Bit9 researchers has compiled a list of 12 smartphones that pose the highest security and privacy risks to consumers and corporations.
The phones, all Android models, on the "Dirty Dozen" list compiled by Bit9 of Waltham, Mass. are:
Samsung Galaxy Mini
HTC Desire
Sony Ericsson Xperia X10
HTC Wildfire
Samsung Epic 4G
LG Optimus S
Samsung Galaxy S
Motorola Droid X
LG Optimus One
Motorola Droid 2
HTC Evo 4G
In compiling the list, Bit9 researchers looked at the market share of the smartphone, what out-of-date and insecure software the model had running on it and how long it took for the phone to receive updates.
Read Bit9's full report at http://www.bit9.com/orphan-android/
(more)
Tuesday, November 22, 2011
Monday, November 21, 2011
Privacy Journal - Your privacy news authority
I just received a free sample of Privacy Journal, an excellent publication by Robert Ellis Smith. He started Privacy Journal back in the 1970's and it continues stronger today than ever.
Here is just one of the important topics he covers in this month's issue... Should the government need to secure a court warrant before installing continual and long-term electronic monitoring on a person’s motor vehicle, by means of Global Positioning technology (GPS)? That is a question before the U.S. Supreme Court this month in U.S. v. Jones, perhaps the most significant Fourth Amendment case in this new century.
If you need to keep up with privacy issues, this is your best resource. His web site even offers FREE privacy tips.
In addition to the Journal, Mr. Smith also publishes many books on privacy. One of the most helpful is his Compilation of State and Federal Privacy Laws. This book includes listings for all U.S. laws - more than 700 of them - and federal and provincial laws in Canada.
All his publications are available electronically.
See for yourself. Contact Privacy Journal for a sample issue, and a list of their other publications.
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
www.privacyjournal.net
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
www.privacyjournal.net
Security Solution: Managing Wireless Devices in Corporate Environments
Managing wireless devices is a particularly tough chore. Items to be wrangled range from cell phones, to iPods, to tablets, to laptops. Many of these items have photographic capabilities which need to be wrangled as well... not to mention, digital cameras, and attachments with wireless capabilities.
To make matters worse, some of these devices, and some of their apps may be allowed in one room, but not in another. This is getting really complicated.
Until now, there really hasn't been a non-draconian solution for the mere mortal security director.
Until now, there really hasn't been a non-draconian solution for the mere mortal security director.
Take a look at this. It's called ZoneDefense, made by AirPatrol. Very cool!
Friday, November 18, 2011
Protester Launches Drone to Spy on Police! (AMAZING video)
During protests in Warsaw last weekend, one crafty activist deployed a flying drone to spy on riot police.
YouTube user latajacakamera — or “flying camera” in Polish — uploaded the amazing video that the drone effortlessly captured as it hovered over teargas-filled streets.
In another video, the unmanned aerial vehicle (UAV) floats in front of a formation of police in riot gear as they rush towards demonstrators. None of them appear to notice. (more)
YouTube user latajacakamera — or “flying camera” in Polish — uploaded the amazing video that the drone effortlessly captured as it hovered over teargas-filled streets.
In another video, the unmanned aerial vehicle (UAV) floats in front of a formation of police in riot gear as they rush towards demonstrators. None of them appear to notice. (more)
Garbo: The Spy Infiltrates Theaters... today
Filmmaker Edmon Roch's slyly and wryly suspenseful documentary about the real life World War II super spy known as Garbo can give any narrative espionage thriller a real life run for the money!
It opens theatrically today, November 18, 2011. (more)
It opens theatrically today, November 18, 2011. (more)
Zimbabwe Spy Caper Mysteriously Dropped
A spy caper involving an Ontario telecommunications firm fizzled when authorities in Zimbabwe suddenly dropped espionage charges.
Three Zimbabwean businessmen were accused of using a satellite system supplied by Juch-Tech Inc. of Hamilton to transmit state secrets to Canada, the United States and Afghanistan.
