Tuesday, April 16, 2013

The Schizo Illinois Eavesdropping Law

There was major development Tuesday in the fight over the state's controversial eavesdropping law. A court decision now allows citizens to record the audio of police officers on the job in public.

Citizens can legally record video of police officers doing their jobs on the public way, as long as you don't interfere, but the Illinois Eavesdropping Act does not permit you to record audio.

If you do, you're still subject to arrest and criminal charges, even though two state court judges in Illinois have declared the law unconstitutional.

It remains a law on the books without clarity though a new agreement just approved by a federal court judge will change things in Cook County. (more)


Weird.

RFID Tracks Jewelry Popularity

Interesting application of RFID technology.

RFID smart shelves can help retailers analyze market demand. 

Beyond sales reports, retailers want to understand which items had the highest shopper interest. For example, while one jewelry item is picked up 100 times and sold 90 time, another jewelry item is picked up 100 times but only sold 10 times. Retail statistics monitoring shopper behavior cannot be accurately counted by man.

However, the RFID Jewelry Smart Shelf Solution developed by Alpha Solutions enables retailers to clearly see data on which types of jewelry are picked up frequently. From the data obtained, discount promotions and programs can be made for the jewelry types that are having trouble selling.

Thursday, April 11, 2013

There is a Magazine for Everything... Even Penetration Testing

Kamil Sobieraj, editor of PenTest Magazine introduced me to his publication this week. It was an eye-opener. If you have anything to do with protecting information, you will find this as interesting as I did... 

 PenTest Magazine is a weekly downloadable IT security magazine, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. All aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions are covered.

48 issues per year (4 issues in a month).

A different title is published every week of the month:
• PenTest Regular – 1st Monday
• Auditing & Standards PenTest – 2nd Monday
• PenTest Extra – 3rd Monday
• Web App Pentesting – 4th Monday


...about 200 pages of content per month.

Each issue contains...
• News
• Tools testing and reviews
• Articles – advanced technical articles showing techniques in practice
• Book review
• Interviews with IT security experts

(more)

Nice to know there is a smart way to keep up with the bad guys.

Wednesday, April 10, 2013

Campaign Headquarters Bugged - FBI Investigating

Senate Minority Leader Mitch McConnell (R-Ky.) accused opponents Tuesday of bugging his headquarters and asked for an FBI investigation after a recording from an internal campaign meeting surfaced in a magazine report.

The 12-minute audiotape released by Mother Jones magazine reveals McConnell and his campaign staff at a Feb. 2 meeting lampooning actress Ashley Judd — then a potential Senate candidate — and comparing her to “a haystack of needles” because of her potential political liabilities. Judd has since decided not to run.




“We’ve always said the left will stop at nothing to attack Sen. McConnell, but Nixonian tactics to bug campaign headquarters is above and beyond,” campaign manager Jesse Benton said in a statement. (more)


UPDATE: "It is our understanding that the tape was not the product of a Watergate-style bugging operation. We cannot comment beyond that." – David Corn, Editor, Mother Jones (more)

Note: More than one person is heard speaking on the tapes (above is just an excerpt). Based on this, (and room echoes) the FBI will be able to figure out the location of the microphone. Hope everyone remembers where they were sitting.

Tuesday, April 9, 2013

Shodan - The Scary Search Engine

Cautionary Tale...
Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet's back channels. It's a kind of "dark" Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet...


It's stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot.

Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.

What's really noteworthy about Shodan's ability to find all of this -- and what makes Shodan so scary -- is that very few of those devices have any kind of security built into them. (more)

Free - Computer Security Tools Book

"Open Source Security Tools: A Practical Guide to Security Applications"

Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses.

Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. Seasoned security expert Tony Howlett has reviewed the overwhelming assortment of these free and low-cost solutions to provide you with the “best of breed” for all major areas of information security.

By Tony Howlett. Published by Prentice Hall. Part of the Bruce Perens' Open Source Series.

Offered Free by: informIT


A 600-page PDF, written in 2004, which still contains useful information.

Sunday, April 7, 2013

Son Bugs Mom (yawn)... with a Wiretap!

UK - Police have arrested a Lincoln man on suspicion that he bugged his 90-year-old mother’s phone. 

Richard Stamler, 59, was arrested Thursday night for unlawful interception of communications, a felony, Lincoln Police Officer Katie Flood said.

Stamler’s sister called police March 28 to say she found a recording device in the basement of her mother’s home that had been connected to the phone line, Flood said.

The woman played the tape, Flood said, and recognized her brother’s voice reciting date information. The device was set to record any time someone in the house picked up a phone. (more)

Saturday, April 6, 2013

Canadian Technical Security Conference (CTSC) - April 23-25, 2013

Canadian Technical Security Conference (CTSC) - April 23-25, 2013

The annual Canadian Technical Security Conference (CTSC) event (Cornwall, Ontario) is a three (3) day professional development and networking opportunity with a local, regional, national and international following of professional technical operators, TSCM specific and test & measurement based equipment manufacturers and service providers. 

The conference is being held at Strathmere, near Ottawa.
GPS Coordinates, Latitude 45.157216, Longitude 75.703858

This annual CTSC conference event is of special interest to local, regional and international technical security professionals from the private sector, corporate security industry, financial sector, oil, gas and mining sector, government, law enforcement and military organizations and agencies. (more) Contact: Paul D Turner, TSS TSI 

This is the conference's 8th year. Every year I hear reports about how worthwhile it is. Every year they schedule it when I am obligated to be elsewhere :(

Burglar Used SpyCams to Case High-Income Homes

The discovery of a hidden camera may help solve a series of break-ins at upscale homes in several North Texas cities.



"This one has already been camouflaged," said Dalworthington Gardens police Det. Ben Singleton, holding what looks like a piece of bark that would go unnoticed in most yards.

It's actually a video camera not much bigger than a matchbox, and it's activated by a motion detector. Such cameras turned up in March planted outside several upscale homes in Dalworthington Gardens.

"I've never seen anything like this," Singleton said. (more)

New Italian Cocktail "The Gepetto" - Thwarted by SpyCam

A retired Italian carpenter has been arrested after his sleuthing wife suspected he was trying to poison her and set about trying to prove it with the help of a spy alarm clock bought on the internet.
Click to enlarge.

The drama began in February in the northern Italian town of Dalmine, where the couple had reportedly lived for almost 40 years. The 61-year-old woman grew suspicious when some water brought to her by her husband created a burning sensation in her mouth.

The woman, who has not been named, sent it off for tests in a laboratory, which, when they came back, revealed the presence of hydrochloric acid.

Perturbed, the woman became even more worried when she found a bottle among her husband's things that had no label on it and was filled with a clear liquid. She sent that off to be analyzed, as well, and was told that it, too, was hydrochloric acid.

Police confirmed that she then took advice from relatives and bought a miniature video-camera-cum-alarm-clock, proceeding to film her husband in the kitchen. (more)

The Era of Women Spies is Returning

White House counterterrorism adviser Lisa Monaco is all poised to head the FBI, following last week's appointment of Julia Pierson as director of the Secret Service and an unnamed CIA agent will be the first woman to lead the agency's clandestine service. 

With these back-to-back developments, the era of women spies seems to have returned

Some of them became legends and remained in the history as picturesque creatures, who with their skill, grace, charm or nerve, pulled the strings behind the most delicate political movements of the world. 

Learn more about some of the most famous and sexy spy women...
• Mata Hari
Virginia Hall
Hedy Lamarr
Elizabeth Van Lew Belle Boyd
Sarah Emma Edmonds
Noor Inayat Khan

Friday, April 5, 2013

Amazing Drone Footage - Just for fun - Enjoy Your Weekend

The SkyMotion Video team provided the aerial video services for the 2012 Tourism Partnership of Niagara commercials for the Niagara Falls region shoot - making use of their state of the art remote controlled helicopter drone.



Niagara Falls has of course been filmed countless times in the past using full sized helicopters. However, with this remote controlled helicopter, the shoot was not limited by minimum altitude restrictions, and so was able to achieve shots which were unlike any before. Flying only a couple feet above the water, the camera was able to approach the waterfall edge to give the viewer a true sense of the shear scale of the world famous falls.

However, the Niagara region is not limited to just the falls. The surrounding area is full of beautiful landscapes with quaint towns, and world class vineyards. The area is full of life, and the hope is that these dynamic shots give a real sense of the variety of things offered by not only the falls, but by the region as a whole. (more) (more movies)


PS - The security tie-in's... 
• Law Enforcement - Crime scene documentation and assessment.
• Security Consultants - Security assessment surveys.

Apple's iMessage has DEA Tongue Tied

Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.

Click to enlarge.
An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge...

When Apple's iMessage was announced in mid-2011, Cupertino said it would use "secure end-to-end encryption." It quickly became the most popular encrypted chat program in history: Apple CEO Tim Cook said last fall that 300 billion messages have been sent so far, which are transmitted through the Internet rather than as more costly SMS messages carried by wireless providers. (more)


But... if messages are exchanged between an Apple device and a non-Apple device, they "can sometimes be intercepted, depending on where the intercept is placed." (more)

Security Consultant Alert - IAPSC Annual Conference in Napa, CA

NOTE: It is not too late to register. Be a hero. Take your significant other to Napa for a few days.

The International Association of Professional Security Consultants (IAPSC) Annual Conference is the largest and most exclusive gathering of top security consultants.

Their 2013 conference offers a wide range of topics focused on Security Consulting and Business Profitability, as well as, Technical, Forensic, and IT Security. 

Presenters will discuss security standards, best practices, risk management, promotional uses of media, including webinar development, marketing and communications techniques for consultants, retirement and selling your business, as well as technical and forensic security focused sessions.

Visit the conference website
View the conference program
Download the brochure
Register Now

Not yet an IAPSC Member? 

When you register to attend the conference, ask about special registration offer available exclusively to new members. (more)

I have been attending IAPSC conferences, each year, for about two decades. Every one has been well worth attending. I return to the office with a broader knowledge of security, fresh ideas about improving services to my clients, and recharged mental batteries. If you are on the fence about going, hop off... and into the vineyard. Try it once. You will see what I mean. Be sure to find me and say hello. ~Kevin

AppSec USA 2013 is Coming to NYC

Call for Papers NOW OPEN!
CareerFair
Events
(Capture the Flag, Battlebots, Lockpick Village, and more)


AppSec USA is a software security conference for technologists, auditors, risk managers, and entrepreneurs, gathering the world's top practitioner, to share the latest research and practices at the Marriott, NYC. It is hosted by OWASP. (Why you would want to attend.)

What is OWASP?


The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. 


Everyone is free to participate in OWASP and all of their materials are available under a free and open software license. 

You'll find everything about OWASP here on or linked from our wiki and current information on our OWASP Blog

OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide.

OWASP is a global group of volunteers with over 36,000 participants. (more)