Thursday, April 14, 2016

FutureWatch – If Walls Have Ears, Why Not Eyes?

Researchers have developed a sheet camera with a flexible lens array which could be wrapped around everyday objects, turning them into cameras. The project, which uses elastic optics, could also see the development of credit card-thin cameras which a photographer simply bends to change the field of view.

While we've previously seen researchers miniaturizing cameras and lenses so they can be used in new situations, the team from Columbia University has taken a different approach. Led by Shree K. Nayar, T.C. Chang Professor of Computer Science at Columbia Engineering, it looked at producing a sheet camera which would enable any surface to capture visual information.

Using traditional fixed focal length lenses in such a lens array would mean that as the array sheet is bent, gaps are formed between the lenses' fields of view, meaning information is missing. As such, the researchers set about designing a flexible lens array which also adapts its optical properties when the sheet camera is bent. more

The C-Suite CRO – Chief Risk Officer

A growing number of organizations are adding a new member to the C-suite—the chief risk officer (CRO)—and the rise of these executives is having a direct impact on the security programs at enterprises. 

Corporate espionage, terrorism and cyber attacks are ratcheting up the need for senior executives who understand all aspects of risk management and security,” says Jeremy King, president of Benchmark Executive Search, a provider of technology executive search services.

“Many companies are finally awakening to how destructive security breaches of all types can be—from physical damage and real costs to reputation loss and customer recovery,” King says. “Previously siloed risk-management functions must be reinvented, strengthened, and funded more aggressively. Industry must re-evaluate its approach to risk management, and success will require unprecedented cooperation from board directors and those in the C-suite.” more

The Defend Trade Secrets Act

The Defend Trade Secrets Act, co-sponsored by Sen. Orrin Hatch, R-Utah, and Chris Coons, D-Delaware, passed the Senate with an 87-0 vote, and is expected to go to the House of Representatives within the next couple of months...

The Defend Trade Secrets Act, if passed, would allow companies who are victims of trade theft to go straight to federal court with the case. more

Demonstrations Continue In Macedonia After Presidential ‘Pardon' In Wiretapping Scandal

Protesters in Macedonia, angry about President Gjorge Ivanov's decision to halt prosecutions of officials linked to a wiretapping scandal, have broken into one of the president's offices.

The demonstrators on April 13 broke windows of the street-level office in central Skopje that is occasionally used by Ivanov, storming into the building and ransacking rooms inside.

Demonstrators also broke windows and clashed with police at the nearby Ministry of Justice, while another group of protesters clashed with police at blockades that were erected around the parliament building.

Thousands of demonstrators were on the streets for a second night on April 13. Some threw eggs and stones at government buildings while others set off flares before police used batons to disperse the crowd.

Ivanov has faced harsh criticism at home and abroad for his decision to halt all criminal proceedings against politicians and government officials suspected of involvement in a wiretapping scandal involving thousands of people. more video

Monday, April 11, 2016

Video and Audio Surveillance: Trains... Planes and Automobiles Next?!?

Casual commuter conversations on light rail trains have an unexpected eavesdropper — NJ Transit.

Video and audio surveillance systems designed to make riders more secure are also recording the conversations of light rail passengers at all times.
NJ Transit officials say the on-board cameras and audio surveillance systems are needed to fight crime and maintain security.

But does on-board surveillance go too far when the agency records everything passengers are saying, without telling customers how long they keep or who has access to the recordings? more

Thursday, April 7, 2016

Quantum Cryptography Breakthrough - FutureWatch: Ultra-Secure Communications

Researchers at the University of Cambridge and Toshiba's European research branch have found a way to speed up the rate at which data can be securely transmitted using quantum cryptography. It's a development that could pave the way to faster, ultra-secure communications that are impossible to spy on.

Many of the encryption methods that keep our online data safe rely on a digital key which is very hard for computers to crack – for instance, requiring the identification of two very large prime numbers, which standard computers are very poor at. But if a powerful quantum computer were to be built, it could crack these types of code with ease and jeopardize the safety of our digital communications.

The only encryption method that has been proven to be completely secure if applied correctly – quantum computers or not – is the so-called "one-time pad." Here's how it works: first, a secret digital key is created consisting of a completely random sequence of bits. The key is then securely sent to the receiver, and kept private. Now, the sender can encrypt his message by adding the message's bits to the random bits of the key. Under these conditions, the code is deemed truly uncrackable. more

Google Reports: Kevin's Security Scrapbook has Just Passed 900,000 Pageviews!

Proof Almost 50% of People are Computer Security Morons

In what’s perhaps the most enthralling episode of the hacker drama Mr. Robot, one of F-Society’s hackers drops a bunch of USB sticks in the parking lot of a prison in the hopes somebody will pick one up and plug it into their work computer, giving the hackers a foothold in the network. Of course, eventually, one of the prison employees takes the bait.

Using booby-trapped USB flash drives is a classic hacker technique. But how effective is it really? A group of researchers at the University of Illinois decided to find out, dropping 297 USB sticks on the school’s Urbana-Champaign campus last year.

