Companies agree to stop spying, taking secret photos on rented home computers
The US Federal Trade Commission has reached a settlement with seven computer rental companies and a software firm over what the agency said was flagrant computer spying on customers of the rental stores.
In a statement Wednesday, the FTC said that DesignerWare LLC and seven rent-to-own computer stores agreed to cease using malware-like monitoring software to track rental PCs and from using information gathered by the spying software for debt collection purposes.
According to the FTC, the software captured screenshots of confidential and personal information, logged users' keystrokes, and in some cases took "webcam pictures of people in their homes, all without notice to, or consent from, the consumers."
The settlement stems from what an FTC complaint (PDF link) says was a years-long campaign of electronic spying by PC rent-to-own firms against customers using PC Rental Agent, a remote monitoring application made and marketed by DesignerWare that can disable or remotely wipe a rented computer, but also monitored a user’s online activity and physical location using a feature called "Detective Mode." (more) (sing-a-long)
P.S. It also presented a fake software program registration screen that
tricked consumers into providing their personal contact information.
Friday, September 28, 2012
Forensically Find Fake Photos Fast - Further Discussion
As most readers of the Security Scrapbook know, I do not sell products, nor do I profit in any way from items brought to your attention. The sole purpose when mentioning a product is to inform and educate. Sometimes, my readers provide additional insights and information. This helps all of us.
The other day I posted, "Fourandsix Technologies, Inc. has introduced their first product, FourMatch, which instantly distinguishes unmodified digital camera files from those that may have been edited." Wow! Cool stuff. Gimme, gimme.
Reality Check...
While this statement is technically accurate, one reader cautions that the company's other marketing information may lead one to expectations the product can not fulfill.
Read the review by Jim Hoerricks, and the response by Kevin Connor of Fourandsix Technologies, Inc.. Their discussion is very useful and illuminating, especially if you are in need of this technology.
P.S. The answer to the last "What's wrong with this picture?" (Rolling Stones album cover) is... "Former Rolling Stones’ bassist Bill Wyman was digitally removed from the cover..."
Next up...
The other day I posted, "Fourandsix Technologies, Inc. has introduced their first product, FourMatch, which instantly distinguishes unmodified digital camera files from those that may have been edited." Wow! Cool stuff. Gimme, gimme.
Reality Check...
While this statement is technically accurate, one reader cautions that the company's other marketing information may lead one to expectations the product can not fulfill.
Read the review by Jim Hoerricks, and the response by Kevin Connor of Fourandsix Technologies, Inc.. Their discussion is very useful and illuminating, especially if you are in need of this technology.
P.S. The answer to the last "What's wrong with this picture?" (Rolling Stones album cover) is... "Former Rolling Stones’ bassist Bill Wyman was digitally removed from the cover..."
Next up...
What's wrong with this picture? |
Wednesday, September 26, 2012
(Off topic) The Jetsons Turn 50 - What Became Reality?
FutureWatch
It's hard to believe, but George Jetson, his boy Elroy, daughter Judy, Jane, his wife -- and Astro, everyone's favorite space dog -- are now 50 years old.
The show was futuristic in its own right: When it bowed in the early 60's, it was the first color show to ever air on ABC. But it was the quirky technological advances that the Hanna Barbera show imagined human beings using -- from robot maids to flying cars -- that really formed the backdrop of the show and kept viewers interested.
In honor of The Jetsons' 50th anniversary, we decided to take a look to see how far we've come. And based on where we are so far, by 2062, the year the show is set in, we may just achieve all that the show's writers envisioned and then some. One thing that's massively important to us today and wasn't reflected that way on the show is our powerful mobile phone technology and the importance to us of how small those devices have become, as well as what they permit -- constant access to the internet (not conceived back then) and a variety of useful apps. (more)
It's hard to believe, but George Jetson, his boy Elroy, daughter Judy, Jane, his wife -- and Astro, everyone's favorite space dog -- are now 50 years old.
The show was futuristic in its own right: When it bowed in the early 60's, it was the first color show to ever air on ABC. But it was the quirky technological advances that the Hanna Barbera show imagined human beings using -- from robot maids to flying cars -- that really formed the backdrop of the show and kept viewers interested.
In honor of The Jetsons' 50th anniversary, we decided to take a look to see how far we've come. And based on where we are so far, by 2062, the year the show is set in, we may just achieve all that the show's writers envisioned and then some. One thing that's massively important to us today and wasn't reflected that way on the show is our powerful mobile phone technology and the importance to us of how small those devices have become, as well as what they permit -- constant access to the internet (not conceived back then) and a variety of useful apps. (more)
Forensically Find Fake Photos Fast
Fourandsix Technologies, Inc. has introduced their first product, FourMatch, which instantly distinguishes unmodified digital camera files from those that may have been edited.
Fourandsix Technologies was co-founded last year by Kevin Connor, a 15-year veteran of the Adobe Photoshop team, and Hany Farid, a pioneering scientist in image forensics. Dr. Farid’s extensive research led to the development of FourMatch software, which provides compelling evidence for the authenticity of an image, while also serving as an efficient triage step for identifying photos that may require closer scrutiny.
...Increasingly, photographic evidence has been challenged in court as being unreliable. Similarly, media companies have faced embarrassment when running news photos that later were revealed to be falsified. (more)
Really interesting... Their Photo Tampering throughout History page.
Example...
Fourandsix Technologies was co-founded last year by Kevin Connor, a 15-year veteran of the Adobe Photoshop team, and Hany Farid, a pioneering scientist in image forensics. Dr. Farid’s extensive research led to the development of FourMatch software, which provides compelling evidence for the authenticity of an image, while also serving as an efficient triage step for identifying photos that may require closer scrutiny.
...Increasingly, photographic evidence has been challenged in court as being unreliable. Similarly, media companies have faced embarrassment when running news photos that later were revealed to be falsified. (more)
Really interesting... Their Photo Tampering throughout History page.
Example...
What's wrong with this picture? |
Labels:
App,
art,
detection,
FutureWatch,
Hack,
miscellaneous,
steganography
Tuesday, September 25, 2012
Open Your Mouth and You're Nailed
Slate had an interesting article about how law enforcement can identify you via VoiceGrid Nation created by a company called SpeechPro in the United States, but which operates as a “Speech Technology Center” in Russia...
This image shows how VoiceGrid works and here’s some other info gleaned via their documentation. Voice matching technology can “automatically separate the voices within a two-person dialog and send each voice individually for matching” and is being used as “part of a comprehensive plan to best leverage existing and new audio data.” Even without considering the NSA surveillance via intercepting calls, the whitepaper gives numerous examples of passive sources for voice recognition data that has “already been collected.” These include voicemail, recordings made while speaking to commercial service providers such as banks, cell phone companies, and cable TV companies, as well as 911 calls, suspect interviews and court recordings.
The company’s technology uses three methods for voice matching and an algorithm that automatically compares “voice models against voice recording obtained from different sources such as cell phones, land lines, covert recordings and recorded investigative interviews.” When combined, there is a 90% voice match to identification accuracy within 15 seconds. However, according to VoiceGrid’s “key figures,” it only takes:
· 3 seconds is the minimum required speech pattern for analysis.
· In 5 seconds, it can search/match in 10,000 voice samples.
· 10 seconds is the average time for feature extraction.
· Executes up to 100 simultaneous searches.
· Accommodates up to 1,000 active users.
· Stores up to 2,000,000 samples.
(more)
This image shows how VoiceGrid works and here’s some other info gleaned via their documentation. Voice matching technology can “automatically separate the voices within a two-person dialog and send each voice individually for matching” and is being used as “part of a comprehensive plan to best leverage existing and new audio data.” Even without considering the NSA surveillance via intercepting calls, the whitepaper gives numerous examples of passive sources for voice recognition data that has “already been collected.” These include voicemail, recordings made while speaking to commercial service providers such as banks, cell phone companies, and cable TV companies, as well as 911 calls, suspect interviews and court recordings.
The company’s technology uses three methods for voice matching and an algorithm that automatically compares “voice models against voice recording obtained from different sources such as cell phones, land lines, covert recordings and recorded investigative interviews.” When combined, there is a 90% voice match to identification accuracy within 15 seconds. However, according to VoiceGrid’s “key figures,” it only takes:
· 3 seconds is the minimum required speech pattern for analysis.
· In 5 seconds, it can search/match in 10,000 voice samples.
· 10 seconds is the average time for feature extraction.
· Executes up to 100 simultaneous searches.
· Accommodates up to 1,000 active users.
· Stores up to 2,000,000 samples.
