Thank you!~Kevin
Thursday, November 10, 2016
Kevin's Security Scrapbook Reaches One Million Pageviews
...actually 1,001,644 as of today.
Thank you!
~Kevin
Thank you!~Kevin
Friday, November 4, 2016
Bugging Devices Found at Iran Nuclear Talks Hotel, Say Swiss Officials
A number of computers at a five-star Geneva hotel that has hosted sensitive talks, including Iranian nuclear negotiations, were found to be infected with malware used for espionage, Swiss prosecutors have revealed...
The long-running nuclear talks were a magnet for the world’s intelligence agencies as they sought to find out more about the Iranian nuclear programme and the negotiating positions of the six nations involved.
When the talks shifted to a luxury hotel in Vienna, the microwave radiation from the surveillance efforts of competing intelligence agencies was so intense that diplomats had to walk some distance from the venue to use their mobile phones.
The US secretary of state, John Kerry, would take walks with his Iranian counterpart, Mohammad Javad Zarif, in what was seen as a publicity stunt, but which was also a practical means of dodging electronic bugs.
When diplomats attending talks in Lausanne wanted to call their capitals, they would stroll around the grounds of the venue, another five-star hotel, rather than call from their rooms. more
The long-running nuclear talks were a magnet for the world’s intelligence agencies as they sought to find out more about the Iranian nuclear programme and the negotiating positions of the six nations involved.
When the talks shifted to a luxury hotel in Vienna, the microwave radiation from the surveillance efforts of competing intelligence agencies was so intense that diplomats had to walk some distance from the venue to use their mobile phones. The US secretary of state, John Kerry, would take walks with his Iranian counterpart, Mohammad Javad Zarif, in what was seen as a publicity stunt, but which was also a practical means of dodging electronic bugs.
When diplomats attending talks in Lausanne wanted to call their capitals, they would stroll around the grounds of the venue, another five-star hotel, rather than call from their rooms. more
Happy 64th Birthday NSA
The National Security Agency celebrates its 64th birthday today.The agency was established on Nov. 4, 1952, by President Harry Truman in the wake of World War II.
More information about NSA and its history is available online at nsa.gov.
Thursday, November 3, 2016
IoT - Hackers Get A Bright Idea
The so-called Internet of Things, its proponents argue, offers many benefits...
Now here’s the bad news: Putting a bunch of wirelessly connected devices in one area could prove irresistible to hackers. And it could allow them to spread malicious code through the air, like a flu virus on an airplane.
Researchers report in a paper to be made public on Thursday that they have uncovered a flaw in a wireless technology that is often included in smart home devices like lights, switches, locks, thermostats...
The researchers focused on the Philips Hue smart light bulb and found that the wireless flaw could allow hackers to take control of the light bulbs...
That may not sound like a big deal. But imagine thousands or even hundreds of thousands of internet-connected devices in close proximity. Malware created by hackers could be spread like a pathogen among the devices by compromising just one of them. more
UPDATE
This Virus Automatically Kills Smart Light Bulbs
A group of researchers says they found a way to have a self-replicating worm spread through internet-connected lightbulbs, turning them them off, bricking them, or make them all turn on and off multiple times to disrupt the electric grid. “A single infected lamp with a modified firmware which is plugged-in anywhere in the city can start an explosive chain reaction in which each lamp will infect and replace the firmware in all its neighbors within a range of up to a few hundred meters,” the researchers wrote in the paper. more
Now here’s the bad news: Putting a bunch of wirelessly connected devices in one area could prove irresistible to hackers. And it could allow them to spread malicious code through the air, like a flu virus on an airplane.
Researchers report in a paper to be made public on Thursday that they have uncovered a flaw in a wireless technology that is often included in smart home devices like lights, switches, locks, thermostats...The researchers focused on the Philips Hue smart light bulb and found that the wireless flaw could allow hackers to take control of the light bulbs...
That may not sound like a big deal. But imagine thousands or even hundreds of thousands of internet-connected devices in close proximity. Malware created by hackers could be spread like a pathogen among the devices by compromising just one of them. more
UPDATE
This Virus Automatically Kills Smart Light Bulbs
A group of researchers says they found a way to have a self-replicating worm spread through internet-connected lightbulbs, turning them them off, bricking them, or make them all turn on and off multiple times to disrupt the electric grid. “A single infected lamp with a modified firmware which is plugged-in anywhere in the city can start an explosive chain reaction in which each lamp will infect and replace the firmware in all its neighbors within a range of up to a few hundred meters,” the researchers wrote in the paper. more
Tuesday, November 1, 2016
Business Espionage Trick #763 - The CD VD
A cautionary tale...
