After some experiments with posting our new radio show, we return to our classic podcast sound.   If you were a fan of the Data Security Podcast, you will recognize the familiar sound in The CyberJungle from now on. Thanks for enduring the experimental phase.  We tried to edit out portions where the radio station played popular music under our voices.  Legally necessary, but we acknowledge that the result was choppy. There are also certain required live radio elements made the podcast versions longer than they needed to be.

If want the full radio show,   radio station KOH can legally post it and they retain full radio versions of The CyberJungle.  And of course, you can  listen live on Saturday mornings.  If you’re interested in a shorter show with just the meat and potatoes, get it here on our website.

On with the show notes:

Episode 106 is The CyberJungle’s su root interview for the technically advanced listener. Mandiant’s Rob Lee on the APT – advanced persistent threat.  Attacks used to be short-term and removable.  Now they burrow in for months or years, for the purpose of ongoing theft.  Episode 106 is the 30-minute, unedited version.  The short version of the interview can be heard in episode 107.  It starts roughly 40 minutes into the show.

Mandiant allows you to  download a copy of Rob Lee’s report here.

In Episode 107 we discuss the week’s top story – In “Digital Combat, U.S. Finds No Easy Deterrent”

A conference-room war game featuring sophisticated cyberattacks left top military officials perplexed. This article discusses the apparent head-scratching in the Pentagon over how to respond to digital threats to national security. The problem – at least in part – seems that the U.S. government is still using the language of conventional war.  Two things are troubling. First, a gee-whiz quality to this piece suggests that this is the first time the U.S. military is considering these challenges. It’s certainly not, but the portrayal of top military brass as stuck in low gear on this issue is unsettling at best. Second, it muses about an attack on the grid, OR the banking system, OR the emergency communication system.  Doesn’t venture any possibility of a “digital pearl harbor”  featuring these events simultaneously.

We also talked with Peter Eckersly of EFF. He’s heading up a project that measures your computer’s unique configuration…. and calculates whether you’re easy to track (even when you shut off cookies and do the other “prudent” things that should prevent tracking, but don’t). EFF is seeking participants in this analysis. You can get a uniqueness rating ad participate in the experiment. And no, they will not use your computer’s fingerprint for any other purpose.

Our conversation with Peter Eckersly starts about 15 minutes into Episode 107.

Speaking of tracking… the Google Toolbar appears to be spying on you even after you disable it.  No matter what Google says.  Read Ben Edelman’s account of his own exploration of  this matter. Ben says he followed Google’s instructions and found he was still being scrutinized.

More news from the week:

International survey: IT Security managers see disaster looming. The takeaway from this 40-page report, Critical Infrastructure in the Age of Cyber War :  Top management just doesn’t get it.

70 percent of major companies are considering iPhone adoption. A New Era For Corporate Culture: iPhone Use Doubles in the Enterprise Ira would rewrite this headline:  “Likelihood of secure business communication cut in half.”

Latest email scams tap into widespread interest in current events.  Like the one that tells colleagues  “I just wrote an article about the Chinese cyberattack. Hope you like it. Click here. “  The attached PDF file is the Chinese cyberattack.  See this example from and earnest researcher at George Washington University at F-secure.

More email scams – we tried to deliver a package but you weren’t home. Click here for info. The bad guys are using physical addresses to discover email addresses.

Affluent individuals who live ‘the good life’ are 43 percent more likely to be victims.  A survey of ID theft victims who were hit based on activity profiling.

Two episodes this week: Episode 103 is a podcast version of the live radio program.

Episode 102 is our ’su root’ podcast, in-depth technical interviews for the more advanced listener.

Overview of this week’s program.  More detailed notes and links provided below under “show notes.”

*Episode 103 the broadcast- Breaking News:  Do airport checkpoint whole body scanners have logging and auditing to enforce security and privacy policies?  We’re not sure after talking with a representative of one of the companies that makes the machines.  Seems the TSA may not have included an audit function in its specifications.   And, our guest tells us what happened to the “puffer machine” that would have detected the underwear bomber’s chemical payload on Christmas Day.