(more)
Monday, September 24, 2012
Thus, making all other PIs reach for a Kleenex®.
Two private investigators claim David Miscavige, the leader of the Church of Scientology, paid them $12million over the course of 24 years to spy on his former rival, along with other enemies.
The top-secret program gave Paul Marrick and Greg Arnold about $500,000 a year and sent them across the world in pursuit of Pat Broeker, who was briefly head of the church before being forced out, the men say. They are now suing the church after the paychecks stopped rolling in. (more)
Spy Rock Explodes Near Nuke Site
A MONITORING device disguised as a rock has been found near an underground Iranian nuclear enrichment plant.
Western intelligence sources told The Sunday Times the device exploded when it was disturbed by Iranian troops.
They tried to move the rock, setting off its self-destruct mechanism. (more)
Western intelligence sources told The Sunday Times the device exploded when it was disturbed by Iranian troops.
They tried to move the rock, setting off its self-destruct mechanism. (more)
IT Poobahs... "iPhone now as secure as BlackBerry"
For a long time BlackBerry was the de facto choice for businesses looking for a secure mobile device.
But BlackBerry appears to be losing its security advantage over the iPhone in the eyes of IT leaders, and in doing so giving up its last remaining advantage over Apple handsets in enterprise.
Since the iPhone launched in 2007 Apple has been slowly increasing security of iOS devices: adding 256-bit, hardware-based encryption for data stored on the device, widespread VPN support and limiting access that each app has to files and hardware resources on the phone. That’s in addition to its screening of all software on the app store and centralized control provided by third party mobile device management software. (more)
But BlackBerry appears to be losing its security advantage over the iPhone in the eyes of IT leaders, and in doing so giving up its last remaining advantage over Apple handsets in enterprise.
Since the iPhone launched in 2007 Apple has been slowly increasing security of iOS devices: adding 256-bit, hardware-based encryption for data stored on the device, widespread VPN support and limiting access that each app has to files and hardware resources on the phone. That’s in addition to its screening of all software on the app store and centralized control provided by third party mobile device management software. (more)
An App that Zaps Crime?
via the app maker...
"If there’s one thing that scares criminals above all else, it’s a witness to their actions. And that’s exactly why IWITNESS is the perfect crime deterrent.
With IWITNESS on your smartphone:
Record. Capture audio and video of any incident.
Send. Transmit what you’ve captured to a secure server accessible to law enforcement – an action no perpetrator can reverse.
Alert. Automatically call 911. Plus, send your exact location and an instant notification to friends or family members.
IWITNESS features:
• Audio and video recording
(Check your local laws about audio recording. You don't want the criminal to sue you.)
• Real-time tracking of location via GPS
• Data sent to a secure off-premises server location
• Automatically dials 911
• Notifies trusted contacts when you feel endangered
• Emits flashing light and sounds an alarm
(Note: This is not a free app.)
"If there’s one thing that scares criminals above all else, it’s a witness to their actions. And that’s exactly why IWITNESS is the perfect crime deterrent.
With IWITNESS on your smartphone:
Record. Capture audio and video of any incident.
Send. Transmit what you’ve captured to a secure server accessible to law enforcement – an action no perpetrator can reverse.
Alert. Automatically call 911. Plus, send your exact location and an instant notification to friends or family members.
IWITNESS features:
• Audio and video recording
(Check your local laws about audio recording. You don't want the criminal to sue you.)
• Real-time tracking of location via GPS
• Data sent to a secure off-premises server location
• Automatically dials 911
• Notifies trusted contacts when you feel endangered
• Emits flashing light and sounds an alarm
(Note: This is not a free app.)
Labels:
App,
cell phone,
detection,
miscellaneous,
police,
product
Wells Fargo Fires Employee Who Committed 10-Cent Fraud in 1963
68-year-old Richard Eggers really should have known that the sordid details of his dark, criminal past would eventually creep into the present and jeopardize his career. In 1963, the Iowa resident gave new meaning to the term “money laundering” when he tried to insert a cardboard cutout of a dime into a laundromat machine. Local law enforcement caught wind of the stunt and arrested him for fraud.
Eggers, who was a teenager at the time of his arrest, turned his life around and until recently worked as a customer service representative at Wells Fargo bank. But under new federal employment regulations, Wells Fargo fired Eggers upon learning of his criminal record, ABC affiliate WOI-TV reports. The regulations were instated to weed out workers with histories of fraud and identity theft to better protect the company’s customers.
But wait, you might be thinking, aren’t these rules meant to weed out senior executives whose missteps can cost customers millions of dollars — not customer services reps guilty of decades-old pranks? Good question. But apparently, a rule’s a rule. As Wells Fargo spokesperson Angela Kaipust told WOI-TV:
“We don’t have discretion to grant exceptions in situations like this. Once we find out someone has a criminal history of dishonesty or breach of trust we can no longer employ them.” (more)
Eggers, who was a teenager at the time of his arrest, turned his life around and until recently worked as a customer service representative at Wells Fargo bank. But under new federal employment regulations, Wells Fargo fired Eggers upon learning of his criminal record, ABC affiliate WOI-TV reports. The regulations were instated to weed out workers with histories of fraud and identity theft to better protect the company’s customers.
But wait, you might be thinking, aren’t these rules meant to weed out senior executives whose missteps can cost customers millions of dollars — not customer services reps guilty of decades-old pranks? Good question. But apparently, a rule’s a rule. As Wells Fargo spokesperson Angela Kaipust told WOI-TV:
“We don’t have discretion to grant exceptions in situations like this. Once we find out someone has a criminal history of dishonesty or breach of trust we can no longer employ them.” (more)
Labels:
cautionary tale,
dumb,
employee,
historical,
law,
lawsuit,
miscellaneous,
mores,
weird
Thursday, September 20, 2012
Lawyer and Her PI Indicted in Bug Planting Scheme
CA - A Bay Area divorce lawyer has been indicted in connection with a scheme to plant eavesdropping devices in the cars of her clients’ spouses, federal prosecutors announced Tuesday.
Mary Nolan, the San Ramon lawyer, hired Christopher Butler, a private investigator, to install the listening equipment to help her clients in divorce and child custody cases, according to a six-count indictment made public Tuesday.
Butler has admitted that he arranged for beautiful women — he called them “decoys”— to ply the husbands of Nolan’s clients and others with alcohol. Once the women got the men behind the wheel, Butler called police to report they were driving under the influence. (more)
Chris Butler |
Butler has admitted that he arranged for beautiful women — he called them “decoys”— to ply the husbands of Nolan’s clients and others with alcohol. Once the women got the men behind the wheel, Butler called police to report they were driving under the influence. (more)
Cell Phone Hackers Show Off at Pwn2Own Contests
via Ryan Naraine at zdnet.com
"This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) devices and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents.
For many, this is not practical advice. After all, your mobile device is seen as an extension of the computer and there is a legitimate need to access work e-mail on iPhone/iPad, Android and BlackBerry smart phones. However, whether you are a businessman, a celebrity or the average consumer, it's important to start wrapping your mind around the idea of separating work from play on smart phones and tablets."
...a skilled hacker can beam an exploit via NFC to automatically open a maliciously rigged document on your Android device. A few exploitation tricks later and it's game over. On iPhone, which is widely hailed as the most secure mobile OS platform, WebKit continues to be a security nightmare and a popular target for hackers building drive-by download exploits. There are still ways to bypass Apple's code signing and sandboxing mitigations. (more)
"This week, I had the opportunity to interview the hacking teams that used zero-day vulnerabilities and clever exploitation techniques to compromise fully patched iPhone 4S and Android 4.0.4 (Samsung S3) devices and the big message from these hackers was simple: Do not use your mobile device for *anything* of value, especially for work e-mail or the transfer of sensitive business documents.
For many, this is not practical advice. After all, your mobile device is seen as an extension of the computer and there is a legitimate need to access work e-mail on iPhone/iPad, Android and BlackBerry smart phones. However, whether you are a businessman, a celebrity or the average consumer, it's important to start wrapping your mind around the idea of separating work from play on smart phones and tablets."
...a skilled hacker can beam an exploit via NFC to automatically open a maliciously rigged document on your Android device. A few exploitation tricks later and it's game over. On iPhone, which is widely hailed as the most secure mobile OS platform, WebKit continues to be a security nightmare and a popular target for hackers building drive-by download exploits. There are still ways to bypass Apple's code signing and sandboxing mitigations. (more)
Tuesday, September 18, 2012
Brussels - Spy Capital of the World
The head of Belgium's state security service, Alain Winants, said in an interview published Monday, that Brussels currently
sees more spy activity than almost any other city in the world.