Telephone pitch
A senior prosecution source in Tel Aviv told the BBC that Ruth Haephrati was the expert at implanting the trojan into the unknowing victims office computer system.
He said she would contact a senior executive proposing a bogus business deal.
She would start with a telephone pitch, before offering to send more detailed information on a CD.
She stressed that the offer was so commercially sensitive that only the executive should open it.
Once the CD was installed, the trojan was let loose, but the company and the executive were none the wiser.
The Haephratis were jailed earlier this year.
But the techniques the Haephratis used are being adapted by others. more
Telephone pitch
A senior prosecution source in Tel Aviv told the BBC that Ruth Haephrati was the expert at implanting the trojan into the unknowing victims office computer system.
He said she would contact a senior executive proposing a bogus business deal.
She would start with a telephone pitch, before offering to send more detailed information on a CD. She stressed that the offer was so commercially sensitive that only the executive should open it.
Once the CD was installed, the trojan was let loose, but the company and the executive were none the wiser.
The Haephratis were jailed earlier this year.
But the techniques the Haephratis used are being adapted by others. more
Friday, October 28, 2016
A Spy's House with a 007 Connection—For Sale
NY - This Long Island estate at 189 Terrace Lane in Upper Brookville
was once owned by English novelist Ian Fleming’s dear friend Ivar Felix C. Bryce — a real-life British spy and, in Fleming’s James Bond books, 007’s best friend, Felix.
The 6,800-square-foot, five-bedroom brick mansion was built in 1917 as a carriage house for the 90-acre Mill River Farm estate. Fully restored, it’s now on the market for $2.99 million. The Bryces bought the estate in 1936 and renamed it Farlands Estate. more
was once owned by English novelist Ian Fleming’s dear friend Ivar Felix C. Bryce — a real-life British spy and, in Fleming’s James Bond books, 007’s best friend, Felix. The 6,800-square-foot, five-bedroom brick mansion was built in 1917 as a carriage house for the 90-acre Mill River Farm estate. Fully restored, it’s now on the market for $2.99 million. The Bryces bought the estate in 1936 and renamed it Farlands Estate. more
AT&T Requires Police to Hide Hemisphere Phone Spying
AT&T built a powerful phone surveillance tool for police, called Hemisphere. Every day, AT&T adds four billion call records to Hemisphere, making it one of the largest known reservoirs of communications metadata that the government uses to spy on us. Law enforcement officials kept Hemisphere “under the radar” for many years—hidden from courts, legislators, and the general public—until the New York Times exposed the program in 2013...
New documents published by The Daily Beast earlier this week reveal that AT&T required this corrosive secrecy. Specifically, the contract AT&T prepared for police seeking access to Hemisphere provides:
New documents published by The Daily Beast earlier this week reveal that AT&T required this corrosive secrecy. Specifically, the contract AT&T prepared for police seeking access to Hemisphere provides:
[T]he Government agency agrees not to use the data as evidence in any judicial or administrative proceedings unless there is no other available and admissible probative evidence. The Government Agency shall make every effort to insure that information provided by the Contractor is non-attributable to AT&T if the data is provided to a third-party.In other words, the first rule of Hemisphere is: you do not talk about Hemisphere. more
Former Rutgers Student Pleads Guilty in Webcam Spying Case
NJ - A former Rutgers University student accused of spying on his gay roommate, who later committed suicide, pleaded guilty Thursday to a reduced charge, ending a long-running case that drew international attention to cyberbullying.
The former student, Dharun Ravi, now 24 years old, streamed video of his roommate, Tyler Clementi, and another man during a sexual encounter in their dorm room in September 2010. Mr. Ravi pleaded guilty in New Jersey’s Superior Court to one felony count of attempted invasion of privacy, the Middlesex County Prosecutor’s Office said. more
The former student, Dharun Ravi, now 24 years old, streamed video of his roommate, Tyler Clementi, and another man during a sexual encounter in their dorm room in September 2010. Mr. Ravi pleaded guilty in New Jersey’s Superior Court to one felony count of attempted invasion of privacy, the Middlesex County Prosecutor’s Office said. more
"Mr. Bond, you're fired."
Here’s some news that could leave James Bond feeling shaken and stirred: The head of Britain’s top spy agency doesn’t want to hire him.
Alex Younger, the real-life head of M16, the British intelligence agency where the fictional super spy works, tells the British website Black History Month that Bond doesn’t have the qualities he wants for his spies.
