Experts say home networks are particularly vulnerable
When many of the computer industry's top security gurus gathered in San Francisco last month for a conference, a Boston company decided to point its radar toward the airwaves and see how much of the show's wireless activity it could see.
The distressing and ironic answer? The Boston hackers could eavesdrop on more than half of the wireless traffic ... at a security conference!
Security experts offer these tips when using wireless Internet access (abbreviated):
-- Use a suite of security software, including a firewall.
-- When logging on in a cafe or hotel, make sure you find out from an employee what the name of the network is, so you don't fall for a phony network set up by a hacker.
-- Change the password when you set up your router at home.
-- Try using OpenDNS, a free service at www.opendns.com, which will change the router's settings and, among other things, prevent pharming attacks (in which you think you're entering data at, say, your bank's Web site, but really you're at a fake site).
-- When on a secure financial site, make sure the address bar reads https (the "s" at the end stands for "secure") and that a picture of a lock shows up next to the address.
-- To get particularly tricky, when setting up your laptop. Give yourself a gender-bending sign-in.
-- If you get confused, call tech support for the router or the security software. (more)
Monday, March 12, 2007
From the 'Add Insult 2 Injury' department...
The Federal Communications Commission voted unanimously to levy what likely will amount to wiretapping taxes on companies, municipalities and universities, saying it would create an incentive for them to keep costs down and that it was necessary to fight the war on terror. ...
"We're going to have a lot of fights over cost reimbursement," Al Gidari, a partner at the law firm of Perkins Coie...
"I am not persuaded merely by largely speculative allegations that the financial burden on the higher-education community could total billions of dollars," said FCC Commissioner Deborah Taylor Tate...
BLAMMmmmpppp! You're both wrongo. The cost of forced wiretapping is always passed down the line to the people whose voice is taken - the voiceless consumer.
"We're going to have a lot of fights over cost reimbursement," Al Gidari, a partner at the law firm of Perkins Coie...
"I am not persuaded merely by largely speculative allegations that the financial burden on the higher-education community could total billions of dollars," said FCC Commissioner Deborah Taylor Tate...
BLAMMmmmpppp! You're both wrongo. The cost of forced wiretapping is always passed down the line to the people whose voice is taken - the voiceless consumer.
VoIP Security Tips
VoIP (Voice-over-Internet Protocol) "telephone" services are open to the vulnerabilities of the Internet.
Many threats may even be more acute because VoIP architectures are complex and hierarchical with many networked components such as IP PBXs, application servers, media gateways, and IP (Internet Protocol) phones.
VoIP networking also relies on numerous protocols, some of which remain poorly defined, and all of which introduce their own security risks.
VoIP Security Threats include DoS and Distributed DoS Attacks; unauthorised access to administration systems for toll and credit card fraud or identity theft; eavesdropping by unauthorised agents; and application-level attacks for registration hijacking, illegal teardowns, register floods, call floods, malformed packets, harassing calls and spam over Internet telephony (SPIT).
The following comprise a best practices approach to VoIP security (summarized):
- Maintain current patch levels.
- Install a good antivirus system.
- Apply state-of-the-art intrusion detection and prevention systems.
- Install application-layer gateways.
- Enforce SIP security by means of authentication.
- Establish policy-based security zones to isolate VoIP segments.
- Run VoIP traffic on VPNs to minimise eavesdropping risk on critical segments.
- Use VLANs to prioritise and protect voice traffic from data network attacks.
- Apply encryption selectively.
- Protect against UDP flooding.
- Develop a holistic security program.
From Andy Miller, vice-president of Juniper Networks Asia Pacific's enterprise division.
(more)
Many threats may even be more acute because VoIP architectures are complex and hierarchical with many networked components such as IP PBXs, application servers, media gateways, and IP (Internet Protocol) phones.
VoIP networking also relies on numerous protocols, some of which remain poorly defined, and all of which introduce their own security risks.
VoIP Security Threats include DoS and Distributed DoS Attacks; unauthorised access to administration systems for toll and credit card fraud or identity theft; eavesdropping by unauthorised agents; and application-level attacks for registration hijacking, illegal teardowns, register floods, call floods, malformed packets, harassing calls and spam over Internet telephony (SPIT).
