Thursday, August 6, 2009

"He kicked me around, tried to drown me, burned me, and now he wants to swap me!"

Apple says it has had enough of giving people replacement iPhones and iPods when, in their view, it is the consumer who has abused the gadget and rendered it inoperable.

So today the firm has filed a patent on a kind of spy system that sits inside gadgets to record "consumer abuse events" and reveal them to Apple staff when you ask for a replacement.

"Often, particularly at a point of sale, personnel receiving the returned device may be unqualified or untrained to determine whether or not a device has failed due to manufacturing defects or due to consumer abuse," the company explains in US patent application 20090195394. (more)

SpyCam Story #543 - The Tell-Tale Tape

OR - Last year the woman told police told police she thought her landlord was spying on her through a hidden camera in the shower.

The woman lived in an upstairs apartment inside the home the landlord shared with a second renter.
That landlord - former Kalama City Council member Paul Stickel - has been charged with voyeurism, but he claims he did no such thing.

Police searched Stickel's home last Spring and confiscated videotapes, televisions and cable. They also found a hole in the wall in the woman's bathroom.

In a March 2008 affidavit, police said videotape taken from Stickel's home "shows Stickel simulating taking a shower" to test the camera-equipped shower stall. Detectives also cited a "secret viewing area" - a covered peephole - that looks out through a mirror on the woman's medicine cabinet.

Stickel claims the investigators are bluffing. (more) (video)

Solar Assisted SpyCam from Australia

from the seller's Web site...
Xtern-Cam® is a rugged outdoor standalone surveillance camera
with inbuilt GPRS modem (receive the photos on your cell), digital image recording function, integrated night vision and inbuilt Solar Panel to give extraordinary long battery life.

The camera captures high-resolution black & white images when motion is detected and emails a selection of these to a monitoring station or mobile phone as well as storing all the high resolution images to a removable memory card for easy viewing later, on a computer or PDA. The camera can also be powered by an external 12VDC power source and can be externally triggered from a gate or door opening.

Outdoors in time lapse mode using its inbuilt Solar panel to recharge the battery during the day, Xtern-Cam® can capture and transmit wirelessly, one image every 5 minutes at night time without ever requiring the battery to be re-charged. Similarly, if Motion activated, it can capture and transmit up to 150 images every night without ever having to charge the battery.

In busy environments where the Camera may capture and transmit up to 330 images per night, the battery would still last around one month! The camera can store up to 65,000 VGA images and will optionally overwrite the oldest images when the memory card is full to enable ‘set and forget’ operation.

Xtern-Cam® is also available with a colour camera for daytime operation with optional 16mm or 8mm telephoto lenses. (more)

"So, how long had your phone been tapped?"

Wharton School professor Andrea Matwyshyn has attended Defcon for the past five years. This year, her radar is pointing to corporate disclosure of computer security threats.

Most consumers, she says, find out about them primarily through news reports and after-the-fact data breach notifications. Big business, Matwyshyn says, needs to do a much better job of keeping customers abreast of how they're dealing with big security threats. "Companies need to be aware that their customers are going to start asking questions about their security and what they're doing," she told Forbes. (more)

Having quarterly TSCM inspection logs in your files can help stave off stockholder lawsuits. ~Kevin

The nights were cold and lonely...

IL - A Clinton police officer accused of viewing pornography on his squad car computer is asking that evidence collected from the computer be barred from an upcoming disciplinary hearing because police officials are guilty of eavesdropping.

Patrolman Billy Hurst, 40, of Clinton will face the Clinton Police and Fire Commission on Aug. 13 on charges that he acted improperly by
spending more than 23 hours watching pornography during working hours from Nov. 13, 2008, to Jan. 24...

Hurst's attorney, Shane Voyles, with the Policemen's Benevolent labor committee, filed a civil complaint in May in DeWitt County court
accusing Reidy of eavesdropping by monitoring Hurst's computer activities. Hurst did not consent to the city's installation of software put in place after viruses were detected on city computers, said Voyles. (more)

Wednesday, August 5, 2009

Watergate I & Watergate II

WATERGATE I
The chief of Hungary’s secret services – the National Security Office (NBH) – quit last Monday,
saying his position had become untenable due to the way other authorities handled a scandal over a private security firm allegedly used to spy on politicians.