“In contrast to James Bond, MI6 officers are not for taking moral shortcuts,” Younger told the website. “In fact, a strong ethical core is one of the first qualities we look for in our staff.”
Although Bond has managed to get through scrapes that would kill many real spies, Younger thinks he’d be weeded out early.
“It’s safe to say that James Bond wouldn’t get through our recruitment process and, whilst we share his qualities of patriotism, energy and tenacity, an intelligence officer in the real MI6 has a high degree of emotional intelligence, values teamwork and always has respect for the law… unlike Mr Bond!” more
Alex Younger, the real-life head of M16, the British intelligence agency where the fictional super spy works, tells the British website Black History Month that Bond doesn’t have the qualities he wants for his spies.“In contrast to James Bond, MI6 officers are not for taking moral shortcuts,” Younger told the website. “In fact, a strong ethical core is one of the first qualities we look for in our staff.”
Although Bond has managed to get through scrapes that would kill many real spies, Younger thinks he’d be weeded out early.
“It’s safe to say that James Bond wouldn’t get through our recruitment process and, whilst we share his qualities of patriotism, energy and tenacity, an intelligence officer in the real MI6 has a high degree of emotional intelligence, values teamwork and always has respect for the law… unlike Mr Bond!” more
Agent Kingfisher Dead - Just Coincidence? - You Decide
Serial protester and spy enthusiast...
who called himself 'Agent Kingfisher' and disrupted a royal James Bond premiere suffers ‘unexplained’ death days after he was caught urinating in the MI5 foyer. more
Iceland's Pirate Party Prepares for Power
The party that could be on the cusp of winning Iceland’s national elections on Saturday didn’t exist four years ago.
Its members are a collection of anarchists, hackers, libertarians and web geeks. It sets policy through online polls – and thinks the government should do the same. It wants to make Iceland “a Switzerland of bits,” free of digital snooping.
It has offered Edward Snowden a new place to call home. And then there’s the name: in this land of Vikings, the Pirate Party may soon be king...
The Pirates, they say, are less about any specific ideology than they are about a belief that the West’s creaking political systems can be hacked to give citizens a greater say in their democracy. more
Its members are a collection of anarchists, hackers, libertarians and web geeks. It sets policy through online polls – and thinks the government should do the same. It wants to make Iceland “a Switzerland of bits,” free of digital snooping. It has offered Edward Snowden a new place to call home. And then there’s the name: in this land of Vikings, the Pirate Party may soon be king...
The Pirates, they say, are less about any specific ideology than they are about a belief that the West’s creaking political systems can be hacked to give citizens a greater say in their democracy. more
Thursday, October 27, 2016
IoT Takes Down the Net — "Wow, didn't see that coming."
If you followed this blog you would have. The topic has been in the Scrapbook for years.
The IoT insecurity trend has been building for a long time. Few paid attention. When it knocked out the Internet people start taking notice.
Let's review a few of the old posts. Then, imagine a month without the electrical grid.
2009 Video over IP. Convenient, but not secure.
2011 Security Director Alert: Unsecured Webcams Hacked
2011 Man Hacks 100+ Webcams and Makes Blackmail Videos
2011 Scared of SCADA? You will be now...
2012 SpyCam Story #647 - Unintended Exhibitionists
2013 Shodan - The Scary Search Engine
2013 Baby Cam Hackers Can See You, Hear You, and Talk to You... and Your Kids
2013 The Ratters - men who spy on women through their webcams
2013 Spybusters Tip #972 - Own a Foscam camera? There is a security update for you!
2015 Is Your Home Security System Putting You at Risk? ...news at eleven.
2015 Some Top Baby Monitors Lack Basic Security Features
2016 FutureWatch - Keep Your Eye on IoT - The Encryption Debate is a Distraction
2016 Do You Have an IoT in the Workplace Policy? (you need one)
2016 Security Alert: Your Security Camera May Have Friends You Don't Know About
2016 Your New IoT Ding-Dong Can Open Your Wi-Fi... to hackers
2016 Security Director Alert - 46,000 Internet-accessible Video Recorders Hackable
2016 Mom Alerted - Daughters' Bedroom Nanny Cam Streaming on Internet
2016 Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks
Lawmakers, force the manufacturers of these devices to a higher security standard. ~Kevin
The IoT insecurity trend has been building for a long time. Few paid attention. When it knocked out the Internet people start taking notice.Let's review a few of the old posts. Then, imagine a month without the electrical grid.
2009 Video over IP. Convenient, but not secure.
2011 Security Director Alert: Unsecured Webcams Hacked
2011 Man Hacks 100+ Webcams and Makes Blackmail Videos
2011 Scared of SCADA? You will be now...
2012 SpyCam Story #647 - Unintended Exhibitionists
2013 Shodan - The Scary Search Engine
2013 Baby Cam Hackers Can See You, Hear You, and Talk to You... and Your Kids
2013 The Ratters - men who spy on women through their webcams
2013 Spybusters Tip #972 - Own a Foscam camera? There is a security update for you!
2015 Is Your Home Security System Putting You at Risk? ...news at eleven.
2015 Some Top Baby Monitors Lack Basic Security Features
2016 FutureWatch - Keep Your Eye on IoT - The Encryption Debate is a Distraction
2016 Do You Have an IoT in the Workplace Policy? (you need one)
2016 Security Alert: Your Security Camera May Have Friends You Don't Know About
2016 Your New IoT Ding-Dong Can Open Your Wi-Fi... to hackers
2016 Security Director Alert - 46,000 Internet-accessible Video Recorders Hackable
2016 Mom Alerted - Daughters' Bedroom Nanny Cam Streaming on Internet
2016 Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks
Lawmakers, force the manufacturers of these devices to a higher security standard. ~Kevin
Tuesday, October 25, 2016
O.S.S. Heros Honored ...except by Congress
In February 1945, a small group of personnel assigned to the Office of Strategic Services, the wartime spy agency, scrambled to prepare for a particularly risky mission: inserting a team of agents deep behind Nazi lines with the goal of gleaning crucial enemy information.
For a host of reasons, the proposed operation seemed like a suicide mission. The area targeted for dropping the three-man team into Nazi territory was high in the Austrian Alps, surrounded by towering peaks and flanked by antiaircraft weaponry. Even if the drop went as planned, some of the spies tapped to infiltrate enemy ranks were European-born Jews, increasing the dangers they faced.
After the Royal Air Force refused the dangerous mission, code-named Operation GREENUP, John Billings, then a lieutenant in the U.S. Army Air Corps, was given the job.
Billings and other veterans who made possible some of World War II’s most daring spy missions were among those honored this weekend by the OSS Society, a group that includes former OSS members and members of the U.S. intelligence, military and Special Operations communities.
In addition to Billings, Gaetano Rossi and Caesar Daraio, two then-sergeants who were part of operational groups made up of Italian American volunteers, were honored with OSS Society awards for their work advancing the Allied cause during World War II. Also honored at this year’s “spy ball” was David Cohen, who served as director of operations at the CIA and as a senior intelligence official with the New York City Police Department, and retired Gen. Norton A. Schwartz, former Air Force chief of staff.
After retiring from the military as a captain, Billings became a commercial pilot. At age 93, he still pilots a Cessna Cutlass. Most of the time he flies “angel flights,” transporting people in need of medical attention.
The OSS Society is advocating passage of a proposed measure that would honor the wartime spies, which so far has not gained required congressional support. The proposal, which would award living OSS veterans the Medal of Honor, has stalled in the House.* more
*You can help get this bill passed. It's easy. Click here, see top right corner.
The OSS Society®
7700 Leesburg Pike, Ste. 324
Falls Church, VA 22043
Phone: 703-356-6667
Email: oss@osssociety.org
For a host of reasons, the proposed operation seemed like a suicide mission. The area targeted for dropping the three-man team into Nazi territory was high in the Austrian Alps, surrounded by towering peaks and flanked by antiaircraft weaponry. Even if the drop went as planned, some of the spies tapped to infiltrate enemy ranks were European-born Jews, increasing the dangers they faced.
After the Royal Air Force refused the dangerous mission, code-named Operation GREENUP, John Billings, then a lieutenant in the U.S. Army Air Corps, was given the job. Billings and other veterans who made possible some of World War II’s most daring spy missions were among those honored this weekend by the OSS Society, a group that includes former OSS members and members of the U.S. intelligence, military and Special Operations communities.
In addition to Billings, Gaetano Rossi and Caesar Daraio, two then-sergeants who were part of operational groups made up of Italian American volunteers, were honored with OSS Society awards for their work advancing the Allied cause during World War II. Also honored at this year’s “spy ball” was David Cohen, who served as director of operations at the CIA and as a senior intelligence official with the New York City Police Department, and retired Gen. Norton A. Schwartz, former Air Force chief of staff.
After retiring from the military as a captain, Billings became a commercial pilot. At age 93, he still pilots a Cessna Cutlass. Most of the time he flies “angel flights,” transporting people in need of medical attention.
