Episode 264 of The CyberJungle is about 32 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.
This week’s regular episode of The Cyberjungle is 1 hour and 13 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 181 via the flash player:
Interview
Jason Miller, patch management expert with Shavlik Technologies, tells us how to deal with the biggest patch release in modern IT history… which took place on Tuesday, October 12. Jason’s interview is 8 minutes long, and it begins about 24 minutes into Episode 181.
Your building pass could be more valuable than ever – Some federal employees will see their CACs (common access RFID cards) expanded. They’ll still get the card holder into a building or a computer system. But the cards will be expanded to include to include mass transit fares, debit payment, and ATM functionality… all in one card.
Fun finder or stalker tool? The website wheretheladies.at monitors social networking sites to help dudes locate gatherings of women. But blogger Jason Stamper conducted an experiment that points out the dangers women might face when they publish all the details of their daily lives.
This week’s regular episode of The Cyberjungle is 1 hour and 14 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 169 via the flash player:
Interview
Sean Paul Correll from Panda Security discusses a survey of small and mid-sized businesses, and discusses what he’s learned about the attitudes and the habits they have when it comes to security.
Read the PandaSecurity report on small and medium sized business security. And Sean-Paul mentioned a free USB anti-malware tool, you may find it here.
Tales from the Dark Web
Fake my traffic - is it a scam, or is it just someone who wants to help you perpetrate a scam?
Our Take on This Week’s News
We hate Google, writ large – Consumer Watchdog has produced a hilarious video taking a jab at Google and Eric Schmidt. Worth watching… and a lot of folks are seeing it since it’s playing on the jumbo tron in Times Square. Schmidt as evil ice cream man offering kids free goodies while taking a body scan from his good humor truck. But we wonder about asking congress to create a “don’t track me” list. That’s like asking the three stooges to clean out the tool shed without hurting each other.
Some newer scanners offer a web-based remote document retrieval feature that serves as a hacking tool.
Tales from The Dark Web: Big web traffic means big bucks … but have we uncovered a big Dark Web scam?
Be careful of email messages that appear to come from Symantec products via email. It just might be a scam. See more at Martin Hall’s Blog, The Test Manager
Brian Krebs continues his excellent coverage of the banking Trojans and the people who carry out the attacks. This time the criminals told a money mule that cash stolen from a Catholic diocese was intended for victims of sexual abuse.
Microsoft DLL Flaw New Fixit tool from Microsoft, to be used in conjunction with other mitigation techniques.
Episode 167 is the this week’s full episode of The CyberJungle, posted immediately below. Episode 166 is the su root edition for advanced listeners – material that’s too technical for the radio. The advanced material consists of a couple of conversations with experts who share our alarm at the news that businesses are having a love affair with the iPad… it’s a perfectly wonderful device for watching movies, playing games, and personal communications… but for business, we’ve seen too much evidence that iPad is lacking in security infrastructure, and our two guests agree. Amber Schroeder is CEO of Paraben. She joins us in a 17 minute conversation. And we talk with Raf Los, security evangelist for HP, for 22 minutes. Scroll down to the end of this batch of show notes to find it.
Episode 167:
This week’s regular episode of The Cyberjungle is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 167 via the flash player:
Interviews
Abbreviated versions of the two interviews described above, regarding iPhone security. Amber Schroeder’s short version interview begins approximately 23 minutes into episode 167. The abbreviated interview with Raf Los begins about and hour into the show. For the complete versions of both interviews, scroll down to episode 166.
Forget Big Brother. Steve Jobs Is Watching You- Apple wants to patent spyware technology to record the faces, voices and heartbeats of its iPhone users… EFF predicts the product will be used not only to track lost or stolen phones, but to retaliate against iPhone jailbreakers.
Supercookies - Lawsuit against advertising firm Specificmedia for using cookies even after a customer wants them deleted is extremely complex, but worth understanding. BTW — test your browser to see how many Supercookies are hiding there without your knowledge. Here’s a tool that Ira talked about to delete Supercookies: BetterPrivacy
Kids as guinea pigs? Connecticut high school is being courted by manufacturer of RFID tags, so the company can get $100k in federal grant money for an experiment.
Defense department is officially disclosing the biggest cyberattack against the U.S. military. It originated from a USB device, and by the way, why now? To raise public awareness and concern just in time for a cybersecurity provision in the Defense Authorization Bill.
You’ve heard of waste, fraud and abuse? Chicago doctor bills private insurance companies and Medicare for $13-29 mil in fake treatments… here’s how he did it.
This is our unedited edition, featuring a longer and more technical conversation with two experts about the perils of iPad use in a business environment. Amber Schroeder of Paraben, and Raf Los of HP share their thoughts on the subject. The total time for the two interviews is 42 minutes. You can find additional information about Paraben’s Forensic Innovations Conference 2010 in Park City in November. Read more thoughts from Raf Los in his HP blog here.
You can hear the su root interviews in epsisode 166 by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show. The audio file is 42 minutes long.
To listen to su root edition (episode 166) via the flash player:
You can hear episode 157 by clicking on the Flash player below, or if your device does not support Flash, you can visit our listening options page for other ways to receive the show. Episode 157 is one hour and 10 minutes long.
Interviews
Dr. Charlie Miller, Principal Analyst for Independent Security Evaluators, offers a preview of his DefCon presentation about cyberwarfare to be given in Las Vegas at the end of the month. “Kim Jong-il and Me.” (Yes he’s that Charlie Miller.) Charlie says he really didn’t feel qualified to address the topic of cyberwarfare when he was first asked, but then decided to treat the request as an opportunity to play a game in he pretended he was approached by a rogue government for the purpose of building a cyberarmy. What would it take? Hear Charlie’s interview about 23 minutes into episode 157.
