Archive for two factor

March 06 2013, Episode 293, Show Notes

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Show Notes, The CyberJungle with tags , , , , , , on March 6, 2013 by datasecurityblog

Episode 293 of The CyberJungle is about 25 minutes long.  The interview with Dr. Larry Ponemon on the Post Breach Boom report, begins at about the 10min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 293 via the flash player:

Interview

Dr Larry Ponemon speaks with Ira about the reports, The Post Breach Boom, and Risk of Insider Fraud: Second Annual Study.

Tales From The Dark Web

Evernote: We’re Adding Two-Factor Authentication

Tales Our Take On This Week’s News

Dating Websites Providing More Divorce Evidence Says Survey: Nation’s Top Matrimonial Lawyers Cite Match.com as Most Common Source

New Samsung Galaxy phone might be controlled by your eyes

Please support our sponsors, as they support The CyberJungle

SpectorSoft

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

Advertisements

February 25 2013, Episode 292, Show Notes

Posted in Exclusive, Show Notes, The CyberJungle with tags , , , , , on February 25, 2013 by datasecurityblog

Episode 292 of The CyberJungle is about 36 minutes long.  The interview with Alex Doll, CEO of OneID, on two factor authentication using elliptical curve cryptography begins at about the 21min mark. You may download the file directly – great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show.

To listen to Episode 292 via the flash player:

Interview

Alex Doll, CEO of OneID, on their approach to using two factor authentication with elliptical curve cryptography. The company says the primary purpose of OneID as a digital identity provider. Here’s their blog.

Tales From The Dark Web

Reuters – Analysis: The near impossible battle against hackers [sic] everywhere

Tales Our Take On This Week’s News

Google’s Android Reborn as Network-Hacking Kit

EdgeWave ‘Social Security

Please support our sponsors, as they support The CyberJungle

SpectorSoft

SpectorSoft: IT professionals, Risk Officers, and HR staff have more worries than ever: insider theft, inappropriate communications, inefficient processes, employee investigations, and compliance requirements. These pressing issues demand a reliable, automated, advanced technology capable of showing user, department, and division activity no matter where the users are or what devices they are using. SPECTOR 360, the de facto corporate User Activity Monitoring solution, addresses these issues and meets this demand.

SPECTOR 360 monitors, captures, and analyzes ALL user and user group activity including: email sent and received, chat/IM/BBM, websites visited, applications/programs accessed, web searches, phone calls, file transfers, and data printed or saved to removable devices.

SPECTOR 360 features automated, remote installation of the Windows and Mac clients and requires no client installation on BlackBerry devices.

 

Feb 15, 2011 – Episode 200

Posted in Conference Coverage, Legislation, Show Notes, The CyberJungle with tags , , , , on February 15, 2011 by datasecurityblog

Episode 200 of  The CyberJungle  is 27 minutes long.  You can hear it by clicking on the flash player below. You may download the file directly– great for listening on many smartphones. Or, you may go to the listening options page and browse for other ways to hear the show. The interview is about 8 minutes long and it starts at about the 18:25 mark.

To listen to Episode 200 via the flash player:

Interviews

Simple Physical Security – Without the “security system tax/fee.” We talk with Andrew Saldana with SecurityMan

Tales From The Dark Web

HBGary’s exposed for trying to counter-attack Wikileaks, security institute issues rare request related to counter-counter-attack

Our Take on The Week’s News

No man’s personal identity is safe while the legislature is in session

RSA Conference report: CipherCloud, businesses can encrypt data on popular cloud services like Salesforce.com

RSA Conference report: Invincea has a new technology that combines virtual machine browsers with behavior-based malware blocking.

RSA Conference report: Entersect from South Africa has a very interesting twist to 2-factor authentication.

Ira is at RSA San Francisco 2011. Ira will post reports in Conference Notes. Reports sponsored by LogLogic – The IT Data Management company. Meet Ira in the LogLogic booth #828 during Tuesday night’s RSA pub crawl and drink some Travis Smith’s 510 nano-brew, served fresh in the booth.

Episode 123 – March 27, 2010

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, Exclusive, Show Notes, Vulnerabilities with tags , , , , , , on March 28, 2010 by datasecurityblog

Episode 123 features two interviews, and the show is 72 minutes long.

First — an amazing story about a scareware company that sold hundreds of millions worth of fake antivirus. A big, big, business with offices across the globe, 650 employees, and a tech support operation for the “customers” who bought the fake software. Writer Jim Giles tells the story. Jim’s interview starts about 21 minutes into the show. His article for New Scientist is featured here.

Later in the show – we talk to the Director of Global Electronics Systems Engineering at Ford Motor Company, Jim Buczkowski. Ford has put a firewall between the dashboard, where you jack in with your mobile device, and the car’s computer systems.  The thinking is, if your device is infected,we  wouldn’t want it to cause break failure or something like that! Ford is ahead of the game on this. Ford’s Sync system is multi-functional communication system in the dashboard. Here’s hoping it lives up to its promise. The interview starts approximately 58 minutes into the show.

Our Take on This Week’s News:

Lead story? This article in the U.K.Telegraph touts “typeprint analysis” as as if it were a hot new development, and reports that British researchers are looking for a grant to study it further as a way to monitor whether there are pedophiles online, chatting with the kids. Is anyone else sick of pedophilia and other sex crimes as a frame on which to hang funding requests and tax increases? This article doesn’t read well, and it certainly doesn’t break any technology news. The researchers mention that there are private sector uses for their work. All well and good, particularly since positive ID for banking transactions is among them. So why hide behind the pedophiles?  And why did the reporter not dig deeper into what’s new and different about this use of an established technology?

It’s tax season, and of course, the cybercriminals are focused on whatever preoccupies the rest of us. A new email scam features a fake IRS email notice… which leads to a zeus attack. NOTE TO EMPLOYERS AND I T ADMINS: This could show up in your employees’ inbox as an email from your company…. as in: “we have overcalculated your social security tax, and we need to fix it before April 15.” Or some such nonsense. You should write a memo immediately, alerting employees that they are to ignore any email that induces them to action regarding taxes.

Federal employees have received 12 months probation and community service as punishment for viewing (collectively) 900 confidential passport applications. Nobody appears to have been fired for this. At least the justice department press release doesn’t mention any firings.

Here’s a story we picked up at RSA in San Francisco. Tom Murphy, Chief Strategy Officer of  Bit9,  discusses (among other things) targeted attacks that are narrower than spam, viruses and botnets. They are customized to specific organizations to steal specific information. Bit9 has some free security tools that could help.

CanSecWest hacking contest: The predictions were correct. iPhone fell first (it took 20 seconds). Then Apple Safari. Then IE8 on Windows 7. See references below.

iPhone: http://blogs.zdnet.com/security/?p=5836&tag=col1;post-5846

Apple OSX and Apple Safari: http://blogs.zdnet.com/security/?p=5846&tag=col1;post-5855

Windows7 IE8: http://blogs.zdnet.com/security/?p=5855&tag=content;col2

Nonetheless, your employees will be bringing their new iPads to work. Tony Bradley offers a lot of security questions businesses need to ask. Ask them this week, before the iPad hits the stores. (Tony Bradley is co-author of Unified Communications for Dummies . He tweets as @Tony_BradleyPCW . You can follow him on his Facebook page , or contact him by email at tony_bradley@pcworld.com) .

Security training can be – well – boring. The employees sit in a seminar and listen to abstract descriptions of attacks. And they never get a chance to practice what they learn. So that’s why researchers at Carnegie Mellon University decided to try training that includes “microgames.” Little games employees can play in a few minutes. The objective is to teach them about phishing attacks…. How to discern a “good URL” from a “bad URL.” Then the researchers measured whether the gamers retained the information. And most did. The fun interaction with the phishing lesson made a difference. CMU’s Dr. Jason Hong directed the research. We have posted an interview with him on the conference notes page. His team is marketing their training games now. The company is called Wombat Security.

Virtual Machines – an attractive solution in these times when money is tight. But before you virtualize, update your security plan. Here are some tips from F5 Netorks.

Hate to say we told you so…. Airport worker given police warning for ‘misusing’ body scanner. If by “misusing” you mean “taking a picture of your co-worker as she walks through it.”

March 20, 2010 – Episode 121

Posted in Breach, Conference Coverage, Court Cases, criminal forensics, eMail Security, Exclusive, Show Notes, web server security with tags , , , , , , , , on March 20, 2010 by datasecurityblog

Episode 121 is 70 minutes long. Our interview segment is a major highlight- not to be missed! Patrick Peterson, Cisco Fellow, explains how modern web attacks work, amd why anti-virus and firewalls are failing. The interview is about ten minutes long, and it starts about 22 minutes into the show. You may go to listening options to download the program or find other options to hear the program; or you may stream the program using the flash player below:

Our Take on This Week’s News:

MySpace user data is offered for sale on InfoChimps.org. This lengthy blog post on ReadWriteWeb contemplates the state of “big data.”  PC world reports it, too.

Annual report from the internet crime complaint center (IC3) was released this week. The FBI’s cybercrime investigation unit – which was launched in 2000 — reports that complaints were up 22 percent in 2009 over 2008… and that the loss from all cases referred was more than half a billion dollars… descriptions of top scams start on page 13 of the report.

Madoff’s computer programmers indicted.

Ponemon Institute study on the level of trust in the banks by commercial customesr. A wakeup call to the banking industry: Get serious about Zeus or you customers will walk.

CanSecWest (Canadian Security conference) starts Wednesday: Microsoft’s Internet Explorer 8 will be easily penetrated in the Pwn2Own hacking challenge.

Plus Chmapion hacker Charlie Miller says he has 20 vulnerabilites to bring down Apple Safari browser on Mac OS X.

Hancock Fabrics – Bad guys swap PIN pads at cashier desks. Here’s a letter from the President and CEO of the stores:

Vodafone distributes Mariposa botnet attack.

Remember the former auto dealership employee who hacked the remote communication system and started disabling customer vehicles?   We interview executives from the company that makes the system,  Pay Technologies.  Jim Kreuger and David Ronisky are the co-founders.

Teen hacks code for Walmart public address system, makes racially charged announcement to customers.

Data Security Podcast Episode 79, Nov 16 2009

Posted in Breach, Court Cases, criminal forensics, darkweb, ediscovery, Podcast, Vulnerabilities with tags , , , , , , , , , , on November 16, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* The odds of unknowingly logging onto an ‘evil twin’ of your online banking site is increasing due to new broadband hazards.

* A revised Google Book Settlement was submitted to the courts . It doesn’t address privacy at all.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 79 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 79 of the Data Security Podcast

* Program note about this week’s Conversation:  Ira will have an extended, technical conversation with Pedro Bustamante, Senior Security Researcher with PandaSecurity.  Ira and Pedro will discuss web drive-by downloads and other security issues in a special interview segment that will appear in a separate posting later this week. You can listen to the segment by streaming on this site, on iTunes, or other RSS feeds you use to listen to the Data Security Podcast.

* Tales From The Dark Web: What if you typed in your bank’s web address, but unknown to you, you were taken to an evil twin of your bank, controlled by cyber criminals? Well, the odds of that happening is increasing, due to Domain Name System (DNS)  issues in a significant number of broadband modems and routers.  Many other attacks can use these DNS flaws. Hat tip to the coverage by Robert McMillan of the IDG News Service.

* From Our Take on The News:  Airport security in Saint Louis hassled one guy for half an hour, because he was carrying $4,700 in a cash box, which he placed on the x-ray conveyor belt and subjected to TSA scrutiny, as is required for all carry-on cargo. The money was connected with his (legal) job with Campaign for Liberty. The guy recorded the abusive inquisition on his iPhone. The ACLU sued the TSA. Now the airport security rules have changed. Read the coverage in The Washington Times.

* From Our Take on The News:  A flaw in Adobe Flash has a huge impact on web usage, especially those businesses that use Google Gmail/Google Apps/PHP Discussions, and sites the scores of sites that allow the upload of information to the site.  Mike Bailey, an expert on web application security, has an excellent infosec write up at the Foreground Security blog.  Faster read in Computerworld.

*  From The Wrap:  Revised Google Book Settlement was submitted to the court late Friday night. It doesn’t address privacy at all, even after EFF and other parties submitted a legal brief outlining legitimate fears that Google can track, and is likely to share individual book search information with law enforcement and anyone else who issues a subpoena. Google will retain book-search details, right down to page number and how long you lingered there, for every book you search. Read this account of the revised settlement.

Data Security Podcast Episode 73, Oct 11 2009

Posted in Breach, Business Continuity, Conference Coverage, Court Cases, criminal forensics, darkweb, ediscovery, eMail Security, Legislation, Podcast, Vulnerabilities, web server security with tags , , , , , , , , , , , on October 11, 2009 by datasecurityblog

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Major patching in store this week, due in part to flaws revealed this summer in Las Vegas?

* A fresh look at a Zeus banking attack counter-measure

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 73 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

  • Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
  • GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
  • SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing MagazineData Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
  • DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 73 of the Data Security Podcast

* Conversation:  Ira takes a new look at a counter-measure for the latest wave of Zeus banking attacks in his conversation with Steven Dispensa, CTO of PhoneFactor.

* Tales From The Dark Web: It’s like clockwork…two months after security events BlackHat and Defcon every summer in Las Vegas, we see a surge in patches for attacks that were highlighted at these events.  Microsoft Security Bulletin Advance Notification for October 13th 2009. Security Advisory for Adobe Reader and Acrobat for October 13th 2009, including the CVE number.

* From Our Take on The News:  Danger Will Robinson! Danger!  Update on Danger’s Sidekick Massive Data Loss.  Read the FAQ for tips on trying to salvage your data.

* From Our Take on The News:  Computer Network Denial Of Service Denial

* From Our Take on The News: Twitter shuts down legit security researcher, Mikko Hypponen.  Reports from his blog here, and an update here.

Twitter Shuts Legit Down Security Researchers Account

Twitter Shuts Legit Down Security Researcher's Account