Archive for XSS

September 25, 2010 – Episode 175

Posted in Annoucements, Breach, Conference Coverage, Court Cases, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , on September 26, 2010 by datasecurityblog

Episode 175:

This week’s regular episode of  The Cyberjungle  is 1 hour and 25 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 175 via the flash player:


Interview

Lance Spitzner from the SANS “Securing the Human” project joins us to discuss the final (and largest) hole in network security. It’s the users, stupid.  Millions of hours and billions of brain cells have been spent securing computers and networks.  The job will never be done until we secure the humans.  Our interview with Lance is about 5 minutes long, and it starts about 25 minutes into the show. Lance’s blog posting with slides from his presentation at SANS Las Vegas.

Tales from the Dark Web

Twitter attack is warning to social network users

We all love to give our opinions.  Apparently, the bad guys know it. The latest dark web scam involves online and email surveys.

Our Take on This Week’s News

Teacher fired for posting a blog that included references to various students. The article in the Austin Statesman is unclear, but the reader comments help us piece together the story. Apparently this teacher, who was last year’s teacher of the year, wrote a blog on which she contemplated how to approach teaching challenges presented by some of her individual students.  Her mistake was probably posting photos.  One comment indicates that she did not identify any of the students by name.  We are inclined to blame the administration for failure to make clear the policies regarding federal student privacy laws (FERPA).

“Respondent May NOT Use Internet in Any Manner to Communicate About Petitioner Ever Again.” An order handed down in a divorce case.  The question on the Volokh Conspiracy is whether the order in constitutional.  (Remember free speech?) You can’t libel someone, and maybe you can be gagged during litigation, but the government can’t permanently keep you from trashing your ex.

Wonder how many jobs this created or saved? Federal stimulus dollars are being used for an RFID program to track preschoolers.    ACLU and EFF open a can of whip-ass.

Lawyers heart Facebook! Best not to post photos of yourself looking healthy and robust on Facbook if you’re in litigation for a personal injury.  A judge has ordered  the private portions of plaintiff’s Facebook are discoverable,  since the public portions suggest she’s having more fun that she claims her physical condition permits.

U.S. Cybercommand proposing an internet “safe zone” for government and such critical industries as utilities and banking.  A super-safe segregated network might raise as many questions as it answers. Read various versions below for a variety of angles.

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092302171.html

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092305431.html

http://www.nytimes.com/2010/09/24/us/24cyber.html?_r=1&ref=technology

http://www.wired.com/dangerroom/2010/09/militarys-cyber-commander-swears-no-role-on-civilian-networks/

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227500515

Worm attack on Iranian nuke facility. Is this malware part of a nation-state attack?

Top ten internal threats to network securityThis how the risks stack up according to researchers at Fortinet.

Data Security Podcast Episode 87, Dec 28 2009

Posted in Breach, Court Cases, criminal forensics, ediscovery, Exclusive, Podcast, Zero Day Project with tags , , on December 27, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* One semi-colon could expose your web server, and there’s no patch

* World Exclusive Interview:  Researcher uncovers Adobe Flash programming flaw that impacts millions of web users.

* Our take on this week’s news

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):


–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 87 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 87 of the Data Security Podcast

* Ira talks with Eugene Dokukin about flaws in the programming of Adobe Flash.  Read more on Eugene’s site, including how to change the code in the Adobe Flash files your company creates.

* From Our Take on The News:  More people report debit info stolen at gas pumps . Read more here.

Ohio Supreme Court

Ohio Supreme Court

* From Our Take on The News:  The Semi‐Colon Attack: Microsoft IIS Zero-Day Vulnerability.  Read more here, including work-arounds.

* From Out Take on The News:  Ohio Supreme Court rules on cell-phone search and seizure.  Read the opinion here.

Data Security Podcast Episode 85, Dec 14 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , , , , on December 14, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* New surge in attacks targeting bank accounts

* Data security requires physical security

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:


–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 85 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 85 of the Data Security Podcast

* Ira talks with Marc Weber Tobias  about lock security. Read more at the in.security.org blog site.  The book authored by Marc, mentioned in the segment, Open in Thirty Seconds.

