Wednesday, July 14, 2010

Two Polls

This poll reflects the opinions of our Security Scrapbook readers.  

Which privacy invasions concern you the most? 
(Pick three.)

26% - Mobile Phone Spyware
18% - Computer Spyware
14% - Bugging
12% - GPS Tracking
11% - Covert Video (SpyCams)
6% - Wiretapping
6% - Covert Voice Recording
5% - Physical Eavesdropping
1% - Other (unspecified)

The following poll asked about smartphone security concerns. It was independently conducted by one of our Security Scrapbook readers. 

They placed their poll on two very different Web sites; one sports oriented, one more military oriented.

What's your approach to smartphone security? 
(Poll allowed users to check more than one.)
29.3% - I just don't do financial stuff with it.
15.5% - Whatever came with it is good enough. I hope.
13.7% - I added a special security program.
13.7% - OK, but who'd want to hack/eavesdrop on me?
12% - Haven't even thought about it.
10.3% - I double-check all apps before downloading.
5.0% - Not worried - Apple's got my back.

Granted, neither poll is scientifically sound or statistically significant, but the answers are interesting on an informal level. 

Thanks to all who participated. 

If you have any ideas for future Security Scrapbook polls please let me know. ~Kevin

Posted by at
Labels: , , , , , ,

Monday, July 12, 2010

Inception - An Industrial Espionage Dream Job

Inception opens July 16th in theaters and IMAX
Dom Cobb is a skilled thief, the absolute best in the dangerous art of extraction, stealing valuable secrets from deep within the subconscious during the dream state, when the mind is at its most vulnerable. Cobb's rare ability has made him a coveted player in this treacherous new world of corporate espionage... (more) (more)

As we've been saying all along, the final frontier of eavesdropping is mind reading. Think of the movie Inception the same way you think of _this one_ ...just with a shorter flash to bang.
Posted by at
Labels: , , , ,

Bluetooth Bites Again

UK - A British woman's lawsuit against her ex-husband claims he bugged her car to record her private conversations during the final months of their marriage.

Baksho Devi Gora of Walsall, England, filed a High Court lawsuit seeking "substantial damages" from ex-husband Harvinder Singh Gora for allegedly violating her privacy by recording private telephone conversations from her car and playing them for family and friends, The Daily Telegraph reported Friday.
They were probably made via a small device secretly attached to the Bluetooth system in Mrs Gora's car in May 2008, said her barrister, Mr Eardley. (more) (how they do it)
Posted by at
Labels: , , , , ,

Spies Demise

Moscow - The 14 alleged spies deported from Russia and the U.S. remained out of public view over the weekend amid uncertainty over where they had been taken and how they would restart their lives...

Nuclear scientist Igor Sutyagin phoned his family from an unidentified hotel near London, where he is apparently confined by British authorities until a decision is made about whether he will remain in the U.K., his mother said.

The whereabouts of the others, including the 10 Russian agents expelled from the U.S. to Moscow, were unknown. (more)
Posted by at
Labels: , ,

Quis custodiet ipsos custodes?

via Wired.com...
We’re not sure what’s more humorous: That California Rep. Jane Harman, the ranking member of the House Intelligence Committee, maintains two unencrypted Wi-Fi networks at her residence, or that a consumer group sniffed her unsecured traffic in a bid to convince lawmakers to hold hearings about Google.

A representative for Consumer Watchdog — a group largely funded by legal fees, the Rose Foundation, Streisand Foundation, Tides Foundation and others — parked outside Harman’s and other lawmakers’ Washington-area residences to determine whether they had unsecured Wi-Fi networks that might have been sniffed by Google as part of the internet giant’s Street View and Google Maps program.

The group wants the House Energy and Commerce Committee, of which Harman is also a member, to haul Google executives before it, so they can publicly explain why, for three years, Google was downloading data packets from unencrypted Wi-Fi networks in neighborhoods in dozens of countries.(more)
Posted by at
Labels: , , , , ,

Bad Guys Bug Back

Pakistan - The Farozabad Police have arrested three suspected persons and recovered bugging devices and cameras, which could have been used for terrorism. (more)
Posted by at
Labels: , , , ,

Friday, July 9, 2010

"What to do?" The First Responder Blues

The Cell Phone
dum-di-dum-dum (makes a great ringtone)
...he’s looking at a homicide. For one thing, there’s that bullet in her head. He immediately realizes that another sort of witness to this crime might be on the other end of that phone connection. He reaches through the open car window to grab the phone and thumb through its recent call history. Then he stops himself...

...He knows better than to disturb a crime scene. And he’s never seen that particular model of phone—he could potentially push the wrong buttons and destroy evidence. He needs to get that device to a forensic lab, where the information can be extracted properly, in a way that preserves not only the contacts, call histories, text messages, e-mail, images, and videos but also their admissibility in court. (more)
"What would you do?" (click here)

The Bug in the Boardroom
It's a hot summer Monday morning. In the offices of Mongo Industries a secretary readies the Boardroom for the weekly strategy meeting. The air conditioning has been off all weekend, and just kicked in. Then...THUNK! 

Startled, she stares under the massive table. Her eyes adjust to the dark. A small dark object with gooey strips of masking tape near the Director's chair stares back.
"What would you do?" (click here)
Posted by at
Labels: , , , ,

Thursday, July 8, 2010

The employees are picking your pockets...

