Saturday, May 16, 2009

Spies Need a Safe Place to Eat

The Safe House is located on the hard-to-find Front Street, which is basically an alley that runs one block west of Water Street between Wells and Mason Streets. The building -- adorned with a few flags -- does not have a Safe House sign, but does have a small placard that reads "International Exports Ltd."

After trying two other locked doors, the boys finally found an unlocked door that led them into a very small room with a large book shelf.

At night, guests are greeted by a person -- playing the role of "Ms. Moneypenny" from the James Bond films -- who asks for the password. During the day, however, a voice pipes through a speaker (this is a new feature) and asks if you know the password.


The password has not changed in four decades, but if you do not say it exactly right, you are asked to take a special "spy test" proving that you are indeed a spy who deserves entry into the Safe House.
At night, the spy test can get a bit sassy, but when kids are involved, the test is G-rated, requiring those that don't know the password to like act like a monkey or hop on one foot.

Video cameras are hidden in the wall of the Safe House entry way, so unbeknownst to the new guests, diners are watching their antics on television screens inside the restaurant.


If you whisper the password correctly into the speaker, or once you pass the spy test if you didn't know the password, the faux book shelf opens like a door and allows you to walk down a hallway to the bar / restaurant.
The Safe House opened in the late '60s, and since then, very little has changed. (more)

Prove you are a worthy secret agent, man.
Figure out Safe House's home city.
Be seeing you.
~ Kevin

Would You Trade Privacy for Communications?

How much information do you think your mobile phone company has about you? Your address, your bank details... what about your religion? Or your sexuality? Does it know if you've been speeding?

Well at the moment, probably not.

But a new report (from FIDIS - Future of Identity in the Information Society) is warning that if we sign up to agreements without reading them properly, this could become a reality. (more)

Give this a few seconds of thought. The phone companies already have a pretty good idea of who you are, where you are and where you go - especially if your phone has GPS capabilities. Valuable info. They would love to sell it.

FutureWatch... They will sell it. Keep an eye on future service contracts. You will ride the slippery slope. Think you'll protest? Not if they give you "free" calls in exchange. That's how much your privacy is worth to someone else.

Thursday, May 14, 2009

Alert: In-Flight Internet... aka InfoButterfly.Net

via Netragard, LLC...
Airline passangers' personal computer information can be easily hacked while in flight.


The wireless inflight airline internet access service, GoGo Inflight Internet ("GoGo"), which enables travelers to access the internet while in flight
does not encrypt communications between users (passengers) and the Wireless
Access Points on the aircraft.

As a result of this lack of encryption it is easy to intercept and record all data sent and received by passengers. This poses significant risk to passengers and their respective businesses as sensitive information is sent over the air without encryption. This information can include, emails, email attachments, email content, usernames and
passwords,credit card information, social security numbers, methods for accessing business networks, trade secrets, etc.

This information can be intercepted and recorded by anyone on the aircraft with a WiFi capable
laptop/device. (more)

P.S. Things named GoGo seem to be really cool but don't last. Just sayin'.
(Goggo mobile) (GoGo National Airlines) (GoGo dancers) (sing-a-long) (Psycho a Go-Go) (Secret GoGo) (Beat GoGos) (Surf GoGo) (GoGo!7188-C7) (Road Runner GoGo) (88 GoGo) (Tokyo A Go Go) (Goin to a GoGo) (GoGo Brothers) (Ghoul A Go-Go) (GO GO HAPPY DAY) (Penn Gillett Rescuing a Go-Go Dancer NSFW) but I digress.

Remember... Don't do anything more sensitive on the airplane than read USA Today... no email, no accessing your corporate web site, no bidding on ebay, no buying viagra, etc., etc.

UPDATE - Gogo Inflight Internet service deserves equal time. It is, after all, providing a very useful and wanted service. The information released by Netragard, LLC applies to all public Wi-Fi hot spots, and to single out Gogo makes their motives suspect.

The problem of public Wi-Fi spying is why I mentioned Hotspot Shield
, a FREE VPN, a while back. (more)

Gogo would like you to know...
"To date, Aircell and its carrier partners have not identified any network security vulnerabilities in the Gogo Inflight Internet service that are threats to our customers. Credit card transactions to access Gogo are encrypted and fully secure. Other Internet traffic on the Gogo network is as secure as any public Wi-Fi hotspot in a hotel, airport or coffee house. For users who wish a higher level of information security, Gogo supports virtually all VPN clients. Aircell is committed to our customers' safety and security both in the air and online and will do all we can to ensure our customers' information remains secure and private."
Go with Gogo and be as cautious as you would at any public Wi-Fi hotspot. VPN it. ~ Kevin

Business Espionage - Crestron vs AMX

Security Directors - A $10 million dollar loss is being attributed to poor password practices.

