"Sorry about that, Chief." (very sorry)

 Leonard Stern, an Emmy Award-winning writer, producer and director whose career in television spanned "The Honeymooners," "Get Smart" and "McMillan & Wife" and whose additional career in publishing included co-creating the classic Mad Libs word game books, has died. He was 88. (more)

99.7 Percent of Android Devices 'Leaking' Data

via itbusinessedge.com...

German researchers have discovered a loophole in Android devices the could potentially leak data if the devices are used over an open Wi-Fi network. According to recumbu.com, authentication codes for Web-based services, like Google Contacts and Google Calendar, are often sent between a phone and Google’s servers unencrypted and in a plain-text format. This means that anyone eavesdropping on the traffic could access information such as a user's contacts library, phone numbers and email addresses.

In a blog post, the researchers say:
Beyond the mere stealing of such information, an adversary could perform subtle changes without the user noticing. For example, an adversary could change the stored email address of the victim's boss or business partners hoping to receive sensitive or confidential material pertaining to their business.

The loophole affects more than 99 percent of Android phones, notes BBC News. However, researchers are not suggesting that attacks are actively exploiting the loophole. Google has not commented on the researchers' discovery. (more)

Bugged Xbox Guitar Hero Reveals Killer. (Not Megadeth, a real killer.)

A trusted uncle playing Guitar Hero on an Xbox was the key to extracting information from a suspect in a fatal Saskatoon shooting...

According to testimony from the uncle, the man agreed to secretly record his nephew for police. In exchange for that help, the police agreed to drop an outstanding drinking and driving charge against the uncle.

To record the suspect, police rigged an Xbox game in the uncle's house with a hidden microphone. Then, during a midnight-to-dawn session of the uncle and nephew playing the game Guitar Hero, the youth was recorded giving his account of the shooting. (more)

Mobile Malware - "The genie is out of the bottle."

Amil Klein, CTO at Trusteer, explained how mobile malware has evolved to a stage where it can now bypass most banking security.

Graham Ingram, the general manager of AusCERT, backs this up.

"The genie is out of the bottle. The hardware is there, the software is there, the capability is there ... these guys will turn it around quickly, now. They know what to do, as soon as the reward is there — and it is clearly there — they will move rapidly into it, and I think that is going to shock a few people because we will wake up one morning and it will all be happening."

SpyCam Story #612 - NYC Hidden Camera Alert

Watch yourselves... especially at: pharmacies, home improvement stores, retail stores, museums, landmarks, fast food joints and anything involving tours. 

Locations in New York City are currently being scouted for hidden camera locations for a new TV show. Expect filming all summer long.

Remember Candid Camera? Well, this one is for the next generation. 

You've been warned, but if you get caught we're all going to laugh at you on truTV.

"All right, who called me Bullet Head!?"

There's something a little disturbing about the thought of jamming something that looks like a bullet into your ears, but then again, MUNITO's SITi (Standard Issue Titanium) Nine Millimeter Earphones clearly aren't your grandma's earbuds. 

Not only are their metal bodies modeled after 9 mm shell casings, but their flexible tips are actually trademarked as SiliconeHollowPoints. 

Lest you think that these earphones are all novelty, they do have some half-decent specs. (more)

Memo to self: Replace REI OSCOR Blue headphones with these.

Tip: How to recover from a malicious web picture attack

Security researchers have found thousands of photos from searches within the Google Images site that have been infected with malicious code. In many cases, clicking on one of these poisoned images triggers a script that makes it seem like the computer has become infected with viruses. Another Web site pops up trying to wheedle your credit-card number in exchange for fake antivirus software. (more)

Tip: If this happens, just force-quite the application. If you downloaded the photo, trash it.

PC - Press the Control-Shift-Esc keys, then End Task.

MAC - Press the Option-Command-Esc keys, click on the program and click the Force Quit button.

SPYPEDIA Library is On-Line and Open for Business

 SPYPEDIA, is the CI Centre's new counterintelligence and security database. It is a resource of cases, latest news, podcasts, videos, CI calendar events, quotes, reports, and more. SPYPEDIA has been in research and preparation for 15 years.

A continually updated, rich, open source database for professionals in the counterintelligence, security, and counterterrorism disciplines; educators; authors; researchers; academia; students; and all who hold an interest in CI and CT.  

What's Available...
• Search current and archival news links and security trends.

• Facts on case studies of spy cases, economic espionage, security, leaks, illegal exports to high-threat countries, foreign intel officers, domestic terrorists.

• Articles from authorities on counterintelligence, terrorism, and security issues.

• Download critical information for your organization's security awareness briefings.

• Hours of video documenting CI and security lessons, vital issues, key facts, and important cases.

• CI history - congressional hearings on espionage related activities, government reports, source documents, and spy trials.

• CI and CT expert reviews of current movies, books, and television shows. (more)

PA School Laptop SpyCam Lawsuits Keep Coming

(Recap - How it began... Michael and Holly Robbins of Penn Valley, Pa., said they first found out about the alleged spying last November (11/09) after their son Blake was accused by a Harriton High School official of "improper behavior in his home" and shown a photograph taken by his laptop.)

PA - A former student at a suburban Philadelphia high school has sued his school district for allegedly spying on him and his family using a school-issued Mac laptop, according to court documents.

The Lower Merion School District of Ardmore, Pa. was first sued in February 2010 by another student using similar charges. That case, dubbed "Spygate" in some media reports, was settled last October when Lower Merion agreed to pay Blake Robbins $175,000 and cover $425,000 in court costs.

On Monday, Joshua Levin, a 2009 graduate of Herriton High, charged the district with violating his civil rights and privacy by remotely activating the notebook's built-in camera to take photographs and screenshots.

