Thursday, September 2, 2010

How to Kill Flash Zombies

Flash cookies can be used to track you across the Web without telling you. Advertisers are using it to track your movements across the Web.

Or so claims a lawsuit filed by privacy attorney Joseph Malley, one of three he's filed in the last two months against some of the biggest media heavyweights in the world -- Disney, ABC, NBC, MTV, and a host of others.

All use them employ Web ad companies like Quantcast, Specificmedia, and Clearspring to deliver Flash ads, and all of those ads store Flash cookies on your hard drive.

So what's wrong with that? For one thing, most people aren't aware Flash even stores cookies. These cookie files are ridiculously hard to find and manage: You can't get at them from your browser, and they're buried several layers deep inside your Application Data folder on Windows PCs. They can store up to 100K of data per cookie, or about 25 times what a browser cookie can store. And they can be used to recreate tracking cookies you've deleted.

In other words, if you've told an advertiser you don't want to be followed around the Web by deleting its tracking cookie, that advertiser can use Flash to 'respawn' that deleted cookie without telling you -- and continue to track you in secret. Thus Malley's lawsuits, which accuse all of those companies of breaking federal laws against computer intrusion and surveillance.

That respawning bit is why Flash cookies are also called "zombie" cookies. However, like real zombies, they can be stopped -- and you don't even have to cut off their heads (or use cricket bats and vinyl LPs, like in Shaun of the Dead ). You just need to use Adobe's Flash Player Settings Manager. (more)
Click the Adobe link above and set your preferences on the Global Settings Panel. It is easy to do and very worthwhile.

Wednesday, September 1, 2010

"Yes, you can record. Yes, you can decide not to."

Australia - Alliance Craton Explorer (a company involved in developing a uranium mine) told the Supreme Court it wanted to use recording devices in committee meetings with Quasar Resources. The companies have a joint venture agreement for the Four Mile uranium project.

Alliance claimed it wanted to protect its interests but Quasar countered that the confidentiality of the meetings could be put at risk. Quasar used its numbers at the meetings to vote against the recordings. It argued in court the use of such devices was in breach of listening and surveillance laws. 

So far, so good.

But Justice John Sulan disagreed, finding it was legitimate for Alliance to use recording devices.

However he also ruled it was acceptable for the committee to decide by a vote whether recording devices could be used. (more)

Security Scrapbook Exclusive
Possible secret recording from the meeting leaked:
"Uranium. Three Mile. Duh!" 

"No, no. Four Mile is a brilliant name. Like, mate... we go the extra mile." 

"Or, a disaster would be that much bigger, you dingo."

"I say we use kilometers instead."

The Byte of the Web Bugs

The Wall Street Journal has been running a series of very interesting - and disturbing - articles the past few days investigating Internet spying and its impact on your privacy.

For instance, did you know that the top fifty US web sites (which account for about 40% of Web pages visited by Americans) install, on average, 64 pieces of tracking technology onto the computers of their visitors? Or, that two-thirds of those tracking files were created by 131 companies, many, if not most, of which are in the business of selling the information they capture from you and me?

Of course, the companies installing the web site tracking software say it is all harmless. In fact, they argue, the information captured about us allows them to create a better on-line experience since the Web ads that we see are tailored to fit our individual interests...

As a result, tracking software on web sites has increased in sophistication to where - using so-called "Web bugs" - your cursor movements on a web page along with what you are typing are being analyzed to create profile of you (or better, your computer) that can be also tracked across web sites. (more)

SpyCam Story #582 - Don't ask, don't tell.

Australia - An army employee alleged to have put a covert filming device in change rooms at his barracks will stand trial. Nathan William Freeman, 27, is charged with indecent filming.

It will be alleged a secret camera resembling a car's key remote was put in change rooms at the Woodside barracks in the Adelaide hills. Police say the item was handed in as lost property and then discovered to be a secret camera on closer inspection. (more)

Reykjavik's Gargoyle SpyCam

Seen during my travels in Iceland this week...