The OSS Society is advocating passage of a proposed measure that would honor the wartime spies, which so far has not gained required congressional support. The proposal, which would award living OSS veterans the Medal of Honor, has stalled in the House.* more
*You can help get this bill passed. It's easy. Click here, see top right corner.
The OSS Society is a 501(c)(3) charitable
organization. All donations are tax deductible to the fullest extent of
the law. Membership in The OSS Society is available to OSS veterans,
their descendants, current and former members of the U.S. intelligence
community and U.S. Special Operations Forces, and people who are
interested in General Donovan's "unusual experiment" - the Office of
Strategic Services.
The OSS Society®
7700 Leesburg Pike, Ste. 324
Falls Church, VA 22043
Phone: 703-356-6667
Email: oss@osssociety.org
Indianapolis Colts App Accused of Eavesdropping
The Indianapolis Colts, mobile developer YinzCam and audio technology company LISNR were named in a class action lawsuit filed Oct. 14 in Pennsylvania
alleging that features of the team’s official app allowed them to listen in to private conversations without consent.
Plaintiff Alan Rackemann, a citizen of Indiana pursuing punitive and statutory damages, lists San Francisco-based law firm Edelson PC as a member of his legal counsel in the case. The Golden State Warriors’ official team app was the focus of a similar lawsuit filed in August that saw Edelson PC also represent the plaintiff in that case, LaTisha Satchell.
“It’s a lot of things that are fishy,” LISNR CEO and founder Rodney Williams said in response to the allegations. “It’s a little bit of lawyers being opportunistic, and it’s a lot of false allegations and just bad information.” more
 |
| App asking for access. |
Plaintiff Alan Rackemann, a citizen of Indiana pursuing punitive and statutory damages, lists San Francisco-based law firm Edelson PC as a member of his legal counsel in the case. The Golden State Warriors’ official team app was the focus of a similar lawsuit filed in August that saw Edelson PC also represent the plaintiff in that case, LaTisha Satchell.
“It’s a lot of things that are fishy,” LISNR CEO and founder Rodney Williams said in response to the allegations. “It’s a little bit of lawyers being opportunistic, and it’s a lot of false allegations and just bad information.” more
Monday, October 24, 2016
Interception of LTE Cell Phone Calls, or LTE = Let's Telephone Eavesdrop
Ruxcon Hacker Wanqiao Zhang of Chinese hacking house Qihoo 360 has blown holes in 4G LTE networks by detailing how to intercept and make calls, send text messages and even force phones offline.
The still-live attacks were demonstrated at the Ruxcon hacking confab in Melbourne this weekend, with the demo offering a recording of the hack perpetrated in part on a live network. It exploits fall-back mechanisms designed to ensure continuity of phone services in the event of overloads.
The tested Frequency Division Duplexing LTE network is more popular than TDD-LTE and operates in Britain, the US, and Australia. The competing Time Division Duplexing (TDD) LTE network is more common in Asian countries and in regions where population densities are higher.
Zhang conducted further tests after The Register inquired whether the attacks would work against TDD-LTE and found all LTE networks and devices are affected.
"I asked my colleagues to test TDD-LTE yesterday and it works well, so it really can work against all LTE devices," Zhang says.
"This attack exists [and] it's still reasonable."
...Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity.
“You can create a denial of service attack against cellphones by forcing phones into fake networks with no services,” Zhang told the conference.
“You can make malicious calls and SMS and … eavesdrop on all voice and data traffic.” more
The still-live attacks were demonstrated at the Ruxcon hacking confab in Melbourne this weekend, with the demo offering a recording of the hack perpetrated in part on a live network. It exploits fall-back mechanisms designed to ensure continuity of phone services in the event of overloads.
The tested Frequency Division Duplexing LTE network is more popular than TDD-LTE and operates in Britain, the US, and Australia. The competing Time Division Duplexing (TDD) LTE network is more common in Asian countries and in regions where population densities are higher. Zhang conducted further tests after The Register inquired whether the attacks would work against TDD-LTE and found all LTE networks and devices are affected.
"I asked my colleagues to test TDD-LTE yesterday and it works well, so it really can work against all LTE devices," Zhang says.
"This attack exists [and] it's still reasonable."
...Zhang says the attacks are possible because LTE networks allow users to be handed over to underused base stations in the event of natural disasters to ensure connectivity.
“You can create a denial of service attack against cellphones by forcing phones into fake networks with no services,” Zhang told the conference.
“You can make malicious calls and SMS and … eavesdrop on all voice and data traffic.” more
Subscribe to:
Comments (Atom)