Archive for Apple

January 7, 2019, Episode 406, Show Notes

Posted in Breach, Business Continuity, Conference Coverage, darkweb, Exclusive, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , on January 6, 2019 by Habeas Hard Drive

Episode 406 of The CyberJungle is about 29 minutes long.  The DarkWeb seglent with XYPRO CISO Steve Tcherchian on EHR, Ransomware and Healthcare InfoSec starts at 12:00.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 406 via the flash player:

Our Take on This Week’s News

Hacking attacks on your router: Why the worst is yet to come

Avast Threat Landscape Report

It’s time for Apple to stop playing it safe

Meet the new Diet iPhone: Could a fresh formula boost Apple’s bottom line?

Tales from The Dark Web

XYPRO CISO Steve Tcherchian on EHR, Ransomware and Healthcare InfoSec

Separating InfoSec and IT

Protecting Healthcare Data

Around The Corner

Ira talks about George Gilder’s latest book – Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy

Ethereum Plans to Cut Its Absurd Energy Consumption by 99 Percent

Wrap

Wrap is on break

 

Free Trial from Our Sponsor: Paraben Software

Try the data recovery and digital forensics software that Ira Victor from The CyberJungle uses. Paraben has been committed to digital forensics since 2001 and their leadership has been pioneering the field for over 20 years. They believe in creating products that allow you to optimize your time and get the most data possible. If you have not used Paraben Software, give it a try with their 15-day trial.

 

July 1st 2013, Episode 306, Show Notes

Posted in Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , on July 1, 2013 by Habeas Hard Drive

Episode 306 of The CyberJungle is about 31 minutes long.  The interview with Nimmy Reichenberg of AlgoSec begins at about the 19:40min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 306 via the flash player:

Interviews

Nimmy Reichenberg of AlgoSec. Here is the link to the the SecurityWeek column mentioned in the interview, the AlgoSec Blog, and all of Nimmy’s columns at SecurityWeek.

Tales From The Dark Web

Four Years of DarkSeoul Cyberattacks Against South Korea Continue on Anniversary of Korean War; New Disk Wiping Malware….

Our Take On This Week’s News

FBI: Sinovel Corporation and Three Individuals Charged in Wisconsin with Theft of AMSC Trade Secrets; Theft of Trade Secrets Allegedly Cheated AMSC of More Than $800 Million

Apple’s fingerprint reader: the secret is out

Wrap

Facebook’s outmoded Web crypto opens door to NSA spying

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

September 12 2012, Episode 272, Show Notes

Posted in Breach, darkweb, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , on September 12, 2012 by Habeas Hard Drive

Episode 272 of The CyberJungle is about 41 minutes long.  You can hear it by clicking on the flash player below. The interview with Paul Turner, begins at about the 23min mark.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 272 via the flash player:

Interview

Paul Turner is the VP of Product and Strategy at Venifi. The NIST report on digital certs:  Preparing for and Responding to CA Compromise and Fraudulent Certificate Issuance

Tales From The Dark Web

Report on the “Elderwood gang.” Excellent reporting by Kim Zetter at Wired.

Our Take on This Weeks News

UPEK fingerprint scanners insecure, says Elcomsoft — Dell, Acer, ASUS, Lenovo, Samsung, Sony and Toshiba may use holey biometric kit. Read more at The Register UK.

What really caused the massive GoDaddy outage. More at Foxnews.com.

Apple UUID breach highlights much bigger questions. More at The Washington Times.

Wrap

Early laptop designer Bill Moggridge dies at 69; computer used by military, NASA in 1980s. Read more at The Washington Post.

August 27 2012, Episode 271, Show Notes

Posted in Breach, Court Cases, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , on August 27, 2012 by Habeas Hard Drive

Episode 271 of The CyberJungle is about 30 minutes long.  You can hear it by clicking on the flash player below. The interview with Patent Attorney Ben Langlotz about digital forensics and infosec an the Apple v Samsung case, begins at about 14:30minmin.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 271 via the flash player:

Interview

Patent Attorney Ben Langlotz about digital forensics and infosec an the Apple v Samsung case. To reach Ben Langlotz, contact him on patent [at symbol] langlotz.com

Tales From The Dark Web

How Child Porn And The Other Awfulest Things Ever Get Scrubbed [From Social Networks]

Our Take on This Weeks News

Onity’s Plan To Mitigate Hotel Lock Hack

Dropbox to add two factor authentication. From Businessinsider.com:

“Two-step verification is optional but we recommend you enable it for added protection.