The following comprise a best practices approach to VoIP security (summarized):
- Maintain current patch levels.
- Install a good antivirus system.
- Apply state-of-the-art intrusion detection and prevention systems.
- Install application-layer gateways.
- Enforce SIP security by means of authentication.
- Establish policy-based security zones to isolate VoIP segments.
- Run VoIP traffic on VPNs to minimise eavesdropping risk on critical segments.
- Use VLANs to prioritise and protect voice traffic from data network attacks.
- Apply encryption selectively.
- Protect against UDP flooding.
- Develop a holistic security program.
From Andy Miller, vice-president of Juniper Networks Asia Pacific's enterprise division.
(more)
Soap Snoop News, or...
...art imitates life, again.
Last week on the Bold and Beautiful: Stephanie secretly turns the intercom on at work so that she can eavesdrop on Rick and Phoebe, and hears their secret plan to meet at the Big Bear cabin. (surprise) At the cabin, Rick and Phoebe are enjoying their time alone as the sexual tension rises between them. Ridge and Stephanie walk in on Rick and Phoebe's romantic set-up... (more, if you can stand it)
Last week on the Bold and Beautiful: Stephanie secretly turns the intercom on at work so that she can eavesdrop on Rick and Phoebe, and hears their secret plan to meet at the Big Bear cabin. (surprise) At the cabin, Rick and Phoebe are enjoying their time alone as the sexual tension rises between them. Ridge and Stephanie walk in on Rick and Phoebe's romantic set-up... (more, if you can stand it)
Saturday, March 10, 2007
How Private is Your Cell Phone Call or SMS Text
Mobile phone privacy
is inversely proportional
to the amount of money
the eavesdropper has to spend.
See for yourself...
How Do You Intercept a Text Message?
(or, Turn Your Cell Phone into a Spy Gadget)
Professional Cellular Intercept Gear
The SingInt PGIS-900/1800 Passive GSM Intercept System
The Scandec, Inc. Real-time GSM System
The Shoghi SCL-5020 GSM Monitoring System
The G-Com Cellular Interception Systems
The Access GSM 3310 Interceptor
The Spy World 4001-D Cellular Interceptor
The Surf Mobile Data Lawful Interception Module Package
More Intercept Systems
The Spytec 3000 GSM Monitoring System
The Maxx Technology, s.a. Cellular Intercept Systems
The Silver Bullet PGSM Interception System
The Endoacustica GSMx900/1800 Interceptor
The Chiare GSM Interceptor
NSS White Paper on GSM and SMS interception
So, what is one to do?
Mobile phone privacy
is inversely proportional
to the amount of money
you have to spend...
Sagem myX-8S
GoldLock
CryptoPhone
Secure GSM
Sectera Secure GSM Phone
Shoghi PAD 1000 Secure GSM Phone
Ericsson and Sony-Ericsson Crypt-a-Cell (add-on)
DICA GSM Cipher Systems
Silentel SecureCall
Now that you feel all secure again...
The Number One Cell Phone Eavesdropping Trick!
is inversely proportional
to the amount of money
the eavesdropper has to spend.
See for yourself...
How Do You Intercept a Text Message?
(or, Turn Your Cell Phone into a Spy Gadget)
Professional Cellular Intercept Gear
The SingInt PGIS-900/1800 Passive GSM Intercept System
The Scandec, Inc. Real-time GSM System
The Shoghi SCL-5020 GSM Monitoring System
The G-Com Cellular Interception Systems
The Access GSM 3310 Interceptor
The Spy World 4001-D Cellular Interceptor
The Surf Mobile Data Lawful Interception Module Package
More Intercept Systems
The Spytec 3000 GSM Monitoring System
The Maxx Technology, s.a. Cellular Intercept Systems
The Silver Bullet PGSM Interception System
The Endoacustica GSMx900/1800 Interceptor
The Chiare GSM Interceptor
NSS White Paper on GSM and SMS interception
So, what is one to do?
Mobile phone privacy
is inversely proportional
to the amount of money
you have to spend...
