from c|net, by Declan McCullagh...
Computer scientists have discovered a novel way to bypass the encryption used in programs like Microsoft's BitLocker and Apple's FileVault and then view the contents of supposedly secure files.
In a paper (PDF) published Thursday that could prompt a rethinking of how to protect sensitive data, the researchers describe how they can extract the contents of a computer's memory and discover the secret encryption key used to scramble files. (I tested these claims by giving them a MacBook with FileVault; here's a slideshow.)
"There seems to be no easy remedy for these vulnerabilities," the researchers say...
Their technique doesn't attack the encryption directly. Rather, it relies on gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys. How the scan is done is one of the most clever portions of the paper. (more)
Monday, February 25, 2008
Cheap & Secure Communications - for Security ...and Eavesdroppers
from the TriSquare website – TSX300..."eXtreme Radio Service (eXRS) two-way radios use proprietary Frequency Hopping Spread Spectrum (FHSS) in the ISM band (900 MHz frequencies). 10 Billion channels." (more)
What does this walkie-talkie mean to you?
- "Secure Conversation – No Eavesdropping"
- Communications range of at least 1-2 miles.
- Very good communications within buildings.
- Voice Operated Transmit (VOX)
- No license required.
- Accessories include a headset.
- Cost: less than $100.00 per pair!
What else does this mean?
- A quick hack turns it into a long-range stealth bug!
- The average TSCM sweep team will likely miss it.
- Advanced Eavesdropping Detection will find it.
Sunday, February 24, 2008
"...and, the 'Best Use of Spycam Technology' award goes to..."
Bird House Spy Cam"Watch ‘em, but don’t touch ‘em!"
"Our Hawk Eye Nature Cam will open up undiscovered worlds of bird and wildlife behavior. Once you buy one of our wildlife monitoring cams, it probably won't be long before you buy another and another." (
more)Movies made with birdhouse spycams...
- Bats
- Baby Owls
- Flying Squirrel
- Baby Squirrels
- Hummingbirds
- Spooky Owls
- Baby birds feeding
- Squirrels
"Boss, this suspect gets a lot of email."
The FBI revealed that human error led to surveillance of an entire email network back in 2006, rather than the single email address approved by the secretive court which approves domestic wiretaps and other forms of e-surveillance...
The ISP involved allegedly misinterpreted a warrant for one email address to be a warrant for - ahem - the entire network. (more)
The ISP involved allegedly misinterpreted a warrant for one email address to be a warrant for - ahem - the entire network. (more)
SpyCam Story #434 - Public Pool Perv
UK - A man who secretly filmed boys in a toilet and was caught with a camera at a children's swimming club has escaped a jail term. David Ashton (42) was arrested at Parkside Pool in Cambridge after staff were alerted to his suspicious behaviour during a parents-only training session for eight to 16-year-olds. Police found a video camera in a briefcase he was carrying. When officers searched his home, they discovered covert recordings of men and boys using a toilet cubicle, as well as other indecent images of children. (more)
Wiretap With Your Credit Card
That's right!
If you have a phone.
If you have a credit card.
You have a heavy-duty digital wiretap at your fingertips!
Of course, so does everyone else, so watch what you say 007.
...from the service provider's web site - callrecordercard.net...
It is easy to make high quality digital recordings. We will provide you with your own personal phone number in our state of the art, secure telecom switch.
- To record an important conversation, you first dial your personal phone number (PPN), which connects you to the recording equipment and then dial the number you want to record.
- To record incoming calls, the calls will automatically be recorded as they pass through our recording switch.
Your conversation will then be recorded and stored on our secure, password protected system, for you to play back as needed. Our advanced digital processors will record every word on both sides of the conversation.
Our clients use their Call Recorder Cards for both their business and personal needs. These are some of the typical uses of the Call Recorder Card:
- Record employee's calls to review their job performance
- Record details of complicated negotiations
- Maintains recorded records of verbal agreements
- Insurance investigator interviews
- Dictate recordings to be transcribed
- Dictate memos while on the road
- Disclosed monitoring of children's conversations
- Law enforcement investigations
not to mention...
- nailing that deadbeat jerk you used to be married to
- presenting a new cell phone to that special someone
- 'changing' the home phone number
- set up a sting
- or, post a PPN (pointed to [his/her name here] on-line, and wait for the fun to begin.
No need to have bulky recorders, or phone interceptor equipment. Simply follow the user friendly instructions to automatically direct your calls through our state of the art telecommunication switch.
Your important conversations will be stored in a safe digital format that only you can access and/or retrieve with your very own PIN (Personal Identification Number).
Testimonials (!?!?)
I had my housekeeper start making her calls through my Personal Phone Number. Lo and Behold! She spent hours a day on the phone just chatting! No wonder the housework never got done. O.G. - Connecticut
I gave a new cell phone to my teenager and told her that the calls were being recorded. Now I have peace of mind! Y.P. Texas
One interesting FAQ...
Q: Can I change the number that the other person will see on their caller ID when I make an outgoing call from my PPN?
A: Yes, when placing the calls follow the prompts to change the number the other person will see on their caller ID.
Useful service? Yes.
What could possibly go wrong? (snicker)
If you have a phone.
If you have a credit card.
You have a heavy-duty digital wiretap at your fingertips!
Of course, so does everyone else, so watch what you say 007.
...from the service provider's web site - callrecordercard.net...
It is easy to make high quality digital recordings. We will provide you with your own personal phone number in our state of the art, secure telecom switch.
- To record an important conversation, you first dial your personal phone number (PPN), which connects you to the recording equipment and then dial the number you want to record.
- To record incoming calls, the calls will automatically be recorded as they pass through our recording switch.
Your conversation will then be recorded and stored on our secure, password protected system, for you to play back as needed. Our advanced digital processors will record every word on both sides of the conversation.
Our clients use their Call Recorder Cards for both their business and personal needs. These are some of the typical uses of the Call Recorder Card:
- Record employee's calls to review their job performance
- Record details of complicated negotiations
- Maintains recorded records of verbal agreements
- Insurance investigator interviews
- Dictate recordings to be transcribed
- Dictate memos while on the road
- Disclosed monitoring of children's conversations
- Law enforcement investigations
not to mention...
- nailing that deadbeat jerk you used to be married to
- presenting a new cell phone to that special someone
- 'changing' the home phone number
- set up a sting
- or, post a PPN (pointed to [his/her name here] on-line, and wait for the fun to begin.
No need to have bulky recorders, or phone interceptor equipment. Simply follow the user friendly instructions to automatically direct your calls through our state of the art telecommunication switch.
Your important conversations will be stored in a safe digital format that only you can access and/or retrieve with your very own PIN (Personal Identification Number).
Testimonials (!?!?)
I had my housekeeper start making her calls through my Personal Phone Number. Lo and Behold! She spent hours a day on the phone just chatting! No wonder the housework never got done. O.G. - Connecticut
I gave a new cell phone to my teenager and told her that the calls were being recorded. Now I have peace of mind! Y.P. Texas
One interesting FAQ...
Q: Can I change the number that the other person will see on their caller ID when I make an outgoing call from my PPN?
A: Yes, when placing the calls follow the prompts to change the number the other person will see on their caller ID.
Useful service? Yes.
What could possibly go wrong? (snicker)
NFL Spygate History - The Locker Room Spycams
Earlier this season (1999), a Jets defensive player went into a small room at the team's practice facility in Hempstead, N.Y., and was stunned by what he saw. Inside was a bank of video screens, he said, showing various parts of the complex. On one screen, to the player's surprise, was a view of the locker room. ...
''A lot of things around here have knocked me for a loop, but this is one of the biggest,'' said the defensive starter, who asked not to be identified for fear of repercussions. ''My first thought was, 'Has the team been spying on us?' ''
A spokesman for the Jets denied that the team uses video cameras for surveillance purposes...
A number of players, team executives and union officials believe putting hidden cameras in the locker room, the training room or other parts of the workplace is a good idea. Others believe that cameras are a violation of a player's privacy. (more)
Pop Quiz: Who was Bill Belichick working for in 1999?
