Spybuster Tip # 629 - Watch What You Say at the Drive-Thru

Next time you have a private conversation while in a drive-through, you might want to keep it quiet — as workers in fast food restaurants are able to hear you, even when you can’t hear them.

Well, as long as they are wearing a headset and you’re parked next to the microphone with your window down, that is.

...the revelation on r/LifeProTips: They posted; “If we apologize [sic] and say we’ll be with you in a minute – you’re not on hold, we can hear everything. If you’ve ordered but the drive-thru line won’t let you pull ahead yet – we can hear every single thing you’re saying.

Suggesting that having the ability to eavesdrop isn’t always a good thing, they added: “I wish I could forget some of the stuff I’ve heard.” more

Keep Your Number Private – And Still Receive Calls!

An inexpensive and easy service...

"Keep your real phone number hidden while making calls and sending texts for work, dating, Craigslist sales, and more thanks to Hushed. You'll use their simple and secure app to easily make calls on your second number (you'll even choose the area code) without committing to another long, expensive phone contract. Customize your voicemail and use Wi-Fi or data to talk without expensive service charges. It's true communication anonymity delivered." more

Bonus: 

• The Murray Associates Smartphone Security Tips
• How to Block Caller ID

Spybusters Tip #847: Stop Car Theft via Key Fob Signal Intercept

By simply wrapping your key FOB in aluminum foil you can prevent a thief from intercepting the signal. 

If you park your car outside at home then you might consider using a foil-lined container or placing your keys in a coffee can.

I’m going to start wrapping mine in aluminum foil when I travel and stay in a hotel. If you doubt that this issue is a serious threat then watch How Thieves Unlock A Car. more

A big thank you to our Blue Blaze Irregular ensconced in Illinois for alerting us to this tip. ~Kevin

Evil Child Watch Spies

In late 2017, the Norwegian Consumer Council published its audit of kids' smart-watches, reporting that the leading brands allowed strangers to follow your kids around and listen in on their conversations; a year later, Pen Test Partners followed up to see if anything had changed (it hadn't).

Now, a year and a half later, Pen Test Partners have done another security audit of kids' smart watches and you'll never guess what they found! Kids' smart-watches are still a dumpster-fire: anyone can access the entire database of kids' data, including "real time child location, name, parents details etc," and since most leading brands use the same back-end from Gator, virtually every kid's smart-watch is vulnerable. more

Smartphone Security Tips

2/4/19 UPDATE: European Commission orders mass recall of creepy, leaky child-tracking smartwatch. more

Counterespionage Checklist: How to Be Safe on the Internet

An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go. more  Scott Adams

New Year’s Resolutions for Your Intellectual Property

by Bryan K. Wheelock - Harness, Dickey & Pierce, PLC 
Its the start of a new year, and here are ten things that you should consider doing to enhance your intellectual property in 2019... more

Number 3 is... "Take secrecy seriously. Trade secret protection depends upon whether steps, reasonable under the circumstances, have been taken to protect the secrecy of the subject matter."

The other numbers offer sage advice as well. ~Kevin

Who Are You...Online - Become an OSINT Awesome and Find Out

We are going to show you how to research yourself and discover what information is publicly known about you...

You will not find all the information on a single website. Instead you start with one website, learn some details, then use those details to search on and learn from other sites. Then you combine and compare results to create a profile or dossier of your subject. 

A good place to start is with search engines such as Google, Bing, or DuckDuckGo. Each of these have indexed different information about you...

Start by typing your name in quotes, but after that expand your search...

Examples include:
“FirstName LastName” > What information can I find online about this person
“Firstname Lastname@” > Find possible email addresses associated with this person
“Firstname lastname” filetype:doc > Any word documents that contain this person’s name
more
sing-a-long

Being Your Own Bodyguard, by Richard Roth (Kindle)

Click to enlarge.

Foreword by The Honorable Carlos C. Campbell

Rich Roth condenses over four decades of experience as a member of the United States Secret Service, and as a private security consultant and bodyguard.

His business portfolio includes cyber security, executive protection, aircraft and airport vulnerability, threat assessment and mitigation, training, perimeter detection and CCTV systems design and crisis management.

From the plazas of Paris, to dodging the guns in the Gaza strip, to the cafes in Caracas, Roth slips out of the shadows of surveillance to inform readers about how they can protect themselves through situational awareness, adaptation, and employ techniques and tactics for survival and mitigation.

Being Your Own Bodyguard deals with physical layouts and boundaries, psychological characteristics, and physiognomic [facial expressions] clues in assessing threats. Rich draws heavily on his experience with the USSS that includes over one hundred protection assignments. more

Security Director Alert - Well Produced Information Security Awareness Videos for Employees

Foreign intelligence entities, which may include foreign governments, corporations, and their proxies, are actively targeting information, assets, and technologies that are vital to both U.S. national security and our global competitiveness. 

Increasingly, U.S. companies are in the cross-hairs of these foreign intelligence entities, which are breaching private computer networks, pilfering American business secrets and innovation, and carrying out other illicit activities.

