Thursday, April 21, 2016

Every Goverment Has These Spy Warnings... but love is blind.

via boingboing...
In this Chinese government comic book, women are warned that mysterious foreign strangers who pitch woo at them are secretly Western spies trying to get at their government secrets.

The reader is warned that they could go to jail for 10 years if they are foolish enough to let these Lotharios trick them into revealing state secrets.

It's a charmingly sexist and xenophobic piece of work, with shades of Jack Chick. More interesting is the parallels to the materials that the US Government has produced for their own employees to warn them about the spies who might use breached data from the Office of Personnel Management to chat them up at conferences and trick them out of America's state secrets. more

You can see the full comic here. ~Kevin

Information Security and Cryptography Seminar - Zurich, Switzerland

Time to make your travel plans...

As a friendly reminder, we are pleased to announce our seminar in Information Security and Cryptography. A full description of the seminar, including a detailed listing of topics covered, is available at www.infsec.ch.

INFORMATION SECURITY AND CRYPTOGRAPHY, FUNDAMENTALS AND APPLICATIONS (June 13-15, 2016)

This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects.

The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography.

The seminar takes place in Zurich, Switzerland. The lectures and all course material are in English.

With kind regards,
Ueli Maurer and David Basin
Advanced Technology Group

FutureWatch: Your Brain Will Replace Your Fingerprints for ID

Psychologists and engineers at Binghamton University in New York have hit a milestone in the quest to use the unassailable inner workings of your brain as a form of biometric identification. They came up with an electroencephalograph system that proved 100 percent accurate at identifying individuals by the way their brains responded to a series of images.

“It's a big deal going from 97 to 100 percent because we imagine the applications for this technology being for high-security situations,” says Sarah Lazlo, assistant professor of psychology at Binghamton who led the research with electrical engineering professor Zhanpeng Jin.

Perhaps only one other such experiment in the long quest for this ultimate biometric has hit the 100 percent mark, and the Binghamton system has some advantages over even that one. For one it proved itself with less complex equipment and in a larger group, identifying 50 people. But perhaps more importantly this new form of ID can do something fingerprints and retinal scans can’t: It can be “cancelled.” That’s important because hackers have shown that fingerprints can be stolen and faked. more

Tuesday, April 19, 2016

"I've got your number," The Telephone Wiretap Hack

A US Congressman has learned first-hand just how vulnerable cellphones are to eavesdropping and geographic tracking after hackers were able to record his calls and monitor his movements using nothing more than the public ten-digit phone number associated with the handset he used.

The stalking of US Representative Ted Lieu's smartphone was carried out with his permission for a piece broadcast Sunday night by 60 Minutes. Karsten Nohl of Germany-based Security Research Labs was able to record any call made to or from the phone and to track its precise location in real-time as the California congressman traveled to various points in the southern part of the state. At one point, 60 minutes played for Lieu a crystal-clear recording Nohl made of one call that discussed data collection practices by the US National Security Agency. While SR Labs had permission to carry out the surveillance, there's nothing stopping malicious hackers from doing the same thing.

The representative said he had two reactions: "First it's really creepy," he said. "And second it makes me angry. They could hear any call. Pretty much anyone has a cell phone. It could be stock trades you want someone to execute. It could be a call with a bank." more

Why Blackberry is No Apple

BlackBerry appeared Monday, April 18, to acknowledge it helped Canadian federal police crack a Montreal crime syndicate that had been using its messaging system,

while insisting its smartphone security remains impenetrable.

In a blog post, BlackBerry chief executive John Chen reiterated the company's long-held stance "that tech companies as good corporate citizens should comply with reasonable lawful access requests."  more

Chinese Spy Sentenced to Death... by China

A Chinese man has been sentenced to death for leaking more than 150,000 classified documents to an unidentified foreign power, state television said on Tuesday, offering unusual details of a kind of case rarely mentioned in public.

The man, a computer technician from Sichuan named as Huang Yu, worked for a government department which handled state secrets, but he was a bad employee and was sacked, the report said. more

Monday, April 18, 2016

Spycam Lawsuit: Employee Known Video Voyeur - Store Manager Did Nothing

A Colorado Springs woman is suing Reebok International, a Reebok Outlet Store, and a teenage store employee over a Peeping Tom incident... Christina Selvig said she caught a glimpse of Austin Kyle Baker looking over the top of the wall into her changing room...

She immediately informed the store manager who did nothing more than take her name and number and promised to get back with her the next day, which didn’t happen.

Selvig wasn’t sitting around waiting for action on the store’s part, she had already informed the police, who also didn’t take her complaint that seriously initially, chalking the incident up to an accident.

...three days later, Baker confessed to spying on Christina, in addition to several more women. An investigation revealed that at least one other employee was aware that Baker was a video voyeur, and continued to allow the behavior.

Law enforcement told her that he had turned over his phone... Forensics came back with footage of her, as well as deleted videos of other women. more

Here comes another big pockets settlement. If your company offers employees, visitors and/or customers "expectation of privacy" areas, you better begin doing your due diligence. Start here.

Thursday, April 14, 2016

FutureWatch – If Walls Have Ears, Why Not Eyes?

