White House counterterrorism adviser Lisa Monaco is all poised to head the FBI, following last week's appointment of Julia Pierson as director of the Secret Service and an unnamed CIA agent will be the first woman to lead the agency's clandestine service.
With these back-to-back developments, the era of women spies seems to have returned.
Some of them became legends and remained in the history as picturesque creatures, who with their skill, grace, charm or nerve, pulled the strings behind the most delicate political movements of the world.
Learn more about some of the most famous and sexy spy women...
• Mata Hari
• Virginia Hall
• Hedy Lamarr
• Elizabeth Van Lew • Belle Boyd
• Sarah Emma Edmonds
• Noor Inayat Khan
Saturday, April 6, 2013
Friday, April 5, 2013
Amazing Drone Footage - Just for fun - Enjoy Your Weekend
The SkyMotion Video team provided the aerial video services for the 2012 Tourism Partnership of Niagara commercials for the Niagara Falls region shoot - making use of their state of the art remote controlled helicopter drone.
Niagara Falls has of course been filmed countless times in the past using full sized helicopters. However, with this remote controlled helicopter, the shoot was not limited by minimum altitude restrictions, and so was able to achieve shots which were unlike any before. Flying only a couple feet above the water, the camera was able to approach the waterfall edge to give the viewer a true sense of the shear scale of the world famous falls.
However, the Niagara region is not limited to just the falls. The surrounding area is full of beautiful landscapes with quaint towns, and world class vineyards. The area is full of life, and the hope is that these dynamic shots give a real sense of the variety of things offered by not only the falls, but by the region as a whole. (more) (more movies)
PS - The security tie-in's...
• Law Enforcement - Crime scene documentation and assessment.
• Security Consultants - Security assessment surveys.
Niagara Falls has of course been filmed countless times in the past using full sized helicopters. However, with this remote controlled helicopter, the shoot was not limited by minimum altitude restrictions, and so was able to achieve shots which were unlike any before. Flying only a couple feet above the water, the camera was able to approach the waterfall edge to give the viewer a true sense of the shear scale of the world famous falls.
However, the Niagara region is not limited to just the falls. The surrounding area is full of beautiful landscapes with quaint towns, and world class vineyards. The area is full of life, and the hope is that these dynamic shots give a real sense of the variety of things offered by not only the falls, but by the region as a whole. (more) (more movies)
PS - The security tie-in's...
• Law Enforcement - Crime scene documentation and assessment.
• Security Consultants - Security assessment surveys.
Apple's iMessage has DEA Tongue Tied
Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.
An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge...
When Apple's iMessage was announced in mid-2011, Cupertino said it would use "secure end-to-end encryption." It quickly became the most popular encrypted chat program in history: Apple CEO Tim Cook said last fall that 300 billion messages have been sent so far, which are transmitted through the Internet rather than as more costly SMS messages carried by wireless providers. (more)
But... if messages are exchanged between an Apple device and a non-Apple device, they "can sometimes be intercepted, depending on where the intercept is placed." (more)
Click to enlarge. |
When Apple's iMessage was announced in mid-2011, Cupertino said it would use "secure end-to-end encryption." It quickly became the most popular encrypted chat program in history: Apple CEO Tim Cook said last fall that 300 billion messages have been sent so far, which are transmitted through the Internet rather than as more costly SMS messages carried by wireless providers. (more)
But... if messages are exchanged between an Apple device and a non-Apple device, they "can sometimes be intercepted, depending on where the intercept is placed." (more)
Labels:
cell phone,
data,
encryption,
FBI,
government,
privacy,
surveillance
Security Consultant Alert - IAPSC Annual Conference in Napa, CA
NOTE: It is not too late to register. Be a hero. Take your significant other to Napa for a few days.
The International Association of Professional Security Consultants (IAPSC) Annual Conference is the largest and most exclusive gathering of top security consultants.
Their 2013 conference offers a wide range of topics focused on Security Consulting and Business Profitability, as well as, Technical, Forensic, and IT Security.
Presenters will discuss security standards, best practices, risk management, promotional uses of media, including webinar development, marketing and communications techniques for consultants, retirement and selling your business, as well as technical and forensic security focused sessions.
Visit the conference website
View the conference program
Download the brochure
Register Now
Not yet an IAPSC Member?
When you register to attend the conference, ask about special registration offer available exclusively to new members. (more)
I have been attending IAPSC conferences, each year, for about two decades. Every one has been well worth attending. I return to the office with a broader knowledge of security, fresh ideas about improving services to my clients, and recharged mental batteries. If you are on the fence about going, hop off... and into the vineyard. Try it once. You will see what I mean. Be sure to find me and say hello. ~Kevin
The International Association of Professional Security Consultants (IAPSC) Annual Conference is the largest and most exclusive gathering of top security consultants.
