Monday, September 24, 2012

IT Poobahs... "iPhone now as secure as BlackBerry"

For a long time BlackBerry was the de facto choice for businesses looking for a secure mobile device.

But BlackBerry appears to be losing its security advantage over the iPhone in the eyes of IT leaders, and in doing so giving up its last remaining advantage over Apple handsets in enterprise.

Since the iPhone launched in 2007 Apple has been slowly increasing security of iOS devices: adding 256-bit, hardware-based encryption for data stored on the device, widespread VPN support and limiting access that each app has to files and hardware resources on the phone. That’s in addition to its screening of all software on the app store and centralized control provided by third party mobile device management software. (more)

An App that Zaps Crime?

via the app maker...
"If there’s one thing that scares criminals above all else, it’s a witness to their actions. And that’s exactly why IWITNESS is the perfect crime deterrent.

With IWITNESS on your smartphone:
Record. Capture audio and video of any incident.
Send. Transmit what you’ve captured to a secure server accessible to law enforcement – an action no perpetrator can reverse.
Alert. Automatically call 911. Plus, send your exact location and an instant notification to friends or family members. 


IWITNESS features:
• Audio and video recording
  (Check your local laws about audio recording. You don't want the criminal to sue you.)
• Real-time tracking of location via GPS
• Data sent to a secure off-premises server location
• Automatically dials 911
• Notifies trusted contacts when you feel endangered
• Emits flashing light and sounds an alarm

(Note: This is not a free app.)

Wells Fargo Fires Employee Who Committed 10-Cent Fraud in 1963

68-year-old Richard Eggers really should have known that the sordid details of his dark, criminal past would eventually creep into the present and jeopardize his career. In 1963, the Iowa resident gave new meaning to the term “money laundering” when he tried to insert a cardboard cutout of a dime into a laundromat machine. Local law enforcement caught wind of the stunt and arrested him for fraud.

Eggers, who was a teenager at the time of his arrest, turned his life around and until recently worked as a customer service representative at Wells Fargo bank. But under new federal employment regulations, Wells Fargo fired Eggers upon learning of his criminal record, ABC affiliate WOI-TV reports. The regulations were instated to weed out workers with histories of fraud and identity theft to better protect the company’s customers.

But wait, you might be thinking, aren’t these rules meant to weed out senior executives whose missteps can cost customers millions of dollars — not customer services reps guilty of decades-old pranks? Good question. But apparently, a rule’s a rule. As Wells Fargo spokesperson Angela Kaipust told WOI-TV:

We don’t have discretion to grant exceptions in situations like this. Once we find out someone has a criminal history of dishonesty or breach of trust we can no longer employ them.” (more)

Thursday, September 20, 2012

Lawyer and Her PI Indicted in Bug Planting Scheme

CA - A Bay Area divorce lawyer has been indicted in connection with a scheme to plant eavesdropping devices in the cars of her clients’ spouses, federal prosecutors announced Tuesday. 

Chris Butler
Mary Nolan, the San Ramon lawyer, hired Christopher Butler, a private investigator, to install the listening equipment to help her clients in divorce and child custody cases, according to a six-count indictment made public Tuesday. 

Butler has admitted that he arranged for beautiful women — he called them “decoys”— to ply the husbands of Nolan’s clients and others with alcohol. Once the women got the men behind the wheel, Butler called police to report they were driving under the influence. (more)

Cell Phone Hackers Show Off at Pwn2Own Contests

via at zdnet.com
"This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) devices and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents.

For many, this is not practical advice. After all, your mobile device is seen as an extension of the computer and there is a legitimate need to access work e-mail on iPhone/iPad, Android and BlackBerry smart phones. However, whether you are a businessman, a celebrity or the average consumer, it's important to start wrapping your mind around the idea of separating work from play on smart phones and tablets."


