FREE Security "Green" Papers on Laptop, Mobile Phones & Storage Devices

IT Governance is a supplier of corporate and IT Governance related books, toolkits, training and consultancy. They offer a wealth of knowledge and experience. 

Their Green Papers contain information and guidance on specific problems and discuss many issues. Here are two just published this month...

Technical Briefing on Laptop and Mobile Storage Devices

Technical Briefing on Mobile Phones and Tablets

About two dozen more may be found here.

Free - Computer Security Tools Book

"Open Source Security Tools: A Practical Guide to Security Applications"

Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses.

Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. Seasoned security expert Tony Howlett has reviewed the overwhelming assortment of these free and low-cost solutions to provide you with the “best of breed” for all major areas of information security.

By Tony Howlett. Published by Prentice Hall. Part of the Bruce Perens' Open Source Series.

Offered Free by: informIT

A 600-page PDF, written in 2004, which still contains useful information.

"Hey kids, hack it for your Uncle Sam!"

Bored with classes? 

Carnegie Mellon University and one of the government’s top spy agencies want to interest high school students in a game of computer hacking.

Their goal with “Toaster Wars” is to cultivate the nation’s next generation of cyber warriors in offensive and defensive strategies. The free, online “high school hacking competition” is scheduled to run from April 26 to May 6, and any U.S. student or team in grades six through 12 can apply and participate.

 

David Brumley, professor of computer science at Carnegie Mellon, said the game is designed to be fun and challenging, but he hopes participants come to see computer security as an excellent career choice. (more)

P.S. Registration is now open!

Free Stuff Alert: Encryption / Compression Program

Sophos Free Encryption
reviewed by Matthew Nawrocki
 
Product Information:
Title: Sophos Free Encryption
Company: Sophos Ltd.
Product URL: http://www.sophos.com/en-us/products/free-tools/sophos-free-encryption.aspx
Supported OS: Windows 2000, XP, Vista, 7 and 8
Price: Free
Rating: 5 out of 5
Bottom Line: Sophos delivers an excellent freeware utility for securing document files with sensitive data inside AES encrypted archives. The software is easy to use and offers nice features to boot.

Sophos Free Encryption is a tool that works like a zip program, but with the added aforementioned encryption, which is AES-256-bit for good measure. Digging a bit into this product, I noticed a few niceties that the competition doesn’t really have in the security department, namely in how it handles passwords and the self-extracting archive feature. For a free tool, this beats its competitor SecureZIP by PKWare, which actually costs money to do the same thing. (more)

Also available... FREE Data Security Toolkit ~Kevin

Security Director Alert: Free Anti-Theft Tracking for PC & Phone

Prey, an open source, cross-platform anti-theft tracker that lets you keep track of all your devices easily in one place. Whatever your device, chances are Prey has you covered as there are installers available for Windows, Mac, Linux, Ubuntu, Android, and iOS.

Prey is easy to use. First off, you download and install the right version for your hardware. Then, after you've created an account and got it set up the way you want, you can forget about it until the day that your device is lost or stolen.

As soon as you discover that your hardware has been lost or stolen, you can activate prey by logging into your account and select the device 'missing-in-action'. Then, Prey's servers send a signal to the device -- either over the Web or with a text message -- that kicks Prey into action, gathering information such as location, hardware details and network status information. You can also capture screen shots, take pictures with the forward-facing camera, and even lock the system down to prevent further intrusion.

Prey offers a free, unlimited, 3-device account for anyone wanting to give the software a try. There are also premium account options that increase the device limit and add features such as automated deployment and full SSL encryption of all gathered data.
 
Putting a mechanism in place for recovering your lost or stolen hardware before the worst happens gives you a fighting chance of being able to find your hardware, or at worst, keep your data away from prying eyes. (more)

Note: My testing revealed one possible glitch. If your device does not have GPS capability (laptop, for example), the location being reported may belong to a service provider's IP address. In my case, the local phone company's DSL lines terminate in a town about 30 miles away. Otherwise, the system works great. No reason not to have this capability. ~Kevin

'Spy News from New York' shows off NYC

New York in stunning 360 degree detail — A photographer has created a stunning interactive image of New York, giving a detailed 360 degree tour of Manhattan.

Click to enlarge.

Sergey Semenov, a Russian, created the image by stitching together thousands of photographs of the city, taken during helicopter tours in 2011.
The interactive graphic has also been "flattened" to create a detailed 2-D image, focused on Central Park and its surrounding skyscrapers.
Mr Semenov won the best amateur award from the International Pano Awards, given out for panoric photographs, for the 2-D image. (more)

Tip: Be sure to click the 'view full screen' link for a spectacular helicopter ride around New York City, without the helicopter.

