UK - Setting out in stark terms that the UK faces a growing threat of cyber-attacks from “states, serious crime gangs, hacking groups as well as terrorists”,
Cabinet Office Minister Matthew Hancock announced the launch of the National Cyber Security Centre (NCSC)...
Led by current Director General for Cyber at GCHQ, Ciaran Martin, the NCSC has been set up to ensure that people, public and private sector organisations and the critical national infrastructure of the UK are safer online. It will bring the UK’s cyber expertise together to transform how the UK tackles cyber security issues and seeks to establish itself as the authoritative voice on information security in the UK. more
Sunday, April 3, 2016
Dating Deck Stacked with Secret Eavesdrop Feature
Boompi works like most other dating apps...
Here’s the catch: If you’re a girl, you can invite your female friends to secretly join your private conversations, without your potential suitors ever knowing.
If you’re a girl on Boompi and you start a chat with someone, you can invite your girl friend to eavesdrop on that conversation at any time.
Your friend will be able to see every message sent since the beginning of the chat, and leave their own comments in the conversation, which only you will be able to see. And if you aren’t interested in finding a date and only want to read your friends’ chats, you can do that too—Boompi allows female users to use “Ghost Mode,” which makes sure guys never see their profile. more
Here’s the catch: If you’re a girl, you can invite your female friends to secretly join your private conversations, without your potential suitors ever knowing.
If you’re a girl on Boompi and you start a chat with someone, you can invite your girl friend to eavesdrop on that conversation at any time.
Your friend will be able to see every message sent since the beginning of the chat, and leave their own comments in the conversation, which only you will be able to see. And if you aren’t interested in finding a date and only want to read your friends’ chats, you can do that too—Boompi allows female users to use “Ghost Mode,” which makes sure guys never see their profile. more
Corporate Espionage: Move to Zap Zillo for $2 Billion
One of the most contentious fights in the history of real estate listings is going nuclear, thanks to a “staggering” claim of damages from Move in its trade secret theft lawsuit against Zillow.
According to legal documents obtained by HousingWire, Move, which operates Realtor.com for the National Association of Realtors, is claiming that Zillow owes the company $2 billion in damages over allegations of trade secret theft involving Errol Samuelson, who was once Move's chief strategy officer...
Move filed suit against Zillow after Samuelson left, alleging that Samuelson and Zillow stole trade secrets and proprietary information, and that they then made efforts to cover up the alleged theft...
The original lawsuit alleged breach of contract, breach of fiduciary duty and misappropriation of trade secrets and accused Samuelson of misappropriating trade secret information by acquiring it using improper means, and by copying it without authorization.
“Plaintiffs (Move) have asserted a huge case,” Zillow notes in the legal filing. “They claim $2 billion in damages, assert 46 separate trade secrets (not including the 1000-plus documents claimed as trade secrets in their entirety) and have assigned at least 29 different lawyers to prosecute their claims.” more
According to legal documents obtained by HousingWire, Move, which operates Realtor.com for the National Association of Realtors, is claiming that Zillow owes the company $2 billion in damages over allegations of trade secret theft involving Errol Samuelson, who was once Move's chief strategy officer...
Move filed suit against Zillow after Samuelson left, alleging that Samuelson and Zillow stole trade secrets and proprietary information, and that they then made efforts to cover up the alleged theft...
The original lawsuit alleged breach of contract, breach of fiduciary duty and misappropriation of trade secrets and accused Samuelson of misappropriating trade secret information by acquiring it using improper means, and by copying it without authorization.
“Plaintiffs (Move) have asserted a huge case,” Zillow notes in the legal filing. “They claim $2 billion in damages, assert 46 separate trade secrets (not including the 1000-plus documents claimed as trade secrets in their entirety) and have assigned at least 29 different lawyers to prosecute their claims.” more
Spy Agency Few Know Gets Free Land for HQ
A US spy agency's new $1.7 billion western headquarters will be constructed in St Louis, Missouri...
The National Geospatial-Intelligence Agency (NGA) hopes to build its new western HQ in north St Louis, where it was offered free land...
So what exactly is the NGA?
The NGA is part of the Department of Defense and works with the CIA and the Air Force to provide intelligence that is largely geographical in nature...
According to the NGA, "anyone who sails a U.S. ship, flies a U.S. aircraft, makes national policy decisions, fights wars, locates targets, responds to natural disasters, or even navigates with a cellphone relies on NGA." more
So what exactly is the NGA?
The NGA is part of the Department of Defense and works with the CIA and the Air Force to provide intelligence that is largely geographical in nature...
According to the NGA, "anyone who sails a U.S. ship, flies a U.S. aircraft, makes national policy decisions, fights wars, locates targets, responds to natural disasters, or even navigates with a cellphone relies on NGA." more
Saturday, April 2, 2016
The Erin Andrews $55,000,000 verdict: Can it happen to your property?
by David C. Tryon - Porter Wright Morris & Arthur LLC
If you own or manage a hotel or inn, the Erin Andrews $55,000,000 verdict probably caught your attention. You wonder, “could that happen to my hotel?” Yes it can...
One fact which has not been widely reported is that Andrews’ room was allegedly on a “secure floor” – a designation which likely has varying meanings to property owners and guests. Barrett was able to use his immediate proximity to tamper with the peep hole on Andrews door at an ideal time – allowing him to see from the outside in. A disturbing reality is that anyone can do this with a readily available $60 (or $12.99) device. Barrett then videoed Andrews nude in her room without being detected by the hotel staff. He later posted the video on the Internet, which subsequently went viral...
So, what steps can you take to prevent something like this from happening to your property? Start by having a very direct conversation with your staff about your security measures. Assess what efforts you have in place and if those efforts should be enhanced. Ask yourself these questions... more
PS - Hotels are not the only vulnerable targets. The term "property" easily expands to include: country clubs, gyms, schools, hospitals, and more. In fact, all corporate locations offering rest room / maternity room / changing room / shower and locker room facilities to their employees and visitors is at risk.
The best first steps to protecting yourself and your company:
1. Have a written Recording in the Workplace Policy in place.
2. Train security and facilities employees how to conduct inspections for spycams.
3. Conduct in-house spy camera inspections periodically, and document your efforts.
If you own or manage a hotel or inn, the Erin Andrews $55,000,000 verdict probably caught your attention. You wonder, “could that happen to my hotel?” Yes it can...
One fact which has not been widely reported is that Andrews’ room was allegedly on a “secure floor” – a designation which likely has varying meanings to property owners and guests. Barrett was able to use his immediate proximity to tamper with the peep hole on Andrews door at an ideal time – allowing him to see from the outside in. A disturbing reality is that anyone can do this with a readily available $60 (or $12.99) device. Barrett then videoed Andrews nude in her room without being detected by the hotel staff. He later posted the video on the Internet, which subsequently went viral...
So, what steps can you take to prevent something like this from happening to your property? Start by having a very direct conversation with your staff about your security measures. Assess what efforts you have in place and if those efforts should be enhanced. Ask yourself these questions... more
PS - Hotels are not the only vulnerable targets. The term "property" easily expands to include: country clubs, gyms, schools, hospitals, and more. In fact, all corporate locations offering rest room / maternity room / changing room / shower and locker room facilities to their employees and visitors is at risk.
The best first steps to protecting yourself and your company:
1. Have a written Recording in the Workplace Policy in place.
2. Train security and facilities employees how to conduct inspections for spycams.
3. Conduct in-house spy camera inspections periodically, and document your efforts.
Friday, April 1, 2016
Spycam Lawsuit: Female Oil Rig Worker Sues for $1 Million
It looked like a normal clothing hook -- small and unsuspecting, mounted on the back door of her sleeping quarters on the Transocean Deepwater oil rig.
But to her, for some reason it just didn't feel right.
"The rooms are pretty bare and minimum, so when you notice something that's different, it kind of sticks out to you."
Though 26, she'd been on plenty of rigs before. In fact, she'd spent much of her life dedicated to working offshore in the Gulf of Mexico. But she says she'd never seen something like this.
"It was out of place."
She dismissed the weird feeling and thought to herself, "Well, it must just be extra storage."
That was a Friday in August 2015. Four days later, the hook was gone. more
But to her, for some reason it just didn't feel right.
"The rooms are pretty bare and minimum, so when you notice something that's different, it kind of sticks out to you."
Though 26, she'd been on plenty of rigs before. In fact, she'd spent much of her life dedicated to working offshore in the Gulf of Mexico. But she says she'd never seen something like this.
"It was out of place."
She dismissed the weird feeling and thought to herself, "Well, it must just be extra storage."
That was a Friday in August 2015. Four days later, the hook was gone. more
Thursday, March 31, 2016
Security Director Alert: 20,000 Printers Under the Siege
The notorious hacker and troll Andrew Auernheimer, also known as “Weev,” just proved that the Internet of Things can be abused to spread hateful propaganda.
On Thursday, Auernheimer used two lines of code to scan the entire internet for insecure printers and made them automatically spill out a racist and anti-semitic flyer.
Hours later, several people started reporting the incident on social media, and eventually a few local news outlets picked up on the story when colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer.
Auernheimer detailed this “brief experiment,” as he called it, in a blog post on Friday. Later, in a chat, he said that he made over 20,000 printers put out the flyer, and defended his actions. more
Imagine the chaos if he sent a more realistic version of the coupon shown above, or false documents to internal company printers. Make sure all printers associated with your company operate in a secure manner – internal and home office units. Don't forget to check for insecure Wi-Fi settings as well. Need help? Call me.
On Thursday, Auernheimer used two lines of code to scan the entire internet for insecure printers and made them automatically spill out a racist and anti-semitic flyer.
Hours later, several people started reporting the incident on social media, and eventually a few local news outlets picked up on the story when colleges and universities all over the United States found that their network printers were spilling out Auernheimer’s flyer.
Auernheimer detailed this “brief experiment,” as he called it, in a blog post on Friday. Later, in a chat, he said that he made over 20,000 printers put out the flyer, and defended his actions. more
Imagine the chaos if he sent a more realistic version of the coupon shown above, or false documents to internal company printers. Make sure all printers associated with your company operate in a secure manner – internal and home office units. Don't forget to check for insecure Wi-Fi settings as well. Need help? Call me.
Scary Password Stats
Market Pulse Survey
Reveals Growing Security Negligence in the Workplace
Despite Employees’ Concern Over Risk to Personal Data
more
Yes, 1 in 5 would sell their passwords... and it only take one to spring a leak. ~Kevin
Click to enlarge. |
Despite Employees’ Concern Over Risk to Personal Data
more
Yes, 1 in 5 would sell their passwords... and it only take one to spring a leak. ~Kevin
Business Espionage: Guaranteed Rate Hit with $25M Judgment
A jury awarded Mount Olympus Mortgage Co. more than $25 million in a lawsuit alleging "corporate espionage" by former employee Benjamin Anderson and his new employer, Guaranteed Rate.
Anderson and another former Mount Olympus originator who now works for Guaranteed Rate, Brian Decker, were accused of stealing loan files, borrower information and other proprietary data from the Irvine, Calif.-based lender.
"The purpose of the scheme was to divert hundreds of MOMCo loan customers to Guaranteed. The Individual Defendants misappropriated MOMCo's confidential and proprietary information and directed MOMCo customers to Guaranteed," the lawsuit, filed in an Orange County, Calif., superior court, reads.
The complaint alleges the pair acted with the encouragement of Chicago-based Guaranteed Rate. more
Anderson and another former Mount Olympus originator who now works for Guaranteed Rate, Brian Decker, were accused of stealing loan files, borrower information and other proprietary data from the Irvine, Calif.-based lender.
"The purpose of the scheme was to divert hundreds of MOMCo loan customers to Guaranteed. The Individual Defendants misappropriated MOMCo's confidential and proprietary information and directed MOMCo customers to Guaranteed," the lawsuit, filed in an Orange County, Calif., superior court, reads.
The complaint alleges the pair acted with the encouragement of Chicago-based Guaranteed Rate. more
Surveillance Self-Defense 101: A teach-in for activists
On Sunday, April 3,
EFF will co-host a free workshop on surveillance self-defense with local grassroots groups in New York and Brooklyn. The workshop will be open to the public, though particularly structured for activists supporting social movements.
