"Helloooo..." says Google++ Android Cell Phone Spyware App

A malicious Android app that disguises itself as Google's new social networking platform, Google+, is capable of stealing data, and answering and recording incoming phone calls, researchers said this week.

The spyware app disguises itself as Google+ by installing itself with the name “Google ++,” Jamz Yaneza, threat research manager at Trend Micro, told SCMagazineUS.com on Monday.

The malware contained in the app shares the same code structure as previously discovered Android spyware that also can steal information and record phone calls made from infected devices. Unlike the older variants, however, the new variant can automatically answer incoming phone calls on versions 2.2 and earlier.

“Once it is installed you won't know it is doing anything malicious,” Yaneza said. (more)

NSA Field Station Teufelsberg - a late post mortem

The NSA Field Station Berlin Teufelsberg was one of the premier listening posts of the cold war. Situated on top of the highest elevation in West Berlin - the Teufelsberg, the station had unobstructed reception of signals from all directions. And viewed from West Berlin, in all directions was "East". Situated on an artificial hill near a string of lakes, the Teufelsberg enjoyed excellent reception in most radio bands that were otherwise difficult to receive at long distances. The NSA got so far in their search for better reception, that they prolonged the operation of a flywheel that was accidentally found to be a excellent resonator for certain radar installations deep in the east. (more)

TSCM Employment - Rare Private Sector Opportunity

via LinkedIn...
Honeywell (Kansas City, MO facility) has a great opportunity for a Technical Security Specialist with a specialty in TSCM. Salary is up to $109K.

A BS degree, 7 years experience in Technical Security and 1 year of project leadership experience is required. If you are interested in this position please send your resume to: EddieMorris@SourceRight.com. SourceRight Solutions is Honeywell's Staffing Partner.

This is a rare corporate opportunity. Go for it, and let us know how you make out. Good luck. ~Kevin

Taps Up in a Down Economy

Nearly 4,000 federal and state wiretaps were authorized last year, an increase of 34 percent from the previous year, according to an annual government report.

The administrative office of the United States Courts released a report last month that found an all-time high of 3,194 wiretaps were reported as authorized in 2010 – 1,207 by federal judges and 1,987 by state judges – and only one application was denied...

Wiretap applications in California, New York and New Jersey accounted for 68 percent of all applications authorized by state judges, the study found... Drug offenses were cited most often for using wiretaps in investigations -- 84 percent of all applications were drug-related. Homicides came next, followed by racketeering.

The Electronic Privacy Information Center noted that the report does not include “interceptions regulated by the Foreign Intelligence Surveillance Act (FISA) or interceptions approved by the president outside the exclusive authority of the federal wiretap law and the FISA." (more)

SpyCam Story #617 - Bed & Breakfast, and a show

Australia - A landlord has pleaded guilty to indecently filming his tenants at bed and breakfast premises in Adelaide.

A court heard the man set up hidden cameras in smoke detectors and had been watching his victims for months.

Frederick Payne pleaded guilty to 18 counts of indecent filming. ...Payne, who is an electrician, installed cameras in smoke detectors in the master bedroom, and a bedroom used by the victim's daughter. ...the victim's boyfriend had discovered the cameras and they moved out of the Maslin Beach premises immediately.

Wires from the hidden cameras led to a television and DVD player in Payne's bedroom in the house he lived in next door. Police found hours of footage... (more)

Media Wiretapping did not start with News of the World

How far would the media of the time go for a story or some inside information? 

The FBI of the 1930s was concerned about newspapers and magazine personnel tapping the telephones of FBI Offices, especially the Chicago Division. 

In this 1935 memo from E. A. Tamm, these fears are set out with efforts of the Bureau to code their conversations to thwart the Chicago American, and also to purposely "test" the system.

