Run a shadow OS on your computer for super secrecy...

via lifehacker.com

...if you're really serious about protecting your data, you can actually hide your entire operating system. Here's how to do it.

To accomplish this task, we'll be using TrueCrypt, our favorite free and open-source disk encryption software that runs on all platforms, supports hidden volumes, and can even encrypt your entire hard drive.


Once we've completed the setup, you'll have two Windows installations and two passwords. One password will activate a hidden Windows installation as your real operating system, and the other, a decoy install to throw intruders off the trail. (more)

Mobile Smart Phone Spying... There are apps for that!

 As smartphones and the applications that run on them take off, businesses and consumers are beginning to confront a budding dark side of the wireless Web....

"Mobile phones are a huge source of vulnerability," said Gordon Snow, assistant director of the Federal Bureau of Investigation's Cyber Division. "We are definitely seeing an increase in criminal activity."

The FBI's Cyber Division recently began working on a number of cases based on tips about malicious programs in app stores, Mr. Snow said. The cases involve apps designed to compromise banking on cellphones, as well as mobile "malware" used for espionage by foreign nations, said a person familiar with the matter. To protect its own operations, the FBI bars its employees from downloading apps on FBI-issued smartphones. (more)

Buy, buy anonymous pre-paid cell phones...

A bipartisan pair of Senate leaders have introduced a first-of-its-kind bill aimed at stopping terrorist suspects such as the would-be Times Square bomber from hiding their identities by using prepaid cellphones to plot their attacks.

The legislation sponsored by Sen. Charles E. Schumer (D-N.Y.) and Sen. John Cornyn (R-Tex.) would require buyers to present identification when purchasing a prepaid cellphone and require phone companies to keep the information on file, as they do with users of landline phones and subscription-based cellphones. The proposal would require the carriers to retain the data for 18 months after the phone's deactivation. (more) 
...while you can.

"Y" ??? Because I liked you.

A former assistant to a top Disney executive was arrested for allegedly trying to sell the company's quarterly earnings to buyers who wanted to trade on inside information.
    

Prosecutors say Bonnie Hoxie, 33, who has worked as a secretary for Disney's PR chief since 2007, passed along inside information such as quarterly earnings statements to her boyfriend, Yonnie Sebbag aka Jonathan Cyrus, who was also arrested for his alleged role in the crime.
    

Sebbag, 29, then tried to sell the inside information to investors by sending anonymous letters to hedge funds and investment companies, according to the complaint in Federal Court. (more)

iPhone PIN Prick

Basically, plugging an up-to-date, non jail-broken, PIN-protected iPhone (powered off) into a computer running Ubuntu Lucid Lynx will allow the people to see practically all of the user's data--including music, photos, videos, podcasts, voice recordings, Google safe browsing databases, and game contents. The "hacker" has read/write access to the iPhone, and the hack leaves no trace. (more)

Poll: Is '21st Century Living' worth the privacy tradeoffs?

Kevin's Security Scrapbook Poll Results

"Is '21st Century Living' worth the privacy tradeoffs?"
56.25%  No, not at all!
31.25%  Yes, definitely!
12.5%  The tradeoffs balance it all out.

A Data Loss Statistics Repository

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one.  

Help keep this Museum of Bitten Bytes going.
Open Security Foundation is the non-profit organization which runs the project. Their Web site, DataLossDB.org, asks for contributions of new incidents and new data for existing incidents. You can also contribute money.

Here is how some of their information is used...
The world's coolest data breach map!
Guaranteed to scare the dollars out of any tight-fisted CFO.

3 Graphic Arts Spy Techniques

If you use Photoshop or Illustrator you can send secret messages...
"You’re mission, if you choose to accept, is to learn how to smuggle secret information out of a building using Illustrator, encrypt a simple message using Photoshop and send a yes/no type of answer to a network of spies using a picture without any direct interaction. Enjoy!" (more)

Another Formula One Spy Scandal?

Formula One seems to thrive on scandal. Hardly a year goes by without some kind of dispute putting the sport on the front pages rather than the sports pages.

In recent years we have had Tyregate, Spygate, Liegate, Crashgate and even Spankgate. What next?

Well, according to a report in the Express by Pitpass' business editor Chris Sylt, it looks like a Spygate sequel is on the horizon.