Today, Lower Merion spokesman Doug Young called Levin's lawsuit "solely motivated by monetary interests and a complete waste of the taxpayer's dollars."

Last year, Lower Merion acknowledged it had activated cameras on the school-provided MacBook system to track lost or stolen laptops, but denied it was using them to spy on students.

Levin begged to differ.

According to his lawsuit, Lower Merion used his laptop to take more than 8,000 photographs and screenshots between September 2008 and March 2009. A report commissioned by the district uncovered more than 30,000 photographs and another 27,000 screenshots taken when the tracking and security software was activated by district IT personnel. (more)

SpyCam Story #611 - The Mac Attacker

He was hired to fix their computers, but police say that Trevor Harwell instead installed spyware software that took candid photos of his clients in various states of undress.

Trevor Harwell had been a Macintosh specialist with a Los Angeles-area home computer repair company called Rezitech. That's how he allegedly had the opportunity to install the spy software, called Camcapture, on computers.

While working on repair assignments, the 20-year-old technician secretly set up a complex system that could notify him whenever it was ready to snap a shot using the computer's webcam, according to Sergeant Andrew Goodrich, a spokesman with the Fullerton Police Department in California. "It would let his server know that the victim's machine was on. The server would then notify his smartphone... and then the images were recorded on his home computer," he said.

Police say they've found thousands of images on Harwell's computers and have identified dozens of victims, all of them women in Los Angeles and Orange County. Harwell was arrested Wednesday by Fullerton police.

Harwell was formerly a student at Biola University, a small Christian university in southern California. Many of the victims were Biola students and Harwell may have compromised university systems as well, police said. (more)

NLJD "Test Target" for TSCM Reverse Engineered

Ok, I know not everyone will "get" this, but the TSCM'ers in our readership will. Everyone else, go read the next post.

Thanks to our respected Canadian colleague for pointing this out.

Disclaimer: I will not be responsible if you read this and die laughing. You have been warned. DO NOT read this if you have a weak heart. 

This week on eBay...

NLJD “TEST TARGET” TSCM

Reverse Engineered...
$0.00 - Paint Stick (free at any paint store)
$0.35 - Diode
$0.00 - Can of paint bought for some other reason.
-------------------------------------------------------------------

$69.00 - "Buy It Now" on eBay... priceless!

$8.00 - Expedited Shipping

Of course, the reverse engineering above is just wild speculation. It is possible that the stick is rare Anigre wood, the diode is actually a specially designed array which was painstakingly tuned to provide an even 360º sphere of sensitivity with a tolerance of +/- .0045%, and all this was encased in an environmentally sealed protective coating – impervious to everything except NLJD emissions.

PrivateEye Software - Automatic Screen Shield - Major Price Drop

When this product was first pitched to the government a few years back it was about $49.95. TODAY - $1.99!!! 

These guys are brilliant, on two counts. 

1. This is a really clever, innovative security solution that works. 

2. They are really trying to sell the enterprise solution of this software... by practically giving away free individual samples to seed the marketplace.

End result. Everyone wins.

BTW, I am not affiliated in any way with any of the products I discuss here. I paid for the original version of PrivateEye I tested. I just paid for the upgrade to test that version. 

I love showing off new software and gadgets to my clients. Just after "Hello" comes "What cool stuff did you bring to show me this time, Kevin?" 

Let's review... 

"How can I stop shoulder surfers from reading my computer screen? The polarized screen thing makes me look like a paranoid dork."

Kevin says... Funny you should ask. I recently purchased some computer screen security software for testing, PrivateEyes from Oculis Labs. It works eerily well. All you need is a computer screen with a video camera and Windows. 

During the simple setup, the software learns who you are by looking at your face. From that point on, the screen automatically blurs unless you are looking directly at it. Turn to answer a phone call, or talk to someone nearby – BLURRR goes the screen. 

"What if someone sneaks up behind me?" I hear you say. No problem. When it sees an extra set of eyes – BLURRR.

Pro: The BLURRR effect changes quickly.

Con: Doesn't work as well in a high contrast environment.
The upgrade seems to have fixed this. Still testing.

PrivateEyes would also make an awesome IT guy gag. "I don't know. Your computer screen looks sharp and clear to me. Maybe you should get your eyes checked."

FREE 30-day trial, or just buy it for $1.99

"Is that an EB200 with directional antenna, or are you just glad I'm not cheating on you?"

Priming the U.S. market for TSCM practitioners coming out of the darkness of their covert inspections for bugging devices, Chinese police show that techno-proctoring school exams is a viable service.

 China's Education Ministry says police have detained 62 people for selling wireless headphones, two-way radios and other electronic devices to cheat on this week's nationwide college entrance exam. (more)

In a strange twist of fate, a man is brought to court on wiretapping charges because of a law passed at his brother's urging, a brother often burned by electronic surveillance revelations in the media and currently engulfed in his own legal quagmire because of them.

Italy - A judge in the northern city of Milan on Friday sent Italian prime minister Silvio Berlusconi's brother to trial for the illegal publication of a wiretapped phone conversation in conservative Italian daily Il Giornale. (more)

Finally, Something in the Smoke-Filled Room that Actually Works

NC - North Carolina House Republicans caucused Friday at the state capitol. These meetings are essentially strategy sessions that are closed to the public. But unbeknownst to lawmakers, the media was able to listen in. WFAE's Greg Collard reports. 

About 20 minutes into the meeting, a lawmaker walked up to a microphone and asked, "Is this working?"

Was it ever.

The meeting took place in a legislative committee room where debate during public meetings is streamed on the web. There's also a feed to the press room.

These feeds are turned off when the political parties caucus. But today, the feed to the press room stayed hot.

So reporters listened in, recorded and posted the audio of a rare behind-the-scenes look at the political process. (more)