Thursday, May 14, 2009

Alert: In-Flight Internet... aka InfoButterfly.Net

via Netragard, LLC...
Airline passangers' personal computer information can be easily hacked while in flight.


The wireless inflight airline internet access service, GoGo Inflight Internet ("GoGo"), which enables travelers to access the internet while in flight
does not encrypt communications between users (passengers) and the Wireless
Access Points on the aircraft.

As a result of this lack of encryption it is easy to intercept and record all data sent and received by passengers. This poses significant risk to passengers and their respective businesses as sensitive information is sent over the air without encryption. This information can include, emails, email attachments, email content, usernames and
passwords,credit card information, social security numbers, methods for accessing business networks, trade secrets, etc.

This information can be intercepted and recorded by anyone on the aircraft with a WiFi capable
laptop/device. (more)

P.S. Things named GoGo seem to be really cool but don't last. Just sayin'.
(Goggo mobile) (GoGo National Airlines) (GoGo dancers) (sing-a-long) (Psycho a Go-Go) (Secret GoGo) (Beat GoGos) (Surf GoGo) (GoGo!7188-C7) (Road Runner GoGo) (88 GoGo) (Tokyo A Go Go) (Goin to a GoGo) (GoGo Brothers) (Ghoul A Go-Go) (GO GO HAPPY DAY) (Penn Gillett Rescuing a Go-Go Dancer NSFW) but I digress.

Remember... Don't do anything more sensitive on the airplane than read USA Today... no email, no accessing your corporate web site, no bidding on ebay, no buying viagra, etc., etc.

UPDATE - Gogo Inflight Internet service deserves equal time. It is, after all, providing a very useful and wanted service. The information released by Netragard, LLC applies to all public Wi-Fi hot spots, and to single out Gogo makes their motives suspect.

The problem of public Wi-Fi spying is why I mentioned Hotspot Shield
, a FREE VPN, a while back. (more)

Gogo would like you to know...
"To date, Aircell and its carrier partners have not identified any network security vulnerabilities in the Gogo Inflight Internet service that are threats to our customers. Credit card transactions to access Gogo are encrypted and fully secure. Other Internet traffic on the Gogo network is as secure as any public Wi-Fi hotspot in a hotel, airport or coffee house. For users who wish a higher level of information security, Gogo supports virtually all VPN clients. Aircell is committed to our customers' safety and security both in the air and online and will do all we can to ensure our customers' information remains secure and private."
Go with Gogo and be as cautious as you would at any public Wi-Fi hotspot. VPN it. ~ Kevin

Business Espionage - Crestron vs AMX

Security Directors - A $10 million dollar loss is being attributed to poor password practices.

Suggest a password management program which forces new and effective password creation regularly. Use this article to back-up your brilliant suggestion. ~ Kevin


NJ -
A Long Island man has pleaded guilty to illegal wiretapping in a corporate espionage case that targeted two Bergen County companies.

David A. Goldenberg of Oceanside, N.Y., admitted to accessing internal e-mail at Sapphire Marketing LLC in Woodcliff Lake, a regional sales representative for Crestron Electronics in Rockleigh, which makes audiovisual equipment. He worked for Crestron's rival, Texas-based AMX Corp., at the time.


"He was able to figure out what their default passwords were, which they never changed," said Brian Lynch, chief of the white-collar crime unit in the Bergen County Prosecutor's Office.


Goldenberg was arrested in March 2008, accused of stealing e-mail and information over a nine-month period, allowing AMX to underbid Crestron on competitive contracts. Crestron has said it lost more than $10 million in business as a result. (
more)

DOD official charged with espionage

DC - A civilian employee of the Defense Department was arrested Wednesday on espionage charges that he sold classified information and passed other sensitive documents to a spy for the Chinese government who has been convicted of compromising another Pentagon employee.

James Wilbur Fondren Jr., 62, was charged in federal court in Virginia with conspiracy to communicate classified information to an agent of a foreign government. He faces up to five years in prison if convicted.

