Episode 204 of The CyberJungle is about 39 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.
To listen to Episode 204 via the flash player:
Interview: Trevor Dietrich, VP and Co-Founder of Bayalink Solutions, on a virtulization app to secure iPads + more. He’s seeking beta testers. Trevor’s Twitter Feed.
Our Take on The Week’s News
A federal district court in New Jersey has decided that a social worker and special education instructor employed by the school board are liable for violating a high school student’sprivacy… after the teacher handed out a poorly-redacted copy of the studen’t psychological evaluation as a teaching tool. Read the story here, or read the court’s decision.
Industrial Espionage at Renault, or poor forensics, or both? Some details in this Economist story.
California’s top utility regulator has given gave Pacific Gas and Electric Co. two weeks to propose a way for customers to opt out of receiving the company’s controversial wireless SmartMeters.
Episode 203 of The CyberJungle is about 53 minutes long. You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 25:30 mark.
Episode 200 of The CyberJungle is 27 minutes long. You can hear it by clicking on the flash player below. You may download the file directly– great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interview is about 8 minutes long and it starts at about the 18:25 mark.
To listen to Episode 200 via the flash player:
Simple Physical Security – Without the “security system tax/fee.” We talk with Andrew Saldana with SecurityMan
Tales From The Dark Web
HBGary’s exposed for trying to counter-attack Wikileaks, security institute issues rare request related to counter-counter-attack
This week’s regular episode of The Cyberjungle is 1 hour and 13 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 181 via the flash player:
Jason Miller, patch management expert with Shavlik Technologies, tells us how to deal with the biggest patch release in modern IT history… which took place on Tuesday, October 12. Jason’s interview is 8 minutes long, and it begins about 24 minutes into Episode 181.
Your building pass could be more valuable than ever – Some federal employees will see their CACs (common access RFID cards) expanded. They’ll still get the card holder into a building or a computer system. But the cards will be expanded to include to include mass transit fares, debit payment, and ATM functionality… all in one card.
Fun finder or stalker tool? The website wheretheladies.at monitors social networking sites to help dudes locate gatherings of women. But blogger Jason Stamper conducted an experiment that points out the dangers women might face when they publish all the details of their daily lives.
This week’s regular episode of The Cyberjungle is 1 hour and 14 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 169 via the flash player:
Sean Paul Correll from Panda Security discusses a survey of small and mid-sized businesses, and discusses what he’s learned about the attitudes and the habits they have when it comes to security.
Read the PandaSecurity report on small and medium sized business security. And Sean-Paul mentioned a free USB anti-malware tool, you may find it here.
Tales from the Dark Web
Fake my traffic – is it a scam, or is it just someone who wants to help you perpetrate a scam?
Our Take on This Week’s News
We hate Google, writ large – Consumer Watchdog has produced a hilarious video taking a jab at Google and Eric Schmidt. Worth watching… and a lot of folks are seeing it since it’s playing on the jumbo tron in Times Square. Schmidt as evil ice cream man offering kids free goodies while taking a body scan from his good humor truck. But we wonder about asking congress to create a “don’t track me” list. That’s like asking the three stooges to clean out the tool shed without hurting each other.
Tales from The Dark Web: Big web traffic means big bucks … but have we uncovered a big Dark Web scam?
Be careful of email messages that appear to come from Symantec products via email. It just might be a scam. See more at Martin Hall’s Blog, The Test Manager
Brian Krebs continues his excellent coverage of the banking Trojans and the people who carry out the attacks. This time the criminals told a money mule that cash stolen from a Catholic diocese was intended for victims of sexual abuse.
Microsoft DLL Flaw New Fixit tool from Microsoft, to be used in conjunction with other mitigation techniques.
Episode 165 is the this week’s full episode of The CyberJungle, posted immediately below. Episode 164 is the su root edition for advanced listeners – material that’s too technical for the radio. The advanced material consists of an interview with Dr. Richard Boyd, a senior researcher with Georgia Tech Research Institute, on using low-cost graphic cards to brute force passwords. Scroll down to the end of this batch of show notes to find it.
This week’s regular episode of The Cyberjungle is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 165 via the flash player:
Joshua Davis is a researcher with the Georgia Tech Research Institute. We discuss the new standards for strong passwords, and the new ease with which passwords can be broken. The 7-minute interview starts at about 22 minutes into episode 165.
Learn More: Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World’s Password Security System
Get your tech out of my trash can – The City of Cleveland is expanding a pilot program which monitors trash cans of city residents via RFID chips embedded in the cans. Because of a trash-sorting requirement to use separate cans for recycling, city workers are able to monitor how often each household recycles, and decide whether too much time has passed since the recycling cart was last brought to the curb. If the household is sluggish in its recycling practices, the city will inspect the trash, and can fine the resident.
We’re reading more about automated safety alerts that are supposed to tip off workers to possible problems with industrial systems, and computer malfunctions that cause these features not to work or to be ignored. Or maybe we’re just noticing these stories more since the gulf oil spill. Now it seems malware may have been indirectly responsible for an airplane crash a couple of years back. The report is due out soon after a two-year investigation of a Spain Air jet that crashed because of wing flaps that didn’t get repaired.
We took our eye of the school laptop spyware case for a few months, and missed some developments in the lawsuit against the Lower Marion school District, which has has been swimming in a vat of hot water since it botched a scheme to track missing school-issued laptops, and ended up snapping photos of kids in their bedrooms instead. There was a second suit filed by another kid whose privacy was invaded. The expenses related to defending the district is pushing a million bucks, and the insurance company won’t pay. Hello, taxpayers. And the lawyer for the plaintiffs says he wants his money now. BTW, the district will roll out policy on Monday for laptop tracking. Gee, too bad they didn’t do that before they gave the kids laptops loaded up with spyware.
