...review the sites you've allowed to access your microphone and camera in Chrome.
1. Open Chrome, and type chrome://settings/contentExceptions#media-stream into the Omnibar.
2. You'll see the Media Exceptions screen, where you can see which host names have permissions to your microphone and camera, and which of those two each site has access to.
3. Highlight any site you want to remove, and click the "x" on the right side of the line.
4. Save your changed by clicking Done.
PCWorld also notes that if you prefer, you can just go to: chrome://settings/content Scroll down to Media, and instead of "Ask me when a site wants to use a plug-in to access my camera and microphone" (which is the default setting), select "Do not allow any sites to access my camera and microphone," which is kind of the nuclear option.
Doing this will also disable features like Google's Conversational Search, which can be pretty useful, likely break any voice integration with Google Now (which will arrive in Chrome any day now), and disable any other voice-activated features in Chrome or elsewhere on the web. (more) (background)
Sunday, January 26, 2014
800+ Detained in China for Illegal Surveillance
Chinese police have arrested over 800 people suspected of producing, selling and using illegal wiretapping and photography equipment to conduct surveillance.
Through joint efforts by police from 14 provincial regions, 13 production facilities have been destroyed and 67 groups associated with illegal wiretapping equipment have been uncovered in the action, the Ministry of Public Security said.
The police have uncovered over 1,550 criminal cases involving the use of wiretapping equipment in blackmail, kidnapping, illegal detention and other crimes. Over 15,000 sets of equipment for covert tracking, positioning, photographing and recording have been confiscated, state-run Xinhua news agency reported today. (more) (sing-a-long)
Through joint efforts by police from 14 provincial regions, 13 production facilities have been destroyed and 67 groups associated with illegal wiretapping equipment have been uncovered in the action, the Ministry of Public Security said.
The police have uncovered over 1,550 criminal cases involving the use of wiretapping equipment in blackmail, kidnapping, illegal detention and other crimes. Over 15,000 sets of equipment for covert tracking, positioning, photographing and recording have been confiscated, state-run Xinhua news agency reported today. (more) (sing-a-long)
Cell Phone Snitch Stories
Butt Dialing Law Suit Busted
KY - A federal judge has dismissed a lawsuit filed by Kenton County Airport Board Chairman Jim Huff and his wife after an airport secretary that Huff called accidentally overheard their private conversation... Huff accidentally dialed secretary Carol Spaw while on a business trip. Spaw overheard Huff discussing ways to demote the Cincinnati/Northern Kentucky International Airport's chief executive officer or get her to resign... Spaw took notes on the conversation and recorded a portion of it... (The judge) ruled that even though the cell phone call was accidental, Spaw was under no obligation to hang up. (more)
Butt Photos Proved It
A suspicious Kuwait man thought it was his chance to verify whether his wife is loyal to him when she went out and left her mobile phone at home. As he surfed through the phone’s files, he got the shock of his life when he saw obscene pictures of her with another man... “The man rushed to the police station and showed them what he found on his wife’s mobile. “He accused her of adultery and police decided to summon the wife to face her with the charges,” the Kuwaiti daily Al Shahid said. (more)
KY - A federal judge has dismissed a lawsuit filed by Kenton County Airport Board Chairman Jim Huff and his wife after an airport secretary that Huff called accidentally overheard their private conversation... Huff accidentally dialed secretary Carol Spaw while on a business trip. Spaw overheard Huff discussing ways to demote the Cincinnati/Northern Kentucky International Airport's chief executive officer or get her to resign... Spaw took notes on the conversation and recorded a portion of it... (The judge) ruled that even though the cell phone call was accidental, Spaw was under no obligation to hang up. (more)
Butt Photos Proved It
A suspicious Kuwait man thought it was his chance to verify whether his wife is loyal to him when she went out and left her mobile phone at home. As he surfed through the phone’s files, he got the shock of his life when he saw obscene pictures of her with another man... “The man rushed to the police station and showed them what he found on his wife’s mobile. “He accused her of adultery and police decided to summon the wife to face her with the charges,” the Kuwaiti daily Al Shahid said. (more)
Saturday, January 25, 2014
Tennessee Bill Would Shut Down NSA Spy Center
Legislators in Tennessee have introduced a bill that would ban the state from providing water and electricity to an NSA data center which is currently involved in building supercomputers designed to crack encrypted data.
The Fourth Amendment Protection Act, which mirrors legislation introduced in other states, would prohibit local and state agencies from “providing material support to…any federal agency claiming the power to authorize the collection of electronic data or metadata of any person pursuant to any action not based on a warrant.”
The bill also disincentivizes local companies from doing business with the NSA. (more)
Interestingly, Tennessee is the home of the most patriotic city in the U.S., Knoxville, and the largest manufacturer of counterspy gear in the U.S., REI. Tennessee's slogan, "America at its best."
The bill also disincentivizes local companies from doing business with the NSA. (more)
Interestingly, Tennessee is the home of the most patriotic city in the U.S., Knoxville, and the largest manufacturer of counterspy gear in the U.S., REI. Tennessee's slogan, "America at its best."
Two New Android Spyware Issues
Hop, Skip and a Bank Bug...
Malware capable of infecting Android handsets using Windows PCs and laptops has been uncovered targeting developers.
Security response manager at Symantec Alan Neville told V3 the malware is atypical as it uses a two-stage attack process to jump from Windows PCs to Android handsets.
"It starts with a Trojan that when executed creates a new service on a Windows machine," he said. "It then targets Android devices that connect on USB. It uses the Android debugging bridge to deliver the Fakebank Trojan." Fakebank is a notorious Trojan designed to take victims' financial data. (more)
Fake Security App Intercepts Calls and Texts...
Researchers have discovered a new Android malware family that disguises itself as a security app, and intercepts the incoming texts and calls of victims.
According to Hitesh Dharmdasani, a malware researcher... six variants of the Android malware, dubbed “HeHe,” have been detected by the firm.
On Wednesday, Dharmdasani told SCMagazine.com that the free app is most likely infecting users via third party app marketplaces or through SMS spam. (more)
Malware capable of infecting Android handsets using Windows PCs and laptops has been uncovered targeting developers.
Security response manager at Symantec Alan Neville told V3 the malware is atypical as it uses a two-stage attack process to jump from Windows PCs to Android handsets.
"It starts with a Trojan that when executed creates a new service on a Windows machine," he said. "It then targets Android devices that connect on USB. It uses the Android debugging bridge to deliver the Fakebank Trojan." Fakebank is a notorious Trojan designed to take victims' financial data. (more)
Fake Security App Intercepts Calls and Texts...
Researchers have discovered a new Android malware family that disguises itself as a security app, and intercepts the incoming texts and calls of victims.
According to Hitesh Dharmdasani, a malware researcher... six variants of the Android malware, dubbed “HeHe,” have been detected by the firm.
On Wednesday, Dharmdasani told SCMagazine.com that the free app is most likely infecting users via third party app marketplaces or through SMS spam. (more)
War On Drones Drones On War
NH - Rep. Neal M. Kurk (R) has introduced a bill that would limit the use of drones in the Granite State.
HB1620 is similar to a bill introduced earlier in the session by Rep. Joe Duarte, but takes things a step further by applying the prohibition to drone use by the federal government and including penalties for violating its provisions.
Kurk’s proposed legislation regulates the use of drones by governments, as well as individuals. It requires search warrants, levies fines, and does not allow for the lethal or nonlethal arming of drones in the state. (more)
Hope they include some reasonable exemptions, like flying model aircraft and FedEx hospital to hospital deliveries of transplant organs.
Friday, January 24, 2014
Conflicting Reports About the Turkish President's Bug
Turkey - The Supreme Court of Appeals denied a report saying that an apparatus used to reflect signals from a bugging device found in Prime Minister Recep Tayyip Erdoğan's office in Ankara in 2012 was found that same year on the roof of the top court's headquarters.
The Milliyet daily reported that the signal from a bugging device found in Erdoğan's office was found to be reflected by an apparatus installed on the roof of the Supreme Court of Appeals' headquarters, which is very close to the former Prime Ministry Office in Ankara, during technical inspections of the court's headquarters soon after the bugging devices were found. (more)
Coincidentally...
Turkish gov't to increase penalties for illegal wiretapping
The penalties for illegal wiretapping are to be strengthened in a government-led draft law which has stirred reactions from the opposition for increasing the justice minister’s power on the judiciary.
The draft law, on which the government is currently working, will increase the penalties for illegal wiretapping as well as limiting the wiretapping done by the permission of Turkey’s Directorate of Telecommunication (TİB), which is the sole authority over all of the wiretapping and surveillance activities of security units.
The penalties for those who leaked the wiretappings will be increased. The penalties for the officials, who used their authority to wiretap illegally, will also be regulated with the draft law. The use of wiretapping and audio surveillance as part of the investigations will be limited. (more)
The Milliyet daily reported that the signal from a bugging device found in Erdoğan's office was found to be reflected by an apparatus installed on the roof of the Supreme Court of Appeals' headquarters, which is very close to the former Prime Ministry Office in Ankara, during technical inspections of the court's headquarters soon after the bugging devices were found. (more)
Coincidentally...
Turkish gov't to increase penalties for illegal wiretapping
The penalties for illegal wiretapping are to be strengthened in a government-led draft law which has stirred reactions from the opposition for increasing the justice minister’s power on the judiciary.
The draft law, on which the government is currently working, will increase the penalties for illegal wiretapping as well as limiting the wiretapping done by the permission of Turkey’s Directorate of Telecommunication (TİB), which is the sole authority over all of the wiretapping and surveillance activities of security units.
The penalties for those who leaked the wiretappings will be increased. The penalties for the officials, who used their authority to wiretap illegally, will also be regulated with the draft law. The use of wiretapping and audio surveillance as part of the investigations will be limited. (more)
Spybusters Tip #873 - Eavesdropping on Foscam IP Video Cameras
The following Foscam MJPEG based video cameras (firmware version .54) can be accessed without a password: FI8904W, FI8905E, FI8905W, FI8906W, FI8907W, FI8909W, FI8910E, FI8910W, FI8916W, FI8918W, FI8919W
Foscam will be posting a firmware upgrade on their website to fix this issue. Unfortunately, most users will never know about it.
Test Your Camera - A quick way to verify and confirm if your camera has this issue:
1. Enter your camera's IP address in your web browser. Example: 192.168.1.101
2. When you see the password screen do not enter a User Id and Password. Simply click the OK button. If you see your camera, you have the problem.
Use this work-around for temporary protection (here), and be sure to upgrade the firmware when it becomes available (here).
Foscam will be posting a firmware upgrade on their website to fix this issue. Unfortunately, most users will never know about it.
Test Your Camera - A quick way to verify and confirm if your camera has this issue:
1. Enter your camera's IP address in your web browser. Example: 192.168.1.101
2. When you see the password screen do not enter a User Id and Password. Simply click the OK button. If you see your camera, you have the problem.
Use this work-around for temporary protection (here), and be sure to upgrade the firmware when it becomes available (here).
Plan to Ban Instant Messaging has Unintended Consequences
Goldman Sachs Group Inc. is planning to ban traders from using some computer-messaging services in a bid to protect proprietary information at the heart of its sales-and-trading operation.
Under a new policy, the Wall Street firm won't allow person-to-person communication over instant-messaging (IM) services created by Bloomberg LP, Yahoo Inc., AOL Inc. and other third-party providers including Pivot Inc., according to a draft of a memo reviewed by The Wall Street Journal.
Goldman is seeking to prevent information from internal conversations from being filtered and disseminated beyond the bank's walls. The planned ban reflects a mistrust of technology developed by messaging-service providers that can make its traders more efficient but also be used to mine private communications for closely guarded intelligence on securities pricing. (more)
FutureWatch: Expect other financial institutions to follow.
Unintended Consequence: Scraping (a Wall Street term for collecting useful tidbits of info) attempts will continue as always, but it won't be easy pickings anymore. Conventional spycraft (bugging and wiretapping) worked before IM came along. It continues to work, and will become the best option again. Technical Surveillance Countermeasures (TSCM) inspections are the most cost-effective defense.
Under a new policy, the Wall Street firm won't allow person-to-person communication over instant-messaging (IM) services created by Bloomberg LP, Yahoo Inc., AOL Inc. and other third-party providers including Pivot Inc., according to a draft of a memo reviewed by The Wall Street Journal.
Goldman is seeking to prevent information from internal conversations from being filtered and disseminated beyond the bank's walls. The planned ban reflects a mistrust of technology developed by messaging-service providers that can make its traders more efficient but also be used to mine private communications for closely guarded intelligence on securities pricing. (more)
FutureWatch: Expect other financial institutions to follow.
Unintended Consequence: Scraping (a Wall Street term for collecting useful tidbits of info) attempts will continue as always, but it won't be easy pickings anymore. Conventional spycraft (bugging and wiretapping) worked before IM came along. It continues to work, and will become the best option again. Technical Surveillance Countermeasures (TSCM) inspections are the most cost-effective defense.
Wednesday, January 22, 2014
UPDATED - Privacy Journal's Compilation of State and Federal Privacy Laws
This new book includes new privacy laws on: demands for social-media passwords by employers and universities, use of credit reports by employers, new tracking technologies, new state restrictions on use and disclosure of Social Security numbers, plus updated chapters on credit reporting, medical, financial, testing in employment, insurance, government information, and much more, grouped by categories and listed alphabetically by states. Descriptions of state, federal, and Canadian laws are included.
Privacy Journal's Compilation of State and Federal Privacy Laws replaces the 2002 book and all subsequent supplements in one consolidated hard copy edition, 80 pages, ISBN is 9780930072568
It is also available in an electronic edition so that you may store it in your computer and search later by key words and states.
Contact:
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
www.privacyjournal.net
Also available from amazon.com.
Privacy Journal's Compilation of State and Federal Privacy Laws replaces the 2002 book and all subsequent supplements in one consolidated hard copy edition, 80 pages, ISBN is 9780930072568
It is also available in an electronic edition so that you may store it in your computer and search later by key words and states.
Contact:
Lee Shoreham, Assistant to the Publisher
PRIVACY JOURNAL
PO Box 28577
Providence RI 02908
Phone: 401/274-7861
Fax: 401/274-4747
orders@privacyjournal.net
www.privacyjournal.net
Also available from amazon.com.
JoJo's TSCM Adventure... as told to the court.
NJ - Former city recreation employee Charles Hall III testified Tuesday that Joseph “JoJo” Giorgianni gave him anti-surveillance device to try to detect an FBI bug hidden in the clubhouse next door to JoJo’s Steakhouse on Dec. 23, 2012.
Hall testified on the seventh day of testimony in Trenton Mayor Tony Mack’s trial on bribery and extortion charges in U.S. District Court.
Hall told the court that Giorgianni had him sweep for an FBI listening device to attempt to locate a government bug.
“Nothing really happened,” Hall said. “I don’t know if the device worked at the time.” (more)
Hall testified on the seventh day of testimony in Trenton Mayor Tony Mack’s trial on bribery and extortion charges in U.S. District Court.
Hall told the court that Giorgianni had him sweep for an FBI listening device to attempt to locate a government bug.
“Nothing really happened,” Hall said. “I don’t know if the device worked at the time.” (more)
Security Alert - Eavesdropping via the Chrome Browser
Users of Google's Chrome browser are vulnerable to attacks that allow malicious websites to use a computer microphone to surreptitiously eavesdrop on private conversations for extended periods of time...
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor.
The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)
The attack requires an end user to click on a button giving the website permission to access the microphone. Most of the time, Chrome will respond by placing a blinking red light in the corresponding browser tab and putting a camera icon in the address bar—both indicating that the website is receiving a live audio feed from the visitor.
The privacy risk stems from what happens once a user leaves the site. The red light and camera icon disappear even though the website has the ability to continue listening in. (more)
Surreptitious Recording in the Future
via The Wall Street Journal...
I've been snapping photos of everything in front of me for the last week. If we've passed, even for a moment, I probably have a picture of your face.
I'm not a spy, but I've been using gear you might associate with 007. New matchbook-size cameras that clip to your tie or shirt let you capture a day's worth of encounters, then upload them to the Internet to be remembered forever.
Why on Earth would anybody want to do that? After trying out two devices that recently began shipping, the $279 Narrative Clip and $399 Autographer, I think the answer for many will be why wouldn't you? (more)
The reporter, Geoffrey A. Fowler, goes on to say why these are inadequate for spy use, and reflects on the etiquette issues.
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
FutureWatch - We are still in the infancy of documenting our entire lives. The black box of the future could record your life 24/7, with personal data, e.g. health statistics, your five senses and emotional states. Imagine the problems. Would using one become mandatory for law enforcement purposes? In what ways will your black box be valuable to thieves and hackers? Ultimately, who owns your life?
I've been snapping photos of everything in front of me for the last week. If we've passed, even for a moment, I probably have a picture of your face.
I'm not a spy, but I've been using gear you might associate with 007. New matchbook-size cameras that clip to your tie or shirt let you capture a day's worth of encounters, then upload them to the Internet to be remembered forever.
Why on Earth would anybody want to do that? After trying out two devices that recently began shipping, the $279 Narrative Clip and $399 Autographer, I think the answer for many will be why wouldn't you? (more)
The reporter, Geoffrey A. Fowler, goes on to say why these are inadequate for spy use, and reflects on the etiquette issues.
Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."
FutureWatch - We are still in the infancy of documenting our entire lives. The black box of the future could record your life 24/7, with personal data, e.g. health statistics, your five senses and emotional states. Imagine the problems. Would using one become mandatory for law enforcement purposes? In what ways will your black box be valuable to thieves and hackers? Ultimately, who owns your life?
Sunday, January 19, 2014
Business Espionage: Bratz Bitch Slaps Barbie Over Spying to the Tune of $1 Billion
MGA Entertainment Inc. (MGA) filed a major trade secret theft lawsuit against Mattel Inc. on over reportedly stealing information at industry trade shows, and is seeking damages of at least $1 billion. This is the latest in a long-running battle between the two competing doll makers.
MGA claims that throughout a period of years, Mattel instructed its employees to engage in acts of "espionage and fraud" to steal MGA's trade secrets...
The Bratz doll makers claim that for a number of years, Mattel employees used a "Market Intelligence Department" to steal MGA's trade secrets under the aspices of an 11-page "How-to-Steal" manual. Mattel also reportedly set up "spies," who created false identities by printing fake business cards and used Mattel's accounting department to create mocked-up invoices to back up their fictional businesses in to better gain access to MGA's private showrooms.
MGA also claims that Mattel employees purchased small video recorders (paid for by Mattel) and cameras to photograph and videotape what they saw in private showrooms and industry trade shows. As a result, Mattel obtained highly confidential information about MGA's designs, price lists and marketing plans for unannounced future products in the highly popular Bratz line, according to MGA. (more)
MGA claims that throughout a period of years, Mattel instructed its employees to engage in acts of "espionage and fraud" to steal MGA's trade secrets...
The Bratz doll makers claim that for a number of years, Mattel employees used a "Market Intelligence Department" to steal MGA's trade secrets under the aspices of an 11-page "How-to-Steal" manual. Mattel also reportedly set up "spies," who created false identities by printing fake business cards and used Mattel's accounting department to create mocked-up invoices to back up their fictional businesses in to better gain access to MGA's private showrooms.
MGA also claims that Mattel employees purchased small video recorders (paid for by Mattel) and cameras to photograph and videotape what they saw in private showrooms and industry trade shows. As a result, Mattel obtained highly confidential information about MGA's designs, price lists and marketing plans for unannounced future products in the highly popular Bratz line, according to MGA. (more)
Husband's Intimate Tweets to Other Woman Posted on Net by Wife... and then...
One of India's most prominent politicians, Shashi Tharoor, has been caught in an excruciating cross-border Twitter scandal after his wife posted allegedly intimate text messages between the government minister and a Pakistani journalist on his social media account.
The latest Twitter tempest for Dr Tharoor, Minister for Human Resources, author and former senior UN official once mooted as a candidate for secretary-general, threatens not only to scuttle a promising political career and a three-year marriage but also expose the politician to further legal scrutiny over a 2010 Indian Premier League cricket bidding scandal that cost him his then job as a junior minister. (more) (background)
This just in...
Shashi Tharoor's wife was found dead in a luxury hotel room in Delhi after she went public on Twitter... (more)
The latest Twitter tempest for Dr Tharoor, Minister for Human Resources, author and former senior UN official once mooted as a candidate for secretary-general, threatens not only to scuttle a promising political career and a three-year marriage but also expose the politician to further legal scrutiny over a 2010 Indian Premier League cricket bidding scandal that cost him his then job as a junior minister. (more) (background)
This just in...
Shashi Tharoor's wife was found dead in a luxury hotel room in Delhi after she went public on Twitter... (more)
Subscribe to:
Posts (Atom)