We also talked with an attorney from EPIC, the organization that sought and won the TSA specification documents revealing that body scanning machines are indeed capable of retaining and transmitting the naked images of the passengers they scan. This is NOT what TSA told the American public.

*Episode 102 (the su root interiews… requires above-average technology background). Click fraud is running rampant… ripping off internet advertisers. A new, more serious attack that not only steals credit for click-through purchases, but hijack’s the end user’s computer. This is a must-listen for marketing, security, and legal personnel. Discussion on the live show, with the full interview online.

*Episode 102 (the su root interviews…requires above-average technology background.) A new user credential – your cell phone calls you for a voice print… and then lets you into your email, bank account, authorizes credit card purchases or VPN remote access. Great idea? We have an exclusive audio interview with the co-founder of the company.

–> Listen This Week’s Show through our Main Site

Show Notes for Episode 103 of the CyberJungle

*ZeroDay Flaw in some versions of Microsoft Internet Explorer (MSIE) web browser.  Microsoft’s TechNet site has posted detailed information about the flaw. If you have not checked your MSIE browser version, do it now. Launch MSIE, find the Help Icon (usually the far right menu/icon, depending on the version of MSIE you are running), and select About Internet Explorer. If you are not running MSIE verson 8, you need to update your browser. Read more here. Update your browser to MSIE 8 here.

* People around the world are searching the web for the latest updates on Haiti earthquake. Members of the Dark Web use major events like this to spread their malicious code. Read more on this attack at the WebSense Security site. Ira mentioned the Google Trends site, a site that tracks hot topics on The Web.

* Samantha had a conversation with Ginger McCall, Esq., with the Electronic Privacy Information Center (EPIC). They talked  about the DHS airport body scanners, and a Freedom of Information lawsuit by EPIC. Read more at this EPIC-sponsored site.

* Samantha and Ira had a conversation Brook Miller, VP with Smiths Detection, the makers of “the puffer” machine, and the whole body scanners.

* Samantha had a conversation with Dr. Kerry Kerry Nemovicher, Ph.D. about “The Human Firewall” event by  InfraGard. This event takes place on Thursday, Jan 21st at Boomtown Casino, in Reno Nevada. This lunch event runs from 11.15am to 1.15pm. $15 donation when you reserve your ticket by Monday at 9:00am, $20 at the door.

Show Notes for Episode 102 of The CyberJungle, an ’su root’ program, in-depth technical interviews and analysis

*Ira has a conversation with Dr. Ben Edelman, from the Harvard Business School, about a new type of online advertising “click fraud” that takes over customer’s computers. Read more on Dr. Edelman’s site. On the main site you can listen to the full, detailed, and technical conversation. Look for the “su root” podcast (Episode 102) on the main site, www.TheCyberJungle.com.

* Ira has a conversation with Steven Dispensa, CTO and co-founder of PhoneTrust, about voice print authentication. On the main site you can listen to the full, detailed, and technical conversation. Look for the “su root” podcast (Episode 102) on the main site, www.TheCyberJungle.com.

Security, Your Privacy, and The Law

On this week’s program:

* Houston DA Tweets the names of people arrested for DUI

* WiFi for passive aggressives

* You won’t believe the password to launch nuclear war

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 101 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive.

Show Notes for Episode 101 of the CyberJungle

* Conversation: Ira and Samantha interview Houston civil rights attorney Randall Kallinen about the Houston Texas-area DA Tweeting the names of those arrested for DUI.

*How Google collects information

*Google Near Me Now application

* Digital piracy hits the book industry

* Mind-reading at the airports

*WiFi for passive aggressive

*Nuclear launch passcodes

*Ransomware – buy back your own files?

*One in ten botnets are engaged in the Zues attack

*Ironkey CEO speaks about the USB crypto flaw

*FTC says FCC needs to consider the dangers of cloud computing

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Bad guys buying services to evade anti-virus

* Special announcement

* Our take on this week’s news

–> Stream This Week’s Show with our Built-In Flash Player (for higher security, stream through FeedBurner, using the hyperlink below):

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 88 – Use Feedburner to listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall. The shows don’t always display on chronological order on Odeo.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Award-winning Sunbelt Network Security Inspector a scalable and effective vulnerability scanner. Windows IT Pro Magazine readers chose SNSI as their Favorite Vulnerability Scanner for two years in a row. Read more here, and contact Data Clone Labs for a test drive .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 88 of the Data Security Podcast

* Tales From The Dark Web: Bad guys buying services evade anti-virus. Brian Krebs (formerly with The Washington Post) does his usual outstanding work on the topic, from his brand new blog. Read more here.

* From Our Take on The News: Body scanning machines; here’s a story from the UK that dismisses their effectiveness in cases where a guy stuffs a chemical explosive in his underwear. (But they are very effective at revealing the other junk in your underwear.) Read more here.

Meanwhile, Logan International in Boston and the Newark Liberty Airport in New Jersey will both get the body imaging machines. (Both were points of origin for the September 11 attacks.) Read more here from The Star Ledger. And read more here from Boston Globe.

* From Our Take on The News: TSA nominee misled Congress about accessing confidential records. Read more here from The Washington Post.

* From Our Take on The News:  How embarrassing! The Chairman of the FCC sends a facebook spam. Read more here from The New York Times blog.

* Special Announcement:  The Data Security Podcast will go LIVE this week as the nation’s first  call-in talk show on security, privacy and the law. You can listen on a web stream or terrestrial radio every Saturday, starting this Saturday, Jan 9th from 10 a. m. until noon Pacific Time.  Be sure to tune into the web stream of KKOH-780am, here is a link to their site, click on the’ Listen Live’ link on the upper right hand corner.

We are changing the name of the show to The CyberJungle. We will keep this site active, and we will keep the current iTunes site active for a while, as we transition to the new name and site.   We will  continue to post our interviews with security experts. The material that’s too technical for the radio will be posted here.

We want to thank all of you for  the support and feedback for the last 18 months. We are grateful that you chose to spend your time with us. Our sponsors have also been very good to us. If you enjoy the show, please try their products, and please let the know you heard about them from us.

A big thanks also to the management of KOH Radio. They “get it,” and we salute them for understanding that the time is right for this show.

KOH Call-In for The New Show

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Is there is a Russian connection to the “Climategate” attack?

* ‘Take Back Your Privacy’ — A new nation-wide effort ramps up

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 84 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 84 of the Data Security Podcast

* Samantha has a conversation with Leslie Harris, president and CEO of The Center for Democracy and Technology. They are a D.C. group launching a consumer privacy campaign. They want to educate consumers, pressure businesses, and push for a new law. Read more at the “Take Back Our Privacy” area of their site.

* Tales From The Dark Web:  What, if any connection is there between Russian and the “Climategate” attack? Read more in the The UK Daily Mail story. And, Adobe to release critical security patches tomorrow .

* From Our Take on The News: SC police academy IT chief nabbed in Web sting;  ‘Accidental’ Download Sending Man To Prison.

* From Our Take on The News:  Department of Defense misses its own deadline for removing social security numbers from military ID cards. Read about it at Stars and Stripes.

* From Our Take on The News: Sprint received 8 million requests from Law Enforcement for GPS location data. EFF is on the case, but this story has a fascinating origin… and an almost instantaneous rebuttal from Sprint. (Which doesn’t deny the 8 million figure, but attempts to give it some context… The company is, of course, a regulated industry stuck in the middle, between the demands of its customers and the demands of congress, law enforcement and FTC… ). Read more at EFF.

* From Our Take on The News: The economics of security advice; a very interesting MSFT research paper, and a related SANS posting. Read more at The SANS Internet Storm Center.

* The Wrap:  Many More Government Records Compromised in 2009 than Year Ago, Report Claims. Read more at databreaches.net .

For Thursday November 19th, and Friday November 20th, we depart from our regular format for those with an advanced understanding of information security technologies.

These two special editions feature technical conversations with newsmakers on new counter measures to fight web drive-by downloads. Part one (this episode) features Pedro Bustamante, Senior Security Researcher with PandaSecurity. Part two will post tomorrow, with an EXCLUSIVE interview with the creators of a new hardware sandbox approach to this vexing security issue.

We will return to our regular format of the latest news on data security, privacy, and the law with Episode 82.  Episode 82 is scheduled to post Sunday night /Monday morning, November 23rd, 2009 at ~12.01am Greenwich Mean Time. That is our regularly scheduled show posting time.

On Episode 80:  InfoSec Conversation with Pedro Bustamante on countering web drive-by downloads.

–> Stream This Special Episode with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 80 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version forFREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 80 of the Data Security Podcast

Ira has an extended, technical conversation with Pedro Bustamante, Senior Security Researcher with PandaSecurity. Ira and Pedro will discuss web drive-by downloads. Here is the link that Pedro mentions in the segment.

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Why are web drive-by downloads proliferating like cockroaches?

* Sixty Minutes just covered a data security story. We rate the coverage.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 78 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 78 of the Data Security Podcast

* Conversation:  Ira talks with Georg Hess, CEO and Co-Founder, Art of Defence, about network scans versus web application scans. OWASP AppSec DC 2009 takes place this week,  November 10-13th, in Washington, DC. The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Their mission is to make application security visible,  so that people and organizations can make informed decisions about true application security risks.

* Tales From The Dark Web:  Our take on the 60 Minutes segment Sabotaging The System:  Could hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal? Be sure to watch this video segment with the highest level non-technical boss in your organization. Also, make sure you, and your non-technical boss watch the “Web Extras” from this segment.  One of the stunning parts of the segment was the claim that private companies are more vulnerable because the companies only care about profit. Unlike government networks, which are more secure (uh?).  If that was the case, how can that be squared against the portion of the segment that revealed that the Feds lost 12TB of data from the DOD, DOE, DOC and possible NASA, in 2007? Where was the profit motive that stopped good security in those organizations? Security expert Robert Graham explores this, and other issues, in this posting: Brazil outage NOT caused by hackers.

* From Our Take on The News:  New open-source voting technology – the developer is looking for jurisdictions to try it for free.  Read the Wired account.

* From Our Take on The News:  A technical overview of the newly discovered SSL vulnerabilities and possible mitigation. Ben Laurie has excellent, technical blog postings about the SSL protocol flaw.

* From Our Take on The News:  Voters hate traffic surveillance cameras — proven in three U. S. cities in last week’s elections. (As if we still need proof.) Great coverage of traffic surveillance and related matters in Maryland. (But the topic is universal).

* From The Wrap:  First iPhone worm found, details at F-Secure.  A how-to for changing the SSH default password in your jailbroken iPhone; one uses a computer connected to your iPhone to change the SSH settings.  Note: If you are not using a jailbroken iPhone, you don’t need to make changes to be protected from this particular attack.

For Thursday November 5th, we depart from our regular format for those with an advanced understanding of information security technologies. This episode is a one-topic special edition, providing coverage of a major man-in-the-middle flaw discovered in the SSL protocol (see, we told you it was for security geeks).

We will return to our regular format of the latest news on data security, privacy, and the law with Episode 78.  Episode 78 is scheduled to post Sunday night /Monday morning, November 8th, 2009 at ~12.01am Greenwich Mean Time. That is our regularly scheduled show posting time.

On Episode 77:  Conversation with Marsh Ray, discoverer of the new SSL flaw

–> Stream This Special Episode Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 77 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version forFREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 77 of the Data Security Podcast

Breaking news with an extended interview with Marsh Ray,  Senior Software Developer and Engineer with multi-factor security company PhoneFactor.