Sagem myX-8S
GoldLock
CryptoPhone
Secure GSM
Sectera Secure GSM Phone
Shoghi PAD 1000 Secure GSM Phone
Ericsson and Sony-Ericsson Crypt-a-Cell (add-on)
DICA GSM Cipher Systems
Silentel SecureCall
Now that you feel all secure again...
The Number One Cell Phone Eavesdropping Trick!
Friday, March 9, 2007
Fun Weekend Project - Make a Throwie!
Developed by the Graffiti Research Lab a division of the Eyebeam R&D OpenLab, LED Throwies are an inexpensive way to add color to any ferromagnetic surface in your neighborhood.A Throwie consists of a lithium battery, a 10mm diffused LED and a rare-earth magnet taped together. Throw it up high and in quantity to impress your friends and city officials. (more) Kits available here.
Quick, guess which is the Bug.
...from the manufacturer's web site..."During the Sengoku era in Japan there were people who called 'Shinobi'. They carried particular kinds of tools and worked for their king
as intelligence agents.Our new model Shinobi, UHF micro size transmitter is named after those people and the world in which they lived. We believe Shinobi will be the best tool for
gathering intelligence. Sun-Mechatronics supports the Shinobi who live in our age."The answer... Can't fool you (all are bugs, of course). Sun-Mechatronics is just one of many companies from Bombay to eBay which sell bugging devices built into everyday objects. The good ones, however, are not this easy to spot; like that innocuous 'extra' block of wood glued under your conference table. (more)
Yet Another Spy School
London's Science Museum is offering the James Bonds of the future the chance to try their hand at espionage and learn some of the trade's most useful skills.
In its special family exhibition entitled the Science of Spying, trainee spies are recruited at the Spymaker Base before being trained in important skills... In addition, the exhibition will explore the future of espionage, focusing on the science and technology side of the business... The exhibition will be at the museum until the beginning of September.
In its special family exhibition entitled the Science of Spying, trainee spies are recruited at the Spymaker Base before being trained in important skills... In addition, the exhibition will explore the future of espionage, focusing on the science and technology side of the business... The exhibition will be at the museum until the beginning of September.
Top Secret Gov't Spying room revealed by AT&T Whistleblower [VIDEO]
ABC Nightline Special Report
In this clip, former AT&T technician Mark Klein discusses his investigation of a secret room built in conjunction with the National Security Agency through which all customer information was routed.
The Los Angeles TImes killed the story. The New York TImes gave it life. Both the EFF and the ACLU have cases in the courts at the moment. As the clip shows, the government (and AT&T) are trying to get the case dismissed on "national security" grounds. (video)
(update - 11/7/07)
A former technician at AT&T, who alleges that the telecom forwards virtually all of its internet traffic into a "secret room" to facilitate government spying, says the whole operation reminds him of something out of Orwell's 1984.
Appearing on MSNBC's Countdown program, whistleblower Mark Klein told Keith Olbermann that a copy of all internet traffic passing over AT&T lines was copied into a locked room at the company's San Francisco office -- to which only employees with National Security Agency clearance had access -- via a cable splitting device.
"My job was to connect circuits into the splitter device which was hard-wired to the secret room," said Klein. "And effectively, the splitter copied the entire data stream of those internet cables into the secret room -- and we're talking about phone conversations, email web browsing, everything that goes across the internet." (video)
In this clip, former AT&T technician Mark Klein discusses his investigation of a secret room built in conjunction with the National Security Agency through which all customer information was routed.
The Los Angeles TImes killed the story. The New York TImes gave it life. Both the EFF and the ACLU have cases in the courts at the moment. As the clip shows, the government (and AT&T) are trying to get the case dismissed on "national security" grounds. (video)
(update - 11/7/07)
A former technician at AT&T, who alleges that the telecom forwards virtually all of its internet traffic into a "secret room" to facilitate government spying, says the whole operation reminds him of something out of Orwell's 1984.
Appearing on MSNBC's Countdown program, whistleblower Mark Klein told Keith Olbermann that a copy of all internet traffic passing over AT&T lines was copied into a locked room at the company's San Francisco office -- to which only employees with National Security Agency clearance had access -- via a cable splitting device.
