Researchers and students of the Digital Security group of the Radboud University Nijmegen have discovered a serious security flaw in a widely used type of contactless smartcard, also called RFID tag. It concerns the "Mifare Classic" RFID card produced by NXP (formerly Philips Semiconductors). Earlier, German researchers Karsten Nohl en Henryk Plötz pointed out security weaknesses of this cards. Worldwide around 1 billion of these cards have been sold.
This type of card is used for the Dutch 'ov-chipkaart' [the RFID card for public transport throughout the Netherlands] and public transport systems in other countries (for instance the subway in London and Hong Kong). Mifare cards are also widely used as company cards to control access to buildings and facilities. All this means that the flaw has a broad impact. Because some cards can be cloned, it is in principle possible to access buildings and facilities with a stolen identity. This has been demonstrated on an actual system. (more)
Thursday, March 13, 2008
"I reprogrammed a car fob, Mr. Cheney. Now I control you."
by Chris Soghoian...
A team of respected security researchers known for their work hacking RFID radio chips have turned their attention to pacemakers and implantable cardiac defibrillators.
The researchers will present their paper, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," during the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy, one of the most prestigious conferences for the computer security field...
By reading between the lines (millions of remotely implanted medical devices, able to administer electrical shocks to the heart, can be controlled remotely from distances up to 5 feet, designed by people who know nothing about security), it is easy to predict the gigantic media storm that this paper will cause when the full details (and a YouTube video of a demo, no doubt) are made public. (more)
A team of respected security researchers known for their work hacking RFID radio chips have turned their attention to pacemakers and implantable cardiac defibrillators.
The researchers will present their paper, "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses," during the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy, one of the most prestigious conferences for the computer security field...
By reading between the lines (millions of remotely implanted medical devices, able to administer electrical shocks to the heart, can be controlled remotely from distances up to 5 feet, designed by people who know nothing about security), it is easy to predict the gigantic media storm that this paper will cause when the full details (and a YouTube video of a demo, no doubt) are made public. (more)
Security and Spying With Nanotechnology as Tiny Spy Dust Chips Track Your Movements
Nox Defense has released an invisible perimeter defense technology, which combines high-resolution video pictures and radio frequency identification (RFID) tags, sometimes referred to as "spy chips", to track assets and people in real time. The system allows security officers to see a theft or intrusion as it happens, and track a stolen object even if concealed inside a briefcase, under a jacket, or stuffed inside a sock. The FBI is among early adopters of the Nox Intelligent Perimeter Defense system, though has not released details how it will use the system. (more)
"Let's see you tap your way out of this, honey."
Wiretap agent sued for bigamy...
Philippines - A military agent who claimed taping the conversations of President Arroyo and a former poll official in 2004 is facing a bigamy suit in a Quezon City court.
Arlene Sernal filed a complaint against her husband Vidal Doble, a former technical sergeant in the Intelligence Service of the Armed Forces of the Philippines before the sala of Regional Trial Court Judge Rosa Samson Tatad of Branch 105. (more)
Philippines - A military agent who claimed taping the conversations of President Arroyo and a former poll official in 2004 is facing a bigamy suit in a Quezon City court.
Arlene Sernal filed a complaint against her husband Vidal Doble, a former technical sergeant in the Intelligence Service of the Armed Forces of the Philippines before the sala of Regional Trial Court Judge Rosa Samson Tatad of Branch 105. (more)
Private Investigator Brags About His Bugging
Australia - A Melbourne-based veteran investigator, an old-fashioned human bloodhound who formerly ran the security for one of the local airlines, tells The Sunday Age: "If I wanted to bug your office, you could send 10,000 [de-]buggers in there and they'd never find out. Not unless the bug is live (activated). Otherwise you'd have to physically tear an office or boardroom apart to find it. A smart cookie will be listening across the road … and via a 10-cent capacitor can remotely deactivate the bug until there's something worth listening to." This old-time operator is a $500-a-day man. "Plus expenses." No matter that there may be millions at stake, that's his price.
