Friday, November 7, 2008

Wi-Fi Alert - WPA Encryption is Cracking

Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption and read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes...

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack. (more)
They will.

Why the NFL Spies on Its Players

The National Football League's unprecedented new effort to protect its image by cracking down on loutish behavior is making some of the league's 1,952 players a little nervous.

This sweeping new personal-conduct policy, which was announced before the 2007 season, allows the NFL to quickly and summarily fine and suspend players; not just for committing crimes, but for any act that's deemed harmful to the NFL's "integrity and reputation." To guard against these unpredictable suspensions (there have been 10 so far), NFL teams are hiring former police officers and FBI agents as security chiefs, ordering up extensive background checks,
installing video-surveillance systems in locker rooms, chasing down rumors and sometimes forbidding players from talking to the press. (more)

Thursday, November 6, 2008

SpyCam Story #490 - IP Eyes on the Mains

Imagine...
(from the manufacturer's web site)
"...an easy-to-install, easy-to-use Internet camera surveillance solution that allows you to monitor [video and audio] any room in your house from anywhere over the Internet.


...uses Powerline networking, which connects the Internet camera and your router using your house’s electrical wiring, eliminating the need to run networking cables across your home.


Furthermore, the Internet camera uses a single cable to both receive power and connect to the Powerline adapter, allowing you to place the camera anywhere in your home. ...zero-configuration setup gets you up and running in no time..."


KEY FEATURES

• View and manage your camera remotely over the Internet
• Camera functions without PC turned on

• Records motion-triggered snapshots – saved to a secure server

• Receive instant e-mail notifications of motion-triggered events

• Share access to your camera with friends and family

(What could possibly go wrong here?!?!)
• 0.5 lux CMOS sensor can capture video in low-light environments

Built-in microphone lets you hear what’s happening
*
* This could turn illegal (US law) the instant the consenting party leaves in the area. Note: In some states, all parties being heard must consent, even people who are not within view of the camera.
• Adjustable stand – place and position your camera anywhere
• Uses auto-provisioning for zero-configuration network setup

• PowerLine networking – place camera by any power outlet

• Camera powered & networked through a single cable
• Easily expand network – Internet Surveillance Camera Expansion Kit
Only $289.99 (more)

Our Point of View
Privacy nightmare. A repackageable, off-the-shelf, audio / video, surveillance system that sends digital signals (encrypted) over existing power lines, to a remote Internet connection (conceivably Wi-Fi'ed out), and then on to anywhere in the world, 24/7/365, for less than $300.00. Geeez... who you gonna call?

Spybusters Tip # 385 - FREE Encrypted Memory Sticks. Roll Your Own!

Step 1 - Go to your junk drawer.
Grab one of your regular old USB memory sticks.


Step 2 - Go to
TrueCrypt.org.
Grab their FREE encryption software.


Step 3 - Read the Beginner's Tutorial. Load & Lock.


Ta-daaaa!
Instant FREE encrypted memory stick!!!

(clap, clap, clap)

Thank you.

Kevin
P.S. You can also roll Free Mac/Windows XP/Vista/2000/Linus sticks the same way.
Additional Spybusters Tips.

Wednesday, November 5, 2008

Hidden Camera in Office Sparks Investigation

CT - Contract talks between an ambulance company and its medics were jolted last week when union negotiators said they found a small surveillance camera hidden in a smoke detector in a conference room at American Medical Response's regional office in West Hartford.

The discovery of the camera, which was plugged into an outlet that was concealed by ceiling tiles, led the union - the National Emergency Medical Services Association - to file a federal unfair-labor-practice complaint. West Hartford police are also investigating. (
more)

Parton Zero, Google ...well, google

The FCC approved rules that would allow high-tech companies and others to use vacant TV airwaves for unlicensed use. Microsoft Corp., Google and other companies have lobbied heavily for access to the airwaves, which they say can be used to provide low-cost wireless Internet service that is more powerful than current Wi-Fi signals.

