Friday, January 26, 2018

Better Secure Voice over Internet - Novel Solution

Researchers at the University of Alabama at Birmingham have developed a novel method to better protect Crypto Phones from eavesdropping and other forms of man-in-the-middle attacks.
Crypto Phones consist of smartphone apps, mobile devices, personal computer or web-based Voice over Internet Protocol applications that use end-to-end encryption to ensure that only the user and the person they are communicating with can read what is sent. In order to secure what is being communicated, Crypto Phones require users to perform authentication tasks.

Research has shown that these tasks are prone to human errors, making these VoIP applications and devices highly vulnerable to man-in-the-middle and eavesdropping attacks... more

A long, technical, interesting read.

Extra Credit... The 4 Best Phones for Privacy & Security


Wednesday, January 24, 2018

Tinder Hackers May Find Out How Desperate You Are

Eavesdroppers could be able to peek in on mobile flirts.

A lack of security protections in Tinder's mobile app is leaving lonely hearts vulnerable to eavesdropping.

That's according to security biz Checkmarx this week, which claimed Android and iOS builds of the dating app fail to properly encrypt network traffic, meaning the basic actions of peeps looking to hookup – such as swipes on profiles – could be collected by anyone on the same Wi-Fi or carrying out similar snooping. more

Monday, January 22, 2018

"I'm sorry, Dave. I'm afraid I can't do that."

Logitech's $180 Circle 2 wired security camera is easy to set up and works with Amazon Alexa, Apple HomeKit and Google Assistant for a wide variety of smart home/voice control applications.

 

Sunday, January 21, 2018

White Marsh Mall Spycam Man Suspect Charged - Day job... runs business that installs security cameras.

Baltimore County police say they are analyzing electronic items seized from the Abingdon home of a man charged with secretly recording people in a bathroom at White Marsh Mall.

The suspect, 40-year-old Mussawwir Sterrett, is general manager of a company that provides technology services including security camera installation, police said.

Sterrett is accused of placing a small camera, pointed toward a toilet, in the family bathroom near the mall’s food court on Dec. 23. The camera recorded 11 people, both children and adults, according to police spokeswoman Officer Jennifer Peach.

Sterrett faces charges of “peeping Tom” and visual surveillance with prurient intent. more

Vineyard Owners Arrested for Eavesdropping... didn't hear it through the grapevine.

The owners of a Monroe County winery accused of recording customers and employees without their knowledge say they were surprised by their arrests and subsequent criminal charges.

Randy and Linda Rice, who own and operate Mountain View Vineyards in Hamilton and Jackson Townships, were arrested Thursday and charged with interception of oral communications and possession of devices utilized to surreptitiously record oral communications.

The Monroe County District Attorney's Office said it was tipped off in December that there was illegal wiretapping at the winery part of the business at 2332 Walters Road in Hamilton Township.

Detectives on Thursday found wireless surveillance cameras in the new winery, but no signs indicating the cameras were recording video and audio. Prosecutors say only two employees knew audio was being recorded and monitored. more sing-a-long

Economic Espionage, Theft of Trade Secrets - 5 Year Sentence

A former software engineer for IBM in China has been sentenced to five years in prison for stealing the source code for highly valuable software developed by the tech company, the U.S. Justice Department announced Friday.

Xu Jiaqiang, 31, was sentenced Thursday by a federal judge in White Plains, New York, months after he pleaded guilty to three counts of economic espionage and three counts of theft, possession and distribution of trade secrets. 

Prosecutors said Xu stole the source code for computer performance-enhancing software while working for IBM from 2010 and 2014, with the intent to benefit China's National Health and Family Planning Commission.

Acting Assistant Attorney General Dana J. Boente of the Justice Department's national security division said the agency “will not hesitate to pursue and prosecute those who steal from American businesses.” Xu, a Chinese national, “is being held accountable for engaging in economic espionage against an American company,” Boente said in a statement. more

PI Sued for Planting Tracking Device... on a politician's pick-up truck.

An Oklahoma lawmaker who found a tracking device attached to his pickup truck last month is suing a private investigation company and an investigator who works for the company over the device.
Click to enlarge.
 Discovery of the tracking device has shocked Oklahoma politicians, who are wondering who was spying.

Rep. Mark McBride, a Republican from the Oklahoma City suburb of Moore, is suing Eastridge Investigations and Asset Protection and Eastridge investigator H.L. Christensen for unspecified damages of more than $10,000, according to an attorney for Eastridge. more

Tuesday, January 16, 2018

Hawaiian Emergency Management - Passwords on Post-it Notes on Computer Screens

The Hawaii Emergency Management false alarm mess was not caused by pressing the wrong button. It was caused by poor design.

Ever select the wrong thing from a drop-down menu? Sure, it happens all the time.

The Washington Post reports...
The menu, which triggers alerts, contains a jumble of options, ranging from Amber alerts to Tsunami warnings to road closures. Some of them, such as “High Surf Warning North Shores,” are in plain English.