Thirty-five percent of companies believe that their organisation's sensitive information has been given to competitors, according to a new survey. 

Cyber-Ark Software's "Trust, Security and Passwords" global survey also found that 37 percent of IT professionals surveyed cited former employees as the mostly likely source of this loss. 

The IT security company questioned more than 400 senior IT administrators in the UK and US in the spring of 2010 for the fourth annual survey.

The survey found that the most popular sensitive information to be shared with competitors was the customer database (26 percent) and R&D plans (13 percent). (more)
Posted by at
Labels: , , , ,

"Who's your DB daddy? Say it. Say IT."

TX - A former IT senior database administrator at a Houston electricity provider was sentenced Tuesday to one year in prison for hacking into his former employer's computer network, the US Department of Justice said...

On April 30, 2008, after he was fired, Steven Jinwoo Kim, 40, of Houston, used his home computer to connect to Gexa's computer network and to a database containing information on about 150,000 Gexa customers, the DOJ said. Kim damaged the computer network and the database in the process, the DOJ said. 

Kim also copied and saved to his home computer a database file containing personal information on the Gexa customers, including their names, billing addresses, Social Security numbers, dates of birth and drivers license numbers. Kim's actions caused a $100,000 loss to Gexa, the DOJ said. (more)

Posted by at
Labels: , , , , , ,

Wednesday, July 7, 2010

USB coffee-cup warmer could be stealing your data

via New Scientist...
Are you sure that the keyboard or mouse you are using today is the one that was attached to your computer yesterday? It might have been swapped for a compromised device that could transmit data to a snooper.

The problem stems from a shortcoming in the way the Universal Serial Bus (USB) works. This allows almost all USB-connected devices, such as mice and printers, to be turned into tools for data theft, says a team that has exploited the flaw.

Welcome to the murky world of the "hardware trojan". Until now, hardware trojans were considered to be modified circuits. For example, if hackers manage to get hold of a microchip when it is still in the factory, they could introduce subtle changes allowing them to crash the device that the chip gets built into. (more)

Security Directors - You already know about the dangers of plugging in dirty USB memory sticks. Now, you need to consider the possibility that foreign governments are loading other "legitimate" USB devices with spyware at the chip level. (Hey, they did it with hard drives.) Alert the employees. Convince them to resist the "Oh, isn't it cute. Let's plug it in," temptation.
Posted by at
Labels: , , , ,

Indians Put Squeeze on BlackBerrys... again

India - Security concerns associated with the services of BlackBerry, the smartphone used by nearly a million customers in India, have come to the fore again, raising the possibility of a fresh standoff between the Canadian service provider and the government.

The government plans to give BlackBerry maker Research in Motion (RIM) 15 days to ensure that its email and other data services comply with ‘formats that can be read by security and intelligence agencies’ after its spooks recently raised a red flag against the popular handset, said department of telecom (DoT) officials familiar with the matter. (more)
Posted by at
Labels: , , , , , , , ,

Seoul Suckers Drain Life from Businesses

South Korean industrial spying cases have risen consistently, largely in the electronics industry, a center tied to the chief national intelligence agency said.

During the past six years, 203 cases have involved current and former employees who stole and tried to sell South Korean technologies abroad, the National Industrial Security Center said in a report. (more)
Posted by at
Labels: , , , ,

Spy High

UK - A university is offering a degree - in SPYING.

Students are studying organised crime and terror groups for an MSc in Intelligence Data at Coventry University.

The 12-month postgraduate course - the first in the UK - has been set up because so many students want to work in intelligence. Applications to join MI5 and MI6 have risen 90 per cent in 10 years.

The university said: "We don't teach students how to hide behind newspapers with holes cut out for eyes, but how to interpret data and build criminal profiles for police and anti-terror organisations." (more)

Interesting...
• The course is available online and can be studied either part-time or full-time. 
Colombo is the Senior Lecturer for the Criminology portion. (Just coincidence?) 
• "...and conduct your own research project"
• Those wishing to study this course can apply online by completing this online application form. "Unfortunately we cannot process online applications from international applicants at this time. Please check our website for details of how to apply.
Posted by at
Labels: , ,

Answer - "You lacked a counterespionage plan."

A cautionary tale...
CA - The leaders of the California Nurses Association had barely wrapped up a news conference recently slamming GOP gubernatorial candidate Meg Whitman when they learned Whitman's campaign had been watching them the whole time.

A volunteer for the Republican had sneaked into the event held at the union's downtown Oakland headquarters and sent live streaming video back to the campaign nearly 50 miles away in Cupertino. Within hours, Whitman aides were blasting to supporters an e-mail response to the event that featured clandestine video snippets.

"I wonder who it was," union Co-President Deborah Anne Burger said after learning about the Whitman spy. "How did they get in?" (more)
Posted by at
Labels: , , , , ,

Friday, July 2, 2010

Tamatebako - The Hara Kiri Thumb Drive

Losing your memory?  Get this...
Fujitsu’s has a new Secure USB Memory Device, called Tamatebako. It has 2GB capacity and supports AES 256-bit encryption and will delete its stored data after 10 minutes up to one week. 
 
It will also commit hara-kiri if told the wrong password or forced to have intercourse with an unauthorized computer. (more)
Posted by at
Labels: , , ,
Subscribe to: Posts (Atom)