"I'm cheap," he says. (more) He is also [your thought here].
Tuesday, March 11, 2008
from EnergyBiz Magazine...
"Corporate espionage is big business. According to the FBI, such theft costs all U.S. companies between $24 billion and $100 billion annually. Interestingly, only about 20 percent of those losses are tied to cyber threats while the majority of them are associated with low-tech schemes such as unlawfully entering open offices." (more)
Eavesdropping, and low-tech espionage tricks, precede cyber-threats. They are also the easiest to spot. Discover the eavesdropping and espionage attacks and the cyber-threats die of starvation. The security secret... You have to look, to discover – on a regular basis. Start your schedule of detection audits, today.
"Corporate espionage is big business. According to the FBI, such theft costs all U.S. companies between $24 billion and $100 billion annually. Interestingly, only about 20 percent of those losses are tied to cyber threats while the majority of them are associated with low-tech schemes such as unlawfully entering open offices." (more)
Eavesdropping, and low-tech espionage tricks, precede cyber-threats. They are also the easiest to spot. Discover the eavesdropping and espionage attacks and the cyber-threats die of starvation. The security secret... You have to look, to discover – on a regular basis. Start your schedule of detection audits, today.
School Board Sued for Eavesdropping on Attorney
Attorney Susan Burgess of Brockport is suing the district, the Board of Education and Kevin Ratcliffe, director of Pupil Services, for alleged eavesdropping on a private legal conversation she had Aug. 4, 2006, at a district office with her client, Carmen Coleman of Fairport, regarding Coleman’s son’s educational needs.
The suit further alleges that district officials listened in on the conversation in retaliation for Coleman’s pursuing her son’s legal rights and to gain an advantage in the negotiations. (more)
The suit further alleges that district officials listened in on the conversation in retaliation for Coleman’s pursuing her son’s legal rights and to gain an advantage in the negotiations. (more)
What in the World???
Every minute disaster strikes somewhere in the world.
These sites keep track of it all...
GlobalIncidentMap.com
Havari Information Service - AlertMap
Incident1.com
USDA Active Fire Map
Illegal Alien Activity Tracking System
PetFlight Airport Incident Map
Real-Time Earthquate Map
World Disasters
Disaster Resource Network
These sites keep track of it all...
GlobalIncidentMap.com
Havari Information Service - AlertMap
Incident1.com
USDA Active Fire Map
Illegal Alien Activity Tracking System
PetFlight Airport Incident Map
Real-Time Earthquate Map
World Disasters
Disaster Resource Network
PATS 'SPY' READY TO ROLL TAPE
The former New England Patriots employee who supposedly has tapes of illegal spying by the team may be ready to give them up. (more)
Cracking GSM encryption just got easier
by Michael Kassner...
For all intents and purposes most everyone including the GSMA—an organization representing most of the mobile phone operators—considered and still considers GSM very secure. In reality A5/1, the technology used to encrypt GSM communications has been vulnerable for at least a decade. The sense of security seems to be based on the fact that the original attack venues require a great deal of computing power, time, and therefore money to accomplish the crack. So an organization would have to be particularly motivated to even want to crack GSM traffic. Care to guess who has enough motivation?
It appears that researchers David Hulton and Steve Miller have recently developed techniques to greatly reduce the time and required computing power needed to crack A5/1 encryption. The two researchers have even patented their work personally. The efficient modifications of the original crack open all sorts of doors making it easier for both black and white hat types to decode GSM conversations. (more)
For all intents and purposes most everyone including the GSMA—an organization representing most of the mobile phone operators—considered and still considers GSM very secure. In reality A5/1, the technology used to encrypt GSM communications has been vulnerable for at least a decade. The sense of security seems to be based on the fact that the original attack venues require a great deal of computing power, time, and therefore money to accomplish the crack. So an organization would have to be particularly motivated to even want to crack GSM traffic. Care to guess who has enough motivation?
