Researchers at Germany’s SRLabs found two hacking scenarios — eavesdropping and phishing — for both Amazon Alexa
and Google Home/Nest devices. They created eight voice apps (Skills for
Alexa and Actions for Google Home) to demonstrate the hacks that turns
these smart speakers into smart spies. The malicious voice apps created
by SRLabs easily passed through Amazon and Google’s individual screening
processes...
For eavesdropping, the researchers used the same horoscope app for
Amazon’s smart speaker. The app tricks the user into believing that it
has been stopped while it silently listens in the background. more
Thursday, October 24, 2019
Google Accused of Spying with New Tool
Google employees have accused their employer of creating a surveillance tool disguised as a calendar extension designed to monitor gatherings of more than 100 people, a signal that those employees may be planning protests or discussing union organizing. Google parent company Alphabet “categorically” denies the accusation.
The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.
Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more
The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.
Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more
Hospital Bathroom Video Voyeur had 1 Million Images
FL - Authorities have
arrested a 41-year-old man who they say hid a small camera in bathrooms
at three Florida medical facilities...
Police began investigating on Oct. 3 when a hidden camera was found
inside an employee bathroom at St. Mary's Medical Center.
Investigators
found more than a million still and video images.
Toga! Toga! Toga! ...SCIF Fight!
SCIF fight shows lawmakers can be their own biggest cybersecurity vulnerability.
About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.
A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more
About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.
A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more
"You're all worthless and weak!" ~Doug Neidermeyer
Wednesday, October 23, 2019
CNN - In 1999 a listening device was planted inside the State Department...
After a suspicious rise in Russian diplomats visiting the State Department in 1999, the FBI worked with the Diplomatic Security Service to follow mysterious radio frequencies. For more, watch "Declassified" Sunday at 11 p.m. ET/PT. more
Thanks to our Blue Blase Irregular at Big T for spotting this one for us.
Thanks to our Blue Blase Irregular at Big T for spotting this one for us.
Free Ransomware Decryption Tool
Emsisoft Decryptor for STOP Djvu
The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.
Please note: There are limitations on what files can be decrypted. more
Of course, put all the safeguards in place first so you won't need this tool. ~Kevin
The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.
Please note: There are limitations on what files can be decrypted. more
Of course, put all the safeguards in place first so you won't need this tool. ~Kevin
Friday, October 18, 2019
IT / Security Director Alert: Cisco Aironet Wi-Fi High-Severity Vulnerability Patch Available
Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.
It also issued a slew of additional patches addressing other flaws in its products.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more
It also issued a slew of additional patches addressing other flaws in its products.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more
Thursday, October 17, 2019
Why Do CIA Spies Stop at Every Yellow Light?
After spending years in the CIA fighting to prevent nuclear terrorism
and other catastrophes, some old habits just will not go away for the
ex-spy Amaryllis Fox...
...a former CIA clandestine-service officer and author of the new book "Life Undercover: Coming of Age in the CIA"...
...CIA spies learn to master skills regular people do not, and they stick with you...
...But there is one old habit, she said, that drives her husband a little bit crazy — stopping at every yellow light when she drives. more
...a former CIA clandestine-service officer and author of the new book "Life Undercover: Coming of Age in the CIA"...
...CIA spies learn to master skills regular people do not, and they stick with you...
...But there is one old habit, she said, that drives her husband a little bit crazy — stopping at every yellow light when she drives. more
Welcome to our home. Your visit may be recorded for no apparent reason. Would you like a glass of wine?
The privacy backlash against AI-powered digital assistants has just taken an interesting twist, with a senior exec from one of the core proponents of the technology admitting that he has his own privacy concerns over the tech.
Google hardware chief Rick Osterloh told the BBC that guests visiting a home where smart speakers are stored should be warned that their conversations might be overheard and recorded. more
Google hardware chief Rick Osterloh told the BBC that guests visiting a home where smart speakers are stored should be warned that their conversations might be overheard and recorded. more
Calling All Ears - Calling All Ears
“EAVESDROPPING,” COMEDY CENTRAL DIGITAL SKETCH
Comedy Central is casting talent for “Eavesdropping,” a digital sketch. The production needs talent, aged 20–40, to play cute families, tourists, creepy men, and more. Two of the roles require the ability to cry on command. Filming will take place on Oct. 23 in New York City. Pay is $100 per day with meals provided on set. Apply here for the general background roles and apply here for the crying background roles!
