Mobile malware is viewed as a growing threat, particularly on the Android platform. To protect Android users and prevent malicious applications from being uploaded to Google Play, Google created an automated malware scanning service called Bouncer.
At Black Hat, Nicholas Percoco and Sean Schulte, security researchers from Trustwave, will reveal a technique that allowed them to evade Bouncer's detection and keep a malicious app on Google Play for several weeks.
The initial app uploaded to Google Play was benign, but subsequent updates added malicious functionality to it, Percoco said. The end result was an app capable of stealing photos and contacts, forcing phones to visit Web sites and even launch denial-of-service attacks.
Percoco would not discuss the technique in detail ahead of the Black Hat presentation, but noted that it doesn't require any user interaction. The malicious app is no longer available for download on Google Play and no users were affected during the tests, Percoco said. (more) (more)
Wednesday, July 25, 2012
Hey kids, we bought and fixed Skype just for you!
Skype has denied reports that recent changes to its architecture would make calls and messages easier to monitor by law enforcement.
Skype, a worldwide Internet-based voice and video calling service Microsoft acquired last year for $8.5 billion, said Tuesday the changes to its peer-to-peer infrastructure were done to improve the quality of service.
What it did was move "supernodes" into datacenters, Skype said. Supernodes act as directories that find the right recipient for calls. In the past, a user's computer that was capable of acting as a directory was upgraded from a node to a supernode. A node is the generic term for computers on a network. (more)
Skype, a worldwide Internet-based voice and video calling service Microsoft acquired last year for $8.5 billion, said Tuesday the changes to its peer-to-peer infrastructure were done to improve the quality of service.
What it did was move "supernodes" into datacenters, Skype said. Supernodes act as directories that find the right recipient for calls. In the past, a user's computer that was capable of acting as a directory was upgraded from a node to a supernode. A node is the generic term for computers on a network. (more)
Attention Getting Security Awareness Information & Posters
Creative security awareness content is difficult to come by, but there is a ton of it at NoticeBored.
NoticeBored is a subscription service. Every month they supply a new module; a fresh batch of awareness materials for businesses staff, managers and IT professionals. Each module covers a different information security topic.
TSCM inspections with their vulnerability assessments are a core element of the information security strategy, but employee education is equally important.
Creating your own educational materials is a chore. Fortunately, there is no need to reinvent the wheel. (more)
Monday, July 23, 2012
Egypt Ex-Spy Chief Died of Rare Disease
Egypt's former intelligence chief Omar Suleiman died from a rare disease affecting the heart and kidneys, according to the U.S. clinic where he was undergoing medical tests at the time.
Suleiman, who died at age 76, was fallen Egyptian president Hosni Mubarak's last deputy and one of his most trusted advisers. He stepped briefly into the limelight when he was made vice president days before Mubarak was ousted in a popular uprising last year.
"General Omar Suleiman ... passed away due to complications from amyloidosis, a disease that affects multiple organs including the heart and kidneys," the Cleveland Clinic said in a statement. (more)
Suleiman, who died at age 76, was fallen Egyptian president Hosni Mubarak's last deputy and one of his most trusted advisers. He stepped briefly into the limelight when he was made vice president days before Mubarak was ousted in a popular uprising last year.
"General Omar Suleiman ... passed away due to complications from amyloidosis, a disease that affects multiple organs including the heart and kidneys," the Cleveland Clinic said in a statement. (more)
Bugging History - May 13, 1966
Photo Tag: The extent of the business in snooping devices is indicated by the growth in contrivances to detect wiretaps and "bugs". Some merely warn the intended victim, while others jam or scramble the snooping. This telephone de-bugging meter discovers any transmitter (bug) in the phone or in the lines leading to it. De-bugging devices are bought mostly by business executives who suspect espionage by competitors. (AP Photo/Robert Kradin) (more)
It was never unusual for news reporters to get the facts wrong when reporting on business espionage, bugging or general electronic snooping. It still isn't unusual. The photo actually shows how a carbon microphone from the common phone of the day could easily be replaced by one which also transmitted the voice via radio.
Due to the simple installation, it was generally referred to as a "drop-in bug". To the untrained eye, both looked legitimate, but your ear could tell! The internal carbon granules inside the microphone sounded like sand when shaken. In order to build the bug inside the housing, the carbon had to be emptied out to allow space for the electronics and micro-mic. Those bugged mics were silent when shaken.
Another photo from the same era, shows two ways to tap a phone: the drop-in bug, and the big suction cup induction coil near the earpiece. Both seem crude by today's standards.
Most modern
handsets are sealed units. Dropping anything in them is problematic.
There are still a few, however, that are screwed together.
Inspecting today's telephones require more than a trained eye, because there may not be anything to see.
Conversations from VoIP phones travel as computer bits which may be collected far from the phone instrument. In fact, some VoIP phones transmit room audio even when they are supposedly hung up.
Other business telephone systems have many eavesdropper-friendly features built right into them, no extra hardware needed. Just program the features correctly and listen-in.
Think your phone system is bugged or tapped? Give me a call. ~Kevin
Labels:
advice,
amateur,
espionage,
Hack,
historical,
TSCM,
VoIP,
wiretapping
Sunday, July 22, 2012
Michael Murdock's Atomic Powered Surveillance Bot
Click to enlarge |
Created by Michael Murdock of Sabor Design Studios. Visit him at, Sabor Designs. (more)
Thursday, July 19, 2012
Smartphone Spying on the Rise
...how you would you feel if you found out that the smartphone in the palm of your hand was spying on you?
"Violated. Violated, very violated," said Andres Torres of East Hartford. "I'd be pretty creeped out, actually," Maddie Weed of Tolland told NBC Connecticut. "That's not cool." "I'm scared now! They could be looking at us," said Magdelena Santiagon of Hartford.
According to Kessler International, cases of malicious smartphone apps posing on markets as free or low-cost applications are on the rise. (more)
View more videos at: http://nbcconnecticut.com.
According to Kessler International, cases of malicious smartphone apps posing on markets as free or low-cost applications are on the rise. (more)
Was Skype reworked by Microsoft to make it easier to wiretap?
Skype supernodes are being centralized by Microsoft, but they deny wiretapping. But there's this patent they have to intercept VoIP phone calls...
Back in May, skype-open-source reported Skype, owned by Microsoft, had replaced user-hosted P2P supernodes with Linux grsec systems hosted by Microsoft. The shock wasn't that Microsoft is hosing Skype on Linux servers, but that centralization makes it possible to wiretap Skype communications. One big advantage of Skype has always been the decentralized and encrypted service was secure from eavesdropping.
Microsoft denies this, but the company applied for a patent on a technology called Legal Intercept to monitor and record Skype calls. Applied for before they purchased Skype, Microsoft specifically mentions intercepting calls on that service in the patent application. Conspiracy theorists now say they understand why Microsoft paid what seemed to be an unusually high price for Skype. (more)
Back in May, skype-open-source reported Skype, owned by Microsoft, had replaced user-hosted P2P supernodes with Linux grsec systems hosted by Microsoft. The shock wasn't that Microsoft is hosing Skype on Linux servers, but that centralization makes it possible to wiretap Skype communications. One big advantage of Skype has always been the decentralized and encrypted service was secure from eavesdropping.
Microsoft denies this, but the company applied for a patent on a technology called Legal Intercept to monitor and record Skype calls. Applied for before they purchased Skype, Microsoft specifically mentions intercepting calls on that service in the patent application. Conspiracy theorists now say they understand why Microsoft paid what seemed to be an unusually high price for Skype. (more)
Monkey Discovers Game Reserve’s ‘Hidden’ Spy Cam, Takes Smug Self-Shot
According to the Houston Zoo, this seemingly self-satisfied monkey has a good reason to "smile": He's uncovered the camera set up by a Borneo-based game reserve to spy on him.
"Looks like someone knew about the 'hidden' cameras," tweeted the zoo. Naturally, monkeys don't bare teeth to express joy or amusement, they do so to communicate anger.
Given that he's being spied on by a game reserve, I'd say he's earned the right to be pissed. (more)
Given that he's being spied on by a game reserve, I'd say he's earned the right to be pissed. (more)
William "Bill" Bennett - Friend & Respected Colleague - RIP
The following was composed by a close friend of Bill's and expresses the feelings of many...
With a heavy heart I write this note about the passing of a good friend and a great man William “Bill” Bennett. He passed away July 14, 2012 at home after a stint in the hospital. He was 85 years old.
With a heavy heart I write this note about the passing of a good friend and a great man William “Bill” Bennett. He passed away July 14, 2012 at home after a stint in the hospital. He was 85 years old.
Bill was a former senior
Special Agent with the California Department of Justice whose career spanned
more than thirty years. He
investigated many of the major crimes that occurred during his tenure including
the Charles Manson case and the Sonny Barger – Hell’s Angels investigations.
He retired in 1985 and partnered
with John P. Reisinger in Walsingham Associates to perform TSCM services (bug
sweeps) and investigations. Bill
was a licensed private investigator.
Upon John’s passing in 2000
Bill kept the firm going.
Bill’s believed in Glenn
Whidden’s philosophy of the two day sweep, recording the RF spectrum the day
before the sweep and checking it again the day of the sweep.
Bill’s personal TSCM philosophy,
which stemmed from his extensive experience in the use of electronic surveillance
in his government service, was that searching for bugs was heavy emphasis on
the physical search. He felt that
searching for electronic surveillance devices was like searching for narcotics
or contraband.
He had a son Patrick who was
active in the TSCM business who passed from an accidental drowning in
2009. He was married to Patricia
for 33 years who passed in 2010.
He was a member of the
following organizations:
Association of Former Intelligence Officers (AFIO)
American Society for Industrial Security (ASIS)
Business Espionage Control & Countermeasures Association
(BECCA)
California Peace Officer Association (CPOA)
California Department of Justice (DOJ, Ret.)
