Episode 242 of The CyberJungle is about 25 minutes long. You can hear it by clicking on the flash player below. The interview with Sean Morrissey of Katana Forensics begins at about 13min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.
Forensic innovator Jonathan Grier has developed tools that use statistical analysis of file access data to reconstruct timelines. According to Mr. Gerier, his method can be used to determine what, if data was exfiltrated from the system. Read more in: Detecting data theft using stochastic forensics.
Episode 239 of The CyberJungle is about 30 minutes long. You can hear it by clicking on the flash player below. The interview with Dr. Karen Paullet on being a cyber expert witness begins at about 13min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.
Episode 238 of The CyberJungle is about 21 minutes long. You can hear it by clicking on the flash player below. The first interview (with Sean Morrissey of Katana Forensics) begins at about 03min. The second interview (with Ryan Washington of AR-Forensics) begins at about 10min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.
To listen to Episode 238 via the flash player:
We break from our normal programming schedule. The CyberJungle went to the Paraben Forensics Innovator’s Conference last week. We have special extended coverage with Ryan Washington of AR-Forensics, on so-called “anti-forensics” techniques. And, Sean Morrissey, CEO of Katana Forensics gives us his take on Apple’s moves against a well-respected security researcher.
Episode 232 of The CyberJungle is about 28 minutes long. You can hear it by clicking on the flash player below. The interview begins at about 14min. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.
This week’s regular episode of The Cyberjungle is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
School bus surveillance cams – School buses equipped with traffic cams. It’s an experiment in a Maryland school district, where officials say the little darlings are in more danger as they alight from the bus than any other time, although no child in Maryland has ever been hit while alighting from a school bus.
Ten oreos, two handfuls of fritos, a pint of Ben and Jerry’s – Are you aware that when you make use of web tools that allow you to keep track your personal behavior, that information could become discoverable in court? (Diet websites come to mind.)
Participants wanted– A new project to monitor BlackBerry traffic as it is sent from various countries. The results will help researchers and users understand what’s happening to the communications as RIM is pressured to cooperate with repressive governments.
Episode 161 is the this week’s full episode of The CyberJungle, posted immediately below. Episode 160 is the su root edition for advanced listeners – material that’s too technical for the radio. The advanced material consists of three conversations from DefCon 18. Scroll down to the end of this batch of shownotes to find it.
This week’s regular episode of The Cyberjungle is 1 hour and 12 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 161 via the flash player:
Security Researcher Craig Hefner offers an alarming discovery about the consumer grade routers you buy at the big box store. He’s found major flaws in these router/firewalls. This interview is about 8 minutes long, and it begins at 59 minutes into Episode 161. Or you can just listen to the interview by going to our conference notes page. Also, here are some links to more information about Craig’s work:
Our dramatic audio taken at a DefCon 18 press conference, in which the host of the press conference begins (quite out of the blue) to describe his personal relationship with Adrian Lamo, one of the central characters in the Wikileaks incident. We posted this story, and six minutes of audio featuring cybersecurity researcher and self-described white-hat hacker Chet Uber on the last day of DefCon. In it, Uber discusses how he persuaded Lamo to turn in accused leaker Pfc Bradley Manning. There is a disputed fact in Uber’s account. Uber said he helped Lamo determine that documents in his possession were classified. Lamo now denies that he ever had possession of top secret documents. The facts will come out at Bradley Manning’s trial. No matter who is correct, the sound file offers some interesting insight into how a high-level meeting with federal law enforcement is arranged, and what top secret documents look like. The file is at the bottom of this story, if you want to hear it.
Our Take on This Week’s News:
The National Science Foundation has a porn problem according to Senator Chuck Grassley. Seems the science guys are passing around porn despite technical measures taken by the agency to block it. Oh, and there’s one guy who reportedly spends 20 percent of his time looking at porn, at an estimated cost to the taxpayer of $58,000. So do the math. This guy makes $290k per year??? WTF!!!