The National Counterintelligence and Security Center is dedicated to raising awareness among government employees and private industry about these foreign intelligence threats, the risks they pose, and the defensive measures necessary for individuals and organizations to safeguard that which has been entrusted to their protection.

The following products will enable personnel to better understand these threats and provide guidance and tips for protecting the sensitive information, assets, technologies, and networks to which employees have access. It will also serve to help them protect their personal, confidential information that may be used by others to gain their trust. more

Videos:
Social Media Deception Trailer
Social Media Deception
Social Media Deception Full Video
Social Engineering
Spear Phishing (30 second trailer)
Spear Phishing 2017
Spear Phishing Full Video
Travel Awareness
Human Targeting
Supply Chain Risk Management
Economic Espionage  (True story.)

When VPN means Very Poor Network

Roughly 60 percent of the top free mobile VPN apps returned by Google Play Store and Apple Play Store searches are from developers based in China or with Chinese ownership, raising serious concerns about data privacy, a study published today has revealed.

"Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders," said Simon Migliano, Head of Research at Metric Labs, a company that runs the Top10VPN portal.

"Furthermore, we found the majority of free VPN apps had little-to-no formal privacy protections and non-existent user support," Migliano said.

The expert says that 86 percent of the apps he analyzed had "unacceptable privacy policies." For example, some apps didn't say if they logged traffic, some apps appeared to use generic privacy policies that didn't even mention the term VPN, while some apps didn't feature a privacy policy at all. On top of this, other apps admitted in their policies to sharing data with third-parties, tracking users, and sending and sharing data with Chinese third-parties. more

Kevin's Spybuster Tip # 724 - Check out Outline.

Spybuster Security Tip #748: The Lost Smartphone Recovery Trick

Chances are, if you lose your smartphone the screen will look like this to whoever finds it. 
(If your phone is not password protected do that now.)

This presents a problem to the good Samaritan who finds it. They don’t know to whom the phone should be returned.

Sure, you could call the phone and hope they answer, or try using the ‘find my phone feature’, but that takes time and a positive result is iffy.

Solution…

Give the finder a helpful clue as to who you are. Customize your background wallpaper to include some information about you.

Including an email address is a very good start. Now they know how to contact you. If you want to keep your real email address private, create a nondescript google/yahoo/hotmail account just for this purpose.

If your email address also contains a company URL they might be close enough to drop the phone off at the reception desk for you.

Adding an alternate phone number where you can be reached, or adding the old enticing phrase, Reward if Found, are additional options.

It is easy to change wallpapers on smartphones. Just google “[your smartphone manufacturer] change wallpaper” and the directions will pop up.

Creating a customized wallpaper is almost as easy. You can do it with any photoshop type app, or by using a free on-line service.

Resources…
https://mashable.com/2013/08/12/wallpaper-iphone/
https://datarecovery.wondershare.com/best-iphone-wallpaper-maker.html
https://www.makeuseof.com/tag/make-custom-wallpaper-android/
https://www.picmonkey.com/blog/make-your-own-phone-wallpaper
https://www.canva.com/create/wallpapers/
https://spark.adobe.com/make/background-maker/

Smart Home Technology Being Used by Abusers to Control and Terrorize

Imagine the temperature changing on your thermostat without you doing it, or seeing your lights turn off and on without you touching the switch.

Or your Alexa blaring music in the middle of the night. Or finding hidden cameras placed in your home -- without your knowledge or consent.

These are the sort of things abusive partners and exes can use to try to control their loved ones and if it's happening to you, you need to report it.

"It was awful, absolutely awful," said Aubrey, a Houston woman who spoke with News 6 sister station KPRC about her fiancé secretly watching her in her home. "Everywhere I went, everything I did, he could hear it. He could see it. It was awful."

Aubrey says after she and her fiancé moved in together, she discovered he had installed cameras throughout the house without her knowledge or consent. She said she discovered it by accident while using his cellphone...

"Every time we get an advance in technology, the bad guys seem to take advantage of it," Oviedo police Lt. Travis Cockcroft said.

So what are some things you can do to break free of an abuser's digital trap?

• Make sure you change your passwords on all of your accounts.
• Reset your Wi-Fi settings to something only you would know.
• Educate yourself about what your smart home devices can do.
• Reset privacy settings.
• Keep a journal of any peculiar activity with dates and times and description of what happened. 

more and more

How Not to Write Your Name Electronically on Your Hotel Room Door

Reprint of LinkedIn post by Brian Creter...

"At my hotel last week in Los Angeles, I walked up and down my hallway and was able to identify multiple hotel guests who used their full and very unique legal names on their phones, which shows on personal wifi hotspots (see below). 

 

This is essentially like writing your name on a stickie and putting on your hotel door, or wearing a name tag while sitting in the airport. Range is typically 25 to 50 ft. so you can usually narrow down to one of several rooms. 

 

Go to Settings > General > About > Name OR change in iTunes. Also, remove any info that identifies the device (i.e. iPhone, iPad, etc.)."

World Cup Tip - Leave Your Electronics at Home

The top U.S. counterintelligence agent has warned Americans traveling to Russia for the 2018 World Cup against taking any electronics with them, saying soccer fans could be targeted by hackers.