"My job was to connect circuits into the splitter device which was hard-wired to the secret room," said Klein. "And effectively, the splitter copied the entire data stream of those internet cables into the secret room -- and we're talking about phone conversations, email web browsing, everything that goes across the internet." (video)
Saskin accused of spying on player e-mail
NHL players are expected to discuss firing Players Association executive director Ted Saskin and another top union official in the wake of a Toronto newspaper report claiming union executives have tapped into players' e-mail accounts. (more)
Alleged Wal-Mart Tapper Goes to the Wall...
...Street Journal.
(A strong case for not having an in-house TSCM team.)
A Wal-Mart Stores Inc. employee fired this week for allegedly intercepting and recording calls from a news reporter and others said he felt pressured to uncover who at the retail giant was leaking embarrassing information to outsiders.
Bruce Gabbard, a 44-year-old employee of the company's information-security operation, said he wanted to tell his side of events for the first time. Mr. Gabbard and his supervisor were dismissed this week after the U.S. Attorney for the Western District of Arkansas told the retailer he was looking into possible violations of federal law in the alleged wiretapping.
After a flurry of articles about Wal-Mart's employment and benefit practices appeared in the New York Times newspaper and elsewhere, Mr. Gabbard said, he took it upon himself to find out if any of the newspaper's information was coming from internal sources.
"Our job was to plug any information hole," Mr. Gabbard said. "That was the primary reason for our team to be there."
Mr. Gabbard had worked for Bentonville, Ark.-based Wal-Mart for 19 years and was a member of its Threat Research and Analysis team, a group of about 20 employees in its information-systems division. He and others would sweep rooms for electronic-listening devices and do "forensic" data gathering for use in court cases. ...
Kenneth H. Senser, a senior vice president who heads Wal-Mart Global Security, instructed Mr. Gabbard and another member of his team to find the source of the leak, Mr. Gabbard said. He swept Ms. Chambers' office for bugs to no avail, he said, and then they examined the computers of the people who had received and written different iterations of the Chambers memo. (more)
UPDATE - 3/29/07
Wal-Mart PR is in fine fettle... (more)
(A strong case for not having an in-house TSCM team.)
A Wal-Mart Stores Inc. employee fired this week for allegedly intercepting and recording calls from a news reporter and others said he felt pressured to uncover who at the retail giant was leaking embarrassing information to outsiders.Bruce Gabbard, a 44-year-old employee of the company's information-security operation, said he wanted to tell his side of events for the first time. Mr. Gabbard and his supervisor were dismissed this week after the U.S. Attorney for the Western District of Arkansas told the retailer he was looking into possible violations of federal law in the alleged wiretapping.
After a flurry of articles about Wal-Mart's employment and benefit practices appeared in the New York Times newspaper and elsewhere, Mr. Gabbard said, he took it upon himself to find out if any of the newspaper's information was coming from internal sources.
"Our job was to plug any information hole," Mr. Gabbard said. "That was the primary reason for our team to be there."
Mr. Gabbard had worked for Bentonville, Ark.-based Wal-Mart for 19 years and was a member of its Threat Research and Analysis team, a group of about 20 employees in its information-systems division. He and others would sweep rooms for electronic-listening devices and do "forensic" data gathering for use in court cases. ...
Kenneth H. Senser, a senior vice president who heads Wal-Mart Global Security, instructed Mr. Gabbard and another member of his team to find the source of the leak, Mr. Gabbard said. He swept Ms. Chambers' office for bugs to no avail, he said, and then they examined the computers of the people who had received and written different iterations of the Chambers memo. (more)
UPDATE - 3/29/07
Wal-Mart PR is in fine fettle... (more)
Thursday, March 8, 2007
Yet another Creepy Peepy Toy - NetTansor
It sees.It walks.
It talks.
It trips over a deck of cards
and crawls on its belly like a reptile!
It's NetTansor by Bandai Robot Labs.
Control it from your computer screen.
It sends what it sees to your cell phone.
See it in "action" here.
Buy it here.
See its evil twin here.
FutureWatch...
Technology continues to grow within personal robots.
