Seminar in Information Security and Cryptography
Zurich Switzerland, June 11-13, 2018
Lecturers: Prof. David Basin and Prof. Ueli Maurer, ETH Zurich
Information Security and Cryptography. A full description of the seminar, including all topics covered, is available at infsec.ch/seminar2018.
This seminar provides an in-depth coverage of Information Security and Cryptography. Concepts are explained in a way understandable to a wide audience, as well as mathematical, algorithmic, protocol-specific, and system-oriented aspects. The topics covered include cryptography and its foundations, system and network security, PKIs and key management, authentication and access control, privacy and data protection, and advanced topics in cryptography.
The seminar takes place in Zurich, Switzerland. The lectures and all course material are in English.
Saturday, December 9, 2017
Friday, December 8, 2017
Hedy Lamarr - The Spread Spectrum Lady
“Bombshell”
(Alexandra Dean’s timely documentary) explores, Lamarr, in collaboration with avant-garde composer George
Antheil, of all people, came up with a way to ensure secure radio
signals, a frequency-hopping technology that has been called the basis
for such up-to-date innovations as Wi-Fi, Bluetooth and GPS.
Though
one of the most recognized faces in the world, Lamarr, executive
producer Susan Sarandon has said, “was never seen for who she was.”
Yet
what makes “Bombshell” intriguing is not just Lamarr’s gift for
invention, it’s also what a fiery individualist she was, someone who had
no regrets about her eventful life (”You learn from everything”), not
even its racy, tabloid elements. more
Wednesday, December 6, 2017
Russia Accuses Pepsi of Espionage - “Gotta Have It” / ”Chill Out”
A Russian state watchdog is accusing U.S. soda giant Pepsi of espionage, after receiving word that the soft drinks company had a copy of an internal agency document that was apparently never sent out.
Russia’s Rosselkhoznadzor, the Kremlin’s watchog specializing in agricultural products, released a statement alleging that Pepsi Co. orchestrated a cyber attack on its database to obtain a copy of an industry document, intended only for the watchdog's consumption. The statement, released on Monday, reveals nothing about the document’s contents.
The watchdog claims that the company cited the document during a union meeting with Rosselkhoznadzor. more
PepsiCo denied the accusations.
Russia’s Rosselkhoznadzor, the Kremlin’s watchog specializing in agricultural products, released a statement alleging that Pepsi Co. orchestrated a cyber attack on its database to obtain a copy of an industry document, intended only for the watchdog's consumption. The statement, released on Monday, reveals nothing about the document’s contents.
The watchdog claims that the company cited the document during a union meeting with Rosselkhoznadzor. more
PepsiCo denied the accusations.
Guests Keep Finding Spycams in their Airbnb Bedrooms
An Airbnb guest discovered a hidden camera inside his rental property in another disturbing example of the service's users being spied upon.
Jason Scott, an internet activist from the US, tweeted pictures of what he claims was a spy camera hidden in a burglar alarm motion sensor. Scott says he was sent the images by a concerned friend who found the item during a recent stay in an Airbnb property.
According to Scott, the device was an IP camera that was likely connected to the internet and used for surveillance
He wrote: "In "oh, that's a thing now" news, a colleague of mine thought it odd that there was a single "motion detector" in his AirBNB in the bedroom and voila, it's an IP camera connected to the web. (He left at 3am, reported, host is suspended, colleague got refund.)" more
Extra Credit Reading:
Jason Scott, an internet activist from the US, tweeted pictures of what he claims was a spy camera hidden in a burglar alarm motion sensor. Scott says he was sent the images by a concerned friend who found the item during a recent stay in an Airbnb property.
According to Scott, the device was an IP camera that was likely connected to the internet and used for surveillance
He wrote: "In "oh, that's a thing now" news, a colleague of mine thought it odd that there was a single "motion detector" in his AirBNB in the bedroom and voila, it's an IP camera connected to the web. (He left at 3am, reported, host is suspended, colleague got refund.)" more
Extra Credit Reading:
- Police hunt man 'who hid spy camera in Starbucks toilet and recorded customers'
- Man jailed for 20 months for secretly filming more than 200 people in public toilets
- Brit teacher arrested in Spain 'took secret sexual pictures of his students and shared them online'
Eavesdropping App Lawsuit Allowed to Proceed
A federal judge denied the Golden State Warriors’ motion to dismiss an amended lawsuit
alleging that the NBA champions recorded private conversations through their mobile app.