Mr. Fondren, who has been suspended since February 2008 from his job as deputy director of the U.S. Pacific Command's Washington liaison office, turned himself in to federal agents Wednesday morning and was released without having to post bond, but will be on GPS monitoring. (more) (more)

Business Espionage - Power from The Peoples

Russia - A Moscow court convicted two brothers with dual Russian-U.S. citizenship of industrial espionage Thursday and gave them one-year suspended sentences, according Russia's top domestic security agency.

The Federal Security Service said Ilya and Alexander Zaslavsky were convicted of attempting to acquire classified commercial data from state-owned Russian energy company Gazprom. (more)

Business Espionage - America's Cup

A suspect has been arrested in the south of France for allegedly conducting industrial espionage against the America's Cup holders, Alinghi.

The Swiss-backed team felt that their jealously guarded secrets in sailing's equivalent of formula one were under threat. Police sources in the south of France confirmed that a team of officers had travelled down from Paris to conduct a surveillance operation around the Alinghi base.


It is understood that at least one individual was arrested in the French town of Villeneuve. The suspect is believed to be under interrogation by specialist officers in Paris but the operation is so secret that police sources refused to provide any details, instead referring inquiries to the central information office of the French legal system.


Intriguingly, a 3D model of the "Alinghi vehicle assembly building – interpolated from spy photos" appeared on the YouTube website a fortnight ago. It is not known if the two incidents are linked. (more) (YouTube video)

Wednesday, May 13, 2009

Today's Buzz - Palm-sized SpyCam Helicopter

Norway - PD-100 Black Hornet is a small video camera equipped helicopter not more than 100 mm long, weighing less than 20 grams.

It can be carried in your pocket and launched within seconds to give immediate situational awareness. This new ultra small aircraft is a valuable tool in situations where a closer look at a hostile area or inside a contaminated building is crucial.


Operational Concept

Deployment
• Complete PD-100 System Carried by One Man
• Ready to Fly – In the Air Within One Minute
• Requires No Prepared Surface

• Stealth – Small and Quiet
• Reusable with Fly Home Capability

• Low Cost
• Easy to Fly, Requires Little Training

Missions
• Look Behind Objects
• Birds Eye View of Areas of Interest
• Visual Information in Urban Operations

• Reconnaissance Inside Buildings

• Hover and Stare
• O
bject Identification
• Target and Damage Assessment

• Deployment of Special Payload

• and sneaking into offices to read paperwork (see video)
(more) (more video) (TV report)

Think Geek - Build Your Own BUG

from our
"Wow, this is cool!"
files...


What is BUG?
BUG is a baby monitor. BUG is a security system. BUG is a GPS device. BUG can read barcodes, draw pictures, update your twitter feed, and control robots. BUG is a platfor
m for learning, rapid prototyping, and experimentation. BUG is just about whatever you want it to be. So, the BUG can be anything, but what is it?

BUG is a set of tools that lets you create personalized gadgets and devices. It's open-source and modular, letting you literally snap together the device you need. Backed by a community of enthusiastic developers, BUG development continues to grow more exciting and diverse. (more) (video) (buglabs)

Porn Name Game Sucks in Twits

A web security expert is warning people to be careful with personal information they divulge on social networking sites, after the latest suspected identity fraud quest hit Twitter. (more)

Bottom line Tweets...

• Change your passwords regularly;

Don't use the default password or a common password;
Ensure your password is long and is not a word used in dictionaries;
Never write down or store your passwords on your computer;
Don't click onto links or attachments in emails obtained from someone you don't know;
Don't provide personal or security details in response to any email;
Scan new programs or files for viruses before you open, install or use them.

Tuesday, May 12, 2009

Dump Your FM Analog Wireless Microphones

FM analog wireless presenter's microphones are a security nightmare...
and an eavesdropper's dream.
Security-wise...
You're naked!
(
background)

If you have analog wireless microphones, dump them.

If your A/V company uses them, dump them too, until they upgrade to encrypted wireless microphones.

Replace your info-leakers with one of these digital systems...

Audio-Technica - SpectraPulse™ Ultra Wideband (UWB)
Lectrosonics (...and an Encryption White Paper)
Zaxcom
Mipro ACT-82
Telex SAFE-1000

The good news...

