US - Congress is launching an investigation into whether Huawei Technologies Co. and other Chinese telecommunications firms pose a potential national-security threat as they expand in the U.S...
The probe by the House intelligence committee marks an intensification of U.S. scrutiny of the potential threat, in particular from Chinese firms like Huawei and ZTE Corp. Intelligence officials have shared with lawmakers concerns that such expansion could give China a foothold for electronic spying in the U.S., according to a congressional aide...
U.S. officials worry the Chinese government could access that equipment and track phone calls or emails, or disrupt or destroy a communications system. It's also possible that such access could provide an avenue for eavesdropping on phone calls or intercepting emails in combination with other technologies, according to an industry specialist. (more)
Thursday, November 17, 2011
"Cheaping out on security can cost a lot more than it saves."
via By J.F. Rice, Computerworld...
Cadillac or Kia?
How much security is enough, and how much is too much?
...I was criticized for proposing "Cadillac" solutions to security challenges -- "Cadillac" being code for "too expensive." ...Our CIO told me that I should start thinking about partial solutions instead of more comprehensive approaches to improving our security. "Instead of trying to solve the whole problem, which is too much for us to handle, just solve a part of it," he told me.
...I've had a lot of time to think about excellence and how it applies to security. Unlike other IT specializations, where partial solutions can be effective, security has a lot more of an all-or-nothing aspect. There are some things we just have to do, or else we risk heavy consequences, up to and including complete failure of the company itself. Security is important to the continuing operation of the company.
If we try to save a few bucks by cutting our security budget, we might end up with a breach that could have been prevented, leading to loss of customer confidence, bad publicity, lack of compliance with legal regulations, theft of our confidential data by a competitor or worse.
...a successful security program requires excellence. Otherwise, the gaps and holes we don't close will be the ones that ultimately cause our downfall. ...Cheaping out on security can cost a lot more than it saves. ...we really do need the Cadillac. (more)
Mr. Rice is a brave man to stand by his principles under economic pressure. The fact that 'right' is on his side helps, of course. Having been called a Cadillac by a budget-bleeding client once, I feel his pain. I have also seen "complete failure of the company itself" for lack of a Cadillac-level business espionage countermeasures security program.
BTW, I own a Cadillac (five of them, over the past 15 years). Why? Basically, for its rock solid dependability. I have never lost a dime due to a breakdown keeping me from an appointment. Cadillacs are cost-effective assurance against failure. A long time ago, I had an Olds Cutlass (gurrr). Don't get me started. I learned my lesson.
BTW, I own a Cadillac (five of them, over the past 15 years). Why? Basically, for its rock solid dependability. I have never lost a dime due to a breakdown keeping me from an appointment. Cadillacs are cost-effective assurance against failure. A long time ago, I had an Olds Cutlass (gurrr). Don't get me started. I learned my lesson.
Encrypted Spyware Foils Antivirus Programs
via James Mulroy, PCWorld
Attackers in Brazil have found a way to sneak around antivirus programs by using cryptography.... the virus writers behind this particular attack publishes new mirrors and new variants of the malware about every 2 days, though the encryption code has remained the same so far. This is certainly scary for anyone out there that values their private information, and I just hope that the antivirus software companies can keep up. (more)
Today in Eavesdropping History...
On Nov. 17, 1973, President Nixon told an Associated Press managing editors meeting in Orlando, Fla., that "people have got to know whether or not their president is a crook. Well, I'm not a crook.''
Security Alert: Check Your Computer for Ghost Click DNS Settings (FREE)
Trend Micro and the FBI announced the dismantling of a criminal botnet, in what is the biggest cybercriminal takedown in history.
If you are worried that you might have been a victim of this criminal activity, the FBI have made an online tool available which will allow you to check if your DNS server settings have been tampered with.
First you will need to discover what your current DNS server settings are:
On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.
On a Mac (yes they can be victims too), click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.
FREE: You can check to see if these addresses correspond to servers used by the criminals behind Operation Ghost Click by using this online tool provided by the FBI, simply enter the IP addreses, one by one and click the “check ip” button. (more)
Worth checking. I did. Fortunately, no problems. ~Kevin
This concerted action against an entrenched criminal gang is highly significant and represents the biggest cybercriminal takedown in history. Six people have been arrested through multinational law enforcement cooperation based on solid intelligence supplied by Trend Micro and other industry partners. more than 4 million victims in over 100 countries have been rescued from the malign influence of this botnet and an infrastructure of over 100 criminal servers has been dismantled with minimal disruption to the innocent victims.