Records at the UK's High Court show that Force India has launched a damages claim against the companies which run Lotus Racing alleging that they copied the windtunnel model which its car is based on.

The claim has echoes of the row which erupted in 2007 when the FIA fined McLaren $100m for possessing blueprints from Ferrari. (more)

"Place of the gods" gets CCTV

Hotels in the Tibetan capital, Lhasa, are being forced to install electronic surveillance equipment amid an ongoing security clampdown in the city, industry sources said... The hotel security measures come hard on the heels of tighter curbs on the cultural lives of Tibetans, including the use of print shops to replicate Tibetan-language material. (more)

Guess who runs CCTV.com.

Client Alert - FM Wireless Microphones - Illegal

FM Wireless Microphones capable of operations in the 700 MHz frequency range become illegal to use, in the United States, in just less than two weeks. 

For years, I have been advising clients to stop using FM wireless microphones in their Boardrooms and at off-site meetings. Eavesdropping on their transmissions is just too easy. 

A new generation of digital and encrypted wireless microphones are available to replace them. "Now" is an excellent time to justify the switch.

The FCC says... "To see if your wireless microphone operates on the 700 MHz band, simply click on the name of the manufacturer and see if your model is listed. (chart)

• If your model is listed on the table, it is a 700 MHz wireless microphone and can not be used after June 12, 2010. 
  
  
• If you can find your manufacturer’s name and your equipment is not listed, then you may continue using your wireless microphone because it does not operate in the 700 MHz Band. (Due to the eavesdropping risk, Murray Associates does not recommend this option.)

If your manufacturer is not listed, please contact the FCC for additional assistance to determine if your wireless microphone operates on the 700 MHz Band."

Need a source for digital wireless microphones?  

• Revolabs

• Audio-Technica - SpectraPulse™ Ultra Wideband (UWB) (white paper)

• Lectrosonics (...and an Encryption White Paper)

• Zaxcom 

• Mipro ACT-82 

• Telex SAFE-1000

The Geek Chorus on USB Sticks

Background... The Unsolicited "Gift" USB Stick

The latest proof...

Australia - IBM has been left with egg on its face after it distributed virus-laden USB keys to attendees at Australia's biggest computer security conference.

Delegates of the AusCERT conference, held over the past week at the Royal Pines Resort on the Gold Coast, were told about the malware problem in a warning email this afternoon by IBM Australia chief technologist Glenn Wightwick.

The incident is ironic because conference attendees include the who's who of the computer security world and IBM was there to show off its security credentials. (more)

Business Survival™ Weblog

Sure, dealing with business spies is important. That's probably why you're here. But what about all the other business risks you face? Where can you go for help and advice?

One place you should visit each day is Rothstein Associates Inc. Business Survival™ Weblog.

Here is a tip I recently picked up while visiting...

Many of us have had to deal with mentally unstable people at different times and at different levels of the corporate world, including those at executive levels tasked with making significant decisions for their organizations.

Like pornography, a lack of mental stability in people, especially in the workplace, is something most of us recognize when we see it. The effects of mental illness often cause serious negative impacts on the departments and the people the sick individuals interact with. But, because mental illness is still a taboo subject in corporate America, these people remain in their high level posts “undiscovered” for years.

See Dealing with Mentally Unstable Managers, by Joel Font, CISA, CBCP.

Philip J. Rothstein's Business Survival™ Weblog is loaded with tips like this one. It even has a special feeds called Global Disaster Alert (that'll cheer you up in the morning) and Business Survival™ News.

Breaking into Your Garage

If you have an automatic garage door opener, you may want to move your valuables somewhere else. This video shows how a burglar can open a closed (and supposedly locked) garage door, quietly, in less than six seconds! 

Security Scrapbook Tip #203: Secure the interior mechanical pull with a bent wire (a section of old coat hanger will do). Objective... pulling on the lever or cord will do no good until the wire is removed.

False Friends

Australia - It is alleged one of the bank's Melbourne-based debt collectors set up a fake account on the social networking site to covertly gather debtors' addresses, phone numbers and emails.

More than 80 people added "Max Bourke" as a contact before the fake profile was removed from the website yesterday.

ANZ spokesman Stephen Ries says several staff members are under investigation for their role in the online spying. (more)