Security Director Alert: Free Anti-Theft Tracking for PC & Phone

Prey, an open source, cross-platform anti-theft tracker that lets you keep track of all your devices easily in one place. Whatever your device, chances are Prey has you covered as there are installers available for Windows, Mac, Linux, Ubuntu, Android, and iOS.

Prey is easy to use. First off, you download and install the right version for your hardware. Then, after you've created an account and got it set up the way you want, you can forget about it until the day that your device is lost or stolen.

As soon as you discover that your hardware has been lost or stolen, you can activate prey by logging into your account and select the device 'missing-in-action'. Then, Prey's servers send a signal to the device -- either over the Web or with a text message -- that kicks Prey into action, gathering information such as location, hardware details and network status information. You can also capture screen shots, take pictures with the forward-facing camera, and even lock the system down to prevent further intrusion.

Prey offers a free, unlimited, 3-device account for anyone wanting to give the software a try. There are also premium account options that increase the device limit and add features such as automated deployment and full SSL encryption of all gathered data.
 
Putting a mechanism in place for recovering your lost or stolen hardware before the worst happens gives you a fighting chance of being able to find your hardware, or at worst, keep your data away from prying eyes. (more)

Note: My testing revealed one possible glitch. If your device does not have GPS capability (laptop, for example), the location being reported may belong to a service provider's IP address. In my case, the local phone company's DSL lines terminate in a town about 30 miles away. Otherwise, the system works great. No reason not to have this capability. ~Kevin

Van Eck Grown Up - Time to look at eavesdropping on computer emissions again.

1985 - Van Eck phreaking is the process of eavesdropping on the contents of a CRT or LCD display by detecting its electromagnetic emissions. It is named after Dutch computer researcher Wim van Eck, who in 1985 published the first paper on it, including proof of concept.[1] Phreaking is the process of exploiting telephone networks, used here because of its connection to eavesdropping.

2009 - A simple experiment showing how to intercept computer keyboard emissions. 

It is notable that there is: 
• no connection to the Internet; 
• no connection to power lines (battery operation); 
• no computer screen in use (eliminates the screen emissions possibility); 
• and no wireless keyboard or mouse. 
Intercepted emissions are solely from the hard-wired keyboard.

The interception antenna is located about one meter away. (This is why we look for antenna wires under desks, and metal parts on desks to which wiring is attached.) 
(video 1) (video 2)

The point is, if one can get an antenna withing close proximity of your computer, what you type belongs to them.
 
December 2012 - Not satisfied with pulling information from your keyboard, injecting information becomes a concern (pay attention investment firms).

"The roughly half-dozen objectives of the Tactical Electromagnetic Cyber Warfare Demonstrator program are classified, but the source said the program is designed to demonstrate ready-made boxes that can perform a variety of tasks, including inserting and extracting data from sealed, wired networks.

Being able to jump the gap provides all kinds of opportunities, since an operator (spy) doesn’t need to compromise the physical security of a facility to reach networks not connected to the Internet. Proximity remains an issue, experts said, but if a vehicle can be brought within range of a network, both insertion and eavesdropping are possible." (more)

2013 is going to be an interesting year. ~Kevin

Spy College... for your 21st Century careers

At the University of Tulsa school, students learn to write computer viruses, hack digital networks and mine data from broken cellphones. Many graduates head to the CIA or NSA.

Stalking is part of the curriculum in the Cyber Corps, an unusual two-year program at the University of Tulsa that teaches students how to spy in cyberspace, the latest frontier in espionage.

Students learn not only how to rifle through trash, sneak a tracking device on cars and plant false information on Facebook. They also are taught to write computer viruses, hack digital networks, crack passwords, plant listening devices and mine data from broken cellphones and flash drives.

It may sound like a Jason Bourne movie, but the little-known program has funneled most of its graduates to the CIA and the Pentagon's National Security Agency, which conducts America's digital spying. Other graduates have taken positions with the FBI, NASA and the Department of Homeland Security. (more)

Security Director Alert - BYOD is way different than BYOB - Time to learn.

BYOD is an acronym the IT folks are using. It means Bring Your Own Device; the security process for allowing employees to use their personal electronics at work without jeopardizing company information or compromising the networks.

While IT continues to munch your lunch, take a moment to oversee their efforts. You have valuable insights to contribute. The last thing you want is to be left out of your own game. In fact, the security department should be the leader here, with IT carrying out your marching orders.

FREE Quick Study...
"Bring Your Own Device is here to stay. Don't be a lamb led to the slaughter, instead lead your users to the promised land of mobile device management.

1. Thou Shalt Allow BYOD
The rapid proliferation of mobile devices entering the workplace feels like divine intervention to many IT leaders. It's as if a voice boomed down from the mountain ordering all of the employees you support to procure as many devices as possible and connect them to corporate services en masse. Bring Your Own Device (BYOD) was born and employees followed with fervor."

You can download the full version here... The Ten Commandments of BYOD It is an easy read, and provides a logical roadmap for instituting BYOD.