''A lot of things around here have knocked me for a loop, but this is one of the biggest,'' said the defensive starter, who asked not to be identified for fear of repercussions. ''My first thought was, 'Has the team been spying on us?' ''
A spokesman for the Jets denied that the team uses video cameras for surveillance purposes...
A number of players, team executives and union officials believe putting hidden cameras in the locker room, the training room or other parts of the workplace is a good idea. Others believe that cameras are a violation of a player's privacy. (more)
Pop Quiz: Who was Bill Belichick working for in 1999?
FutureWatch - Pimping your ride with RFID
First Singapore, then Bermuda, then...?Here what happened in Bermuda...
"The Bermuda Government is issuing vehicle owners with credit card sized stickers containing a RFID chip and it is expected that every vehicle in Bermuda will carry one within a year or two. The scheme is mandatory and a $10,000 penalty applies if owners remove the chips. RFID readers are being placed in telephone poles and buildings throughout Bermuda, which enable authorities to monitor the past and present location of vehicles and record the speed at which they are traveling. The information is being sent to high speed computers that calculate everything you could possibly imagine about a travellers journey, even the route taken." (more)
The handwriting is on your windshield.
Look for government to pimp your ride, next.
Hey, they even call it something benign and acceptable.
...like EZ-Pass, Ipass or UneedaPass.
Saturday, February 23, 2008
GSM Bug Flood Continues
GSM Eavesdropping Device.
Manufacturer: Lawmate
Model: GE-40
Size: 78(L) x 51(W) x 11(H) mm (approx. 3 x 2 x .5 inches)
- Communicates via GSM cellular
- Remotely controllable
- Can be triggered to call you when it hears sound.
- Scared yet?
- Battery or AC powered.
- External microphone input.
- External alarm input.
(more)
Why do I mention it?
So, you will know what you are up against.
The Penny Dropped. Let the Lawsuits Begin.
A former St. Louis Rams player and three fans sued the New England Patriots over allegations that the Patriots cheated in the 2002 Super Bowl by taping a Rams practice before the game. Former Rams player Willie Gary and other plaintiffs are seeking millions of dollars of damages in their federal lawsuit, filed in New Orleans. The Patriots beat the Rams, 20-17, on a last-second field goal in the 2002 Super Bowl at the Louisiana Superdome in New Orleans.
Before the game, former Patriots employee Matt Walsh allegedly taped a walkthrough practice by the Rams. Walsh told The Associated Press last week during the Pro Bowl in Hawaii that he couldn't comment on the allegations.
The lawsuit accuses the Patriots of fraud, unfair trade practices and engaging in a "pattern of racketeering."
(more) (Why is Sports Crime Different?) (other lawsuit) (more outrage) (moral)
Thursday, February 21, 2008
Smackdown - US 193 - RIP
The U.S. Navy has successfully intercepted a defunct spy satellite using a surface-to-air missile — a first-ever such demonstration by an American warship. Debris from the shattered satellite was expected to burn up during re-entry."The mission was a success … the missile … intercepted the decaying satellite," Pentagon spokesman Geoff Morrell said.
The interceptor missile was launched from the Navy cruiser USS Lake Erie off Hawaii at 10:30 p.m. EST. The USS Lake Erie is an Aegis guided-missile cruiser. Two other ships, USS Decatur and USS Russell, were also part of the task force. (more) (audio) (Smackdown animation)
Wednesday, February 20, 2008
Countdown to Smackdown - US 193 (update 3)
Attempt to shoot down spy satellite to cost up to $60 million(more)
Who is happy about this?
1. Amateur radio operators who are looking forward to communicating by bouncing radio waves off the debris. DX more rare than moon-bounce or meteor scatter communications.
2. The Navy, who will get the rarest of chances to actually test their goodies ...without fear that someone will shoot back.
3. All the MIC types who build these goodies. They will make money replacing the missiles, not to mention the satellite and placement rocket. They will make more money modifying and enhancing existing weapons systems based on what is learned from this escapade.
4. And, of course, the bookies in Vegas!
Hey, taxpayer.
Are you unhappy? Stop. Think about it. Be reasonable.
Don't you want to be prepared when the comets come?
Don't you want to be protected when the aliens try to land?
Grab a beer. Relax. Watch GoldenEye.
