Archive for the Business Continuity Category

January 7, 2019, Episode 406, Show Notes

Posted in Breach, Business Continuity, Conference Coverage, darkweb, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , on January 6, 2019 by Habeas Hard Drive

Episode 406 of The CyberJungle is about 29 minutes long.  The DarkWeb seglent with XYPRO CISO Steve Tcherchian on EHR, Ransomware and Healthcare InfoSec starts at 12:00.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 406 via the flash player:

Our Take on This Week’s News

Hacking attacks on your router: Why the worst is yet to come

Avast Threat Landscape Report

It’s time for Apple to stop playing it safe

Meet the new Diet iPhone: Could a fresh formula boost Apple’s bottom line?

Tales from The Dark Web

XYPRO CISO Steve Tcherchian on EHR, Ransomware and Healthcare InfoSec

Separating InfoSec and IT

Protecting Healthcare Data

Around The Corner

Ira talks about George Gilder’s latest book – Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy

Ethereum Plans to Cut Its Absurd Energy Consumption by 99 Percent

Wrap

Wrap is on break

 

Free Trial from Our Sponsor: Paraben Software

Try the data recovery and digital forensics software that Ira Victor from The CyberJungle uses. Paraben has been committed to digital forensics since 2001 and their leadership has been pioneering the field for over 20 years. They believe in creating products that allow you to optimize your time and get the most data possible. If you have not used Paraben Software, give it a try with their 15-day trial.

 

Aug 15, 2014, Episode 347, Show Notes

Posted in Business Continuity, Conference Coverage, criminal forensics, darkweb, eMail Security, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on August 14, 2014 by Habeas Hard Drive

Episode 347 of The CyberJungle is about 36 minutes long.  Daniel Ayoub’s Kickstarter project for SOHO infosec starts at 13min. Adam Shostack on transparent incident response starts at about 21min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 347 via the flash player:

Interview

Daniel Ayoub’s Kickstarter project for SOHO infosec

Adam Shostack on transparent incident response

Our Take on This Week’s News

SOHOpelessly Broken SOHO router/firewall

IRA failed to perform background checks on contractors

 

Tales from The Dark Web

Urgent Adobe PDF patching, or install alternatives now

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

 

May 13 2014, Episode 337, Show Notes

Posted in Business Continuity, Conference Coverage, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , on May 11, 2014 by Habeas Hard Drive

Episode 337 of The CyberJungle is about 25 minutes long. Steve Ross on cybersecurity and process, IT workers targeted, and “Heartbroken.” You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 337 via the flash player:

Interview

Risk Masters’ Steve Ross on cybersecurity and process

Our Take on This Week’s News

Foreign intelligence agencies are targeting IT workers

Surveillance camera clears woman hit by police car 

Tales from The Dark Web

Silly sysadmins ADDING Heartbleed to servers

Wrap

DEA to release man mistaken for drug dealer that stole his ID

Please support our sponsors, as they support The CyberJungle:

Basis Technology is helping investigators perform faster, more efficient, cost-effective, and complete investigations in cybersecurity and incident response.

BASIS TECHNOLOGY……PLEASE VISIT THEIR SITE BASISTECH.COM

logo-BasisTech_green_150

Basis Technology

 

 

 

 

 

Feb 12 2014, Episode 328, Show Notes

Posted in Breach, Business Continuity, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , on February 12, 2014 by Habeas Hard Drive

Episode 328 of The CyberJungle is about 35 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 328 via the flash player:

Interviews

Does Chip+Pin Solve The Breach Problem? We talk to Michael Santarcangelo. Here is the story talked about in the segment.

Our Take on This Week’s News

Public Uneasy About Security, Privacy and SelfDriveAutos

Toyota Nears $1Bil Penalty For Alleged Software Failure

Remote Access Lessons From Target Breach

Tales From The Dark Web

Law Firm Incident Response Failure to CryptoLocker.

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Sept 7th 2013, Episode 314, Show Notes

Posted in Business Continuity, Conference Coverage, Exclusive, Interview Only Edition, Podcast, Show Notes, The CyberJungle with tags , , , , on September 6, 2013 by Habeas Hard Drive

Episode 314 of The CyberJungle is about 26 minutes long.  We break again from our normal format this week, to bring you content from Black Hat 2013 in Las Vegas and DefCon21 in Las Vegas. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 314 via the flash player:

Interviews

Dave Porcello Founder of PwnieExpress. Here is a link to their blog.

Sergei Belokamen of Bugcrowd.

Brian Lowe of Unknown.com, here is a link to their content on their site covered in the segment.

Tales From The Dark Web and Our Take on This Week’s News

On a break due to content from BlackHat and DefCon 2013 in Las Vegas

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

March 7, 2011 – Episode 203

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, Exclusive News, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , , , , , on March 7, 2011 by Habeas Hard Drive

Episode 203 of  The CyberJungle is about 53 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.

