Tuesday, November 2, 2010

Book Banning Over Industrial Espionage Fears

Many of Germany's top companies are blocking access to Facebook and other social networking sites over fears of industrial espionage and other security concerns, according to a new report. Business weekly Wirtschaftswoche said that many companies on the Dax-30 blue-chip index saw an unacceptable risk posed by employees using such sites at work. (more) ...not to mention the financial drain of social notworking.

Monday, November 1, 2010

"Crito, we owe a rooster to Asclepius. Please, don't forget to pay the debt."

Greece is having a Patriot Act moment, drafting legislation that would break down privacy laws and significantly increase police power. But their catalyst is debt, not terrorism.

Draft legislation obtained by The Katimerini would create government agencies to regulate tax evasion, entitlement issues and use of public property. Police officers in these departments would have unprecedented power to eavesdrop on suspects' conversations and communications and to disguise their identity in pursuit of a suspect.

This would be a major change for a country known for strict privacy laws, according to The Katimerini. (more) (sing-a-long) (Socratic drink)

Are whack jobs bugging our Hollywood Actors?

Actor Randy Quaid (aka General George S. Merlin, "Bug Buster") and his wife, Evi... were in Canada seeking political asylum over their stated fears they would be "whacked'' if they returned to Hollywood... they fled to Canada to escape the so-called "star whackers" - a cult that is bugging their phones and hacking their computers.

"They're absolute businessmen. It's the mafia; it's organized crime," said Mrs. Quaid... The couple has said this "mafia" is behind eight celebrity, including Heath Ledger, deaths in the last 5 years. (more) (trailer)

Don't tell Mrs. Quaid. It will just upset her.

John McTiernan, director of the movie “Die Hard,” was sentenced to one year in prison for lying about his association with a private investigator, Anthony Pellicano, to illegally wiretap a movie producer. (more)

Hoist by a Voicemail Petard

Employees at a CBS affiliate in Anchorage left an accidental voicemail for an aide to GOP Senate candidate Joe Miller in which they discussed and laughed about the possibility of reporting on the appearance of sex offenders at a Miller rally. And they chatted about responding with a Twitter alert to “any sort of chaos whatsoever” including the candidate being “punched.”
 
Jerry Bever, general manager for KTVA, said in a statement that a call to Miller spokesman Randy DeSoto to discuss the candidate’s planned appearance on a newscast wasn’t disconnected after the conversation ended. The call took place during a KTVA staff meeting to plan coverage of that evening’s Miller rally in downtown Anchorage. (more)

Sunday, October 31, 2010

Hamas warns against buying cars imported from Israel

The Hamas government in the Gaza Strip is warning local politicians, government officials and faction leaders against buying cars imported from Israel for fear they may contain eavesdropping equipment or even remote-activated bombs planted by Israeli security agencies. (more)

Test your car...
If you own a late model General Motors car with OnStar, try this test. Tune your radio to 770 AM, turn up the volume and tap on the OnStar microphone near the rear view mirror. Do you hear yourself coming through the radio? No? Maybe they only bugged my car. ~Kevin

Google Bans SMS Spy App Tap

A controversial mobile phone application, which helps a cell phone user read the text messages of others secretly, has been removed from sale by Internet search engine Google.
Google said the application, called SMS Secret Replicator, violated its terms.

Once installed on a mobile phone, the Android phone application automatically creates carbon copies of incoming text messages and forwards them to a selected number - prompting fears it could be used by jealous lovers and even work colleagues to snoop on private messages. (more) (video)
Google may have dropped it from their marketplace, but doesn't mean this $9.99 app is not available elsewhere. (more
Coming soon, a way you can detect if your phone is infected with spyware. (more)

Thursday, October 28, 2010

Security Alert: iCracked

A security flaw in the iPhone allows strangers to bypass the handset’s lock screen with a few button presses.

...the quick method to circumvent an iPhone’s passcode-protected lock screen:
• tap the “Emergency Call” button,
• then enter three pound signs,
• hit the green Call button
• and immediately press the Lock button.
That simple procedure gives a snoop full access to the Phone app on the iPhone, which contains the address book, voicemail and call history. (more)

Apple:
“We’re aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November." 

"Why is this important?”
Not having password protection on a smart phone leaves you open to information theft, jail-breaking and injection of spyware.

"Why does this trick exist?"
• It is a software loophole.
• It is a programmer's shortcut they forgot to patch.
• It is a programmer's Easter egg.
• It is a law enforcement backdoor never meant to become public knowledge.
Interesting question. You decide.

FutureWatch: The ability to create passwords longer than four measly digits... which is only a pool of only 10,000 passwords. ~Kevin

Wednesday, October 27, 2010

Firesheep Makes Stealing Your Wi-Fi Secrets Easy

via Steven J. Vaughan-Nichols
From all the yammering, you’d actually think there was something new about Firesheep, the Firefox extension that lets you grab login IDs, passwords, and other important information. What a joke. I, and any hacker or network administrator worth his salt, have been able to do this kind of stuff for years.

The only thing “new” about Firesheep is that how it easy makes it to do. I’m unimpressed. Anyone who was serious about grabbing your personal information has already been doing it for years. Trust me, if someone really wanted your data and you’ve been using open Wi-Fi networks, they already grabbed it.

