Goldman Sachs Group Inc. is planning to ban traders from using some computer-messaging services in a bid to protect proprietary information at the heart of its sales-and-trading operation.
Under a new policy, the Wall Street firm won't allow person-to-person communication over instant-messaging (IM) services created by Bloomberg LP, Yahoo Inc., AOL Inc. and other third-party providers including Pivot Inc., according to a draft of a memo reviewed by The Wall Street Journal.
Goldman is seeking to prevent information from internal conversations from being filtered and disseminated beyond the bank's walls. The planned ban reflects a mistrust of technology developed by messaging-service providers that can make its traders more efficient but also be used to mine private communications for closely guarded intelligence on securities pricing. (more)
FutureWatch: Expect other financial institutions to follow.
Unintended Consequence: Scraping (a Wall Street term for collecting useful tidbits of info) attempts will continue as always, but it won't be easy pickings anymore. Conventional spycraft (bugging and wiretapping) worked before IM came along. It continues to work, and will become the best option again. Technical Surveillance Countermeasures (TSCM) inspections are the most cost-effective defense.
Friday, January 24, 2014
Wednesday, January 22, 2014
UPDATED - Privacy Journal's Compilation of State and Federal Privacy Laws
This new book includes new privacy laws on: demands for social-media passwords by employers and universities, use of credit reports by employers, new tracking technologies, new state restrictions on use and disclosure of Social Security numbers, plus updated chapters on credit reporting, medical, financial, testing in employment, insurance, government information, and much more, grouped by categories and listed alphabetically by states. Descriptions of state, federal, and Canadian laws are included.
Privacy Journal's Compilation of State and Federal Privacy Laws replaces the 2002 book and all subsequent supplements in one consolidated hard copy edition, 80 pages, ISBN is 9780930072568
It is also available in an electronic edition so that you may store it in your computer and search later by key words and states.
Contact:
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
www.privacyjournal.net
Also available from amazon.com.
Privacy Journal's Compilation of State and Federal Privacy Laws replaces the 2002 book and all subsequent supplements in one consolidated hard copy edition, 80 pages, ISBN is 9780930072568
It is also available in an electronic edition so that you may store it in your computer and search later by key words and states.
Contact:
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
www.privacyjournal.net
Also available from amazon.com.
JoJo's TSCM Adventure... as told to the court.
NJ - Former city recreation employee Charles Hall III testified Tuesday that Joseph “JoJo” Giorgianni gave him anti-surveillance device to try to detect an FBI bug hidden in the clubhouse next door to JoJo’s Steakhouse on Dec. 23, 2012.
Hall testified on the seventh day of testimony in Trenton Mayor Tony Mack’s trial on bribery and extortion charges in U.S. District Court.
Hall told the court that Giorgianni had him sweep for an FBI listening device to attempt to locate a government bug.
“Nothing really happened,” Hall said. “I don’t know if the device worked at the time.” (more)
Hall testified on the seventh day of testimony in Trenton Mayor Tony Mack’s trial on bribery and extortion charges in U.S. District Court.
Hall told the court that Giorgianni had him sweep for an FBI listening device to attempt to locate a government bug.
“Nothing really happened,” Hall said. “I don’t know if the device worked at the time.” (more)
Security Alert - Eavesdropping via the Chrome Browser
Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time...
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor.
The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor.
The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)
Surreptitious Recording in the Future
via The Wall Street Journal...
I've been snapping photos of everything in front of me for the last week. If we've passed, even for a moment, I probably have a picture of your face.
I'm not a spy, but I've been using gear you might associate with 007. New matchbook-size cameras that clip to your tie or shirt let you capture a day's worth of encounters, then upload them to the Internet to be remembered forever.
Why on Earth would anybody want to do that? After trying out two devices that recently began shipping, the $279 Narrative Clip and $399 Autographer, I think the answer for many will be why wouldn't you? (more)
The reporter, Geoffrey A. Fowler, goes on to say why these are inadequate for spy use, and reflects on the etiquette issues.
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
FutureWatch - We are still in the infancy of documenting our entire lives. The black box of the future could record your life 24/7, with personal data, e.g. health statistics, your five senses and emotional states. Imagine the problems. Would using one become mandatory for law enforcement purposes? In what ways will your black box be valuable to thieves and hackers? Ultimately, who owns your life?
I've been snapping photos of everything in front of me for the last week. If we've passed, even for a moment, I probably have a picture of your face.