Others, including the one for a missile attack, “PACOM (CDW)-STATE ONLY,” use shorthand initials. (PACOM refers to the United States Pacific Command based in Hawaii.)

And the menu contained no ballistic missile defense false alarm option — which has now been added at the top of the image, marked up by officials for explanatory purposes. more
 Suggestions: 
1. Separate the messages into smaller groups: Routine Tests | Advisories | Life Threatening
2. Drop the jargon. Say what you mean, clearly.
3. Do not use instant-select dropdown menus.
4. Use radio buttons to select the message, plus a CONFIRMATION and CANCEL button to activate the selected alert, or not. Two extra seconds of thought can prevent a lot of mistakes.

If you need help with design, call on the master, John McWade. He can teach you.

And, what's with posting the passwords to an emergency management computer screen?!?!
If the personnel can't memorize a password as lame as this, they shouldn't be allowed anywhere near a keyboard. more

Password: Warningpoint2

Monday, January 15, 2018

Spy Drone Filming - Detection Method Developed

The first technique to detect a drone camera illicitly capturing video is revealed in a new study published by Ben-Gurion University of the Negev (BGU) and Weizmann Institute of Science cyber security researchers.

The study addresses increasing concerns about the proliferation of drone use for personal and business applications and how it is impinging on privacy and safety.

In a new paper, "Game of Drones - Detecting Captured Target from an Encrypted Video Stream," the researchers demonstrate techniques for detecting if a targeted subject or house is being recorded by a drone camera. "The beauty of this research is that someone using only a laptop and an object that flickers can detect if someone is using a drone to spy on them," says Ben Nassi... more video

"Listening In: Cybersecurity in an Insecure Age" (book)

A cybersecurity expert and former Google privacy analyst’s urgent call to protect devices and networks against malicious hackers​.

New technologies have provided both incredible convenience and new threats. The same kinds of digital networks that allow you to hail a ride using your smartphone let power grid operators control a country’s electricity—and these personal, corporate, and government systems are all vulnerable.

In Ukraine, unknown hackers shut off electricity to nearly 230,000 people for six hours. North Korean hackers destroyed networks at Sony Pictures in retaliation for a film that mocked Kim Jong-un. And Russian cyberattackers leaked Democratic National Committee emails in an attempt to sway a U.S. presidential election.

And yet despite such documented risks, government agencies, whose investigations and surveillance are stymied by encryption, push for a weakening of protections. In this accessible and riveting read, Susan Landau makes a compelling case for the need to secure our data, explaining how we must maintain cybersecurity in an insecure age. more

Saturday, January 13, 2018

Ikea Spying Trial Recommended by French Prosecutors

French prosecutors are recommending that Ikea France and 15 people, including police officials, be put on trial on charges of spying on employees and customers.


Three former senior Ikea executives including two ex-chief executive officers (CEOs) are among those charged after an investigation that dates back to 2012. more

40 Second Spy Chase... commercial

Creepy Peeper Spied 1000+ Computer Mics and Cameras... for 13+ years!

The technical description of the “Fruitfly” malware is “spyware.” But given the way it has allegedly been used, a better label would be creepware...

According to a 16-count indictment unsealed on Wednesday in US District Court for the Northern District of Ohio, its creator, Phillip R. Durachinsky, 28, used it to spy on thousands of victims for more than 13 years. Durachinsky spent this time not only collecting personal data but also watching and listening to victims through their webcams and microphones, and using some of what he collected to produce child abuse imagery...

The victims ranged from individuals to companies, schools, a police department and government entities including one owned by a subsidiary of the US Department of Energy.

According to the DoJ:
(It) enabled him to control each computer by accessing stored data, uploading files, taking and downloading screenshots, logging a user’s keystrokes, and turning on the camera and microphone to surreptitiously record images and audio.

(He) used the malware to steal the personal data of victims, including their logon credentials, tax records, medical records, photographs, banking records, internet searches, and potentially embarrassing communications.
It said he saved millions of images, kept detailed notes on what he observed, and designed it to alert him if a user typed words associated with pornography. more

Spycam Found in Mall Family Restroom

MD - Authorities say a man set up a spy camera that recorded both children and adults in the family restroom of a Baltimore-area mall.



The Baltimore Sun reports a patron at White Marsh Mall found the camera Dec. 23, and the incident was made public Thursday, when Baltimore County police released footage of the suspect. The camera was found at a restroom located near the food court. more

Like most spycamers, this guy gets our Darwin Award... for taking a video of himself while installing the camera. 

Do you offer restrooms to employees, visitors and the public. A spycam incident will put you at risk of being sued. Proactive due diligence is your best defense. Click here for the complete solution.

Telephone Eavesdropping Prevention - Then and Now

1920's - Hush-A-Phone...
Click to enlarge. Video. More.
2018 - Hushme...

1960 v 2018...