BlackBerry Ban – RIM Coming To Agreement With Middle-Eastern and Asian Nations on Eavesdropping. The question that we are still researching: What about a foreigner that uses BES in one of the nations? Is the traffic routed to one of these local RIM servers, or back to Canada?
Salute to the Wall Street Journal for its series this week on web tracking, cell tracking and other privacy issues.
We stumbled over the Social Engineering contest at DefCon18. A super fun event to watch, as contestants placed phone calls to major U.S. corporations, and charmed employees into revealing a wide range of information about company operations — everything from the name of the dumpster service to the details of the IT architecture. (We posted a story about it here, describing a call to Apple that yielded a whole lotta info. Boy, Steve’s gonna be mad. There’s also an audio file with a three-minute explanation of the contest by its organizers, an group called Social-Engineer. The audio file is located about half-way through the story.) Read about the Social Engineering organization here.
The annual session on physical lock security is always a hit. (This year there was more than one.) We attended the presentation by Marc Weber Tobias. His team demonstrated flaws in five different locks, from the plain-vanilla pin tumbler lock on your back door, to the $200 fingerprint biometric, the electronic RFID military lock and even a personal safe. You can see the videos here, demonstrating how the locks were breached.
Speaking of physical security — a state agency head in California sent an email message to 175 employees announcing that the lock at the south end of their office building was malfunctioning, and there was no budget to fix it. This column in the Sacramento Bee offers an unintentionally comical account of the way this broken lock was broadly communicated to the world when one of the employees faxed a copy of the email to a state worker newsletter. The info apparently ended up — we’re not sure how — on the desk of the SacBee reporter who wrote the column. The major point of the story is that California has no money, and even getting approval to fix a broken lock on a state building in a bad neighborhood is a tough uphill climb. But the funny part is how nobody ever stopped to consider that inside this building, where unemployment benefit checks are written, there is a whopping amount of personal information about the citizens of the State Formerly Known as Golden. Wow… If we were bad guys we’d probably keep an eye on this place even after the lock is fixed, because it might be a really easy target.
If we don’t laugh, we’ll probably cry. For laughs – a national association of perverts has offered an endorsement of body scanning machines in airports. Now read this and weep – The feds love these machines so much that they’ve decided to deploy them at federal courthouses as well as airports. Where next, the public library? And yes, they do store images, the feds now admit, after repeated denials that the machines had such capabilities. Duh. Did we think they would perform a visual inspection for contraband, and then fail to store the image for evidence during prosecution?
Episode 160 – su root edition:
This is our unedited edition, featuring three interviews straight from DefCon 18. The audio file is 34 minutes long. This is a special DefCon18 edition featuring interviews with David Bryan on building a network to withstand thousands of hackers, and using low-cost equipment and volunteers. He has lessons for anyone building a network today. Then we have an interview with Chris Drake of Firehost web hosting on web application security. Finally the third interview is with Suhil Ahmed of Airwave Security about his discovery of a flaw in the WPA WiFi security protocol that can reveal confidential information, and has no patch. But, there is a workaround.
You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to su root edition (episode 160) via the flash player:
You can hear episode 159 by clicking on the Flash player below, or if your device does not support Flash, you can visit our listening options page for other ways to receive the show. Episode 159 is one hour and 9 minutes long.
Interview #1 – Jeremiah Grossman, CEO of White Hat Security, discovered an odd security flaw in the Apple Safari Browser. Alas, he tried to notify Apple, only to be rebuffed. He posted the story on his blog, and he decided to go public at Black Hat, and just about the time we finished this interview with him, Apple acknowledged the problem. Fix pending. Hear an overview of Jeremiah’s presentation in Episode 159. It’s 11 minutes long, starting about 12 minutes into the show.
Interview #2 – Mickey Boodaei, CEO of security firm Trusteer, has been hard at work on the banking trojan problem, and they’ve got a problem that may help. We discuss it with him in Episode 159. It’s 10 minutes long, starting at 55:00.
Banks have long since stopped moving paper checks from one location to another, preferring the economy of scanning. What if someone broke into the digital repository where they store all those pictures of checks?… Someone did.