Archive for RFID

Aug 16th 2013, Episode 312, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on August 15, 2013 by Habeas Hard Drive

Episode 312 of The CyberJungle is about 27 minutes long.  The interview with Chris Payne from SecurityBSidesLV begin at about the 11min mark. The interview with Barry Shteiman, of Imperva begin at about the 15min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 312 via the flash player:

Interviews

Chris Payne is part of the GrrrCon crew

Barry Shteiman, is a Sr. Security Strategist with Imperva. Here is a link to their blog.

Our Take On This Week’s News

Google reveals what their real stance is on privacy

What mega tech companies should tell The Feds when it comes to surveillance

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

July 24th 2013, Episode 309, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on July 24, 2013 by Habeas Hard Drive

Episode 309 of The CyberJungle is about 30 minutes long.  The interview with Lance James on DDOS attacks begin at about the 17min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 309 via the flash player:

Interviews

Nick Cavalancia, VP SpectorSoft, on the Human Firewall. Boardroom study on security mentioned in the segment. SpectorSoft Blog for organizations.

Tales From The Dark Web

Phone attackers threaten public safety

Our Take On This Week’s News

SharePoint and USB drives source of Snowden leaks

InfoSec a mess at US State Department?

RFID a bust in Texas public school

Please support our sponsors, as they support The CyberJungle

HTCIA International Conference and Training Expo 2013

HTCIA International Conference and Training Expo 2013

The High Technology Crime Investigation Association (HTCIA) Annual conference is committed to bringing its participants – members or non-members — the best training, tools and networking the industry has to offer.

We rely on the generosity of our sponsors, who take a vested interest in working with us to develop a conference that exemplifies what the HTCIA organizations stands for. By fostering the exchange of investigation-related information and ideas, we bring together a community of professionals who help one another understand and adapt to our rapidly evolving industry–to everyone’s benefit.

The 2013 conference is being held from September 8-11, 2013 in Las Vegas, NV [Summerlin is the western side of Las Vegas, 15min from Downtown via freeway].

Paraben's Forensic Innovations Conference

The Paraben Forensic Innovations Conference has been an annual event since 2008. Since that time it has rapidly evolved into a higher attended conference with a broader scope of topics reaching from deeply technical into the legal aspects of the forensics and eDiscovery industry. Those who attend PFIC are as diverse as our topics, from law enforcement and lawyers, to corporate entities, government agents, private investigators, and educational institutions. If you haven’t had the opportunity to attend, this is your chance to experience the fresh air and mountains of Utah as well as the fresh topics that will be the highlight of this year’s conference. If you’ve already attended, then you know what to expect and are as excited as we are about it!  PFIC 2013 will be held November 13-15th, 2013 in Salt Lake City Utah. Space for this conference is limited, and with tickets starting at $199, the show will almost surely sell out. The CyberJungle will be there, because it is one of the best bang for the buck forensic conferences of the year.

 

August 28, 2010 – Episodes 166 and 167

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Legislation, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on August 29, 2010 by Habeas Hard Drive

Episode 167 is the this week’s full episode of The CyberJungle, posted immediately below.  Episode 166 is the su root edition for advanced listeners – material that’s too technical for the radio.  The advanced material consists of a couple of conversations with experts who share our alarm at the news that businesses are having a love affair with the iPad… it’s a perfectly wonderful device for watching movies, playing games, and personal communications… but for business, we’ve seen too much evidence that iPad is lacking in security infrastructure, and our two guests agree.  Amber Schroeder is CEO of  Paraben. She joins us in a 17 minute conversation.  And we talk with Raf Los, security evangelist for HP,  for 22 minutes.  Scroll down to the end of this batch of show notes to find it.

Episode 167:

This week’s regular episode of  The Cyberjungle  is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 167 via the flash player:

Interviews

Abbreviated versions of the two interviews described above, regarding iPhone security. Amber Schroeder’s short version  interview begins approximately 23 minutes into episode 167.  The abbreviated interview with Raf Los begins about and hour into the show. For the complete versions of both interviews, scroll down to episode 166.