Jeffrey White, a judge for the Northern District of California, originally dismissed the class action complaint, which was filed by New York resident LaTisha Satchell last year, but ruled recently that the revised suit can proceed against the Warriors and beacon-technology company Signal360 for a possible violation of the Wiretap Act. more
alleging that the NBA champions recorded private conversations through their mobile app.
Jeffrey White, a judge for the Northern District of California, originally dismissed the class action complaint, which was filed by New York resident LaTisha Satchell last year, but ruled recently that the revised suit can proceed against the Warriors and beacon-technology company Signal360 for a possible violation of the Wiretap Act. more
DIY PI - What could possibly go wrong?
PI - Two school employees in Monroe County could face wiretapping charges.
A grand jury is recommending charges against Joshua Krebs and Alex Sterenchok.
Krebs is the supervisor of support staff and Sterenchok is the technology supervisor for the Pleasant Valley School District.
Both are accused of setting up a camera in April of 2016 in a break room at Pleasant Valley Elementary School to see if they could catch a janitor not doing his job.
Teachers and other staff members argue their privacy was being violated. more
A grand jury is recommending charges against Joshua Krebs and Alex Sterenchok.
Krebs is the supervisor of support staff and Sterenchok is the technology supervisor for the Pleasant Valley School District.
Both are accused of setting up a camera in April of 2016 in a break room at Pleasant Valley Elementary School to see if they could catch a janitor not doing his job.
Teachers and other staff members argue their privacy was being violated. more
Labels:
amateur,
business,
cautionary tale,
dumb,
lawsuit,
spycam,
wiretapping
Monday, December 4, 2017
After Seven Years of Hacking an Indictment - Will it Make a Difference?
Federal prosecutors indicted three Chinese nationals last week. It accusing them of hacking over the past seven years into at
least three multinational corporations.
Taylor Armerding reported this is for nakedsecurity.sophos.com last week and was kind enough to ask my opinion for background.
---
China warned it would retaliate if the US pressed the issue. And that was pretty much that.
Which is the way Kevin Murray, director at Murray Associates, a counter espionage consultancy, sees this case playing out. Does the indictment mean anything significant will happen? “No,” he said, offering a brief history lesson.
Taylor Armerding reported this is for nakedsecurity.sophos.com last week and was kind enough to ask my opinion for background.
---
China warned it would retaliate if the US pressed the issue. And that was pretty much that.
Which is the way Kevin Murray, director at Murray Associates, a counter espionage consultancy, sees this case playing out. Does the indictment mean anything significant will happen? “No,” he said, offering a brief history lesson.
Go back 1,000 years, remembering that the Chinese invented things like silk, gunpowder, paper. All this intellectual property was stolen from them. At that time, the law in China was that if you engaged in it, that was your life. But it still got stolen. So now they’re getting back at us. And we’re trying to replicate what they did by punishing the criminal. Is it going to help? No.Murray said if those responsible for protecting IP faced charges, “then you’d see some changes.” more
Wednesday, November 29, 2017
When Do People Use Keystroke Loggers Legally
According to PInow.com...
- Employers monitoring of company computers used by employees to ensure they are working as required and to prevent fraud and other criminal activities.
- Parents monitoring the use of computers for children below 18 years.
- Companies monitoring use of company resources like internet.
- Collection of forensic evidence from the computers being monitored for security reasons with a legitimate investigation cause. more
Labels:
#hack,
business,
computer,
cybersecurity,
keystroke,
PI,
privacy,
surveillance
Intelligence Bureau to Soldiers – Delete These Apps
India - In a fresh advisory issued to the troops posted at the international border, the Intelligence Bureau (IB) has warned that China could be collecting vital information about the Indian security installations through its popular mobile phone apps and devices...
The IB advisory contains a list of about 42 popular Chinese apps, including: WeChat, Truecaller, Weibo, UC Browser and UC News, which pose a grave threat to India's security. more
The IB advisory contains a list of about 42 popular Chinese apps, including: WeChat, Truecaller, Weibo, UC Browser and UC News, which pose a grave threat to India's security. more
Serious Mac Security Flaw - Simple Temporary Fix
A serious security flaw in mac OS High Sierra has been discovered.
It allows anyone to access high level security areas on an iMac or MacBook without the need for a password.
Apple has warned Mac users after a serious macOS High Sierra root bug was discovered and ahead of a fix being released you can take these steps to protect your iMac and MacBook immediately.
Apple said: “We are working on a software update to address this issue." In the meantime, setting a root password prevents unauthorized access to your Mac.
• To enable the Root User and set a password, please follow the instructions here.
If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section. more
UPDATE — THE FIX IS IN
Apple issues the software update. more
It allows anyone to access high level security areas on an iMac or MacBook without the need for a password.
Apple has warned Mac users after a serious macOS High Sierra root bug was discovered and ahead of a fix being released you can take these steps to protect your iMac and MacBook immediately.
Apple said: “We are working on a software update to address this issue." In the meantime, setting a root password prevents unauthorized access to your Mac.
• To enable the Root User and set a password, please follow the instructions here.
If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section. more
UPDATE — THE FIX IS IN
Apple issues the software update. more
Industrial Espionage – Uber Spy Team – Former CIA Agents
A former Uber security manager says an espionage team inside the ride-hailing service used former CIA agents to help the company spy on its rivals overseas.
The testimony in a San Francisco courtroom Tuesday comes amid revelations that federal prosecutors are investigating allegations that Uber deployed an espionage team to plunder trade secrets from its rivals. That has triggered a delay in a high-profile federal trial over whether the beleaguered ride-hailing service stole self-driving car technology from a Google spinoff.
Under questioning, Richard Jacobs, Uber's manager of global intelligence, said that Uber hired several contractors that employed former CIA agents to help the ride-hailing service infiltrate its rivals' computers. Jacobs said the surveillance occurred overseas. more
The testimony in a San Francisco courtroom Tuesday comes amid revelations that federal prosecutors are investigating allegations that Uber deployed an espionage team to plunder trade secrets from its rivals. That has triggered a delay in a high-profile federal trial over whether the beleaguered ride-hailing service stole self-driving car technology from a Google spinoff.
Under questioning, Richard Jacobs, Uber's manager of global intelligence, said that Uber hired several contractors that employed former CIA agents to help the ride-hailing service infiltrate its rivals' computers. Jacobs said the surveillance occurred overseas. more
Tuesday, November 28, 2017
Netflix Documentary - The Motel Owner Who Spied on Guests
But first... A bit of history.
A pair of filmmakers thought they’d be capturing celebrated writer Gay Talese taking a literary victory lap in their new documentary. Instead, they got something more like a journalistic car crash.
In the intriguing and thoughtful “Voyeur,” Myles Kane and Josh Koury explore the 30-year relationship between Gerald Foos, a former Colorado motel owner who spied on his guests, and Talese, known for his novelistic profiles and bespoke suits.
The Netflix film, which debuts Friday, follows Talese as he reports and writes about his creepy friend for the 2016 book, “The Voyeur’s Motel,” only to see the story fall apart after publication when Foos’ account unravels...
Talese and Foos first connected in 1980 when the motel owner sent the journalist a letter hoping he would share his story of secretly watching guests for years through ceiling vents — in the interest of science, of course. more
A pair of filmmakers thought they’d be capturing celebrated writer Gay Talese taking a literary victory lap in their new documentary. Instead, they got something more like a journalistic car crash.
In the intriguing and thoughtful “Voyeur,” Myles Kane and Josh Koury explore the 30-year relationship between Gerald Foos, a former Colorado motel owner who spied on his guests, and Talese, known for his novelistic profiles and bespoke suits.
The Netflix film, which debuts Friday, follows Talese as he reports and writes about his creepy friend for the 2016 book, “The Voyeur’s Motel,” only to see the story fall apart after publication when Foos’ account unravels...
Talese and Foos first connected in 1980 when the motel owner sent the journalist a letter hoping he would share his story of secretly watching guests for years through ceiling vents — in the interest of science, of course. more
Artifical Intelligence for Smartphones Catches Shoulder Surfers
Video Google researchers claim to have developed an "electronic screen protector" that can alert you when nosy parkers are looking over your shoulder at your phone.