If you are worried that you might have been a victim of this criminal activity, the FBI have made an online tool available which will allow you to check if your DNS server settings have been tampered with.
First you will need to discover what your current DNS server settings are:
On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.
On a Mac (yes they can be victims too), click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.
FREE: You can check to see if these addresses correspond to servers used by the criminals behind Operation Ghost Click by using this online tool provided by the FBI, simply enter the IP addreses, one by one and click the “check ip” button. (more)
How to Control Wireless Devices in a Corporate Environment
Wireless poses a persistent threat to corporations today and all devices (laptops, smart phones, tablets, etc) must be integrated within a consistent enterprise security policy framework. In addition, an enterprise mobility solution must continuously monitor all mobile devices and dynamically adapt their capabilities for every situation.
McAfee and AirPatrol are hosting a FREE webinar showing how-to protect your mobile assets and enhance employee productivity.
(An education if you are trying to solve this problem.)
Date: Tuesday, Nov 29, 2011
Time: 1:00 pm US Eastern Time
Sign up for the FREE webcast.
McAfee and AirPatrol are hosting a FREE webinar showing how-to protect your mobile assets and enhance employee productivity.
(An education if you are trying to solve this problem.)
Date: Tuesday, Nov 29, 2011
Time: 1:00 pm US Eastern Time
Sign up for the FREE webcast.
21st Century Black Adders (Do You Trust Your IT People?)
NJ - A former Hoboken municipal employee is accused of breaking into Mayor Dawn Zimmer's e-mail account and forwarding them to other city officials.
Patrick Ricciardi is scheduled to be arraigned in federal court in Newark this afternoon.
Ricciardi was employed by Hoboken as an IT specialist. Prosecutors allege Ricciardi used his position and administrative privileges to break into Zimmer's e-mail account and forward e-mails to at least three city officials. (more)
Patrick Ricciardi is scheduled to be arraigned in federal court in Newark this afternoon.
Ricciardi was employed by Hoboken as an IT specialist. Prosecutors allege Ricciardi used his position and administrative privileges to break into Zimmer's e-mail account and forward e-mails to at least three city officials. (more)
It is not like I haven't warned you...
(from 2008) A new survey released this week shows nearly all company computer gurus say they wouldn’t hesitate to screw over their place of employment if they lost their jobs. A whopping 88 percent of IT professionals admit they’d happily hack everything from high-ranking passwords to customer info and sensitive R&D plans on their way out the door. A third of them say they already look through corporate data and know how much everyone’s making — and that’s just an average afternoon activity. (more)
(from 2008) A new survey released this week shows nearly all company computer gurus say they wouldn’t hesitate to screw over their place of employment if they lost their jobs. A whopping 88 percent of IT professionals admit they’d happily hack everything from high-ranking passwords to customer info and sensitive R&D plans on their way out the door. A third of them say they already look through corporate data and know how much everyone’s making — and that’s just an average afternoon activity. (more)
Wednesday, November 16, 2011
Norway Suffers Largest Case of Industrial Espionage in its History
National security officers in Norway have uncovered what they say is the most wide-ranging theft of industrial data in the country’s history.
Ten serious cases of industrial espionage are being investigated, say officers of the Police Security Service, or PST, and the National Security Authority.
Ten serious cases of industrial espionage are being investigated, say officers of the Police Security Service, or PST, and the National Security Authority.
...The Local has received suggests some industrial data has been stolen by simply inserting malicious memory sticks into the laptops of travelling company representatives.
“Whenever we go abroad, the whole hard disc has to be cleansed of spyware,” an IT worker in one of the industries targeted told The Local.
...The ten instances of computer espionage are just the tip of the iceberg, said Eiliv Ofigsbø of Norwegian Computer Emergency Response Team, or NorCERT, who also leads the NSM’s industrial espionage department.
“Whenever we go abroad, the whole hard disc has to be cleansed of spyware,” an IT worker in one of the industries targeted told The Local.
...The ten instances of computer espionage are just the tip of the iceberg, said Eiliv Ofigsbø of Norwegian Computer Emergency Response Team, or NorCERT, who also leads the NSM’s industrial espionage department.
...The attacks were said to occur at the point in contract negotiations when email exchanges reached fever pitch. Key people were then identified and their computer links to company databases hacked, in some cases for months.
