Archive for Apple

July 1st 2013, Episode 306, Show Notes

Posted in Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on July 1, 2013 by datasecurityblog

Episode 306 of The CyberJungle is about 31 minutes long.  The interview with Nimmy Reichenberg of AlgoSec begins at about the 19:40min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 306 via the flash player:

Interviews

Nimmy Reichenberg of AlgoSec. Here is the link to the the SecurityWeek column mentioned in the interview, the AlgoSec Blog, and all of Nimmy’s columns at SecurityWeek.

Tales From The Dark Web

Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War; New Disk Wiping Malware….

Our Take On This Week’s News

FBI: Sinovel Corporation and Three Individuals Charged in Wisconsin with Theft of AMSC Trade Secrets; Theft of Trade Secrets Allegedly Cheated AMSC of More Than $800 Million

Apple’s fingerprint reader: the secret is out

Wrap

Facebook’s outmoded Web crypto opens door to NSA spying

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

Advertisements

September 12 2012, Episode 272, Show Notes

Posted in Breach, darkweb, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , on September 12, 2012 by datasecurityblog

Episode 272 of The CyberJungle is about 41 minutes long.  You can hear it by clicking on the flash player below. The interview with Paul Turner, begins at about the 23min mark.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 272 via the flash player:

Interview

Paul Turner is the VP of Product and Strategy at Venifi. The NIST report on digital certs:  Preparing for and Responding to CA Compromise and Fraudulent Certificate Issuance

Tales From The Dark Web

Report on the “Elderwood gang.” Excellent reporting by Kim Zetter at Wired.

Our Take on This Weeks News

UPEK fingerprint scanners insecure, says Elcomsoft — Dell, Acer, ASUS, Lenovo, Samsung, Sony and Toshiba may use holey biometric kit. Read more at The Register UK.

What really caused the massive GoDaddy outage. More at Foxnews.com.

Apple UUID breach highlights much bigger questions. More at The Washington Times.

Wrap

Early laptop designer Bill Moggridge dies at 69; computer used by military, NASA in 1980s. Read more at The Washington Post.

August 27 2012, Episode 271, Show Notes

Posted in Breach, Court Cases, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , on August 27, 2012 by datasecurityblog

Episode 271 of The CyberJungle is about 30 minutes long.  You can hear it by clicking on the flash player below. The interview with Patent Attorney Ben Langlotz about digital forensics and infosec an the Apple v Samsung case, begins at about 14:30minmin.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 271 via the flash player:

Interview

Patent Attorney Ben Langlotz about digital forensics and infosec an the Apple v Samsung case. To reach Ben Langlotz, contact him on patent [at symbol] langlotz.com

Tales From The Dark Web

How Child Porn And The Other Awfulest Things Ever Get Scrubbed [From Social Networks]

Our Take on This Weeks News

Onity’s Plan To Mitigate Hotel Lock Hack

Dropbox to add two factor authentication. From Businessinsider.com:

“Two-step verification is optional but we recommend you enable it for added protection.

To add two-step to your account:

  1. Head to www.dropbox.com and sign into the website
  2. Click on your name in the upper-right to open your account menu.
  3. Next, click Settings from the account menu and select the Security tab.
  4. Under the Account sign in section, next to Two-step verification, turn the feature on.”

Wrap

Top 10 Clever Uses for Dropbox

August 9 2012, Episode 268, Show Notes

Posted in Breach, Conference Coverage, Exclusive, Show Notes, Vulnerabilities with tags , , , , , , on August 9, 2012 by datasecurityblog

Episode 268 of The CyberJungle is about 49 minutes long.  You can hear it by clicking on the flash player below. The interview with Kevin Mitnick begins at about 6:30min.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 268 via the flash player:

Interview

Kevin Mitnick is an American computer security consultant, author, convicted criminal, and old school hacker.

Tales From The Dark Web

Still on a break. Word is that Tales From The Dark Web drank a bit much at DefCon parties, and has one heck of a hangover.

Our Take on This Weeks News

Cybercriminals destroy a reporters digital life

August 1, 2012, Episode 267, Sin City Security Confabs

Posted in Breach, Conference Coverage, darkweb, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , on July 30, 2012 by datasecurityblog

Episode 267 of The CyberJungle is about 34 minutes long.  You can hear it by clicking on the flash player below. The interview with Moxie Marlinspike on PPTP VPN flaws, begins at about 8min. The interview with FX on router flaws begins at about 12min. The interview with David Kennedy on attacks that by-pass nearly every data defence begins at  about 23min.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 267 via the flash player:

Interview

Moxie Marlspike on PPTP VPN flaws. Link to CloudCracker, ChapCrack, and Moxie’s site and projects.

