Wednesday, March 27, 2019

Corporate Romper Room - Don't Bee a Slack Slacker

More than 10 million people use Slack every day, mostly to communicate with co-workers. The app has gained so much popularity in the five-plus years since its launch that private investors value the company at over $7 billion.

“I love my people, but they never shut up on Slack,” said the CEO of a security company who asked not to be named so he could speak openly about his concerns. “It’s very good for productivity, but the problem is we’re working on security, so we have to be careful about what we say.”

Employees communicate on Slack using “channels” to focus conversations on various topics specific to different departments. It followed corporate chat tools from Microsoft, Google and Cisco as well as a plethora of start-ups, but none gained Slack’s level of adoption or had so much success in pulling workers away from email and into messaging groups. more

Information Security and Cryptography Seminar - June 17-19, 2019

This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience. This includes the foundations needed to understand the different approaches, a critical look at the state-of-the-art, and a perspective on future security technologies.

The material is presented at three different levels. At the highest level, the basic concepts are presented in detail, but abstractly (e.g., as black boxes), without mathematics. No background is required to follow at this level. At an intermediate level, the most important concrete schemes, models, algorithms, and protocols are presented as well as their applications. Here some minimal mathematical and systems background is assumed. At the deepest level, which is not required to understand the higher levels, different special topics, requiring some mathematical background, are discussed.

Lecturers:
Prof. David Basin and Prof. Ueli Maurer
Advanced Technology Group GmbH
Grundgasse 13
9500 Wil
Switzerland
F: +41 (0)44 632 1172

Seminar Location: 
Marriott Courtyard Zurich North
Max-Bill-Platz 19
CH-8050 Zurich
Switzerland
more

Monday, March 25, 2019

Security Director Alert: Check for These Bug-Like Products at Your Location

Attackers can remotely compromise multiple network devices (IP PBX, conferencing gear and IP phones), installing malware and eavesdropping via video and audio functions.

A series of both unauthenticated and authenticated remote code-execution vulnerabilities have been uncovered in a variety of Grandstream products for small to medium-sized businesses, including audio and video conferencing units, IP video phones, routers and IP PBXs.

Attackers can also use the vulnerabilities to gain access to cameras and microphones to turn them into listening devices. “The most notable aspect of the vulnerabilities is what you can do simply by using the programs that get shipped on the device,” Brendan Scarvell, senior security consultant at Trustwave SpiderLabs, told Threatpost in an interview.

“This includes playing audio through the speakers, recording conversations through the microphone, activating cameras and taking photos, installing custom software/malware etc. This is pretty bad for places such boardrooms or executive offices where confidential conversations frequently happen. more

Many common office products have information security vulnerabilities. A Technical Surveillance Countermeasures (TSCM) survey, conducted by a competent consultant, will discover them for you.

College Student Pleads Guilty to Illegal Wiretapping

A Maryland university student has pleaded guilty to illegally wiretapping a congressional staffer and putting the conversation on Facebook Live without consent...

Prosecutors say Burdett, a 21-year-old advocate for Maryland Marijuana Justice, took part in a rally in front of Rep. Andy Harris' office in Salisbury, Maryland, in October. Then he and others met with a member of the congressman's staff in his office.

Harris' staff told the group not to record the meeting, citing office policy, but prosecutors say Burdett recorded and streamed it on Facebook Live without the staffer's consent. more

FutureWatch - Who Really Lives in that Apartment

NY - A Brooklyn landlord intends to install facial recognition technology at the entrance of a roughly 700-unit rent-stabilized complex, raising alarm among tenants and housing rights attorneys about what they say is a far-reaching and egregious form of digital surveillance...

We don’t want to be tracked,” said Icemae Downes, a longtime tenant. “We are not animals. This is like tagging us through our faces because they can’t implant us with a chip.more

Thursday, March 21, 2019

Korea - Molka Means Spycam - Government Creates a Handbook for Women

The Seoul Metropolitan Government on Monday distributed guidelines on how to respond to spycam crimes for victims and law enforcement officers, amid a growing epidemic of spycam porn in the country. 

Divided into two parts -- for civilians and police officers -- the handbook was designed to raise awareness of what constitutes secondary damage to victims of spycam porn and how police officers and victims can handle such cases, according to the Seoul city government.

For example, the guidelines recommend that victims secure evidence -- such as a hidden camera -- if possible and remember the perpetrator’s appearance. If illegally filmed videos have already been distributed, the advice is to copy the links and obtain screenshots. Then the victims should report the situation to the police and ask the website or social media companies to remove the videos, the handbook says. more

-----

The (K-Pop) scandal magnifies the proliferation of hidden camera porn in South Korea — an issue which drove 22,000 women to the streets last June in the largest women’s demonstration in the nation’s history. Known as molka, meaning “spycam”, hidden camera porn has become an increasingly visible issue in South Korea, as the distribution of footage from secret, tiny cameras — often depicting women in sexual or intimate circumstances without their consent — has grown in recent years. From 2013 to 2017, police estimate nearly 6,000 cases of spycam porn each year. more

Korea - 1,600 hotel guests were secretly filmed...

...on cameras hidden in wall sockets, with footage live-streamed to paying customers!

Two South Korean men have been arrested after allegedly installing spy cameras in dozens of hotel rooms, secretly recording more than 1,600 guests and live-streaming the footage.


The men are accused of installing cameras in electrical sockets, hair dryer holders and digital TV boxes in 30 hotels in ten cities across South Korea, local police said.

They would then broadcast the footage on a website with thousands of members, charging a $44.95 monthly fee. more

Important: Learn how to inspect your hotel room (or any expectation of privacy area) for spy cameras ...and what to do if you find one.
On-line, self-paced, video training for private individuals and business.

