iPhone PIN Prick

Basically, plugging an up-to-date, non jail-broken, PIN-protected iPhone (powered off) into a computer running Ubuntu Lucid Lynx will allow the people to see practically all of the user's data--including music, photos, videos, podcasts, voice recordings, Google safe browsing databases, and game contents. The "hacker" has read/write access to the iPhone, and the hack leaves no trace. (more)

Poll: Is '21st Century Living' worth the privacy tradeoffs?

Kevin's Security Scrapbook Poll Results

"Is '21st Century Living' worth the privacy tradeoffs?"
56.25%  No, not at all!
31.25%  Yes, definitely!
12.5%  The tradeoffs balance it all out.

A Data Loss Statistics Repository

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one.  

Help keep this Museum of Bitten Bytes going.
Open Security Foundation is the non-profit organization which runs the project. Their Web site, DataLossDB.org, asks for contributions of new incidents and new data for existing incidents. You can also contribute money.

Here is how some of their information is used...
The world's coolest data breach map!
Guaranteed to scare the dollars out of any tight-fisted CFO.

3 Graphic Arts Spy Techniques

If you use Photoshop or Illustrator you can send secret messages...
"You’re mission, if you choose to accept, is to learn how to smuggle secret information out of a building using Illustrator, encrypt a simple message using Photoshop and send a yes/no type of answer to a network of spies using a picture without any direct interaction. Enjoy!" (more)

Another Formula One Spy Scandal?

Formula One seems to thrive on scandal. Hardly a year goes by without some kind of dispute putting the sport on the front pages rather than the sports pages.

In recent years we have had Tyregate, Spygate, Liegate, Crashgate and even Spankgate. What next?

Well, according to a report in the Express by Pitpass' business editor Chris Sylt, it looks like a Spygate sequel is on the horizon.

Records at the UK's High Court show that Force India has launched a damages claim against the companies which run Lotus Racing alleging that they copied the windtunnel model which its car is based on.

The claim has echoes of the row which erupted in 2007 when the FIA fined McLaren $100m for possessing blueprints from Ferrari. (more)

"Place of the gods" gets CCTV

Hotels in the Tibetan capital, Lhasa, are being forced to install electronic surveillance equipment amid an ongoing security clampdown in the city, industry sources said... The hotel security measures come hard on the heels of tighter curbs on the cultural lives of Tibetans, including the use of print shops to replicate Tibetan-language material. (more)

Guess who runs CCTV.com.

Client Alert - FM Wireless Microphones - Illegal

FM Wireless Microphones capable of operations in the 700 MHz frequency range become illegal to use, in the United States, in just less than two weeks. 

For years, I have been advising clients to stop using FM wireless microphones in their Boardrooms and at off-site meetings. Eavesdropping on their transmissions is just too easy. 

A new generation of digital and encrypted wireless microphones are available to replace them. "Now" is an excellent time to justify the switch.

The FCC says... "To see if your wireless microphone operates on the 700 MHz band, simply click on the name of the manufacturer and see if your model is listed. (chart)

• If your model is listed on the table, it is a 700 MHz wireless microphone and can not be used after June 12, 2010. 
  
  
• If you can find your manufacturer’s name and your equipment is not listed, then you may continue using your wireless microphone because it does not operate in the 700 MHz Band. (Due to the eavesdropping risk, Murray Associates does not recommend this option.)

If your manufacturer is not listed, please contact the FCC for additional assistance to determine if your wireless microphone operates on the 700 MHz Band."

Need a source for digital wireless microphones?  

• Revolabs

• Audio-Technica - SpectraPulse™ Ultra Wideband (UWB) (white paper)

• Lectrosonics (...and an Encryption White Paper)

• Zaxcom 

• Mipro ACT-82 

• Telex SAFE-1000

The Geek Chorus on USB Sticks

Background... The Unsolicited "Gift" USB Stick

The latest proof...

Australia - IBM has been left with egg on its face after it distributed virus-laden USB keys to attendees at Australia's biggest computer security conference.

Delegates of the AusCERT conference, held over the past week at the Royal Pines Resort on the Gold Coast, were told about the malware problem in a warning email this afternoon by IBM Australia chief technologist Glenn Wightwick.

The incident is ironic because conference attendees include the who's who of the computer security world and IBM was there to show off its security credentials. (more)

Business Survival™ Weblog

Sure, dealing with business spies is important. That's probably why you're here. But what about all the other business risks you face? Where can you go for help and advice?

One place you should visit each day is Rothstein Associates Inc. Business Survival™ Weblog.

Here is a tip I recently picked up while visiting...

Many of us have had to deal with mentally unstable people at different times and at different levels of the corporate world, including those at executive levels tasked with making significant decisions for their organizations.

Like pornography, a lack of mental stability in people, especially in the workplace, is something most of us recognize when we see it. The effects of mental illness often cause serious negative impacts on the departments and the people the sick individuals interact with. But, because mental illness is still a taboo subject in corporate America, these people remain in their high level posts “undiscovered” for years.

See Dealing with Mentally Unstable Managers, by Joel Font, CISA, CBCP.

Philip J. Rothstein's Business Survival™ Weblog is loaded with tips like this one. It even has a special feeds called Global Disaster Alert (that'll cheer you up in the morning) and Business Survival™ News.

Breaking into Your Garage

If you have an automatic garage door opener, you may want to move your valuables somewhere else. This video shows how a burglar can open a closed (and supposedly locked) garage door, quietly, in less than six seconds! 

Security Scrapbook Tip #203: Secure the interior mechanical pull with a bent wire (a section of old coat hanger will do). Objective... pulling on the lever or cord will do no good until the wire is removed.

False Friends

Australia - It is alleged one of the bank's Melbourne-based debt collectors set up a fake account on the social networking site to covertly gather debtors' addresses, phone numbers and emails.

More than 80 people added "Max Bourke" as a contact before the fake profile was removed from the website yesterday.

ANZ spokesman Stephen Ries says several staff members are under investigation for their role in the online spying. (more)

App The Untappable

via Forbes...

Worried about the NSA, the FBI, criminals or cyberspies electronically eavedropping on your private phone calls? There may be an untappable app for that. 

On Tuesday, an independent hacker and security researcher who goes by the handle Moxie Marlinspike and his Pittsburgh-based startup Whisper Systems launched free public betas for two new privacy-focused programs on Google's Android mobile platform: RedPhone, a voice over Internet protocol (VoIP) program that encrypts phone calls, and TextSecure, an app for sending and receiving encrypted text messages and scrambling the messages stored in their inbox. (more)

ISS LEO BUG TAP CONFAB

Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering

ISS World Europe, hosted in Prague (June 2-4), is the world's largest gathering of European law enforcement, intelligence, defense, homeland security analysts and telecom operators responsible for lawful interception, electronic investigations and network intelligence gathering.

Track 1: ISS for Telecom Operator Lawful Interception
Track 2: ISS for Criminal Investigation
Track 3: ISS for Data Retention and Regulatory Compliance
Track 4: ISS for Mobile Location, Surveillance and Intercept 
Track 5: DPI for Lawful Interception, Network Security and Traffic Management
Track 6: ISS for Intelligence Gathering and Analysis
Track 7: LEA and Intelligence Analyst Training and Product Demonstrations 

Certificate of LEA/Intell Communication Monitoring and Surveillance Training Completion available upon request. (more)

TSCM Tools of the Trade

Many (but not all) tools of the TSCM trade are featured in the June issue of WIRED Magazine.

Russians and Chinese agents "spying on German firms wholesale"

Germany is full of Russian and Chinese spies working to get information about top business and technology developments, according to the country’s domestic intelligence service. 

Studies show that the German economy loses around €50 billion a year as a consequence, Burkhard Even, head of the counterintelligence section of the Federal Office for the Protection of the Constitution, told the audience at a recent security forum in Bonn...

He also described more underhand methods which he said were often employed by agents posing as visiting business delegations or even trainees who might use mini cameras to take pictures in factories, or secretly copy data. (more)