Participants need not wield technical expertise to attend this session, which is geared towards regular smartphone and laptop users. EFF's Shahid Buttar will facilitate a teach-in and skill-share on surveillance, some immediate and practical steps you can take to protect your communications, and how to work with neighbors to inform surveillance policy at the state and local level. An EFF staff technologist will remotely join for a question & answer session. more
EFF will co-host a free workshop on surveillance self-defense with local grassroots groups in New York and Brooklyn. The workshop will be open to the public, though particularly structured for activists supporting social movements.
Participants need not wield technical expertise to attend this session, which is geared towards regular smartphone and laptop users. EFF's Shahid Buttar will facilitate a teach-in and skill-share on surveillance, some immediate and practical steps you can take to protect your communications, and how to work with neighbors to inform surveillance policy at the state and local level. An EFF staff technologist will remotely join for a question & answer session. more
Laker Rookie Secretly Filmed Teammate Admitting Cheating
A shocking video surfaced of Los Angeles Lakers forward Nick Young,
filmed by his rookie teammate D’Angelo Russell, admitting that he cheated on his fiancée Iggy Azalea.
The video shows Russell talking to Young saying, “You was 30 and she was 19?” referencing a woman the 30-year-old Young met in a nightclub...
According to Hollywoodlife.com the 25-year-old Azalea plans to now call off their wedding plans. more
filmed by his rookie teammate D’Angelo Russell, admitting that he cheated on his fiancée Iggy Azalea.
The video shows Russell talking to Young saying, “You was 30 and she was 19?” referencing a woman the 30-year-old Young met in a nightclub...
According to Hollywoodlife.com the 25-year-old Azalea plans to now call off their wedding plans. more
Security Director Alert: Update Your HID Card Reader Software - NOW
Let Me Get That Door for You: Remote Root Vulnerability in HID Door Controllers
If you’ve ever been inside an airport, university campus, hospital, government complex, or office building, you’ve probably seen one of HID’s brand of card readers standing guard over a restricted area. HID is one of the world’s largest manufacturers of access control systems and has become a ubiquitous part of many large companies’ physical security posture.
Each one of those card readers is attached to a door controller behind the scenes, which is a device that controls all the functions of the door including locking and unlocking, schedules, alarms, etc...
Technical details...
...if we send a Linux command wrapped in backticks, like `id`, it will get executed by the Linux shell on the device. To make matters worse, the discovery service runs as root, so whatever command we send it will also be run as root, effectively giving us complete control over the device.
Since the device in this case is a door controller, having complete control includes all of the alarm and locking functionality. This means that with a few simple UDP packets and no authentication whatsoever, you can permanently unlock any door connected to the controller. And you can do this in a way that makes it impossible for a remote management system to relock it. On top of that, because the discoveryd service responds to broadcast UDP packets, you can do this to every single door on the network at the same time! Needless to say, this is a potentially devastating bug. The Zero Day Initiative team worked with HID to see that it got fixed, and a patch is reportedly available now through HID’s partner portal. more
If you’ve ever been inside an airport, university campus, hospital, government complex, or office building, you’ve probably seen one of HID’s brand of card readers standing guard over a restricted area. HID is one of the world’s largest manufacturers of access control systems and has become a ubiquitous part of many large companies’ physical security posture.
Each one of those card readers is attached to a door controller behind the scenes, which is a device that controls all the functions of the door including locking and unlocking, schedules, alarms, etc...
Technical details...
...if we send a Linux command wrapped in backticks, like `id`, it will get executed by the Linux shell on the device. To make matters worse, the discovery service runs as root, so whatever command we send it will also be run as root, effectively giving us complete control over the device.
Since the device in this case is a door controller, having complete control includes all of the alarm and locking functionality. This means that with a few simple UDP packets and no authentication whatsoever, you can permanently unlock any door connected to the controller. And you can do this in a way that makes it impossible for a remote management system to relock it. On top of that, because the discoveryd service responds to broadcast UDP packets, you can do this to every single door on the network at the same time! Needless to say, this is a potentially devastating bug. The Zero Day Initiative team worked with HID to see that it got fixed, and a patch is reportedly available now through HID’s partner portal. more
Covert Recording: Governor of Alabama, Robert Bentley, Says He Won’t Quit
“I have no intentions of resigning,” said Mr. Bentley, a Republican in his second term...
