August 15, 2010 – Episodes 162 and 163

Episode 163 is the this week’s full episode of The CyberJungle, posted immediately below.  Episode 162 is the su root edition for advanced listeners – material that’s too technical for the radio.  The advanced material consists of an interview with Wayne Huang,  who did early research that led to the discovery of the drive-by download.  Scroll down to the end of this batch of show notes to find it.

Episode 163:

This week’s regular episode of  The Cyberjungle  is 1 hour and 19 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 163 via the flash player:

Interview

Wayne Huang is an executive at Armorize, working in Taiwan. His early research led to the discovery of what we now call drive-by downloads.  This episode of the Cyberjungle has a 7-minute interview with Wayne, which is a bit more elementary than the 35-minute su root version at the bottom of this set of show notes.  The 7-minute interview starts at about 24 minutes into episode 163.

Free Open Source Project to fight drive-by downloads is at Drivesploit.

Tales from the Dark Web

When your patch reminders pop up on your screen automatically, that’s a convenience.  When they arrive by email, that’s a scam.

Our Take on This Week’s News

Is Google buying microdrones like the ones in this vide0? And if so, what will Goolge do with them? Seems unclear at this point, but the implications kind of freak us out.

This is about as low as it gets: Cybercriminals pose as American military men — even fallen soldiers — creating fake dating profiles to ensnare women romantically and then ask them for money.

Everyone wants an iPad… we wonder if elected officials are willing to contort financial reality and ignore open meeting law requirements in order to play with an iPad on the taxpayers dime.  This USA today report says city councils are buying iPads to save the cost of paper.  But they might be buying a whole lot of trouble that will make the paper budget seem trivial.

City of San Francisco’s former network administrator Terry Childs was sentenced to 4 years for locking the city out of its network.  He’s been cooling his heels in jail for two years during the trial, and now it looks like he’ll serve about another 6 months with credit for time served. The San Francisco Weekly had the best summary of the case, and seems to be the only media outlet that truly grasps the moral of the Terry Childs story.

Attention merchants and other businesses relying on credit card purchases. PCI 2.0 is coming in October, and will probably become effective in January.  Yes, it will require more of you. Here is the current standard. The new standard will require web application logging, and better accountability and tracking of credit card number within the business network.

Apple iPhone Patches have been distributed for devices affected by the jailbreakme flaw.  Problem is, the patches work selectively. They do not apply to all devices.  Available for: iOS 2.0 through 4.0.1 for iPhone 3G and later, iOS 2.1 through 4.0 for iPod touch (2nd generation) and later. Here’s Apple’s report on the flaw.  Jay Freeman (Saurik) has made an unofficial patch for one (CVE-2010-1797) of the two vulnerabilities patched by Apple. It’s available for Jailbroken devices via Cydia,  and will work also on the older devices that have not yet received any updates from Apple, plus new devices if you don’t want to use Apple’s update.

Adobe Flash problems aren’t solved after upgrades.

Cybercriminals are already gearing up for the holidays, creating booby traps for likely Halloween and Thanksgiving search terms.

Did your shrink leave town for a convention this week?  If (s)he is attending the San Diego gathering of the American Psychological Association, you might want to text him or her, and warn about the social networking app the convention organizers have made available.  Seems the attendee code on the ID badges double as the log-in codes for the shrink network.  Oops… one wrong digit and you can view someone else’s conference registration data.

CyberJungle FAQ

1. From Steve: Our small business is running rather old PCs. Many of them are over 7 years old, and they take for ever to boot up. We are on a tight budget, we are seeing refurbished PCs with XP and new PCs with Windows7, is it worth the extra money to upgrade to Windows7? Will we get improved security?

A: YES, and your company can purchase refurbished PCs running Windows7. Get the 64 bit version, and upgrade to Office2010, for improved security and productivity.

2. From Malik: We are having a lot problems with our business email server. We are a company with less than 20 employees, but we are spending a lot of money with our IT guy on the server, where the email, and our filesve. He says we should buy a new server. The one we have is about 5 years old. Should we buy a new server, or, should we look at switching to something like gmail?

A: Get a new, smaller file server that runs Windows2008, or (even better) Linux. Buy business-grade email services from a quality firm that offers hosted Microsoft Exchange, or Open Source Zimbra.

3. Andrew: Our employees want to use their own iPads at work. They want to access work files, do email, take notes, and do other tasks. If they want to buy the iPads on their own, what are the risks to our business.

A: Plenty. Ediscovery, loss of business data, are just two. Wait a few months as business-grade alternatives to iPads are released. They are just about to be launched into the market for just your situation.

Episode 162 – su root edition:

This is our unedited edition, featuring a longer and more technical conversation with Wayne Huang of Armorize, discussing his early research that led to the discovery of drive-by downloads  The audio file is 35 minutes long.

You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to su root edition (episode 162)  via the flash player: