Friday, November 30, 2007

Spybuster's Tip #107 - SpyWare - Instant Education

The Top Ten articles for getting up-to-speed on SpyWare issues
- as picked by the Editor's of TechRepublic

The Anatomy of Spyware
Spyware: Know Your Enemy
Spyware: Securing gateway and endpoint against data theft
Spyware: Determine Your Threat Level ... Enterprise Spy Audit
Best of Breed vs. Suite Anti-Spyware: What's Best for You?
10 things to look for in an anti-spyware application
Have we moved beyond anti-virus and spyware protection software?
Protecting Organizations from Spyware
Spyware Is Everywhere: A Multi-Layered Solution ... Best Defense
Windows Defender in Vista offers built-in spyware protection
Behavior-Based Spyware Detection
Spyware - The Unseen Enemy

Spyware tops list of threats in CompTIA survey

Spyware has become the biggest security threat to organizations, a survey from the Computer Technology Industry Association (CompTIA) has discovered. That's a big change from a few years ago, when spyware was barely even considered a threat. (more)

SpyCam Story #410 - 21st Century O. Henry

India - The International Film Festival found its gravitas with the The Voyeur (which) delved into the current ogre of spycams and surveillance that leaves no room for individual privacy...

Prasanjeet, a computer mechanic ... finds succour from his nondescript life by fantasising about Madhubala, the perfect woman. Soon his fantasy finds a real form as a pretty neighbor moves in next door and seeks his help in settling down.

The electronics geek uses a spycam to fuel his desire and shares the spoils of voyeurism with his friend who happens to be a Muslim. No prizes for guessing where the story heads.

The brutal State steps in and the Muslim is labeled as terrorist while the Voyeur is arrested for something the state excels in: surveillance. (more)

Ex-CIA officer explores morality of spying, Dec. 6

Princeton University - "The Morality of Spying: How Dirty Are We Willing to Get Our Hands?" is the title of a lecture by former CIA official James Olson set for 4:30 p.m. Thursday, Dec. 6, in Dodds Auditorium, Robertson Hall.

Olson served for more than 25 years in the CIA, mostly in clandestine operations overseas. He also was chief of counterintelligence at the agency's headquarters in Langley, Va. (more)

"Calling all Bonds. Calling all Bonds."

Britain's spy masters have come out of the shadows and onto the airwaves as they hunt for new members, sending real-life 007s out on a recruiting drive. ... Voices were disguised on the BBC's Radio 1, one of the most listened to stations in Britain. (more) (audio)

Neat K.I.T.T.

New Zealand - A roving spycam you can access and drive from your cellphone has emerged from a Palmerston North student's honors project.

Massey University engineering student Tom Yu Guan completed his university studies with the Smart Eyes robot - a remote controlled car with a video phone that can be accessed by a second phone anywhere in the world.

Mr Guan said there was nothing on the market with this range or flexibility. The car could be driven and video accessed as long as there was cellphone coverage.

Wellington private investigator Tony Lowe had been involved in surveillance for more than 20 years and said it was a brilliant idea. (more) (more)

"How To Spy On People"

from Forbes Magazine...
...the most pervasive form of electronic surveillance nowadays comes from people you know--your boss, your business competitor, someone on a journalist’s beat, and even your spouse. ... (more) (In Pictures: How They're Watching You) (more)

Spybuster's Tip #106 - Spot Cisco Eavesdroppers

Someone eavesdropping on your Cisco VoIP phone using the previous attack?

Look for these warning signs...
• Speakerphone light is on.
• Display shows off-hook icon.
• Phone makes static noises.

Best practices for securely setting up your Cisco Unified IP Phones may be found here. ~Kevin

Cisco confirms ability to eavesdrop on remote calls using its VoIP phones

Cisco confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones.

In its security response, Cisco says: "an attacker with valid Extension Mobility authentication credentials could cause a Cisco Unified IP Phone configured to use the Extension Mobility feature to transmit or receive a Real-Time Transport Protocol (RTP) audio stream."


Cisco adds that Extension Mobility authentication credentials are not tied to individual IP phones and that "any Extension Mobility account configured on an IP phone's Cisco Unified Communications Manager/CallManager (CUCM) server can be used to perform an eavesdropping attack." (more)

Thursday, November 29, 2007

Ditch the Grid - Black Hole Your Cell - $12.00

If you are concerned about people or governments covertly turning your cell phone 'on' and listening to you behind your back, this is for you!

Smother your mobile in The Black Hole. No one will be able to eavesdrop or know you location. Your phone will become deaf, dumb and blind.

Or, you could just turn your phone off. Ok, pluck out the battery, too. Heck, go all out, a la Unibomber or Clifford Stoll (buy one of his Klein Steins, too). Shun technology altogether! (more)

SpyCam Story #409 - "Dumkoff..."

German police have arrested a 60-year-old landlord after discovering he used cameras and microphones to spy on his tenants for a decade while they bathed and slept.

The man had installed surveillance in the bedrooms, bathrooms and living areas of two flats 10 years ago ... one of his tenants discovered the bugging last week while she was cleaning the flat.

Police suspect he had sexual motives... "Why do you think someone would put a camera in the bathroom -- to see if it was being cleaned correctly?" asked Bavarian police spokesman Ulrich Poepsel. (more)

Wiretapping Just The Start of VoIP's Security Woes

Security experts are once more urging businesses and consumers be wary of wiretapped Voice over IP (VoIP) calls -- as well as the vast number of potentially worse IP telephony vulnerabilities to which they may be exposed.

Last week, U.K. security researcher Peter Cox introduced a proof-of-concept that showed how easily Voice over IP phone calls could be intercepted. Cox, the former chief technology officer and co-founder of security vendor Borderware, successfully captured phone calls over a period of several months with a prototype Session Initiation Protocol (SIP) call monitoring tool.

The demonstration came as only the latest reminder that VoIP is vulnerable to monitoring. But experts warn that wiretapping is only the tip of the iceberg. (more)

SpyCam Story #408 - "Looky here, looky here!"

Sticks out like a sore thumb...
...but, would you notice it?

The buried cable pole camera system is a unique structure that conceals the camera, battery supply, and wireless video transmitter in an enclosure that can be placed in many residential and urban areas without drawing suspicion. This system comes with a Part 15 2.4 GHz transmitter, but can be upgraded to the Part 90 2.4 GHz transmitter for greater range.

Specifications:
• Buried Fiber Optic Marker Pole
• 16mm Black and White Environmental Camera
• 2.4GHz Part 15 Transmitter and Receiver
• Ground Spike for Installing the Pole
• Also available in a camouflage model.
(more)

Alert - Cisco IP Phone Eavesdropping Issue

From FrSIRT...
A vulnerability has been identified in Cisco Unified IP Phone, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error within the Extension Mobility feature, which could allow a attacker with valid Extension Mobility authentication credentials to cause a vulnerable device configured to use the Extension Mobility feature (disabled by default) while the internal web server is enabled (enabled by default) to transmit or receive a Real-Time Transport Protocol (RTP) audio stream. (more)

Translation...
This series of phone can be remotely eavesdropped upon.

Wednesday, November 28, 2007

Alert - The $7.95 Wireless Wiretap

On sale NOW at over 30 Internet shops.

Features: (from web advertising)
• Bug is only the size of a quarter.
• Transmits both sides of a telephone conversation to any FM radio.
• No battery needed.
• Complete with PC Board and Instruction Book
• Do it yourself kit form.
• Makes a great educational project.

When was the last time you had your telephones checked?