Researchers have developed a sheet camera with a flexible lens array which could be wrapped around everyday objects, turning them into cameras. The project, which uses elastic optics, could also see the development of credit card-thin cameras which a photographer simply bends to change the field of view.

While we've previously seen researchers miniaturizing cameras and lenses so they can be used in new situations, the team from Columbia University has taken a different approach. Led by Shree K. Nayar, T.C. Chang Professor of Computer Science at Columbia Engineering, it looked at producing a sheet camera which would enable any surface to capture visual information.

Using traditional fixed focal length lenses in such a lens array would mean that as the array sheet is bent, gaps are formed between the lenses' fields of view, meaning information is missing. As such, the researchers set about designing a flexible lens array which also adapts its optical properties when the sheet camera is bent. more

The C-Suite CRO – Chief Risk Officer

A growing number of organizations are adding a new member to the C-suite—the chief risk officer (CRO)—and the rise of these executives is having a direct impact on the security programs at enterprises. 

Corporate espionage, terrorism and cyber attacks are ratcheting up the need for senior executives who understand all aspects of risk management and security,” says Jeremy King, president of Benchmark Executive Search, a provider of technology executive search services.

“Many companies are finally awakening to how destructive security breaches of all types can be—from physical damage and real costs to reputation loss and customer recovery,” King says. “Previously siloed risk-management functions must be reinvented, strengthened, and funded more aggressively. Industry must re-evaluate its approach to risk management, and success will require unprecedented cooperation from board directors and those in the C-suite.” more

The Defend Trade Secrets Act

The Defend Trade Secrets Act, co-sponsored by Sen. Orrin Hatch, R-Utah, and Chris Coons, D-Delaware, passed the Senate with an 87-0 vote, and is expected to go to the House of Representatives within the next couple of months...

The Defend Trade Secrets Act, if passed, would allow companies who are victims of trade theft to go straight to federal court with the case. more

Demonstrations Continue In Macedonia After Presidential ‘Pardon' In Wiretapping Scandal

Protesters in Macedonia, angry about President Gjorge Ivanov's decision to halt prosecutions of officials linked to a wiretapping scandal, have broken into one of the president's offices.

The demonstrators on April 13 broke windows of the street-level office in central Skopje that is occasionally used by Ivanov, storming into the building and ransacking rooms inside.

Demonstrators also broke windows and clashed with police at the nearby Ministry of Justice, while another group of protesters clashed with police at blockades that were erected around the parliament building.

Thousands of demonstrators were on the streets for a second night on April 13. Some threw eggs and stones at government buildings while others set off flares before police used batons to disperse the crowd.

Ivanov has faced harsh criticism at home and abroad for his decision to halt all criminal proceedings against politicians and government officials suspected of involvement in a wiretapping scandal involving thousands of people. more video

Monday, April 11, 2016

Video and Audio Surveillance: Trains... Planes and Automobiles Next?!?

Casual commuter conversations on light rail trains have an unexpected eavesdropper — NJ Transit.

Video and audio surveillance systems designed to make riders more secure are also recording the conversations of light rail passengers at all times.
NJ Transit officials say the on-board cameras and audio surveillance systems are needed to fight crime and maintain security.

But does on-board surveillance go too far when the agency records everything passengers are saying, without telling customers how long they keep or who has access to the recordings? more

Thursday, April 7, 2016

Quantum Cryptography Breakthrough - FutureWatch: Ultra-Secure Communications

Researchers at the University of Cambridge and Toshiba's European research branch have found a way to speed up the rate at which data can be securely transmitted using quantum cryptography. It's a development that could pave the way to faster, ultra-secure communications that are impossible to spy on.

Many of the encryption methods that keep our online data safe rely on a digital key which is very hard for computers to crack – for instance, requiring the identification of two very large prime numbers, which standard computers are very poor at. But if a powerful quantum computer were to be built, it could crack these types of code with ease and jeopardize the safety of our digital communications.

The only encryption method that has been proven to be completely secure if applied correctly – quantum computers or not – is the so-called "one-time pad." Here's how it works: first, a secret digital key is created consisting of a completely random sequence of bits. The key is then securely sent to the receiver, and kept private. Now, the sender can encrypt his message by adding the message's bits to the random bits of the key. Under these conditions, the code is deemed truly uncrackable. more

Google Reports: Kevin's Security Scrapbook has Just Passed 900,000 Pageviews!

Proof Almost 50% of People are Computer Security Morons

In what’s perhaps the most enthralling episode of the hacker drama Mr. Robot, one of F-Society’s hackers drops a bunch of USB sticks in the parking lot of a prison in the hopes somebody will pick one up and plug it into their work computer, giving the hackers a foothold in the network. Of course, eventually, one of the prison employees takes the bait.

Using booby-trapped USB flash drives is a classic hacker technique. But how effective is it really? A group of researchers at the University of Illinois decided to find out, dropping 297 USB sticks on the school’s Urbana-Champaign campus last year.

As it turns out, it really works. In a new study, the researchers estimate that at least 48 percent of people will pick up a random USB stick, plug it into their computers, and open files contained in them. Moreover, practically all of the drives (98 percent) were picked up or moved from their original drop location. Very few people said they were concerned about their security. Sixty-eight percent of people said they took no precautions... more