SSL lock engaged, but is the connection secure?

Marsh Ray discovered a major security flaw in the SSL protocol.   SSL is the most widely used encryption protocol on the internet.

Marsh Ray keeps a blog at extendedsubset.com.  He works for PhoneFactor, where you can read more about this vulnerability in SSL.

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Placing an online bet for the World Series? Employees of online betting sites might be selling customer data online.

* Google Book Search: What data is Google storing about readers of online books?

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 76 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 76 of the Data Security Podcast

* Conversation:  Samantha talks with Rebecca Jeschke  of the Electronic Frontier Foundation (EFF). There are lots of privacy objections to the Google book search settlement… EFF is leading the way on the privacy objections. Read about it here. And here’s the legal document filed by EFF… the settlement hearing has been indefinitely postponed.

* Tales From The Dark Web:  Are online casinos leaking information about their customers? Hard to say, as we saw the original web posting about this is only available in the Google Cache. Here is a story from TightPoker.com about the original posting. That story lists the original site at AustralianGambling.au, but the URL should be AustralianGambling.com.au .

* From Our Take on The News:  Lobbyists beware: judge rules metadata is public record. This story also talks about the Google metadata leak.

* From Our Take on The News: A MUST READ – Samantha writes at the ReasonableReporter.com about social engineering and how the technique is used in real life, and in the new movie Law Abiding Citizen:

* Wrap: Ira talked about the launch of Digital Forensics Magazine.

President Obama is annoucing $3.4b in stimulus monies for the “Smart” Power Grid today (see story here).

But, here is part of the story that is not getting much, if any, coverage: What are the security and privacy issues in deploying the Smart Grid and Smart Meters?

While I am not an expert on energy, I am knowledgable on the data security and privacy issues on this topic. This is an issue that could literally impact every citizen and business in the US, and impact the very foundation of the economy.

There are advanced technologies that could truly help secure the delivery of power. There are rules that can be put into place to help protect privacy. But, these items do not appear to be on the agenda today, and get little attention in day-to-day coverage.

Early deployments of the Smart Grid and Smart Meters have not made security and privacy a priority, much beyond lip service.

There will be some very negative outcomes for this program if  security and privacy are not truly “baked in” at the beginning of this next wave of deployments.

Written By: Ira Victor, GIAC G17799 GCFA GPCI GSEC   ISACA CGEIT

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Everyone loves retail gift cards…they are quick and easy for consumers, and for web application “hackers.”

* Some Time Warner cable internet users are vulnerable to serious attacks — when will Time Warner release a fix?

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 75 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 75 of the Data Security Podcast

Time Warner-supplied SMC cable modems: Open for Exploit?

* Conversation:  Ira talks with David Chen of Pip.io with an update on the critical vulnerabilities he discovered in a batch of Time Warner cable modems (made by SMC). TW now acknowledges the flaw, and they have made statements elsewhere that a fix is being deployed. David Chen tells us that as of this past weekend the vulnerabilities remain.  Both David Chen and The Data Security Podcast have attempted to get an update on a fix. Time Warner cable has not replied to written requests from David Chen, or from this program.  David Chen is blogging with recommendation on how he thinks Time Warner Cable could mitigate these flaws… see his latest blog here.

* Tales From The Dark Web: Retail gift cards are potentially vulnerable to attacks. One that jumps out: web application attacks. Read the entire report by Corsaire.

* From Our Take on The News: Jurors are using smartphone from the jury box and the deliberation room – potentially putting trial outcomes into jeopardy.

* From Our Take on The News: Treasury Strategies Sees Possible Bank Failures Due to Fraud Losses

* The Kicker: Long Island Teen Uses Hidden Video to Catch a Thief

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.

* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 74 of the Data Security Podcast

* Conversation:  Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.

* Tales From The Dark Web:  Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out.  If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.

