September 19, 2010 – Episode 173
This week’s regular episode of The Cyberjungle is 1 hour and 13 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 173 via the flash player:
Chris Hadnagy from Social-Engineer.org, which organized a social engineering contest at this year’s DefCon conference. The contestants assumed made-up identities, and placed phone calls to 15 major American companies. Objective: cajole as much information as possible about company operations out of the employee on the other end of the phone. (The info would be of value to bad guys trying to cook up an attack.) Social-Engineer released its report this week on the results of the exercise. Our interview with Chris starts about 23 minutes into episode 173. The interview is 7 minutes long.
Tales from the Dark Web
If you enjoy the occasional online porn adventure, heed this: a trojan that monitors what you’re watching, then blackmails you. “Pay us or we’ll tell the world what you’re watching.”
Ira’s recommendation: Change your computer to dual-boot with Linux as the other operating system. I like LinuxMint, VectorLinux, and (fav) PeppermintIce. These systems are best for web surfing, email, and word processing.
Our Take on This Week’s News
Texting money to politicians: Ready to text your political campaign donations? Politico reports on the legal issues surrounding campaign finance compliance. But says nothing about the security issues related to sending money via SMS.
Has Google’s HR department ever heard of a psychological profile? Google Engineer Repeatedly Accessed Customer data, Spied on Communications
Is the guy in the next booth packing heat? Before you leave for dinner, check this website, launched last week in response to a new Tennessee law that allows permit holders to carry their firearms into bars and restaurants. The site indicates two categories of dining establishments –- those who allow guns and those who don’t.
Facebook alternative apparently has some security holes: What if you could have the convenience of Facebook, but strong privacy and security? That was the idea behind Diaspora. Some college students from NYU came up with the idea, and posted the project on a web site where people can donate money to support new start-up business ideas. The students thought they needed $10k to build the code. They were written up in a New York Times story, and they raised nearly a quarter million dollars. Well, the very, very first version of the code is out, and the privacy and security experts are weighing in with harsh criticism.
SF law enforcement formula — treat the citizens like criminals: San Francisco mayor has ordered the cops to beef up security at nightclubs in the city, to prevent violence like the recent spate of shootings that included the killing of a German tourist near a comedy club. Cops want more cameras, metal detectors, police patrols paid by club owners, and ID scanners to capture the drivers license info from customers… which will be stored for 15 days.
The Ninth Circuit lets the air out of its own ruling: An earlier ruling issued guidelines for law enforcement to follow during searches of computers by law enforcements. The feds said the guidelines were “complicating” prosecutions, so the court overturned itself… sort of. Read this. It’s not trivial.
The cost of free entertainment: Internet services and sites that offer free ring tones, movies, and other entertainment content, have a higher probability of delivering malware to your computer, according to a new report by Mack-ah-fee.
CyberJungle FAQ: Ira Mentioned HauteSecure, but their tool is now throwing errors. He will research alternatives and report back in a future episode of The CyberJungle.