Meru Networks announced RF Barrier, the next salvo in the industry's on-going battle against piggybackers and hackers who access networks from parking lots or other areas within range of a corporate WLAN’s signal. Unlike counter-measures that use encryption to scramble sensitive data, RF Barrier fights fire with fire by transmitting over Wi-Fi signals that would otherwise propagate farther than intended.
"Wireless security has largely been about applying wired techniques [like encryption and IPS]," said Joe Epstein, Meru's senior director of technology. "But most really damaging attacks have taken advantage of wireless signal bleed into areas like parking lots. Those [passive eavesdropping attacks] are the worst because they cannot be detected electronically. This is where RF Barrier comes in, to stop signals from reaching perimeter attackers." (more)
How RF Barrier Works
from their press release...
"RF Barrier (patent pending) is installed by mounting a Meru Networks wireless access point along the inside perimeter of a building, and an advanced external antenna outside the perimeter. RF Barrier technology inspects the traffic in real time to determine which part belongs to the WLAN (and is therefore designated as sensitive) and uses the external antenna to block outbound traffic at the RF layer. Would-be attackers are limited in their ability to see useful packet information about the internal network.
Because RF Barrier uses directional antennas and selective enforcement technology, it has no impact on signals within the building or from other networks. Internal clients connect normally, with enterprise access points serving them at full speed. RF Barrier can be turned on and off as needed, giving enterprises the flexibility to allow access at certain times of day while restricting it at others." In short, it drowns out the real signal."
The fine print... "Available beginning in September 2008 for networks using any Meru 802.11a/b/g access points."
Monday, July 28, 2008
Eavesdropping on Skype, "...not a problem..."
There’s growing speculation coming out of Europe that there’s a backdoor in Skype that allows remote eavesdropping of telephone conversations.
A report in the reputable Heise Online says the issue was discussed at a meeting with ISPs last month where high-ranking officials at the Austrian interior ministry claims “it is not a problem for them to listen in on Skype conversations.”
The report said a number of others at the meeting confirmed that claim. (more)
The public believes Skype phone calls are encrypted; eavesdropping is not possible. This may yet be true. But, what if there is a back door? Why would a government official admit it? The bigger story here may be this is a serious intelligence leak, or an intelligence red herring. Stay tuned.
In the meantime, a little history...
Oct 15, 2003 - (See FutureWatch heading)
June 9, 2008 - Expect negative 'feedback' from FBI
A report in the reputable Heise Online says the issue was discussed at a meeting with ISPs last month where high-ranking officials at the Austrian interior ministry claims “it is not a problem for them to listen in on Skype conversations.”
The report said a number of others at the meeting confirmed that claim. (more)
The public believes Skype phone calls are encrypted; eavesdropping is not possible. This may yet be true. But, what if there is a back door? Why would a government official admit it? The bigger story here may be this is a serious intelligence leak, or an intelligence red herring. Stay tuned.
In the meantime, a little history...
Oct 15, 2003 - (See FutureWatch heading)
June 9, 2008 - Expect negative 'feedback' from FBI
Saturday, July 26, 2008
Grade "A" Hack Attack with VoIP Crack
GA - A college student was behind bars Friday night, accused of stealing his professor's identity to change his grades. Police called 19-year-old Christopher Fowler a computer hacker.
Investigators said the student also, "Hacked into their Voice/Internet Protocol system where it uses internet to make phone calls and intercepted phone conversations."
Fowler could get five years for an unlawful eavesdropping charge. (more) (video)
Investigators said the student also, "Hacked into their Voice/Internet Protocol system where it uses internet to make phone calls and intercepted phone conversations."
Fowler could get five years for an unlawful eavesdropping charge. (more) (video)
Labels:
amateur,
computer,
eavesdropping,
Hack,
lawsuit,
password,
VoIP,
wiretapping
Friday, July 25, 2008
Crypt Your Stick - USB Vaults to Go
Remember?
• Nato Secrets USB Stick Lost
• Airport Laptop Searches - No Probable Cause Needed
• Lax USB stick security causing havoc
• More than 100 USB memory sticks lost admits Ministry of Defence
Don't want to be next?
Get a cryptstick.
There is no excuse not to.
Many models to choose from...