Broadcasters and wireless microphone users fought against the use of those airwaves, citing interference concerns. However, the FCC unanimously decided to set rules on how those airwaves can be used. The airwaves will come available in mid-February, when the U.S. transitions to digital-only television broadcasts. (more)

Tuesday, November 4, 2008

Dolly Parton Bugs Out Over Wireless Microphones

The issue comes to a head on Election Day, when the Federal Communications Commission votes on a proposal to make a disputed chunk of radio spectrum available for public use. Google, Microsoft, Hewlett-Packard and other technology companies say the spectrum could be used by a whole new array of Internet-connected wireless gadgets...

But a coalition of old-guard media — from television networks to Broadway producers — is objecting to the proposal, saying it needs a closer look. The opponents argue that signals sent over those frequencies could interfere with broadcasts and wireless microphones at live productions...

If the spectrum is set free, Ms. Parton says, chaos could reign on Broadway — in the form of static and other interference.

“The potential direct negative impact on countless people may be immeasurable,” Ms. Parton wrote in a letter last month to the F.C.C., urging it not to release the frequencies. (more)

Bad news for eavesdroppers, too. Performer's wireless microphones have long been a source of information loss – from bug use, to monitoring corporate meetings, to just hanging around Broadway and boot-legging musicals for free! Tune in tomorrow to see if Google gets out-ogled. ~ Kevin (My bug out.)
(UPDATE)

Monday, November 3, 2008

"Pod Slurping", or...

...how to suck the brains out of a PC in 3 minutes or less – via sharp-ideas.net

The Scenario
An unauthorized visitor shows up after work hours disguised as a janitor and carrying an iPod (or similar portable storage device). He walks from computer to computer and "slurps" up all of the Microsoft Office files from each system. Within an hour he has acquired 20,000 files from over a dozen workstations. He returns home and uploads the files from his iPod to his PC. Using his handy desktop search program, he quickly finds the proprietary information that he was looking for.

Sound far fetched?

An experiment
I conducted an experiment to quantify approximately how long it takes to copy files from a PC to a removable storage device (iPod, thumbdrive, et cetera) if you have physical access. The quick answer: not very long.

I wrote a quick python application (slurp) to help automate the file copy process. Slurp searches for the "C:Documents and Settings" directory on local hard drives, recurses through all of the subdirectories, and copies all document files.

Using slurp.exe on my iPod, it took me 65 seconds to copy all document files (*.doc, *.xls, *.htm, *.url, *.xml, *.txt, etc.) off of my computer as a logged in user. Without a username and password I was able to use a boot CDROM to bypass the login password and copy the document files from my hard drive to my iPod in about 3 minutes 15 seconds. (more... including a free "pod slurping" program you can try yourself!) (much more)

"What's that slurping sound I hear?"

India - A Bangalore-based construction company lost a multi-core tender by a thin margin. Baffled company officials vowed there was no way the rival firm could have come so near to their bid...

Computer forensic tests revealed somebody had accessed the Universal Serial Bus (USB) port to download the tender documents. What surprised the company's top heads was that one of their employees had used his iPod to download the data.

The data was then passed to the rival company for a price and to evade detection, the file was promptly deleted from the iPod. Investigators, however, retrieved it using advanced data-recovery software. (more) (how "pod slurping" is done)

This "pod slurp" didn't have to happen. Computers with especially sensitive data should have their ports and drives locked down. Don't know how? Call me, or any of my Geek Chorus Colleagues. Any of us can save you from going through an iPod high-jack.

M
ore about "pod slurping"
, and an even scarier USB story. ~ Kevin

Dr. No, Goldfinger and Blofeld Are Now Real

via sciencedaily.com
Professor Richard J. Aldrich, Professor of International Security at University of Warwick, who has just been awarded a £447,000 grant from UK's Art and Humanities Research Council to examine 'Landscapes of Secrecy' says that the once improbable seeming villains in the Bond movies have become close to the real threats faced by modern security services.

