Friday, October 28, 2011

A Simple Three Question Spy Movie Quiz

Go here
I got 2 of three. 
See what you can do.

Here is one from me...
What is the name of this famous spy story town?
What is its real name?
Did I live there for a week?

Answers later next week.

Enjoy your weekend!
~Kevin

Thursday, October 27, 2011

Security Alert: Easy Bypass of iPad2 Passcode Screen (w/ fix)

PROBLEM...
Apple's Smart Covers are pretty cool--they attach magnetically to your iPad 2, and you can lock your iPad's screen simply by "closing" the cover. Lift the cover off the screen, and your iPad wakes right up. Unfortunately, members of the German forum Apfeltalk ("Apple Talk") discovered a bug in how iOS handles the Smart Cover that makes it possible to bypass the iPad's passcode screen. Yikes.

To trigger this glitch, hold down the power button and wait for the iPad to ask to power off. When that happens, place the smart cover over the tablet. Next, take the cover off again, cancel the power down, and you're in--no passcode required.

SOLUTION...
Apple is aware of the issue and is working on a fix. And for the time being, you can make it so your iPad doesn't automatically unlock when you open your Smart Cover; that way, even if someone uses this bypass trick, they'll only be greeted with the passcode screen. To change this setting, Open the Settings app, tap General, and change the setting for "iPad Cover Lock/Unlock" to "Off". (more)


Wednesday, October 26, 2011

Gang Members Are Coming For Your Info. What's Your Counterespionage Strategy?

The Federal Bureau of Investigation on Friday estimated there are some 1.4 million gang members in the United States and they are turning to white-collar crimes as more lucrative enterprises. 

Gangs like the Bloods and the Crips are engaging in crimes such as identity theft, counterfeiting, selling stolen goods and even bank, credit card and mortgage fraud, said a new FBI gangs threat assessment.

"We've seen it, but we've seen them doing it even more now and we attribute to the fact that the likelihood of being caught is less, the sentences once you are caught are less, and the actual monetary gain is much higher," said Diedre Butler, a unit chief at the National Gang Intelligence Center. (more)

Tuesday, October 25, 2011

Search Engine Encrypts Your Secret Yearnings, Lusts and Thirsts... for Knowledge

Click to enlarge.
Flash - "As of this week, Startpage, by Ixquick, the "world's most private search engine," automatically encrypts ALL searches. Startpage was the first search engine to offer SSL encryption in 2009, and today it again breaks new ground by making SSL encryption the default." (more)

Kevin's Security Scrapbook exclusive! Motion picture footage of the inside of a search engine's encryption kernel.

"Dude, Scientology has an Office of Special Affairs?!?! I didn't know scientists even had affairs!"

The Village Voice is reporting that the Church of Scientology attempted to investigate Parker and Stone after a controversial 2005 episode of “South Park” titled “Trapped in a Closet.” The Emmy-nominated episode, airing on Comedy Central, satirized such figures as Scientology founder L. Ron Hubbard and Scientology member Tom Cruise. 

According to the Voice, former Scientology executive Marty Rathbun “revealed at his blog that in 2006, Scientology's Office of Special Affairs — the church's intelligence and covert operations wing — was actively investigating” Parker and Stone.

The Voice reports Monday: “We have more leaked OSA documents which give some idea of the extent of the spying operation on the ‘South Park’ offices and the people who worked there.” (more)

Chat and...ZAP. Your address book is stolen!

If you use Skype on an iPhone or iPod touch, Phil Purviance can steal your device's address book simply by sending you a chat message.

In a video posted over the weekend, the security researcher makes the attack look like child's play. Type some JavaScript commands into the user name of a Skype account, use it to send a chat message to someone using the latest version of Skype on an iPhone or iPod touch, and load a small program onto a webserver. Within minutes, you'll have a fully-searchable copy of the victim's address book. (more)

Your Rotund Guard Can Be Replaced by Rotundus, the 3-D RoboEye

Security Director Alert - Imagine replacing multiple guards, at multiple sites with GroundBots... all reporting to your command center. 

Think of the money you could then devote to more worthwhile security needs - intellectual property protection needs - like, ummmm... TSCM!

You don’t need to read instructions to operate an arcade driving game. It’s intuitive. And that’s how easy it is to steer GroundBot in the manual control mode.

But there’s one big difference: when you’re driving GroundBot the landscape you’re moving through is for real. Streamed in real-time, in 2D or 3D. Operators say that it makes you feel you are actually there, sitting in GroundBot, looking out. 

Guardbot is also amphibious and efficient and can run up to 10 km/h (6 mph) - without making a sound. Moreover, it can operate for 8-16 hours depending on mission profile.

This near-reality experience also makes operators more alert to anyone or anything that shouldn’t be there. GroundBot can even be used to find out where an unauthorized person is going. (more) (video) (c.1968 prototype)

Monday, October 24, 2011

FBI Business Espionage Warning - "If you haven't been a victim yet, it's because you have been and you don't know it, or you will be."

Kexue Huang, a scientist and native of China, pleaded guilty last week in a federal court to swiping millions of dollars worth of trade secrets from Dow Chemical Co. and Cargill Inc. for other people doing research in Germany and China.