Chief Special Agents Association (CSAA)
California Association of Licensed Investigators (CALI)
Espionage Research Institute (ERI)
High Technology Crime Investigation Association (HTCIA)
He was a true gentleman and
a man of integrity whose presence as a friend and in the industry will be
missed.
Tuesday, July 17, 2012
Death of an Icon - The Master Padlock
Just to look at it brings back the smell of your high school locker room, but like your old U.S. Keds, it is not the new kid Keds of today. Both have morphed into the 21st Century, new and improved.
Master Padlock no more, they call it 1500eDBX, but you "person of the future" may call it dialSpeed!
Product Features:
• Electronic directional interface offers speed, ease of use, & multiple personalized codes
• Organize and protect personal and valuable information with secure, convenient, digital storage at the Master Lock Vault
• Vault enabled - permanent Backup Master Code at masterlockvault.com. Never Forget Your Combination Again!
• Comes with resettable Primary Code & option for 3 additional Guest Codes
• Ready to use – includes installed, replaceable CR2032 battery for 5 years of life
• 2-1/16" (51mm) wide metal body can be opened one-handed without looking
• Maximum security with anti-shim technology
• Boron carbide shackle for increased cut resistance
• For INDOOR USE only. Do not allow lock to get wet
Best Used For:
• School, Employee, & Athletic Lockers
• Cabinets
• Indoor Storage Lockers
(more) (sing-a-long)
Product Features:
• Electronic directional interface offers speed, ease of use, & multiple personalized codes
• Organize and protect personal and valuable information with secure, convenient, digital storage at the Master Lock Vault
• Vault enabled - permanent Backup Master Code at masterlockvault.com. Never Forget Your Combination Again!
• Comes with resettable Primary Code & option for 3 additional Guest Codes
• Ready to use – includes installed, replaceable CR2032 battery for 5 years of life
• 2-1/16" (51mm) wide metal body can be opened one-handed without looking
• Maximum security with anti-shim technology
• Boron carbide shackle for increased cut resistance
• For INDOOR USE only. Do not allow lock to get wet
Best Used For:
• School, Employee, & Athletic Lockers
• Cabinets
• Indoor Storage Lockers
(more) (sing-a-long)
How Cabbies Cheat the Fare Dispatch System
Australia - A Melbourne taxi driver has exposed a sophisticated scam that some operators are using to override taxi meters and stay at the top of the fare dispatch system.
The Silver Top driver has told the ABC that some drivers are using remote electronic devices and radio frequency jammers to trick the cab companies into giving them work when they are not in the area.
The equipment is easily purchased at online sites like eBay.
Neil Sach from the Victorian Taxi Association fears hundreds of drivers could be in on the scam. (more with video)
The scam is likely being used by cabbies, truckers, police and others worldwide; wherever GPS tracking is being used.
Note: eBay has recently policed the sale of these devices on their site, however, they remain available on other sites.
Or, DIY...
The Silver Top driver has told the ABC that some drivers are using remote electronic devices and radio frequency jammers to trick the cab companies into giving them work when they are not in the area.
The equipment is easily purchased at online sites like eBay.
Neil Sach from the Victorian Taxi Association fears hundreds of drivers could be in on the scam. (more with video)
The scam is likely being used by cabbies, truckers, police and others worldwide; wherever GPS tracking is being used.
Note: eBay has recently policed the sale of these devices on their site, however, they remain available on other sites.
Or, DIY...
Click to enlarge. |
Increasing Government Surveillance Powers Meets Backlash
Australia - Any proposal by the government to increase its own power should be treated with scepticism.
Double that scepticism when the government is vague about why it needs that extra power. Double again when those powers are in the area of law and order. And double again every time the words "national security" are used.
So scepticism - aggressive, hostile scepticism, bordering on kneejerk reaction - should be our default position when evaluating the long list of new security powers the Federal Government would like to deal with "emerging and evolving threats".
The Attorney-General's Department released a discussion paper last week detailing security reform it wants Parliament to consider. (more)
Double that scepticism when the government is vague about why it needs that extra power. Double again when those powers are in the area of law and order. And double again every time the words "national security" are used.
So scepticism - aggressive, hostile scepticism, bordering on kneejerk reaction - should be our default position when evaluating the long list of new security powers the Federal Government would like to deal with "emerging and evolving threats".
The Attorney-General's Department released a discussion paper last week detailing security reform it wants Parliament to consider. (more)
Saturday, July 14, 2012
Another SpyCam'er Shoots Himself - Darwin Award
The Wallingford Police Department released a photograph of the person who they said they would like to speak with after a camera was discovered inside a Walmart dressing room in early June.
Police said the camera was set up inside the dressing room and was only recording for a short period of time before it was discovered by an employee.
Police said there was no indication that anyone was actually filmed while undressing.
He is described as a man in his early 20s and was wearing a light green-striped shirt and a Hartford Whalers tan colored hat.
(more)
Click to enlarge. |
Police said there was no indication that anyone was actually filmed while undressing.
He is described as a man in his early 20s and was wearing a light green-striped shirt and a Hartford Whalers tan colored hat.
(more)
Subscribe to:
Posts (Atom)