Have board, will travel. ~K3y5LingR |
Saturday, July 13, 2013
Attack of the Cyber Mercenaries
A British intelligence report says that other nations are hiring hackers to launch attacks against their enemies, a trend it described as particularly worrying.
The warning over cyber mercenaries came in an annual report published by Britain's Intelligence and Security Committee, a watchdog body of senior lawmakers that oversees Britain's spy agencies. (more)
Friday, July 12, 2013
Watergate Redux
The Dallas, Texas offices of law firm Schulman & Mathias were broken into two weeks ago by two burglars caught on surveillance camera. The two stole three computers. Damon Mathias, a partner at the firm, said
Attorneys said the burglars may have been hired to steal documents related to State Department whistleblower Aurelia Fedenisn, who is represented by the firm...
In early June, Fedenisn gave CBS News a draft State Department Inspector General report which offered the details of allegations that alleged sex crimes involving diplomats — including one U.S. ambassador who allegedly visited prostitutes — were ignored by State Department top officials. (more)
Time to sweep the office.
Attorneys said the burglars may have been hired to steal documents related to State Department whistleblower Aurelia Fedenisn, who is represented by the firm...
In early June, Fedenisn gave CBS News a draft State Department Inspector General report which offered the details of allegations that alleged sex crimes involving diplomats — including one U.S. ambassador who allegedly visited prostitutes — were ignored by State Department top officials. (more)
Time to sweep the office.
Monday, July 8, 2013
Free Webinar - Corporate Espionage via Mobile Device
Corporate Espionage via Mobile Device
Wednesday, July 10, 2013
02:00 PM Eastern DT (11:00 AM Pacific)
Duration: 45 Min
We discuss the topic of mobile risk and espionage via compromised mobile device. viaForensics' Director of R&D Thomas Cannon recently demonstrated "Corporate Espionage via a Mobile Device" as a proof of concept attack. In this demonstration, an innocent application is leveraged to harbor malware and exfiltrate data from a mobile device. The attacker is able to remotely activate phone features such as the camera and microphone, and the device can be used to bypass corporate defenses and infiltrate a corporate network. (Register)
Wednesday, July 10, 2013
02:00 PM Eastern DT (11:00 AM Pacific)
Duration: 45 Min
We discuss the topic of mobile risk and espionage via compromised mobile device. viaForensics' Director of R&D Thomas Cannon recently demonstrated "Corporate Espionage via a Mobile Device" as a proof of concept attack. In this demonstration, an innocent application is leveraged to harbor malware and exfiltrate data from a mobile device. The attacker is able to remotely activate phone features such as the camera and microphone, and the device can be used to bypass corporate defenses and infiltrate a corporate network. (Register)
Labels:
cell phone,
FREE,
Hack,
privacy,
spyware,
surveillance,
wiretapping
Saturday, July 6, 2013
How Eavesdropping Was Punished in Medieval Times
via Arika Okrent - theweek.com
The problem of eavesdropping dates back to the 1370s, according to one historian.
When people live together in small communities, they can be a great source of comfort and support to each other — but they can also really get on each other's nerves. Every community must figure out the best way to keep conflict to a minimum. In the late middle ages, English village courts tried to maintain equilibrium by imposing punishment for eavesdropping, scolding, and noctivagation (aimless night wandering), three offenses, as Marjorie McIntosh explains in her book Controlling Misbehaviour in England, 1370-1600, "often said in local records to be damaging to local harmony, goodwill, and peaceful relations between neighbors."
The term "eavesdropping" originally came from Anglo-Saxon laws against building too close to the border of your land, lest the rain running off your roof, the yfesdrype or "eaves drip," mess up your neighbor's property. "Eavesdropper" became the word for a person who stands within range of the eaves drip — too close — in order to listen in on what was going on inside the house...
Eavesdropping was best carried out under cover of darkness, hence the suspicion under which noctivagators, or "nightwalkers," were held. Anyone found to be wandering round at night without a good reason was assumed to be eavesdropping...
The problem with eavesdropping wasn't so much about notions of rights to privacy as about people who "perturbed the peace" by using the information they gained through eavesdropping to sow discord. Getting the goods on your neighbors might lead to scolding — verbally attacking, berating, stirring things up. Where eavesdropping might get you fined, the punishment for scolding could be much worse. Repeat scolders might get dunked in the water on the "cucking-stool" until they were thoroughly soaked and humiliated, or made to wear a "scold's bridle," an iron muzzle with a spiked gag to keep the tongue from moving.
..."for a good two hundred years, beginning in the 1370s, the medieval cocktail of eavesdropping and tale-telling comprised about 8 percent of all social crimes." (more)
The problem of eavesdropping dates back to the 1370s, according to one historian.