They were charged with running afoul of the country's Official Secrets Act, which prohibits the communication of information useful to an enemy.
However, reports from the African country say the attorney general's office in Harare has decided to withdraw the spying charges. (more)
Three Zimbabwean businessmen were accused of using a satellite system supplied by Juch-Tech Inc. of Hamilton to transmit state secrets to Canada, the United States and Afghanistan.
They were charged with running afoul of the country's Official Secrets Act, which prohibits the communication of information useful to an enemy.
However, reports from the African country say the attorney general's office in Harare has decided to withdraw the spying charges. (more)
Hummm, Zimbabwe?!?!
Might be time to connect the dots.
We're Smiley. Spying Is Sexy Again!
You know what movie profession is in need of serious comeback? The spy. Not the "all flash and explosions of James Bond" spy, but the "shadowy guy on the street corner" spy. It's been too long since we've celebrated the clandestine charm of old-fashioned intelligence agents. It's time we bring them back.
Thankfully, we're in luck. "Tinker Tailor Soldier Spy" is just the movie to do it. The film, which touts an all-British cast of ridiculously high caliber led by Gary Oldman, doesn't hit theaters until December 9, but we have exclusive clips from the movie. (more)
Get More: Movie Trailers, Movies Blog
Thursday, November 17, 2011
US - Congress is launching an investigation into whether Huawei Technologies Co. and other Chinese telecommunications firms pose a potential national-security threat as they expand in the U.S...
The probe by the House intelligence committee marks an intensification of U.S. scrutiny of the potential threat, in particular from Chinese firms like Huawei and ZTE Corp. Intelligence officials have shared with lawmakers concerns that such expansion could give China a foothold for electronic spying in the U.S., according to a congressional aide...
U.S. officials worry the Chinese government could access that equipment and track phone calls or emails, or disrupt or destroy a communications system. It's also possible that such access could provide an avenue for eavesdropping on phone calls or intercepting emails in combination with other technologies, according to an industry specialist. (more)
The probe by the House intelligence committee marks an intensification of U.S. scrutiny of the potential threat, in particular from Chinese firms like Huawei and ZTE Corp. Intelligence officials have shared with lawmakers concerns that such expansion could give China a foothold for electronic spying in the U.S., according to a congressional aide...
U.S. officials worry the Chinese government could access that equipment and track phone calls or emails, or disrupt or destroy a communications system. It's also possible that such access could provide an avenue for eavesdropping on phone calls or intercepting emails in combination with other technologies, according to an industry specialist. (more)
"Cheaping out on security can cost a lot more than it saves."
via By J.F. Rice, Computerworld...
Cadillac or Kia?
How much security is enough, and how much is too much?
...I was criticized for proposing "Cadillac" solutions to security challenges -- "Cadillac" being code for "too expensive." ...Our CIO told me that I should start thinking about partial solutions instead of more comprehensive approaches to improving our security. "Instead of trying to solve the whole problem, which is too much for us to handle, just solve a part of it," he told me.
...I've had a lot of time to think about excellence and how it applies to security. Unlike other IT specializations, where partial solutions can be effective, security has a lot more of an all-or-nothing aspect. There are some things we just have to do, or else we risk heavy consequences, up to and including complete failure of the company itself. Security is important to the continuing operation of the company.
If we try to save a few bucks by cutting our security budget, we might end up with a breach that could have been prevented, leading to loss of customer confidence, bad publicity, lack of compliance with legal regulations, theft of our confidential data by a competitor or worse.
...a successful security program requires excellence. Otherwise, the gaps and holes we don't close will be the ones that ultimately cause our downfall. ...Cheaping out on security can cost a lot more than it saves. ...we really do need the Cadillac. (more)
Mr. Rice is a brave man to stand by his principles under economic pressure. The fact that 'right' is on his side helps, of course. Having been called a Cadillac by a budget-bleeding client once, I feel his pain. I have also seen "complete failure of the company itself" for lack of a Cadillac-level business espionage countermeasures security program.
