Archive for October, 2010

October 31, 2010 – Episode 185

Posted in Report Security Flaws, The CyberJungle with tags on October 30, 2010 by datasecurityblog

October 24, 2010 – Episode 183

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Exclusive, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on October 23, 2010 by datasecurityblog

Episode 183:

This week’s regular episode of  The Cyberjungle  is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 183 via the flash player:

Interview

Joe Levy, Chief Technical Officer with  Solera Networks, stops by to discuss the Zeus Trojan variant that’s making its way around the IRS offices.  Joe’s  interview is 6 minutes long, and it begins about 25 minutes into Episode 183.

Tales from the Dark Web

If cybercrime were a disease, it would be a pandemic and the whole world would be sick. So says a report from Kroll and The Economist Intelligence Unit

Our Take on This Week’s News

School bus surveillance cams – School buses equipped with traffic cams.  It’s an experiment in a Maryland school district, where officials say the little darlings are in more danger as they alight from the bus than any other time, although no child in Maryland has ever been hit while alighting from a school bus.

Insurance companies view social networkers as burglary risks – Duh.  A survey by an insurance trade group indicates a significant number of Facebook and Twitter post their locations, and it’s worth considering whether to reflect this in their insurance rates.

And while we’re ragging on Facebook – Are gay users of Facebook being outed to advertisers for targeted product marketing? Duh again.

Ten oreos, two handfuls of fritos, a pint of Ben and Jerry’s – Are you aware that when you make use of web tools that allow you to keep track your personal behavior, that information could become discoverable in court? (Diet websites come to mind.)

Participants wanted– A new project to monitor BlackBerry traffic as it is sent from various countries. The results will help researchers and users understand what’s happening to the communications as RIM is pressured to cooperate with repressive governments.

More BlackBerry news –  The how and why of BlackBerry eavesdropping, and why it might not be what you think.

A new tool for good guys,- And bad guys, parents, employers, forensic investigators, and everyone who needs to keep tabs on someone.  ElcomSoft tool cracks web browser passwords.

CyberJungle FAQ

Shockwave Zero-day Attack In the Wild

Fake Microsoft Security Essentials Attack

October 17, 2010 – Episode 181

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, The CyberJungle, Vulnerabilities with tags , , , , , on October 17, 2010 by datasecurityblog

Episode 181:

This week’s regular episode of  The Cyberjungle  is 1 hour and 13 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 181 via the flash player:

Interview

Jason Miller, patch management expert with Shavlik Technologies, tells us how to deal with the biggest patch release in modern IT history… which took place on Tuesday, October 12.  Jason’s  interview is 8 minutes long, and it begins about 24 minutes into Episode 181.

Tales from the Dark Web

You’ve  heard of  “software as a service”… Now there’s “crimeware as service” —  a convenient way for the bad guys to outsource their criminal acts.

Our Take on This Week’s News

What’s in your medicine cabinet? The Feds and 34 states are putting together a giant prescription drug database so they can review the contents.

What did he know, and when did he know it? At least one IT staffer in the Lower Marion School District waxed fondly about the remote tracking capabilities on the laptops issued to students who later sued the district for spying on them.

Bullying is bad, um-kay? President Obama holds a town hall with MTV viewers, during which he tells them there should be zero tolerance for bullying — cyber or otherwise.

Security tradeoff: caution for coolness – Device Reputation Service Reveals iPhone at Top of Mobile Transaction Fraud Risk.

Your building pass could be more valuable than ever – Some federal employees will see their CACs (common access RFID cards) expanded. They’ll still get the card holder into a building or a computer system. But the cards will be expanded to include to include mass transit fares, debit payment, and ATM functionality… all in one card.

Mixing business and pleasure – Explosive growth of mobile devices leads to security risks as workers use their own devices to store and transmit work data.

Fun finder or stalker tool? The website wheretheladies.at monitors social networking sites to help dudes locate gatherings of women.  But blogger Jason Stamper conducted an experiment that points out the dangers women might face when they publish all the details of their daily lives.

Kudos for baking it in! New version of Opera to have extensions with software code check for security.

October 10, 2010- Episode 179

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on October 9, 2010 by datasecurityblog

Episode 179:

This week’s regular episode of  The Cyberjungle  is 1 hour and 20 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 179 via the flash player:

Interview

Kevin Johnson is a security researcher with Secure Ideas. We met him in  September at the SANS network security conference in Las Vegas, where he discussed the challenges of integrating social network users into a business environment. Kevin’s  interview is 8 minutes long, and it begins about 26 minutes into Episode 179.