Gargoyle watches the watchers.



Who says Vikings don't have a sense of humor?

Saturday, August 28, 2010

The Eight Most Secretive Companies...

...are also some of the most successful. 
Follow their lead. 
Engage a good counterespionage specialist.

The need for secrecy in business has led to a shadow industry known as industrial espionage. The practices of “spying” used to be physical. A spy would have to be near the product to describe or photograph it. Electronic surveillance replaced this in the second half of the 20th century and “bugs,” wire taps, and digital theft of documents became more popular. Today, espionage is incredibly sophisticated... 

This is a list of eight of the most secretive companies in America, firms which rely heavily on keeping secrets. A breach of their most confidential products or services could damage their current business value and, over time, even destroy a company.
• Apple, Inc.
• Xe Services LLC (formerly Blackwater)
• Renaissance Technologies LLC
• Google, Inc.
• Boeing, Co.
• Monsanto, Co.
• PGP
• The Coca-Cola Company
(more)

HSH Nordbank Chief Nonnenmacher Says He Never Approved or Tolerated Spy

Germany - HSH Nordbank AG Chief Executive Officer Dirk Jens Nonnenmacher said he never approved or tolerated spying at the bank and that the lender will “do everything” to examine allegations that spying took place...

German magazine Der Spiegel reported on Aug. 21 that officials at the bank asked a security company to investigate former HSH Nordbank Chief Operating Officer Frank Roth, who was fired last year. The magazine relied on a document citing an unidentified former security adviser.

Nonnenmacher said the security adviser has since made a statement revoking the allegations... (more)

SpyCam Story #581 - Hill Out

MI - Former Egelston Township Treasurer Brian Lee Hill is free on bond after spending three years in prison on a batch of now-reduced child-pornography convictions...

The longtime elected official spent three years behind bars, almost to the day. He was sentenced Aug. 24, 2007, to 10 concurrent terms of 4 3/4 years to 20 years, as well as shorter concurrent terms -- already served -- for electronic eavesdropping. The eavesdropping convictions were for spying on showering foreign exchange students with a videocamera hidden in his bathroom. (more)

SpyCam Story #580 - The Curtains Caper (UPDATE)

Malaysia - Selangor Mentri Besar Tan Sri Khalid Ibrahim played detective today when he revealed the origins of a spy camera found in his office on August 10.

He said internal investigations by his office have located the factory that made the camera and the store where it had been bought. Khalid also dismissed allegations that it was a “political plot” to not lodge a police report.

The mentri besar had discovered a Fuji-brand camera on a ledge behind the curtains in his office on August 10. He had said checks had also been carried out in the state executive councillors’ offices to detect if there were more hidden cameras. (more)

Thursday, August 26, 2010

The Spying on the Neighbor Fiasco


Don't watch this at work. 
Save it for later. 
Have a nice weekend. (video)

Yet another challenge to the 2-party consent eavesdropping laws

Using an iPhone to secretly record a conversation is not a violation of the Wiretap Act if done for legitimate purposes, a federal appeals court has ruled.

“The defendant must have the intent to use the illicit recording to commit a tort of crime beyond the act of recording itself,” (.pdf) the 2nd U.S. Circuit Court of Appeals ruled.

Friday’s decision by the 2nd U.S. Circuit Court of Appeals, which involves a civil lawsuit over a secret audio recording produced from the 99-cent Recorder app, mirrors decisions in at least three other federal appeals courts.

The lawsuit concerns a family dispute over the making of a dying mother’s will. Days before the Connecticut woman died, her son secretly recorded a kitchen conversation between the son, mother, stepfather and others over how to handle her estate after her death. (more)

Wednesday, August 25, 2010

SpyCam Story #580 - It's curtains for the staff.

