30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Why are web drive-by downloads proliferating like cockroaches?
* Sixty Minutes just covered a data security story. We rate the coverage.
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 78 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
- Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
- GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
- SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
- DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 78 of the Data Security Podcast
* Conversation: Ira talks with Georg Hess, CEO and Co-Founder, Art of Defence, about network scans versus web application scans. OWASP AppSec DC 2009 takes place this week, November 10-13th, in Washington, DC. The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.
* Tales From The Dark Web: Our take on the 60 Minutes segment Sabotaging The System: Could hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal? Be sure to watch this video segment with the highest level non-technical boss in your organization. Also, make sure you, and your non-technical boss watch the “Web Extras” from this segment. One of the stunning parts of the segment was the claim that private companies are more vulnerable because the companies only care about profit. Unlike government networks, which are more secure (uh?). If that was the case, how can that be squared against the portion of the segment that revealed that the Feds lost 12TB of data from the DOD, DOE, DOC and possible NASA, in 2007? Where was the profit motive that stopped good security in those organizations? Security expert Robert Graham explores this, and other issues, in this posting: Brazil outage NOT caused by hackers.
* From Our Take on The News: New open-source voting technology – the developer is looking for jurisdictions to try it for free. Read the Wired account.
* From Our Take on The News: A technical overview of the newly discovered SSL vulnerabilities and possible mitigation. Ben Laurie has excellent, technical blog postings about the SSL protocol flaw.
* From Our Take on The News: Voters hate traffic surveillance cameras — proven in three U. S. cities in last week’s elections. (As if we still need proof.) Great coverage of traffic surveillance and related matters in Maryland. (But the topic is universal).
* From The Wrap: First iPhone worm found, details at F-Secure. A how-to for changing the SSH default password in your jailbroken iPhone; one uses a computer connected to your iPhone to change the SSH settings. Note: If you are not using a jailbroken iPhone, you don’t need to make changes to be protected from this particular attack.