* Tales From The Dark Web:  New surge in bank stealing attacks, via SQL injection.  Read more at The Register.  Part II: Top Cyber Attack Vectors of 2009, as documented by Verizon. Read the report here.

* From Our Take on The News: It’s confirmed Cybercriminals are now hiring hit men just like the real mafia. Read more at LawFuel.com .

* From Our Take on The News:  Bruce Schneier (of Schneier on Security) says he missed this story… and pointed us to the Top Ten Stories You Missed this year, posted by a publication called “Foreign Policy.  Here’s story number 7. How to get an American passport for a fake person..

* The Wrap:  Holiday attacks target Facebook users, read more from PandaLabs .

Data Security Podcast Episode 83, Nov 30 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Podcast, Vulnerabilities with tags , , , , , , on November 29, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* New highly damaging attack plays on the very fear of being attacked

* Stopping insider attacks with the right internal controls

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:


–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 83 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 83 of the Data Security Podcast

* Ira has a conversation with Cheryl Traverse President/ Chief Executive Officer with Xceedium, a company that provides centralized, secure IT operations management.  Ira and Cheryl talk about the controls that protect against insider threats, and help put organizations in compliance with data security and privacy mandates.

* Tales From The Dark Web:  Bank attacks hides in ‘software update’ links. This attack combines the fear of not properly patching with attacks that empty business bank accounts. Hat tip to the story in Darkreading.com .

* From Out Take on The News: Reuters news story on the under-reporting of cyber attacks.

What Happens In Vegas...Goes Where??

* From Our Take on The News: Las Vegas Metro Police admits to large databreach of background check data.  Hat tip to excellent work by The Las Vegas Sun newspaper.

*  From The Wrap: We comment on the news that the Ikee worm author gets job at iPhone app firm, as posted by Graham Cluley.

Data Security Podcast Episode 80, Nov 19 2009

Posted in darkweb, Interview Only Edition, Podcast, Vulnerabilities, web server security with tags , , , , , , on November 19, 2009 by datasecurityblog

For Thursday November 19th, and Friday November 20th, we depart from our regular format for those with an advanced understanding of information security technologies.

These two special editions feature technical conversations with newsmakers on new counter measures to fight web drive-by downloads. Part one (this episode) features Pedro Bustamante, Senior Security Researcher with PandaSecurity. Part two will post tomorrow, with an EXCLUSIVE interview with the creators of a new hardware sandbox approach to this vexing security issue.

We will return to our regular format of the latest news on data security, privacy, and the law with Episode 82.  Episode 82 is scheduled to post Sunday night /Monday morning, November 23rd, 2009 at ~12.01am Greenwich Mean Time. That is our regularly scheduled show posting time.

On Episode 80:  InfoSec Conversation with Pedro Bustamante on countering web drive-by downloads.

–> Stream This Special Episode with our Built-In Flash Player:


–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 80 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version forFREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 80 of the Data Security Podcast

Ira has an extended, technical conversation with Pedro Bustamante, Senior Security Researcher with PandaSecurity. Ira and Pedro will discuss web drive-by downloads. Here is the link that Pedro mentions in the segment.

Data Security Podcast Episode 78, Nov 09 2009

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Report Security Flaws, Vulnerabilities, web server security with tags , , , , , , , , , , , , on November 8, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Why are web drive-by downloads proliferating like cockroaches?

* Sixty Minutes just covered a data security story. We rate the coverage.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:


–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 78 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 78 of the Data Security Podcast

* Conversation:  Ira talks with Georg Hess, CEO and Co-Founder, Art of Defence, about network scans versus web application scans. OWASP AppSec DC 2009 takes place this week,  November 10-13th, in Washington, DC. The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Their mission is to make application security visible,  so that people and organizations can make informed decisions about true application security risks.

OWASP Conf 2009 Wash DC

* Tales From The Dark Web:  Our take on the 60 Minutes segment Sabotaging The System:  Could hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal? Be sure to watch this video segment with the highest level non-technical boss in your organization. Also, make sure you, and your non-technical boss watch the “Web Extras” from this segment.  One of the stunning parts of the segment was the claim that private companies are more vulnerable because the companies only care about profit. Unlike government networks, which are more secure (uh?).  If that was the case, how can that be squared against the portion of the segment that revealed that the Feds lost 12TB of data from the DOD, DOE, DOC and possible NASA, in 2007? Where was the profit motive that stopped good security in those organizations? Security expert Robert Graham explores this, and other issues, in this posting: Brazil outage NOT caused by hackers.

* From Our Take on The News:  New open-source voting technology – the developer is looking for jurisdictions to try it for free.  Read the Wired account.

* From Our Take on The News:  A technical overview of the newly discovered SSL vulnerabilities and possible mitigation. Ben Laurie has excellent, technical blog postings about the SSL protocol flaw.

* From Our Take on The News:  Voters hate traffic surveillance cameras — proven in three U. S. cities in last week’s elections. (As if we still need proof.) Great coverage of traffic surveillance and related matters in Maryland. (But the topic is universal).

* From The Wrap:  First iPhone worm found, details at F-Secure.  A how-to for changing the SSH default password in your jailbroken iPhone; one uses a computer connected to your iPhone to change the SSH settings.  Note: If you are not using a jailbroken iPhone, you don’t need to make changes to be protected from this particular attack.

Data Security Podcast Episode 75, Oct 25 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Legislation, Podcast, Report Security Flaws, Vulnerabilities, web server security with tags , , , , , , , , , , on October 25, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Everyone loves retail gift cards…they are quick and easy for consumers, and for web application “hackers.”

* Some Time Warner cable internet users are vulnerable to serious attacks — when will Time Warner release a fix?

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:


–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 75 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 75 of the Data Security Podcast

Time Warner-supplied SMC cable modem: open for exploit?

Time Warner-supplied SMC cable modems: Open for Exploit?

* Conversation:  Ira talks with David Chen of Pip.io with an update on the critical vulnerabilities he discovered in a batch of Time Warner cable modems (made by SMC). TW now acknowledges the flaw, and they have made statements elsewhere that a fix is being deployed. David Chen tells us that as of this past weekend the vulnerabilities remain.  Both David Chen and The Data Security Podcast have attempted to get an update on a fix. Time Warner cable has not replied to written requests from David Chen, or from this program.  David Chen is blogging with recommendation on how he thinks Time Warner Cable could mitigate these flaws… see his latest blog here.

* Tales From The Dark Web: Retail gift cards are potentially vulnerable to attacks. One that jumps out: web application attacks. Read the entire report by Corsaire.

* From Our Take on The News: Jurors are using smartphone from the jury box and the deliberation room – potentially putting trial outcomes into jeopardy.

* From Our Take on The News: Treasury Strategies Sees Possible Bank Failures Due to Fraud Losses

* The Kicker: Long Island Teen Uses Hidden Video to Catch a Thief

Modern Bank Robbers Could Shutter As Many As 10 Financial Institutions

BREAKING NEWS – New Twist to Zeus Bank Trojan; Well-Known Penetration Tester at ISACA Conference Calls Revelation “Disastrous”

Posted in Annoucements, Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Vulnerabilities, web server security with tags , , , , on September 30, 2009 by datasecurityblog

Reporting from the ISACA Security and Risk Management Conference in Las Vegas, we have breaking security news this morning.

Organized cyber criminals have added a new damaging element to an already viscous cyber attack. Yuval Ben-Itzhak, CTO of Finjan spoke by phone with the Data Security Podcast about a frightening new twist to the surge of bank account stealing Trojan attacks.

First some background: This news program, and other media outlets, have been reporting in the last few months about a wave of bank account Trojans that have been stealing money from small and medium sized businesses, and local governments. Theses well organized cyber criminals have been combining web drive-by attacks, with unauthorized electronic funds transfers. The cyber criminals then use innocent money mules to launder the money. The mules are typically lured into popular “make cash at home” schemes.