Tales from the Dark Web

Girl who had sex with 5,000 men… or so she says… makes a great subject to be exploited by sleazy Facebook scammers

Our Take on This Week’s News

Forget Big Brother. Steve Jobs Is Watching You–  Apple wants to patent spyware technology to record the faces, voices and heartbeats of its iPhone users… EFF predicts the product will be used not only to track lost or stolen phones, but to retaliate against iPhone jailbreakers.

Supercookies – Lawsuit against advertising firm Specificmedia for using cookies even after a customer wants them deleted is extremely complex, but worth understanding.  BTW — test your browser to see how many Supercookies are hiding there without your knowledge. Here’s a tool that Ira talked about to delete Supercookies:  BetterPrivacy

Kids as guinea pigs? Connecticut high school is being courted by manufacturer of RFID tags, so the company can get $100k in federal grant money for an experiment.

Defense department is officially disclosing the biggest cyberattack against the U.S. military.  It originated from a USB device, and by the way, why now? To raise public awareness and concern just in time for a cybersecurity provision in the Defense Authorization Bill.

Firewall frustrations: CIOs Surveyed say employees complain about IT security policies. So… is the content-based approach to web filtering the wrong approach?  One researcher  security-based analysis is becoming more important than content filtering.

You’ve heard of waste, fraud and abuse? Chicago doctor bills private insurance companies and Medicare for $13-29 mil in fake treatments… here’s how he did it.

Apple security- critical update for OS X users

Microsoft Security Advisory- (2269637); Insecure Library Loading Could Allow Remote Code Execution …  There’s a detailed blog posting by a security researcher on this massive Microsoft DLL flaw here.

Episode 166 – su root edition:

This is our unedited edition, featuring a longer and more technical conversation with  two experts about the perils of iPad use in a business environment. Amber Schroeder of Paraben, and Raf Los of HP share their thoughts on the subject.  The total time for the two interviews is 42 minutes.  You can find additional information about Paraben’s Forensic Innovations Conference 2010 in Park City in November.  Read more thoughts from Raf Los in his HP blog here.

You can hear the su root interviews in epsisode 166 by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.  The audio file is 42 minutes long.

To listen to su root edition (episode 166)  via the flash player:

August 22, 2010 – Episodes 164 and 165

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, The CyberJungle with tags , , , , , , , on August 22, 2010 by Habeas Hard Drive

Episode 165 is the this week’s full episode of The CyberJungle, posted immediately below.  Episode 164 is the su root edition for advanced listeners – material that’s too technical for the radio.  The advanced material consists of an interview with Dr. Richard Boyd, a senior researcher with Georgia Tech Research Institute, on using low-cost graphic cards to brute force passwords.  Scroll down to the end of this batch of show notes to find it.

Episode 165:

This week’s regular episode of  The Cyberjungle  is 1 hour and 18 minutes long. You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.

To listen to Episode 165 via the flash player:

Interview

Joshua Davis is a researcher with the Georgia Tech Research Institute. We discuss the new standards for strong passwords, and the new ease with which passwords can be broken.  The 7-minute interview starts at about 22 minutes into episode 165.

Learn More: Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World’s Password Security System

Tales from the Dark Web

If you get a message that looks like it’s from LinkedIn, be extra careful.  There’s a fake one circulating and it may link you to rogueware.

Our Take on This Week’s News

Get your tech out of my trash can – The City of Cleveland is expanding a pilot program which monitors trash cans of city residents via RFID chips embedded in the cans.  Because of a trash-sorting requirement to use separate cans for recycling, city workers are able to monitor how often each household recycles, and decide whether too much time has passed since the recycling cart was last brought to the curb.  If the household is sluggish in its recycling practices, the city will inspect the trash, and can fine the resident.

We’re reading more about automated safety alerts that are supposed to tip off workers to possible problems with industrial systems, and computer malfunctions that cause these features not to work or to be ignored.  Or maybe we’re just noticing these stories more since the gulf oil spill. Now it seems malware may have been  indirectly responsible for an airplane crash a couple of years back.  The report is due out soon after a two-year investigation of a Spain Air jet that crashed because of wing flaps that didn’t get repaired.

We took our eye of the school laptop spyware case for a few months, and missed some developments in the lawsuit against the Lower Marion school District, which has has been swimming in a vat of hot water since it botched a scheme to track missing school-issued laptops, and ended up snapping photos of kids in their bedrooms instead.  There was a second suit filed by another kid whose privacy was invaded.  The expenses related to defending the district is pushing a million bucks, and the insurance company won’t pay. Hello, taxpayers.  And the lawyer for the plaintiffs says he wants his money now.  BTW, the district will roll out policy on Monday for laptop tracking.  Gee, too bad they didn’t do that before they gave the kids laptops loaded up with spyware.

Beware the TapSnake game –  It’s GPS Spyware on Android. Tapsnake and GPS SPY are companion programs developed by a Russian developer based in Texas, Mr. Max Lifshin (“Maxicom”).   Someone posted a link to his resume,  where we discover that he used to work for the Massachusetts Water Resources Authority.

The government-industry partnership – Government agencies aren’t providing business with timely tips about cyberthreats, according to a GAO report. (PDF)

Ira’s Classroom

Easy way to disguise your email address from spammers: http://scr.im

How to free yourself from the prying eyes of Google (Or, recognizing that you can’t be entirely free of Google, take some steps to minimize Google surveillance):

Two Resources: http://safeandsavvy.f-secure.com/2010/08/16/get-google-out-of-your-life/ and http://howto.wired.com/wiki/Un-Google_Yourself

Search engine alternative, excellent as your home page: http://www.StartPage.com

Episode 164 – su root edition:

This is our unedited edition, featuring a longer and more technical conversation with Dr. Richard Boyd of the Georgia Tech Research Institute, about a new threat to common passwords.   Learn More at Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World’s Password Security System.

You can hear it by clicking on the flash player below, or you can go to the listening options page and browse for other ways to hear the show.  The audio file is 25 minutes long.

To listen to su root edition (episode 164)  via the flash player:

May 23, 2010 – Episode 139

Posted in Court Cases, criminal forensics, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , , on May 22, 2010 by Habeas Hard Drive

Interview Segment:

Josh Levy, a writer, internet strategist, and the organizer of a project called “pledge to leave facebook.” The interview is 9 minutes long, and it starts about 56 minutes into the show. Episode 139 is 1 hour and 12 minutes long. You can hear it by clicking on the flash player below, or click on the listening options page for other ways to listen.

To listen to Episode 139 via the flash player:

Our take on this week’s news:

Co-host Ira Victor is out of town.  Lee Rowland from the ACLU of Nevada sits in as guest co-host for a first-hour privacy round-up.  Recent issues include:

The Houston Police Department recently held a secret (no media allowed) event where the invited guests contemplated the use of drone aircraft for domestic law enforcement.  Nonetheless,  one news outlet got wind of it, and stationed its television cameras on the property next door. They caught the launch of the drone on camera.  Cops say they aren’t sure how they’ll use the technology, but aren’t ruling out anything. Watch the whole report.  It’s about four minutes long.

Incoming U.C. Berkeley freshmen are being encouraged to offer a  DNA sample.  And why were RFID chips implanted in Alzheimers patients without proper oversight?

TSA continues to roll out the full body scanning machines to airports across the nation.  Passengers don’t seem to be aware that they can opt for a pat-down instead of a virtual strip search.

Tough week for Facebook.  The Wall Street Journal reports the company gave personal info to advertisers. EFF offers insight.

On the heels of a CBS news investigative report about the data left on copy machine hard drives, the FTC is applying pressure to the makers of the machines to educate customers about scrubbing the hard drives.  (Xerox is leading the pack, according to one account.)

The first-ever jail sentence for a HIPAA violation has been imposed. We wonder why this guy was informed he was about to be fired, and then allowed to hang around and access patient records repeatedly.

Todd Davis of LifeLock told the world his social security number as an advertising gimmick, trying to prove a point, of course.  His identity has been successfully stolen 13 times since being “covered” by LifeLock.

Not cool enough for a mac?  Why the Apple Store refused to sell an iPad to a disabled woman. (She wanted to pay cash. Apple’s iPad policy was credit or debit card only.) And why Apple relented, and delivered the device to her home a few days later. (San Francisco television consumer reporter Michael Finney and his news feature “7 on Your Side” shamed them into it.)