FX talked about Huawei Router flaws.

CYBERJUNGLE RADIO EXCLUSIVE LIVE FROM SecurityBSides Las Vegas 2012 – David Kennedy on a Super Stealthy Attack That By-Passes Nearly All CyberDefences

Tales From The Dark Web

On a break this week. Rumors are that Tales From The Dark Web was spotted in the Lockpicking Village at DefCon

Our Take on This Weeks News

Apple Jury to Learn of Samsung Document Destruction

Elinor Mills’ story: NSA director finally greets Defcon hackers

Holman Jenkins’ story, including another take on the NSA: Can Data Mining Stop the Killing?

Wrap

Just about anything can happen at DefCon. Just ask this unlucky smartphone user.

iOS TrackerGate: Not New, But Still Disturbing

Posted in Court Cases, criminal forensics, ediscovery, eMail Security with tags , , , , , , on April 21, 2011 by datasecurityblog

The technical and non-technical press is buzzing over the “discovery” by a forensic researchers Alasdair Allan and Pete Warden. The revelations are not new, but the implications are still very disturbing.

Yesterday, Allan and Warden released a an application that uses an interesting plain-text file on 3G iPhones and iPads.  This file contains the geo location of where the device (and presumably it’s owner) has been.  The application blots the geo data onto a map, allowed one to see the travels and location of the device, and it’s owner.

The non-technical press has taken this story as a revelation.  Both the Wall Street Journal radio report out of the Bay Area (on KSFOAM) and The BBC World Service have been running this story all morning. Alex Levinson is a forensic researcher that has correctly pointed out that work by Allan and Warden did not credit the earlier research done by Alex, and others, in this area. Indeed, in a The CyberJungle posting from the Paraben Forensic Innovator’s Conference (PFIC) in Park City, UT last November, we reported the mountains of data that can be recovered from iOS devices.

The privacy implications of this data becoming available to in a civil lawsuit, or in a criminal matter, are quiet significant. Everything from visits to a mental health provider, a controversial art exhibit, a winery,  or a discreet meeting with an ex lover could become open to unwanted scrutiny.  It’s difficult to predict how the information regarding someone’s whereabouts could be used to harm an individual in a civil or criminal matter. We already have privacy challenges with the proliferation of closed circuit television (CCTV), and the ability to correlate the data with iOS geo data becomes an enormously powerful investigative tool.

Interestingly, yesterday also saw reports that Michigan law enforcement  maybe taking complete “in the field” forensic images of mobile devices from some drivers during routine traffic stops.  This revelation should cause any citizen to take a pause, as it has the Michigan ACLU.

What are some of the techniques the average citizen can use to add layers of privacy, and still use a mobile phone, or tablet?  We plan more coverage of this story in the next episode of CyberJungle Radio (episode 210), including options to help mitigate these privacy leaks.

by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA-CGEIT. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator’s Association (HTCIA). Follow Ira’s security and forensics tweets: @ira_victor .

March 14, 2011 – Episode 204

Posted in Breach, criminal forensics, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on March 13, 2011 by datasecurityblog

Episode 204 of  The CyberJungle is about 39 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.

To listen to Episode 204 via the flash player:

Interview

Interview: Trevor Dietrich, VP and Co-Founder of Bayalink Solutions, on a virtulization app to secure iPads + more. He’s seeking beta testers. Trevor’s Twitter Feed.

Our Take on The Week’s News

A federal district court in New Jersey has decided that a social worker and special education instructor employed by the school board are liable for violating a high school student’sprivacy… after the teacher handed out a poorly-redacted copy of the studen’t psychological evaluation as a teaching tool. Read the story here, or read the court’s decision.

Industrial Espionage at Renault, or poor forensics, or both? Some details in this Economist story.

California’s top utility regulator has given gave Pacific Gas and Electric Co. two weeks to propose a way for customers to opt out of receiving the company’s controversial wireless SmartMeters.

The iPhone 4 falls at CanSecWest Pwn2Own Contest, and Blackberry.

Tales From The Dark Web

Vehicle hacking via trojan MP3? Read the story here.