Apps for Investigators - Takes the legwork out of finding the most useful investigative tools

There are hundreds of thousands of apps out there, but only a select few are truly useful to the private investigator, private detective and law enforcement professional. 

You will find those apps at a new web site called Apps for Investigators.

David Ziegler has done the legwork of testing and evaluating apps for iphones, Androids, Blackberrys and ipad and other tablets. 

The web site lists apps that save investigators time and money, and assists them in the field. A small sampling may be may be seen immediately, and getting to the gold mine requires a simple log-in.

Need to know about new investigator-vetted apps more quickly? Follow Dave on Twitter.

Talk Like A Spy with Throw-Away Phone Numbers

Spybusters Tip # 723: The new Burner app for iPhone generates throw-away phone numbers, which can be used for undercover operations or by those who simply prefer a deep layer of privacy.

With Burner, users can create multiple new phone numbers for a day, a week, a month, or longer, and manage all inbound calls, SMS messages, and voicemails for each number. Once you are finished with the number, you can "burn" it by taking it out of service and wiping it from your phone, as if it never existed.

Each number is a separate line within the iPhone, which can be redirected to your main mobile number, or go straight to voicemail, according to the Burner app blog...

Android users may not yet have access to Burner, but they can shield themselves from unwanted calls with the White Pages' new Current Caller ID app, which provides a directory of information about the incoming call.

When your phone rings, it will display details about the caller's recent social updates and check the weather where they are. The feature is also available for SMS texts. Even if you're not interested in the bells and whistles, the app also provides stripped-down caller ID information.

The White Pages app is available for free download in the Google Play store. (more)

Apps: Know Your Rights & Protect Your Rights

Reporters Committee FirstAid app

The Reporters Committee FirstAid app was designed to help journalists who need quick answers to legal issues that arise while covering the news. It is meant as a quick solution during an urgent situation, such as when a judge or other official is keeping you from a hearing or a meeting, or a police officer is threatening you with arrest.

FirstAid also provides quick access to their hotline for any media law issues, either by phone or email. 

Click to enlarge.

The Reporters Committee and this app are available for journalists of all varieties, whether you work for a national news organization or a neighborhood news blog. They never charge for our assistance. (more)

Android app allows citizens to record and store video and audio of police encounters, includes guide to citizens’ rights  

Citizens can hold police accountable in the palms of their hands with “Police Tape,” a smartphone application from the ACLU of New Jersey that allows people to securely and discreetly record and store interactions with police, as well as provide legal information about citizens’ rights when interacting with the police.




The Android “Police Tape” app records video and audio discreetly, disappearing from the screen once the recording begins to prevent any attempt by police to squelch the recording. In addition to keeping a copy on the phone itself, the user can choose to send it to the ACLU-NJ for backup storage and analysis of possible civil liberties violations.

A version awaiting approval from Apple will be available later this summer in the App Store for iOs to audio record encounters with police. (more)

Free Security e-Book of the Week

FREE book: Fundamentals of Media Security (110 pages)

The most interesting chapters...

• Steganography

• Digital Watermarking

• Digital Scrambling

• Digital Surveillance  

Enter your email address in #1. (The other three questions are benign.) The ebook will download as a pdf.

How much information about yourself are you putting online?

As a business owner, you are doubly responsible in safekeeping the information you put online. But before you can protect you business data, you need to learn to protect your personal data first.

Read the Trend Micro Digital Lifestyle e-guide, Be Privy to Online Privacy, and be a better informed digital citizen.

You’ll learn:
How online advertisers are tracking your browsing behavior,
The consequences of what you post in your social media.
How mobile apps can access the information stored in your mobile device, if you allow them.

Irony Alert: You'll have to give up some information about yourself to get it. ~Kevin

Is this Web Site Malicious?

Special thanks to Lenny Zeltser...