Within hours, Rebekah C. Mason, the governor’s senior political adviser and the woman with whom he engaged in suggestive conversations, captured on tape, said she had quit. And by day’s end, it was uncertain whether it would be politically feasible for Mr. Bentley, 73, to remain in office in this state, which has a gaudy history of scandal but has been in something of a morals-driven meltdown since the governor’s admission last Wednesday.
Background...
Spencer Collier, head of the Alabama Law Enforcement Agency until he was fired today, said this afternoon he has seen and investigated text messages and audio recordings "of a sexual nature" between Gov. Robert Bentley and his chief advisor, Rebekah Caldwell Mason...
...former Bentley security officer Ray Lewis... brought a laptop to Collier and played an audiotape of conversations between the governor and Mason, Collier said. The tape, purportedly created by a Bentley family member hoping for an "intervention," left no doubt about the relationship, he said. more
Within hours, Rebekah C. Mason, the governor’s senior political adviser and the woman with whom he engaged in suggestive conversations, captured on tape, said she had quit. And by day’s end, it was uncertain whether it would be politically feasible for Mr. Bentley, 73, to remain in office in this state, which has a gaudy history of scandal but has been in something of a morals-driven meltdown since the governor’s admission last Wednesday.
Background...
Spencer Collier, head of the Alabama Law Enforcement Agency until he was fired today, said this afternoon he has seen and investigated text messages and audio recordings "of a sexual nature" between Gov. Robert Bentley and his chief advisor, Rebekah Caldwell Mason...
...former Bentley security officer Ray Lewis... brought a laptop to Collier and played an audiotape of conversations between the governor and Mason, Collier said. The tape, purportedly created by a Bentley family member hoping for an "intervention," left no doubt about the relationship, he said. more
Friday, March 25, 2016
And you thought bugging the coffin stories were outrageous...
CA - For the second time in less than six months, defense attorneys are crying foul over the placement of hidden recording devices outside Bay Area courthouses.
Lawyers for a group of real estate professionals facing antitrust charges on Wednesday asked the judge overseeing the case to toss evidence gained from recording devices located outside the Alameda and Contra Costa County courthouses.
"The government's unauthorized use of recording devices to capture private conversations at the Alameda and Contra Costa County courthouses violated the defendants' Fourth Amendment rights to be secure against unreasonable searches and seizures," defense lawyers wrote in U.S. v Marr, 14-580. more
Bugged coffin story #1.
Bugged coffin story #2.
Bugged coffin story #3.
Bugged coffin story #4.
Lawyers for a group of real estate professionals facing antitrust charges on Wednesday asked the judge overseeing the case to toss evidence gained from recording devices located outside the Alameda and Contra Costa County courthouses.
"The government's unauthorized use of recording devices to capture private conversations at the Alameda and Contra Costa County courthouses violated the defendants' Fourth Amendment rights to be secure against unreasonable searches and seizures," defense lawyers wrote in U.S. v Marr, 14-580. more
Bugged coffin story #1.
Bugged coffin story #2.
Bugged coffin story #3.
Bugged coffin story #4.
Just Don't Hold this "Cell Phone" to Your Head
Created by a Minnesota company called Ideal Conceal, the first product created by the startup is a handgun that can be disguised as a smartphone inside a case.
Built into a single frame, the grip of the double barreled, .380 caliber pistol folds down and locks into place when opened. When closed, the trigger and trigger guard are completed covered by the grip, thus offering up the appearance of a standard smartphone case. There’s also a clip to attach the handgun to a belt, but in the disguised smartphone form.
Similar to the size and shape of a smartphone, the folded Ideal Conceal can be easily slipped into a pants pocket or purse when not in use....
At this time, the pistol is still being developed by Ideal Conceal and isn’t in production as of yet. more
Built into a single frame, the grip of the double barreled, .380 caliber pistol folds down and locks into place when opened. When closed, the trigger and trigger guard are completed covered by the grip, thus offering up the appearance of a standard smartphone case. There’s also a clip to attach the handgun to a belt, but in the disguised smartphone form.
Similar to the size and shape of a smartphone, the folded Ideal Conceal can be easily slipped into a pants pocket or purse when not in use....
At this time, the pistol is still being developed by Ideal Conceal and isn’t in production as of yet. more
Subscribe to:
Posts (Atom)