A construction company in Maine lost $588,000 from a recent attack, and they are now suing their bank. It’s important to note that while consumers generally have 60 days to “unwind” an unauthorized electronic funds transfer, businesses accounts are only protected if the bank is alerted within 48 hours of an unauthorized transfer. On The Data Security Podcast earlier this week, we interviewed the lawyer representing the construction company that suffered the $588,000 loss, see link below.

The Data Security Podcast can now report a dangerous new element to these attacks. Ben-Izthak tells the Data Security Podcast that Finjin security researchers have seen the cyber criminals actually alter the “account view” online screens that a victim sees. Of course the altered screen views do not show suspicious transactions. This means that a business will probably lose the chance to catch unauthorized transactions within the 48 hour window.

Here’s the process – The business uses a computer(s) to do online business banking, and uses that same computer to do web activities, email, and other standard business internet tasks. The attackers use those normal internet activities to plant a version of Zeus banking Trojan onto the business computer systems. These attacks are designed to by-pass most firewalls and many popular anti-virus programs.

The Trojan captures log-in info, challenge question/answers, and account numbers, right from the business computer systems…all the info the criminals need to conduct unauthorized electronic funds transfers.

Here’s the new twist: The attackers are now altering the web screens that display business account information. The bank’s computers are not altered, but rather the business customer’s view of their own accounts, as seen from their own computers. This is known in security-speak as an integrity attack: when authorized persons are unable to trust the accuracy of their own information

Ira Victor, Co-Host of The Data Security Podcast, is covering the ISACA Las Vegas Conference and had an exclusive sit-down interview with well-known data security researcher and penetration testing expert ‘Famous Peter Woods’ (as he is known), about this new attack.  Peter Woods is the COO of First Base, a security company in the UK.  Mr. Woods is also a keynote speaker at the conference.

Peter Woods characterized this new variation of the Zeus bank Trojan “as a disaster.”  Mr. Woods recommended that business engage is a serious round of new user awareness training. When we asked Mr. Woods about technical counter-measures the banks could undertake, he questioned the willingness of many banks to invest in counter-measures that would truly be effective against these types of attacks. He thought that many banks would be more likely to add new legal disclosures in an attempt to indemnify themselves from financial loss.

Indeed, some banks are now putting new warnings on their web sites that encourage customers to “update anti-virus” and to “update system-patches.” Other speakers at the ISACA conference in Las Vegas generally agree that while that those measures are good for stopping certain attacks, they are mostly insufficient to thwart these newer types of attacks.

In Data Security Podcast Episode 71, Samantha Stone has an eye-opening interview with the attorney of the Maine construction company that lost $588,000 in a cyber attack, and is suing their bank. The cause of action? The plaintiff claims the bank breached it fiduciary duty when it failed to protect against the loss of the $588,000.  We suspect that a variant of  the Zeus banking Trojan attack was used to steal the money.

Be sure to listen to subscribe to our RSS feed and listen Data Security Podcast Episode 72. When that show posts, it will include our interview with Yuval Ben-Yitzhak of Finjan. Here is the link to the Finjan Report on the new Zeus bank Trojan.

Data Security Podcast Episode 70, Sep 21 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , on September 20, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* Full access to anyone’s Facebook account for $100?

* Update on confidential data case in Maricopa County, AZ

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:


–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 70 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 70 of the Data Security Podcast

* Tales From The Dark Web:  According to a PandaLabs report, for $100, members of the Dark Web will provide you with the password on any Facebook user.  What else are they doing with the data?

$100 for a Facebook Users Password?

$100 for a Facebook User's Password?

* From the News:  The SANS Institute releases The Top Cyber Security Risks report.  It’s a must read .

* From the News: An Ohio children’s hospital experienced a data breach when man tried to spy on ex-girlfriend using malware. Excellent coverage by Robert McMillan of IDG News Service.

*  From the News:   According to a new study: eCommerce Merchants “…Can Convert 11% More Digital Window Shoppers by Adding Security Trustmarks”

Follow

Get every new post delivered to your Inbox.

Join 1,064 other followers