I'm not a spy, but I've been using gear you might associate with 007. New matchbook-size cameras that clip to your tie or shirt let you capture a day's worth of encounters, then upload them to the Internet to be remembered forever.
Why on Earth would anybody want to do that? After trying out two devices that recently began shipping, the $279 Narrative Clip and $399 Autographer, I think the answer for many will be why wouldn't you? (more)
The reporter, Geoffrey A. Fowler, goes on to say why these are inadequate for spy use, and reflects on the etiquette issues.
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
FutureWatch - We are still in the infancy of documenting our entire lives. The black box of the future could record your life 24/7, with personal data, e.g. health statistics, your five senses and emotional states. Imagine the problems. Would using one become mandatory for law enforcement purposes? In what ways will your black box be valuable to thieves and hackers? Ultimately, who owns your life?
Sunday, January 19, 2014
Business Espionage: Bratz Bitch Slaps Barbie Over Spying to the Tune of $1 Billion
MGA Entertainment Inc. (MGA) filed a major trade secret theft lawsuit against Mattel Inc. on over reportedly stealing information at industry trade shows, and is seeking damages of at least $1 billion. This is the latest in a long-running battle between the two competing doll makers.
MGA claims that throughout a period of years, Mattel instructed its employees to engage in acts of "espionage and fraud" to steal MGA's trade secrets...
The Bratz doll makers claim that for a number of years, Mattel employees used a "Market Intelligence Department" to steal MGA's trade secrets under the aspices of an 11-page "How-to-Steal" manual. Mattel also reportedly set up "spies," who created false identities by printing fake business cards and used Mattel's accounting department to create mocked-up invoices to back up their fictional businesses in to better gain access to MGA's private showrooms.
MGA also claims that Mattel employees purchased small video recorders (paid for by Mattel) and cameras to photograph and videotape what they saw in private showrooms and industry trade shows. As a result, Mattel obtained highly confidential information about MGA's designs, price lists and marketing plans for unannounced future products in the highly popular Bratz line, according to MGA. (more)
MGA claims that throughout a period of years, Mattel instructed its employees to engage in acts of "espionage and fraud" to steal MGA's trade secrets...
The Bratz doll makers claim that for a number of years, Mattel employees used a "Market Intelligence Department" to steal MGA's trade secrets under the aspices of an 11-page "How-to-Steal" manual. Mattel also reportedly set up "spies," who created false identities by printing fake business cards and used Mattel's accounting department to create mocked-up invoices to back up their fictional businesses in to better gain access to MGA's private showrooms.
MGA also claims that Mattel employees purchased small video recorders (paid for by Mattel) and cameras to photograph and videotape what they saw in private showrooms and industry trade shows. As a result, Mattel obtained highly confidential information about MGA's designs, price lists and marketing plans for unannounced future products in the highly popular Bratz line, according to MGA. (more)
Husband's Intimate Tweets to Other Woman Posted on Net by Wife... and then...
One of India's most prominent politicians, Shashi Tharoor, has been caught in an excruciating cross-border Twitter scandal after his wife posted allegedly intimate text messages between the government minister and a Pakistani journalist on his social media account.
The latest Twitter tempest for Dr Tharoor, Minister for Human Resources, author and former senior UN official once mooted as a candidate for secretary-general, threatens not only to scuttle a promising political career and a three-year marriage but also expose the politician to further legal scrutiny over a 2010 Indian Premier League cricket bidding scandal that cost him his then job as a junior minister. (more) (background)
This just in...
Shashi Tharoor's wife was found dead in a luxury hotel room in Delhi after she went public on Twitter... (more)
The latest Twitter tempest for Dr Tharoor, Minister for Human Resources, author and former senior UN official once mooted as a candidate for secretary-general, threatens not only to scuttle a promising political career and a three-year marriage but also expose the politician to further legal scrutiny over a 2010 Indian Premier League cricket bidding scandal that cost him his then job as a junior minister. (more) (background)
This just in...
Shashi Tharoor's wife was found dead in a luxury hotel room in Delhi after she went public on Twitter... (more)
Wiretap Boast Makes Mr. Harden Criminal (Darwin Award)
The first of my 2014 Darwin Awards goes to...
OR- Daniel Devon Harden, 38, was arraigned Thursday afternoon on allegations of attempted murder, first-degree assault, second-degree assault and unlawful use of a weapon stemming from a stabbing at a Northeast Portland club on Sept. 23...