"Remarkably, the Bond villains - including Dr. No, Goldfinger and Blofeld - have always been post-Cold War figures. Bond's enemies are in fact very close the real enemies of the last two decades - part master criminal - part arms smuggler - part terrorist - part warlord. They are always the miscreants of globalization, they endanger not only the security of single country, but the safety of the whole world. Like our modern enemies, they thrive on the gaps between sovereign states and thrive on secrecy." (more)

Food for thought. Corporate espionage attacks by freelance spies are now commonplace, too. If you sense problems in your company, or just have a few questions, give me a call. ~Kevin

Police Chief Accused of Tapping and Bugging

LA - Monroe Police Chief Ron Schleuter said Thursday he has not yet been served with a federal lawsuit filed against him by retired officer Paul Brown and officer Danny Pringle claiming the chief violated their privacy rights by using an illegal wiretap.

The lawsuit, filed Oct. 15, states that Schleuter "used electronic devices to surreptitiously intercept both the oral and wire communications to (the officers') co-employee ... at the Monroe Police Department." (more)

Spycam Story #489 - The Commish

PA - A former Cumberland County Commissioner has been charged in connection with the use of hidden surveillance throughout his home to videotape sexual encounters with young men, Attorney General Tom Corbett said.

Bruce Barclay, 49, of Mechanicsburg, served as a Cumberland County Commissioner from January 2004 to April 2008. (more) (video)

1/14/09 - UPDATE - A Brecknock Township man pleaded guilty Tuesday to falsely accusing a former Cumberland County commissioner of raping him.

William M. McCurdy, 21, of the 1100 block of Alleghenyville Road entered his plea to making false reports and unsworn falsification in Cumberland County Court.

McCurdy is free on bail pending sentencing in March by Judge Edward E. Guido. The charges carry penalties of up to three years in prison...

State police investigating the accusation uncovered hidden video-recording equipment in Barclay's home. Investigators said Barclay hired male prostitutes on a weekly basis and used the hidden cameras to secretly record more than 100 sexual encounters inside his house.

The videotapes refuted McCurdy's rape accusation, investigators said, but led to Barclay's arrest on charges of wiretapping and related offenses. (more)

Sunday, November 2, 2008

Spycam Story #488 - The Annoyed Ex

As always, there is more to this story, much more.
Guilty or innocent?
You decide.


New Zealand - An Auckland man has described a failed court case involving allegations of spying on his ex-wife with secret cameras as a joke and waste of taxpayer money.

The case against the man was dismissed last week after a judge ruled police had not been able to prove the charge of attempting to make an intimate visual recording.

The million-dollar home the man had shared with his wife was found to have small, infra-red surveillance cameras in the ceiling above the woman's bed when searched by a security firm.

The Herald on Sunday reported that the woman had hired the firm after suspecting someone was spying on her. (more)

If they can 'see' your key, they can duplicate it!

High powered optics and a computer program is all that is needed to duplicate your keys according to three people at the University of California, San Diego...

"Our SNEAKEY system correctly decoded the keys shown in the above image that was taken from the rooftop of a four floor building. The inlay shows the image that was used for decoding while the background provides a context for the extreme distances that our system can operate from. In this case the image was taken from 195 feet. This demonstration shows that a motivated attacker can covertly steal a victim's keys without fear of detection. The SNEAKEY system provides a compelling example of how digital computing techniques can breach the security of even physical analog systems in the real-world. (their paper)

Moral: Don't leave your keys where others can "see" them. But, you already knew that.

Saturday, November 1, 2008

SpyCam Story #487 - Families vs. Carers

UK - A carer has been spared jail despite admitting the 'despicable' theft of cash from the home of a 77-year-old widow with Alzheimer's Disease. Michelle Bradshaw, aged 40, was caught after relatives of the pensioner marked notes in her purse with ultraviolet pen and set up a covert video camera. (more)

FutureWatch – This is the second story like this within two months. Carer steals from patient. Patient's family gets suspicious and installs hidden camera. Carer gets nailed. We see fewer bad nanny stories these days. Maybe spycams have them scared straight. Let's hope professional care givers get the message as well.