BTW, I own a Cadillac (five of them, over the past 15 years). Why? Basically, for its rock solid dependability. I have never lost a dime due to a breakdown keeping me from an appointment. Cadillacs are cost-effective assurance against failure. A long time ago, I had an Olds Cutlass (gurrr). Don't get me started. I learned my lesson.
BTW, I own a Cadillac (five of them, over the past 15 years). Why? Basically, for its rock solid dependability. I have never lost a dime due to a breakdown keeping me from an appointment. Cadillacs are cost-effective assurance against failure. A long time ago, I had an Olds Cutlass (gurrr). Don't get me started. I learned my lesson.
Encrypted Spyware Foils Antivirus Programs
via James Mulroy, PCWorld
Attackers in Brazil have found a way to sneak around antivirus programs by using cryptography.... the virus writers behind this particular attack publishes new mirrors and new variants of the malware about every 2 days, though the encryption code has remained the same so far. This is certainly scary for anyone out there that values their private information, and I just hope that the antivirus software companies can keep up. (more)
Today in Eavesdropping History...
On Nov. 17, 1973, President Nixon told an Associated Press managing editors meeting in Orlando, Fla., that "people have got to know whether or not their president is a crook. Well, I'm not a crook.''
Security Alert: Check Your Computer for Ghost Click DNS Settings (FREE)
Trend Micro and the FBI announced the dismantling of a criminal botnet, in what is the biggest cybercriminal takedown in history.
If you are worried that you might have been a victim of this criminal activity, the FBI have made an online tool available which will allow you to check if your DNS server settings have been tampered with.
First you will need to discover what your current DNS server settings are:
On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.
On a Mac (yes they can be victims too), click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.
FREE: You can check to see if these addresses correspond to servers used by the criminals behind Operation Ghost Click by using this online tool provided by the FBI, simply enter the IP addreses, one by one and click the “check ip” button. (more)
Worth checking. I did. Fortunately, no problems. ~Kevin
This concerted action against an entrenched criminal gang is highly significant and represents the biggest cybercriminal takedown in history. Six people have been arrested through multinational law enforcement cooperation based on solid intelligence supplied by Trend Micro and other industry partners. more than 4 million victims in over 100 countries have been rescued from the malign influence of this botnet and an infrastructure of over 100 criminal servers has been dismantled with minimal disruption to the innocent victims.
If you are worried that you might have been a victim of this criminal activity, the FBI have made an online tool available which will allow you to check if your DNS server settings have been tampered with.
First you will need to discover what your current DNS server settings are:
On a PC, open the Start menu by clicking the Start button or the Windows icon in the lower left of your screen, in the Search box type “cmd” and hit return (for Windows 95 users, select “Start“, then “Run“).This should open a black window with white text. In this window type “ipconfig /all” and hit return. Look for the entry that reads “DNS Servers” and note down the numeric addresses that are listed there.
On a Mac (yes they can be victims too), click on the Apple icon in the top left of your screen and select “System Preferences“, from the Preferences panel select the “Network” icon. Once this window opens, select the currently active network connection on the left column and over on the right select the DNS tab. note down the addresses of the DNS servers that your computer is configured to use.
FREE: You can check to see if these addresses correspond to servers used by the criminals behind Operation Ghost Click by using this online tool provided by the FBI, simply enter the IP addreses, one by one and click the “check ip” button. (more)
How to Control Wireless Devices in a Corporate Environment
Wireless poses a persistent threat to corporations today and all devices (laptops, smart phones, tablets, etc) must be integrated within a consistent enterprise security policy framework. In addition, an enterprise mobility solution must continuously monitor all mobile devices and dynamically adapt their capabilities for every situation.
McAfee and AirPatrol are hosting a FREE webinar showing how-to protect your mobile assets and enhance employee productivity.
(An education if you are trying to solve this problem.)
Date: Tuesday, Nov 29, 2011
Time: 1:00 pm US Eastern Time
Sign up for the FREE webcast.
McAfee and AirPatrol are hosting a FREE webinar showing how-to protect your mobile assets and enhance employee productivity.