• Ironkey
• Kingston DataTraveler Secure
• Kingston DataTraveler Secure - Privacy Edition
• Kingston DataTraveler Vault
• Kingston DataTraveler Vault - Privacy Edition
• Kingston DataTraveler BlackBox (government version)
• SanDisk Cruzer® Titanium Plus
• SanDisk Cruzer® Professional
• SanDisk Cruzer® Enterprise FIPS Edition
• SanDisk CMC (Central Management and Control) for IT Departments
• Nato Secrets USB Stick Lost
• Airport Laptop Searches - No Probable Cause Needed
• Lax USB stick security causing havoc
• More than 100 USB memory sticks lost admits Ministry of Defence
Don't want to be next?
Get a cryptstick.
There is no excuse not to.
Many models to choose from...
• Ironkey
• Kingston DataTraveler Secure
• Kingston DataTraveler Secure - Privacy Edition
• Kingston DataTraveler Vault
• Kingston DataTraveler Vault - Privacy Edition
• Kingston DataTraveler BlackBox (government version)
• SanDisk Cruzer® Titanium Plus
• SanDisk Cruzer® Professional
• SanDisk Cruzer® Enterprise FIPS Edition
• SanDisk CMC (Central Management and Control) for IT Departments
Labels:
advice,
business,
cautionary tale,
computer,
data,
encryption,
password,
privacy,
product,
USB
Spy vs. Spy Display at State Department
Spy technology is now on display now in the lobby of the State Department Annex at 1400 Wilson Blvd. in Rosslyn, Va.
“Listening In: Electronic Eavesdropping in the Cold War Era” is an exhibit that pulls together spy technology circa 1955 through 1985. Produced by the Countermeasures Directorate’s Office of Security Technology in the Bureau of Diplomatic Security, the show displays a large array of Cold War era surveillance technology, including wired microphones and radio transmitters.
The U.S. Embassy in Moscow seems like it was one big recording booth in the 1960s. One photo shows Ambassador Henry Cabot Lodge Jr. in 1960 holding a listening device that had been discovered inside a large wooden carving of the Great Seal of the United States, a gift from the Soviet Union in 1945. Hidden magnetic microphones were especially popular in U.S. embassies in Eastern Europe. These were small microphones attached to long wooden tubes that could be deeply recessed into embassy walls.
Even Cold War era typewriters had countersurveillance mechanisms built into them. Included in the exhibit is an IBM Selectric typewriter. It coupled a motor to a mechanical assembly, so pressing different keys caused the motor to draw different amounts of current that were specific for each key. Close measurements of the current could reveal what was being typed on the machine. To prevent these measurements, State Selectric typewriters were equipped with “inertia” motors connected to a large flywheel. The spinning flywheel absorbed the stress of the mechanical assembly and masked the keys being typed. (more)
For more on the exhibit, click here.
“Listening In: Electronic Eavesdropping in the Cold War Era” is an exhibit that pulls together spy technology circa 1955 through 1985. Produced by the Countermeasures Directorate’s Office of Security Technology in the Bureau of Diplomatic Security, the show displays a large array of Cold War era surveillance technology, including wired microphones and radio transmitters.
The U.S. Embassy in Moscow seems like it was one big recording booth in the 1960s. One photo shows Ambassador Henry Cabot Lodge Jr. in 1960 holding a listening device that had been discovered inside a large wooden carving of the Great Seal of the United States, a gift from the Soviet Union in 1945. Hidden magnetic microphones were especially popular in U.S. embassies in Eastern Europe. These were small microphones attached to long wooden tubes that could be deeply recessed into embassy walls.
Even Cold War era typewriters had countersurveillance mechanisms built into them. Included in the exhibit is an IBM Selectric typewriter. It coupled a motor to a mechanical assembly, so pressing different keys caused the motor to draw different amounts of current that were specific for each key. Close measurements of the current could reveal what was being typed on the machine. To prevent these measurements, State Selectric typewriters were equipped with “inertia” motors connected to a large flywheel. The spinning flywheel absorbed the stress of the mechanical assembly and masked the keys being typed. (more)
For more on the exhibit, click here.
SpyCam Story #453 - Spy'er Education
Tucked away in a 1,200-page bill now in Congress is a small paragraph that could lead distance-education institutions to require spy cameras in their students' homes.
It sounds Orwellian, but the paragraph — part of legislation renewing the Higher Education Act — is all but assured of becoming law by the fall. No one in Congress objects to it.
The paragraph is actually about clamping down on cheating. It says that an institution that offers an online program must prove that an enrolled student is the same person who does the work. (more)
It sounds Orwellian, but the paragraph — part of legislation renewing the Higher Education Act — is all but assured of becoming law by the fall. No one in Congress objects to it.