Tales from the Dark Web

A Nigerian record producer and part-time cybercriminal is on the FBI’s most wanted list. You probably won’t see this guy at the Grammys this year.

Our Take on This Week’s News

Free on bail – A contractor who did some work for Fannie Mae is looking at a maximum 10-year prison sentence after planting a malware bomb that would have brought down 5,ooo servers had it not been discovered. Lessons about the importance of logs, and keeping track of which employer is responsible for “passthrough” employees.

Peeing in a cup is so 1990s – When there’s a company that will crawl through your social network to help your employer discover who you really are. Psychological profile, criminal tendencies, gratuitous use of slang popularized by drug culture, you name it.

No such thing as cyberbullying –  So says blogger Anil Dash, who argues that the word has been invented to help parents, school administrators, and the media duck responsibility for teaching kids civil behavior.

Golddigger falls for own husband posing as rich guy –  And he found out where his golddigging wife was living, after she took off with their son. His scheme – posing on Facebook as someone she would find “attractive” (i.e. wealthy). Father and son are reunited.

Sophisticated payment card terminal breach- Hardware hacks are posing a bigger cybercrime problem these days.  This attack was geographically widespread, suggesting the bad guys actually went into grocery stores in 11 states, distracted the employees, and changed out the payment terminals.

Dead people can now vote online – Online voting is not ready for prime time, as this mock election in Washington D.C. revealed.  What a mess!  The good news – they actually tested the system before they forced voters to use it. The bad news – they wait until four weeks before the election to do the test.

I like to watch –  Dallas kicks off the iwatch program.

We’ve dished out plenty of  iPhone criticism – but it turns out the BlackBerry has a killer flaw.

Hey, we’ve been looking for that – Mechanic discovers FBI tracking device while working on a car belonging to an American student of Egyptian descent.  Zaniness ensues.

October 3, 2010- Episode 177

Posted in Breach, Court Cases, criminal forensics, darkweb, Legislation, Podcast, The CyberJungle, Vulnerabilities, web server security with tags , , , on October 3, 2010 by datasecurityblog

Episode 177:

This week’s regular episode of  The Cyberjungle  is 1 hour and 16 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 177 via the flash player:

Interview

Dr. Eric Cole is an instructor at the SANS Institute and a CTO with McAfee.  He discusses data security based upon actions, rather than just signatures of attacks.  Dr. Cole’s interview begins about 25 minutes into Episode 177.

Tales from the Dark Web

Restaurant Security Fails – $200,000 in fraudulent credit card charges made after a restaurant purchased a new PCI compliant point of sale system, but failed to take the other steps needed to secure the information. Many businesses are failing to secure their point of sale systems and other parts of their business. They run out of date software, insecure systems. Most small businesses still don’t think they are a target for cyber criminals.

Our Take on This Week’s News

Obama Administration seeks wiretap access through backdoors to all online communication channels. The effort would include a requirement for access to encrypted communications. The EFF points out this battle has already been won once.

Rat on your neighbor, part II – Meanwhile, Department of Homeland Security launches a suspicious activity report database.

Poor Tyler Clementi, the Rutgers student whose gay tryst was available to his roommate’s chat partners via webcam, has not yet been laid to rest, and a state lawmaker is seizing upon his suicide to get attention for herself. Thumbs way down to these vultures who climb upon the bones of dead teenagers to get publicity or to shill for legislation that would otherwise go nowhere. This is all too common.

Another episode of Databreach Theater – Courthouse News reports on a databreach case originating in a Kansas prison.  The Six Circuit Court apparently concluded that an act can be simultaneously “inadvertent” and “willful.”

Zeus arrests – Bank Account Takeover Attack gang members arrested in three countries. The Zues attacks nonetheless continue, with one of many variants now targeting mobile banking users.

Judge acquits speeding motorcyclist who used a helmet cam to record traffic antics and a traffic stop by an armed plain-clothes cop.

Stuxnet Update- The Saga Continues: Could this attack ‘inspire’ similar attacks? Was the attack targeting India rather than Iran? China has also had a taste of Stuxnet.

Bug Bounty -Should major cloud services/sites set up a bounty system for web app bugs?

CyberJungle FAQ:

Skip the Adobe PDF mess and download Foxitsoftware’s PDF reader

For easy, much more secure tool one can use for online banking, use Webconverger

Follow

Get every new post delivered to your Inbox.

Join 1,235 other followers