...a skilled hacker can beam an exploit via NFC to automatically open a maliciously rigged document on your Android device. A few exploitation tricks later and it's game over. On iPhone, which is widely hailed as the most secure mobile OS platform, WebKit continues to be a security nightmare and a popular target for hackers building drive-by download exploits. There are still ways to bypass Apple's code signing and sandboxing mitigations. (more)

Tuesday, September 18, 2012

Brussels - Spy Capital of the World

The head of Belgium's state security service, Alain Winants, said in an interview published Monday, that Brussels currently sees more spy activity than almost any other city in the world. 
Spying on the secrets of Belgium chocolate making.

"We are not speaking in the dozens, we are speaking in the hundreds, several hundreds" of foreign intelligence officers and agents in Brussels, he told the Brussels-based website Euobserver in what is said to be his first interview with the international media.

"In Belgium, espionage, Russian espionage and from other countries, like the Chinese, but also others,is at the same level as the Cold War ... We are a country with an enormous concentration of diplomats, businessmen, international institutions - NATO, European institutions. So for an intelligence officer, for a spy, this is a kindergarten. It's the place to be," Winants was quoted saying. (more)

Personal Spy Cameras Have a Long History

Just for fun, here are four of the...
13 Hidden Spy Cams That Might Be Watching You Right Now





Friday, September 14, 2012

Security Director Alert - BYOD is way different than BYOB - Time to learn.

BYOD is an acronym the IT folks are using. It means Bring Your Own Device; the security process for allowing employees to use their personal electronics at work without jeopardizing company information or compromising the networks.

While IT continues to munch your lunch, take a moment to oversee their efforts. You have valuable insights to contribute. The last thing you want is to be left out of your own game. In fact, the security department should be the leader here, with IT carrying out your marching orders.

FREE Quick Study...
"Bring Your Own Device is here to stay. Don't be a lamb led to the slaughter, instead lead your users to the promised land of mobile device management.

1. Thou Shalt Allow BYOD
The rapid proliferation of mobile devices entering the workplace feels like divine intervention to many IT leaders. It's as if a voice boomed down from the mountain ordering all of the employees you support to procure as many devices as possible and connect them to corporate services en masse. Bring Your Own Device (BYOD) was born and employees followed with fervor."


You can download the full version here... The Ten Commandments of BYOD It is an easy read, and provides a logical roadmap for instituting BYOD.

Of course, nothing is really FREE. You will be asked for your name, email, etc. I did it and found the trade-off worthwhile. Within minutes I received a polite email... "My name is John Kerestus Account Executive here with Fiberlink MaaS360..." with an offer to see a demo. Impressive response.

Other companies who offer BYOD solutions also provide "free" education. Do comics get the point across better than white papers and webinars? You decide...
White Paper 1
Webinar
White Paper 2
White Paper 3 
White Paper 4

Have a wonderful weekend, find a cozy restaurant, and BYOB. ~Kevin 

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   


Thursday, September 13, 2012

Emergency Phone - 15 Year Standby Battery Life

The $70 SpareOne emergency phone from Xpal Power, which uses a standard AA lithium battery, claims a standby time of up to 15 years. (10 hours talk time.)

Click to enlarge.
The phone has only the barest of features. No text, no Web, just phone calls and a dedicated 911 button. Indicators, like if you have a network connection, are provided by blinking colored lights. It saves a lot of power, but you’ll have to memorize what the color combinations mean.

The phone doesn’t even come with a SIM card, which you will need before you can use it, although you can make a 911 call using the emergency button even without the SIM card.

The phone is built for a GSM network, which means that in the United States it will work with T-Mobile, AT&T or companies that resell those networks. (more)


Bonus: It can not be infected with spyware. Too dumb. ~Kevin

Industrial Espionage? You decide...

Just coincidence? There are many car designers in the world, but how many could independently come up designs this similar for 2012-2013?
 

Click to enlarge.
"Ford puts a great deal of emphasis on styling with the new Mondeo, saying that its sports coupe profile provides “visual lightness.” The lines are more angular than previous versions with a sharper crease along the side breaking the lines and providing a bit of visual flair. Up front, there’s a trapezoidal grille like something stolen off an Aston Martin..." (more)


Click to enlarge.
Could they be right? 
You decide.