Your old wireless system may be eligible for a trade-in!

Most wireless microphone companies are currently offering rebates and free retuning due to changes in the FCC rules. Some are even offering trade-in money.
Check here for a partial list of programs.

Black Hat is Coming

Black Hat is the leading conference series for technical security professionals.

Black Hat Briefings and Training has earned cult status among security enthusiasts and leading technical influencers. Black Hat USA 2009, July 25–30 at Caesars Palace, Las Vegas. (
more) (register)

Has Castro Blackmailed Hollywood?

Sometimes a story comes along that sounds true but needs more evidence to back it up. You decide...

"My job was to bug their hotel rooms,” says high-ranking Cuban intelligence defector Delfin Fernandez. “With both cameras and listening devices. Most people have no idea they are being watched while they are in Cuba. But their personal activities are filmed under orders from Castro himself...”


"...famous Americans are the priority objectives of Castro’s intelligence,” says Fernandez. “When word came down that models Naomi Campbell and Kate Moss were coming to Cuba, the order was a routine one: 24-hour-a-day vigilance. Then we got a PRIORITY alert,” recalls Fernandez, “because there was a rumor that they would be sharing a room with Leonardo DiCaprio. The rumor set off a flurry of activity, and we set up the most sophisticated devices we had.”

“The American actor Jack Nicholson was another celebrity who was bugged and taped THOROUGHLY during his stay in the hotel Melia Cohiba,” states Fernandez, the man in charge of the bugging.

Turns out, however, that at least one visiting dignitary foiled Castro’s intelligence. On his visit to Cuba in 1998, Pope John Paul II’s assistants discovered and removed several bugging devices from His Holiness’ hotel room.

While holding up the book ”Fidel: Hollywood's Favorite Tyrant” on his TV show, Bill O’Reilly called these celebs “Hollywood pinheads.” (
more)

Government Surveillance Hit Parade

In what may be the first assessment of its kind, a private company... is ranking the United States No. 6 in the world for having the most aggressive procedures for monitoring residents electronically.

The report, called
The Electronic Police State, assesses the status of governmental surveillance in 52 nations around the globe for 2008. The document was released Cryptohippie, Inc. (more)

Get Smart - 100+ Open Courses on Computer Information Systems and Security

Security Directors are well aware that their professional responsibilities have grown; the biggest growth area is computer forensics, security and information protection.

Problem: How may one learn these new skills?
Solution: Open University (aka Distance Learning). "Open learning means that you will be learning in your own time by reading course material, working on course activities, writing assignments and perhaps working with other students."

One basic course being offered is: Introduction to Information Security: an introduction to the reasons and methods for securing confidential information.

Many other courses are listed here and here and here.

See you around the campus. ~ Kevin

Cautionary Tale - Does this ID look funny?

Comedian Armando Iannucci got past security guards at the US State department in Washington with a pass which "could have been produced by a child", in what he described as "probably international espionage".

Mr Iannucci was researching his latest film, the US-British political drama 'In the Loop', when he visited the department's headquarters... He flashed the card at the guards in the main reception of the building, said he had an appointment and was waved through.

The comedian then spent an hour walking around the building taking photographs
, which were later used to help with the set designs for the film. (
more)

Friday, May 8, 2009

Hard Core Info on 34% of Diss'ed Disks

Highly sensitive details of a US military missile air defence system found on a second-hand hard drive bought on eBay... British researchers found the data while studying more than 300 hard disks bought at computer auctions, computer fairs and eBay.

The experts also uncovered other sensitive information including bank account details, medical records, confidential business plans, financial company data, personal id numbers, and job descriptions.


A spokesman for BT said they found 34 per cent of the hard disks scrutinised contained 'information of either personal data that could be identified to an individual or commercial data identifying a company or organisation.' And researchers said a 'surprisingly large range and quantity of information that could have a potentially commercially damaging impact or pose a threat to the identity and privacy of the individuals involved was recovered as a result of the survey.'

Dr Andy Jones, head of information security research at BT, who led the survey, said: 'This is the fourth time we have carried out this research and it is clear that a majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks. (
more)