Archive for SEC

Apr 30 2018, Episode 400, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , on April 30, 2018 by datasecurityblog

Episode 400 of The CyberJungle is about 24 minutes long.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 400 via the flash player:

Last Private Place

Amazon has fixed a bug that allowed hackers to listen in on Alexa devices.

Our Take on This Week’s News

Win 7, Server 2008 ‘Total Meltdown’ exploit lands, pops admin shells

SamSam Ransomware Evolves Its Tactics Towards Targeting Whole Companies

Altaba, Formerly Known as Yahoo!, Charged With Failing to Disclose Massive Cybersecurity Breach; Agrees To Pay $35 Million

Tales from The Dark Web

Don’t rush to deploy 5G if you want IoT security, agency warns

Wrap

You could be flirting on dating apps with paid impersonators

PLEASE SUPPORT OUR SPONSOR – PFIC: Paraben Forensic Innovations 2018

This 2-day event brings together industry experts on a variety of topics in both lectures and labs. The best part of PFIC is as an attendee you get to attend 100% of the content with the unique rotating format of A and B days. One day you attend all the lectures the next you attend all the labs. Plus see Ira Victor, of the CyberJungle, speak. Register early seats are limited.

 

PFIC 2017,

 

Advertisements

Aug 22th 2015, Episode 370 Show Notes

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, eMail Security, Podcast, Show Notes, The CyberJungle, Vulnerabilities, web server security with tags , , , , , , on August 12, 2015 by datasecurityblog

Episode 370 of The CyberJungle is about 22 minutes long. The interview with Blackphone CTO John Callas on Android patching and the second generation Blackphone begins at about 14:30.  You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 370 via the flash player:

Interview

Blackphone CTO John Callas on Android patching . Correction: In the interview, Ira Victor said he was recording John Calla at BlackHat. The interview was recorded up the Las Vegas strip at DefCon.

Our Take on This Week’s News

Elastica Discloses Script Injection Vulnerability in Salesforce . More coverage at BetaNews.

SEC: CyberGang stole secrets for up to $100 million insider-trading profit

Researchers: Another critical car attack

 

Tales from The Dark Web

Ubiquiti Networks victim of $39 million social engineering attack

Wrap

Check out Conference Notes and Ira’s Twitter timeline for our takes on BSidesLV, PasswordHack2015, and DEF CON 23

Please support our sponsors, as they help make The CyberJungle possible:

peerlyst

Peerlyst is a network of security professionals. Our goal is to make our members’ jobs easier by giving them a place to find and compare security solutions—and learn from their peers’ real‐world experiences. Peerlyst is the place where security pros can instantly connect with each other, rate and learn about products, securely collaborate on projects, grow their expertise, and discover new career opportunities.

PLEASE VISIT THEIR SITE Peerlyst.com

 

April 24, 2010 – Episode 131

Posted in Breach, Business Continuity, Court Cases, criminal forensics, ediscovery, eMail Security, Exclusive, Legislation, Podcast, Show Notes, The CyberJungle, Vulnerabilities with tags , , , , , , , , on April 24, 2010 by datasecurityblog

Interview: Evan Ratliff joins us to discuss his attempt to vanish for a month, with Wired Magazine challenging readers to find him, and a $5,000 reward for anyone who snapped his photo and said the word “fluke.”  An online posse developed, Evan ducked discovery for 25 days, and was caught in New Orleans, a few days shy of his goal.  The interview is about 14 minutes long, and it starts about 57 minutes into Episode 131. You may stream the program here:

You may download Episode 131 here. Or visit the Listening Options page for more ways to hear the program.

Discussion: The texting case that made it to the U.S. Supreme Court.  We discuss with ACLU Attorney Lee Rowland Fourth Amendment protections as they apply (or don’t apply — that’s what the court is considering)  to text messages, and under what circumstances.  Our discussion with Lee is about 20 minutes long, and starts about 22  minutes into Episode 131

Our Take on This Week’s News

Amazon is fighting off a demand from the North Carolina Department of Revenue (the state tax collectors). The state wants a record of all Amazon purchases made by its residents, and it wants names, so it can collect the sales tax.  Amazon says “privacy violation.”  And remember Amazon’s original business was books, which have a special place in the law when it comes to protecting their owners from government intrusion.

Here’s the story as reported by c|net, and here’s Amazon’s complaint.

Cyberattack on Google Said to Hit Password System.  More has been revealed about the extent of the Aurora attack on Google.  This story was apparently leaked to the New York Times by someone familiar with the investigation.  It suggests huge implications for the security of all Google applications.

Facebook is becoming quite brazen about exposing user profile information. This opinion piece at EFF explains the latest piece of information to be taken out of the user’s control.

Related:  The Facebook “like it” button, coming soon to websites everywhere.

About the most straightforward information-sharing scheme we’ve seen yet:  Blippy mines your email and credit card statements (with  your permission) and posts every purchase you make.  Blippy is the VC flavor of the month, having just received $11 million.  Too bad some credit card numbers belonging to Blippy users turned up when some curious surfers hit Google with search strings containing the words “Blippy.com” and “from card”.  Will Blippy survive?  Probably, even in the face of a less-than-apologetic stance from the company (Co-founded by the infamous Pud, of the infamous FuckedCompany.com site from the “dot-bomb” period.)  Why anyone would want to be part of Blippy, especially now,  is a separate discussion.

Highly-paid SEC lawyers and accountants spent their days surfing porn sites while Bernie Madoff was making off with a whole lotta other people’s money. We ask why, in an entity whose mission revolves around audits and controls, were there no audit trails and controls to call attention to an employee with 16,000 attempts to access porn?  Shouldn’t this have been nipped in the bud before it spiraled out of control?

You probably read about some of the chaos that ensued from McAfee’s latest update.  But this story by a SANS incident handler takes the prize.

Malware mules:  We all know about drug mules and money mules.  But the black market for email credentials is creating some new opportunities.