Sunday, July 20, 2008

Quote of the Week

"No matter which side of the wiretapping issue you stand on it is clear that the only way to conquer terrorism is to address the hopelessness and hatred at the root of it."
From a statement is issued by Remo, Inc.,
Remo D. Belli, CEO and Founder (more)

"And now for something completely different..."

UK - More than 100 USB memory sticks, some containing secret information, have been lost or stolen from the Ministry of Defence since 2004, it has emerged.

The department also admitted that more than 650 laptops had been stolen over the past four years - nearly double the figure previously claimed.

The Mod said it has no idea on when, where and how the memory sticks were lost.

The official total is now 658 laptops stolen, with another 89 lost. Just 32 have been recovered. (more)
Solution 1
Solution 2

Cell Phone Warning from India

Any smart phone - including Blackberry, Windows Mobile, iPhone and Symbian phones - can be hacked by a nerd with a little bit of code and some cunning.

And they don't stop at data and identity theft alone. Nor are they content with unleashing viruses on the operating system of your mobile. (Even Bluetooth makes your phone a potential target here.)

New Age mischief makers have learnt how to bug your phone and remote-control it. They can steal your bank information, send out a mischievous SMS to your girlfriend (who might just dump you!), copy your top-secret files or simply spy on every call/SMS you make from your phone. In fact, they can even 'modify' your SMSes before these are sent out to your contacts - and you wouldn't even know it.


That's not all. Hackers can also use your phone to spy on you by switching it on. They can activate the camera and eavesdrop on your discussions during a business meeting, or while you are secretly negotiating a lucrative job offer with a rival company. What's more, they can even do an audio/video recording by sending an SMS command...

So what should a user do? A few simple steps could go a long way. Adopt a multi-layered security approach. Protect mobile devices with antivirus, firewall, anti-SMS spam, and data encryption technologies and install regular security updates to protect phones from viruses and other malware. And yes, don't click blindly on any SMS, for someone may just be spying on you on the sly. (more)

Employee Instant Messaging Ban

Nearly three-quarters of U.K. businesses have banned the use of instant messaging (IM) citing security concerns, reports IM supplier ProcessOne.

The research noted that 88% of IT directors were concerned about the security risks created by employees using Windows Live Messenger, Yahoo Messenger and other IM services, with 56% citing the loss of sensitive business information as a primary concern. (more)
This ban - also being seen in US companies - is easy to enforce on corporate-owned networks. But, what about IM via personal cellular and laptop devices? Enforcement may seem impossible if the employee can snag a WiFi signal from a nearby coffee shop, hotel or unsecured appearance point.

If controlling unauthorized employee communications is an issue you are trying to solve, call me for the solution.

Saturday, July 19, 2008

Security Director Alert - Track Missing Laptops

...for FREE!
A security friend at [a very large] Corporation contacted me this week about laptop losses. His company experienced "a dramatic increase in the past year" - primarily when employees traveled on business.

He was studying the problem. Was this just street crime, or was his company being targeted for industrial espionage reasons?

I pointed him to pertinent Security Scrapbook articles. The trend is clear, but what about a simple solution?

Here it is (assuming you have already done encryption and employee awareness training)...

Researchers at the University of Washington and the University of California, San Diego, have launched a new laptop tracking service, called Adeona that is free and private.

Here's how it works: A user downloads the free client software onto a laptop. That software then starts anonymously sending encrypted notes about the computer's whereabouts to servers on the Internet. If the laptop ever goes missing, the user downloads another program, enters a username and password, and then picks up this information from the servers, specifically a free storage service that has been around for several years, called OpenDHT.

The Mac version of Adeona even uses a freeware program called isightcapture to take a snapshot of whomever is using the computer. (more)

Security Oddballs - Airplane Trap Door and More

Some security inventions are truly useful and will undoubtedly save lives, whereas others are so bizarre that one wonders how in the world they got patented. This list is about the latter...
Behold the Top 10 Strangest Anti-Terrorism Patents! (more)

The New Jersey Ninja
Officials in Barnegat briefly locked down five schools in the township Wednesday because... a librarian said a man dressed as a ninja, carrying a large sword, was running through the woods... the man (a camp counselor) wearing a karate gi, was carrying a plastic sword and was attending a party at a local middle school. (more)

"Don't have a karate gi?
How about a nice tie?"