According to the Encyclopedia Of Chicago website, "In 1900, Chicago had nine general circulation newspapers when William Randolph Hearst's sensationalistic evening Chicago American appeared, followed by his morning Chicago Examiner (1902). The American upheld the raucous Hearstian/Chicago tradition of “The Front Page,” even after it was sold to the Chicago Tribune in 1956, renamed Chicago Today, and turned into a tabloid. Today died in 1974. The morning Examiner became the Herald-Examiner in 1918 and died in 1939, never able to overtake the Tribune." (more)

The FBI 1935 Tamm memo – taken from the Dillinger file.

Caller ID Spoofing and Your Privacy

via The New York Times...

For all of the palace intrigue recently about who in Rupert Murdoch’s News Corporation kingdom knew what about phone hacking when, one fundamental question about the scandal has gone mostly unanswered: Just how vulnerable are everyday United States residents to similarly determined snoops?

The answer is, more than you might think.

AT&T, Sprint and T-Mobile do not require cellphone customers to use a password on their voice mail boxes, and plenty of people never bother to set one up. But if you don’t, people using a service colloquially known as caller ID spoofing could disguise their phone as yours and get access to your messages. This is possible because voice mail systems often grant access to callers who appear to be phoning from their own number.

Meanwhile, as Edgar Dworsky, a consumer advocate who founded ConsumerWorld.org, discovered recently, someone armed with just a bit of personal information about a target can also gain access to the automated phone systems for Bank of America and Chase credit card holders. (more)

So, what are your "friends" saying about you?

The real Banjo

Six-week old mobile application Banjo has been updated with a new feature that lets users virtually stalk locations, and the people there, in real-time. 

Banjo, for those unaware, is a new social discovery service which reveals the social network present at any given location at a particular time. To be clear, it’s not another social network, it’s a layer on top of social networks. With Banjo, you don’t have to create a profile, add friends or collect followers, or perform any of the other typical social networking behaviors.

Instead, to use Banjo, you simply launch the app to see what the people around you are saying and doing right now. The app pulls its data from social networking services like Facebook, Twitter, Foursquare, Gowalla, TwitPic and Instagram, accessing both the publicly available check-ins and the geotags that accompany status updates and posts. (more) sing-a-long

From our no free lunch department - Smartphone Juice Jacking

It certainly seems innocent enough at first glance: a free charging kiosk at an airport, hotel or shopping mall.

Most people wouldn't hesitate to charge their dying smartphones - even though the kiosk could theoretically be configured to read most of the data on a device and upload malware. 



To demonstrate the potential threat, Brian Markus, president of Aires Security, along with fellow researchers Joseph Mlodzianowski and Robert Rowley, built a juice jacking kiosk at Defcon 2011 to educate the masses about the risks associated with blindly plugging in mobile devices. (more)


Tip: This trick will not work on most devices if they are powered down entirely before charging.

Free Mobile Phone Threat Report

Free Mobile Phone Threat Report

Click on illustrations to enlarge...

Free Mobile Phone Threat Report

Prepared by Lookout, "a smartphone security company dedicated to making the mobile experience safe for everyone."

News of the World Phone Hacking - Another Arrest

U.K. police arrested a 38-year-old man Thursday in connection with the ongoing investigation into alleged phone hacking by News Corp.'s now-closed News of the World tabloid.

View Interactive

More photos and interactive graphics

The arrest relates to the scandal stemming from allegations that the News of the World illegally intercepted the voice mails of celebrities, politicians and crime victims, through a practice known as phone hacking. Police also are probing possible police bribery by News of the World staff in exchange for information. The weekly tabloid was closed last month amid the scandal.

The arrested man couldn't immediately be identified. His marks the 13th arrest authorities have made since reopening their investigation into phone hacking in January. (more)

Get in on the laptop privacy survey - Get free privacy software!

Oculis is running a mobile worker privacy survey to collect useful data about attitudes and experiences with display privacy. Their thesis is that display privacy is a significant security industry issue and that most people have strong but unfulfilled desires for a more private experience. They intend to use the results of the survey to generate new awareness with the press, and to answer typical customer questions about why end users need PrivateEye or Chameleon.