To listen to Episode 203 via the flash player:

Interviews

Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.

Tales From The Dark Web

Exactly what is the “boy-in-the-browser attack?”

Our Take on The Week’s News

Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer

Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:

Via the flash player:

More mobile security news, Keeping Tabs on Android Smartphone Activity.

Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.

Wrap

OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test

April 24, 2010 – Episode 131

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, eMail Security, Exclusive, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , on April 24, 2010 by Habeas Hard Drive

Interview: Evan Ratliff joins us to discuss his attempt to vanish for a month, with Wired Magazine challenging readers to find him, and a $5,000 reward for anyone who snapped his photo and said the word “fluke.”  An online posse developed, Evan ducked discovery for 25 days, and was caught in New Orleans, a few days shy of his goal.  The interview is about 14 minutes long, and it starts about 57 minutes into Episode 131. You may stream the program here:

You may download Episode 131 here. Or visit the Listening Options page for more ways to hear the program.

Discussion: The texting case that made it to the U.S. Supreme Court.  We discuss with ACLU Attorney Lee Rowland Fourth Amendment protections as they apply (or don’t apply — that’s what the court is considering)  to text messages, and under what circumstances.  Our discussion with Lee is about 20 minutes long, and starts about 22  minutes into Episode 131

Our Take on This Week’s News

Amazon is fighting off a demand from the North Carolina Department of Revenue (the state tax collectors). The state wants a record of all Amazon purchases made by its residents, and it wants names, so it can collect the sales tax.  Amazon says “privacy violation.”  And remember Amazon’s original business was books, which have a special place in the law when it comes to protecting their owners from government intrusion.

Here’s the story as reported by c|net, and here’s Amazon’s complaint.

Cyberattack on Google Said to Hit Password System.  More has been revealed about the extent of the Aurora attack on Google.  This story was apparently leaked to the New York Times by someone familiar with the investigation.  It suggests huge implications for the security of all Google applications.

Facebook is becoming quite brazen about exposing user profile information. This opinion piece at EFF explains the latest piece of information to be taken out of the user’s control.

Related:  The Facebook “like it” button, coming soon to websites everywhere.

About the most straightforward information-sharing scheme we’ve seen yet:  Blippy mines your email and credit card statements (with  your permission) and posts every purchase you make.  Blippy is the VC flavor of the month, having just received $11 million.  Too bad some credit card numbers belonging to Blippy users turned up when some curious surfers hit Google with search strings containing the words “Blippy.com” and “from card”.  Will Blippy survive?  Probably, even in the face of a less-than-apologetic stance from the company (Co-founded by the infamous Pud, of the infamous FuckedCompany.com site from the “dot-bomb” period.)  Why anyone would want to be part of Blippy, especially now,  is a separate discussion.

Highly-paid SEC lawyers and accountants spent their days surfing porn sites while Bernie Madoff was making off with a whole lotta other people’s money. We ask why, in an entity whose mission revolves around audits and controls, were there no audit trails and controls to call attention to an employee with 16,000 attempts to access porn?  Shouldn’t this have been nipped in the bud before it spiraled out of control?

You probably read about some of the chaos that ensued from McAfee’s latest update.  But this story by a SANS incident handler takes the prize.

Malware mules:  We all know about drug mules and money mules.  But the black market for email credentials is creating some new opportunities.

Show Notes: The CyberJungle Episodes 105 and 104- Jan 23 2010

Posted in Program Preview, The CyberJungle, Vulnerabilities with tags on January 22, 2010 by Habeas Hard Drive

This week’s features-

Interview with Joe Grand, electrical engineer, hardware hacker and proprietor of Grand Idea Studio. Ira and Joe discuss hardware hacking.  Hobbyists, researchers, and innovators are modifying electronic devices in greater numbers

The 23-minute  interview (too long for radio) is posted by itself as episode 104. There’s a partial version of the interview contained in the show,  episode 105 of theCyberJungle.

Hardware Hacking Extra:  Cell phone as vehicle starter- We got quite a few comments about this. visit: “Dave Hacks, Well, not really hack, but I definitely ‘modify’ things.”

http://davehacks.troublem8ker.com/wordpress/?p=4

AND —  You probably didn’t know this, but Thursday January 28 is International Data Privacy Day. Does the market reward  businesses that protect customer privacy? There must be some reward, because there’s growing field of certified privacy professionals… and their organization has thousands of members.

PLUS — Our take on this week’s news:

A new generation of card skimmers. Photos below.

Source: Krebsonsecurity.com and Mikko Hypponen:

Could you detect the ATM card skimmer here?

Pin-hole camera to capture PIN numbers

Indonesian Police Intensifying Efforts To Investigate ATM Scams http://ow.ly/16p52r

Data hung out to dry as 4,500 USBs are left in Dry Cleaners  http://www.credant.com/news-a-events/press-releases/376-dry-cleaners.html

Microsoft Patches IE, Admits it Knew of Bug Last August: As Microsoft patched the Internet Explorer zero-day … http://bit.ly/8p2JnG

Emergency IE patch goes live as exploits proliferate: Hundreds of sights locked and loaded  http://www.theregister.co.uk/2010/01/21/ie_emergency_patch_released/

80% of gov’t Web sites miss DNS security deadline  http://www.computerworld.com/s/article/9147018/80_of_gov_t_Web_sites_miss_DNS_security_deadline

Microsoft confirms 17-year-old Windows bug  http://www.computerworld.com/s/article/9146820/Microsoft_confirms_17_year_old_Windows_bug

Poisoned PDF pill used to attack US military contractors  http://www.f-secure.com/weblog/archives/00001859.html

NTSB recommends camera surveillance in train locomotives, after investigating a crash that killed 25. The engineer was texting and using his cell phone at the time of the crash. The union representing train engineers has objected to the recommendation on privacy grounds. Salient fact in the story – the texting engineer had 5 reprimands in his personnel file, issued over a two-and-a-half year period.  Now the feds should install cameras to watch ALL engineers (including the ones who follow the rules) just because railroad management failed to fire the loose cannon in their ranks?

http://www.ble.org/pr/news/headline.asp?id=29037

And Microsoft pushes congress for a cloud computing law.

http://thehill.com/blogs/hillicon-valley/technology/77155-microsoft-pushes-cloud-computing-act

Data Security Podcast Episode 74, Oct 18 2009

Posted in Breach, Business Continuity, Court Cases, darkweb, Vulnerabilities with tags , , , , , , , on October 19, 2009 by Habeas Hard Drive

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.

* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 74 of the Data Security Podcast

* Conversation:  Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.

* Tales From The Dark Web:  Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out.  If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.

Rogueware with new Ransomware Technology

Rogueware with new Ransomware Technology

Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security.  Take note that the malware icon disappears from the computer, and when it does, the attack is in place.  If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:

WNDS-TGN15-RFF29-AASDJ-ASD65
WNDS-U94KO-LF4G4-1V8S1-2CRFE
WNDS-6W954-FX65B-41VDF-8G4JI
WNDS-G84H6-S854F-79ZA8-W4ERS
WNDS-TTUYJ-7UO54-G561H-J1D6F
WNDS-A1SDF-6AS4D-RF5RE-79G84
WNDS-A1SDF-RY4E8-7U98D-F1GB2
WNDS-5SRTS-AEHUF-YA54S-D6F35
WNDS-P9685-4H41A-DSW3A-2R64T
WNDS-2AE32-1VFC2-B6894-G67YU
WNDS-4TS8R-D6F5D-4JH8T-U4JK5
WNDS-FGS5D-649RG-4S53D-412SF
WNDS-452S3-ER00F-TSE35-S8FSD
WNDS-SERFH-2642S-F04SD-64FG1
WNDS-F40SA-1ER5H-4FG5D-F8412
WNDS-5D1V2-XB0D5-JT1TY-97DS3
WNDS-4BGY2-JY4KO-IT98Y-7HJ43
WNDS-G8FB6-1V87S-DRT1S-63SRG
WNDS-HFVDR-9844O-U54DA-5TBSC
WNDS-89OF7-7324R-5SAD4-TG68U
WNDS-JUYH3-24GHJ-HGKSH-FKLSD

* From Our Take on The News:  Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory. 

Data Security Podcast Episode 73, Oct 11 2009

Posted in Breach, Business Continuity, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , , , on October 11, 2009 by Habeas Hard Drive

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Major patching in store this week, due in part to flaws revealed this summer in Las Vegas?

* A fresh look at a Zeus banking attack counter-measure

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 73 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 73 of the Data Security Podcast

* Conversation:  Ira takes a new look at a counter-measure for the latest wave of Zeus banking attacks in his conversation with Steven Dispensa, CTO of PhoneFactor.

* Tales From The Dark Web: It’s like clockwork…two months after security events BlackHat and Defcon every summer in Las Vegas, we see a surge in patches for attacks that were highlighted at these events.  Microsoft Security Bulletin Advance Notification for October 13th 2009. Security Advisory for Adobe Reader and Acrobat for October 13th 2009, including the CVE number.

* From Our Take on The News:  Danger Will Robinson! Danger!  Update on Danger’s Sidekick Massive Data Loss.  Read the FAQ for tips on trying to salvage your data.

* From Our Take on The News:  Computer Network Denial Of Service Denial

* From Our Take on The News: Twitter shuts down legit security researcher, Mikko Hypponen.  Reports from his blog here, and an update here.

Twitter Shuts Legit Down Security Researchers Account

Twitter Shuts Legit Down Security Researcher's Account