William Evanina, an FBI agent and the director of the U.S. National Counterintelligence and Security Center, said in a Tuesday statement that even those who see themselves as insignificant could become victims of Russian spying.

“If you’re planning on taking a mobile phone, laptop, PDA, or another electronic device with you—make no mistake—any data on those devices (especially your personally identifiable information) may be accessed by the Russian government or cyber criminals,” Evanina said, according to Reuters. more

Three Tips for Protecting a Business's Passwords

One of the common areas we see companies and technology groups struggling to manage securely and effectively is… passwords.  We know we need them (passwords), we know they need to be “secure”, and we know they’re a pain in the neck to keep organized.  That’s exacerbated exponentially when you factor in shared passwords and accounts for teams.
Tip 1:  Quit Using Excel to Manage Your Passwords...
Tip 2:  Know All of Your Org’s Accounts...
Tip 3:  Know Your Password Security Options...

Read the full details about each tip at criticalinformatics.com

Amazon Echo/ Google Home/ HomePod spying on you? Fight Back!

The recent incident of a smart speaker secretly recording a couple’s conversation and sending it to one of their contacts has implanted a seed of doubt in every smart speaker’s user. 

While manufacturers assure their customers of protecting their privacy, it often gets tough to believe in their claims.

Following some simple steps can ensure you aren’t spied by your smart speaker.

• Mute the microphone/camera when not needed...
• Turn up the volume to the max...
• Keep it disconnected from the Wi-Fi...
• Don’t give access to contacts...
• Turn off calling and messaging...
• Lastly, don’t buy one, if you are suspicious... more

Need some smartphone security tips?
Check here.

In other news...
Facebook is now delaying the release of its smart speaker, based on widespread fears of eavesdropping and unauthorized audio recording. Those fears appeared in a recent focus group conducted by the social network... or, Because There’s No Way In Hell Any Sane Person Is Buying That Right Now. more

How to encrypt your entire life in less than an hour

Quincy Larson has written an excellent article on how to protect your digital privacy. Worth reading. Worth doing. ~Kevin

“Only the paranoid survive.” — Andy Grove

And Grove isn’t the only powerful person urging caution. Even the director of the FBI — the same official who recently paid hackers a million dollars to unlock a shooter’s iPhone — is encouraging everyone to cover their webcams.

But you obey the law. What do you have to worry about? As the motto of the United Kingdom’s surveillance program reminds us, “If you’ve got nothing to hide, you’ve got nothing to fear.”

Well, law-abiding citizens do have reason to fear. They do have reasons to secure their devices, their files, and their communications with loved ones.

“If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” — Cardinal Richelieu in 1641

In this article, I will show you how you can protect yourself by leveraging state-of-the-art encryption. In a single sitting, you can make great strides toward securing your privacy. more

Dumpster Diving…A Treasure Trove

From the book, What You Don't Know... Your Guide to Achieving "Knowledge Advantage" in the Information Age!

"Valuable Open Source information is thrown away every day, waiting to be collected by the thoughtful researcher. Dubbed “dumpster diving,” or “trash picking” a wastebasket becomes a friend to researchers and a foe of anyone you are collecting on...

How useful dumpster diving is can be readily seen by the fact that a highly-placed US intelligence official was convicted and sentenced to life in prison for working with Moscow operatives. He had thoughtlessly thrown away key clues to his betrayal, not thinking they would end up on a prosecutor’s desk. Expecting anything to be buried forever in a trash heap can be a major mistake...

In the United States the Supreme Court has said that, as a general rule, things left in trash cans curbside are considered “abandoned” and are there for the taking."

Related: Confidential Paperwork Security

Thumbs Down, or How to Delete Your Facebook Account Permanently

Presented as a service to our privacy conscious readers and clients...

If you are looking for how to delete your Facebook account permanently or deleting anything from your Facebook account here is a 2018 guide.

Facebook has remained the primary and most commonly used social networking platform for users across the world. At the same time, the social network giant has been in the news lately amid Cambridge Analytica scandal and for archiving personal data of users including call and text logs of its Android app users.

But, the fact is that unauthorized use of user content like posts, messages, pictures, and videos by Facebook is nothing new. However, it is a relatively new revelation that even the content that we believe is removed is actually not permanently deleted. So, what can be done in this situation? more

Spycam Detection Training Tip: Be Aware of Holes in Odd Places

Click to enlarge.

This case, which happened last night, is a good example of this detection tip paying off...

MA - A custodian at Northampton High School is facing charges after police say he "modified" a girls' bathroom at the school, creating holes in the ceiling so he could take pictures of students.

Michael Kremensky, 22, of Florence, is facing four charges of photographing an unsuspecting nude person, said Police Chief Jody Kasper, in a statement.

Police were called to the school Thursday for a report of suspicious activity involving holes in the ceiling of a girls' bathroom on the first floor.

No other bathrooms or rooms were affected, Kasper said. The activity was "localized to the one bathroom," she said. more
Learn more about spycam detection.