The paragraph is actually about clamping down on cheating. It says that an institution that offers an online program must prove that an enrolled student is the same person who does the work. (more)
Thursday, July 24, 2008
SpyCam Sunglasses
from the seller's web site...
"Sunglasses DVR Camera is the newest and most advanced spy camera with built in Video Recorder in the world. Unlike other device of this type, This sunglasses records everything you see and hear, without connecting to MP4 or other Recording source.
Cool hands free video recording any time any where. These quality Polarized lens sunglasses have a built-in 1.3 mega pixel self recording color camera and real time (30 fps) digital video recorder. Internal 2GB memory and li-polymer rechargeable battery records for 5 hours continuously.
Up to 2GB Micro SD card (not Included) offers even more recoding time and easy storage of Audio and video. Stereo recording insures great sound quality to go along with the action. Ideal for outdoor activities such as bike riding, sporting events, snow skiing, tennis, and other events and SURE for SPY and INVESTIGATION." (more)
Why do I mention it?
So you know what you are up against!
"Sunglasses DVR Camera is the newest and most advanced spy camera with built in Video Recorder in the world. Unlike other device of this type, This sunglasses records everything you see and hear, without connecting to MP4 or other Recording source.
Cool hands free video recording any time any where. These quality Polarized lens sunglasses have a built-in 1.3 mega pixel self recording color camera and real time (30 fps) digital video recorder. Internal 2GB memory and li-polymer rechargeable battery records for 5 hours continuously.
Up to 2GB Micro SD card (not Included) offers even more recoding time and easy storage of Audio and video. Stereo recording insures great sound quality to go along with the action. Ideal for outdoor activities such as bike riding, sporting events, snow skiing, tennis, and other events and SURE for SPY and INVESTIGATION." (more)
Why do I mention it?
So you know what you are up against!
VoIP Eavesdropping - How Difficult Is It?
by Stephan Varty, Vulnerability Analyst, in Nortel's Voice Security Blog...
Many people assume a certain level of confidentiality is assured when they use their phone. Concerns have been raised about the increased risk of someone eavesdropping on a VoIP call compared to a traditional PSTN call. Although the concern applies similarly to other VoIP protocols such as UNIStim, H.323, or SCCP as well, what follows is an opinion on the susceptibility of a SIP call to remote eavesdropping...
...due to common vulnerabilities such as missing or outdated patches, misconfiguration, and undetected software defects, it is likely that in many cases a determined sophisticated attacker would be capable of eavesdropping on unencrypted SIP calls. (more)
Lessons:
• Employ encryption.
• Install all software patches and updates.
• Double check your configurations.
Extra Credit:
Eavesdropping an IP Telephony Call
Many people assume a certain level of confidentiality is assured when they use their phone. Concerns have been raised about the increased risk of someone eavesdropping on a VoIP call compared to a traditional PSTN call. Although the concern applies similarly to other VoIP protocols such as UNIStim, H.323, or SCCP as well, what follows is an opinion on the susceptibility of a SIP call to remote eavesdropping...
...due to common vulnerabilities such as missing or outdated patches, misconfiguration, and undetected software defects, it is likely that in many cases a determined sophisticated attacker would be capable of eavesdropping on unencrypted SIP calls. (more)
Lessons:
• Employ encryption.
• Install all software patches and updates.
• Double check your configurations.
Extra Credit:
Eavesdropping an IP Telephony Call
Tapped Out Friends Tap Friendship
IL - Two friends of former police officer Drew Peterson told a newspaper he made incriminating statements during secretly taped conversations following the disappearance of his fourth wife — claims that Peterson denies... Peterson said the couple had asked him for money and became angry when he would not lend it to them. (more)
Email Sinks Two Anchors - Keystroke Logger Helped
Philadelphia, PA - A longtime television newscaster was charged Monday with illegally accessing the e-mail of his glamorous former co-anchor, who suspected details of her social life were being leaked to gossip columnists.
Federal prosecutors say fired KYW-TV anchor Larry Mendte accessed Alycia Lane's and leaked her personal information to a Philadelphia Daily News reporter. Lane's personal life had routinely become tabloid fodder and eventually led to her own dismissal from the station.
"The mere accessing and reading of privileged information is criminal," acting U.S. Attorney Laurie Magid said. "This case, however, went well beyond just reading someone's e-mail." (more)
How Alycia Lane's passwords were tapped...