It appears that researchers David Hulton and Steve Miller have recently developed techniques to greatly reduce the time and required computing power needed to crack A5/1 encryption. The two researchers have even patented their work personally. The efficient modifications of the original crack open all sorts of doors making it easier for both black and white hat types to decode GSM conversations. (more)
The following is a public service announcement...
...ABOUT SHINE A LIGHTOn April 4, 2008, an Academy Award®-winning filmmaker and the world's greatest rock n' roll band will unite to bring audiences the year's most extraordinary musical film event, "Shine a Light," to theaters everywhere.
Martin Scorsese's concert documentary "Shine a Light" will show the world the Rolling Stones as they've never been seen before. Filming at the famed Beacon Theatre in New York City in fall 2006, Scorsese assembled a legendary team of cinematographers to capture the raw energy of the legendary band. (more) (review)
Monday, March 10, 2008
More Sports Spying History
According to a report in the New York Daily News, the New York Jets were aware of New England Patriots head coach Bill Belichick's videotaping shenanigans as far back as 2004.
Sources told the Daily News that Herm Edwards, then the Jets head coach, and his defensive coordinator Donnie Henderson not only noticed a camera aimed at them from the opposite sideline during a game between the Jets and Patriots, but they waved at it. (Does this constitute consent?)
The News' report also said the videotape was apparently one of six tapes Belichick turned over to the league that were subsequently destroyed by the order of NFL commissioner Roger Goodell. (more)
But spying has always existed in football and other professional sports. A marvelous book, "The Echoing Green
," documents how the 1951 New York Giants utilized a telescope to steal opposing catchers' signs — and relay them to the batters.
Papa Bear George Halas, it has been claimed, paid young men to listen to and film other teams' practices. The old Kansas City Chiefs were accused of being the worst spying offenders — by Al Davis, who was accused of bugging AFL teams' locker rooms. The Broncos purportedly had two spies a long time ago at a San Diego workout, writing plays on the inside of paper cups.
A former NFL coach told me at the recent Super Bowl in Arizona that his team cheated regularly. "We did everything you can imagine to get information on
the teams we were playing. The more technology, the easier you can get stuff. It's common in the league," he said.
Belichick was caught.
Now, Congress is involved. (more)
"The weed of crime bears bitter fruit..."
Sources told the Daily News that Herm Edwards, then the Jets head coach, and his defensive coordinator Donnie Henderson not only noticed a camera aimed at them from the opposite sideline during a game between the Jets and Patriots, but they waved at it. (Does this constitute consent?)
The News' report also said the videotape was apparently one of six tapes Belichick turned over to the league that were subsequently destroyed by the order of NFL commissioner Roger Goodell. (more)
But spying has always existed in football and other professional sports. A marvelous book, "The Echoing Green
," documents how the 1951 New York Giants utilized a telescope to steal opposing catchers' signs — and relay them to the batters.Papa Bear George Halas, it has been claimed, paid young men to listen to and film other teams' practices. The old Kansas City Chiefs were accused of being the worst spying offenders — by Al Davis, who was accused of bugging AFL teams' locker rooms. The Broncos purportedly had two spies a long time ago at a San Diego workout, writing plays on the inside of paper cups.
A former NFL coach told me at the recent Super Bowl in Arizona that his team cheated regularly. "We did everything you can imagine to get information on
the teams we were playing. The more technology, the easier you can get stuff. It's common in the league," he said.Belichick was caught.
Now, Congress is involved. (more)
"The weed of crime bears bitter fruit..."
Sunday, March 9, 2008
Inside the Shady World of Spy Gadgets
by Mike Elgan...
The online catalogs have names like Spy World, Spy Source and even Spy Zilla. The wonderful and disturbing new world of spy gadgets offers obscure, often expensive devices -- available in most cases to anyone with a credit card.