While you're deciding, think about this. What are you doing to protect your bright ideas, business strategies and private conversations? Help is available. Give Murray Associates a call.

False Security is Worse than a Healthy Sense of Caution

McAfee Social protection is a soon to be released app and browser plug-in for Facebook that gives users the ability to securely share their photos.

Product of a standard screen capture.
As it stands today, if you upload a photo to Facebook, anyone viewing that photo can simply download it or take a screen capture and alter or share it to their wherever they want, however they want. With McAfee Social Protection installed though, users viewing your images will not be able to copy or capture them. (more, with video) 

Just aiming a high-res cell phone camera at the screen defeats this app, of course. But here is the bigger issue here... security solutions that only partially work actually increase risk. In this case, people who believe in this app's effectiveness may now feel safe to post even riskier photos.

False sense of security examples abound in my field; eavesdropping detection gadgets, under-trained TSCM providers, window film to block electronic eavesdropping are but three.

Moral: No matter what security solution your employ – from "fully" effective to completely bogus – keep your healthy sense of caution. ~Kevin

Pool of Likely Phone-Hacking Victims Skyrockets

UK - The number of likely victims of phone hacking by people working for Rupert Murdoch's London media empire has jumped to more than 1,000, the top police officer working on the case said Tuesday.

Police have identified another 3,706 potential victims of illegal eavesdropping by journalists in search of stories, Metropolitan Police Deputy Assistant Commissioner Sue Akers told lawmakers.

Authorities had earlier put the number of "likely" victims at around 600, but now say it is 1,069. (more)

Sunday, September 9, 2012

Create Your Own Headline For This One...

Chinese telecoms equipment maker Huawei Technologies Ltd. has issued a report on cybersecurity that includes a pledge never to cooperate with spying in a fresh effort to allay concerns in the United States and elsewhere that threaten to hamper its expansion.

The report, written by a Huawei executive who is a former British official, calls for global efforts to create legal and technical security standards. It makes no recommendations for what standards to adopt but says current laws are inconsistent or fail to address important threats.

Huawei, founded by a former Chinese military engineer in 1987, has grown to become the world's second-largest supplier of telecoms network gear after Sweden's LM Ericsson. 


Suspicions that Huawei might be controlled by China's Communist Party or military have slowed its expansion in the United States and it was barred from bidding to take part in an Australian broadband project.

The company denies it is a security threat. (more)

Saturday, September 8, 2012

Vector Technologies, LLC patent number 8203850 for an Anti-Eavesdropping Device

The United States Patent and Trademark Office has awarded Vector Technologies, LLC patent number 8203850 for an Anti-Eavesdropping Device, i.e. Portable Electronic Device (PED) Countermeasures Box.

Vector Technologies' product has already been purchased by various government agencies, including key defense agencies, defense contractors and the White House as a solution to the growing number of PEDs in the workplace and the grave technical espionage threat that PEDs pose to classified and sensitive information. (more)

Intercepting Unencrypted WiFi Not Wiretapping

A federal judge in Illinois has ruled that intercepting traffic on unencrypted WiFi networks is not wiretapping. The decision runs counter to a 2011 decision that suggested Google may have violated the law when its Street View cars intercepted fragments of traffic from open WiFi networks around the country.


The ruling is a preliminary step in a larger patent trolling case. A company called Innovatio IP Ventures has accused various "hotels, coffee shops, restaurants, supermarkets," and other businesses that offer WiFi service to the public of infringing 17 of its patents. Innovatio wanted to use packet sniffing gear to gather WiFi traffic for use as evidence in the case. It planned to immediately delete the contents of the packets, only keeping the headers. Still, the firm was concerned that doing so might violate federal privacy laws, so it sought a preliminary ruling on the question.

Federal law makes it illegal to intercept electronic communications, but it includes an important exception. It's not illegal to intercept communications "made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public." (more)