"We are not speaking in the dozens, we are speaking in the hundreds, several hundreds" of foreign intelligence officers and agents in Brussels, he told the Brussels-based website Euobserver in what is said to be his first interview with the international media.
"In Belgium, espionage, Russian espionage and from other countries, like the Chinese, but also others,is at the same level as the Cold War ... We are a country with an enormous concentration of diplomats, businessmen, international institutions - NATO, European institutions. So for an intelligence officer, for a spy, this is a kindergarten. It's the place to be," Winants was quoted saying. (more)
Spying on the secrets of Belgium chocolate making. |
"We are not speaking in the dozens, we are speaking in the hundreds, several hundreds" of foreign intelligence officers and agents in Brussels, he told the Brussels-based website Euobserver in what is said to be his first interview with the international media.
"In Belgium, espionage, Russian espionage and from other countries, like the Chinese, but also others,is at the same level as the Cold War ... We are a country with an enormous concentration of diplomats, businessmen, international institutions - NATO, European institutions. So for an intelligence officer, for a spy, this is a kindergarten. It's the place to be," Winants was quoted saying. (more)
Personal Spy Cameras Have a Long History
Friday, September 14, 2012
Security Director Alert - BYOD is way different than BYOB - Time to learn.
BYOD is an acronym the IT folks are using. It means Bring Your Own Device; the security process for allowing employees to use their personal electronics at work without jeopardizing company information or compromising the networks.
While IT continues to munch your lunch, take a moment to oversee their efforts. You have valuable insights to contribute. The last thing you want is to be left out of your own game. In fact, the security department should be the leader here, with IT carrying out your marching orders.
FREE Quick Study...
"Bring Your Own Device is here to stay. Don't be a lamb led to the slaughter, instead lead your users to the promised land of mobile device management.
1. Thou Shalt Allow BYOD
The rapid proliferation of mobile devices entering the workplace feels like divine intervention to many IT leaders. It's as if a voice boomed down from the mountain ordering all of the employees you support to procure as many devices as possible and connect them to corporate services en masse. Bring Your Own Device (BYOD) was born and employees followed with fervor."
You can download the full version here... The Ten Commandments of BYOD It is an easy read, and provides a logical roadmap for instituting BYOD.
Of course, nothing is really FREE. You will be asked for your name, email, etc. I did it and found the trade-off worthwhile. Within minutes I received a polite email... "My name is John Kerestus Account Executive here with Fiberlink MaaS360..." with an offer to see a demo. Impressive response.
Other companies who offer BYOD solutions also provide "free" education. Do comics get the point across better than white papers and webinars? You decide...
• White Paper 1
• Webinar
• White Paper 2
• White Paper 3
• White Paper 4
Have a wonderful weekend, find a cozy restaurant, and BYOB. ~Kevin
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
While IT continues to munch your lunch, take a moment to oversee their efforts. You have valuable insights to contribute. The last thing you want is to be left out of your own game. In fact, the security department should be the leader here, with IT carrying out your marching orders.
FREE Quick Study...
"Bring Your Own Device is here to stay. Don't be a lamb led to the slaughter, instead lead your users to the promised land of mobile device management.
1. Thou Shalt Allow BYOD
The rapid proliferation of mobile devices entering the workplace feels like divine intervention to many IT leaders. It's as if a voice boomed down from the mountain ordering all of the employees you support to procure as many devices as possible and connect them to corporate services en masse. Bring Your Own Device (BYOD) was born and employees followed with fervor."
You can download the full version here... The Ten Commandments of BYOD It is an easy read, and provides a logical roadmap for instituting BYOD.
Of course, nothing is really FREE. You will be asked for your name, email, etc. I did it and found the trade-off worthwhile. Within minutes I received a polite email... "My name is John Kerestus Account Executive here with Fiberlink MaaS360..." with an offer to see a demo. Impressive response.
Other companies who offer BYOD solutions also provide "free" education. Do comics get the point across better than white papers and webinars? You decide...
• White Paper 1
• Webinar
• White Paper 2
• White Paper 3
• White Paper 4
Have a wonderful weekend, find a cozy restaurant, and BYOB. ~Kevin
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
Labels:
book,
business,
cell phone,
computer,
employee,
FutureWatch,
IT
Subscribe to:
Posts (Atom)