Most spy gadgets should be and could be used for legal and ethical purposes -- but you know they probably won't be.
Hidden cameras, secret microphones, GPS tracking devices, telephone voice changers, camera and microphone detectors, computer and cell phone snooping devices, cell phone and Wi-Fi "jammers" -- spy gadgets are sold vaguely and euphemistically as "security" or "surveillance" products. But you can bet they're popular with perverts, snooping bosses, suspicious spouses, cheaters, blackmailers, criminals and terrorists.
Nobody monitors who buys this stuff or what they use it for... (much more)
Smart businesses regularly conduct eavesdropping detection inspections. If you're not looking, you're not finding. Call us.
The online catalogs have names like Spy World, Spy Source and even Spy Zilla. The wonderful and disturbing new world of spy gadgets offers obscure, often expensive devices -- available in most cases to anyone with a credit card.
Most spy gadgets should be and could be used for legal and ethical purposes -- but you know they probably won't be.
Hidden cameras, secret microphones, GPS tracking devices, telephone voice changers, camera and microphone detectors, computer and cell phone snooping devices, cell phone and Wi-Fi "jammers" -- spy gadgets are sold vaguely and euphemistically as "security" or "surveillance" products. But you can bet they're popular with perverts, snooping bosses, suspicious spouses, cheaters, blackmailers, criminals and terrorists.
Nobody monitors who buys this stuff or what they use it for... (much more)
Smart businesses regularly conduct eavesdropping detection inspections. If you're not looking, you're not finding. Call us.
"All right, who said, 'They're higher than a kite'?!?"
from switched.com...The Defense Advanced Research Projects Agency (DARPA) will award contracts to design and build an unmanned spy plane they've dreamed up that will stay aloft for for an amazing five years. The pseudo satellite will circle the globe for years at between 60,000 and 90,000 feet, gathering photos, communications, and generally watching everything you do. (more)
Computer Bug Gets Upgrade
from the seller's website...
New for 2008! eBlaster 6.0
eBlaster has been the standard in remote monitoring software for parents and employers for almost a decade. It's time for a real innovative change, and we have some very exciting news.
Blaster 6.0 is now available, and we have added features we believe you're really going to like. Now, you have the ability to change options and settings remotely without having to return to the computer on which eBlaster is installed.
What Else is New in eBlaster 6.0?
NEW! Block Web Sites
-- Block inappropriate web sites by name immediately...
NEW! Block Chat/IM Contacts
-- Block all chat and instant messaging with specific people...
NEW! Online Searches
-- records searches made on Google, AOL, MSN, and Yahoo...
NEW! Screen Snapshots with Keyword Alerts
-- Now you can actually see EXACTLY what they saw...
NEW! MySpace Activity
-- All activity on the popular but potentially dangerous MySpace site...
When was the last time you checked your computer for spyware?
eBlaster detection.
New for 2008! eBlaster 6.0
eBlaster has been the standard in remote monitoring software for parents and employers for almost a decade. It's time for a real innovative change, and we have some very exciting news.
Blaster 6.0 is now available, and we have added features we believe you're really going to like. Now, you have the ability to change options and settings remotely without having to return to the computer on which eBlaster is installed.
What Else is New in eBlaster 6.0?
NEW! Block Web Sites
-- Block inappropriate web sites by name immediately...
NEW! Block Chat/IM Contacts
-- Block all chat and instant messaging with specific people...
NEW! Online Searches
-- records searches made on Google, AOL, MSN, and Yahoo...
NEW! Screen Snapshots with Keyword Alerts
-- Now you can actually see EXACTLY what they saw...
NEW! MySpace Activity
-- All activity on the popular but potentially dangerous MySpace site...
When was the last time you checked your computer for spyware?
eBlaster detection.
Subscribe to:
Posts (Atom)