Take the survey and you receive a FREE license for their PrivateEye screen protector, a very cool piece of software that alerts you to shoulder surfers, and blurs your screen when you are not looking at it. How? The secret is your computer's camera. It watches your back and recognizes your face! (FAQs)

The survey link is: https://www.surveymonkey.com/s/OculisPrivacySurvey

Here are the preliminary results from a few selected questions:

The Most Extensive Radio and Technical Museum List

If you have an interest in antique radios, TVs, computers and other technical equipment, this is the list to bookmark. Over 100 radio and technical museums around the world. Sponsored by radiomuseum.org

FutureWatch Prediction Comes True - Tampa Redux

Tampa - "You are only a stranger here once." 

August 2011 - The Tampa Police Department plans to circle its downtown area with surveillance cameras prior to the 2012 Republican National Convention, but Assistant Police Chief Mark Hamlin says the locations will not be disclosed in order to keep potential troublemakers from gaining a tactical advantage. A local political activist has publicly stated he is troubled by this decision.

September 2008 - FutureWatch - Although facial recognition and tracking didn't catch on the first go-around (the Tampa, Florida experiment), it is ripe for a come-back. 5 years from now, this will be commonplace – along with automatic license plate readers and motion-intention evaluators.

August 2003 - It is with sadness we note the demise of our favorite city motto... Tampa - "You're only a stranger here once." Tampa police have scrapped their controversial security camera system that scanned city streets for criminals, citing its failure over two years to recognize anyone wanted by authorities.

History - July 2001 - The Tampa City Council took a fully-informed look at Ybor City's controversial high-tech face-scanning software. When the dust settled, the council split down the middle with a 3-3 vote on whether or not to do away with the face-scanning software.

Tampa Police Radio Room c.1920's

(How Antonio Prohías might see it.)

News of The World Spying - More Threads

UK - MPs have reignited the News of the World phone-hacking scandal with the publication of new documents which suggest News International was involved in a four-year cover-up.

The Guardian says Rupert Murdoch, James Murdoch and their former editor Andy Coulson "face embarrassing new allegations of dishonesty and cover-up after the publication of an explosive letter written by the News of the World's disgraced royal correspondent, Clive Goodman".

In the article by Nick Davies, who broke the original story, he says Goodman makes the following claims: "that phone hacking was 'widely discussed' at editorial meetings at the paper until Coulson himself banned further references to it; that Coulson offered to let him keep his job if he agreed not to implicate the paper in hacking when he came to court; and that his own hacking was carried out with 'the full knowledge and support' of other senior journalists, whom he named." (more)

News of The World Spying - Like Pulling a Sweater Thread

Revelations that U.K. tabloid journalists may have graduated to hacking computers in addition to mobile phones may form the next scandal facing Rupert Murdoch's News Corp., a U.K. lawmaker investigating privacy violations by the now-defunct News of the World said.

Police and parliament have mostly focused their probes on how journalists illegally accessed the voicemails of celebrities, politicians and crime victims, and who at the company knew about it. More revelations of computer hacking and other forms of spying could emerge, Tom Watson, a Labour Party lawmaker, said yesterday.

“My own concerns are that this will lead to other forms of covert surveillance, and I think the next scandal will be computer hacking and we're going to be living with this for weeks and months to come,” said Mr. Watson, who is also a member of the Culture, Media and Sport Committee that is investigating phone hacking. (more)

If you are not one of our clients, you may not know these espionage secrets...  

• When you are a target, you won't be spied upon just using one method – a variety of tactics will be used. 

• The reasons electronic surveillance is investigated first is because it is a common tactic, easy to discover, and must be eliminated before one starts accusing people directly. 

• A successful counterespionage strategy will take all your vulnerabilities, and all their tactics into consideration.