As it turns out, it really works. In a new study, the researchers estimate that at least 48 percent of people will pick up a random USB stick, plug it into their computers, and open files contained in them. Moreover, practically all of the drives (98 percent) were picked up or moved from their original drop location. Very few people said they were concerned about their security. Sixty-eight percent of people said they took no precautions... more

The Voyeur Who Bought A Hotel To Spy On His Guests

A historically interesting essay in The New Yorker, and a cautionary tale.

Erin Andrews was not the first victim of hotel voyeurism, and she won't be the last. more

Wednesday, April 6, 2016

A Wi-Fi that Knows Where You Are

There's a lot of buzz around "smart home" products and the convenience of advanced automation and mobile connectivity. However, new research may soon be able to add extra emphasis on "smart" by enhancing wireless technology with greater awareness. A team at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) has developed a system that enables a single wireless access point to accurately locate users down to a tenth of a meter, without any added sensors.

Wireless networks are good at quickly identifying devices that come within range. Once you link several access points together, it becomes possible to zero in on someone's position by triangulation. But this new wireless technology – dubbed "Chronos" – is capable of 20 times the accuracy of existing localization methods. Through experiments led by Professor Dina Katabi, Chronos has been shown to correctly distinguish individuals inside a store from those outside up to 97 percent of the time, which would make it easier for free Wi-Fi in coffee shops to be a customer-only affair, for example.

A paper on the research was recently presented at the USENIX Symposium on Networked Systems Design and Implementation (NSDI '16).  more

Monday, April 4, 2016

A $40 Attack that Steals Police Drones from 2km Away

Black Hat Asia IBM security guy Nils Rodday says thieves can hijack expensive professional drones used widely across the law enforcement, emergency, and private sectors thanks to absent encryption in on-board chips.

Rodday says the €25,000 (US$28,463, £19,816, AU$37,048) quadcopters can be hijacked with less than $40 of hardware, and some basic knowledge of radio communications.

With that in hand attackers can commandeer radio links to the drones from up to two kilometres away, and block operators from reconnecting to the craft.

The drone is often used by emergency services across Europe, but the exposure could be much worse; the targeted Xbee chip is common in drones everywhere and Rodday says it is likely many more aircraft are open to compromise. more

Sunday, April 3, 2016

19 Years Ago: Economic Espionage in America - Booknotes Interview on C-Span

A fascinating video interview with the author of Economic Espionage in America.
As relevant today as it was in 1997.


YouTube.com description: "Industrial espionage, economic espionage or corporate espionage is a form of espionage conducted for commercial purposes instead of purely national security. Economic espionage is conducted or orchestrated by governments and is international in scope, while industrial or corporate espionage is more often national and occurs between companies or corporations." more

UK Launches National Cyber Security Centre

UK - Setting out in stark terms that the UK faces a growing threat of cyber-attacks from “states, serious crime gangs, hacking groups as well as terrorists”, 


Cabinet Office Minister Matthew Hancock announced the launch of the National Cyber Security Centre (NCSC)...

Led by current Director General for Cyber at GCHQ, Ciaran Martin, the NCSC has been set up to ensure that people, public and private sector organisations and the critical national infrastructure of the UK are safer online. It will bring the UK’s cyber expertise together to transform how the UK tackles cyber security issues and seeks to establish itself as the authoritative voice on information security in the UK. more

Dating Deck Stacked with Secret Eavesdrop Feature

Boompi works like most other dating apps...

Here’s the catch: If you’re a girl, you can invite your female friends to secretly join your private conversations, without your potential suitors ever knowing. 

If you’re a girl on Boompi and you start a chat with someone, you can invite your girl friend to eavesdrop on that conversation at any time. 

Your friend will be able to see every message sent since the beginning of the chat, and leave their own comments in the conversation, which only you will be able to see. And if you aren’t interested in finding a date and only want to read your friends’ chats, you can do that too—Boompi allows female users to use “Ghost Mode,” which makes sure guys never see their profile. more

Corporate Espionage: Move to Zap Zillo for $2 Billion

One of the most contentious fights in the history of real estate listings is going nuclear, thanks to a “staggering” claim of damages from Move in its trade secret theft lawsuit against Zillow.

According to legal documents obtained by HousingWire, Move, which operates Realtor.com for the National Association of Realtors, is claiming that Zillow owes the company $2 billion in damages over allegations of trade secret theft involving Errol Samuelson, who was once Move's chief strategy officer...

Move filed suit against Zillow after Samuelson left, alleging that Samuelson and Zillow stole trade secrets and proprietary information, and that they then made efforts to cover up the alleged theft...

The original lawsuit alleged breach of contract, breach of fiduciary duty and misappropriation of trade secrets and accused Samuelson of misappropriating trade secret information by acquiring it using improper means, and by copying it without authorization.

“Plaintiffs (Move) have asserted a huge case,” Zillow notes in the legal filing. “They claim $2 billion in damages, assert 46 separate trade secrets (not including the 1000-plus documents claimed as trade secrets in their entirety) and have assigned at least 29 different lawyers to prosecute their claims.”  more