Several organizations offer free on-line tools for looking up a potentially malicious website. Some of these tools provide historical information; others examine the URL in real time to identify threats:

• AVG LinkScanner Drop Zone: Analyzes the URL in real time for threats
• BrightCloud URL/IP Lookup: Presents historical reputation data about the website
• Cisco IronPort SenderBase Security Network: Presents historical reputation data about the website
• G-Data MonkeyWrench Beta: Analyzes the URL in real time for threats (about)
• F-Secure Browsing Protection: Presents historical reputation data about the website
• Finjan URL Analysis: Analyzes the URL in real time for threats
• KnownSec: Presents historical reputation data about the website; Chinese language only
• Norton Safe Web: Presents historical reputation data about the website
• ParetoLogic URL Clearing House: Looks up malicious sites discovered using a web honeypot; registration required
• PhishTank: Looks up the URL in its database of known phishing websites
• Malware Domain List: Looks up recently-reported malicious websites
• MalwareURL: Looks up the URL in its historical list of malicious websites
• McAfee Site Advisor: Presents historical reputation data about the website
• McAfee TrustedSource: Presents historical reputation data about the website
• Trend Micro Web Reputation: Presents historical reputation data about the website
• Unmask Parasites: Looks up the URL in the Google Safe Browsing database
• URL Blacklist: Looks up the URL in its database of suspicious sites
• URL Query: Looks up the URL in its database of suspicious sites and examines the site's content
• URLVoid: Looks up the URL in several website blacklisting services
• vURL: Retrieves and displays the source code of the page; looks up its status in several blocklists
• Web of Trust: Presents historical reputation data about the website; community-driven
• Wepawet: Analyzes the URL in real time for threats
• Zscaler Zulu URL Risk Analyzer: Examines the URL using real-time and historical techniques

Draw Cubby and Become a Police Sketch Artist... for FREE

"Cubby" is the guy who just mugged you.

Now, you can draw him for the police!

SketchFace, created by Ali Daneshmandi, is an incredible free web application for creating a photo-realistic facial composite pictures. 

Be warned. You will probably blow the rest of your weekend playing with this. ~Kevin

Ali's amazing story...

Cubby

I started to learn using computer when I was 18 by learning Photoshop! Yes, I didn’t know how to use computers but I’d wanted to learn Photoshop :D . There was no one around me to help me on that. So I started by myself by trial and error besides reading Photoshop Help. This made me a self learner later on... I am a continue learner who is always anxious to create great and cool user experiences.

FREE - Mobile Security V6.0 - Android Security Software

Now available as a free download, Mobile Security V6.0 offers Android users several new features to protect their privacy and financial information, as well as significant improvements to the user interface.

Mobile Security 6.0 detects and deletes viruses, malicious URLs, and other threats before you even know they exist. With newly enhanced features including GPS-based anti-loss/theft features, backup and restore tools for your contacts, complete privacy protection, traffic monitoring, and more...
 
Version 6.0 includes the following features that enhance the already extensive capabilities of 5.0:

Anti-eavesdropping protection: With anti-eavesdropping, users can be sure their calls are not being recorded by third party apps or viruses.

Financial security protection: When users access financial websites via their system browser or start e-bank/securities apps, NQ Mobile Security V6.0 automatically scans all running apps to determine if any active apps pose a security risk.

Mobile Security: Fights malware, spyware, phishing, viruses, hacking, and more.

Privacy Protection: Protects the data stored on your phone, ensuring that your social networking, email, and financial accounts can't be hacked and your personal calls can't be recorded.

Anti-Theft/Anti-Loss: Remotely locates, locks, or deletes information from a lost or stolen mobile device, and sounds an alarm to help you find it.

Backup and Restore: Safely and seamlessly stores your contacts so you can easily access them from any Web browser.

System Optimization: Provides control over running apps and power consumption.

Traffic Monitoring: Provides real-time updates on data usage and caps on maximum data usage.

NQ Mobile Security V6.0 for Android can be downloaded for FREE at: http://www.nq.com/mobilesecurity or from the Android Market. (more)

Security Director Alert: USB Trouble Sticks

• Memory sticks given as gifts or promotional items may contain spy software (possibly unbeknownst to the giver).

• “Found on the ground” USB sticks are risky. They may have been planted for you to find. Never plug one into a computer to see what is on it. It may contain a destructive virus or keystroke logger.

• Unsecured memory sticks are easily stolen or copied. They may still contain valuable information, even if “erased”. Always secure these data storage devices. In a business setting, the data on the device should be password protected and encrypted. The most extreme example of this seen to date is the Cryptek...

An encrypted USB memory stick with Da Vinci Code chastity belt!

This is what you want your executives to carry! (coming soon) 

You can also make your own “cryptstick” using Murray Associates instructions.