The News of The World case is slowly unraveling into a textbook case of corporate espionage, thus proving the reality of it. This is the tip of the iceberg. Only failed spying becomes headlines.

FutureWatch: Bugs, wiretaps, more bribes, blackmail and sex.

Control Anything Cellular or WiFi in Your Enterprise

AirPatrol Corp. today unveiled ZoneDefense, a new mobile monitoring and policy enforcement technology that lets enterprises support the use of consumer and mobile devices on premises while also ensuring that end users are adhering to company security policies.

 ZoneDefense is a security technology that can detect any mobile device in an enterprise, track its location, check its compliance with company policy and enforce rules based on where the user is located and who is nearby. (more)

In addition to the release of ZoneDefense, AirPatrol issued a new white paper that offers guidelines on implementing wireless security policies. For a free copy, click here.

Disclosure: I use AirPatrol technology in my counterespionage inspections, but do not profit in any way by bringing their products to your attention.

"Page Eight" - Modern Intelligence Practices Scrutinized

Canada - Spies and assassins will get moviegoers' adrenaline pumping at the Toronto International Film Festival this year...

The 10-day festival opens on September 8 and will close with David Hare's "Page Eight", a contemporary spy film that casts a critical eye on modern intelligence practices. (more) (synopsis)

Eavesdropping History - NEW Nixon Bugs

One morning in early March 1971, Army counterintelligence agent Dave Mann was going through the overnight files when his eyes landed on something unexpected: a report that a routine, nighttime sweep for bugs along the Pentagon’s power-packed E-Ring had found unexplained – and unencrypted — signals emanating from offices in the Joint Chiefs of Staff.

Someone, it seemed, was eavesdropping on the top brass.

Mann was no stranger to bugs. It was a busy time for eavesdroppers and bug-finders, starting with the constant Spy vs. Spy games with Russian spies. But the Nixon years, he and everyone else would soon discover, had extended such clandestine ops into new territory: bugging not just the Democrats, but people within its own ranks. Eventually, most of the Watergate-era eavesdropping schemes were revealed to the public, including the bombshell that Nixon was bugging himself. But the bugs Dave Mann discovered in the E-Ring in March 1971 — and another batch like it — have remained buried all these years. Until now. (more)

Security Director Alert - Another Name for your Rolodex... Data Killers

Why would anyone want to shred a smartphone...twice?  

Well, if they wanted to be sure that all of their private information wouldn't fall into the wrong hands; they might shred it or burn it or both! Who would blame them when Wikileaks and identity theft stories dominate the news headlines? From corporate espionage to bored hackers, it seems someone is always after someone else's data! How does one keep private, corporate or government information from becoming public knowledge?

Recently a large federal agency that had upgraded their enterprise-wide smartphones wanted to have the old phones destroyed. The security officer responsible for the destruction of these smartphones took the smartphones to an un-knowledgeable electronics recycling company who shredded the phones. Unfortunately that company didn't have the specialized equipment to shred them small enough and the officer found several intact SIM cards in a pile of shredded residue. Luckily he found the un-shredded cards before the Inspector General found them! (more)

As you can see, not all shredding companies are created equal. Data Killers is the destruction arm of Turtle Wings, Inc., an ISO certified, woman-owned, HUBZoned company holding multiple GSA contracts. These folks claim they can get it done right the first time:

Elizabeth Wilmot, President

301-583-8399
1-877-KILLS-DATA
info@DATAKILLERS.com

Cell Phone Eavesdropping Alert - Android Trojan Snoop

A nasty Android Trojan capable of stealing text messages and eavesdropping on conversations has, like all movie monsters worth their weight, morphed into an even more dangerous opponent. The security firm CA Technologies detected a piece of Android malware that hid in corrupt apps and recorded and stored users' conversations on the targeted devices, which could then be uploaded to remote servers.

"Before answering the call, it puts the phone on silent mode to prevent the affected user from hearing it. It also hides the dial pad and sets the current screen to display the home page. During testing, after the malware answered the phone, the screen went blank," Trend Micro wrote on its blog.