According to sources close to the case, former CBS anchor Larry Mendte used a hardware keylogger system to obtain Alycia Lane's e-mail passwords. Keylogger systems secretly capture every keystroke made on a targeted computer.
Keyloggers come in two forms: software, which is installed on a computer, and hardware, which is a battery-sized recording device that is secretly attached to the cord between the keyboard and a computer. The precise type and brand of keylogger used in the Mendte case could not be determined, but sources said it was the hardware version. (more)
My all-time favorite newscasters. ~ KDM
(John Hart, Jon Stewart, Paul Harvey, Jim Hartz, Walter Cronkite, Susan Stamberg, Charles Osgood, Charles Kuralt, Lloyd Dobbins, Linda Ellerbee, Tom Snyder and you know who.)
Federal prosecutors say fired KYW-TV anchor Larry Mendte accessed Alycia Lane's and leaked her personal information to a Philadelphia Daily News reporter. Lane's personal life had routinely become tabloid fodder and eventually led to her own dismissal from the station.
"The mere accessing and reading of privileged information is criminal," acting U.S. Attorney Laurie Magid said. "This case, however, went well beyond just reading someone's e-mail." (more)
How Alycia Lane's passwords were tapped...
According to sources close to the case, former CBS anchor Larry Mendte used a hardware keylogger system to obtain Alycia Lane's e-mail passwords. Keylogger systems secretly capture every keystroke made on a targeted computer.
Keyloggers come in two forms: software, which is installed on a computer, and hardware, which is a battery-sized recording device that is secretly attached to the cord between the keyboard and a computer. The precise type and brand of keylogger used in the Mendte case could not be determined, but sources said it was the hardware version. (more)
My all-time favorite newscasters. ~ KDM
(John Hart, Jon Stewart, Paul Harvey, Jim Hartz, Walter Cronkite, Susan Stamberg, Charles Osgood, Charles Kuralt, Lloyd Dobbins, Linda Ellerbee, Tom Snyder and you know who.)
Rogue Lid Shuts Grid
Rogue laptops aren't the only rogues out there...
A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.
Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.
Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said. He was taken into custody Sunday. (more)
So, how do you protect yourself against insider hijacking?
One way to start...
• Don't give the keys to the kingdom to only one person.
• "Checks and Balance" "Checks and Balance" "Checks..."
• Establish an admin / root password emergency reset plan.
• Bell your cat(5). Get notified when it hits the fan: Tripwire
• Keep my number handy. Rogues are know for their bug and wiretap tricks, too.
A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.
Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.
Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said. He was taken into custody Sunday. (more)
So, how do you protect yourself against insider hijacking?
One way to start...
• Don't give the keys to the kingdom to only one person.
• "Checks and Balance" "Checks and Balance" "Checks..."
• Establish an admin / root password emergency reset plan.
• Bell your cat(5). Get notified when it hits the fan: Tripwire
• Keep my number handy. Rogues are know for their bug and wiretap tricks, too.
Labels:
advice,
cautionary tale,
computer,
data,
employee,
FBI,
government,
lawsuit,
password,
product,
sabotage,
software
Wednesday, July 23, 2008
We think the Hamburglar is behind this one...
For the three weeks between July 25 and Aug. 14, 2008, kids can collect official Spy Gear gadgets with the purchase of a Happy Meal or Mighty Kids Meal at participating McDonald's restaurants.
Kids can embark on imaginative spy missions using six new Spy Gear toys offered exclusively at McDonald's: Secret Wrist Beam, Spy Guard Motion Alarm, Spy Disc Defender, Invisible Message Pen, Rear View Spy Scope and Mobile Message Bot.
The Spy Gear Happy Meal is timed with Wild Planet's 10th anniversary of making spy toys, and precedes the release of the company's first Spy Gear board games, Spy Trackdown and Spy Wire. (more)
"In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood are unwittingly being cultivated." (more)
Kids can embark on imaginative spy missions using six new Spy Gear toys offered exclusively at McDonald's: Secret Wrist Beam, Spy Guard Motion Alarm, Spy Disc Defender, Invisible Message Pen, Rear View Spy Scope and Mobile Message Bot.