Of course, nothing is really FREE. You will be asked for your name, email, etc. I did it and found the trade-off worthwhile. Within minutes I received a polite email... "My name is John Kerestus Account Executive here with Fiberlink MaaS360..." with an offer to see a demo. Impressive response.

Other companies who offer BYOD solutions also provide "free" education. Do comics get the point across better than white papers and webinars? You decide...
• White Paper 1
• Webinar
• White Paper 2
• White Paper 3 
• White Paper 4

Have a wonderful weekend, find a cozy restaurant, and BYOB. ~Kevin 

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Security Alert: Conference room reservation system - Arrive® InfoPoint™

Affected Murray Associates clients can receive special attention due to our working relationship with DigitalSecurus.

DigitalSecurus has discovered that some touch screen smart devices for conference rooms have arrived in the United States infected with a computer virus/malware (malicious software).

The infection was discovered during a recent investigation into suspicious activity on a network belonging to a DigitalSecurus client. Further analysis in a lab environment by DigitalSecurus revealed a variant of the malware known as “Downadup/Conficker” virus in unopened InfoPoint AI-101 touch screen computers. DigitalSecurus contacted the manufacturer of the device, Arrive Systems, and has been working with them closely to investigate the circumstances surrounding the infection.

This malware is particularly dangerous to a network environment as it will attempt to spread itself to other computers. The virus also attempts to communicate with unauthorized computers on the Internet, possibly allowing unauthorized access to corporate files and other sensitive data.

The infection appears to have been installed onto the devices prior to shipping into the United States...

Companies using the InfoPoint AI-101 devices are advised to consider removing them from their network until they can be properly analyzed, made harmless, and patched with software updates. For further instructions on specific steps that can be taken users are encouraged to contact the manufacturer, Arrive Systems, at this link.

DigitalSecurus is an Alaskan based network security consulting firm that provides computer security consulting, analysis, forensics, security training, and computer incident response to corporations and organizations in the United States.

Outdated Law Clouds Wi-Fi Eavesdropping Privacy Rights

If you don’t protect your Wi-Fi connection with a password, does that mean it’s legal to tap your Internet and monitor what you’re doing?

The key part of the federal anti-wiretap law was written in the 1980s, long before anyone contemplated using Wi-Fi networks, so the answer isn’t clear. In fact, legal experts say, it’s possible that how well you’re protected by the law would depend on what channel your Wi-Fi router is set to. (more) (spybusters link)

Silent Circle is Coming - Guess who won't be pleased.

Silent Phone, Silent Text, Silent Mail, and Silent Eyes - are all neck deep in final tweaks and we have to say, they are even better than we expected! We plan to go live September 17, 2012. 

Click to enlarge.

Each Silent Circle subscriber will receive a personal phone number and of course all calls within the Circle are 100% free worldwide. 

We've even added on a Secure Calling Plan option to allow Silent Circle subscribers to communicate with people outside the Circle. Get them in the Circle and you'll be secure end to end. (more)

Who is the mastermind behind this audacious foray into total privacy? Who is the stick-in-the-eye of eavesdropping and wiretapping? 

Click to enlarge.

None other than our hero... Phil Zimmerman!
 
"Phil is the creator of PGP, the most widely used email encryption software in the world, and the Zfone/ZRTP secure VoIP standard. PC World named him one of the Top 50 Tech Visionaries of the last 50 years. He has received Privacy International's Louis Brandeis Award, CPSR's Norbert Weiner Award, the EFF Pioneer Award, the Chrysler Award for Innovation in Design, and inducted into the Internet Hall of Fame."

This will be big. ~Kevin

Security Alert for Cisco TelePresence users.

If you rely on Cisco TelePresence products for sensive business communications, you might want to stop what you are doing and pay attention to a new warning that hackers can exploit security flaws to execute arbitrary code, cause a denial-of-service condition, or inject malicious commands.

Cisco released four separate security advisories today to warn of the risks and urge TelePresence users to deploy patches, especially in sensitive business environments. (more)

Advisory 1

Advisory 2

Advisory 3
Advisory 4

Of course...

• Don't set up any teleconferencing system outside of your firewall.

• Don't turn the auto-answer feature on.

• Don't forget to set "mute mic" as a default.

In fact, just shut the whole thing off until you need it.

Staff Bugs & Wiretaps at South Africa Techno University

South Africa - The Tshwane University of Technology’s investigation into the illegal tapping of staff phones, in which top campus officials have been implicated, has claimed its first dismissal. The suspended head of internal audit at TUT, Vincent Dlamini, is being fired by the university after being found to have been involved in the “conspiracy”...

Dlamini was also found guilty of unlawful conduct, gross dishonesty, non-compliance with TUT policy, gross negligence, and actions that caused a breakdown in the relationship of trust between the employer and himself as a senior employee...
 

The bugging of the offices of senior managers at TUT was uncovered during Mosia’s investigation into the university’s affairs. Dlamini was among several officials who were suspended on disciplinary charges relating to the bugging. (more)