Data Security Podcast Episode 64 – Aug 4 2009

Posted in Breach, Conference Coverage, darkweb, eMail Security, Exclusive, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , , , on August 4, 2009 by Habeas Hard Drive

30 minutes every week on data security, privacy, and the law….(plus or minus five)

On this week’s program:

SPECIAL DEFCON17 Coverage From Las Vegas

* Is YOUR tax return sitting out there on the Internet? Maybe not yours, but Larry Pesce tells us about the tax returns — and the other stuff he found without much effort.

* Breaching the new “personal WiFi” hot spots, is it child’s play? We’ll find out…. On a special Tales From The Dark Web segment … with David Maynor from Errata Security.

* Our take on the DefCon news.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:

This week’s show is 34 minutes.

–> Stream, subscribe or download Episode 64 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 64 of the Data Security Podcast

* Conversation: Ira talks with Larry Pesce, of PaulDotCom, about the downright scary information he easily found while sifting through a file sharing network.

* Tales From The Dark Web:  Ira talks with David Maynor of Errata Security about the security threats associated with personal WiFi devices.  The photo below is of David:

David Mayner with personal WiFi devices

David Maynor holding the Clear personal WiFi device (left) and the Verizon/MiFi personal Wifi device (right)

* From the News:  SSL Certificates Trust attack;  Mike Sussman from Intrepidusgroup.com.

*From the News: Cross Site Request Forgery attacks; Mike Bailey’s from skeptikal.org.

*From the News:  Justin Samuel from the RequestPolicy.com Firefox plug-in team.

*From the News: Tony Flick from Fyrmassociates.com on the electric smart grid security threats.

* Wrap: DIFRWear.com RFID protection products

Michael Aiello, CEO of DIFRWear RFID Protection

Michael Aiello, CEO of DIFRWear RFID Protection

* Wrap: BumpMyLock.com, locks, lock penetration testing supplies, and how to bump open a lock:

BumpMyLock Booth at DefCon17

BumpMyLock Booth at DefCon17

PLUS:

In the Lockpicking Village, Selestius tries to pick her way out of a set of handcuffs. Although the photo is blurry, there is a very slim, long, lockpick in Selestius’ right hand:

Lockpicking handcuffs

Lockpicking handcuffs

Hacking Session Floor Space

Some sessions got so crowded, there was no where to sit.  Sometimes the side isle standing room would fill up.  Due to fire rules, sitting on the floor of the center isle was a hazard.  Faced with not getting to see a hot session, Thomas from LA thought of an original floor hack: He bought a small, $10 folding camping chair. He pulled it next to a hotel chair,  and got a  seat in the center isle of every crowded session! Thomas tells the Data Security Podcast that the “Goons” (DefCon staff) appreciated his innovative approach to crowded sessions.

https://i2.wp.com/security.talkworkshop.com/images/floor_hacking.jpg

Hacking Floor Space

Data Security Podcast Episode 50 – Apr 27 2009

Posted in Breach, Conference Coverage, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , , , on April 26, 2009 by Habeas Hard Drive

The Data Security Podcast is the place for 30 minutes of news every week on data security, privacy, and the law.

This weeks program – RSA Security confab report; A new way to protect against piracy: two-factor authentication. And, our take on this week’s news

–> Stream, subscribe or download Episode 50 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.  Tune in or subscribe via our page at Podcast.com.

This week’s show is sponsored by Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

The Show Notes Page for Episode 50 of The Data Security Podcast

-From The News: Your tax dollars at work… paying a non-PCS compliant company to process your tax dollars. Here’s a copy of Uncle Sam’s contract with RBS Worldpay, which announced a major data breach in December, and which Visa has declared to be non-compliant.

– From The News: Rogue WiFi hotspots at RSA Security, according to scans by AirPatrol.

-> RSA Security confab links: Yubico, BehavioSec, NetworkIntercept, MokaFive, AlertEnterprises.

Parabens Wireless StrongHold Bag

Paraben CEO, Amber Schroader, shows us the Parabens Wireless StrongHold Bag at RSA San Francisco

-Tales From The Dark Web: How a cybergang operates a network of 1.9 million infected computers.

-Conversation: Ira talks two factor authentication for software, music and movies with Stina Ehrensvärd of Yubico.