Archive for USB security

July 18, 2010- Episode 155

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, Legislation, The CyberJungle, Vulnerabilities with tags , , , , , , on July 17, 2010 by datasecurityblog

You can hear episode 155 by clicking on the Flash player below, or if your device does not support Flash, you can visit our  listening options page for other ways to receive the show. Episode 155 is one hour and 14 minutes long.

Interviews

Jeff Bryner from pOwnlabs offers a preview of his DefCon presentation to be given in Las Vegas at the end of the month.  “Google Toolbar – The NARC Within” — how the tool bar spies on you. Jeff”s  interview is about 9 minutes long, and it begins 22 minutes into the episode.

Penetration Tester David Bryan, speaking for himself, (not his company,) will also present at DefCon —  “Cloud Computing as a Weapon of Mass Destruction.” His interview is just over 9 minutes long and begins at about 54 minutes into the episode.

Our Take on This Week’s News

The state of Utah is investigating the origins of a 29-page list of personally identifying information belonging to more than a thousand people the leakers say are illegal immigrants receiving benefits from the taxpayers.  This topic stirred up the immigration issue on the talk shows, but we’re interested in these questions:  What was the data access policy — who had access to this data and for what purpose? And should there be a set of guidelines for ethical whistleblowing (if that’s what the leakers were trying to do) where electronically stored information is involved?

The Bureau of Motor Vehicles in the state of Ohio is selling personal information about its licensed drivers.  For some reason, the primary beef is that the state isn’t making enough money selling the identities of its citizens.

NSA whistleblower facing 35 years in prison

Bank Account Takeover Attack Now Mimicking Credit Card SecureCode Systems

New  zero day Attack using USB drives. There is a Microsoft advisory for dealing with it.

Bluetooth is making it easier for cybercriminals to steal debit card numbers at the gas pump.

Google get patent on technology that monitors on your mouse movements as it relates to search results. And Google is becoming quite an established presence on Capitol Hill.

Photos taken with certain camera-enabled devices can reveal you location with geotags attached to the metadata.  Mayhemic Labs has scanned a couple of million photo links on Twitter, and was able to pinpoint location of the user in about three percent of them.  Then they created icanstlku.com to prove it.

Chinese Cyber Army presentation pulled at BlackHat under pressure from Taiwan.

The CyberJungle Episode 101 – Jan 10 2010

Posted in Annoucements, Breach, Court Cases, darkweb, eMail Security, Legislation, Podcast, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on January 10, 2010 by datasecurityblog

Security, Your Privacy, and The Law

On this week’s program:

* Houston DA Tweets the names of people arrested for DUI

* WiFi for passive aggressives

* You won’t believe the password to launch nuclear war

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 101 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive.

Show Notes for Episode 101 of the CyberJungle

* Conversation: Ira and Samantha interview Houston civil rights attorney Randall Kallinen about the Houston Texas-area DA Tweeting the names of those arrested for DUI.

*How Google collects information

*Google Near Me Now application

* Digital piracy hits the book industry

* Mind-reading at the airports

*WiFi for passive aggressive

*Nuclear launch passcodes

*Ransomware – buy back your own files?

*One in ten botnets are engaged in the Zues attack

*Ironkey CEO speaks about the USB crypto flaw

*FTC says FCC needs to consider the dangers of cloud computing

Data Security Podcast Episode 74, Oct 18 2009

Posted in Breach, Business Continuity, Court Cases, darkweb, Vulnerabilities with tags , , , , , , , on October 19, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.

* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 74 of the Data Security Podcast

* Conversation:  Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.

* Tales From The Dark Web:  Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out.  If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.

Rogueware with new Ransomware Technology

Rogueware with new Ransomware Technology

Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security.  Take note that the malware icon disappears from the computer, and when it does, the attack is in place.  If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:

WNDS-TGN15-RFF29-AASDJ-ASD65
WNDS-U94KO-LF4G4-1V8S1-2CRFE
WNDS-6W954-FX65B-41VDF-8G4JI
WNDS-G84H6-S854F-79ZA8-W4ERS
WNDS-TTUYJ-7UO54-G561H-J1D6F
WNDS-A1SDF-6AS4D-RF5RE-79G84
WNDS-A1SDF-RY4E8-7U98D-F1GB2
WNDS-5SRTS-AEHUF-YA54S-D6F35
WNDS-P9685-4H41A-DSW3A-2R64T
WNDS-2AE32-1VFC2-B6894-G67YU
WNDS-4TS8R-D6F5D-4JH8T-U4JK5
WNDS-FGS5D-649RG-4S53D-412SF
WNDS-452S3-ER00F-TSE35-S8FSD
WNDS-SERFH-2642S-F04SD-64FG1
WNDS-F40SA-1ER5H-4FG5D-F8412
WNDS-5D1V2-XB0D5-JT1TY-97DS3
WNDS-4BGY2-JY4KO-IT98Y-7HJ43
WNDS-G8FB6-1V87S-DRT1S-63SRG
WNDS-HFVDR-9844O-U54DA-5TBSC
WNDS-89OF7-7324R-5SAD4-TG68U
WNDS-JUYH3-24GHJ-HGKSH-FKLSD

* From Our Take on The News:  Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory. 