Suggest a password management program which forces new and effective password creation regularly. Use this article to back-up your brilliant suggestion. ~ Kevin


NJ -
A Long Island man has pleaded guilty to illegal wiretapping in a corporate espionage case that targeted two Bergen County companies.

David A. Goldenberg of Oceanside, N.Y., admitted to accessing internal e-mail at Sapphire Marketing LLC in Woodcliff Lake, a regional sales representative for Crestron Electronics in Rockleigh, which makes audiovisual equipment. He worked for Crestron's rival, Texas-based AMX Corp., at the time.


"He was able to figure out what their default passwords were, which they never changed," said Brian Lynch, chief of the white-collar crime unit in the Bergen County Prosecutor's Office.


Goldenberg was arrested in March 2008, accused of stealing e-mail and information over a nine-month period, allowing AMX to underbid Crestron on competitive contracts. Crestron has said it lost more than $10 million in business as a result. (
more)

DOD official charged with espionage

DC - A civilian employee of the Defense Department was arrested Wednesday on espionage charges that he sold classified information and passed other sensitive documents to a spy for the Chinese government who has been convicted of compromising another Pentagon employee.

James Wilbur Fondren Jr., 62, was charged in federal court in Virginia with conspiracy to communicate classified information to an agent of a foreign government. He faces up to five years in prison if convicted.

Mr. Fondren, who has been suspended since February 2008 from his job as deputy director of the U.S. Pacific Command's Washington liaison office, turned himself in to federal agents Wednesday morning and was released without having to post bond, but will be on GPS monitoring. (more) (more)

Business Espionage - Power from The Peoples

Russia - A Moscow court convicted two brothers with dual Russian-U.S. citizenship of industrial espionage Thursday and gave them one-year suspended sentences, according Russia's top domestic security agency.

The Federal Security Service said Ilya and Alexander Zaslavsky were convicted of attempting to acquire classified commercial data from state-owned Russian energy company Gazprom. (more)

Business Espionage - America's Cup

A suspect has been arrested in the south of France for allegedly conducting industrial espionage against the America's Cup holders, Alinghi.

The Swiss-backed team felt that their jealously guarded secrets in sailing's equivalent of formula one were under threat. Police sources in the south of France confirmed that a team of officers had travelled down from Paris to conduct a surveillance operation around the Alinghi base.


It is understood that at least one individual was arrested in the French town of Villeneuve. The suspect is believed to be under interrogation by specialist officers in Paris but the operation is so secret that police sources refused to provide any details, instead referring inquiries to the central information office of the French legal system.


Intriguingly, a 3D model of the "Alinghi vehicle assembly building – interpolated from spy photos" appeared on the YouTube website a fortnight ago. It is not known if the two incidents are linked. (more) (YouTube video)

Wednesday, May 13, 2009

Today's Buzz - Palm-sized SpyCam Helicopter

Norway - PD-100 Black Hornet is a small video camera equipped helicopter not more than 100 mm long, weighing less than 20 grams.

It can be carried in your pocket and launched within seconds to give immediate situational awareness. This new ultra small aircraft is a valuable tool in situations where a closer look at a hostile area or inside a contaminated building is crucial.


Operational Concept

Deployment
• Complete PD-100 System Carried by One Man
• Ready to Fly – In the Air Within One Minute
• Requires No Prepared Surface

• Stealth – Small and Quiet
• Reusable with Fly Home Capability

• Low Cost
• Easy to Fly, Requires Little Training

Missions
• Look Behind Objects
• Birds Eye View of Areas of Interest
• Visual Information in Urban Operations

• Reconnaissance Inside Buildings

• Hover and Stare
• O
bject Identification
• Target and Damage Assessment

• Deployment of Special Payload

• and sneaking into offices to read paperwork (see video)
(more) (more video) (TV report)

Think Geek - Build Your Own BUG

from our
"Wow, this is cool!"
files...