Retraction
The CyberJungle mistakenly reported that it is not possible to turn off an Apple iPad and iPhone feature that reports the owner’s location to the Big A twice daily. We oversimplified this story and we got it wrong. We have been informed by our favorite Apple connoisseurs that it is possible to turn the feature off. We apologize for the misinformation. We have removed the segment from the podcast, so it won’t be heard again, and we will note in next week’s radio show that we were incorrect.
A consumer survey that measured for the first time customer satisfaction with social media sites reports that — are you sitting down? — people hate Facebook. It scored lower than the airlines and the cable companies, and even lower than the IRS.
A watchdog organization reports that White House Emails Show More Extensive Improper Contact With Google. The National Law and Policy Center posts links to its letter to the House Committee on Oversight and Government Reform, asking for an investigation of the relationship between Google and its former lobbyist who now occupies the top advisory position to president Obama on internet policy. There are also links to some of the emails, which seem to support the conclusion that Deputy Chief Technology Officer Andrew McLaughlin is helping to stack the policy deck in Google’s favor on a number of issues.
Get comfy on the patio with a cold brew and read this great story about a fake infosec chick who persuaded her social networking pals — mostly guys who know secrets related to national security — to forget themselves and reveal a lot of stuff they aren’t supposed to give up. To anyone. The girl — Robin Sage — was named after a military training exercise, which was just one of many clues that “screamed fake,” according to her creator, a security researcher whose ruse has demonstrated something we all knew. Only James Bond can flirt with an exotic hottie and not get burned.
GM suffers theft of hybrid technology worth an estimated $40million. Insider stole information by using a portable USB drive. Data allegedly sold to at least one Chinese auto maker, Chery.
You can hear episode 155 by clicking on the Flash player below, or if your device does not support Flash, you can visit our listening options page for other ways to receive the show. Episode 155 is one hour and 14 minutes long.
Interviews
Jeff Bryner from pOwnlabs offers a preview of his DefCon presentation to be given in Las Vegas at the end of the month. “Google Toolbar – The NARC Within” — how the tool bar spies on you. Jeff”s interview is about 9 minutes long, and it begins 22 minutes into the episode.
Penetration Tester David Bryan, speaking for himself, (not his company,) will also present at DefCon – “Cloud Computing as a Weapon of Mass Destruction.” His interview is just over 9 minutes long and begins at about 54 minutes into the episode.
Our Take on This Week’s News
The state of Utah is investigating the origins of a 29-page list of personally identifying information belonging to more than a thousand people the leakers say are illegal immigrants receiving benefits from the taxpayers. This topic stirred up the immigration issue on the talk shows, but we’re interested in these questions: What was the data access policy — who had access to this data and for what purpose? And should there be a set of guidelines for ethical whistleblowing (if that’s what the leakers were trying to do) where electronically stored information is involved?
Photos taken with certain camera-enabled devices can reveal you location with geotags attached to the metadata. Mayhemic Labs has scanned a couple of million photo links on Twitter, and was able to pinpoint location of the user in about three percent of them. Then they created icanstlku.com to prove it.
Peter Eckersly of the Electronic Frontier Foundation announces the results of his research project called Panopticlick . Bottom line – 94 percent of computers leave a unique fingerprint on websites. The interview starts about 25 minutes into episode 141. Episode 141 is one hour and 12 minutes long. You can listen by clicking on the flash player below, or there are other ways of listening to the show on our “listening options “ page.
To listen to Episode 141 via the flash player:
Chris Hogue tells us about his upcoming presentation to a SANS Forensics and Incident Response Summit in Washington DC. He’s discussing “Sniper Forensics”… it’s a new approach to computer forensics. The interview begins about 55 minutes into episode 141.
Our Take on This Week’s News
Zeus-style banking attack perpetrated on a credit union in Salt Lake City. The bad guys apparently penetrated an employee’s desktop computer, and then were able to get into the bank system. $100K disappeared, largely in $5K increments. Credit Union president says the attack got past the company’s Norton… Geez
Remember the Pennsylvania school district that gave its students laptops loaded with tracking software… and then proceeded to collect hundreds of photos of the kids at home, snapped through the laptop lenses… well it seems the tracking software on the Lower Marion laptops can be easily hacked. A security company did some research on it, and here’s what they found.
* Houston DA Tweets the names of people arrested for DUI
* WiFi for passive aggressives
* You won’t believe the password to launch nuclear war
–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 101 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.
* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 74 of the Data Security Podcast
* Conversation: Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.
* Tales From The Dark Web: Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out. If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.
Rogueware with new Ransomware Technology
Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security. Take note that the malware icon disappears from the computer, and when it does, the attack is in place. If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:
* From Our Take on The News: Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory.
The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.
This weeks program – Does that shiny new computer come pre-installed with malware? A new project fights viruses in home PCs FROM the cloud. And, our take on this week’s news.
–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
The Show Notes Page for this week’s The Data Security Podcast
–> Ira has a conversation with Pedro Bustamante, Security Researcher Advisor of Panda, about the testing of a cloud based anti-virus for home PC users. Check out the blog mentioned in the show at: http://blog.cloudantivirus.com .
Privacy advocates have launched a campaign against whole body imaging in U.S. airports
–> From The News: The Fight Against Whole Body Imaging at US Airports. We were afraid nobody was going to object to this!
After a terrifyingly silent public response to news that TSA workers at six major American airports are using whole body imaging technology — Otherwise known as “naked pictures” — of airline passengers, CNN reports this week that privacy advocates have launched a campaign against the machines. You can read the petition here against the “virtual strip search” of citizens by Homeland Security.