To add two-step to your account:

  1. Head to www.dropbox.com and sign into the website
  2. Click on your name in the upper-right to open your account menu.
  3. Next, click Settings from the account menu and select the Security tab.
  4. Under the Account sign in section, next to Two-step verification, turn the feature on.”

Wrap

Top 10 Clever Uses for Dropbox

August 9 2012, Episode 268, Show Notes

Posted in Breach, Conference Coverage, Exclusive, Show Notes, Vulnerabilities with tags , , , , , , on August 9, 2012 by Habeas Hard Drive

Episode 268 of The CyberJungle is about 49 minutes long.  You can hear it by clicking on the flash player below. The interview with Kevin Mitnick begins at about 6:30min.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 268 via the flash player:

Interview

Kevin Mitnick is an American computer security consultant, author, convicted criminal, and old school hacker.

Tales From The Dark Web

Still on a break. Word is that Tales From The Dark Web drank a bit much at DefCon parties, and has one heck of a hangover.

Our Take on This Weeks News

Cybercriminals destroy a reporters digital life

August 1, 2012, Episode 267, Sin City Security Confabs

Posted in Breach, Conference Coverage, darkweb, ediscovery, Exclusive, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , on July 30, 2012 by Habeas Hard Drive

Episode 267 of The CyberJungle is about 34 minutes long.  You can hear it by clicking on the flash player below. The interview with Moxie Marlinspike on PPTP VPN flaws, begins at about 8min. The interview with FX on router flaws begins at about 12min. The interview with David Kennedy on attacks that by-pass nearly every data defence begins at  about 23min.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 267 via the flash player:

Interview

Moxie Marlspike on PPTP VPN flaws. Link to CloudCracker, ChapCrack, and Moxie’s site and projects.

FX talked about Huawei Router flaws.

CYBERJUNGLE RADIO EXCLUSIVE LIVE FROM SecurityBSides Las Vegas 2012 – David Kennedy on a Super Stealthy Attack That By-Passes Nearly All CyberDefences

Tales From The Dark Web

On a break this week. Rumors are that Tales From The Dark Web was spotted in the Lockpicking Village at DefCon

Our Take on This Weeks News

Apple Jury to Learn of Samsung Document Destruction

Elinor Mills’ story: NSA director finally greets Defcon hackers

Holman Jenkins’ story, including another take on the NSA: Can Data Mining Stop the Killing?

Wrap

Just about anything can happen at DefCon. Just ask this unlucky smartphone user.

iOS TrackerGate: Not New, But Still Disturbing

Posted in Court Cases, criminal forensics, ediscovery, eMail Security with tags , , , , , , on April 21, 2011 by Habeas Hard Drive

The technical and non-technical press is buzzing over the “discovery” by a forensic researchers Alasdair Allan and Pete Warden. The revelations are not new, but the implications are still very disturbing.

Yesterday, Allan and Warden released a an application that uses an interesting plain-text file on 3G iPhones and iPads.  This file contains the geo location of where the device (and presumably it’s owner) has been.  The application blots the geo data onto a map, allowed one to see the travels and location of the device, and it’s owner.

The non-technical press has taken this story as a revelation.  Both the Wall Street Journal radio report out of the Bay Area (on KSFOAM) and The BBC World Service have been running this story all morning. Alex Levinson is a forensic researcher that has correctly pointed out that work by Allan and Warden did not credit the earlier research done by Alex, and others, in this area. Indeed, in a The CyberJungle posting from the Paraben Forensic Innovator’s Conference (PFIC) in Park City, UT last November, we reported the mountains of data that can be recovered from iOS devices.

The privacy implications of this data becoming available to in a civil lawsuit, or in a criminal matter, are quiet significant. Everything from visits to a mental health provider, a controversial art exhibit, a winery,  or a discreet meeting with an ex lover could become open to unwanted scrutiny.  It’s difficult to predict how the information regarding someone’s whereabouts could be used to harm an individual in a civil or criminal matter. We already have privacy challenges with the proliferation of closed circuit television (CCTV), and the ability to correlate the data with iOS geo data becomes an enormously powerful investigative tool.

Interestingly, yesterday also saw reports that Michigan law enforcement  maybe taking complete “in the field” forensic images of mobile devices from some drivers during routine traffic stops.  This revelation should cause any citizen to take a pause, as it has the Michigan ACLU.

