Friday, June 26, 2009

FutureWatch - Amazing MagLev

Is this cool, or what?!?!
Enjoy your weekend.
See you Monday.

Japan discovers 1970's 'Broken Window Theory'

A Tokyo district plagued with burglaries has turned to planting flowers to beautify its streets and help stamp out crime.

"'Operation Flower' began about three years ago. By planting flowers facing the street, more people will be keeping an eye out while taking care of the flowers or watering them," said Kiyotaka Ohyagi, a Suginami City official...

Suginami, with a population of 528,800, saw a record 1,710 break-ins in 2002... Suginami says its efforts have paid off, with the number of burglaries falling to 390 in 2008, down almost 80 percent from 2002.

Oh, by the way...
The flowers are part of a wider crime prevention campaign. The district also has 9,600 volunteer patrollers and 200 security cameras set up in areas where there are frequent break-ins. It also emails crime information daily to residents. (more)

Broken Window Theory... (via The Atlantic - March 1982)
...at the community level, disorder and crime are usually inextricably linked, in a kind of developmental sequence. Social psychologists and police officers tend to agree that if a window in a building is broken and is left unrepaired, all the rest of the windows will soon be broken. This is as true in nice neighborhoods as in rundown ones. Window-breaking does not necessarily occur on a large scale because some areas are inhabited by determined window-breakers whereas others are populated by window-lovers; rather, one unrepaired broken window is a signal that no one cares, and so breaking more windows costs nothing. (It has always been fun.)

Philip Zimbardo, a Stanford psychologist, reported in 1969 on some experiments testing the broken-window theory. He arranged to have an automobile without license plates parked with its hood up on a street in the Bronx and a comparable automobile on a street in Palo Alto, California. The car in the Bronx was attacked by "vandals" within ten minutes of its "abandonment." The first to arrive were a family—father, mother, and young son—who removed the radiator and battery. Within twenty-four hours, virtually everything of value had been removed. Then random destruction began—windows were smashed, parts torn off, upholstery ripped. Children began to use the car as a playground. Most of the adult "vandals" were well-dressed, apparently clean-cut whites. The car in Palo Alto sat untouched for more than a week. Then Zimbardo smashed part of it with a sledgehammer. Soon, passersby were joining in. Within a few hours, the car had been turned upside down and utterly destroyed. Again, the "vandals" appeared to be primarily respectable whites. (more)

"How does this apply to information security?"
If management doesn't care, employees won't care. When employees don't care, your company is easy pickings for info-vultures. Patch all the holes. ~Kevin

FutureWatch - Your Own Private Internet

For those struggling with privacy on the Web, security researchers at Hewlett-Packard might have found the light at the end of tunnel.

A duo from HP's Web security group, Billy Hoffman and Matt Wood, are scheduled to present an idea at the BlackHat security conference in July that could shed new light on an old idea about how to communicate privately over the Internet.

The researchers, who previewed their concept to Forbes, say
their model works like a private Internet on top of the existing public one: People can share information like files and messages via the Internet medium, but without the kind of public-facing personally identifiable information that Internet protocol addresses provide...

The darknet concept as we know it today has been around for a while, and current implementations usually rely on some sort of third-party technology to make it work. The model Hoffman and Wood are previewing is notable in that it uses the latest in rich Internet technologies to make using a darknet as simple as browsing a Web site. That innovation should drastically reduce the barrier to sharing secure information over darknets. (
more)

Thursday, June 25, 2009

The Apple Lesson

"You can only give them as much security as they will take," the old saying goes.

Most organizations don't take much.
"Not our corporate culture."
"People would quit."
"How do you enforce that!"
These excuses are lame.
Worse, they are profit suckers.

Considering information is the genesis of profits, it is hard to fathom laissez faire attitudes. Employees want to be part of a successful, cool, winning organization. They want their company to be profitable. To them it means job security, better salaries and prestige.

All they need is leadership.


"Prove it," I hear you say.

via The New York Times...
Apple is one of the world’s coolest companies. But there is one cool-company trend it has rejected: chatting with the world through blogs and dropping tidbits of information about its inner workings.

Few companies, indeed, are more secretive than Apple, or as punitive to those who dare violate the company’s rules on keeping tight control over information. Employees have been fired for leaking news tidbits to outsiders, and the company has been known to spread disinformation about product plans to its own workers.

“They make everyone super, super paranoid about security,” said Mark Hamblin, who worked on the touch-screen technology for the iPhone and left Apple last year. “I have never seen anything else like it at another company.”...

Secrecy at Apple is not just the prevailing communications strategy; it is baked into the corporate culture. Employees working on top-secret projects must pass through a maze of security doors, swiping their badges again and again and finally entering a numeric code to reach their offices, according to one former employee who worked in such areas...

...the culture of secrecy had its origin in the release of the first Macintosh, which competitors like Microsoft and Sony knew about before it was unveiled. (more)

There is a lesson here.
On September 25, 1981 Apple stock traded at $1.78; today, $139.86.

This doesn't happen by letting someone pick your intellectual pockets.
Be proactive. Create a strong information secuity program.
Your employees will love it, and respect you for it.

Wednesday, June 24, 2009

Paris Hilton bugged by hotel-room bugging

For once, it seems that someone is actually interested in what Paris Hilton has to say, as the heiress' bodyguards have reportedly found a secret recording device hidden in her hotel room in Dubai.

The U.K. Daily Express reports that Hilton, 28, was less than pleased after the bug was discovered, immediately ordering more security and demanding that hotel staff investigate where the device came from. The incident has not stalled production of the Dubai edition of Hilton's My New BFF reality show.


"
We're not sure what the device picked up or whom it was transmitting to. But it did leave Paris very jittery," a source working with Hilton told the Express. "Everyone she has come into contact with during her stay in Dubai has been fantastic and gracious. We've been told there are some quarters where there is anti-American feeling." (more)

While you may not be a Paris Hilton fan, give her credit. She hired competent security who knew how to find bugs. Should you need the same,
contact me. ~Kevin

Update...
Paris Hilton has played down media reports that her Dubai hotel room was bugged, saying stories in the British tabloids were "another lie created by the media"... None of Hilton's spokespeople were available to comment on Wednesday morning. (more)

We'll keep you posted.

Spies Under Every Watt?

The electric-utility industry is planning a pilot initiative to see whether Chinese spies have infiltrated computer networks running the power grid, according to people familiar with the effort.

Officials of the North American Electric Reliability Corp., an industry regulatory group, are negotiating with a defense contractor for the job of searching for breaches by cyberspies, according to people familiar with the plans...


The Wall Street Journal reported in April that Russian and Chinese spies had penetrated the U.S. electric grid. (more)

China dominates NSA-backed coding contest

About 4,200 people participated in the U.S. National Security Agency-supported challenge... Programmers from China and Russia have dominated an international competition on everything from writing algorithms to designing components... Of 70 finalists, 20 were from China, 10 from Russia and two from the U.S.... Of the total number of contestants, 93% were male, and 84% were aged between 18 and 24. (more)

"You too may be a big hero,
Once you've learned to count backwards to zero.
'In German oder English I know how to count down,
Und I'm learning Chinese,' says Wernher von Braun."
Tom Lehrer1965

From our 'What in this World Could Possibly Go Wrong' files

North Korean leader Kim Jong Il has put his youngest son in charge of the country's spy agency in a move aimed at handing the communist regime over to him, a news report said Wednesday. (more)

The Obama administration is planning to eliminate a spy satellite program at the Department of Homeland Security that had produced concerns about domestic spying, officials said. The program would have given state and local law enforcement officials access to high-resolution imagery from spy satellites to aid them in disaster relief efforts, bolster border security and help secure major events like the Super Bowl. (more)

The Iranian regime has developed, with the assistance of European telecommunications companies, one of the world's most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale. (more)

Kuwait's parliament will hold a vote of no-confidence on the interior minister next week after he was quizzed on Tuesday over accusations that include spying on MPs and squandering public funds. (more)

Colombia's Prosecutor General's office called Noguera and three other former DAS directors for questioning about their alleged involvement in the wiretapping scandal of the intelligence agency. (more)

Canadian police will be given new powers to eavesdrop on Internet-based communications... (more)

FutureWatch - Social Networking Strangulation

If you're planning to apply for a job with the city of Bozeman, Montana, be prepared to hand over much more than your references and résumé. The Rocky Mountain city instructs all job applicants to divulge their usernames and passwords for "any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc."

"Before we offer people employment in a public trust position we have a responsibility to do a thorough background check," Chuck Winn, Bozeman's assistant city manager, told CBSNews.com in an interview on Thursday. "This is just a component of a thorough background check." (more)

FutureWatch...
Yin: Expect this trend to continue and expand.
Yang:
Expect to see dual social networking - one for due diligence consumption, and a sub-rosa one, for real.

Monday, June 22, 2009

Wiretap Using an Erricson Cell Phone

...unconfirmed, but interesting...
"Erricson's WAP, Wireless Application Protocol, suffers from a security flaw that allows attackers to listen into other WAP sessions traveling on the cellular carrier wave... This attack is limited, since you cannot choose which number to wiretap on, and you cannot talk at the same time that you are wiretapping a line. This vulnerability shows the lack of security of WAP as it is offered in today's cellular networks. (more)
Blue Blaze Irregulars, check and advise!
How to wiretap from an Erricson Cell Phone:
1) Type 904059
2) Menu
3) Yes
4) 1
5) RCL
6) Yes
7) 8300**
8) Yes
9) 86
(Instead of the ** you can write any number you wish, except for the number 00)
To stop the wiretapping:
1) Type RCL
2) 3
3) Yes

Sunday, June 21, 2009

Security Of Desks and File Cabinets

So, I am updating my address book. Up pops Michael Silva, a very smart independent security consultant in Edmonds, Washington. I verify his web site address. Interesting. It sidetracks me and I begin poking around. I found a gem for you!

Security Of Desks and File Cabinets <-- click

There may be nothing in this brief article you don't already know, but refresh your memory anyway. When it comes to securing information, this topic ranks right up there with shredding and eavesdropping.

Necessity spawns invention...
At the start of my career an executive countered my suggestion that he clear his desk at night. "I have my paperwork in very specific piles. I can't be moving all of them every night."

I invented a desk condom for him. Custom made to fit his desk, it was lightweight ripstop nylon with a drawstring along the edges. Flip it over the desk at night, pull the cord, lock the lock. Simple. Cheap. It worked for him. Kept after-hours snoops away, and kept the cleaners from knocking over his piles of papers. Stored easily, too.

If you get any grief, ask your execs, "Would you leave a stack of twenties on your desk overnight?" ~Kevin
Photo (
Click to enlarge.) - My worst case.

Saturday, June 20, 2009

"How often are Trade Secrets stolen?"

"...a trade secret once lost, is, of course, lost forever."
Anacomp, Inc. v. Shell Knob Servs., 93 Civ. 4003 (PKL), 1994 U.S. Dist. Lexis 223 (S.D.N.Y. 1994).

Like eavesdropping and other forms of espionage, properly executed, you'll never know. Only the failed, suspected, obvious and fortuitously uncovered cases surface. And, of those... very few are documented in court records.


We can
extrapolate the depth of trade secret espionage from documented court records.

Thanks to
R. Mark Halligan, a Partner at Nixon Peabody LLP in Chicago, this is fairly easy to do. He keeps track of trade secret cases at his Web site - tradesecretshomepage.com It is billed as, "The most complete source for trade secret information on the Web!"

On with the show!

Let's look at the trade secret cases in Mr. Halligan's vault. (Click here. Stand back.) WOW! Just think... those are the cases which made it to court, and got reported - the tip of an apparently huge knowledge-berg of melting profits.

