Friday, September 17, 2010

Quote of the Week - On NSA Extroverts

"Last NSA party I was at was pretty boring, it was full of NSA extroverts, they were too busy looking at everyone else's shoes!" ~ William Knowles

Hope everyone finds a better party this weekend.

"Might as well admit it, we're addicted to bugs."

John Locke, a professor of linguistics in New York... Eavesdropping may be socially unacceptable in many quarters, but it is hardwired into us. I think of social eavesdropping, 'recreational eavesdropping' if you like, as actually irrepressible. We have an evolved appetite for information about the personal and private lives of others. Professor Locke has been studying the history of the subject for a new book - Eavesdropping, An Intimate History. (more) (sing-a-long)

Blackberry agrees to government access... Now, what are governments doing with this information?

Rows over whether several emerging countries can effectively intercept Blackberry smartphone messaging have turned attention to how state spy agencies access electronic communications. For business users, the main question is not whether messages can be read but whether that information will then be used for commercial ends. (more) A long but comprehensive look at how different countries use their electronic communications intercepts.

Thursday, September 16, 2010

SpyCam Story #582 - The Deep Six

A man who objected to a CCTV camera keeping watch on his bedroom window from the house opposite appeared before a judge – for stealing the camera and throwing it in a river. The camera had been installed in the empty house opposite Christian Lord’s home... 

He and his girlfriend didn’t like the 24-hour monitoring of their movements, so he broke in and removed it. The 35-year-old pleaded guilty at Carlisle Crown Court to a charge of burglary and the theft of the £1,500-worth of surveillance equipment. 

The judge said, "While in no way can I condone your actions, this is far removed from a typical case of burglary. It seems you did it just to stop yourself being snooped upon.” (more)

"Hey, boss. Check your office lately?"

Monster Worldwide, Inc., recently polled its U.S. visitors to gauge their feelings towards bosses... The August poll also asked Americans that if they could spy or eavesdrop on their boss without getting caught, would they? 

More than half of the 2,153 respondents (57 percent) said they want to know what their bosses are saying about them behind closed doors. Only 12 percent say they would not eavesdrop on their boss because they are afraid of what they might hear. (more)

Funny, this mirrors our eavesdropping detection findings. About half of the corporate eavesdropping cases we solve are "inside jobs." 

If you haven't checked your office lately, give a call (from somewhere other than your office) to the person who hosts Kevin's Security Scrapbook in your area. These counterespionage specialists are friendly, smart and really good at solving this type of problem. You can also contact me directly.

ID and Home Theft Made Easy

Leaving the house this weekend? Telling all your Facebook buds about it? You might want to reconsider that. Police in Nashua, New Hampshire broke up a robbery ring this week that was using Facebook to plan their heists. The gang was monitoring Facebook pages to determine when a target would be out of their home and then robbed it. (more)

The moment is special: Your kid just learned how to ride a bike without training wheels. So you fire up your iPhone's camera, snap a photograph, upload the image to TwitPic, and share the evidence of your child's triumph via Twitter. When you post the picture, a subset of the 75 million Twitter users will know the exact location of you and your child. Digital photos automatically store a wealth of information--known as EXIF data--produced by the camera. Most of the data is harmless... 
Cat burglar is also an identity thief.
however... 
Ben Jackson detailed how he found personal details about a man in a photo. Using accompanying geotagging data, Jackson located the man's house on Google Earth. Then he found a name associated with the house where the photo was taken, leading him to a Facebook account that yielded a birth date, marriage status, and friends. A second username listed on the Facebook page led to a second Twitter account, and so forth. The point here is that once you start pulling on the thread of information contained in a geotagged image, a single photo can reveal a whole trove of personal data--far more than you might think. (more)

Monday, September 13, 2010

Tree Bugs Bug MI5 Spies

British government officials in Northern Ireland have ordered 20 trees cut down outside a spying installation, after a number of surveillance cameras were discovered hidden among the tree branches. The trees are located around a multimillion-dollar spying base belonging to MI5, Britain’s primary domestic intelligence organization. (more)

Security Scrapbook Readers' Complaints & Get-It-Done Book

1. "Make the contests harder."
I am not that smart.

2. "Your Security Scrapbook is really interesting, but I don't have time to read it."
Read this... Get-It-Done Guy's 9 Steps to Work Less and Do More and then come back.
The book's official release is tomorrow. 
I have the same 'time' problem, sooo... my copy is already in the mail.
from the web site...
Get-It-Done Guy's 9 Steps to Work Less and Do More is a playful, yet serious guide to working less and doing more. In other words, creating a more productive life. Yes, it's about getting more done at work. It's also about getting more done in life. It lays out nine skills that apply anywhere you want to get greater results with less work. (For the buzzword-inclined, you can think of the book as business process re-engineering applied to individual productivity. I wouldn't say that aloud, however.) (Free downloadable chapters, Steps 1 & 2: Introduction Procrastination) (more)

3. "Don't make the contests so hard. I don't know Poe from poo." 
I hope you mean Winne the Pooh, not poo as in the Shineola adage.
"What's Shineola?"
Thus, proving the old adage true. (click)

"And, the Number One reason to buy your tickets from your friendly neighborhood scalper is..."