Rogueware with new Ransomware Technology

Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security.  Take note that the malware icon disappears from the computer, and when it does, the attack is in place.  If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:

WNDS-TGN15-RFF29-AASDJ-ASD65
WNDS-U94KO-LF4G4-1V8S1-2CRFE
WNDS-6W954-FX65B-41VDF-8G4JI
WNDS-G84H6-S854F-79ZA8-W4ERS
WNDS-TTUYJ-7UO54-G561H-J1D6F
WNDS-A1SDF-6AS4D-RF5RE-79G84
WNDS-A1SDF-RY4E8-7U98D-F1GB2
WNDS-5SRTS-AEHUF-YA54S-D6F35
WNDS-P9685-4H41A-DSW3A-2R64T
WNDS-2AE32-1VFC2-B6894-G67YU
WNDS-4TS8R-D6F5D-4JH8T-U4JK5
WNDS-FGS5D-649RG-4S53D-412SF
WNDS-452S3-ER00F-TSE35-S8FSD
WNDS-SERFH-2642S-F04SD-64FG1
WNDS-F40SA-1ER5H-4FG5D-F8412
WNDS-5D1V2-XB0D5-JT1TY-97DS3
WNDS-4BGY2-JY4KO-IT98Y-7HJ43
WNDS-G8FB6-1V87S-DRT1S-63SRG
WNDS-HFVDR-9844O-U54DA-5TBSC
WNDS-89OF7-7324R-5SAD4-TG68U
WNDS-JUYH3-24GHJ-HGKSH-FKLSD

* From Our Take on The News:  Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory. 

30 minutes every week on data security, privacy, and the law…..(plus or minus ten)

On this week’s program:

* Polymorphic malware – every time it attacks it has a new signature.

* The balance on your bank account looks find, too bad all your money’s gone.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 72 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 72 of the Data Security Podcast

* Conversation:  Ira talks about a dangerous new twist to the banking attacks Yuval Ben-Izhak the CTO of security company Finjan. Here is the link to the Finjan Report on the new Zeus bank Trojan mentioned in the segment.

* Tales From The Dark Web: Polymorphic malware – every time it attacks it has a different signature.  That means you anti-virus won’t recognize it.  Ira talked about the presentation at ISACA Security and Risk Conference by Stuart Staniford, the Chief Scientist at FireEye.  Read the related Anti-Phishing Working Group paper on the topic.

* From Our Take on The News:  From Wired.com – Probe Targets Archives’ Handling of Data on 70 Million Vets

* From Our Take on The News:  Secure Flight Program by the TSA. EPIC (The Electronic Privacy Information Center) follows the surveillance and profiling of airline passengers. Their most recent post on the TSA “Secure Flight” program was in 2007, when the organization recommended that “secure flight should be grounded” due to privacy concerns. The program is now being expanded to require airline passengers to provide their date of birth when they purchase an airline ticket.  See: http://epic.org/privacy/airtravel/secureflight.html

Reporting from the ISACA Security and Risk Management Conference in Las Vegas, we have breaking security news this morning.

Organized cyber criminals have added a new damaging element to an already viscous cyber attack. Yuval Ben-Itzhak, CTO of Finjan spoke by phone with the Data Security Podcast about a frightening new twist to the surge of bank account stealing Trojan attacks.

First some background: This news program, and other media outlets, have been reporting in the last few months about a wave of bank account Trojans that have been stealing money from small and medium sized businesses, and local governments. Theses well organized cyber criminals have been combining web drive-by attacks, with unauthorized electronic funds transfers. The cyber criminals then use innocent money mules to launder the money. The mules are typically lured into popular “make cash at home” schemes.

A construction company in Maine lost $588,000 from a recent attack, and they are now suing their bank. It’s important to note that while consumers generally have 60 days to “unwind” an unauthorized electronic funds transfer, businesses accounts are only protected if the bank is alerted within 48 hours of an unauthorized transfer. On The Data Security Podcast earlier this week, we interviewed the lawyer representing the construction company that suffered the $588,000 loss, see link below.

The Data Security Podcast can now report a dangerous new element to these attacks. Ben-Izthak tells the Data Security Podcast that Finjin security researchers have seen the cyber criminals actually alter the “account view” online screens that a victim sees. Of course the altered screen views do not show suspicious transactions. This means that a business will probably lose the chance to catch unauthorized transactions within the 48 hour window.

Here’s the process – The business uses a computer(s) to do online business banking, and uses that same computer to do web activities, email, and other standard business internet tasks. The attackers use those normal internet activities to plant a version of Zeus banking Trojan onto the business computer systems. These attacks are designed to by-pass most firewalls and many popular anti-virus programs.

The Trojan captures log-in info, challenge question/answers, and account numbers, right from the business computer systems…all the info the criminals need to conduct unauthorized electronic funds transfers.

Here’s the new twist: The attackers are now altering the web screens that display business account information. The bank’s computers are not altered, but rather the business customer’s view of their own accounts, as seen from their own computers. This is known in security-speak as an integrity attack: when authorized persons are unable to trust the accuracy of their own information

Ira Victor, Co-Host of The Data Security Podcast, is covering the ISACA Las Vegas Conference and had an exclusive sit-down interview with well-known data security researcher and penetration testing expert ‘Famous Peter Woods’ (as he is known), about this new attack.  Peter Woods is the COO of First Base, a security company in the UK.  Mr. Woods is also a keynote speaker at the conference.

Peter Woods characterized this new variation of the Zeus bank Trojan “as a disaster.”  Mr. Woods recommended that business engage is a serious round of new user awareness training. When we asked Mr. Woods about technical counter-measures the banks could undertake, he questioned the willingness of many banks to invest in counter-measures that would truly be effective against these types of attacks. He thought that many banks would be more likely to add new legal disclosures in an attempt to indemnify themselves from financial loss.

Indeed, some banks are now putting new warnings on their web sites that encourage customers to “update anti-virus” and to “update system-patches.” Other speakers at the ISACA conference in Las Vegas generally agree that while that those measures are good for stopping certain attacks, they are mostly insufficient to thwart these newer types of attacks.

In Data Security Podcast Episode 71, Samantha Stone has an eye-opening interview with the attorney of the Maine construction company that lost $588,000 in a cyber attack, and is suing their bank. The cause of action? The plaintiff claims the bank breached it fiduciary duty when it failed to protect against the loss of the $588,000.  We suspect that a variant of  the Zeus banking Trojan attack was used to steal the money.

Be sure to listen to subscribe to our RSS feed and listen Data Security Podcast Episode 72. When that show posts, it will include our interview with Yuval Ben-Yitzhak of Finjan. Here is the link to the Finjan Report on the new Zeus bank Trojan.

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* Full access to anyone’s Facebook account for $100?

* Update on confidential data case in Maricopa County, AZ

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 70 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 70 of the Data Security Podcast

* Tales From The Dark Web:  According to a PandaLabs report, for $100, members of the Dark Web will provide you with the password on any Facebook user.  What else are they doing with the data?

$100 for a Facebook User's Password?

* From the News:  The SANS Institute releases The Top Cyber Security Risks report.  It’s a must read .

* From the News: An Ohio children’s hospital experienced a data breach when man tried to spy on ex-girlfriend using malware. Excellent coverage by Robert McMillan of IDG News Service.

*  From the News:   According to a new study: eCommerce Merchants “…Can Convert 11% More Digital Window Shoppers by Adding Security Trustmarks”

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* Beware the non-delivery email notice – it might really be an attack.

* Apple has added an anti-phishing feature to the new iphone but few people have been able to get it to work right.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 69 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 69 of the Data Security Podcast

*  Ira talks with Michael Sutton, vice president of research at Zscaler about issues with the new Apple iPhone anti-phishing feature in Safari for the iPhone.  Read the details on how to fix this issue in this LoopInsight.com posting.

* Tales From The Dark Web: 2000% rise in non-delivery report spam, according to a PandaLabs report.

