Saturday, November 14, 2015

Visit Switzerland in June - Information Security and Cryptography Seminar

INFORMATION SECURITY AND CRYPTOGRAPHY, FUNDAMENTALS AND APPLICATIONS (June 13-15, 2016)

Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich

The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography. The seminar takes place in Zurich, Switzerland. The lectures and all course material are in English.

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects.

A full description of the seminar, including a detailed listing of topics covered, is available at www.infsec.ch

Friday, November 13, 2015

How to Stop Your Vizio TV form Spying On You

from vizio.com
Beginning October 31, 2015, VIZIO will use Viewing Data together with your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements.
These advertisements may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV...

Smart Interactivity is a feature on Internet-connected VIZIO televisions that recognizes onscreen content. Currently, we only use this feature to gather data on a non-personal or anonymous basis, as described below...

...your VIZIO Smart TV can intelligently recognize linear television and other content shown on the screen and in the future may display accompanying interactive features such as bonus features related to the content you are viewing, the ability to vote in polls, or advertisements that match your interests...

Smart Interactivity collects information from your product which triggers events, such as pop-ups, about what you are viewing. Follow the steps below on how to turn on or off Smart Interactivity based on the version of VIZIO Internet Apps (VIA) installed on your television.

Thursday, November 12, 2015

Security Director Alert - Don't Be a Business Espionage Target While Traveling

via http://seriouslyvc.com
The following list represents the most important procedures you and your colleagues should follow on your next trip abroad:
  1. Avoid disclosing your travel details to strangers.
  2. Never put electronics in your checked luggage.
  3. Consider traveling with a disposable cellphone (they are less susceptible to eavesdropping).
  4. Use a separate “throw-away” email to communicate with your family and 
coworkers (this prevents hackers from penetrating your company’s email 
system even after you have completed your trip).
  5. Consider installing an asymmetric email encryption program such as “Pretty Good Privacy” (PGP) on your computer, which allows you to encrypt and decrypt your email over the Internet.
  6. Put sensitive business documents on password-protected USB drives (such 
as “Iron Key” or “BitLocker”).
  7. Never use complimentary WiFi when traveling, unless absolutely necessary, and always use a trusted VPN.
  8. Never leave your sensitive business materials and/or electronics unattended 
in your hotel room — and your hotel safe is not safe! Carry all electronics with you at all times (hence, the need for smaller devices).
  9. If you spend time in the hotel bar, be cautious of what you say and to whom, 
because they are prime hunting grounds for espionage operatives.
  10. Be mindful of sexual entrapment (the Russians are still the masters of “honeypots” and have blackmailed many a business traveler into disclosing sensitive information in exchange for keeping their affairs secret).
  11. Use a strong passphrase (instead of password) containing up to 14-18 characters (and change it every 180 days or after every international trip).
  12. Make it a habit to power-off your devices when they are not in use. more

Book - How to Be a Spy - WWII Training Manual

In the early years of World War II, Special Operations Executive (SOE) set up top secret training schools to instruct prospective agents in the art of being a spy.

By the end of 1941, an international network of schools was in operation in secluded locations ranging from the Scottish Highlands to Singapore and Canada.

How to Be a Spy reproduces the extensive training manuals used to prepare agents for their highly dangerous missions behind enemy lines. The courses cover a variety of clandestine skills including disguise, surveillance, burglary, interrogation, close combat, and assassination - everything needed to wreak havoc in occupied Europe.

Contest - Tell Us Everything You Know About this Wiretapping Device

I am guessing anyone who as ever used this is now pushing up punchdown blocks.
But, there is a nice prize for the person who can tell us about this device...
   • the manufacturer,
   • who used this device,
   • approximate year of manufacturer.
BONUS PRIZE if you send me the manual.
Information you submit will be shared below.
Enter HERE.

Winner: RH - Regarding your mystery wiretapping device, it is a Western Electric model 300ABC telephone line recording unit. Western Electric was the manufacturing company of AT&T up until the mid-90s, and furnished a lot of kit for the military. Based on the design and housing of this unit, it was likely manufactured some time between 1939 and 1946. While this could be used for wiretapping, these devices were common in military command posts were it would be used to record phone conversations between officers, and the recording would subsequently be transcribed and filed.

(Additional insights welcome.)

Slurpee Sound Cups - Now Imagine a Cup Made with Wiretaps

By now, you probably know all about 7 Eleven's Bring Your Own Cup Day, the minimart's annual event during which anyone can bring practically any sort of container into the store and fill it up with Slurpee, all for the same low price.
Well, earlier this fall during BYO Cup Day in Australia, 7 Eleven, along with its agency Leo Burnett Melbourne, took the cup idea up a notch by allowing consumers to fill up radio ads with Slurpee.

Come again? Yes, radio ads became drink containers in the inventive campaign "Slurpee Sound Cup" campaign. 7 Eleven took the sound waves of three radio spots, themed around Viking opera, Brazilian soccer fans and randy whales, and transformed them into a series of distinctive 3D-printed vessels that were given away to Slurpee fans for the big day. Consumers could also download the 3D files and make the cups themselves. video

Big Taps in The Big House

Thousands of confidential phone conversations between inmates and their lawyers have been recorded 
by a leading prison phone company that also serves New York City jails — a major data breach exposed by a hacker, according to a report.

The anonymous hacker believes the company, Securus Technologies, is violating prisoners’ constitutional rights by recording privileged conversations, The Intercept reported Wednesday.

Of 70 million phone-call records obtained by The Intercept, 14,000 were for legally protected calls made to prisoners’ attorneys, The Intercept said. more

Wednesday, November 11, 2015

Uninstall InstaAgent From Your Phone Now

By
If you’re one of the thousands of people with an app named Who Viewed Your Profile – InstaAgent installed on your smartphone, stop using it and delete it right now.

Why? Because it’s stealing your password, transferring it to a server, and then posting images on your Instagram account suggesting others should also download the app.

The app is a third-party Instagram client that promised to tell you who visited your Instagram account, something it could only do once you’d handed over your username and password. This function was never carried out, and the app’s sole intention was to steal Instagram logins. more

Wednesday, November 4, 2015

Dial 12339 To Report a Spy in China (Let the SWATing Begin)

China has set up a new national hot line for reporting “spies” as authorities grow increasingly sensitive over national security issues. 

The new service was set up by officials in the north-eastern province of Jilin, the local New Cultural Newspaper said Sunday, with reports saying those who suspect “espionage activity” can call 12339.


“The hot line targets foreign organizations and individuals who conduct espionage activities or who instigate and sponsor others in conducting them,” the fiercely nationalist Global Times newspaper said.

A list of "guidelines" to help people identify spies appeared on Chinese social media soon after the hot line was announced, however it was unclear where it originated.

Potential spies included “those with vague job tiles and a lot of money” and “those who bring up controversial topics at parties and then only observe the discussion”, said the guidelines, which had been shared widely on Chinese messaging app Wechat. more

"If You're Not Paranoid, You're Crazy"

An excellent, thought provoking article on how others are predicting our next moves...

(excerpt from Walter Kirn's article in The Atlantic.) "I was already growing certain that we, the sensible majority, owe plenty of so-called crackpots a few apologies. We dismissed them, shrugging off as delusions or urban legends various warnings and anecdotes that now stand revealed, in all too many instances, as either solid inside tips or spooky marvels of intuition.

The Mormon elder who told me when I was a teenager back in 1975 that people soon would have to carry “chips” around or “be banished from the marketplace.”

The ex–Army ranger in the 1980s who said an “eye in the sky” could read my license plate.

The girlfriend in 1993 who forbade me to rent a dirty video on the grounds that “they keep lists of everything.”

The Hollywood actor in 2011 who declined to join me on his sundeck because he’d put on weight and a security expert had advised him that the paparazzi were flying drones.

The tattooed grad student who, about a year before Edward Snowden gave the world the lowdown on code-named snooping programs such as PRISM and XKeyscore, told me about a childhood friend of his who worked in military intelligence and refused to go to wild parties unless the guests agreed to leave their phones locked outside in a car trunk or a cooler, preferably with the battery removed, and who also confessed to snooping on a girlfriend through the camera in her laptop.

The night I vowed never again to mock such people, in January 2014, I was standing knee-deep in a field of crusty snow at the edge of a National Guard base near Saratoga Springs, Utah, a fresh-from-the-factory all-American settlement, densely flagpoled and lavishly front-porched, just south of Salt Lake City. Above its rooftops the moon was a pale sliver, and filling the sky were the sort of ragged clouds in which one might discern the face of Jesus. I had on a dark jacket, a dark wool cap, and a black nylon mask to keep my cheeks from freezing.

The key would be surviving those first days after the ATMs stopped working and the grocery stores were looted bare.

I’d gone there for purposes of counterespionage..." more

Smart Sheriff Chased Out of Town

Remember our Smart Sheriff post from May? 
South Korea created this spyware for cell phones. 
I'll wait while you check it out.

UPDATE: South Korea pulls plug on child monitoring app
The most widely used child surveillance app in South Korea is being quietly pulled from the market after security specialists raised serious concerns about the program’s safety...

Smart Sheriff’s disappearance is awkward news for South Korea’s effort to keep closer tabs on the online lives of its youngest citizens.


A law passed in April requires all new smartphones sold to those 18 and under to be equipped with software that parents can use to snoop on their kids’ social media activity. Smart Sheriff, the most popular of more than a dozen state-approved apps, was meant to keep children safe from pornography, bullying, and other threats, but experts say its abysmal security left the door wide open to hackers and put the personal information of some 380,000 users at risk. more

Friday, October 30, 2015

Security Director Alert - 80% Chance Your Card Key System Can Be Bypassed

A device the size of a quarter that can be installed in 60 seconds on a proximity card reader could potentially be used to break physical access controls in 80 percent of deployments.

The device, dubbed BLEKey, is used to read cleartext data sent from card readers to door controllers to either clone cards or feed that data to a mobile application that can be used to unlock doors at any number of installations.

The hack unveiled at Black Hat is worrisome for facilities reliant on proximity cards and readers for access to buildings in critical industries or enterprises. Researchers Eric Evenchick, an embedded systems architect at electric car manufacturer Faraday Future, and Mark Baseggio, a managing principal consultant at Optiv (formerly Accuvant), used the ubiquitous HID cards and readers in a number of successful demos during their talk, but said that it’s likely the same weaknesses that facilitate their attacks are present in devices from other manufacturers. more video

Really Scary: 29:35 minutes into the video they explain how to make a card-key interceptor, stick it into a back pack, go to the target workplace, get in an elevator with employees (or just close to one of them), secretly read everyone's cards, and make a clone card.
Happy Halloween ~Kevin

The Disorderly Orderly, or Spycam Peek-A-Boo in the ICU

India - Police have arrested a 30-year-old male orderly of Rajiv Gandhi Cancer Institute and Research Centre

on charges of filming women after allegedly putting up spy camera in changing room for nurses.

A nurse spotted the spy camera in the changing room inside the intensive care unit (ICU) on the third floor and alerted a security guard, said sources.

Police have reportedly recovered two obscene video clips from his spy camera, which was installed for around 12 hours, said sources. Police will now try to retrieve deleted data, added the sources. more

Police vs Spy Blimp in PA - Shotguns Preveil

PA - State police used shotguns Thursday to deflate a wayward military surveillance blimp that broke loose in Maryland and floated for hours before coming down into trees in the Pennsylvania countryside.

Curious residents trickled into a staging area as the military began gathering up some 6,000 feet of tether, the blimp’s huge hull and a smaller tail piece, a process expected to take at least through Friday.

The white behemoth still had helium in its nose when it went down in a steep ravine on Wednesday afternoon, and the easiest way to drain the gas was to shoot it, U.S. Army Captain Matthew Villa said. State police troopers peppered the blimp with about 100 shots. more How it all started.

The Ultimate Spy vs Spy

via Mark Frauenfelder, Boing Boing
It was a wordless one-page comic about two oddly pointy faced spies, one dressed in black and the other dressed in white. Other than their different colored outfits, they behaved identically. They hated each other and created elaborate Rube Goldberg type machines to try to kill each other. Sometimes their machines worked, often, they’d backfire. They were tricky but usually too clever for their own good.


This anthology colorizes 150 “Spy vs Spy” comics drawn by Antonio Prohías from 1961 until his death in 1987. The book also includes a collection of “Spy vs Spy” comics by the talented cartoonist Peter Kuper, who took over the strip when Prohías died. The anthology features a section of wonderful “Spy vs Spy” tribute drawings by noted cartoonists such as Peter Bagge, Bob Staake, Darwyn Cooke, Gilbert and Jaime Hernandez, and Bill Sienkiewicz. There’s also a biography of the Cuban-born Prohíasm and a new 4-page color strip by MAD luminary Sergio Aragones about his friendship with Prohías. With all the new material here, this book is a must for anyone who loves “Spy vs Spy.”

Spy Vs Spy: An Explosive Celebration
by Antonio Prohías and Peter Kuper
Liberty Street, 2015, 224 pages, 8.8 x 0.8 x 11.2 inches
$16.46 at Amazon