What are some of the techniques the average citizen can use to add layers of privacy, and still use a mobile phone, or tablet?  We plan more coverage of this story in the next episode of CyberJungle Radio (episode 210), including options to help mitigate these privacy leaks.

by Ira Victor, G2700, GCFA, GPCI, GSEC, ISACA-CGEIT. Ira Victor is a forensic analyst with Data Clone Labs, He is also Co-Host of CyberJungle Radio, the news and talk on security, privacy and the law. Ira is President of Sierra-Nevada InfraGard, and a member of The High Tech Crime Investigator’s Association (HTCIA). Follow Ira’s security and forensics tweets: @ira_victor .

March 14, 2011 – Episode 204

Posted in Breach, criminal forensics, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on March 13, 2011 by Habeas Hard Drive

Episode 204 of  The CyberJungle is about 39 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.

To listen to Episode 204 via the flash player:

Interview

Interview: Trevor Dietrich, VP and Co-Founder of Bayalink Solutions, on a virtulization app to secure iPads + more. He’s seeking beta testers. Trevor’s Twitter Feed.

Our Take on The Week’s News

A federal district court in New Jersey has decided that a social worker and special education instructor employed by the school board are liable for violating a high school student’sprivacy… after the teacher handed out a poorly-redacted copy of the studen’t psychological evaluation as a teaching tool. Read the story here, or read the court’s decision.

Industrial Espionage at Renault, or poor forensics, or both? Some details in this Economist story.

California’s top utility regulator has given gave Pacific Gas and Electric Co. two weeks to propose a way for customers to opt out of receiving the company’s controversial wireless SmartMeters.

The iPhone 4 falls at CanSecWest Pwn2Own Contest, and Blackberry.

Tales From The Dark Web

Vehicle hacking via trojan MP3? Read the story here.


March 7, 2011 – Episode 203

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, Exclusive News, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , , , , , on March 7, 2011 by Habeas Hard Drive

Episode 203 of  The CyberJungle is about 53 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.

To listen to Episode 203 via the flash player:

Interviews

Charlie Miller, 3x Pwn2Own “hacking” contest winner stays home; response by Dragos, Founder of CanSecWest . Follow Charlie on Twitter.

Tales From The Dark Web

Exactly what is the “boy-in-the-browser attack?”

Our Take on The Week’s News

Lawsuit accuses Amazon of capturing and sharing customer information without permission by tricking Microsoft Internet Explorer

Google Android in app malware flap, iPad2 security, and Blackberry Playbook running Android apps + better security? Interview on Playbook security Ira Victor mentioned in this segment. You may download the segment, or listen to the conversation here:

Via the flash player:

More mobile security news, Keeping Tabs on Android Smartphone Activity.

Proof once again that disgruntled employees are among the most dangerous cybercriminals… Texas man sentenced after breaching former employer’s network and deleting critical business files.

Wrap

OtterBox Cases for slider Smartphones: Samantha and Ira give a new OtterBox the field test

Feb 1, 2011 – Episode 198

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Legislation, Podcast, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , , on February 1, 2011 by Habeas Hard Drive

Episode 198 of  The CyberJungle  is 32 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 198 via the flash player:

Interviews

Hey, is that an SMS botnet in your pocket? Straight from Shmoocon 2011, Georgia Weidman tells how the most popular smartphone platforms can be silently seized by the bad guys. Major computer forensic repercussions? The CyberJungle has the first radio interview with Georgia Weidman following Shmoocon. Proof-of-concepts and slides from Shmoocon 2011. The interview starts at about the 20:20 mark.

Tales From The Dark Web

Last may, the Dow plummeted in seconds. Fat-finger error, or something more sinister?

Our Take on The Week’s News

Wired magazine in the UK has jolted some of its subscribers by sending them an issue with the most personal details about their lives on the cover.  Imagine pulling the mag out of your mailbox and there’s your name, along with comments about your latest ebay purchase, your divorce, your kids, and your new boss.

Data retention law does not help law enforcement fight crime, study reveals.

The backlash against smart meters is growing. Joining the privacy advocates and the anti-corporatists are those suffering from “electromagnetic sensitivity.”

The cost of non-compliance with security mandates can be more expensive than the cost of investing in security, says Ponemon Institute.

Slammed: An attempt to regulate computer forensics pros in the State of Virginia

Ira heads to RSA San Francisco 2011. Ira will post reports in Conference Notes. Reports sponsored by LogLogic – The IT Data Management company. Meet Ira in the LogLogic booth #828 during Tuesday night’s RSA pub crawl and drink some Travis Smith’s 510 nano-brew, served fresh in the booth. Ira mentioned the Cryto Adapter by hiddn in this segment.