In his resignation letter, Sándor Laborc spoke of “anomalies” in the way the public prosecution service and the NBH handled the
UD Affair...

The UD scandal, over which Laborc would eventually resign, began last September when the head of the small conservative opposition party, th
e Hungarian Democratic Forum (MDF) received an audio recording of one of UD’s owners talking to the owner and CEO of OTP Bank, Sándor Csányi, about a commission to collect data on her.

Ibolya Dávid claimed that someone was trying to discredit her in the run up to the MDF’s party leadership election...
Dávid last Tuesday said during a television interview that the UD affair had turned into a Hungarian "Watergate." (more)

WATERGATE II
via Gizmodo.com...

Instead of creating the usual steel turnstile, the Watergate's designers used the primordial liquid as a psychological barrier.
Their logic: People won't like to get their clothes wet...

It's a good idea, because most people will actually respect it. Another good thing: If something happens, people can run to the exit without having to go through gates:
Water is only a psychological barrier.

Fleeing, panicking persons can escape through the gate without being hindered by any rigid media. Clever.


An added advantage is that
people in wheelchairs or carrying luggage can easily pass through them. Very clever. (more) (video)

Cablegram: You're Bugged

USB cable UHF transmitter.
When plugged to a USB port the cable works as usual
and the transmitter inside the cable transmits conversations or any sound to a distant receiver.

No batteries needed. The transmitter works as long as it remains plugged to a USB port. Automatic Gain Control lets it pick up a whisper up to 40 feet away – as clearly as loud speech near it. (
more)

Pretty much impossible to discover yourself just by looking. But, hey... that's why you keep our information handy. ~Kevin

Access data by tapping fibre-optic networks

Fibre-optic cable networks are not as secure as believed - with new technology making it easy for hackers to steal data from them, according to an IDC report.

IDC research analyst Romain Fouchereau said that the reputation of a fibre-optic cable network as more secure than copper cables wasn’t justified, and that new and inexpensive technologies have now made data theft easily possible for hackers without detection.

Organisations that carry sensitive information across fibre-optic cables are potentially vulnerable from criminal threats, as much of the cabling is easily accessible and not well protected. Fouchereau said that hacks on optical networks could be achieved simply by extracting light from ultra-thin fibres. (more)

Once a successful tap has been achieved, software that records, monitors and analyses the data (called packet sniffers), can capture the data...

“Hence, capturing or eavesdropping on this data serves not only military purposes. Industrial espionage in these sectors is worth billions of dollars.” (more)

Saturday, August 1, 2009

Corporate Level Videotapping

Two researchers at Defcon on Friday demonstrated tools that allow people to eavesdrop on video conference calls and intercept surveillance camera video.

An attacker needs to be in the same building as the victims to carry out the man-in-the-middle attacks over the network.


The free UCSniff tool, available in Linux and Windows versions, offers a slick graphical user interface for sniffing video, said Jason Ostrom, director of the Viper Lab at Sipera Systems. The tool basically tricks the voice-over-IP network carrying the video into sending the data packets to the attacker's computer, he said.


This could be used to spy on people. For instance, an attacker could listen in on and record confidential conversations between an executive who is on a video conference call with another remote executive, according to Ostrom.

Ostrom and Arjun Sambamoorthy, a research engineer at Viper Lab, also have developed another free tool called VideoJak that can be used to intercept video streams.

Thieves planning to steal from a museum, for example, could use the tool to change live surveillance video being watched by a museum security guard so that it replayed previous video of the art, giving thieves time to steal art without detection. (more)

A Glimpse at Corporate Spying

Paris - The story has the elements of a corporate thriller: a cast of characters that includes former French spies and military men, an American cycling champion, Greenpeace activists and a dogged judge whose investigation takes him from a sports doping laboratory outside Paris to a Moroccan jail and to some of the top corporations in France.

Like installments in a serial novel, new revelations have been dripping out since March. And while the climax is still probably many months away, the story is providing a rare glimpse into the shadowy and potentially lucrative business of gathering what corporations refer to as “strategic intelligence.” (more)

The whole story is as fascinating as it is revealing. Click "more" to read the full story.

High stakes business espionage is very real.

Smart executives have counterespionage
programs. Doubters have their pockets picked. Stories like this represent espionage failures; the tip of the spyberg. Successful spying (by definition) goes unnoticed. ~Kevin

Export, eh?

Canadians vow mass-mooning of US spy-blimp

70+ Canadians in Sarnia, Ontario have committed to dropping their pants and mooning a spy balloon that a US company is launching to surveil the border, including their town. (more)


View Larger Map

Business Espionage - Chow Down

The owner of restaurant chain Mr. Chow alleges a rival restaurateur sent a spy to his soon-to-open Miami eatery to learn Mr. Chow's secrets.

FL - Michael Chow, who started his first Mr. Chow store more than 30 years ago, added "corporate espionage" to the charges in his trademark infringement suit against Philippe Chow, a former employee who owns a restaurant across the street from the new Mr. Chow, the New York Post reported Friday.

The lawsuit claims a 65-year-old man disguised as a chef was present when kitchen staff were being briefed on plans for the restaurant and, when confronted by an executive chef, said he was "incognito" so "your boss will not notice."

Philippe and his partner, Stratis Morfogen, denied the charges.

"This is beyond bizarre and at this point we have no further comment describing Michael Chow's delusional and paranoid state of mind," Morforgen said. (more)
Ouch! That bites.

Friday, July 31, 2009

iPhone Text Vulnerability

A pair of security experts have found a vulnerability in the iPhone that allows a hacker to take control of an iPhone through a text-message attack.

Cybersecurity researchers Charlie Miller and Collin Mulliner explained the security hole at the Black Hat cybersecurity conference in Las Vegas on Thursday. They said they informed Apple of the problem a month ago but the problem has not been patched, according to Forbes, which said Apple has declined to comment on the issue.


The iPhone, Miller and Mulliner said, can be controlled by an outside hacker through a series of mostly invisible SMS - short message service - bursts. That would give someone control over an iPhone user's phone, text messaging, Web browsing, microphone and camera functions. There is a similar flaw in Windows Mobile phones.


Should You Worry?
MyMobiSafe founder Eric Everson said it's highly unlikely they will be targeted. He said the attack would require hundreds of SMS texts (512 to be exact) to any phone. He said if any of the SMS messages are deleted before the attack is complete, then the hack will not be effective.


To be on the safe side, if you receive a text message with a square in it, turn off your iPhone or switch the device into airplane mode. (
more)
◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊◊...
(just kidding :)

UPDATE - "Less than 24 hours after a demonstration of this exploit, we've issued a free software update that eliminates the vulnerability from the iPhone." - Apple spokesman, Tom Neumayr. (more)

Wednesday, July 29, 2009

"Is that your thumb, or are you just glad to see me?"

from the seller's Web site...
"Do personal Investigations Do Secret Surveillance Gather Evidence"

Thumbcorder
(AJ-024TC) is the smallest real USB Flash Drive Spy Cam hands free Camcorder in the world with Built in 8Gb USB Flash Disk, Use it as a normal flash drive, spy pen camera in your pocket

Record with single switch
Just slide the Switch to Rec. will start recording, just slide switch to off to stop recording that's all... it will record sound and video. Really very easy to use.

View Recorded files
Simply connect the Thumbcorder to any USB port of your computer and view or copy the files to view. No need for any cable or extension.
Also, you can use it as USB disk drive. (more)

BTW, they plan to advertise this on television (USA Network).
Why do I mention it?
So you will know it when you see it.

Tuesday, July 28, 2009

The Badge is Not The Bullet-Proof Vest

A data breach at Internet domain administrator and host Network Solutions has compromised personal and financial data for more than 573,000 credit and debit cardholders. To add more pain to the breach, Network Solutions says it was PCI compliant at the time of the breach.

The PCI Security Council Weighs In...
Just because a company has passed its compliance validation, it doesn't mean that the need for vigilance of security measures should stop, says PCI Security Standards Council General Manager Bob Russo. As for whether Network Solutions was PCI-compliant at the time of the breach, Russo notes, "Until a forensics investigation is completed, an organization can not comment accurately on its compliance status."(more)

Effectiveness of any security measure is directly dependent upon the other security measures in place. Imagine your "wall of protection" as building blocks. One block is ineffective without the other blocks. Each block has its purpose and place... and you need every type of block to build a strong and effective wall.

The relationship is both symbiotic and synergistic.

According to the results of our recent poll (below), TSCM sweeps are a totally overlooked 'block' more than 80% of the time. Learn from the mistakes of others. Look at your wall, plug the holes.