Comedy Central is casting talent for “Eavesdropping,” a digital sketch. The production needs talent, aged 20–40, to play cute families, tourists, creepy men, and more. Two of the roles require the ability to cry on command. Filming will take place on Oct. 23 in New York City. Pay is $100 per day with meals provided on set. Apply here for the general background roles and apply here for the crying background roles!
Massive Corporate Espionage Attack: 'One million pages stolen'
Australian blood giant CSL has been rocked by an alleged corporate espionage attack, with a former "high level" employee accused of stealing tens of thousands of its documents - including trade secrets - in order to land a job at a key competitor...
CSL’s allegations are expected to reverberate through the highly competitive global drug making industry where trade secrets are the most prized possession of the companies. more
Any pharmaceutical company without:
CSL had protection measures in place. Thus, this discovery, and recovery. ~Kevin
CSL’s allegations are expected to reverberate through the highly competitive global drug making industry where trade secrets are the most prized possession of the companies. more
It's never this obvious. |
Any pharmaceutical company without:
- a robust Information Security Policy,
- Recording in the Workplace Policy,
- IT Compliance and Surveillance program,
- regularly scheduled Technical Surveillance Countermeasures (TSCM) inspections (with an Information Security Survey component)
CSL had protection measures in place. Thus, this discovery, and recovery. ~Kevin
Iranian President's Brother Claims Presidential Office was Bugged
Iran - After surrendering to serve his five-year term in prison, the younger brother of Iran’s president, Hossein Fereydoun claimed in a statement October 16 that the judge had convicted him based on eavesdropping on the presidential office.
A close advisor to Hassan Rouhani, Fereydoun did not name the body or persons responsible for the eavesdropping. Nevertheless, it is public knowledge that the Islamic Revolution Guards Corps Intelligence Organization had been behind the lawsuit against him. more
A close advisor to Hassan Rouhani, Fereydoun did not name the body or persons responsible for the eavesdropping. Nevertheless, it is public knowledge that the Islamic Revolution Guards Corps Intelligence Organization had been behind the lawsuit against him. more
Holy Crap: IT Folks Fear the Internet Connected Toilet
IT security professionals are nervous people.
This seems clear from a new survey perpetrated on the part of the hardware security company nCipher...
The surveyors asked 1,800 IT security professionals in 14 countries about vital elements...
Thirty-six percent confessed they were afraid they'd be spied upon by an internet-connected device. The same number feared they'd have money stolen.
Twenty-four percent fear personal embarrassment as unholy information about them would be leaked.
I, though, feel a particular empathy for the 21% who are afraid that pranksters will hack their connected toilets. more
This seems clear from a new survey perpetrated on the part of the hardware security company nCipher...
The surveyors asked 1,800 IT security professionals in 14 countries about vital elements...
Thirty-six percent confessed they were afraid they'd be spied upon by an internet-connected device. The same number feared they'd have money stolen.
Twenty-four percent fear personal embarrassment as unholy information about them would be leaked.
I, though, feel a particular empathy for the 21% who are afraid that pranksters will hack their connected toilets. more
Friday, October 11, 2019
Spy Camera Detectors – Do they work? How do they work?
Covert cameras have been around since the 1800’s. Interestingly, as soon as photography developed, people wanted to surreptitiously take photos. From voyeurs to private eyes, a spycam was the gadget to have.
In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.
Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.
With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.
In 1900, movie maker, George Albert Smith, glamorized optical voyeurism in his movie, As Seen Through a Telescope. We will take a historical shortcut here and leave the discovery of these early film spy cameras to auctioneers and collectors.
Our spy camera detection history begins with the advent of CCD and CMOS behind the lens. These are the electronic sensors within modern digital spy cameras which capture images.
With a little knowledge—aided by some inexpensive gadgets—you can detect spycams! Continued here.
Planting Spy Chips in Routers - Proof of Concept
More than a year has passed since Bloomberg Businessweek grabbed the lapels of the cybersecurity world with a bombshell claim: that Supermicro motherboards in servers used by major tech firms, including Apple and Amazon, had been stealthily implanted with a chip the size of a rice grain that allowed Chinese hackers to spy deep into those networks...
But even as the facts of that story remain unconfirmed...
Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment... more
But even as the facts of that story remain unconfirmed...
Now researchers have gone further, showing just how easily and cheaply a tiny, tough-to-detect spy chip could be planted in a company's hardware supply chain. And one of them has demonstrated that it doesn't even require a state-sponsored spy agency to pull it off—just a motivated hardware hacker with the right access and as little as $200 worth of equipment... more
Subscribe to:
Posts (Atom)