Beware the TapSnake game – It’s GPS Spyware on Android. Tapsnake and GPS SPY are companion programs developed by a Russian developer based in Texas, Mr. Max Lifshin (“Maxicom”). Someone posted a link to his resume, where we discover that he used to work for the Massachusetts Water Resources Authority.
This is our unedited edition, featuring a longer and more technical conversation with Dr. Richard Boyd of the Georgia Tech Research Institute, about a new threat to common passwords. Learn More at Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World’s Password Security System.
You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show. The audio file is 25 minutes long.
To listen to su root edition (episode 164) via the flash player:
Episode 161 is the this week’s full episode of The CyberJungle, posted immediately below. Episode 160 is the su root edition for advanced listeners – material that’s too technical for the radio. The advanced material consists of three conversations from DefCon 18. Scroll down to the end of this batch of shownotes to find it.
This week’s regular episode of The Cyberjungle is 1 hour and 12 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to Episode 161 via the flash player:
Security Researcher Craig Hefner offers an alarming discovery about the consumer grade routers you buy at the big box store. He’s found major flaws in these router/firewalls. This interview is about 8 minutes long, and it begins at 59 minutes into Episode 161. Or you can just listen to the interview by going to our conference notes page. Also, here are some links to more information about Craig’s work:
Our dramatic audio taken at a DefCon 18 press conference, in which the host of the press conference begins (quite out of the blue) to describe his personal relationship with Adrian Lamo, one of the central characters in the Wikileaks incident. We posted this story, and six minutes of audio featuring cybersecurity researcher and self-described white-hat hacker Chet Uber on the last day of DefCon. In it, Uber discusses how he persuaded Lamo to turn in accused leaker Pfc Bradley Manning. There is a disputed fact in Uber’s account. Uber said he helped Lamo determine that documents in his possession were classified. Lamo now denies that he ever had possession of top secret documents. The facts will come out at Bradley Manning’s trial. No matter who is correct, the sound file offers some interesting insight into how a high-level meeting with federal law enforcement is arranged, and what top secret documents look like. The file is at the bottom of this story, if you want to hear it.
Our Take on This Week’s News:
The National Science Foundation has a porn problem according to Senator Chuck Grassley. Seems the science guys are passing around porn despite technical measures taken by the agency to block it. Oh, and there’s one guy who reportedly spends 20 percent of his time looking at porn, at an estimated cost to the taxpayer of $58,000. So do the math. This guy makes $290k per year??? WTF!!!
BlackBerry Ban – RIM Coming To Agreement With Middle-Eastern and Asian Nations on Eavesdropping. The question that we are still researching: What about a foreigner that uses BES in one of the nations? Is the traffic routed to one of these local RIM servers, or back to Canada?
Salute to the Wall Street Journal for its series this week on web tracking, cell tracking and other privacy issues.
We stumbled over the Social Engineering contest at DefCon18. A super fun event to watch, as contestants placed phone calls to major U.S. corporations, and charmed employees into revealing a wide range of information about company operations — everything from the name of the dumpster service to the details of the IT architecture. (We posted a story about it here, describing a call to Apple that yielded a whole lotta info. Boy, Steve’s gonna be mad. There’s also an audio file with a three-minute explanation of the contest by its organizers, an group called Social-Engineer. The audio file is located about half-way through the story.) Read about the Social Engineering organization here.
The annual session on physical lock security is always a hit. (This year there was more than one.) We attended the presentation by Marc Weber Tobias. His team demonstrated flaws in five different locks, from the plain-vanilla pin tumbler lock on your back door, to the $200 fingerprint biometric, the electronic RFID military lock and even a personal safe. You can see the videos here, demonstrating how the locks were breached.
Speaking of physical security — a state agency head in California sent an email message to 175 employees announcing that the lock at the south end of their office building was malfunctioning, and there was no budget to fix it. This column in the Sacramento Bee offers an unintentionally comical account of the way this broken lock was broadly communicated to the world when one of the employees faxed a copy of the email to a state worker newsletter. The info apparently ended up — we’re not sure how — on the desk of the SacBee reporter who wrote the column. The major point of the story is that California has no money, and even getting approval to fix a broken lock on a state building in a bad neighborhood is a tough uphill climb. But the funny part is how nobody ever stopped to consider that inside this building, where unemployment benefit checks are written, there is a whopping amount of personal information about the citizens of the State Formerly Known as Golden. Wow… If we were bad guys we’d probably keep an eye on this place even after the lock is fixed, because it might be a really easy target.
If we don’t laugh, we’ll probably cry. For laughs – a national association of perverts has offered an endorsement of body scanning machines in airports. Now read this and weep – The feds love these machines so much that they’ve decided to deploy them at federal courthouses as well as airports. Where next, the public library? And yes, they do store images, the feds now admit, after repeated denials that the machines had such capabilities. Duh. Did we think they would perform a visual inspection for contraband, and then fail to store the image for evidence during prosecution?
Episode 160 – su root edition:
This is our unedited edition, featuring three interviews straight from DefCon 18. The audio file is 34 minutes long. This is a special DefCon18 edition featuring interviews with David Bryan on building a network to withstand thousands of hackers, and using low-cost equipment and volunteers. He has lessons for anyone building a network today. Then we have an interview with Chris Drake of Firehost web hosting on web application security. Finally the third interview is with Suhil Ahmed of Airwave Security about his discovery of a flaw in the WPA WiFi security protocol that can reveal confidential information, and has no patch. But, there is a workaround.
You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.
To listen to su root edition (episode 160) via the flash player: