 |
One recent example we've come across is the Tombstone Cam... Click to enlarge. more The last time we heard of a bugged funeral.
Wednesday, January 15, 2020
Surveillance in Tombstone Territory
One recent example we've come across is the Tombstone Cam... Click to enlarge. more The last time we heard of a bugged funeral.
The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters
After tens of thousands of fruitless X-rays, a technician noticed a small coil of wire inside the on/off switch of an IBM Selectric typewriter. Gandy believed that this coil was acting as a step-down transformer to supply lower-voltage power to something within the typewriter. Eventually he uncovered a series of modifications that had been concealed so expertly that they had previously defied detection.
A solid aluminum bar, part of the structural support of the typewriter, had been replaced with one that looked identical but was hollow. Inside the cavity was a circuit board and six magnetometers. The magnetometers sensed movements of tiny magnets that had been embedded in the transposers that moved the typing “golf ball” into position for striking a given letter. more
Monday, January 13, 2020
Security Tip #792: Be Gone Phishing
via Krebs on Security
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."
"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more
Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."
"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more
Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.
Death by Spycam
The wedding hall was booked and home furnishings all bought... but the bride — one of thousands of women to fall victim to an epidemic of high-tech voyeurism in South Korea — is not here.
Lee Yu-jung took her own life after a colleague secretly filmed her in the changing room of the hospital where they both worked, the country’s first reported spy-cam death.
Footage of Lee was found among a bigger video cache of women, all illegally snatched in the country’s spy-cam epidemic, often with cheap devices as small as a key ring. more
Lee Yu-jung took her own life after a colleague secretly filmed her in the changing room of the hospital where they both worked, the country’s first reported spy-cam death.
Footage of Lee was found among a bigger video cache of women, all illegally snatched in the country’s spy-cam epidemic, often with cheap devices as small as a key ring. more
Spybuster Tip #632: Fortify Your Two-factor Authentication
Two-factor authentication is a must, but don't settle for the SMS version. Use a more secure authenticator app instead.
The most popular authenticator apps are Google Authenticator and Authy, but password managers 1Password and LastPass offer the service as well, if that helps you streamline. If you're heavy into Microsoft's ecosystem, you might want Microsoft Authenticator. While they all differ somewhat in features, the core functionality is the same no matter which one you use. more
Tuesday, January 7, 2020
The Art of Investigation (book)
The editors and contributing authors* are the best in their field, and bring a wealth of real-world knowledge and experience to the subject. There are several publications available on the nuts-and-bolts of the process and stages of an investigation. That ground has been covered. However, little has been published on the investigative skills required, the traits necessary, and the qualities endemic to an inquisitive mind that can be cultivated to improve an investigator’s professional skill-set.
Each chapter discusses the applicability of the traits to the contributor’s own work and experience as an investigator. more
*Robert Rahn (Lt. Ret.) is one of the excellent contributors.
ISBN-13:
978-1138353787
ISBN-10:
1138353787
FutureWatch: The Demise of the Common Spies
WTF happened? Quite a bit...
9/11, for one. It's not so easy to fly under the radar these days.
In 2014, U.S. spies were exposed when the Office of Personnel Management was hacked. About 22 million fingerprints, security clearance background information, and personnel records allegedly fell into Chinese hands. In 2015 it happened again.
One can be fairly sure this isn't just a problem for U.S. spies. Other countries get hacked, too. You just don't hear about it.
If all this wasn't bad enough, a spy's best friend turned on him in the 2000's. Technology.
Video cameras are planted everywhere, and facial recognition is becoming more accurate every day. It is being used at airports, in buildings, and with in conjunction with city surveillance cameras. This list will grow, of course.
The latest advancement is analysis of video streams using artificial intelligence logarithms. Suspicious movements, packages left unattended, predictions of future movements and crimes are analyzed by mindless machines 24/7, waiting to trigger an alert.
On the communications side spyware is a concern. Smartphone and GPS tracking don't help spies hide either.
It has been reported that some countries are compiling real-time databases which incorporate the above-mentioned speed bumps with: taxis, hotel, train, airline, credit card, customs and immigration information. As soon as one enters the country, they know where you are—minute by minute. And, if one takes too long going between locations, or a dual timeline appears (being in different places at the same time), a security alert is generated.
Couple all this with countries sharing information, e.g. EU, being a spy who needs to make in-person contacts becomes nearly impossible.
Think staying out of view is a good spy strategy? For now, perhaps. However, progress is being made by constructing a person's face by the sound of their voice.
The future of spying (no, it won't go away) will be radically different out of necessity. One can only guess how, but I understand they are working very hard on mind-reading.
Be seeing you.
Surveillance is Hot at CES 2020
At CES show, devices that see, hear, track people are promoted. Privacy concerns? Not so much.
From the face scanner that will check in some attendees to the cameras-everywhere array of digital products, the CES gadget show is all-in on surveillance technology...
All these talking speakers, doorbell cameras and fitness trackers come with the promise of making life easier or more fun, but they're also potentially powerful spying tools.
And the skeptics who raise privacy and security concerns can be easily drowned out in the flashy spectacle of gee-whiz technology. more
From the face scanner that will check in some attendees to the cameras-everywhere array of digital products, the CES gadget show is all-in on surveillance technology...
And the skeptics who raise privacy and security concerns can be easily drowned out in the flashy spectacle of gee-whiz technology. more
Monday, January 6, 2020
Information Security and Cryptography Seminar
Information Security and Cryptography —Fundamentals and Applications
June 8-10, 2020 in Zurich, Switzerland
Lecturers: Prof. David Basin and Prof. Ueli Maurer
This seminar provides an in-depth coverage of Information Security and Cryptography from both a conceptual and an application-oriented viewpoint. At the same time, the mathematical, algorithmic, protocol-specific, and system-oriented aspects are explained in a way understandable to a wide audience.
A full description of the seminar, including all topics covered, is available at https://www.infsec.ch/seminar2020.html. Early registration is until February 28th.
The seminar takes place in Zurich Switzerland. The lectures and all course material are in English. more
Thursday, January 2, 2020
U.S. Securities & Exchange Commission Issues Guidance on IP and Tech Risks
...Among the risks faced by companies is the risk of theft of technology,
data and intellectual property through a direct intrusion by private
parties or foreign actors, including those affiliated with or controlled
by state actors.While not exclusive, examples of situations in which technology, data or intellectual property may be stolen or compromised through direct intrusion include cyber intrusions into a company’s computer systems and physical theft through corporate espionage, including with the assistance of insiders... more
Your Smart TV is Spying on You — How to stop it...
Those smart TVs that sold for unheard of low prices over the holidays come with a catch. The price is super low, but the manufacturers get to monitor what you're watching and report back to third parties, for a fee.
Or, in some cases, companies like Amazon (with its Fire TV branded sets from Toshiba and Insignia) and TCL, with its branded Roku sets, look to throw those same personalized, targeted ads at you that you get when visiting Facebook and Google.
It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!
It doesn't have to be this way. You have the controls to opt out. Within just a few clicks, you can stop the manufacturers from snooping on you in the living room... more and a bonus sing-a-long!
2020 Quote of the Year - First Contender
“The biggest thing (coming in 2020) is connected everything,” said Carolina Milanesi, a technology analyst for the research firm Creative Strategies. “Anything in the home — we’ll have more cameras, more mics, more sensors.” *
----
via The New York Times...
The 2010s made one thing clear: Tech is everywhere in life... In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments. more
* Thus, a need for more TSCM; the yin to espionage yang.
----
via The New York Times...
The 2010s made one thing clear: Tech is everywhere in life... In 2020 and the coming decade, these trends are likely to gather momentum. They will also be on display next week at CES, an enormous consumer electronics trade show in Las Vegas that typically serves as a window into the year’s hottest tech developments. more
* Thus, a need for more TSCM; the yin to espionage yang.
Wednesday, January 1, 2020
The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters
Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.
It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more
Tuesday, December 31, 2019
Get Ready for a Wild Security Ride in 2020
Drones are considered mainstream business tools and are used from surveillance and delivery to agriculture and mining.
Now Santa's Toys Know if You Are Naughty or Nice
Christmas is over, which means there may be a few extra toys for children in the house.
Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.
...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more
Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.
...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more
Subscribe to:
Posts (Atom)