Korea - K-pop Sex Scandal Reveals Practice of Sharing Spycam Porn

A sex scandal engulfing South Korea's K-pop industry is drawing attention and criticism to the country's problem with illegal spy cam "porn," says NPR's former Seoul correspondent...

Earlier this month, police questioned K-pop star Jung Joon-young about allegations he secretly filmed himself having sex with women and then shared the footage in private group chats.

"Tiny cameras that can be the size of lipstick containers or lighters are hidden in public places like subway stations, but also in highly private places like dressing rooms and bathrooms," Hu explained.

"The most common kind that's traded online, and shared online, and sometimes profited off of online, is footage of women having sex." more

Wednesday, March 20, 2019

Cops Spying on Cops, the Village President & Spycamer's in Crawlspaces

IN - A second lawsuit has been filed against New Carlisle alleging command staff in the police department secretly recorded private conversations... The five plaintiffs claim that Deputy Police Chief Brian Thompson and Chief Calleb Dittmar allegedly secretively “placed, or caused to be placed,” recording devices in the ceilings of non-essential areas of the department. more

-----

IL - Former Hinckley Chief of Police Kimberly S. Everhart has been charged with eavesdropping and official misconduct after Illinois State Police say she illegally recorded a conversation with the village president in 2017. more

-----
 
GA - A Catoosa County man is facing a handful of privacy invasion charges after he allegedly broke into a Ringgold residence and planted monitoring equipment, police say.

According to the Catoosa County Sheriff’s Office: Samuel David Townsend, 32, of 103 Parkview Drive in Ringgold, was arrested March 7 on charges of first-degree burglary, possession or sale of an eavesdropping device, unlawful eavesdropping, and Peeping Tom.

...resident reported suspicious sounds coming from underneath her home.

The victim said she was getting out of the shower when she heard a sound coming from the house’s master bathroom. The woman claimed she initially thought a mouse was in the home, but that the noise got louder almost like something was being cut...

...a white truck parked out on the street in front of the home and that the crawl space at the back of the house was open...

Sheriff Gary Sisk said Townsend did some work at the home in the past, and that he planted a recording device. more

Spybuster Tip # 629 - Watch What You Say at the Drive-Thru

Next time you have a private conversation while in a drive-through, you might want to keep it quiet — as workers in fast food restaurants are able to hear you, even when you can’t hear them.

Well, as long as they are wearing a headset and you’re parked next to the microphone with your window down, that is.

...the revelation on r/LifeProTips: They posted; “If we apologize [sic] and say we’ll be with you in a minute – you’re not on hold, we can hear everything. If you’ve ordered but the drive-thru line won’t let you pull ahead yet – we can hear every single thing you’re saying.

Suggesting that having the ability to eavesdrop isn’t always a good thing, they added: “I wish I could forget some of the stuff I’ve heard.more

Mr. Blobby - UK TV Star & Accidential Voyeur

UK - Mr. Blobby is a big, pink blobby thing covered in yellow dots resembling a dangerous bout of liver cirrhosis. He also happens to be a dearly loved kids’ character on British TV.

However, he could have some explaining to do to Mrs. Blobby after he was caught perving on a naked woman in a bath on a billboard in the northern British city of Leicester.

Thankfully, all is not what it seems and it appears ...

A storm on Friday damaged the existing billboard’s skin – an ad for telco firm BT that showed a woman in a bath watching her laptop – which then revealed the previous ad that featured Mr. Blobby. more

Doctor Charged with Filming Women in Bathroom

We're guessing, "It's okay, I'm a doctor," will not be a valid defense.

NJ - New evidence has emerged in the case of a former Rutgers Robert Wood Johnson Medical School doctor charged with secretly recording women in a bathroom at the city hospital, according to prosecutors.

...after being charged last month in a 160-count indictment with invasion of privacy, computer theft, wiretapping, burglary, official misconduct and impersonation. ...is facing third-degree charges of allegedly photographing or videotaping victims, without their consent or knowledge, while their "intimate parts" were exposed. He’s facing fourth-degree charges in similar instances, except the victims were wearing underwear. ...the FBI is still investigating. more

Security Director Alert: Mirai Botnet Targets Corporate Presentation Systems

A new variant of the crushing Mirai botnet, which specifically places enterprises in its crosshairs, has been discovered by security researchers...

Click to enlarge.
Mirai is still a botnet designed to exploit IoT devices, but in its latest iteration it seeks out vulnerable business devices - specifically, wireless presentation systems and the TVs used to present to rooms full of clients, partners and colleagues. 

"This new Mirai is a perfect example of why every organisation needs to map their own networks from an external point of view and close off everything that is open and does not need to be," said Jamo Niemela, principal researcher at F-secure. "The types of new devices that Mirai attacks have no business of being visible to the Internet."

The WePresent WiPG-1000 wireless presentation system and the LG Supersign TV were the two devices singled-out by researchers as most vulnerable to the attack. more

In addition to checking for electronic eavesdropping devices and general information security loopholes, make sure your TSCM technicians examine IoT device settings.

Tuesday, March 19, 2019

Keep Your Number Private – And Still Receive Calls!

An inexpensive and easy service...

"Keep your real phone number hidden while making calls and sending texts for work, dating, Craigslist sales, and more thanks to Hushed. You'll use their simple and secure app to easily make calls on your second number (you'll even choose the area code) without committing to another long, expensive phone contract. Customize your voicemail and use Wi-Fi or data to talk without expensive service charges. It's true communication anonymity delivered." more

Bonus: 

The Tasmanians Have a Great Sense of Humor

Sign on hotel wall at Hobart Airport...