Archive for Google Streetview

Episode 157 – July 25, 2010

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on July 24, 2010 by datasecurityblog

You can hear episode 157 by clicking on the Flash player below, or if your device does not support Flash, you can visit our  listening options page for other ways to receive the show. Episode 157 is one hour and 10 minutes long.


Dr. Charlie Miller, Principal Analyst for Independent Security Evaluators,  offers a preview of his DefCon presentation about cyberwarfare to be given in Las Vegas at the end of the month.  “Kim Jong-il and Me.” (Yes he’s that Charlie Miller.) Charlie says he really didn’t feel qualified to address the topic of cyberwarfare when he was first asked, but then decided to treat the request as an opportunity to play a game in he pretended he was approached by a rogue government for the purpose of building a cyberarmy.  What would it take?  Hear Charlie’s interview about 23 minutes into episode 157.


The CyberJungle mistakenly reported that it is not possible to turn off an Apple iPad and iPhone feature that reports the owner’s location to the Big A twice daily.  We oversimplified this story and we got it wrong.  We have been informed by our favorite Apple connoisseurs that it is possible to turn the feature off.  We apologize for the misinformation. We have removed the segment from the podcast, so it won’t be heard again,  and we will note in next week’s radio show that we were incorrect.

Tales from the Dark Web

If you’re using Microsoft Windows this attack is aimed at you.  (Raise your hand if you aren’t using Microsoft Windows.)  Here is the MSFT Advisory on the Microsoft Link Attacks. Here is an explanation of the attack and video demo from Sophos.

Our Take on This Week’s News

A consumer survey that measured for the first time customer satisfaction with social media sites reports that — are you sitting down? — people hate Facebook.  It scored lower than the airlines and the cable companies, and even lower than the IRS.

A watchdog organization reports that White House Emails Show More Extensive Improper Contact With Google. The National Law and Policy Center posts links to its letter to the House Committee on Oversight and Government Reform, asking for an investigation of the relationship between Google and its former lobbyist who now occupies the top advisory position to president Obama on internet policy.  There are also links to some of the emails, which seem to support the conclusion that Deputy Chief Technology Officer Andrew McLaughlin is helping to stack the policy deck in Google’s favor on a number of issues.

And while we’re at it, was Google providing intelligence data to the federal government as part of its WiFi Streetview program?

This should freak you out. A Woman found a webcam hidden inside a copy of Chicken Soup for the Soul, which was on a bookcase in her bedroom, pointed directly at her bed.  We found a source for these cameras, which are supposed to be a security tool,  for less than 50 bucks.

Get comfy on the patio with a cold brew and read this great story about a fake infosec chick who persuaded her social networking pals — mostly guys who know secrets related to national security — to forget themselves and reveal a lot of stuff they aren’t supposed to give up.  To anyone.  The girl — Robin Sage — was named after a military training exercise, which was just one of many clues that “screamed fake,” according to her creator, a security researcher whose ruse has demonstrated something we all knew.  Only James Bond can flirt with an exotic hottie and not get burned.

GM suffers theft of hybrid technology worth an estimated $40million. Insider stole information by using a portable USB drive. Data allegedly sold to at least one Chinese auto maker, Chery.

Major Zero-day flaw in Apple’s Safari browser discovered, Apple ignored the warnings so well-known researcher goes public.

Some Dell replacement motherboards come pre-loaded with malware.


May 15, 2010 – Episode 137

Posted in Court Cases, criminal forensics, darkweb, ediscovery, Report Security Flaws, The CyberJungle, Vulnerabilities, web server security with tags , , , , on May 15, 2010 by datasecurityblog

Interview Segment – Jason Miller, Data and Security Team Manager for Shavlik Technologies on patch management.  It’s not a sexy topic, but it’s critically important. Jason says patching should be determined by the needs of the business, rather than the importance rating issued by Microsoft or other vendors. The interview is 7 minutes 38 seconds long, and it starts at about 21 minutes into episode 137.

You may listen to to Episode 137 on via the flash player:

Or go to the listening options page to choose another method of receiving the program.

Our Take on This Week’s News

Privacy: Did Facebook’s Zuckerberg describe early users of his product as  “dumb F**ks” for submitting private information when they signed up?

And Google admits that its Street View cars have been slurping up wireless access point information. There’s a lot of anger over this, and we’re predicting an advertiser backlash against the privacy violators.

As if Goldman Sachs doesn’t have enough problems… Now the company is being sued for intellectual property theft.

Nine  former employees of an education agency in Iowa were indicted for sneaking a peak at Presidential candidate Barack Obama’s student loan records.

A new twist on a familiar theme.  A big company with a security flaw on its website;  a security expert discovers it and tries to report it, but the company ignores him or pats him on the head and tells him to go away.  This happens with surprising regularity. In this case, Smackdown blogger Michael VanDeMer writes about a spate of hacks to blogs hosted by GoDaddy.

Web security firm Dasient reports: In Q1 2010, we estimate that over 720,000 web sites were infected.

Twitter links are safer than Google links.

Critical zero-day flaw found in Apple’s Safari browser.

FAQ:  To delete Apple Safari browser (and other applications) in WindowsXP, in Windows7.

Browser alternatives to Safari on iPhone: Opera Mobil (versions also available for BlackBerry. Ira also like Bolt Browser for BlackBerry.

Flashback: Remember Mikeyy the (self-proclaimed) teenaged Twitter Hacker?