When people live together in small communities, they can be a great source of comfort and support to each other — but they can also really get on each other's nerves. Every community must figure out the best way to keep conflict to a minimum. In the late middle ages, English village courts tried to maintain equilibrium by imposing punishment for eavesdropping, scolding, and noctivagation (aimless night wandering), three offenses, as Marjorie McIntosh explains in her book Controlling Misbehaviour in England, 1370-1600, "often said in local records to be damaging to local harmony, goodwill, and peaceful relations between neighbors."
The term "eavesdropping" originally came from Anglo-Saxon laws against building too close to the border of your land, lest the rain running off your roof, the yfesdrype or "eaves drip," mess up your neighbor's property. "Eavesdropper" became the word for a person who stands within range of the eaves drip — too close — in order to listen in on what was going on inside the house...
Eavesdropping was best carried out under cover of darkness, hence the suspicion under which noctivagators, or "nightwalkers," were held. Anyone found to be wandering round at night without a good reason was assumed to be eavesdropping...
The problem with eavesdropping wasn't so much about notions of rights to privacy as about people who "perturbed the peace" by using the information they gained through eavesdropping to sow discord. Getting the goods on your neighbors might lead to scolding — verbally attacking, berating, stirring things up. Where eavesdropping might get you fined, the punishment for scolding could be much worse. Repeat scolders might get dunked in the water on the "cucking-stool" until they were thoroughly soaked and humiliated, or made to wear a "scold's bridle," an iron muzzle with a spiked gag to keep the tongue from moving.
..."for a good two hundred years, beginning in the 1370s, the medieval cocktail of eavesdropping and tale-telling comprised about 8 percent of all social crimes." (more)
"That ain't my phone." (Extra penalty point.)
Maryland Terrapins running back Wes Brown was arrested on charges of second-degree assault, theft under $1,000, and illegal use of wiretapping on Wednesday, Baltimore Police confirmed.
Police were attempting to question Brown as a person of interest in the investigation of a non-fatal shooting, police say, when the sophomore assaulted the officer and ran away. They say Brown was recording his conversation with the officer on a cellphone in his pocket, without the officer’s knowledge – a felony in the state of Maryland.
University of Maryland Police say the cell phone Brown used to record the officer was stolen. (more)
Police were attempting to question Brown as a person of interest in the investigation of a non-fatal shooting, police say, when the sophomore assaulted the officer and ran away. They say Brown was recording his conversation with the officer on a cellphone in his pocket, without the officer’s knowledge – a felony in the state of Maryland.
University of Maryland Police say the cell phone Brown used to record the officer was stolen. (more)
Living in La La Land - Where Nobody Spies
Canada's top corporate executives remain relatively unconcerned that their businesses are vulnerable to cyber attacks.
The latest C-Suite survey of business leaders shows that cyber-security is not a serious worry for a majority of those sitting in the nation’s corner offices.
Only 40 per cent say they are very or somewhat concerned about cyber-security threats to their companies. Even fewer say they think that businesses like theirs will likely be a target of an attack on the corporate computer system.
And more than 90 per cent of those who responded are confident in their organization’s efforts to protect their business from these threats... (more)
A voice in the wind...
Greg Hawkins, CEO of Yellowhead Mining Inc., agrees that companies should not be complacent... Firms that think they have the situation completely under control “are living in la la land,” he said.
The latest C-Suite survey of business leaders shows that cyber-security is not a serious worry for a majority of those sitting in the nation’s corner offices.
Only 40 per cent say they are very or somewhat concerned about cyber-security threats to their companies. Even fewer say they think that businesses like theirs will likely be a target of an attack on the corporate computer system.
And more than 90 per cent of those who responded are confident in their organization’s efforts to protect their business from these threats... (more)
A voice in the wind...
Greg Hawkins, CEO of Yellowhead Mining Inc., agrees that companies should not be complacent... Firms that think they have the situation completely under control “are living in la la land,” he said.
Friday, July 5, 2013
TSCM Bug Sweep Cost Question & Infrared Instrumentation Example
Security Director: "When I ask for TSCM bug sweep quotes I get some prices which seem incredibly low. Shouldn't everyone be in the same ballpark?"
Answer: There are many reasons for this. Most revolve around skimping by the vendor — on everything from insurance to training to instrumentation.
Let's look at one representative example, thermal imaging...
Most TSCM providers these days offer thermal imaging as a detection technique. The skimpers use ineffective, cheap cameras – just so they can claim this capability. It is a dishonest marketing ploy which lets skimpers "say" they are in the game.
Cost:
• Outdated and low-end utility thermal cameras are available on ebay for less than $2,000.
• High-sensitivity / resolution thermal cameras cost between $25,000-$50,000.
DIY Test:
A TSCM-capable infrared thermal camera will clearly show heat from a fingerprint after an object has been lightly and briefly, touched.
Generally speaking, low-cost equals low probability of detection. Effective TSCM service costs are driven by capital / educational investment... and sincere commitment.
Moral: A cheap sweep is worse than no sweep. Bugs aren't eliminated, just your sense of caution, and budget.
[sotto voce] If you like cartoons, hire a clown.
Answer: There are many reasons for this. Most revolve around skimping by the vendor — on everything from insurance to training to instrumentation.
Let's look at one representative example, thermal imaging...
Most TSCM providers these days offer thermal imaging as a detection technique. The skimpers use ineffective, cheap cameras – just so they can claim this capability. It is a dishonest marketing ploy which lets skimpers "say" they are in the game.
Cost:
• Outdated and low-end utility thermal cameras are available on ebay for less than $2,000.
• High-sensitivity / resolution thermal cameras cost between $25,000-$50,000.
DIY Test:
A TSCM-capable infrared thermal camera will clearly show heat from a fingerprint after an object has been lightly and briefly, touched.
Generally speaking, low-cost equals low probability of detection. Effective TSCM service costs are driven by capital / educational investment... and sincere commitment.
Moral: A cheap sweep is worse than no sweep. Bugs aren't eliminated, just your sense of caution, and budget.
[sotto voce] If you like cartoons, hire a clown.
Security Alert: 'Master key' to Android Phones Uncovered
If exploited, the bug would give attackers access to almost any Android phone.
A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.
The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.
The loophole has been present in every version of the Android operating system released since 2009.
Google said it currently had no comment to make on BlueBox's discovery...
The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves. (more)
The race is on between Google and The Cyber-thieves. We'll keep you posted. ~Kevin
A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.
Upon hearing the bad news Android wets itself. |
The loophole has been present in every version of the Android operating system released since 2009.
Google said it currently had no comment to make on BlueBox's discovery...
The danger from the loophole remains theoretical because, as yet, there is no evidence that it is being exploited by cyber-thieves. (more)
The race is on between Google and The Cyber-thieves. We'll keep you posted. ~Kevin
Thursday, July 4, 2013
Secret Recording of Rupert Murdoch's Staff Meeting Published
A recording from March earlier this year, obtained by investigative website Exaro, shows the 82-year-old... raging against the police and claiming that the inquiry into corrupt payments to public officials has been blown out of proportion.
Throughout the recording, which lasts about 45 minutes, the News Corp boss repeatedly accuses the police of incompetence - of being "unbelievably slow" he says at one point.
He belittles the corrupt payments issue. And for anyone convicted over it... (more)
Isn't it time to sweep your boardroom?
Throughout the recording, which lasts about 45 minutes, the News Corp boss repeatedly accuses the police of incompetence - of being "unbelievably slow" he says at one point.
He belittles the corrupt payments issue. And for anyone convicted over it... (more)
Isn't it time to sweep your boardroom?
How to Use Public Wi-Fi More Securely
via Eric Geier, PCWorld
- Every time you log in to a website, make sure that your connection is encrypted. The URL address should start with https instead of http.
- You also need to make sure that the connection stays encrypted for
all of your online session. Some websites, including Facebook, will
encrypt your log-in and then return you to an unsecured session—leaving
you vulnerable to hijacking, as discussed earlier.
- Many sites give you the option of encrypting your entire session.
You can do this with Facebook by enabling Secure Browsing in the
Security settings.
- When you check your email, try to login via the Web browser and ensure that your connection is encrypted (again, look for https
at the beginning of the URL). If you use an email client such as
Outlook, make sure your POP3 or IMAP and SMTP accounts are configured
with encryption turned on.
- Never use FTP or other services that aren’t encrypted.
- To encrypt your Web browsing and all other online activity, use a VPN, or virtual private network (this article will show you how).
- Keep in mind that private networks have similar vulnerabilities: Anyone nearby can eavesdrop on the network. Enabling WPA or WPA2 security will encrypt the Wi-Fi traffic, obscuring the actual communications, but anyone who also has that password will be able to snoop on the packets traveling over the network. This is particularly important for small businesses that don’t use the enterprise (802.1X) mode of WPA or WPA2 security that prevents user-to-user eavesdropping. (more)
Major Privacy Breach Discovered on Motorola Phones
An independent security researcher published proof this
week that Motorola phones with the Blur service installed are sending a
myriad of credentials and private information silently to Motorola
servers, as well as communicating via a modified version of the Jabber
protocol in a format reminiscent of botnet command-and-control.
The disclosure - which featured packet captures, screen shots, and a full analysis of all of the data being sent - includes reproduction instructions for anyone concerned about their Motorola phone behaving in a similar manner.
Impacted phone owners appear to have little recourse at this time, as the service responsible for this information disclosure cannot be removed without rooting the phone and installing a stock version of Android. (more)
The disclosure - which featured packet captures, screen shots, and a full analysis of all of the data being sent - includes reproduction instructions for anyone concerned about their Motorola phone behaving in a similar manner.
Impacted phone owners appear to have little recourse at this time, as the service responsible for this information disclosure cannot be removed without rooting the phone and installing a stock version of Android. (more)
Espionage is No Secret
Governments around the world are responding with outrage about the revelations from National Security Agency traitor Edward Snowden...
Are they really that outraged? Not likely. Only the childishly naïve would believe foreign governments were unaware of international espionage. Not only is the U.S. spying on foreign governments, including their allies, virtually every government in the world is engaged in espionage against every other government accessible to them...
Think allies don’t spy on each other? Think again... There isn’t room on this page to list the espionage activities of nations like China. For the curious, simply type, China espionage into any Internet search engine. (About 77,100,000 results)
The tactics used in the espionage world shock and surprise polite society because they seem underhanded and dishonest. And, usually, they are. Just as importantly, they are usually necessary evils. (more)
Your tax dollars at work, really.
Are they really that outraged? Not likely. Only the childishly naïve would believe foreign governments were unaware of international espionage. Not only is the U.S. spying on foreign governments, including their allies, virtually every government in the world is engaged in espionage against every other government accessible to them...
Think allies don’t spy on each other? Think again... There isn’t room on this page to list the espionage activities of nations like China. For the curious, simply type, China espionage into any Internet search engine. (About 77,100,000 results)
The tactics used in the espionage world shock and surprise polite society because they seem underhanded and dishonest. And, usually, they are. Just as importantly, they are usually necessary evils. (more)
Your tax dollars at work, really.
The Surveillance Group Ltd Denies Bugging the Ecuadorian Embassy
British security firm Surveillance Group Ltd has denied bugging the Ecuadorian Embassy in London.
We are waiting see if the embassy produces some substantial evidence to support their claim. After all, "What is in a name?" R&J (II, ii, 1-2)
"We have this morning heard an accusation the source of which is apparently Ricardo Patino, the Ecuadorian Foreign Minister suggesting that we have bugged the Ecuadorian Embassy.– Timothy Young, CEO, Surveillance Group Ltd. (Press Release - 04/07/2013)
This is completely untrue. The Surveillance Group do not and have never been engaged in any activities of this nature.
We have not been contacted by any member of the Ecuadorian Government and our first notification about this incident was via the press this morning.
This is a wholly untrue assertion."
We are waiting see if the embassy produces some substantial evidence to support their claim. After all, "What is in a name?" R&J (II, ii, 1-2)
Wednesday, July 3, 2013
Hidden Microphone Found at Embassy Where Julian Assange Resides
A hidden microphone has been found inside the Ecuadorean embassy in London, where the WikiLeaks founder Julian Assange is holed up, according to the country's foreign minister.
Ricardo Patiño said the device had been discovered a fortnight ago inside the office of the Ecuadorean ambassador, Ana Alban, while he was in the UK to meet Assange and discuss the whistleblower's plight with the British foreign secretary, William Hague.
"We regret to inform you that in our embassy in London we have found a hidden microphone," Patiño told a news conference in Quito on Tuesday.
"I didn't report this at the time because we didn't want the theme of our visit to London to be confused with this matter," he said.
"Furthermore, we first wanted to ascertain with precision the origin of this interception device in the office of our ambassador." (more)
Good luck.
In other news...
French company Spotter has developed an analytics tool that claims to have up to 80% accuracy in identifying sarcastic comments posted online.
Spotter says its clients include the Home Office, EU Commission and Dubai Courts. (more)
We retract the last comment.
Ricardo Patiño said the device had been discovered a fortnight ago inside the office of the Ecuadorean ambassador, Ana Alban, while he was in the UK to meet Assange and discuss the whistleblower's plight with the British foreign secretary, William Hague.
"We regret to inform you that in our embassy in London we have found a hidden microphone," Patiño told a news conference in Quito on Tuesday.
"I didn't report this at the time because we didn't want the theme of our visit to London to be confused with this matter," he said.
"Furthermore, we first wanted to ascertain with precision the origin of this interception device in the office of our ambassador." (more)
Good luck.
In other news...
French company Spotter has developed an analytics tool that claims to have up to 80% accuracy in identifying sarcastic comments posted online.
Spotter says its clients include the Home Office, EU Commission and Dubai Courts. (more)
We retract the last comment.
Subscribe to:
Posts (Atom)