The Spy Gear Happy Meal is timed with Wild Planet's 10th anniversary of making spy toys, and precedes the release of the company's first Spy Gear board games, Spy Trackdown and Spy Wire. (more)
"In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood are unwittingly being cultivated." (more)
Labels:
advice,
amateur,
cautionary tale,
espionage,
FutureWatch,
miscellaneous,
mores,
product,
spybot,
toy
Whatta fun couple! "It's party time!" (fabadabaZap)
Lisa Cohen, 28, garnered media attention when she released tapes in March of her former fiance, Lee County Sheriff's Cpl. Michael DeTar, using a Taser on party guests.
Cohen pleaded guilty to three misdemeanor charges lessened from two felony charges against DeTar — eavesdropping and disrupting computer services for an authorized user. She pleaded guilty to stalking, making a false report and criminal mischief above $200.
Today...
...the Cape Coral woman who allegedly brought a gun into the Lee County Justice Center in March, pleaded no contest today to a misdemeanor charge of possession of a firearm in a restricted area. (more)
Extra Credit...
Tired of Tupperware?
Taser Parties - A Shocking Success (more)
Cohen pleaded guilty to three misdemeanor charges lessened from two felony charges against DeTar — eavesdropping and disrupting computer services for an authorized user. She pleaded guilty to stalking, making a false report and criminal mischief above $200.
Today...
...the Cape Coral woman who allegedly brought a gun into the Lee County Justice Center in March, pleaded no contest today to a misdemeanor charge of possession of a firearm in a restricted area. (more)
Extra Credit...
Tired of Tupperware?
Taser Parties - A Shocking Success (more)
Labels:
amateur,
eavesdropping,
lawsuit,
miscellaneous,
police,
product,
Ray-Gun,
weird
SpyCam Story #452 - "What goes around...eh, Rod"
Alex Rodriguez's wife wants to know if he hired private detectives or had wiretaps installed to spy on her. Cynthia Rodriguez's lawyers demanded any surveillance information as part of a records request in the Miami divorce case.
The document asks for any tape recordings, photographs, reports from investigators or results from possible wiretaps. (more)
According to British tabloid The Daily Star, an unidentified man has come forward claiming that he secretly filmed Yankee star Alex Rodriguez and Madonna having sex, by use of a hidden camera installed in one of Madonna’s Kabbalah practicing friends’ home, who is also friends with him. (more)
The document asks for any tape recordings, photographs, reports from investigators or results from possible wiretaps. (more)
According to British tabloid The Daily Star, an unidentified man has come forward claiming that he secretly filmed Yankee star Alex Rodriguez and Madonna having sex, by use of a hidden camera installed in one of Madonna’s Kabbalah practicing friends’ home, who is also friends with him. (more)
Tuesday, July 22, 2008
Wikileaks Strikes - Canadian Wiretapping
from Wikileaks...
"In a dramatic turn of events, it has been revealed that a wiretap was issued on several protesters of the Mohawk tribe in Canada who were protesting poverty. The news story was leaked yesterday on Wikileaks in part because of a media ban on the subject.
According to the discussion page prosecutors were trying to ban the entire story from the media, but ultimately failed to do so...
In short, the law enforcement in charge of keeping the situation calm ordered a wiretap on the protesters without a court order. It's unlikely that the public will treat this aspect lightly because it puts into serious question just how far law enforcement is willing to go. In a country where privacy is of greater concern then in other countries, one might expect some form of outrage at some point in the near future." (more)
Wikileaks.org and "malignant activism" (Security Scrapbook, 2/17/03) are old alert topics for my security director clients. Today's leak is a good example of these warnings. Organizational attacks like these can be mitigated if an information security program - which includes counterespionage elements - is in place. ~ Kevin
"In a dramatic turn of events, it has been revealed that a wiretap was issued on several protesters of the Mohawk tribe in Canada who were protesting poverty. The news story was leaked yesterday on Wikileaks in part because of a media ban on the subject.
According to the discussion page prosecutors were trying to ban the entire story from the media, but ultimately failed to do so...
In short, the law enforcement in charge of keeping the situation calm ordered a wiretap on the protesters without a court order. It's unlikely that the public will treat this aspect lightly because it puts into serious question just how far law enforcement is willing to go. In a country where privacy is of greater concern then in other countries, one might expect some form of outrage at some point in the near future." (more)
Wikileaks.org and "malignant activism" (Security Scrapbook, 2/17/03) are old alert topics for my security director clients. Today's leak is a good example of these warnings. Organizational attacks like these can be mitigated if an information security program - which includes counterespionage elements - is in place. ~ Kevin
Subscribe to:
Posts (Atom)