What is BUG?
BUG is a baby monitor. BUG is a security system. BUG is a GPS device. BUG can read barcodes, draw pictures, update your twitter feed, and control robots. BUG is a platfor
m for learning, rapid prototyping, and experimentation. BUG is just about whatever you want it to be. So, the BUG can be anything, but what is it?

BUG is a set of tools that lets you create personalized gadgets and devices. It's open-source and modular, letting you literally snap together the device you need. Backed by a community of enthusiastic developers, BUG development continues to grow more exciting and diverse. (more) (video) (buglabs)

Porn Name Game Sucks in Twits

A web security expert is warning people to be careful with personal information they divulge on social networking sites, after the latest suspected identity fraud quest hit Twitter. (more)

Bottom line Tweets...

• Change your passwords regularly;

Don't use the default password or a common password;
Ensure your password is long and is not a word used in dictionaries;
Never write down or store your passwords on your computer;
Don't click onto links or attachments in emails obtained from someone you don't know;
Don't provide personal or security details in response to any email;
Scan new programs or files for viruses before you open, install or use them.

Tuesday, May 12, 2009

Dump Your FM Analog Wireless Microphones

FM analog wireless presenter's microphones are a security nightmare...
and an eavesdropper's dream.
Security-wise...
You're naked!
(
background)

If you have analog wireless microphones, dump them.

If your A/V company uses them, dump them too, until they upgrade to encrypted wireless microphones.

Replace your info-leakers with one of these digital systems...

Audio-Technica - SpectraPulse™ Ultra Wideband (UWB)
Lectrosonics (...and an Encryption White Paper)
Zaxcom
Mipro ACT-82
Telex SAFE-1000

The good news...

Your old wireless system may be eligible for a trade-in!

Most wireless microphone companies are currently offering rebates and free retuning due to changes in the FCC rules. Some are even offering trade-in money.
Check here for a partial list of programs.

Black Hat is Coming

Black Hat is the leading conference series for technical security professionals.

Black Hat Briefings and Training has earned cult status among security enthusiasts and leading technical influencers. Black Hat USA 2009, July 25–30 at Caesars Palace, Las Vegas. (
more) (register)

Has Castro Blackmailed Hollywood?

Sometimes a story comes along that sounds true but needs more evidence to back it up. You decide...

"My job was to bug their hotel rooms,” says high-ranking Cuban intelligence defector Delfin Fernandez. “With both cameras and listening devices. Most people have no idea they are being watched while they are in Cuba. But their personal activities are filmed under orders from Castro himself...”


"...famous Americans are the priority objectives of Castro’s intelligence,” says Fernandez. “When word came down that models Naomi Campbell and Kate Moss were coming to Cuba, the order was a routine one: 24-hour-a-day vigilance. Then we got a PRIORITY alert,” recalls Fernandez, “because there was a rumor that they would be sharing a room with Leonardo DiCaprio. The rumor set off a flurry of activity, and we set up the most sophisticated devices we had.”

“The American actor Jack Nicholson was another celebrity who was bugged and taped THOROUGHLY during his stay in the hotel Melia Cohiba,” states Fernandez, the man in charge of the bugging.

Turns out, however, that at least one visiting dignitary foiled Castro’s intelligence. On his visit to Cuba in 1998, Pope John Paul II’s assistants discovered and removed several bugging devices from His Holiness’ hotel room.

While holding up the book ”Fidel: Hollywood's Favorite Tyrant” on his TV show, Bill O’Reilly called these celebs “Hollywood pinheads.” (
more)

Government Surveillance Hit Parade

In what may be the first assessment of its kind, a private company... is ranking the United States No. 6 in the world for having the most aggressive procedures for monitoring residents electronically.

The report, called
The Electronic Police State, assesses the status of governmental surveillance in 52 nations around the globe for 2008. The document was released Cryptohippie, Inc. (more)

Get Smart - 100+ Open Courses on Computer Information Systems and Security

Security Directors are well aware that their professional responsibilities have grown; the biggest growth area is computer forensics, security and information protection.

Problem: How may one learn these new skills?
Solution: Open University (aka Distance Learning). "Open learning means that you will be learning in your own time by reading course material, working on course activities, writing assignments and perhaps working with other students."

One basic course being offered is: Introduction to Information Security: an introduction to the reasons and methods for securing confidential information.

Many other courses are listed here and here and here.

See you around the campus. ~ Kevin