say employees complain about IT security policies. So… is the content-based approach to web filtering the wrong approach?  One researcher  security-based analysis is becoming more important than content filtering.

You’ve heard of waste, fraud and abuse? Chicago doctor bills private insurance companies and Medicare for $13-29 mil in fake treatments… here’s how he did it.

Apple security- critical update for OS X users

Microsoft Security Advisory- (2269637); Insecure Library Loading Could Allow Remote Code Execution …  There’s a detailed blog posting by a security researcher on this massive Microsoft DLL flaw here.

Episode 166 – su root edition:

This is our unedited edition, featuring a longer and more technical conversation with  two experts about the perils of iPad use in a business environment. Amber Schroeder of Paraben, and Raf Los of HP share their thoughts on the subject.  The total time for the two interviews is 42 minutes.  You can find additional information about Paraben’s Forensic Innovations Conference 2010 in Park City in November.  Read more thoughts from Raf Los in his HP blog here.

You can hear the su root interviews in epsisode 166 by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.  The audio file is 42 minutes long.

To listen to su root edition (episode 166)  via the flash player:

Episode 157 – July 25, 2010

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on July 24, 2010 by datasecurityblog

You can hear episode 157 by clicking on the Flash player below, or if your device does not support Flash, you can visit our  listening options page for other ways to receive the show. Episode 157 is one hour and 10 minutes long.

Interviews

Dr. Charlie Miller, Principal Analyst for Independent Security Evaluators,  offers a preview of his DefCon presentation about cyberwarfare to be given in Las Vegas at the end of the month.  “Kim Jong-il and Me.” (Yes he’s that Charlie Miller.) Charlie says he really didn’t feel qualified to address the topic of cyberwarfare when he was first asked, but then decided to treat the request as an opportunity to play a game in he pretended he was approached by a rogue government for the purpose of building a cyberarmy.  What would it take?  Hear Charlie’s interview about 23 minutes into episode 157.

Retraction

The CyberJungle mistakenly reported that it is not possible to turn off an Apple iPad and iPhone feature that reports the owner’s location to the Big A twice daily.  We oversimplified this story and we got it wrong.  We have been informed by our favorite Apple connoisseurs that it is possible to turn the feature off.  We apologize for the misinformation. We have removed the segment from the podcast, so it won’t be heard again,  and we will note in next week’s radio show that we were incorrect.

Tales from the Dark Web

If you’re using Microsoft Windows this attack is aimed at you.  (Raise your hand if you aren’t using Microsoft Windows.)  Here is the MSFT Advisory on the Microsoft Link Attacks. Here is an explanation of the attack and video demo from Sophos.

Our Take on This Week’s News

A consumer survey that measured for the first time customer satisfaction with social media sites reports that — are you sitting down? — people hate Facebook.  It scored lower than the airlines and the cable companies, and even lower than the IRS.

A watchdog organization reports that White House Emails Show More Extensive Improper Contact With Google. The National Law and Policy Center posts links to its letter to the House Committee on Oversight and Government Reform, asking for an investigation of the relationship between Google and its former lobbyist who now occupies the top advisory position to president Obama on internet policy.  There are also links to some of the emails, which seem to support the conclusion that Deputy Chief Technology Officer Andrew McLaughlin is helping to stack the policy deck in Google’s favor on a number of issues.

And while we’re at it, was Google providing intelligence data to the federal government as part of its WiFi Streetview program?

This should freak you out. A Woman found a webcam hidden inside a copy of Chicken Soup for the Soul, which was on a bookcase in her bedroom, pointed directly at her bed.  We found a source for these cameras, which are supposed to be a security tool,  for less than 50 bucks.

Get comfy on the patio with a cold brew and read this great story about a fake infosec chick who persuaded her social networking pals — mostly guys who know secrets related to national security — to forget themselves and reveal a lot of stuff they aren’t supposed to give up.  To anyone.  The girl — Robin Sage — was named after a military training exercise, which was just one of many clues that “screamed fake,” according to her creator, a security researcher whose ruse has demonstrated something we all knew.  Only James Bond can flirt with an exotic hottie and not get burned.

GM suffers theft of hybrid technology worth an estimated $40million. Insider stole information by using a portable USB drive. Data allegedly sold to at least one Chinese auto maker, Chery.

Major Zero-day flaw in Apple’s Safari browser discovered, Apple ignored the warnings so well-known researcher goes public.

Some Dell replacement motherboards come pre-loaded with malware.

July 18, 2010- Episode 155

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, Legislation, The CyberJungle, Vulnerabilities with tags , , , , , , on July 17, 2010 by datasecurityblog

You can hear episode 155 by clicking on the Flash player below, or if your device does not support Flash, you can visit our  listening options page for other ways to receive the show. Episode 155 is one hour and 14 minutes long.

Interviews

Jeff Bryner from pOwnlabs offers a preview of his DefCon presentation to be given in Las Vegas at the end of the month.  “Google Toolbar – The NARC Within” — how the tool bar spies on you. Jeff”s  interview is about 9 minutes long, and it begins 22 minutes into the episode.

Penetration Tester David Bryan, speaking for himself, (not his company,) will also present at DefCon —  “Cloud Computing as a Weapon of Mass Destruction.” His interview is just over 9 minutes long and begins at about 54 minutes into the episode.

Our Take on This Week’s News

The state of Utah is investigating the origins of a 29-page list of personally identifying information belonging to more than a thousand people the leakers say are illegal immigrants receiving benefits from the taxpayers.  This topic stirred up the immigration issue on the talk shows, but we’re interested in these questions:  What was the data access policy — who had access to this data and for what purpose? And should there be a set of guidelines for ethical whistleblowing (if that’s what the leakers were trying to do) where electronically stored information is involved?

The Bureau of Motor Vehicles in the state of Ohio is selling personal information about its licensed drivers.  For some reason, the primary beef is that the state isn’t making enough money selling the identities of its citizens.

NSA whistleblower facing 35 years in prison

Bank Account Takeover Attack Now Mimicking Credit Card SecureCode Systems

New  zero day Attack using USB drives. There is a Microsoft advisory for dealing with it.

Bluetooth is making it easier for cybercriminals to steal debit card numbers at the gas pump.

Google get patent on technology that monitors on your mouse movements as it relates to search results. And Google is becoming quite an established presence on Capitol Hill.

Photos taken with certain camera-enabled devices can reveal you location with geotags attached to the metadata.  Mayhemic Labs has scanned a couple of million photo links on Twitter, and was able to pinpoint location of the user in about three percent of them.  Then they created icanstlku.com to prove it.

Chinese Cyber Army presentation pulled at BlackHat under pressure from Taiwan.

The CyberJungle Episode 101 – Jan 10 2010

Posted in Annoucements, Breach, Court Cases, darkweb, eMail Security, Legislation, Podcast, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on January 10, 2010 by datasecurityblog

Security, Your Privacy, and The Law

On this week’s program:

* Houston DA Tweets the names of people arrested for DUI

* WiFi for passive aggressives

* You won’t believe the password to launch nuclear war

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 101 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive.

Show Notes for Episode 101 of the CyberJungle

* Conversation: Ira and Samantha interview Houston civil rights attorney Randall Kallinen about the Houston Texas-area DA Tweeting the names of those arrested for DUI.

*How Google collects information

*Google Near Me Now application

* Digital piracy hits the book industry

* Mind-reading at the airports

*WiFi for passive aggressive

*Nuclear launch passcodes

*Ransomware – buy back your own files?

*One in ten botnets are engaged in the Zues attack

*Ironkey CEO speaks about the USB crypto flaw

*FTC says FCC needs to consider the dangers of cloud computing

Follow

Get every new post delivered to your Inbox.

Join 1,106 other followers