TIP: The auto-answering feature only targets Android's running version 2.2, not the new version 2.3; to update your operating system, go to the "Settings" tab under "Menu." (more)

Tap Tap Revolution - The Smartphone Spyware Version

The slight movements of your smartphone every time you tap on the touchscreen could be giving away what you are typing.

Eavesdropping on a computer user's keyboard input is called keylogging...

Keylogging is much harder to pull off on smartphones because most mobile operating systems allow only whatever app is on screen to access what you are typing, says security researcher Hao Chen of the University of California, Davis.

However, Chen and his colleague Liang Cai have got around that hurdle and created a keylogger that runs on Android smartphones. It uses the phone's motion sensors to detect vibrations from tapping the screen. Since mobile operating systems do not treat the motion-sensor output as private or in need of protection, it presents a target for hackers wanting to create an innocent-looking app that secretly monitors phone users. (more)

Can Ya Catch My Cheating Spouse? In Kenya Ya Can - Bugging cell phones is apparently legal there!?!?

Kenya - Are you suspicious your lover, spouse, children, employees or business partner could be hiding something? Relax. A solution is finally here.

All you need is a high-end wap-enabled mobile phone, which you will present as a gift to your partner, whom you want to investigate.

Charles Chepkonga, the director of IT company, Smuffet Outsourcing, says with Sh15,000, he could install a software that could help you get a copy of all SMS, call log, location of the phone and all the names saved in the phonebook.

"The phone does not need to be expensive. We have done with phones worth as low as Sh8,000," he says.

Dubbed Mobispy, the software will send information to a preset email address managed by the buyer.

"Let’s say your husband tells you he is working late within the central business district but you doubt. All you will need to do is log in to the email and trace the location of the phone. Unless he left it in the office, you can know his location because it gives a radius of 10m," said Chepkonga. The IT expert says the technology can also be used to keep track on the location of students who lie they are in libraries or by managers who suspects their employees could be sabotaging the company by giving out classified information.

"The most popular reasons for using this application are finding out if your partner is cheating on you, keeping an eye on your children or teens, protecting your old parents, and using it to ensure your employees are doing what they are expected," said Chepkonga.

He says he started offering the service two months ago and has so far done more than 20 mobile phones bought by suspecting partners.

"We have also had innumerable enquiries from many people but who would want to remain anonymous," he said.

He said the idea came up as a result of the many attempts by Kenyans to bust their cheating partners. (more)

You'll Look So Dorky Nobody Will Think You Are a Spy

Real spy gear disguised as a kid's toy - with NIGHT VISION!

The SpyNet Night Vision Mission Video Watch's secret... It looks like a children's toy, but is a whole lot more. Let's run through the features... sound recorder, video recorder, still picture cam (with time lapse) - check, check, and check. Downloadable spy missions, games, and apps. Check. And, it tells time, too! 

If you really need to go covert, there is the Snake Cam Add-On. It plugs into the watch and lets you look around corners (or hide it in your sleeve and have it peek out a button whole).

Modes:
Time Mode
Alarm Mode
Timer Mode
Stop Watch Mode
Video Recorder Mode - preview or super-spy mode (watch face just shows time)
Audio Recorder Mode - wave form preview or super-spy mode (watch face just shows time)
Still Picture Recorder Mode - still image (again, with preview or without) or time lapse mode (5 seconds, 10 seconds, 30 seconds, 1 minute, 5 minutes, 10 minutes)

Secrets Mode
Missions Mode - downloadable from SpyNet HQ
Games Mode
Spy Apps Mode
Playback Mode
Capacity: Up to 20 mins of video; over 4 hours of audio; up to 2000 pics!
Snake Cam Add-On: Allows you to record pics/video around corners or hides in a button hole for super covert missions (unable to film using night vision, however). Can also be used as a plug and play USB webcam.
Watch Includes: Watch (duh), USB connector, and instructions.
Dimensions: Watch - 2.5" x 2.25" x 1" (watch body) - 1.4" TFT display.
Snake Cam - bendy part: 20"; overall length: 38" 

Why do I mention it?