The Walking Timebomb Tie
"This is our first in a series of 'Concealed Weapons' neckties. They are each double printed - a more subtle graphic is on the front only giving a slight clue to a more "loaded" graphic hidden on the back. The second image is concealed on the reverse until the wearer pulls it out for show and tell - or keeps it a secret to his/her self." (more)

George Carlin on Airport Security (Not safe for work.)

Unbreakable Fighting Umbrella Splits Watermelons, Defends Presidents
The entourage of the Philippine president, Gloria Macapagal-Arroyo, has an unusual secret weapon. Her security team defends the head of the government with umbrellas. Not ordinary umbrellas, but unbreakable fighting umbrellas. Watch the video to see the combat-brolly in action, and marvel as Thomas Kurz ("the world's foremost expert on flexibility training") viciously splits a watermelon in two. (more) (more)

FutureWatch - Coming to a cubicle near you.

Spy News (with Devil Ring Security Alert)

You Could Be An International Spy ...and not know it!
J. Reece Roth, an electrical engineering professor at the University of Tennessee, passed along a research paper to Sirous Nourgostar, a graduate student from Iran working under his supervision. It contained details on refined plasma actuator technology, which uses ionized gas to improve aircraft control. Roth was doing research on flight performance for a U.S. Air Force contractor and had relied on the assistance of Nourgostar and of Xin Dai, a Chinese national also studying under him... bad idea.

Roth, who pleaded not guilty, got entangled in a little-known area of export law that is alarming big business and scientific researchers. It covers transfers of controlled technological information to foreigners on U.S. soil. The transfers are considered exports because they are "deemed" to be going to the country where the recipient is a citizen. (more)


Want to Be A Spy ...and know it!
Britain's secret spy agency, home to the very white and very male 007, is hunting for women and minorities to tackle global terrorism. More than 20,000 people have applied since MI6 began its open recruiting campaign about a year ago... (more)


Spying Has Its Down Side ...know it!
A former Hewlett-Packard Co. vice president faces up to 10 years in federal prison after pleading guilty to stealing trade secrets from his former employer, IBM. (more)

A federal judge sentenced a former Pentagon analyst to 57 months in prison for his role in providing China with classified defense information. (more)

A French journalist was charged with revealing manufacturing secrets after a car magazine published photos of a Renault model three years before it was to be rolled out in dealer showrooms... Renault filed suit for industrial espionage in July last year after photographs of its latest-generation Megane, a small family model and one of Europe's most popular cars, ran in Auto Plus. (more)

Still Wanna Be A Spy? ...no!
"Ok, you're free to go."
...yes!
Then you will probably want a "Ring of the devil" in your kit.
"There has been quite some speculation about this video (YouTube) of a magnetic ring that is used to open some models of Uhlmann & Zacher lock. Now, it is confirmed by the company itself the trick works." (more)

Monday, July 14, 2008

Industrial Espionage - Russia vs. United Kingdom

The British Foreign Office confirmed on Friday that Russia has accused the British Embassy's top trade official in Moscow of espionage.

On Thursday, Russia's Interfax news agency reported that the head of the British Embassy's trade and investment sector, Christopher Bowers, was believed to be a senior British intelligence officer.


The British Foreign Office has confirmed that the accused diplomat was the acting head of the embassy's trade and investment section. (more)

Industrial Espionage - Saab AB

A Swedish court has remanded a 48-year-old man suspected of industrial espionage against Swedish space and defense company Saab AB.

Swedish news agency TT says the suspect is being detained on suspicion of industrial espionage, unauthorized trade with secret information, and attempted extortion. (more)

Saturday, July 12, 2008

The Ultimate in Secure Business Meetings

Historic caves
thwart all eavesdroppers!





About 1000 feet into the white-walled chalk caves is a 40-foot diameter meeting room. Notables who have held their secret meetings here included Benjamin Franklin, Sir Francis Dashwood and their celebrity friends from the 1700's.

They required privacy for their 'Hellfire Club' meetings (rumored to be orgies). These days, corporate privacy needs are based on risk more than risqué.