USB Memory Stick Security Checklist

• Create a “no USB sticks unless pre-approved” rule.
• Warn employees that a gift USB stick could be a Trojan Horse gift. 
• Warn employees that one easy espionage tactic involves leaving a few USB sticks scattered in the company parking lot. The opposition knows that someone will pick one up and plug it in. The infection begins the second they plug it in.
• Don’t let visitors stick you either. Extend the “no USB sticks unless pre-approved” rule to them as well. Their sticks may be infected.

Harassment Stick
The new Devil Drive elevates the office prank to a new level of sophistication. It looks like a regular USB thumb drive, but it’s actually a device of electronic harassment. The Devil Drive has three functions:

• It causes annoying random curser movements on the screen.
• It types out random phrases and garbage text.
• It toggles the Caps Lock.
Just be aware of it should you hear complaints along these lines.

Chameleon Sticks
Some USB memory sticks have alter egos. They may look like simple memory sticks, but they are actually voice recorders or video cameras. Keep an eye out for these devices at business meetings.

Extra Credit

• Lock out USB ports
• More USB security tips

The USB stick problem is only one business espionage vulnerability. There are hundreds more. When you are ready to fight back, contact counterespionage.com

Security Alert: Check Your Computer for Ghost Click DNS Settings (FREE)

Trend Micro and the FBI announced the dismantling of a criminal botnet, in what is the biggest cybercriminal takedown in history. 

This concerted action against an entrenched criminal gang is highly significant and represents the biggest cybercriminal takedown in history. Six people have been arrested through multinational law enforcement cooperation based on solid intelligence supplied by Trend Micro and other industry partners. more than 4 million victims in over 100 countries have been rescued from the malign influence of this botnet and an infrastructure of over 100 criminal servers has been dismantled with minimal disruption to the innocent victims.

If you are worried that you might have been a victim of this criminal activity, the FBI have made an online tool available which will allow you to check if your DNS server settings have been tampered with.

First you will need to discover what your current DNS server settings are:

On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.

On a Mac (yes they can be victims too), click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.

FREE: You can check to see if these addresses correspond to servers used by the criminals behind Operation Ghost Click by using this online tool provided by the FBI, simply enter the IP addreses, one by one and click the “check ip” button. (more)

Worth checking. I did. Fortunately, no problems. ~Kevin

Foreign Spies Stealing US Economic Secrets Report Released (FREE)

The Office of the National Counterintelligence Executive (ONCIX) Report: "Foreign Spies Stealing US Economic Secrets in Cyberspace - Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011" has been released.
Foreign economic collection and industrial espionage against the United States represent significant and growing threats to the nation's prosperity and security. Cyberspace—where most business activity and development of new ideas now takes place—amplifies these threats by making it possible for malicious actors, whether they are corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect.

Pervasive Threat from Adversaries and Partners:
Sensitive US economic information and technology are targeted by the intelligence services, private sector companies, academic and research institutions, and citizens of dozens of countries.

• Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC cannot confirm who was responsible.

• Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.

• Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.

Outlook:
Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security. The nature of the cyber threat will evolve with continuing technological advances in the global information environment.

Free Likejacking Prevention — Plug-In for Firefox, Google Chrome and Safari

ThreatLabZ, the research arm of Zscaler, released a free tool to combat the biggest threat on Facebook -- Likejacking.

Called Zscaler Likejacking Prevention, it was developed for the sole purpose of helping consumers stop being further victimized.

This popular attack leverages clickjacking to trick users into "Liking" a fake video, survey or web link, propagating the scam further as it spreads virally from one person to their network, and on to their networks’ networks, and so on. (download) (more)

Free Mobile Phone Threat Report

Free Mobile Phone Threat Report

Click on illustrations to enlarge...

Free Mobile Phone Threat Report

Prepared by Lookout, "a smartphone security company dedicated to making the mobile experience safe for everyone."

Get in on the laptop privacy survey - Get free privacy software!

Oculis is running a mobile worker privacy survey to collect useful data about attitudes and experiences with display privacy. Their thesis is that display privacy is a significant security industry issue and that most people have strong but unfulfilled desires for a more private experience. They intend to use the results of the survey to generate new awareness with the press, and to answer typical customer questions about why end users need PrivateEye or Chameleon.

Take the survey and you receive a FREE license for their PrivateEye screen protector, a very cool piece of software that alerts you to shoulder surfers, and blurs your screen when you are not looking at it. How? The secret is your computer's camera. It watches your back and recognizes your face! (FAQs)

The survey link is: https://www.surveymonkey.com/s/OculisPrivacySurvey

Here are the preliminary results from a few selected questions: