Archive for RSA

Dec 29 2013, Episode 324, Show Notes

Posted in Breach, Conference Coverage, criminal forensics, darkweb, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on December 30, 2013 by datasecurityblog

Episode 324 of The CyberJungle is about 35 minutes long. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 324 via the flash player:

Interviews

Exclusive From PFIC Conference 2013: Patrick Stump from RokaCom

Our Take on This Week’s News

5 lessons learned from Target security breach

RSA issues non-denying denial of NSA deal to favor flawed crypto code

Tales From The Dark Web

The New Threat: Targeted Internet Traffic Misdirection

Please support our sponsors, as they support The CyberJungle

OUR NEWEST SPONSOR, ATOLOA TECHNOLOGIES….PLEASE VISIT THEIR SITE ATOLA.COM

Atola Insight is an all-in-one hard drive data recovery and forensic system. It offers complex data retrieval functions along with utilities for manually accessing hard drives at the lowest level. Atola Insight has several key features for data capture in forensic and e-discovery cases. Find out more at Atola.com

 

Advertisements

June 19, 2011 – Episode 218

Posted in Court Cases, criminal forensics, ediscovery, Interview Only Edition, Report Security Flaws, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , on June 19, 2011 by datasecurityblog

Episode 218 of  The CyberJungle is about 35 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 218 via the flash player:

Interviews

InfoSec researcher Casey Halverson discovers an unusual tracking “feature” in his Nissan Leaf. Details on his blog.

Marc Maiffret, CTO of eEye Digital on how the simple cyberattacks distract us from the more serious ones . Read Marc’s Blog

Casey’s interview starts at about 08:30 into the show, and Marc’s interview starts about 20:00 into the show.

Our Take On This Week’s News

Remote PC tracking software strikes again. Remember the Lower Marion School District?  A retailer is in similar trouble for snapping remote images of PC users.

Conference Coverage

The CyberJungle goes to the 2011 Gartner Security Summit this week. Get the reports in Conference Notes, starting Tuesday June 21st. And follow (or just read) Ira on Twitter for comments and nuggets of interest from the show.

April 4, 2011 – Episode 207

Posted in Breach, criminal forensics, darkweb, ediscovery, eMail Security, The CyberJungle, Vulnerabilities, web server security with tags , , , , on April 4, 2011 by datasecurityblog

Episode 207 of  The CyberJungle is about 48 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 26:30 mark.

To listen to Episode 207 via the flash player:

Interview

Rob Lee, of the SANS Institute and Mandiant: Defining the Advanced Persistent Threat(APT)

Our Take on The Week’s News

The Epsilon breach, read more in two blog postings at The CyberJungle, here and here.

News on the causes of the RSA breach, read an in-depth blog report from RSA/EMC

Pornwikileaks and a Health clinic under fire for alleged release of porn actors’ personal information. NSFW: Pornwikileaks

Tales from the Dark Web

If you don’t understand this basic cyber crime concept, you better figure it out this week, because there is a large-scale attack underway. The Websense link to the blog posting and video Ira mentioned.

Wrap

Cell phone panic button app sends emergency alerts

March 21, 2011 – Episode 205

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, The CyberJungle, Vulnerabilities, web server security with tags , , , , on March 20, 2011 by datasecurityblog

Episode 205 of  The CyberJungle is about 43 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interviews start at about the 30:30 mark.

To listen to Episode 205 via the flash player:

Interview

Interview: Peter Schlampp, VP Product Management, Solara Networks on the RSA SecureID breach and network forensics

Our Take on The Week’s News

Web browser anti-tracking: Read, “Do not track tools push firms to crossroad,” by James Temple in the SF Gate.

RSA SecureID breach: An Analytical Brief by NSS Labs

Does transparency webapp threaten citizen data when authenticating users? Read “Big Brother Has Been Watching

Civil court action used to take down evil botnet: Read “With Rustock, a New Twist on Fighting Internet Crime” by IDG’s Robert McMillan. CORRECTION: FireEye worked on this takedown, not eEye, as stated by Ira.

Ghostery allows you to block scripts from companies that you don’t trust, delete local shared objects, and even block images and iframes. Ghostery.com.

BetterPrivacy is a Firefox plug-in which protects from usually not deletable LSOs.

Tales from the Dark Web: What do you get when you stir up a pot full of natural disasters, social media alerts, Java exploits and rogue anti-virus? Read the M86 analysis.

Wrap

Supreme Court To Hear Arguments in ID Search Case: The case concerns an unlawful police stop. Defendant asserts that police had no basis for pulling his car over and then running his license.  EPIC’s amicus brief.

Episodes 114 and 115 – February 27, 2010

Posted in Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Show Notes, Vulnerabilities with tags , , , , on February 28, 2010 by datasecurityblog

The CyberJungle episode 115 features an interview with Simon Bransfield-Garth, CEO of CellCrypt on the growing potential for cell phone eavesdropping; also, an interview with information activist John Young, whose website cryptome.org was shut down on orders from Microsoft attorneys after he posted a document the company considers proprietary.Bransfield-Garth’s interview starts approximately 21 minutes into the podcast.  Young’s interview can be found approximately 53 minutes into the podcast.

We have posted a separate, unedited version of the Simon Bransfield-Garth interview, as our “su root” edition this week. The su root interview is always longer and more technically sophisticated than the podcast versions, which have been edited for radio. This su root offering is labeled episode 114.

Click Here to Listen to Episode 115. Shownotes below.

The Chuck Norris attack… so named because of references to the action film star in the code…. It’s targeting the D-Link router.

Wyndham Hotels Breached for the third time – And the Wyndam Privacy and Security Policy indicates privacy and security might not be a top priority… also reveals the large number of brand name hospitality establishments owned by Wyndam.

Inventory documents from the Department of Homeland Security show that 985 computers were lost by the Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) in fiscal 2008. In addition the departments lost hundreds of night vision scopes, computer switchers worth $92,000 apiece, and an international harvester truck. All of this loss was considered by the feds to be within acceptable loss limits.

Eric Schmidt, privacy hypocrite: We’re ordering a T-shirt for Google CEO Eric Schmidt, who famously proclaimed in a recent CNBC interview that “if you have something you don’t want anyone to know, maybe you should be doing it in the first place.” Schmidt apparently had his employees take down a blog from Google Blogspot, in which his mistress made numerous references to him. So fortunate that he runs the company where his privacy was breached. His new motto will be “Privacy for me, but not for thee.” Thanks to Valley Wag for this delicious morsel.

Just in case you’ve been living under a rock, parents of high school students in Lower Merion School District are suing after the district activated the cameras in school-issued laptops and spied on the kids while they were at home. The lawsuit slaps the district with violations of all of the following laws:

Electronic Communications Privacy Act, The Computer Fraud Abuse Act, the Stored Communications Act, a section of the Civil Rights Act, the Fourth Amendment of the U.S. Constitution, the Pennsylvania Wiretapping and Electronic Surveillance Act and Pennsylvania common law.

Not so fast, says Orin Kerr, law professor at George Washington University, and regular contributor to the Volokh Conspiracy. Kerr’s analysis shows how specific these laws are, and how tough it is to prosecute violations of federal computer protection laws. The only real case against the school district, says Kerr, is a Fourth Amendment case.