A federal jury last month ordered South Korea's Kolon Industries to pay DuPont Co. $920 million for stealing trade secrets regarding synthetic fibers used in such products as Kevlar body armor. A former DuPont engineer hired by Kolon, Michael Mitchell of Virginia, was sentenced in March last year to 18 months in prison for theft of trade secrets for passing on key DuPont data to Kolon.

And area technology companies are likely fooling themselves if they think they're not in the cross-hairs of such spy efforts, according to the Federal Bureau of Investigation."If you haven't been a victim yet, it's because you have been and you don't know it, or you will be," Barry W. Couch, a special agent with FBI's Buffalo division, told a conference room full of area optics industry executives last week. "Don't be blindsided."

The FBI has designated espionage, including economic espionage, its second-highest priority, behind only terrorism. (more)

Bug in the Boardroom - Nasdaq

New details have come out from the ongoing investigation into last year's attack on the Nasdaq stock exchange. 

It appears that when attackers breached the Director's Desk Web application, they not only gained access to data stored in the system, but they managed to install a monitoring software that was able to eavesdrop on "scores" of directors' communications

The application was used by board directors to discuss information relating to the company's financial performance and other intellectual property. (more)

Saturday, October 22, 2011

Security Director Alert: Occupy Wall Street would love to have A Bug in Your Boardroom

The Occupy Wall Street movement is expanding. 

Your company is the target. 

Just like animal rights and other business protest movements, intelligence helps fuel their cause. A bug in your boardroom is the ideal intelligence pipeline. (Don't think they haven't thought of doing it. All they need is a sympathetic insider who believes the boss makes too much.)

I addition to your normal preparations (perimeter security, monitoring social media, etc.) electronic countermeasures inspections (TSCM) must be part of your protection mix. Covert electronic eavesdropping, video voyeurism, data thefts and business espionage attacks are vulnerabilities you can not afford to overlook.

If you have a trusted TSCM provider, great, call them in.
If not, please stop by our web site. Learn all about our economical TSCM security solutions.

But, what if you find a bug?
Imagine... 
It's Monday morning. 
In the offices of Mongo Industries a secretary readies the Boardroom for the weekly strategy meeting. The air conditioning has been off all weekend, and just kicked in. Then...THUNK! 

Startled, she stares under the massive table. Her eyes adjust to the dark. A small dark object with gooey strips of masking tape near the Director's chair stares back.


"What should you do?" (click here)

Friday, October 21, 2011

Flash - Adobe Flash Spy Personality Disorder Fixed

Engineers on Thursday patched a hole in Adobe's ubiquitous Flash Player that allowed website operators to silently eavesdrop on visitors' webcam and microphone feeds without permission.  

To be attacked, visitors needed to do no more than visit a malicious website and click on a handful of buttons like the ones in this live demonstration. Without warning, the visitor's camera and microphone were activated and the video and audio intercepted. (more)

Adobe: "We have resolved the issue with a change to the Flash Player Settings Manager SWF file hosted on the Adobe website. No user action or Flash Player product update are required." (more)

Calling all cars: OTL DIY CSI Taps Over Possible Alibi Die Lie - Be on the Louk-out.

PA - State police are looking for a Washington man who is one of four accused of placing a wiretap in the home of a relative because they did not believe his alibi for the murder of a Buffalo Township woman.

Douglas Edward Louk, 42, whose last known address was 843 Broad St., is wanted on wiretapping and conspiracy charges. He is 5 feet 10 inches tall, weighs 210 pounds and has brown hair and blue eyes.

Anyone with information on Louk's whereabouts is asked to call state police at 724-223-5200. (more) (more)

"Dude, werz my dikshunary?" or... My lawyer can spell illegally, can yours?



CA - Billboards along Southern California freeways are urging motorists to contact lawyer Jeffrey Krinsk if they believe they were “Illegaly [sic] wire-tapped by the LA Times” or to “Report LA Times Fraud.” The San Diego attorney represents a man who is suing Times staffer Michael Hiltzik and claims the columnist secretly recorded telephone conversations. (Hiltzik’s accuser is Robert Silverman, an attorney who represents 1-800-GET-THIN, a company that markets Lap-Band weight-loss surgery.) The Times has published a series of articles and columns detailing the deaths of five patients after having Lap-Band surgery at centers affiliated with 1-800-GET-THIN. On Thursday, the paper told staffers in a memo that “we do not engage in wiretapping and fraud as the billboards allege” and that it’s confident that the lawsuit will be tossed. (more)

Cell Phone SpyWare Goes Legit

Realizing that the huge demand for parental monitoring programs for computers could also apply to phones, Dublin-based mobile web service company Associate Mobile has developed MobileMinder - a smartphone application running on a secure and encrypted network that allows parents to monitor their child's location, contacts, call history, photos, and web use. (more)

Edison Remembered

The real Edison lighthouse.
On Oct. 21, 1879, Thomas Edison invented a workable electric light at his laboratory in Menlo Park, N.J. (more) (The other Edison Lighthouse)