Worst Security Ad of the Year Award
This plopped into my mailbox this morning...
- To whom would this ad appeal?
- Is that the type of person you want carrying a gun?
- Why are the 'Super Heros' standing in a police line-up?
- What did they do wrong?
- Hey, these aren't Super Heros. Real Super Heros are big and strong!
- Are 'Crime Fighters' out there rounding up fake Super Heros!
- What a waste of tax dollars.
- I getting scared now. This is creepy. I give up.
It is only February and we have the Worst Security Ad of the Year.
- To whom would this ad appeal?- Is that the type of person you want carrying a gun?
- Why are the 'Super Heros' standing in a police line-up?
- What did they do wrong?
- Hey, these aren't Super Heros. Real Super Heros are big and strong!
- Are 'Crime Fighters' out there rounding up fake Super Heros!
- What a waste of tax dollars.
- I getting scared now. This is creepy. I give up.
It is only February and we have the Worst Security Ad of the Year.
Leaked Info Dampens First Amendment
Recent days have brought two federal court decisions with disputed First Amendment legitimacy.
In San Francisco, District Judge Jeffrey White acceded to a request by a Cayman Islands bank to shut access to the Web site Wikileaks.org, which "invites people to post leaked materials with the goal of discouraging 'unethical behavior' by corporations and governments," as the New York Times reports.
In this case, the bank, Julius Baer Bank and Trust, accused "a disgruntled ex-employee" of giving stolen documents to Wikileaks in violation of banking laws and a confidentiality agreement. (more)
First Amendment vs. Creeping Extortionography.
You decide. In the meantime, keep your information from leaking in the first place. Need help? Call us.
In San Francisco, District Judge Jeffrey White acceded to a request by a Cayman Islands bank to shut access to the Web site Wikileaks.org, which "invites people to post leaked materials with the goal of discouraging 'unethical behavior' by corporations and governments," as the New York Times reports.
In this case, the bank, Julius Baer Bank and Trust, accused "a disgruntled ex-employee" of giving stolen documents to Wikileaks in violation of banking laws and a confidentiality agreement. (more)
First Amendment vs. Creeping Extortionography.
You decide. In the meantime, keep your information from leaking in the first place. Need help? Call us.
Tuesday, February 19, 2008
Countdown to Smackdown - US 193 (update 2)
The U.S. Navy is specially modifying three advanced SM3 anti-ballistic missile interceptors to shoot down an electronically dead, intelligence-gathering satellite that was launched into space for the National Reconnaissance Organization (NRO). Communications with the satellite were lost almost immediately, which means there’s no way of guiding the spacecraft to a predictable crash site as it returns from orbit, says Marine Corps Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff.
The extraordinary decision to shoot it down was the result of analyses that show the satellite’s 40-in.-dia. hydrazine tank—now holding a 1,000-lb. frozen sphere of maneuvering propellant—will survive the descent. It will pose a lethal danger when it strikes the Earth, cracks open, and the frozen slush turns into a toxic gas, says James Jeffrey, White House deputy national security adviser. The effect on human lungs would be similar to ammonia or chlorine gas.
The three Aegis ships involved in the intercept, from a launch site in the northern Pacific, will be “reconfigured on a one-time, reversible basis,” says Jeffrey. Even if the space defense missiles miss or misfire, the threat will be no greater, says NASA Administrator Michael Griffin. However, even if the missile only grazes the errant satellite, it will fall out of orbit faster, analysts contend. If they make a direct hit, the spacecraft is expected to fall into an unpopulated area, Cartwright says.
If the SM3 missile hits the satellite as it nears the atmosphere, more than 50% of the debris will reenter within two orbits, about 10-15 hr. Most of the remaining pieces would fall within a month, Cartwright says. It will be critical to hit the satellite before it enters the atmosphere, where its nonaerodynamic shape will cause it to tumble and be almost impossible to engage, he says. If the first SM3 misses, operators will reassess and try again with the backup missiles.
It is officially denied that debris from the payload could reveal secret new U.S. national security capabilities if satellite wreckage were recovered by another nation. (more) (follow the whole story)
Subscribe to:
Posts (Atom)