Just when you thought your wireless network was locked down, a whole new set of exploits and hacker tools hits.
Josh_Wright: "Enterprises are doing ... better. We are seeing fewer open networks and more organizations moving to WPA/WPA2 from WEP. There is still more than a fair share of WEP networks, sometimes motivated by the need to support legacy wireless clients (such as VoIP phones, or Symbol scanners). A lot of the enterprises I talk to feel comfortable with the security of their WPA/WPA2 networks, but they often fail to realize that this is only one piece of a wireless security strategy. Failure to address client configuration and security issues, rogue detection and home/mobile users leaves organizations exposed to attack. (more)
When did you last check the security of your wireless network?
Idea... Have us preform an on-site wireless LAN security survey.
Thursday, March 6, 2008
Wednesday, March 5, 2008
SpyCam Story #438 - "Er's mud in yer eye"
UK - A Greenock dad who feared he was being spied on by a CCTV operator decided to take matters into his own hands — by spray painting over the lenses. (more)
Every Click You Make, Your Boss Is Watching You
Employees who regularly use company computers to surf the Web, sign on to business accounts for personal e-mail, make calls from company phones or use the corporate car to run errands run the risk of losing their jobs, according to a new survey released by The ePolicy Institute and the American Management Association (AMA).
More than 58 percent of the 304 companies surveyed said they'd fired workers for misusing company-provided e-mail accounts or improper use of the Internet on a company computer. A much smaller portion, 6 percent, said they had terminated an employee for inappropriate use of a company phone or voice mail. (more)
More than 58 percent of the 304 companies surveyed said they'd fired workers for misusing company-provided e-mail accounts or improper use of the Internet on a company computer. A much smaller portion, 6 percent, said they had terminated an employee for inappropriate use of a company phone or voice mail. (more)
Quote of the Week - Espionage in Grenada
"In the world of espionage and counter espionage, spying does not occur as an isolated and independent event. It is usually part of a series of increasingly aggressive measures that normally escalates into planting of evident against innocent persons, acts of sabotage and even to physical harm to innocent peoples," - Allie Gill, Senior Executive Member
Commenting on...
ST. GEORGE`S, Grenada, The main opposition political party in Grenada is demanding an independent investigation by Scotland Yard into the circumstances surrounding the alleged secret recording of an executive meeting by a member of the Royal Grenada Police Force.
Commenting on...
ST. GEORGE`S, Grenada, The main opposition political party in Grenada is demanding an independent investigation by Scotland Yard into the circumstances surrounding the alleged secret recording of an executive meeting by a member of the Royal Grenada Police Force.
Party officials apprehended Officer No# 77 Kellon Noel on Tuesday evening around 7 p.m. as he allegedly video and audio taped the meeting, which was being held at the party’s headquarters in St George’s.
Dressed in plain clothes, the officer who is attached to the Special Branch Unit, was apparently in an abandoned building adjacent to the NDC headquarters when party members say they noticed a flashing red light next to a window and rushed to investigate. They claim they found Noel with the recording equipment hastily exiting from the building. They surrounded, questioned and searched him, they said, and during the probe his police identification card was among the documents found in his pocket. (more) (more)
Using Your Mobile to Spy on Your Spouse
ALK Technologies, a New Jersey-based company selling software that turns cell phones and PDAs into satellite tracking devices, asked men and women if, given the chance, they would like to use mobile phones to spy on their partner’s comings and goings 24/7. Two times as many women as men polled—some 63% vs. 29%—said they would like to track the movements of their mates. Interestingly, only 44% of women and 41% of men wanted the roles to be reversed and to be tracked by the people they are spying on.
The survey showed that the younger they are, the more jealous people tend to be: Some 56% of 18- to 29-year olds said they would seize the opportunity to snoop, compared to 45% of people aged 41 to 50. People older than that are either more secure or don’t care anymore. Only one-fifth of people 51 to 60 wanted to know where their mates were at every moment. (more)
The survey showed that the younger they are, the more jealous people tend to be: Some 56% of 18- to 29-year olds said they would seize the opportunity to snoop, compared to 45% of people aged 41 to 50. People older than that are either more secure or don’t care anymore. Only one-fifth of people 51 to 60 wanted to know where their mates were at every moment. (more)
Hedge Fund vs. Hedge Fund - Spying, Stealing
NY - Elliott Associates has accused another hedge fund of spying and stealing proprietary trading technology.
The $10 billion New York-based hedge fund, run by Paul Singer, filed suit today against Cedar Hill Capital Partners alleging it of scheming to “literally steal the software in order to use it for its own trading activities,” branding the activity “nothing short of an overt act of corporate espionage.” (more)
The $10 billion New York-based hedge fund, run by Paul Singer, filed suit today against Cedar Hill Capital Partners alleging it of scheming to “literally steal the software in order to use it for its own trading activities,” branding the activity “nothing short of an overt act of corporate espionage.” (more)
In-house NSA
A rapid way to spot insider threats from individuals within an organization such as a multinational company or military installation is reported in the current issue of the International Journal of Security and Networks. The technology uses data mining techniques to scour email and build up a picture of social network interactions. The technology could prevent serious security breaches, sabotage, and even terrorist activity.
Gilbert Peterson and colleagues at the Air Force Institute of Technology at Wright Patterson AFB, in Ohio are developing technology that could help any organization sniff out insider threats by analyzing email activity or find individuals among potentially tens of thousands of employees with latent interests in sensitive topics. The same technology might also be used to spot individuals who feel alienated within the organization as well as unraveling any worrying changes in their social network interactions. (more)
Gilbert Peterson and colleagues at the Air Force Institute of Technology at Wright Patterson AFB, in Ohio are developing technology that could help any organization sniff out insider threats by analyzing email activity or find individuals among potentially tens of thousands of employees with latent interests in sensitive topics. The same technology might also be used to spot individuals who feel alienated within the organization as well as unraveling any worrying changes in their social network interactions. (more)
New Gadget Can Spy On Text Messages
Suspicious spouses can check out their husband or wife's deleted texts with a new gadget. The £76 ($149.00) device can get all the data off a mobile telephone's sim card - including messages and numbers that have been deleted. The information can then be transferred to a PC or laptop through a USB port. BrickHouse Security say it is ideal to "spy on your wife, husband, teens or colleague". (more)UPDATE (5/28/08)
(source)
Comments from secret sources who KNOW...
"Could not read any more information than I could with SIMCon or SIM Seizure. Save your money." - S.H.
"Interesting marketing strategy, but the statement on their website that "This is the only SIM Card reader in the world that can actually see the *deleted messages*" is completely false. It is certainly not the _only_ product. You can do the same thing with any SIM/smartcard reader and a copy of Smartcard Commander (manually) or many other SIM analysis packages do it automagically (such as SIM Analyzer Pro), and it will cost you less than half of what Brickhouse is charging for this product. Deleted SMS's are very very simple to recover, as only one byte of the SMS entry changes to mark it as "deleted." Recovery of SMS from the SIM will depend on whether the phone stores SMS (and the other data this product claims to recover) on the SIM card or on the phone itself. Not all GSM phones store SMS/phonebook/etc to the SIM, and it can be a user-defined option where to store the data. Also, a typical SIM card may only hold a maximum of 30 SMS messages." - P.K.
Sunday, March 2, 2008
Alert - The Wikileaks.org ruling affects you, too.
Quick review...(from Jan. 9, 2008)
"WikiLeaks.org is developing an uncensorable version of WikiPedia for untraceable mass document leaking and analysis."
Every coin has it light side and dark side.
The flip side of this coin is extortionography.
"What is Extortionography?"
Using audio / video / photographic or other evidence for personal or monetary gain, or to force a desired result or outcome.
"Do [insert demand here] or I will send [insert audio, video or other info-leak here] to WikiLeaks!"
------------------------
First blowback...
(from Feb. 20, 2008)
Recent days have brought two federal court decisions with disputed First Amendment legitimacy.
In San Francisco, District Judge Jeffrey White acceded to a request by a Cayman Islands bank to shut access to the Web site Wikileaks.org, which "invites people to post leaked materials with the goal of discouraging 'unethical behavior' by corporations and governments," as the New York Times reports.
In this case, the bank, Julius Baer Bank and Trust, accused "a disgruntled ex-employee" of giving stolen documents to Wikileaks in violation of banking laws and a confidentiality agreement. (more)
------------------------
This weeki...
Free speech advocates immediately hailed as a victory the decision on Friday of a federal judge to withdraw a prior order turning off the Web address of the site Wikileaks.org ...
“Maybe that’s just the reality of the world that we live in,” Judge White said. “When this genie gets out of the bottle, that’s it.” (more)
------------------------
"What does this mean to me?," you ask yourself.
- The court has given extortionography the green light for now.
- Don't assume your business information is protected from leakers.
- Reassess your information security procedures, today.
- The most damning leaks are always the audio and visual leaks.
- Conduct eavesdropping and spycam detection audits frequently.
Need help? Call us.
Saturday, March 1, 2008
Survey - More Women Hiring Private Investigators
Women are increasingly employing private investigators to check on their cheating husbands, a new survey of divorce lawyers shows today.
With extra-marital affairs the main reason for the break-up of marriage, more than two in three lawyers surveyed last year had at least one client who had used a private investigator to find out if their spouse was being unfaithful.
In two thirds of the cases it was women who were checking on husbands, the survey of 100 lawyers by Grant Thornton’s forensic and investigation services shows. (more)
Private investigators: no longer in the shadows
Once it was the murky world of dirty raincoats and skulking in shadows. But the private investigator is now fast becoming a standard aid to divorce.
Paul Hawkes, 49, has run his own firm, Research Associates, in West London, for 31 years. “Last year I had probably 100 to 200 cases involving checking on extra-marital affairs,” he said. “Ten years ago it would have been fewer 50.”
One reason for the change was that women in particular, who were the bulk of the clients, were now far more “pragmatic” and “not prepared to suffer in silence or sweep things under the bed. Now they want to know what is going on.” (more)
With extra-marital affairs the main reason for the break-up of marriage, more than two in three lawyers surveyed last year had at least one client who had used a private investigator to find out if their spouse was being unfaithful.
In two thirds of the cases it was women who were checking on husbands, the survey of 100 lawyers by Grant Thornton’s forensic and investigation services shows. (more)
Private investigators: no longer in the shadows
Once it was the murky world of dirty raincoats and skulking in shadows. But the private investigator is now fast becoming a standard aid to divorce.
Paul Hawkes, 49, has run his own firm, Research Associates, in West London, for 31 years. “Last year I had probably 100 to 200 cases involving checking on extra-marital affairs,” he said. “Ten years ago it would have been fewer 50.”
One reason for the change was that women in particular, who were the bulk of the clients, were now far more “pragmatic” and “not prepared to suffer in silence or sweep things under the bed. Now they want to know what is going on.” (more)
Friday, February 29, 2008
SpyCam Story #437 - Pinhole PIN Bandits
UK - Police investigating a bank card cloning scam at a petrol station found a small, drilled hole in the ceiling above a chip-and-pin machine.
It is thought the hole, at a BP garage in Lincoln, was used to conceal a covert camera to record the pin numbers of unsuspecting motorists.
Lincolnshire Police said on Friday they had received more than 200 reports of fraudulent transactions from people who filled up at the petrol station, on the A46 at Damons Roundabout.
Victims' cards were used as far away as India and Dubai in what the force said was a national scam, not unique to the county. (more)
It is thought the hole, at a BP garage in Lincoln, was used to conceal a covert camera to record the pin numbers of unsuspecting motorists.
Lincolnshire Police said on Friday they had received more than 200 reports of fraudulent transactions from people who filled up at the petrol station, on the A46 at Damons Roundabout.
Victims' cards were used as far away as India and Dubai in what the force said was a national scam, not unique to the county. (more)
Basic Email Security Tips
Chad Perrin at TechRepublic has some excellent tips...
There is a lot of information out there about securing your email. Much of it is advanced, and doesn’t apply to the typical end user. The following is a short list of some important security tips that apply to all email users...
1. Never allow an email client to fully render HTML or XHTML emails without careful thought.
2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve email. This means avoiding the use of Web based email services such as GMail, Hotmail, and Yahoo! Mail for email you wish to keep private for any reason.
3. It is always a good idea to ensure that your email authentication process is encrypted, even if the email itself is not. (lazy man's email encryption)
4. Digitally sign your emails. As long as you observe good security practices with email in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of email, but it is still a possibility. (What is a digital signature?)
5. If, for some reason, you absolutely positively must access an email account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.
Be aware of both your virtual and physical surroundings when communicating via email. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.
Your email security does not just affect you; it affects others, as well, if your email account is compromised. (full article with greater tip detail)
There is a lot of information out there about securing your email. Much of it is advanced, and doesn’t apply to the typical end user. The following is a short list of some important security tips that apply to all email users...
1. Never allow an email client to fully render HTML or XHTML emails without careful thought.
2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve email. This means avoiding the use of Web based email services such as GMail, Hotmail, and Yahoo! Mail for email you wish to keep private for any reason.
3. It is always a good idea to ensure that your email authentication process is encrypted, even if the email itself is not. (lazy man's email encryption)
4. Digitally sign your emails. As long as you observe good security practices with email in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of email, but it is still a possibility. (What is a digital signature?)
5. If, for some reason, you absolutely positively must access an email account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.
Be aware of both your virtual and physical surroundings when communicating via email. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.
