If you're planning to apply for a job with the city of Bozeman, Montana, be prepared to hand over much more than your references and résumé. The Rocky Mountain city instructs all job applicants to divulge their usernames and passwords for "any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc."
"Before we offer people employment in a public trust position we have a responsibility to do a thorough background check," Chuck Winn, Bozeman's assistant city manager, told CBSNews.com in an interview on Thursday. "This is just a component of a thorough background check." (more)
FutureWatch...
Yin: Expect this trend to continue and expand.
Yang: Expect to see dual social networking - one for due diligence consumption, and a sub-rosa one, for real.
...unconfirmed, but interesting..."Erricson's WAP, Wireless Application Protocol, suffers from a security flaw that allows attackers to listen into other WAP sessions traveling on the cellular carrier wave... This attack is limited, since you cannot choose which number to wiretap on, and you cannot talk at the same time that you are wiretapping a line. This vulnerability shows the lack of security of WAP as it is offered in today's cellular networks. (more)Blue Blaze Irregulars, check and advise!How to wiretap from an Erricson Cell Phone:1) Type 9040592) Menu3) Yes4) 15) RCL6) Yes7) 8300**8) Yes9) 86(Instead of the ** you can write any number you wish, except for the number 00)To stop the wiretapping:1) Type RCL2) 33) Yes
So, I am updating my address book. Up pops Michael Silva, a very smart independent security consultant in Edmonds, Washington. I verify his web site address. Interesting. It sidetracks me and I begin poking around. I found a gem for you! Security Of Desks and File Cabinets <-- clickThere may be nothing in this brief article you don't already know, but refresh your memory anyway. When it comes to securing information, this topic ranks right up there with shredding and eavesdropping.
Necessity spawns invention...
At the start of my career an executive countered my suggestion that he clear his desk at night. "I have my paperwork in very specific piles. I can't be moving all of them every night."
I invented a desk condom for him. Custom made to fit his desk, it was lightweight ripstop nylon with a drawstring along the edges. Flip it over the desk at night, pull the cord, lock the lock. Simple. Cheap. It worked for him. Kept after-hours snoops away, and kept the cleaners from knocking over his piles of papers. Stored easily, too.
If you get any grief, ask your execs, "Would you leave a stack of twenties on your desk overnight?" ~Kevin
Photo (Click to enlarge.) - My worst case.
"...a trade secret once lost, is, of course, lost forever."
Anacomp, Inc. v. Shell Knob Servs., 93 Civ. 4003 (PKL), 1994 U.S. Dist. Lexis 223 (S.D.N.Y. 1994).
Like eavesdropping and other forms of espionage, properly executed, you'll never know. Only the failed, suspected, obvious and fortuitously uncovered cases surface. And, of those... very few are documented in court records.
We can extrapolate the depth of trade secret espionage from documented court records.
Thanks to R. Mark Halligan, a Partner at Nixon Peabody LLP in Chicago, this is fairly easy to do. He keeps track of trade secret cases at his Web site - tradesecretshomepage.com It is billed as, "The most complete source for trade secret information on the Web!"
On with the show!Let's look at the trade secret cases in Mr. Halligan's vault. (Click here. Stand back.) WOW! Just think... those are the cases which made it to court, and got reported - the tip of an apparently huge knowledge-berg of melting profits.
Computation: Chances look very good someone (or many people) have, are, or will be, picking your corporate pockets, too.
Did you know?: The courts determine the existence of a trade secret based on six factors. One of them is... "What security measures (above and beyond normal security) have been taken to protect the trade secret?"
Solutions:
- Make friends now with Mr. Halligan and myself. Besides due diligence, our services are very cheap insurance.
- Check out The Trade Secret Office. It provides software products that make determination of trade secret status simpler and more concrete. FREE Trade Secret Primer.
- Visit Professor Jon Cavicchi's The Trade Secrets Vault for late breaking news.
Two Dutch men have been arrested after a boy they allegedly mugged spotted them using an application on the Google website... he discovered the incident had been recorded on Google's StreetView application.Under Google's rules, his attackers' faces were blurred, but the men were identified after the company gave investigators the original unobscured picture. Police then identified the men - twin brothers - and made an arrest. (more)"Quick, call Google...
...and Homeland Security, too!"Golf balls are bombarding the Port of Everett and anti-terrorism cameras are being trained on a residential neighborhood to hunt down the source... port officials believe someone on Rucker Hill is whacking golf balls down the hill onto port property, endangering dozens of workers and millions of dollars worth of equipment and cargo... they say pointing video surveillance cameras toward the residential area is an appropriate use of the equipment. The cameras were paid for, along with fencing and other security equipment, with $2.3 million in grants from the Department of Homeland Security... (more)
South Australia's Health Minister John Hill says sensitive files on planning for the new Royal Adelaide Hospital (RAH) have disappeared.He says the files kept on a USB drive were lost by an employee from SA Health's Major Projects Office this month...The SA Opposition says a review must find out why it took nine days for Government ministers to be told the sensitive material had been lost.Opposition health spokeswoman Vickie Chapman says loss of the files could sabotage the tendering process for the project."The biggest item of infrastructure promised by this Government is now at risk," she said."Now the most serious interpretation of this is that these documents contain material perhaps even the public sector comparative figures that will just give a field day for prospective tenderers." (more)You know you are going to loose your USB drive some day.
Why not encrypt it today?
It's FREE. Click here.
Want an easy OTS solution? Click here.Pick one, or risk being a NIT.
(Negligent Idiot Twit)
Old Lyme, Conn.-based Sennheiser is the latest vendor–and one of the few–to offer a microphone that uses optics rather than electrical signals to capture and transmit sound.
The underlying concept is relatively straightforward. A light source–usually a light-emitting diode (LED)–shines against the diaphragm, and the reflections are picked up by a photodetector that's on the same side of the diaphragm. When the diaphragm moves, so do the reflections, creating changes in light intensity. The photodetector notes these changes, beginning the process of capturing them as sound waves. The light waves travel along a fiber optic cable to a unit that, besides providing power, includes a photodiode that converts the light into electrical signals.
Sennheiser's new mics, along with those from rivals such as Israel-based Optoacoustics, are aimed primarily at specific vertical markets...
...optical mics are a potential fit for high-security environments, such as government and defense contractor offices, where eavesdropping is a concern. That's because the alternative–mics with copper cables–even when they're shielded can double as antennas, radiating whatever content is traversing them.
How far those "broadcasts" travel depends on factors such as whether there are multiple walls in the area to attenuate the signal. But if the copper cables are in, say, an executive conference room that has lots of windows, there's a better chance that the signals can be picked up by someone in the parking lot below.
That scenario is one of the reasons why many government guidelines, such as the National Security Agency's TEMPEST, require fiber for secure applications. Often, the concerns such guidelines address often apply to the general enterprise market, too. (more)
In 1994, while optical microphones were still esoteric spy tools, I created a fiber optic microphone teacup for my clients. (front view) (rear view) (bottom view). Only 323 were made. If you still have yours, hold on to it. It's rare. ~Kevin
A great-grandson of Alexander Graham Bell has been arrested on charges of being an international spy.Walter Kendall Myers, 72, and his wife Gwendolyn, 71, were arrested June 4 in Washington, D.C. after the FBI alleged the pair were spying on the United States for Cuba for three decades.Myers is a former U.S. State Department analyst who had top-secret security clearance, according to The Associated Press. (more) (interesting historical background)
from the website...PrivacyHarbor.com’s private and FREE (Basic Account) email system keeps your messages out of the hands advertisers and others who want to see your email. You don’t want people reading your letters or listening in on your phone calls, so why would it be acceptable for spammers and companies to pry on your emails? The clear answer is, it’s not. Keep every message private, safe and secure with PrivacyHarbor... Private webmail account: More secure than online banking.
They offer a nice FREE package as well as moderately priced accounts. Compare the features of each here. ~Kevin
...use a Cell Phone Jammer?"71% YES29% NOSelected comments received..."Perfect place to use them in conference rooms and Churches.""The worst place for me is the bank, you're standing there, waiting, quiet (I have my phone on vibrate usually) and phone nearby you rings and someone cusses and argues or talks about idle crap while everyone else has to stand around and listen? Or in a diverse place, you might get a loudmouth in Spansih, another in Mandarian, or someone giving an idiotic opinion that doesn't make sense and then me and people in line start discussing and bickering cause that's all we can DO!!! I want to JAM em so bad right then and there. Legal or not. ;)"
... if it were your BlackBerry?
NJ- A bill sponsored by Senator Raymond J. Lesniak which would require telecommunications companies to provide caller location information for crime victims to law enforcement agencies was approved by the Senate Law, Public Safety and Veterans Affairs Committee Monday.The measure would amend the state's wiretapping statute to require cell phone carriers and mobile broadband providers to disclose location information regarding a crime victim's mobile or wireless communications device under certain circumstances.