East Malaysia - Selangor Menteri Besar Tan Sri Abdul Khalid Ibrahim has denied a suggestion that he would reshuffle his office staff following the discovery of a hidden video camera in the office.

He said the State Government would first find out why the staff in his office had not detected the device. "If we find out it involved the staff in the Menteri Besar's office, then action will be taken against them.

Abdul Khalid stumbled upon a hidden video camera in a gap between the thick curtains in his office on Tuesday. (more)

Did you know... most eavesdropping devices are found by accident?
Imagine the results if people looked occasionally.
Don't want to do it yourself? 
Call the folks who bring you Kevin's Security Scrapbook.
It's what they do best.

Life, art and duffel bags...

Body of Missing British Spy
Found Stuffed in Bag 

in His Apartment
The body of an employee of Britain's spy agency MI6 has been found in a bag in a central London apartment where he may have been murdered two weeks ago, British media reports.

The body of Gareth Williams, 31, was found Monday stuffed in a large sports bag in his bath only a few hundred yards from MI6 headquarters, the Daily Mail reports.

MI6 gathers secret information about Britain's overseas enemies, making the spy a possible target of terrorists, the Mail says.

BBC's security correspondent says it is not clear what the victim did for MI-6, but that it is reported that he was on loan from the Government Communications Headquarters, the electronic eavesdropping agency, implying he was a technical expert. (more)

(more)

Tuesday, August 24, 2010

ACLU challenges Illinois eavesdropping act

Over the past few years, there have been several cases of people being arrested for recording police. The issue is the audio part of the recording. In some states, the law requires the consent of all parties to the conversation. The ACLU has taken notice... and exception to what they see as a double standard and a violation of the First Amendment to the Constitution.

It's not unusual or illegal for police officers to flip on a camera as they get out of their squad car to talk to a driver they've pulled over.

But in Illinois, a civilian trying to make an audio recording of police in action is breaking the law.

"It's an unfair and destructive double standard," said Adam Schwartz, a lawyer with the American Civil Liberties Union of Illinois.

In its lawsuit, the ACLU pointed to six Illinois residents who have faced felony charges after being accused of violating the state's eavesdropping law for recording police making arrests in public venues.

On Wednesday, the ACLU filed a federal lawsuit in Chicago challenging the Illinois Eavesdropping Act, which makes it criminal to record not only private but also public conversations made without consent of all parties. (more)

---

That Anthony Graber broke the law in early March is indisputable. He raced his Honda motorcycle down Interstate 95 in Maryland at 80 mph, popping a wheelie, roaring past cars and swerving across traffic lanes... Anthony Graber was arrested for posting a video of his traffic stop on YouTube. (video and report)

YouTube still features Graber’s encounter along with numerous other witness videos. "The message is clearly, ‘Don’t criticize the police,’" said David Rocah, an attorney for the American Civil Liberties Union of Maryland who is part of Graber’s defense team. "With these charges, anyone who would even think to record the police is now justifiably in fear that they will also be criminally charged." Carlos Miller, a Miami journalist who runs the blog "Photography Is Not a Crime," said he has documented about 10 arrests since he started keeping track in 2007. (more)

"Bugging teacher... sweet-ish, fer sure."

Sweden - Two Stockholm schoolgirls have been taken to court for trying to bug their teachers during a grading conference. They were found out after one of them revealed all on Facebook.

The pair, who are in their early teens, came up with the idea after finding a key to the staff common room. They bought basic bugging equipment in a gadget shop, waited until the end of the school day, and planted the device in the staff room.

The girls, who attend a middle school in the capital, planned to listen in on a meeting the following day at which teachers would decide their grades. They were hoping to glean information that would enable them to get their grades improved.

The plan might have gone off without a hitch if one of the girls in her enthusiasm had not revealed all on Facebook, according to Metro. The girls were prosecuted for trespass and arbitrary conduct and fined 2,000 kronor ($270) each by Stockholm District Court. (more)