Your email security does not just affect you; it affects others, as well, if your email account is compromised. (full article with greater tip detail)
Thursday, February 28, 2008
TSCM Technology - Keeping Pace
The tools of the trade change fast in the world of TSCM.
Blink, and you're sweep business is history.
Here are three examples of the latest tools...
Recently
Too many digital radio signals.
Some of them flash on/off, quickly. Some frequency hop, quickly. Some hide within other signals. This year, a new instrument came out of the R&D labs called RSA6114A . It never blinks. It catches it all.
NOW
Too many digital radio signals.
How can one identify them all? This week, a new instrument came out of the R&D labs called H600 RFhawk Signal Hunter. It knows all. It tells all... at a reasonable price.
The Future
Having Superman x-ray vision would be a big help in finding eavesdropping devices. A new instrument is in the R&D labs called LEXID. Handheld x-ray vision. Just point, and see!
TSCM challenges do not become easier with time. You can, however, count on us to keep pace and slightly ahead.
Blink, and you're sweep business is history.
Here are three examples of the latest tools...
Recently
Too many digital radio signals.
Some of them flash on/off, quickly. Some frequency hop, quickly. Some hide within other signals. This year, a new instrument came out of the R&D labs called RSA6114A . It never blinks. It catches it all.NOW
Too many digital radio signals.
How can one identify them all? This week, a new instrument came out of the R&D labs called H600 RFhawk Signal Hunter. It knows all. It tells all... at a reasonable price.
The Future
Having Superman x-ray vision would be a big help in finding eavesdropping devices. A new instrument is in the R&D labs called LEXID. Handheld x-ray vision. Just point, and see!
TSCM challenges do not become easier with time. You can, however, count on us to keep pace and slightly ahead.
Unsecured Wi-Fi Could Compromise Your Identity
CBS3.com - Special Report...
The wireless internet signal you rely on for convenience could be making things easier for internet intruders. Police said hackers could be using your computer to download illegal music, child porn, or even your bank information.
Using a simple can antenna from his car, George Sandford can burglarize homes from hundreds of yards away out in the open and without wearing a mask.
"You can open bank accounts. You get drivers licenses, you can get practically anything you want," Sandford said.
All by using relatively low tech equipment, just about anyone with knowledge can hack into computers using unsecured wireless internet or Wi-Fi signals of unsuspecting people...
"I can build a body of information about you, your back accounts," Sandford said.
Jamie Smith spoke to one unsuspecting resident, "We were able to get onto your internet just a few seconds ago," and Rebecca Hansen of Swarthmore responded, "No."
Rebecca is a client of Tech Guides Incorporated and George Sandford is far from a thief. He is actually Tech Guides' security expert. He sat down and showed Rebecca how to secure her Wi-Fi something everyone should do.
"Not securing your wireless networking is pretty much putting a sign on your house saying 'Hey, we're open,'" Sanford said. Only about half of homes with Wi-Fi are locked. If you don't your computer's connection could be slowed down by others accidentally using your Wi-Fi. (complete story with video)
• Directions for securing your Wi-Fi
The wireless internet signal you rely on for convenience could be making things easier for internet intruders. Police said hackers could be using your computer to download illegal music, child porn, or even your bank information.
Using a simple can antenna from his car, George Sandford can burglarize homes from hundreds of yards away out in the open and without wearing a mask.
"You can open bank accounts. You get drivers licenses, you can get practically anything you want," Sandford said.
All by using relatively low tech equipment, just about anyone with knowledge can hack into computers using unsecured wireless internet or Wi-Fi signals of unsuspecting people...
"I can build a body of information about you, your back accounts," Sandford said.
Jamie Smith spoke to one unsuspecting resident, "We were able to get onto your internet just a few seconds ago," and Rebecca Hansen of Swarthmore responded, "No."
Rebecca is a client of Tech Guides Incorporated and George Sandford is far from a thief. He is actually Tech Guides' security expert. He sat down and showed Rebecca how to secure her Wi-Fi something everyone should do.
"Not securing your wireless networking is pretty much putting a sign on your house saying 'Hey, we're open,'" Sanford said. Only about half of homes with Wi-Fi are locked. If you don't your computer's connection could be slowed down by others accidentally using your Wi-Fi. (complete story with video)
• Directions for securing your Wi-Fi
Global Info Survey - CIO's Get Smart
A growing number of organizations recognize information security can provide more than just protection of corporate assets, with the delivery of IT and operational efficiencies and improving overall business performance emerging as critical objectives. That is the word from Ernst & Young's 10th annual global information security survey. The survey canvassed nearly 1,300 senior executives in more than 50 countries. (more)
Subscribe to:
Posts (Atom)