Lesniak's recent experience in which intruders broke into his Elizabeth home and robbed him underscored the need for this legislation. During the robbery, the thieves took his BlackBerry. Had the senator's cell phone carrier been able to cooperate with local law enforcement officials, police could have tracked down and apprehended the thieves much quicker, reducing the risk to the rest of the community. (more)
(click to enlarge)...and, he might want to give BAK2u a try on his new BlackBerry. It backs-up and wipes-out confidential information on stolen BlackBerrys. ~Kevin
Philippines - Two Filipinos and a Jordanian national in the Philippines are facing possible extradition to the United States for hacking into the telephone systems of large US corporations and selling the information to Pakistani nationals living in Italy, the United States Department of Justice said over the weekend...
The three are charged with conspiracy to commit wire fraud, two counts of unauthorized access to computer systems and possession of unauthorized access devices including passcodes to US telephone systems. They each face a 25-year maximum prison sentence and a hefty fine...
...telecom companies lost an estimated $350 million in stolen revenue as a result of the phreaking syndicate. (more) (more)
(The Captain's story)
Even with "free" VoIP telephone service there is still a niche market ($350 million) for phone phreaks to plunder. In this case, they were selling phone service. Remote eavesdropping is another service. Make sure your business phone systems have been hacker-proofed. The Captain has many, many mates out there. ~Kevin
(click to enlarge)
Laid-off employees have emerged as the single biggest threat to data security...The biggest security breaches in corporations these days are employees who have been laid off or who are about to get laid off.When employees leave an organization on their own terms, particularly in good times, many companies scramble to figure out what they had access to and what the value of that information would be to a competitor. There is a large body of case law in the technology industry involving theft of trade secrets, and globalization has added a new twist because laws in some countries are either unenforceable or nonexistent. But in a downturn where millions of workers are being cut, the scale of the problem grows by several orders of magnitude.So how does a CIO minimize data theft when so many employees are being cut? I posed that question to security guru Phillip Dunkelberger, CEO of PGP Corp. His answer: Once employees get their pink slips, it's already too late. He said the real work has to be done well before the termination notices go out. In fact, it has to begin even before the rumors start swirling that layoffs are imminent and employees have time to gather up their contact lists and whatever else they might deem necessary for their survival in case they get laid off. (more)Some employees facing the poop-chute won't be satisfied with old data. Their egos and wallets crave more. Be sure to check for bugs, wiretaps and secret tunnels back into the corporate network. Keep an eye on their friends and lovers who still work for you, too...
Make your own "Official Pink Slip" Click here. ~Kevin
You can now purchased corrupted files on-line; only $3.95 each.Definition: Corrupted File ~ (n.) A file that contains scrambled and unrecoverable data due to hardware or software failure.
"Q: Can my teacher trace the file back to your website?A: No. Our files cannot be opened, traced, or reverse engineered. We also upload new files periodically to make sure our files always stay “fresh.” We didn’t just change a .jpeg extension into a .doc. We take pride in our corruption!"Corrupted files are often signs of viruses, or glitches in the transmission process. Now, corrupted files can be a red flag that your colleague or student is a slacker, or a human engineer...
aka Spy:
"This is a copy of the Compensation Committee's Report your boss wants me to work on. See... it came through corrupted. Could you send me another copy of the file? I'm working from home today, let's try my private email account. That might work better. Thanks!""Keep this site a Secret!" is at the top of every page at Corrupted-Files.com So, don't spread this around. Ok? ~Kevin
FutureWatch...
I invented a desk condom for him. Custom made to fit his desk, it was lightweight ripstop nylon with a drawstring along the edges. Flip it over the desk at night, pull the cord, lock the lock. Simple. Cheap. It worked for him. Kept after-hours snoops away, and kept the cleaners from knocking over his piles of papers. Stored easily, too.
"...a trade secret once lost, is, of course, lost forever."
Hitachi's mu-chips are already in production; they were used to prevent ticket forgery at last year's Aichi International Technology Exposition. RFID 'powder,' on the other hand, is so much smaller that it can easily be incorporated into thin paper, like that used in paper currency and gift certificates. (more)
Old Lyme, Conn.-based Sennheiser is the latest vendor–and one of the few–to offer a microphone that uses optics rather than electrical signals to capture and transmit sound. 
...use a Cell Phone Jammer?"
(click to enlarge)
Philippines - Two Filipinos and a Jordanian national in the Philippines are facing possible extradition to the United States for hacking into the telephone systems of large US corporations and selling the information to Pakistani nationals living in Italy, the United States Department of Justice said over the weekend...
(click to enlarge)
You can now purchased corrupted files on-line; only $3.95 each.
"Q: Can my teacher trace the file back to your website?