Some now even have human-like skin and physical attributes.
Prices continue to fall.
Humans will develop very personal relationships with their cybuddies.
Next... human-like laws to protect the new species, here.
US Dept. of Agriculture Warning
The USDA has a security warning on their web site about... bugs in hotel rooms!No, not the little critters who eat crops, the little critters that eavesdrop.
...from the USDA web site...
"It is sometimes said that 'All hotel rooms abroad are bugged for audio and visual surveillance.' Of course it is not true that all of them are bugged, but a great many are -- especially in major hotels frequented by foreign business and government travelers.
To maintain an adequate level of security awareness while conducting business abroad, you must operate on the assumption that your hotel room conversations are being monitored. If you are an active target who is known to pick up local women, you could also be filmed by a concealed camera.
The goal of surreptitious monitoring may be to learn your business or negotiating strategy, identify your local contacts, assess your vulnerabilities, or obtain evidence that can be used to accuse you of improper activities or to pressure you to cooperate..." (more)
Overview of the Threat
"A bug is a device placed in an office, home, hotel room, or other area to monitor conversations (or other communications) and transmit them out of that area to a listening post. Other listening devices work from a distance to monitor communications within a room without actually having a microphone or transmitter in the room.
Thanks to an explosion of miniaturized technology, the tools for bugging and other forms of eavesdropping have never been cheaper, smaller, more powerful, or easier to come by." (more)
Eavesdropping Methods
"Eavesdropping equipment varies greatly in level of sophistication. Many off-the-shelf spy shop devices are generally low-cost consumer electronic devices that have been modified for covert surveillance. They are easy to use against unsuspecting targets but can be detected by elementary electronic countermeasures.
Devices produced for law enforcement and industrial espionage are more expensive, more sophisticated, and more difficult to find during a technical security countermeasures (TSCM) inspection.
Devices designed and built for intelligence services are still more expensive and very difficult to find." (more)
Detecting and Preventing Eavesdropping
"Never try to find a bug or wiretap yourself. ... A Technical Security Countermeasures (TSCM) survey, also known as a 'sweep,' is a service provided by highly qualified personnel to detect the presence of technical surveillance devices and hazards and to identify technical security weaknesses that could facilitate a technical penetration of the surveyed facility." (more)
In other words, have qualified, experienced people conduct your search.
Call us.
Finland vexed by Sweden's eavesdrop plans
Swedish public broadcaster Sveriges Radio reported Wednesday that Finnish authorities had expressed concern about Sweden's plans to boost the interception of telecommunications crossing the border.
"Finnish law requires that all telecommunications traffic is kept confidential. It is the transport ministry's task to monitor that everyone live up to this obligation," Harri Pursiainen, the permanent secretary at the Finnish transport and communications ministry, told the Finnish News Agency (STT).
The Swedish government is drafting a bill that would give Försvarets radioanstalt (FRA), the national authority for signals intelligence, a wider envelope than before to intercept and monitor cross-border telecommunications. (more)
"Finnish law requires that all telecommunications traffic is kept confidential. It is the transport ministry's task to monitor that everyone live up to this obligation," Harri Pursiainen, the permanent secretary at the Finnish transport and communications ministry, told the Finnish News Agency (STT).
The Swedish government is drafting a bill that would give Försvarets radioanstalt (FRA), the national authority for signals intelligence, a wider envelope than before to intercept and monitor cross-border telecommunications. (more)
"...and then they taught me how to say, Bond... James Bond."
Spy Academy Experience Day Gift Pack You'll learn the essential skills required to conduct a secret agent operation during an action packed 3 hours at the Spy Headquarters.
You'll be shown how to use specialist spy equipment, covert cameras and UHF radios, bugs and listening devices, and lock picking gadgets.
You'll be taught how to use a pistol, the Secret Agents weapon of choice, and then test your skills with quick draw techniques.
Finally you'll also receive some expert instruction on un-armed combat techniques, useful when you're cornered by enemy agents, and learn contact drills using our state of the art laser combat system. Only £99.95
Getting your Walter Mitty butt there, extra. (more)
Subscribe to:
Posts (Atom)