Their 2013 conference offers a wide range of topics focused on Security Consulting and Business Profitability, as well as, Technical, Forensic, and IT Security.
Presenters will discuss security standards, best practices, risk management, promotional uses of media, including webinar development, marketing and communications techniques for consultants, retirement and selling your business, as well as technical and forensic security focused sessions.
Visit the conference website
View the conference program
Download the brochure
Register Now
Not yet an IAPSC Member?
When you register to attend the conference, ask about special registration offer available exclusively to new members. (more)
I have been attending IAPSC conferences, each year, for about two decades. Every one has been well worth attending. I return to the office with a broader knowledge of security, fresh ideas about improving services to my clients, and recharged mental batteries. If you are on the fence about going, hop off... and into the vineyard. Try it once. You will see what I mean. Be sure to find me and say hello. ~Kevin
AppSec USA 2013 is Coming to NYC
Call for Papers NOW OPEN!
CareerFair
Events (Capture the Flag, Battlebots, Lockpick Village, and more)
AppSec USA is a software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices at the Marriott, NYC. It is hosted by OWASP. (Why you would want to attend.)
What is OWASP?
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
Everyone is free to participate in OWASP and all of their materials are available under a free and open software license.
You'll find everything about OWASP here on or linked from our wiki and current information on our OWASP Blog.
OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.
OWASP is a global group of volunteers with over 36,000 participants. (more)
CareerFair
Events (Capture the Flag, Battlebots, Lockpick Village, and more)
AppSec USA is a software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices at the Marriott, NYC. It is hosted by OWASP. (Why you would want to attend.)
What is OWASP?
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
Everyone is free to participate in OWASP and all of their materials are available under a free and open software license.
You'll find everything about OWASP here on or linked from our wiki and current information on our OWASP Blog.
OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.
OWASP is a global group of volunteers with over 36,000 participants. (more)
Thursday, April 4, 2013
Blue Bugging - An old topic and growing problem
When you pair your smart phone with your vehicle's audio system and leave that connection open, you may become the target of Blue-bugging.
"They have paired their car and they leave their Bluetooth pairing open and then they get out of the car…they come out of the car and go to a store or something like that and the Bluetooth capability is still on," explains Mike Rohrer with the Arkansas Better Business Bureau.
The BBB advises you switch your Bluetooth into "Not discoverable" mode when you aren't using it…especially in crowded, public places.
Always use at least eight characters in your pin.
When pairing devices for the first time, do it at home or in the office. And download the latest security updates. (more) (video)
There is also a chapter (Bluetooth® Eavesdropping) devoted to the subject of Bluetooth vulnerabilities in, "Is My Cell Phone Bugged?"
"They have paired their car and they leave their Bluetooth pairing open and then they get out of the car…they come out of the car and go to a store or something like that and the Bluetooth capability is still on," explains Mike Rohrer with the Arkansas Better Business Bureau.
The BBB advises you switch your Bluetooth into "Not discoverable" mode when you aren't using it…especially in crowded, public places.
Always use at least eight characters in your pin.
When pairing devices for the first time, do it at home or in the office. And download the latest security updates. (more) (video)
There is also a chapter (Bluetooth® Eavesdropping) devoted to the subject of Bluetooth vulnerabilities in, "Is My Cell Phone Bugged?"
Sunday, March 31, 2013
Cell Phone Tracking v. Right to Privacy - To be Decided
A secretive technology which lets police locate and track people through their cellphones in alleged violation of the US constitution will be challenged in a potential landmark court case...
The American Civil Liberties Union hopes to rein in the little known but widespread "stingray" surveillance devices which it claims violate the fourth amendment and the right to privacy.
The group will urge a federal court in Arizona to disregard evidence obtained by a stingray in what could be a test case for limiting the technology's use without a warrant. (more) (much more)
The American Civil Liberties Union hopes to rein in the little known but widespread "stingray" surveillance devices which it claims violate the fourth amendment and the right to privacy.
The group will urge a federal court in Arizona to disregard evidence obtained by a stingray in what could be a test case for limiting the technology's use without a warrant. (more) (much more)
Digital Cameras Easily Turned into Spying Devices
Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them.
But, as proven by Daniel Mende and Pascal Turbing, security researchers... these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices.
Mende and Turbing chose to compromise Canon's EOS-1D X DSLR camera an exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it. ...like uploading porn to the camera, or turning it into a surveillance device. (more) (video presentation - long and boring)
Solution in a nutshell... Before purchasing any Wi-Fi enabled device, make sure it supports encryption.
But, as proven by Daniel Mende and Pascal Turbing, security researchers... these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices.
Mende and Turbing chose to compromise Canon's EOS-1D X DSLR camera an exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it. ...like uploading porn to the camera, or turning it into a surveillance device. (more) (video presentation - long and boring)
Solution in a nutshell... Before purchasing any Wi-Fi enabled device, make sure it supports encryption.
Range Wars Redux - Animal Welfare Group Drones v. Cattlemen
Australia - Farming bodies have criticized an animal welfare group's plan to use a drone to film farming practices on properties around Australia, with one saying the drone would be shot down.
Animal Liberation has purchased a surveillance drone equipped with a powerful camera. The group says the drone can film from as low as 10 metres above the ground to gather potential evidence of animal abuse.
Spokesman Mark Pearson says the practice will not contravene trespass or privacy laws. He says animal welfare is in the public interest...
But the head of the Northern Territory Cattleman's Association, David Warriner, disagrees... Mr Warriner says he expects some farmers would shoot down the drones. (more)
Yo, Warriner! The war already started...
A remote-controlled aircraft owned by an animal rights group was reportedly shot down near Broxton Bridge Plantation Sunday near Ehrhardt, S.C. (more) (much more)
Animal Liberation has purchased a surveillance drone equipped with a powerful camera. The group says the drone can film from as low as 10 metres above the ground to gather potential evidence of animal abuse.
Click to enlarge |
But the head of the Northern Territory Cattleman's Association, David Warriner, disagrees... Mr Warriner says he expects some farmers would shoot down the drones. (more)
Yo, Warriner! The war already started...
A remote-controlled aircraft owned by an animal rights group was reportedly shot down near Broxton Bridge Plantation Sunday near Ehrhardt, S.C. (more) (much more)
Saturday, March 30, 2013
How to Have Safe Specs - Just Say No
Amidst rising concerns about cyber spying and a House Intelligence Committee report last October, Sprint and Softbank have said they will not use any equipment from China-based Huawei Technologies.
The two companies are preparing for a merger, which is being overseen by the US government. The government has asked only to be informed when these two companies buy new equipment and where they buy it.
Mike Rogers, a Michigan Republican who leads the House Intelligence Committee, has confirmed these two companies have made this pledge.
“I … was assured they would not integrate Huawei into the Sprint network and would take mitigation efforts to replace Huawei equipment in the Clearwire network,” said Rogers in a statement on Thursday. (more)
The two companies are preparing for a merger, which is being overseen by the US government. The government has asked only to be informed when these two companies buy new equipment and where they buy it.
Mike Rogers, a Michigan Republican who leads the House Intelligence Committee, has confirmed these two companies have made this pledge.
“I … was assured they would not integrate Huawei into the Sprint network and would take mitigation efforts to replace Huawei equipment in the Clearwire network,” said Rogers in a statement on Thursday. (more)
Putin on the Quits
Russian President Vladimir Putin jokingly told members of the All-Russia People's Front, a political movement he started, that he's stopped eavesdropping since he left the KGB, because it's not a nice thing to do, Russia’s RIA reported on Friday. (more) (rimshot)
Better Eyes for Flying Robots - A Runaway Hit
New systems could improve the vision of micro aerial vehicles.
Aerial robotics research has brought us flapping hummingbirds, seagulls, bumblebees, and dragonflies. But if these robots are to do anything more than bear a passing resemblance to their animal models, there is one thing they’ll definitely need: better vision.
In February, at the International Solid-State Circuits Conference (ISSCC) in San Francisco, two teams presented new work (PDF) aimed at building better-performing and lower-power vision systems that would help aerial robots navigate and aid them in identifying objects.
Dongsuk Jeon, a graduate student working with Zhengya Zhang and IEEE Fellows David Blaauw and Dennis Sylvester at the University of Michigan, in Ann Arbor, outlined an approach to drastically lower the power of the very first stage of any vision system—the feature extractor. (more) (A "Runaway" hit from 1984.)
FutureWatch: Mosquito-bots custom programmed to deliver injections (stun / drug / poison / etc.) based on recognition algorithms?
Aerial robotics research has brought us flapping hummingbirds, seagulls, bumblebees, and dragonflies. But if these robots are to do anything more than bear a passing resemblance to their animal models, there is one thing they’ll definitely need: better vision.
In February, at the International Solid-State Circuits Conference (ISSCC) in San Francisco, two teams presented new work (PDF) aimed at building better-performing and lower-power vision systems that would help aerial robots navigate and aid them in identifying objects.
Dongsuk Jeon, a graduate student working with Zhengya Zhang and IEEE Fellows David Blaauw and Dennis Sylvester at the University of Michigan, in Ann Arbor, outlined an approach to drastically lower the power of the very first stage of any vision system—the feature extractor. (more) (A "Runaway" hit from 1984.)
FutureWatch: Mosquito-bots custom programmed to deliver injections (stun / drug / poison / etc.) based on recognition algorithms?
Friday, March 29, 2013
FutureWatch Update - Skype Tapping
When we last left Skype...
Was Skype reworked by Microsoft to make it easier to wiretap?
Hey kids, we bought and fixed Skype just for you!
In today's episode...
Since its acquisition of Skype in May 2011, Microsoft has added a legitimate monitoring technology to Skype, says Maksim Emm, Executive Director of Peak Systems. Now any user can be switched to a special mode in which encryption keys will be generated on a server rather than the user's phone or computer.
Access to the server allows Skype calls or conversations to be tapped. Microsoft has been providing this technology to security services across the world, including Russia.
Group-IB CEO Ilya Sachkov said that the security services have been able to monitor the conversations and location of Skype users for a couple of years now.
"This is exactly why our staff are not allowed to discuss business on Skype," he said. (more)
Was Skype reworked by Microsoft to make it easier to wiretap?
Hey kids, we bought and fixed Skype just for you!
In today's episode...
Since its acquisition of Skype in May 2011, Microsoft has added a legitimate monitoring technology to Skype, says Maksim Emm, Executive Director of Peak Systems. Now any user can be switched to a special mode in which encryption keys will be generated on a server rather than the user's phone or computer.
Access to the server allows Skype calls or conversations to be tapped. Microsoft has been providing this technology to security services across the world, including Russia.
Group-IB CEO Ilya Sachkov said that the security services have been able to monitor the conversations and location of Skype users for a couple of years now.
"This is exactly why our staff are not allowed to discuss business on Skype," he said. (more)
Thursday, March 28, 2013
Security Director Tip of the Month - More Secure Conferencing Calling
Over the years, you have read many posts here about organizations being victimized by eavesdroppers on their conference calls. I am expecting you will see fewer in years to come...
CrowdCall, a specialized conference-calling app available for iOS and Android smartphones and the web.
Instead of scheduling a dial-in line, e-mailing all parties involved and then hoping everyone calls at the appointed time, CrowdCall's interface lets users choose up to 20 participants from their contacts list and LinkedIn connections and dial them immediately (assuming the contacts have added their phone number to their LinkedIn profiles). When participants answer, they simply push "1" to enter the conference--they don't even need to have the app to participate.
...one feature in particular makes it attractive to small businesses. Because the call originator controls invitations, unauthorized participants can't use dial-in information to access the call, providing a measure of security when discussing sensitive information. (more)
CrowdCall, a specialized conference-calling app available for iOS and Android smartphones and the web.
Instead of scheduling a dial-in line, e-mailing all parties involved and then hoping everyone calls at the appointed time, CrowdCall's interface lets users choose up to 20 participants from their contacts list and LinkedIn connections and dial them immediately (assuming the contacts have added their phone number to their LinkedIn profiles). When participants answer, they simply push "1" to enter the conference--they don't even need to have the app to participate.
...one feature in particular makes it attractive to small businesses. Because the call originator controls invitations, unauthorized participants can't use dial-in information to access the call, providing a measure of security when discussing sensitive information. (more)
Wednesday, March 27, 2013
Cell Phone Fingerprinting - GPS Tells WHO You Are
Can you be identified only by where you take your phone? Yes, according to a new study, which finds it's not very hard at all.
While most of us are free to go wherever we want, our daily and weekly movement patterns are pretty predictable. We go to work, to school, to church, to our neighborhood gym, grocery store or coffee shop, and we come home -- all quietly tracked by the GPS in our phone.
And with nothing more than this anonymous location data, someone who wanted to badly enough could easily figure out who you are by tracking your smartphone. Patterns of our movements, when traced on a map, create something akin to a fingerprint that is unique to every person.
"Four randomly chosen points are enough to uniquely characterize 95% of the users (ε > .95), whereas two randomly chosen points still uniquely characterize more than 50% of the users (ε > .5). This shows that mobility traces are highly unique, and can therefore be re-identified using little outside information."
Those are the findings of a report by researchers from MIT and elsewhere, published this week in the journal Scientific Reports. (more)
While most of us are free to go wherever we want, our daily and weekly movement patterns are pretty predictable. We go to work, to school, to church, to our neighborhood gym, grocery store or coffee shop, and we come home -- all quietly tracked by the GPS in our phone.
Click to enlarge. |
"Four randomly chosen points are enough to uniquely characterize 95% of the users (ε > .95), whereas two randomly chosen points still uniquely characterize more than 50% of the users (ε > .5). This shows that mobility traces are highly unique, and can therefore be re-identified using little outside information."
Those are the findings of a report by researchers from MIT and elsewhere, published this week in the journal Scientific Reports. (more)
Labels:
cell phone,
detection,
GPS,
IMCPB,
privacy,
statistics,
surveillance,
tracking
Subscribe to:
Posts (Atom)