“We have to assume they have taken large amounts of information,” Ofigsbøe told The Local. “Anything else would be naïve.” (more)
“We have to assume they have taken large amounts of information,” Ofigsbøe told The Local. “Anything else would be naïve.” (more)
Labels:
business,
computer,
employee,
espionage,
government,
Hack,
leaks,
spyware,
trade secret
Hiding Secret Data in VoIP Phone Calls
Researchers have devised a new scheme for hiding secret data within VoIP packets, making it possible to carry on legitimate voice conversations while stolen data piggybacks on the call undetected, making its way to thieves on the outside.
Click to enlarge. |
Called transcoding steganography or TranSteg, the method calls for setting a larger-than-necessary payload space in VoIP packets and using the extra room to carry covert messages. In their experiment the researchers could send 2.2MB of covert data in each direction during an average seven-minute phone call.
As with all steganography, the objective is to deliver covert data without raising suspicions that a secret message even exists. (more)
As with all steganography, the objective is to deliver covert data without raising suspicions that a secret message even exists. (more)
IN PICTURES: A brief history of steganography
Labels:
computer,
data,
FutureWatch,
Hack,
leaks,
steganography,
VoIP
Monday, November 14, 2011
NZ PM Discovers News Reporter's Bug
New Zealand prime minister John Key has filed a complaint with the police about an alleged secret recording made during the country's national election campaign.
Mr Key was having a cup of tea on Friday with a candidate for the ACT Party which is part of the governing coalition.
The event was organised as a picture opportunity, but after recording inside the cafe media were told to shoot from outside.
A radio microphone was left on the table in a pouch and discovered later by Mr Key.
A freelance cameraman says he left it there by mistake but handed a copy of the recording to the Herald On Sunday newspaper. (more)
Mr Key was having a cup of tea on Friday with a candidate for the ACT Party which is part of the governing coalition.
The event was organised as a picture opportunity, but after recording inside the cafe media were told to shoot from outside.
A radio microphone was left on the table in a pouch and discovered later by Mr Key.
A freelance cameraman says he left it there by mistake but handed a copy of the recording to the Herald On Sunday newspaper. (more)
Labels:
business,
eavesdropping,
employee,
find,
government,
lawsuit,
TSCM,
wireless
Most free Android anti-malware scanners 'near to useless'
Summary: Most products achieved 0% detection rate.
Free anti-malware apps for the Android operating system are ‘near to useless’ according to anti-malware testing specialists AV-Test.org.
The results of the testing [PDF download] were quite shocking, with most products achieving 0% detection rate. The best product, Zoner Antivirus Free, scored a miserable 32% in a manual scan and a more respectable 80% when it came to a real-time scan. And remember, this is the best of the free apps! (more)
http://tinyurl.com/BuyTheShirt |
The results of the testing [PDF download] were quite shocking, with most products achieving 0% detection rate. The best product, Zoner Antivirus Free, scored a miserable 32% in a manual scan and a more respectable 80% when it came to a real-time scan. And remember, this is the best of the free apps! (more)
Sunday, November 13, 2011
AAA Rolls Out Free Program to Spy on Teen Drivers
Erica Solum, a senior at Garces Memorial High School, didn't know she was being tracked. When she drove, her every movement was recorded, from her speed to location.
It wasn't until the 17-year-old was driving home from school Thursday that she noticed a small device, about the size of the palm of her hand, plugged into the Cadillac DeVille she drives.
When her father, Eric Solum, sat her down in front of the computer Thursday night, Erica connected the dots.
"He showed me the website page that said AAA Onboard," Erica Solum said. "(I said) 'Dad, is this a tracking device for teenagers?'" (more)
It wasn't until the 17-year-old was driving home from school Thursday that she noticed a small device, about the size of the palm of her hand, plugged into the Cadillac DeVille she drives.
When her father, Eric Solum, sat her down in front of the computer Thursday night, Erica connected the dots.
"He showed me the website page that said AAA Onboard," Erica Solum said. "(I said) 'Dad, is this a tracking device for teenagers?'" (more)
Wow, a 17-year old with a Cadillac De Ville?!?! All I ever got was my mom's dorky Rambler station wagon with a leaky head gasket (and was happy to get to borrow it). Hope she doesn't complain about the monitoring. I would have agreed to a 24/7 alien anal probe to monitor my "every movement" in a Cadillac De Ville!
/rant ~ Kevin
"Yes, we have no Bananaman. We have no Bananaman, today."
A young Russian woman at the centre of a sex and spying scandal in Britain asked her German diplomat lover to pass on Nato secrets, intelligence sources have claimed.