Computation:
Chances look very good someone (or many people) have, are, or will be, picking your corporate pockets, too.

Did you know?:
The courts determine the existence of a trade secret based on six factors. One of them is... "What security measures (above and beyond normal security) have been taken to protect the trade secret?"

Solutions:

- Make friends now with
Mr. Halligan and myself. Besides due diligence, our services are very cheap insurance.
- Check out The Trade Secret Office. It provides software products that make determination of trade secret status simpler and more concrete. FREE Trade Secret Primer.
- Visit Professor Jon Cavicchi's The Trade Secrets Vault for late breaking news.

Mission Creep to Catch A Creep

Two Dutch men have been arrested after a boy they allegedly mugged spotted them using an application on the Google website... he discovered the incident had been recorded on Google's StreetView application.

Under Google's rules, his attackers' faces were blurred, but the men were identified after the company gave investigators the original unobscured picture. Police then identified the men - twin brothers - and made an arrest. (more)

"Quick, call Google...
...and Homeland Security, too!"


Golf balls are bombarding the Port of Everett and anti-terrorism cameras are being trained on a residential neighborhood to hunt down the source... port officials believe someone on Rucker Hill is whacking golf balls down the hill onto port property, endangering dozens of workers and millions of dollars worth of equipment and cargo... they say pointing video surveillance cameras toward the residential area is an appropriate use of the equipment. The cameras were paid for, along with fencing and other security equipment, with $2.3 million in grants from the Department of Homeland Security... (more)

Thursday, June 18, 2009

Yet another USB thumb-drive hitchhikes

South Australia's Health Minister John Hill says sensitive files on planning for the new Royal Adelaide Hospital (RAH) have disappeared.

He says the files kept on a USB drive were lost by an employee from SA Health's Major Projects Office this month...

The SA Opposition says a review must find out why it took nine days for Government ministers to be told the sensitive material had been lost.

Opposition health spokeswoman Vickie Chapman says loss of the files could sabotage the tendering process for the project.

"The biggest item of infrastructure promised by this Government is now at risk," she said.

"Now the most serious interpretation of this is that these documents contain material perhaps even the public sector comparative figures that will just give a field day for prospective tenderers." (more)

You know you are going to loose your USB drive some day.
Why not encrypt it today?
It's
FREE. Click here.
Want an easy OTS solution? Click here.

Pick one, or risk being a NIT.
(Negligent Idiot Twit)

GPS phones could spy on swine flu sufferers

From our "Thin Cover for Ulterior Motives" files...
Health authorities in Japan think they might have the answer to tracking and blocking the spread of swine flu - keep an eye on the population through mobile phones. The idea is to track every individual on their phone's global positioning system (GPS). Then people can be warned if they have crossed paths with anyone diagnosed with a highly contagious illness. (more)

...and what about the tykes who carry germs but not cell phones?
Oh, never mind, they already thought of that!


Schoolchildren to be RFID-chipped
Japanese authorities decide tracking is best way to protect kids

School authorities in the Japanese city of Osaka have decided the benefits outweigh the disadvantages and will now be chipping children in one primary school. The tags will be read by readers installed in school gates and other key locations to track the kids' movements. (more)

Think this is hard to do?
Think again...
World's smallest and thinnest RFID tag is powder made by Hitachi.

No, that's last year's model on the fingertip. This year's model is 60 times smaller – 0.05 x 0.05 millimeters. Look at the microscope slide with the human hair laid across the middle.

The new RFID chips have a 128-bit ROM for storing a unique 38 digit number, like their predecessor. Hitachi used semiconductor miniaturization technology and electron beams to write data on the chip substrates to achieve the new, smaller size.

Hitachi's mu-chips are already in production; they were used to prevent ticket forgery at last year's Aichi International Technology Exposition. RFID 'powder,' on the other hand, is so much smaller that it can easily be incorporated into thin paper, like that used in paper currency and gift certificates. (more)