* From the News:  Brian Mastenbrook: How I cross-site scripted Twitter in 15 minutes, and why you shouldn’t store important data on 37signals’ applications. Update: Response from 37signals, including a change in their policy. Also, check out ReportSecurityFlaws.com .

* Topics From the News:   Tracking employee internet usage;  iPhone man in the middle SSL attack;  Should public officials be banned from using Blackberry PIN-to-PIN, and other text messages during hearings?

Wrap: iPhone 3.1 breaks Exchange Sync for pre-3GS phones from the discussion boards of DSL Reports.

iPhone Exchange Headaches?

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* New attacks against business bank accounts…. an earth-shaking recommendation from the banking industry.

* Hackers say they are gearing up for winter attacks – according to a survey of hackers at DefCon 2009.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 68 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 68 of the Data Security Podcast

*  Ira talks with Michael Hamel, Chief Security Architect, with Tufin Technologies, about the survey of hackers he crafted for DefCon 2009. We cover:  Hackers Take a Break This Summer Before Winter Hacking Spike, and importantly, counter-measures to get prepared.

* Tales From The Dark Web: New attacks against business bank accounts…. an earth-shaking recommendation from the banking industry.

* From the News:   WPA WiFi encryption can now be cracked in one minute, according to new research.  Terms in the story:

WPA:  Wi-Fi Protected Access

WPA -TKIP: WPA with Temporal Key Integrity Protocol for encryption

WPA-AES:  WPA with Advanced Encryption Standard for encryption

WPA2:  Second Generation WPA encryption

WEP:  Wired Equivalent Privacy

Take-Away: WPA-TKIP and WEP is bad, um-kay? WPA-AES and WPA2 is good, um-kay?

* From the News:  Federal Web Site Collects Data on Stimulus. We report: Whose minding the security of the data?

* From the News:  Stealth-Laptop Bag

Stealth Laptop Case

Wrap Up Story:    Is Federal InfoSec License Key To ‘Net Control?

30 minutes every week on data security, privacy, and the law…..(plus or minus five)

On this week’s program:

* The security lessons from Heartland data breach – what the newscasters didn’t tell you. Details on our Tales from The Dark Web segment.

* What if you discovered a web security flaw and their customer service staff ignored your alerts? An exciting announcement about a project to address this problem.

* Our take on this week’s news.

–> Stream This Week’s Show with our Built-In Flash Player:

–> Scroll down to see links and show notes for this week’s show

–> Stream, subscribe or download Episode 67 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 67 of the Data Security Podcast

* EXCLUSIVE: Ira talks with Russ McRee of HolisticInfoSec.org about major security issues. This conversation  project, ReportSecurityFlaws.com .

* Tales From The Dark Web: What the other newscasters didn’t talk about with the news of an indictment of the Heartland / TJMaxx / 7-11 attacker, Albert Gonzales.

*From the News:  Web app attacks lead to possible breach of Law Enforcement data

*From the News:  SQL Injection Dymisytified – A look at the attack and how to protect your applications from it

* From the News:  Report by the Commission to Assess the Threat to the United States from Electromagnetic Pulse (EMP) Attack

* From the News:  Cyber-Ambulance Chasing (Can’t we think of another way to accomplish this?)

Unspam Technologies filed a “John Doe” lawsuit in federal court against cybercriminals who have been targeting banks. The unfortunate bank customers are now caught between the devil and the deep blue sea. Unspam’s suit seeks confidential account information from the financial institutions, as part of its strategy to track down the hackers.

Here’s the money quote from the coverage in the New York Times:  Even though Unspam’s lawyer “concedes he is unlikely ever to discover the names of the hackers… he hopes to get the details of the thefts, the names of victims and other information from the banks that can be used to improve security and possibly identify the hackers.”

We’re not sure we like this strategy. Who’s next? Shall we force insurance companies to cough up individual medical records in order to prosecute hospital ID theft?

Read the story by Saul Hansell in the New York Times.

* Wrap: Vanishing eMail