(An education if you are trying to solve this problem.)
Date: Tuesday, Nov 29, 2011
Time: 1:00 pm US Eastern Time
Sign up for the FREE webcast.
21st Century Black Adders (Do You Trust Your IT People?)
NJ - A former Hoboken municipal employee is accused of breaking into Mayor Dawn Zimmer's e-mail account and forwarding them to other city officials.
Patrick Ricciardi is scheduled to be arraigned in federal court in Newark this afternoon.
Ricciardi was employed by Hoboken as an IT specialist. Prosecutors allege Ricciardi used his position and administrative privileges to break into Zimmer's e-mail account and forward e-mails to at least three city officials. (more)
Patrick Ricciardi is scheduled to be arraigned in federal court in Newark this afternoon.
Ricciardi was employed by Hoboken as an IT specialist. Prosecutors allege Ricciardi used his position and administrative privileges to break into Zimmer's e-mail account and forward e-mails to at least three city officials. (more)
It is not like I haven't warned you...
(from 2008) A new survey released this week shows nearly all company computer gurus say they wouldn’t hesitate to screw over their place of employment if they lost their jobs. A whopping 88 percent of IT professionals admit they’d happily hack everything from high-ranking passwords to customer info and sensitive R&D plans on their way out the door. A third of them say they already look through corporate data and know how much everyone’s making — and that’s just an average afternoon activity. (more)
(from 2008) A new survey released this week shows nearly all company computer gurus say they wouldn’t hesitate to screw over their place of employment if they lost their jobs. A whopping 88 percent of IT professionals admit they’d happily hack everything from high-ranking passwords to customer info and sensitive R&D plans on their way out the door. A third of them say they already look through corporate data and know how much everyone’s making — and that’s just an average afternoon activity. (more)
Wednesday, November 16, 2011
Norway Suffers Largest Case of Industrial Espionage in its History
National security officers in Norway have uncovered what they say is the most wide-ranging theft of industrial data in the country’s history.
Ten serious cases of industrial espionage are being investigated, say officers of the Police Security Service, or PST, and the National Security Authority.
Ten serious cases of industrial espionage are being investigated, say officers of the Police Security Service, or PST, and the National Security Authority.
...The Local has received suggests some industrial data has been stolen by simply inserting malicious memory sticks into the laptops of travelling company representatives.
“Whenever we go abroad, the whole hard disc has to be cleansed of spyware,” an IT worker in one of the industries targeted told The Local.
...The ten instances of computer espionage are just the tip of the iceberg, said Eiliv Ofigsbø of Norwegian Computer Emergency Response Team, or NorCERT, who also leads the NSM’s industrial espionage department.
“Whenever we go abroad, the whole hard disc has to be cleansed of spyware,” an IT worker in one of the industries targeted told The Local.
...The ten instances of computer espionage are just the tip of the iceberg, said Eiliv Ofigsbø of Norwegian Computer Emergency Response Team, or NorCERT, who also leads the NSM’s industrial espionage department.
...The attacks were said to occur at the point in contract negotiations when email exchanges reached fever pitch. Key people were then identified and their computer links to company databases hacked, in some cases for months.
“We have to assume they have taken large amounts of information,” Ofigsbøe told The Local. “Anything else would be naïve.” (more)
“We have to assume they have taken large amounts of information,” Ofigsbøe told The Local. “Anything else would be naïve.” (more)
Labels:
business,
computer,
employee,
espionage,
government,
Hack,
leaks,
spyware,
trade secret
Subscribe to:
Posts (Atom)
Johnson "We still seek no wider war"
Nixon SEE ABOVE
Carter "I would not use military force to free the hostages"
Reagan "We did not -- repeat did not -- trade weapons or anything else for hostages nor will we."
GHW Bush "Congress will push me to raise taxes...and I'll say read my lips, no new taxes!"
Clinton "I did not have sexual relations with that woman Miss Lewinsky"
GW Bush "We have found Weapons of Mass Destruction in Iraq"