No, the real worry isn’t about some jerk grabbing your Twitter password in a coffee house. The real worry has always been that your office Wi-Fi is easy to compromise and then someone can use a packet-sniffer to get something that really matters like your your Accounts Payable password. (more)

Need a Wi-Fi Security Audit and Compliance Inspection? (you do) Please call me. (more)

11/4/10 - UPDATE:  IBM researchers are proposing an approach to WiFi security they call Secure Open Wireless in light of the release of the Firesheep tool. (more)

11/5/10 - UPDATE: 10 Ways to Protect Yourself from Firesheep Attacks (more)

Our Spy Coin Receives the Ultimate Compliment

I give spy coins to my clients.
It is a reminder that information loss is mostly a people problem, not an electronic problem. Filing cabinets of information can walk out the door in pocket change!


Careless people often blab information, forget to secure it, toss it in the garbage can, or otherwise lose it—hundreds of laptops are lost every day. People also steal it when they become greedy, spiteful, conned, blackmailed, or caught up in a “cause.”

Investigating an information loss, however, begins with an electronic surveillance detection audit.

Here’s why...
• Serious espionage will include electronic surveillance.
• The possibility must be resolved before accusing people.
• Bugging is the easiest spy technique to discover.
• Electronic surveillance evidence helps prove your case.

Best advice...
Conduct audits on a regular basis. Uncover signs of espionage during the intelligence collection stage, before your information can be abused. (more)

A client reports back...
"I think of all of the trinket type things we’ve accumulated over the years, the spy coin is *by far* the coolest, and is made even cooler with the background story provided on the chip!!

I took mine with me to the FBI building today and had the guards there X-ray it along-side of a normal quarter to see if its secret contents could be seen on an “airport quality” X ray machine.  They printed out a copy of the scan image, I’ve attached it to this email for your amusement as well. 

Several agents commented on how well it was made, and how hard it would be to detect such a thing."

Tuesday, October 26, 2010

Sunday, October 24, 2010

Why Wiretap When You Can buy the Phone Company?

A proposed deal between Sprint Nextel, Cricket and two Chinese telecom companies has raised a few eyebrows, with some U.S. senators concerned about security.

The Hill reports a bipartisan group of legislators wrote a letter seeking reassurance about the deal from Federal Communications Commission Chairman Julius Genachowski.

The letter, signed by Susan Collins (R-Maine), Jon Kyl (R-Ariz.) and Joe Lieberman (I-Conn.), contends the two Chinese companies, ZTE Corporation and Huawei, have ties to the Chinese military and are financed by the Chinese government.

The letter raised the specter of the Chinese government or military using the companies to spy on American communications. (more)

How to Solve a TSCM vs, CCTV Mystery

Chicago, IL - It may sound like cloak and dagger fiction, but FOX Chicago News has learned something very odd happened Wednesday night on the fifth floor of the Cook County building. The latest bizarre twist in the ongoing corruption scandal in Stroger's office involves high-tech surveillance experts caught leaving the office of Cook County Board President's office.

A deputy sheriff patrolling the building stopped a group of five men leaving Todd Stroger's office around 9:30 p.m. Wednesday.

One of the men identified himself as the county's Homeland Security Director David Ramos. The other four men were asked to provide identification.

They did, and at least three of them have experience in surveillance and counter-surveillance... (One of the men) would not comment on what they were doing in Stroger's office, but there is rampant speculation at the County building they were sweeping the offices for electronic bugs.

Cook County Inspector General Pat Blanchard said his staff visited Stroger's office Thursday afternoon and removed some evidence related to the ongoing investigation into sham contracts...
 
David Ramos, the county's Homeland Security Director who escorted the men into the office, said through a spokesman they were simply scouting locations for placement of security cameras in the President's office. (more)

Solution: Ask the Deputy if the "visitors" were leaving empty-handed. A sweep requires several cases of instrumentation. Conducting a CCTV design layout does not.

Friday, October 22, 2010

CSI - Who Poo'ed

What can property managers do when dog owners don’t pick up after their dogs? Under normal circumstances, not much, because there is no way of knowing who the violators might be. But now, with a new program called PooPrints that uses DNA to identify the dog in question, managers can catch the culprit (dog owner) in a matter of days.

PooPrints is a dog DNA identification program from BioPet Vet Lab built on a scientific foundation, providing communities with a means to enforce community regulations for pet waste clean-up. “The problem of pet owners not picking up after their pets is tearing apart communities,” says BioPet Vet Lab CEO Tom Boyd. Consumer Reports lists ‘dog poop’ as one of the nation’s top ten personal gripes. So BioPet Vet Lab used its research in animal DNA identification systems to help provide community leaders with a tool to bring peace back to the neighborhood. (more)

Thursday, October 21, 2010

Ex-Chief Legal Counsel Pleads Guilty

OH - The former state lawyer behind an electronic eavesdropping scheme agreed yesterday to plead guilty to three misdemeanor charges and cooperate in other investigations, including one into an aborted operation at the Governor's Residence.

Joshua Engel, the former chief legal counsel for the Ohio Department of Public Safety, faces three misdemeanor counts of intercepting and disclosing sensitive, confidential information from investigations by the state inspector general, the Ohio Ethics Commission and federal authorities. (more)