Located just outside of London, the caves are available for corporate functions and parties.
Capacity...
Receptions: 120 people
Buffet: 100 people
Dinner: 50 people

Whiterock Defence, an international provider of information security services located near The Hellfire Caves, can help you secure this facility for a most memorable meeting. Contact Crispin Sturrock at +44 (0) 1494 538 222, or via email contact@whiterockdefence.com for complete details.

This past week, I visited The Caves for the second time.
You won't be disappointed. ~ Kevin

Friday, July 11, 2008

Did You Know... Court Approves Airport Laptop Searches - No Probable Cause Needed

All of the contents on a laptop can now be searched without wrongdoing or suspicion from U.S. Customs agents according to a recent federal appeals court ruling (PDF).
Expect the same level of privacy when visiting other countries as well.

(more)

Now, what are you going to do about it?
Here are some ideas and products to help you...
• Have a travel laptop. No data on the hard drive.
• Keep only necessary data on a secure USB stick.
• If you must keep sensitive data on your drive, encrypt it...
-- TrueCrypt 6.0 - The latest version of the free drive-encryption tool can shield sensitive data from prying eyes at home and abroad. Bonus - There is no way to prove that a hidden encrypted volume even exists on your drive unless you volunteer that information. TrueCrypt 6.0a is available now for Windows, Mac OS X, and Linux systems, including Windows Vista. (review)

A World Guide to Legal Interception

Need to know if "they" can legally...
bug, tap, or sap your text messages and email?
Check out this new guide to interception laws worldwide.
30+ countries covered.

THE READY GUIDE TO INTERCEPT LEGISLATION 2

Executive Alert - Your Trip to China

from Forbes Magazine...
When traveling to China for the Olympics this summer, leave any expectation of privacy at the border. Instead, prepare for possible eavesdropping and surveillance--from listening devices in hotel rooms to bugged laptops and personal digital assistants to informers posing as friendly strangers.


Those who laugh at the seeming paranoia would be wise to remember that the U.S. recently accused Chinese authorities of allegedly copying data from the laptop of a visiting trade official last year and attempting to hack into the Commerce Department. The Chinese denied the allegations.

The U.S. Department of State advises tourists not to expect privacy in public or private locations, particularly in hotels, but a spokesman declined to comment further.

Wang Baodong, a spokesman for the Chinese embassy in Washington, D.C., was almost as tight-lipped. He declined to address specific allegations of spying on foreigners at the Olympics.

"No special security measures will be arranged beyond universally adopted international practice at public venues, hotels and offices in China," he says. "Privacy in China will be guaranteed according to the law."

But security experts say that Chinese law has few protections for individual privacy...

Bruce McIndoe, president of the security consulting company iJet, routinely warns his corporate clients about threats to their electronic security.

"What business people need to be aware of," he says, "is that the Chinese are very clear about who is coming into the country. You could be a senior level executive or a scientist and they will target you for surveillance."
(more)
How To Safeguard Your Privacy In Beijing - the short list.

Wednesday, July 2, 2008

Did You Know #172 - Credit Card Standards

If you have anything to do with credit cards,
you need to know this...


"Credit card companies want you to charge it
and they know that concerns about identity theft might possibly slow down your card use — so it is in their best interests to make sure that a solid security standard is in place to protect you. The standard has turned into a requirement for everyone who takes a credit card and that turns out to be literally millions of grocers, retailers, online retail outlets, government agencies, convenience stores, utilities — almost everyone. So the PCI-DSS standard may be the most widely applied information (data) security standard in the world.

With such a widespread and critical standard, there is confusion about how to meet the standard because just doing a self-assessment isn’t enoughyou are also required to do penetration tests on your systems that handle and transmit this electronic customer information and ATTEST that you use the standard in your information systems.

This includes having strong firewalls that protect cardholder data and making sure to remove the generic vendor-supplied passwords; using good storage devices for sensitive customer information and encrypting data that flows over your network. In addition, the card manager has to use anti-virus software, and also build secure systems. Once proper controls are in place, these controls need to be monitored and tested..."
Which leads us to the author of this piece.
Get to know her.

Caroline R. Hamilton is the Founder of RiskWatch, Inc. She offers twelve specialized risk assessment software programs which are used by thousands of her clients all over the world and in virtually every type of security assessment, gap analysis, and compliance assessment.

Murray Associates can assist you with the technical end of
Wireless LAN compliance for PCI-DSS and...
• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
• Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking