Friday, April 29, 2011

The 12 Step Program to Securing Your Life

Nick Mediati, of PCWorld has written a good security article with very practical advice. The summary of tips appears below, but click (more) to read the full details for each item.

Being Security Scrapbook readers, you probably already know, or have done, all of them. 

I thought so until I hit #12. It had been a while decades, so I checked. Surprise, everything financial was correct, but they listed me as being employed by a company I had never heard of. Hummm. Should I correct it, or use it as a cover for my real work?

Secure Your Life in 12 Steps
1. Use Virtual Credit Card Numbers to Shop Online
2. Secure Your Wi-Fi
3. Encrypt Your Hard Drives
4. Keep Your Software Up-to-Date
5. Upgrade to the Latest Antivirus Software
6. Lock Down Your Smartphone
7. Install a Link-Checker Plug-In

8. Don't Neglect Physical Security
9. HTTPS Is Your Friend
10. Avoid Public Computers and Wi-Fi
11. Be Password Smart
12. Check Your Credit Report Each Year...
If you are a U.S. citizen, you're entitled to receive one free credit report every 12 months from each of the three major credit agencies--Equifax, Experian, and TransUnion--via AnnualCreditReport.com.  (more)

SpyCam Story #607 - Skyped

 Australia - Two cadets from the Australian Defence Force Academy (ADFA) have faced court over allegations they secretly filmed a female cadet having sex and broadcast it over the internet.

Police arrested Daniel McDonald, 19, and Dylan De Blaquiere, 18, early this morning...

The 18-year-old said she had consensual sex with another first-year cadet but it was transmitted via Skype to six cadets in another room without her knowledge. She said still photos were also taken and "then distributed to other people". (more)

Wednesday, April 27, 2011

"Is My Cell Phone Bugged?" - Urgent Reader Update

In the book, Is My Cell Phone Bugged? (just available this week), the chapter Spyware Scams, Misleading Notions & “Experts” warns readers about people who are taking advantage of them. This update is about a new scam.

Summary: Phoney anti-virus program attacks cell phone. Scam'er makes money.

via CA Security Advisory Research...
"We have seen countless number of rogue security products for Windows platform however this one is targeted to trick mobile users.

The sample masquerades itself as a certain AV (a bogus Kaspersky anti-virus program) for mobile and always reports that it has identified two threats in the mobile and pretends that it has encountered an error while trying to cure. It provides the users an error code as a reference token of the error scenario.

This sample is supposedly spread by some social engineering tricks where the users would have been provided with support numbers/email id to contact to resolve these error codes displayed in screen 5. This info was missing to conclude how the malware authors were actually getting the money.

As mentioned in our earlier blogs, the best defense against such social engineering tricks is the education of users coupled with a mobile security solution. With the exponential growth of the smart phone market, it is expected such kind of threats will be growing proportionately.

We advise users to exercise basic security principles while surfing and be skeptical of free downloads, and as always keep your security products up to date." (more)

Is My Cell Phone Bugged? comes with free updates. For now, the updates will be posted here. Eventually they will only be available to purchasers, via private email.

Tuesday, April 26, 2011

This Shourd ain't Tourin' in the Middle-East

Iran wants Sarah Shourd, one of three Americans arrested in 2009 on spying charges, to return from the United States to stand trial in May, her lawyer was quoted as saying on Tuesday.

Sarah Shourd was released on $500,000 bail last September while her two male companions, Shane Bauer and Josh Fattal, remain in jail in Tehran. (more)

Wiretap Whistleblower - Off the Hook

 The Justice Department has dropped its investigation into a former department attorney who tipped off the media about the Bush administration's warrantless eavesdropping program.

The department informed Thomas Tamm's attorneys that he will not be prosecuted for the leak that then-President George W. Bush called a breach of national security.

Tamm has said he called The New York Times about the program because it "didn't smell right" and he thought the public had a right to know. (more)

NSA Whistleblower - On the Hook

Closed hearings are being held this week ahead of the trial of a former National Security Agency employee accused of mishandling classified information.

Thomas Drake is charged with violating espionage laws without being accused of spying. Instead, he's accused of shredding documents, deleting files from his computer and lying to investigators. Supporters claim he's being punished for blowing the whistle on inefficiencies and mismanagement at the NSA. (more)

SpyCam Story #606 - The Power of One SpyCam

It's a hammer.
The price of cattle market futures seem to have dropped in response to last week’s release of a whistleblower video documenting severe abuse of dairy calves at E6 Cattle Company in Hart, Texas, according to Reuters and the Wall Street Journal...

The Wall Street Journal’s Lester Aldrich wrote, “The video, which has been posted to the internet, pressured live-cattle futures on the Chicago Mercantile Exchange. Traders were concerned its graphic nature would cause a pullback in consumer demand for beef…  

The video helped to push June futures down 1.3% to $1.1565 a pound after the contract hit a two-week high earlier in the trading day.” (more) (disturbing video)

Sony Shuts Down Online PlayStation Network - Personal Data Hacked

Sony Corp. said a hacker has obtained customer information, potentially including credit-card numbers, for the 77 million members of its online PlayStation Network, which has forced the company to take down its service.

The Japanese electronics giant said it has informed PlayStation Network customers that personal information—including names, addresses, billing history and birthdays—was obtained by an "unauthorized person" following a hacking attack that caused Sony to shut down its Internet gaming service last week. Sony said customer credit-card numbers may also have been compromised.

The Japanese game maker said it has hired a security firm to conduct an investigation into what happened. In the mean time, Sony said it expects to restore its Internet gaming service within a week. (more)

Monday, April 25, 2011

Competitive Intelligence - Made to Sound Nasty

Rumors. Inside dirt. Gossip.

Let’s just say you have your sources—moles on the floor of the NYSE, guys who know guys, a certain colonel who’s worked his way up the ranks of Russian intelligence.

And, of course, a little up-and-comer called Facebook.

Which brings us to ContentAide, a new service devoted to spying on the Facebook pages of your enemies, online now. (more)

Saturday, April 23, 2011

Brain Sucking Cell Phone Spider

The "Universal Forensic Extraction Device" sounds like the perfect cell phone snooping gadget.

Its maker, Israel-based Cellebrite, says it can copy all the content in a cell phone -- including contacts, text messages, call history, and pictures -- within a few minutes. Even deleted texts and other data can be restored by UFED 2.0, the latest version of the product, it says.

And it really is a universal tool. The firm says UFED works with 3,000 cell phone models, representing 95 percent of the handset market. Coming soon, the firm says on its website: "Additional major breakthroughs, including comprehensive iPhone physical solution; Android physical support – allowing bypassing of user lock code, (Windows Phone) support, and much more." For good measure, UFEC can extract information from GPS units in most cars.

The gadget isn't a stalker's dream; it's an evidence-gathering tool for law enforcement. Cellebrite claims it’s already in use in 60 countries. (more)

Friday, April 22, 2011

The Car Whisperers

With a modest amount of expertise, computer hackers could gain remote access to someone's car -- just as they do to people's personal computers -- and take over the vehicle's basic functions, including control of its engine, according to a report by computer scientists from UC San Diego and the University of Washington.

Although no such takeovers have been reported in the real world, the scientists were able to do exactly this in an experiment conducted on a car they bought for the purpose of trying to hack it. Their report, delivered to the National Academy of Sciences' Transportation Research Board, described how such unauthorized intrusions could theoretically take place.

Because many of today's cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features -- like the car locks and brakes -- as well as to track the vehicle's location, eavesdrop on its cabin and steal vehicle data, the researchers said. They described a range of potential compromises of car security and safety. (more) (research paper) (the other car whisperers)

Invisibility

The prospect of rendering objects invisible has intrigued researchers for centuries.

Transformation optics based invisibility cloak design is now bringing this goal from science fictions to reality and has already been demonstrated experimentally in microwave and optical frequencies. However, the majority of the invisibility cloaks reported so far have a spatially varying refractive index which requires complicated design processes. Besides, the size of the hidden object is usually small relative to that of the cloak device. 

Here we report the experimental realization of a homogenous invisibility cloak with a uniform silicon grating structure. The design strategy eliminates the need for spatial variation of the material index, and in terms of size it allows for a very large obstacle/cloak ratio. A broadband invisibility behavior has been verified at near-infrared frequencies, opening up new opportunities for using uniform layered medium to realize invisibility at any frequency ranges, where high-quality dielectrics are available. (more)

"Chaos" - A Spy's Demise

CBS has pulled the low-rated spy series “Chaos” from its schedule after three episodes. The dramedy, which starred Freddy Rodriguez and Eric Close, debuted to 6.4 million viewers in its April 2 premiere but managed only a 1.1 rating in the key demographic of adults 18-49. (more)

Thursday, April 21, 2011

iPhone 4 turns TrackPhone

Two researchers have uncovered a secret file on iPhones that keeps a record of where the phone has been and when it was there — a file that is unencrypted and stored by default.

A sample map built using the program

The security experts, Alasdair Allan and Pete Warden, created a program that lets you see just what your phone knows of your whereabouts — and it’s a creepy sight. There’s no evidence that the file is transferred to Apple, but the maps produced by the program show details stretching back months.

Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps,” said Mr. Allan, a technology author, in a post on the website of technology publisher O’Reilly. He and Mr. Warden, a former Apple employee, are presenting their findings Wednesday at the Where 2.0 conference put on by the publisher. The Guardian newspaper also has reported on their discovery.

Apple did not immediately respond to a request for comment. (more)

Wednesday, April 20, 2011

Woman Who Drove into River with Kids Victim of Spying

NY - The deadbeat dad of the three drowned Hudson River kids subjected their mother to a campaign of torment that included spying on her and forbidding her from having friends or flings -- even though they were not together, her grieving boyfriend told The Post. (more)