Portland police solved the case after Harden boasted about the stabbing, which was picked up during an unrelated federal wiretap investigation into a cocaine-trafficking ring, according to court records. (more)
OR- Daniel Devon Harden, 38, was arraigned Thursday afternoon on allegations of attempted murder, first-degree assault, second-degree assault and unlawful use of a weapon stemming from a stabbing at a Northeast Portland club on Sept. 23...
Portland police solved the case after Harden boasted about the stabbing, which was picked up during an unrelated federal wiretap investigation into a cocaine-trafficking ring, according to court records. (more)
Saturday, January 18, 2014
Drone Law News. A license to shoot 'um down! And, a brillant career move.
• Legislation has been introduced in the Missouri House of Representatives that would regulate the use of unmanned aerial vehicles (drones) and protect the privacy rights of citizens. (more)
• Deer Trail, Colorado - Wearing a black duster and a black cowboy hat, Phil Steel walked to the front of the meeting room armed with a Nerf gun and a smile. The U.S. Army veteran was there to pitch his big idea: an ordinance that would legalize and regulate drone hunting inside Deer Trail city limits. If approved, residents could pay $25 to get a drone-hunting license; the town would pay a bounty for every drone bagged.
Steel had hammered out the 2,800-word ordinance in just four hours. Its key points:
- When a drone flies into its airspace, Deer Trail will consider it an act of war.
- You can only shoot at drones flying lower than 1,000 feet.
- Unless your life is in danger, you can only fire up to three shots at a drone. (more)
He has already sold more than 60 of his own licenses online.
• ND - Rodney Brossart, a North Dakotan cattle rancher, was sentenced to three years in prison, with all but six months suspended, for terrorizing police officers who were trying to arrest him at his property in 2011. The strange case garnered national attention because it was the first time a law enforcement agency had used an unmanned aerial vehicle to assist in carrying out an arrest. (more)
• With a 34-2 vote, New Jersey’s State Senate approved a bill that provides some of the nation’s strongest protections against drone surveillance. The bill, which went through several incarnations since being introduced last spring, restricts how police, firefighters and other first responders can use drones... It also includes a ban on outfitting them with weapons. bada-bing-bada-no-boom (more)
FutureWatch - Career Alert - Employment Hope for Twitchy Fingered Youth
The Federal Aviation Administration estimates up to 7,500 commercial drones could be flying in national airspace within a few years... Several colleges now offering courses! (more) (more)
Click to enlarge. |
Steel had hammered out the 2,800-word ordinance in just four hours. Its key points:
- When a drone flies into its airspace, Deer Trail will consider it an act of war.
- You can only shoot at drones flying lower than 1,000 feet.
- Unless your life is in danger, you can only fire up to three shots at a drone. (more)
He has already sold more than 60 of his own licenses online.
• ND - Rodney Brossart, a North Dakotan cattle rancher, was sentenced to three years in prison, with all but six months suspended, for terrorizing police officers who were trying to arrest him at his property in 2011. The strange case garnered national attention because it was the first time a law enforcement agency had used an unmanned aerial vehicle to assist in carrying out an arrest. (more)
• With a 34-2 vote, New Jersey’s State Senate approved a bill that provides some of the nation’s strongest protections against drone surveillance. The bill, which went through several incarnations since being introduced last spring, restricts how police, firefighters and other first responders can use drones... It also includes a ban on outfitting them with weapons. bada-bing-bada-no-boom (more)
FutureWatch - Career Alert - Employment Hope for Twitchy Fingered Youth
The Federal Aviation Administration estimates up to 7,500 commercial drones could be flying in national airspace within a few years... Several colleges now offering courses! (more) (more)
The
Federal Aviation Administration estimates up to 7,500 commercial drones
could be flying in national airspace within a few years
Read more at http://www.toledoblade.com/local/2013/12/25/Ohio-students-eye-drone-jobs-Copy.html#2lCZsJDGZVL0iU62.99
Read more at http://www.toledoblade.com/local/2013/12/25/Ohio-students-eye-drone-jobs-Copy.html#2lCZsJDGZVL0iU62.99
The
Federal Aviation Administration estimates up to 7,500 commercial drones
could be flying in national airspace within a few years
Read more at http://www.toledoblade.com/local/2013/12/25/Ohio-students-eye-drone-jobs-Copy.html#2lCZsJDGZVL0iU62.99
Read more at http://www.toledoblade.com/local/2013/12/25/Ohio-students-eye-drone-jobs-Copy.html#2lCZsJDGZVL0iU62.99
Supreme Court to Consider if Police Need Warrants to Search Cellphones
The Supreme Court on Friday agreed to hear a pair of cases about whether the police need a warrant to search the cellphones of people they arrest, presenting a major test of the meaning of the Fourth Amendment in the digital age.
The court has long allowed warrantless searches in connection with arrests, saying they are justified by the need to find weapons and to prevent the destruction of evidence.
The question for the justices in the new cases is whether the potentially vast amounts of data held on smartphones warrant a different approach under the Fourth Amendment, which bars unreasonable searches.
The lower courts are divided. (more) (more) (GEICO Pig don't care.)
The court has long allowed warrantless searches in connection with arrests, saying they are justified by the need to find weapons and to prevent the destruction of evidence.
The question for the justices in the new cases is whether the potentially vast amounts of data held on smartphones warrant a different approach under the Fourth Amendment, which bars unreasonable searches.
The lower courts are divided. (more) (more) (GEICO Pig don't care.)
Obama on Digital Spying: Hey, Companies Do It, Too
In a much-anticipated speech, President Barack Obama took to the podium to introduce changes he aims to make to the National Security Administration's surveillance operations... Those in the business community may have been surprised that the president took a moment to remind Americans that spying isn't just a government practice.
Here's what the President said about corporate data tracking:
"Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes; that's how those targeted ads pop up on your computer or smartphone." (more)
Why does this remind me of my mother saying, "So, if George jumped off the roof would you do it too?"
Here's what the President said about corporate data tracking:
"Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes; that's how those targeted ads pop up on your computer or smartphone." (more)
Why does this remind me of my mother saying, "So, if George jumped off the roof would you do it too?"
Friday, January 17, 2014
Eye Spy - Scraping Info From Corneas
Advances in photography are rapidly making indirect spying possible. Reflections off of corneas, or any reflective surface, can be gleaned with off-the-shelf cameras and lenses.
Have a look...
You may want to close the blinds in your office. (more)
Have a look...
You may want to close the blinds in your office. (more)
Thursday, January 16, 2014
Surreptitious Workplace Recording - Jailer v Jailer
NJ - Federal prosecutors say the deputy director of the Hudson County jail used a website to illegally wiretap some of his fellow employees.
Kirk Eady turned himself in today and made his initial court appearance, where bail was set at $100,000 unsecured bond and he was order to surrender any firearms. Eady has been suspended without pay, Hudson County spokesman James Kennelly said today. Eady earns $120,000 annually...
Prosecutors say that between March and July 2012, Eady used a publicly available website to place telephone calls to four Hudson County jail employees. The website allowed Eady to conceal the telephone numbers from where the calls originated and also call and record two people simultaneously.
The site also made it appear that those people, and not Eady, originated the call. (more)
Kirk Eady turned himself in today and made his initial court appearance, where bail was set at $100,000 unsecured bond and he was order to surrender any firearms. Eady has been suspended without pay, Hudson County spokesman James Kennelly said today. Eady earns $120,000 annually...
Prosecutors say that between March and July 2012, Eady used a publicly available website to place telephone calls to four Hudson County jail employees. The website allowed Eady to conceal the telephone numbers from where the calls originated and also call and record two people simultaneously.
The site also made it appear that those people, and not Eady, originated the call. (more)
Kevin's Security Tip of the Day
With all the data breaches in the news recently, you may wonder if your information was plundered. Find out at Have I Been Pawned? Mine has:(
If so, it's time to scurry around and change your on-line passwords.
Need help?
Password generators.
Password managers.
Password strength testers.
Make sure your new passwords are not on this list...
The Top 500 Worst Passwords of All Time
How to Create Easy to Remember Secure Passwords...
You can create a memorable, secure password starting with a simple phrase. We call these "passphrases". For example, let's use a quote from Ogden Nash:
"Happiness is having a scratch for every itch."
If we use the first letter of each word, and substitute 4 for "for", we get:
Hihas4ei
This is a reasonably strong password but we can improve it a bit by adding some special characters:
#Hihas4ei:
Associating Web Sites...
We can use our new password on several different websites by adding a suffix with a mnemonic link to a particular site. Let's use the first letter and the next two consonants in the site name.
Just to add a bit more randomness we'll alternate upper-case and lower case, and if the first character in the site name is a vowel we'll start with upper-case. To mix things up a bit more we'll use the same rule to decide whether to add the site mnemonic to the left side or the right side.
#Hihas4ei:AmZ for Amazon
fBk#Hihas4ei: for Facebook
#Hihas4ei:YtB for YouTube
(more)
If so, it's time to scurry around and change your on-line passwords.
Need help?
Password generators.
Password managers.
Password strength testers.
Make sure your new passwords are not on this list...
The Top 500 Worst Passwords of All Time
How to Create Easy to Remember Secure Passwords...
You can create a memorable, secure password starting with a simple phrase. We call these "passphrases". For example, let's use a quote from Ogden Nash:
"Happiness is having a scratch for every itch."
If we use the first letter of each word, and substitute 4 for "for", we get:
Hihas4ei
This is a reasonably strong password but we can improve it a bit by adding some special characters:
#Hihas4ei:
Associating Web Sites...
We can use our new password on several different websites by adding a suffix with a mnemonic link to a particular site. Let's use the first letter and the next two consonants in the site name.
Just to add a bit more randomness we'll alternate upper-case and lower case, and if the first character in the site name is a vowel we'll start with upper-case. To mix things up a bit more we'll use the same rule to decide whether to add the site mnemonic to the left side or the right side.
#Hihas4ei:AmZ for Amazon
fBk#Hihas4ei: for Facebook
#Hihas4ei:YtB for YouTube
(more)
Wednesday, January 15, 2014
Your Automobile is Very Likely Spying on You
...but Republicans and Democrats in the U.S. Senate are uniting to put a stop to unfettered snooping via the "black boxes," or "event data recorders," placed in your car by automakers.
Is your car spying on you? If the vehicle is a fairly new model it probably is, thanks to a "black box" that collects data about what’s going on in your car. And there’s no off switch or way to opt out. By September all new cars sold in the United States will be required to have black boxes, or as they’re more formally called, "event data recorders."
"The amount of data that they record is vast. And it's not capped," said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation (EFF).
That’s just one way new technology installed in automobiles is invading our privacy. At the 2014 Consumer Electronics Show (CES) last week, Google and a handful of automobile manufacturers, including Audi, GM, Honda and Hyundai, announced a partnership designed to bring the Android mobile platform to vehicles. Those devices are capable of broadcasting your location, Web pages you may have looked at, stores you shopped in and much much more. Chevrolet, for example, showed off a camera mounted on the windshield that records the driver’s point of view and a microphone in the cabin records any noises made in the car.
...Consider what Ford’s top sales guy James Farley said at a CES event: "We know everyone who breaks the law. We know when you’re doing it. We have GPS in your car, so we know what you’re doing." Farley quickly retracted his impolitic remarks, but they give you insight into how seriously some automakers take your privacy. (more)
Is your car bugged?
See if you are on the list.
If so, read this.
~Kevin
Is your car spying on you? If the vehicle is a fairly new model it probably is, thanks to a "black box" that collects data about what’s going on in your car. And there’s no off switch or way to opt out. By September all new cars sold in the United States will be required to have black boxes, or as they’re more formally called, "event data recorders."
"The amount of data that they record is vast. And it's not capped," said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation (EFF).
That’s just one way new technology installed in automobiles is invading our privacy. At the 2014 Consumer Electronics Show (CES) last week, Google and a handful of automobile manufacturers, including Audi, GM, Honda and Hyundai, announced a partnership designed to bring the Android mobile platform to vehicles. Those devices are capable of broadcasting your location, Web pages you may have looked at, stores you shopped in and much much more. Chevrolet, for example, showed off a camera mounted on the windshield that records the driver’s point of view and a microphone in the cabin records any noises made in the car.
...Consider what Ford’s top sales guy James Farley said at a CES event: "We know everyone who breaks the law. We know when you’re doing it. We have GPS in your car, so we know what you’re doing." Farley quickly retracted his impolitic remarks, but they give you insight into how seriously some automakers take your privacy. (more)
Is your car bugged?
See if you are on the list.
If so, read this.
~Kevin
Labels:
Android,
business,
data,
FutureWatch,
law,
recording,
surveillance
Subscribe to:
Posts (Atom)