It is believed Katia Zatuliveter made several attempts to get him to divulge information, including details of a top-secret Nato paper.
Miss Zatuliveter, 26, is facing deportation over claims she was working for Russian intelligence while having an affair with Liberal Democrat MP Mike Hancock. (more)
Tune in next week for the exciting conclusion...
WWI mystery spycatcher family discovered
BBC - More has been discovered about the life and curious times of a World War I "unknown heroine", whose spycatching exploits were found in the archives of the Royal Society of Chemistry.
In 1915, Mabel Elliott helped to uncover a German spy plot - but little was known about her background. An appeal for more information has found her surviving family - and a possible link to a German connection. But it also raises more questions about her role in this real-life spy story.
This unsung heroine, who spoke German and Dutch, had worked as a censor during the First World War and in 1915 had found a letter being sent to Holland with secret messages in invisible ink.
The discovery of these messages, written with lemon juice and formalin, detailing military movements, prompted the arrest of a suspected German spy, Anton Kuepferle. But before his trial had been concluded, the accused spy was found hanged in his cell, after apparently using a silk scarf to kill himself. He was said to have left a message admitting that he was a German officer. (Suicide. Silk scarf. Confession?!?! Are you buying this?) (more)
Could Facial Recognition Become the Next Emergency Broadcast System
The Emergency Broadcast System (EBS), a communications system which allows the government to commandeer radio and television broadcasting outlets to distribute emergency messages quickly, was tested this past week. The EBS started in 1963, and was preceded by a similar service called, CONELRAD. Electronic eminent domain has been around a long time. Hold that thought.
Today, The New York Times reports Face Recognition Makes the Leap From Sci-Fi.
"SceneTap, a new app for smart phones, uses cameras with facial detection software to scout bar scenes. Without identifying specific bar patrons, it posts information like the average age of a crowd and the ratio of men to women, helping bar-hoppers decide where to go. More than 50 bars in Chicago participate... The spread of such technology — essentially, the democratization of surveillance — may herald the end of anonymity.
Those endeavors pale next to the photo-tagging suggestion tool introduced by Facebook this year... “Millions of people are using it to add hundreds of millions of tags,” says Simon Axten, a Facebook spokesman. Other well-known programs like Picasa, the photo editing software from Google, and third-party apps like PhotoTagger, from face.com, work similarly.
And this technology is spreading. Immersive Labs, a company in Manhattan, has developed software for digital billboards using cameras to gauge the age range, sex and attention level of a passer-by.
Using off-the-shelf facial recognition software, researchers at Carnegie Mellon University were recently able to identify about a third of college students who had volunteered to be photographed for a study — just by comparing photos of those anonymous students to images publicly available on Facebook."
Have you connected the dots yet?
Here is another clue...
CALEA, a law passed in 1994, "To amend title 18, United States Code, to make clear a telecommunications carrier's duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes." Telecommunications yet another type of mass communications device which may now be commandeered by government.
Internet connected, facial recognition systems are rapidly becoming mainstream mass communications technology, just like radio, TV and telephones. It only makes sense that this too will be commandeered. The question is, will it be commandeered like EBS to broadcast emergency messages, or will it be commandeered like CALEA to be used for surveillance? Both, perhaps?
So far, the benefits of letting government commandeer mass communications (verses the abuse potential) make the gambit worthwhile. For this, we thank our legal system. It is time for them to walk the high wire again. Please, get us through this technical conundrum with grace and balance one more time.
The noose tightens... "You can run, but you can't hide."
Should this all come to pass (it will), there may be some interesting social outcomes. Just as mass communications pulls society closer together, mass surveillance capabilities like CALEA, license plate readers, and the multitude of facial recognition surveillance systems may push people apart. Imagine a world where the density of: commercial video billboards and kiosks; business surveillance cameras; and government street/toll booth cameras, in urban areas, squeezes criminals into the suburbs and beyond.
How best to take advantage of the changes in our brave new world?
I have a career tip for you.
~ Kevin
Subscribe to:
Posts (Atom)
Johnson "We still seek no wider war"
Nixon SEE ABOVE
Carter "I would not use military force to free the hostages"
Reagan "We did not -- repeat did not -- trade weapons or anything else for hostages nor will we."
GHW Bush "Congress will push me to raise taxes...and I'll say read my lips, no new taxes!"
Clinton "I did not have sexual relations with that woman Miss Lewinsky"
GW Bush "We have found Weapons of Mass Destruction in Iraq"