Data Security Podcast Episode 54 – May 24 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , , , on May 24, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – Does that shiny new computer come pre-installed with malware?  A new project fights viruses in home PCs FROM the cloud. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for this week’s The Data Security Podcast

–> Ira has a conversation with Pedro Bustamante, Security Researcher Advisor of Panda, about the testing of a cloud based anti-virus for home PC users.  Check out the blog mentioned in the show at: http://blog.cloudantivirus.com .

Privacy advocates have launched a campaign against whole body imaging in U.S. airports

Privacy advocates have launched a campaign against whole body imaging in U.S. airports

–> Tales From The Dark Web: Does that shiny new computer come pre-installed with malware?

–> From The News: The Fight Against Whole Body Imaging at US Airports. We were afraid nobody was going to object to this!

After a terrifyingly silent public response to news that TSA workers at six major American airports are using whole body imaging technology — Otherwise known as “naked pictures”  — of airline passengers, CNN reports this week that privacy advocates have launched a campaign against the machines.  You can read the petition here against the “virtual strip search” of citizens by Homeland Security.

–> From The News: 9 Month Old Critical Java Vuln. Still Not Patched in Mac OS X

–> From The News:  C. Harwick’s Thrica.com blog posting on potentially harmful privacy issues with Safari 4 beta

–> Wrap Up: Massachusetts Supreme Judicial Court Tosses Out Warrant in Boston College Case, Says No Probable Cause Existed

Data Security Podcast Episode 53 – May 18 2009

Posted in Breach, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities, web server security with tags , , , , , , , on May 17, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – One web malware variant overtakes all others; Smart cards INSIDE MiniSD for two factor auth via cell phone. And, our take on this week’s news.

–> Stream, subscribe or download – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–> Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> Stream, subscribe, or download via our page at Podcast.com.

This week’s show is sponsored in part by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software.  If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com . Also sponsored by  DeviceLock Removable Media Security Software.

The Show Notes Page for this week’s The Data Security Podcast

Combining smart cards and memory on a MiniSD for two factor ID

Combining smart cards and memory on a MiniSD for two factor ID

–> Ira has a conversation with William Holmes, of Go Trust. They have developed technology to merge smart cards with MiniSD memory. This technology can be used to make rather smart two-factor authentication. Go Trust is looking for people that want to develop applications that leverage this new security technology.

–> Tales From The Dark Web: According to Graham Cluely’s Blog at Sophos, Malicious JSRedir-R script found to be biggest malware threat on the web, at least for the next 15 minutes..

–> Be sure to read a new feature on our web site: Lame Excuses, the dumb statements by people who should have been responsible for securing information.  A new entry was added this week, and we welcome your contributions.

–> From The News: The Federal Computer Week story,  Homeland Security Information Network suffers intrusions.

–> From The News: U.S. attorney’s office tells employees not to log on to Drudge Report, as reported by Jonathan Martin at POLITICO.com .

Data Security Podcast Episode 46 – Mar 30 2009

Posted in Breach, darkweb, Vulnerabilities with tags , , , , , , on March 29, 2009 by datasecurityblog

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program: New broadband gear botnet ;What will happen with Conficker on April 1st?  And the week’s news.

–> Stream, subscribe or download Episode 46 - Listen or subscribe to the feed to automatically get the latest episode sent to you to your  Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

This week’s show is sponsored by The Engate Hosted eMail Security System. Tell them you heard about them on the Data Security Podcast and get 50% off their service. Offer good until March 31st, 2009. Tales from The Dark Web Sponsored by DeviceLock Removable Media Security Software.

The Show Notes Page for Episode 46 of The Data Security Podcast

-From The News: NASCIO publication mentioned by Samantha, in her story on security and the stimulus plan.

- From The News: Ransom-ware attacks mentioned by Ira. See FireEye’s Blog posting on the topic for more details, including how to de-crypt files without paying the Dark Web’s ransom.

-From The News: RSPlug-F Mac Trojan horse distributed via HDTV website. See the video of an attempted attack. No such thing as malware for the Mac, eh?

. -Tales From The Dark Web: New psyb0t malware targets certain Linux broadband networking equipment. DroneBL has extensive information, scroll down to a post by Crichton for instructions on how to apply defence in depth security to networking gear that does not allow you to change factory default usernames. Unfortunately, many gear makers fall into that category. One also needs to update firmware on networking gear, not just desktop PCs, servers and handheld devices.

- Conversation: Ira talks with Paul Royal of PureWire Security about Conficker and what might or might not happen on April 1st, 2009.

- Wrap Up: Lauren buys a PC. Comments are from YouTube post, not from Data Security Podcast

Follow

Get every new post delivered to your Inbox.

Join 1,139 other followers