Essentially, it's machine-learning-powered software that can use the front-facing camera on a smartphone to pick out faces, identify anyone who isn't the owner, and if they are gazing at the screen, alert the user that there's someone behind them snooping on their texts or web browsing, and so on, all in real time.
The Googlers' work on this technique – which appears to be just an academic project at this stage rather than an upcoming feature – will be presented at the Neural Information Processing Systems (NIPS) conference next week in California. more
Sony and a few other companies were working on this about seven years ago. (see the patent)
Essentially, it's machine-learning-powered software that can use the front-facing camera on a smartphone to pick out faces, identify anyone who isn't the owner, and if they are gazing at the screen, alert the user that there's someone behind them snooping on their texts or web browsing, and so on, all in real time.
The Googlers' work on this technique – which appears to be just an academic project at this stage rather than an upcoming feature – will be presented at the Neural Information Processing Systems (NIPS) conference next week in California. more
Sony and a few other companies were working on this about seven years ago. (see the patent)
Sunday, November 26, 2017
KRACK Attack Leaves WPA2 WiFi Encryption Hacked - Do this...
The video below explains Key Reinstallation Attacks (aka KRACK), for the technically curious.
The short story is your communications privacy over WiFi is at risk. This includes your:
Solutions
Risk Levels
Your risk of being a victim is highest whenever you use a public WiFi system. Risk is also high in densely populated areas.
The short story is your communications privacy over WiFi is at risk. This includes your:
- emails,
- texts,
- photos,
- log-in ID's and passwords,
- credit card numbers,
- and even your communications to websites which normally use https:// encryption.
Solutions
- Update your system software to the latest version. This includes all your devices which use WiFi.)
- Update software on WiFi appearance points (APs) which implement the standard 802.11r (a.k.a. Fast-BSS Transition). This affects business WiFi more than residential WiFi.
- Upon connecting to a website make sure you see https:// and the locked symbol.
Risk Levels
Your risk of being a victim is highest whenever you use a public WiFi system. Risk is also high in densely populated areas.
Saturday, November 25, 2017
Spy Plants, or Mr. Potato Head Goes to Washington
DARPA’s Biological Technologies Office (BTO) is hosting a Proposers Day to provide information to potential proposers on the objectives of the upcoming Advanced Plant Technologies program.
The program aims to control and direct plant physiology to detect chemical, biological, radiological, and/or nuclear threats, as well as electromagnetic signals.
Plant sensors developed under the program will sense specific stimuli and report these signals with a remotely recognized phenotype detectable by existing hardware platforms. more
The Proposers Day will be held on Tuesday, December 12, 2017, from 8:00 AM – 4:30 PM ET at the Westin Arlington Gateway Hotel, Arlington, VA 22203; potential proposers also have the option of participating via webcast. Advance registration is required. The registration deadline to attend in person is Wednesday, December 6, 2017, at 12:00 PM ET, and the deadline for the webcast is Monday, December 11, 2017, at 12:00 PM ET. Please register at: https://events.sa-meetings.com/APTProposersDay. There will be no on-site registration.
Extra Credit: Robot-Plant Biohybrids Growing in European Laboratories
The program aims to control and direct plant physiology to detect chemical, biological, radiological, and/or nuclear threats, as well as electromagnetic signals.
Plant sensors developed under the program will sense specific stimuli and report these signals with a remotely recognized phenotype detectable by existing hardware platforms. more
The Proposers Day will be held on Tuesday, December 12, 2017, from 8:00 AM – 4:30 PM ET at the Westin Arlington Gateway Hotel, Arlington, VA 22203; potential proposers also have the option of participating via webcast. Advance registration is required. The registration deadline to attend in person is Wednesday, December 6, 2017, at 12:00 PM ET, and the deadline for the webcast is Monday, December 11, 2017, at 12:00 PM ET. Please register at: https://events.sa-meetings.com/APTProposersDay. There will be no on-site registration.
Extra Credit: Robot-Plant Biohybrids Growing in European Laboratories
Subscribe to:
Posts (Atom)