...the personal details of some 250,000 fans who bought tickets to the 2006 World Cup in Germany through official Fédération Internationale de Football Association (FIFA) ticket outlets have been stolen and then sold off for some £500,000. The information not only contains financial information on ticket holders, but their passport details. A criminal investigation has been launched... (more)

Quantum Cryptography's Day Off

LAST MONTH 
A team of 15 Chinese researchers from Tsinghua University in Beijing and the Hefei National Laboratory for Physical Sciences... quantum technologies have wide-ranging applications for the fields of cryptography, remote sensing and secure satellite communications. In the near future, the results from this experiment will be used to send encrypted messages that cannot be cracked or intercepted, and securely connect networks, even in remote areas, with no wired infrastructure, even incorporating satellites and submarines into the link. (more)

THIS MONTH 
Norwegian computer scientists have perfected a laser-based attack against quantum cryptography systems that allows them to eavesdrop on communications without revealing their presence. (more)

"Life moves pretty fast. If you don't stop and look around once in a while, you could miss it." ~ F.B.

Contest Answer

The cypher comes from Edgar Allen Poe's short story "The Gold Bug."

Set on Sullivan's Island, South Carolina, the plot follows William Legrand, who was recently bitten by a gold-colored bug. His servant Jupiter fears him to be going insane and goes to Legrand's friend, an unnamed narrator who agrees to visit his old friend. Legrand pulls the other two into an adventure after deciphering a secret message that will lead to a buried treasure.

Poe submitted "The Gold-Bug" as an entry to a writing contest sponsored by the Philadelphia Dollar Newspaper. His story won the grand prize and was published in three installments, beginning in June 1843. The prize also included $100, likely the largest single sum Poe received for any of his works. "The Gold-Bug" was an instant success and was the most popular and most widely-read of Poe's works during his lifetime. It also helped popularize cryptograms and secret writing. (more)

The coded message reads, "A good glass in the bishop's hostel in the devil's seat forty-one degrees and thirteen minutes northeast and by north main branch seventh limb east side shoot from the left eye of the death's-head a bee-line from the tree through the shot fifty feet out."

After decoding Captain Kidd's message about where the buried treasure was hidden the main character, William Legrand, explains to his companion how he figured out what the bishop's hostel was...  

"It left me also in the dark," replied Legrand, "for a few days; during which I made diligent inquiry, in the neighborhood of Sullivan's Island, for any building which went by the name of the 'Bishop's Hotel'; for, of course, I dropped the obsolete word 'hostel.' Gaining no information on the subject, I was on the point of extending my sphere of search, and proceeding in a more systematic manner, when, one morning, it entered into my head, quite suddenly, that this 'Bishop's Hostel' might have some reference to an old family, of the name of Bessop, which, time out of mind, had held possession of an ancient manor-house, about four miles to the northward of the island. I accordingly went over to the plantation, and re-instituted my inquiries among the older negroes of the place. At length one of the most aged of the women said that she had heard of such a place as Bessop's Castle, and thought that she could guide me to it, but that it was not a castle, nor a tavern, but a high rock." (more)

Sunday, September 12, 2010

Contest Clue

It could be said that this message was: written by two people (The author of the story and, by extension,  one of the characters referenced in the story.); then decoded by two people (Again, the author and the character in the story who decoded the message); that three people were involved in these endeavors (The author, Character 1 and Character 2; and, none of these people ever met each other. 

Even decoded, the message is mysterious. A place mentioned (a hostel), assumed to be a structure, turns out to be something quite different. What was it?

The answer, Monday, September 13, 2010 at noon (EDT).

Saturday, September 11, 2010

Spybusters Contest - Level: Difficult

It could be said that this message was: written by two people; then decoded by two people; that three people were involved in these endeavors; and, none of these people ever met each other. Even decoded, the message is mysterious. A place mentioned, assumed to be a structure, turns out to be something quite different. What was it?

Click here to send me your answer.
(Enter your e-mail address, the rest is optional.)
The first three correct answers win.
If necessary, a clue will be posted tomorrow.

Friday, September 10, 2010

Chameleon™ & PrivateEye™ - Two Cool Security Products

Now you can blind shoulder surfers with these two very cool computer security products. Very innovative. Very clever. Very secure. 

PrivateEye™ is active display security software that responds conveniently and automatically to a user. PrivateEye presents a normal clear screen when the user is present and looking at the display, but when the user’s attention moves away from the display the software immediately blurs the screen. Similarly, if PrivateEye detects an eavesdropper it can automatically blur the screen. The solution also includes a facial recognition engine. PrivateEye requires only a standard webcam. (video). 

Chameleon™ is a software and hardware solution from Oculis Labs that addresses the unique security challenge of protecting sensitive and classified materials while it is being displayed on computer screens. The solution protects displayed information against over-the-shoulder eavesdroppers, video recorders, remote electronic surveillance, and TEMPEST style threats. Using a patent-pending, gaze contingent, secure content rendering system, the software allows a trusted user to read a screen normally, but no one else can.

If you agree that this techonolgy is too cool, take a moment and help these folks win the "Hottest Tech in Town" Award. (vote here)

Thursday, September 9, 2010

Contest Alert

I received a friendly tap on the shoulder reminding me that it has been a while since our last Security Scrapbook contest.

Previous contest winners know the prizes are worthy of the effort. The contests are also fun and sometimes educational. Be sure to give it a try. 

The next contest will be posted on Saturday, September 11 at noon (12:01 PM EDT).

The challenge level for this contest question will be Difficult.The first three correct answers received via our web site's contact form win (the URL will be posted with the contest). Good luck! ~ Kevin