So you'll know what you're up against, or the holidays are coming.

...Keep an eye out for the snake coming over the cubicle wall.

Staying Safe Abroad - The Blog, Edward L. Lee II

In 2008, I gave all my clients a free copy of Edward L. Lee's book: Staying Safe Abroad: Traveling, Working & Living in a Post-9/11 World Yes, it was that good!

The feedback I received spanned from: "Thank you so much..." to one security director saying, "I am buying copies for all our key executives who travel."

If you travel, or know someone who does, buy the book and get FREE updates by following Staying Safe Abroad - The Blog.

"What makes Ed Lee the big expert?"
Ed Lee retired from the US State Department in April 2006, after a career as a special agent, Regional Security Officer, director of training, chief investigator of the Cyprus Missing Persons Program, director of security of the U.S. Agency for International Development and as a senior advisor in the Office of Anti-Terrorism Assistance.

Most of his work now is devoted to educating global companies and governmental entities in how to be successful and keep their people safe abroad.

His career also includes 15 years as an international security consultant; for ten years he served as the security advisor to the Inter-American Development Bank. Additionally, Ed served six years in the Marines before joining the US State Department as a special agent.

"Why the plug?"
I hear you say.
Just a film noir PI's cliche, "Dead clients don't pay."

Privacy Journal - Keep Abreast of Privacy Issues and Laws

The Compilation of State and Federal Privacy Laws is now available in different formats. This book cites and describes more than 600 state and federal laws affecting the confidentiality of personal information and electronic surveillance. The laws are listed by state, grouped in categories like medical, credit, financial, security breaches, tracking technologies, employment, government, school records, Social Security numbers, marketing, telephone privacy and many more. Canadian laws are also included.

The Consumer's Handheld Guide to Privacy Protection, an abridged, consolidated version for use on handheld devices. Lawyers and other professionals are finding this handy for searching privacy laws while out of the office, in conferences, in court, on the street.

P.S. Would you like a free sample copy of Privacy Journal monthly newsletter? Contact: Lee Shoreham, Assistant to the Publisher, PRIVACY JOURNAL, PO Box 28577, Providence, RI  02908  Phone: 401-274-7861  Fax: 401-274-4747  orders@privacyjournal.net

Tips to Protect Your Voice Mail from Hacking

via Forbes...

While there’s been extensive coverage of the News Corp. phone hacking cases during the past few weeks, nobody has really addressed two relevant elements of the story: the legal liability (both criminal and civil) for such conduct and the underlying problem which allowed the media to gain access to confidential information: the insecurity of most voice mail systems...

Personal actions
• Do not use default passwords;
• Use more than a four digit PIN, and make them random. Do not use your date of birth, year of birth, or set the digits in ascending or descending order;
• Make sure your carrier requires the use of a PIN every time you access your voice mail;
• Have your carrier require a special password to access information about your account;
• Demand that your carrier immediately notify you of any attempt to improperly access your account via email or SMS;
• Ask your carrier to block multiple invalid PIN attempts on your account, which will then requires a call to customer service to reset it;
• Delete sensitive message once you retrieve them, and do not store them in the system any longer than necessary. Remember, there is no way to determine who has accessed your account or listened to your messages;
• Check the settings on your system to determine if messages are being forwarded to numbers you do not recognize;
• Use the most complicated password that is possible to set up, and change it frequently. (more)

USA Today - "Don't bank on your phone to evade virus"

Trojans can enter a smartphone in many devious ways. All you have to do is click on a link or attachment that contains the virus, and within seconds it can secretly seize control of the phone. That link might be a tinyurl in Twitter. The attachment could be a vCard, the standard format for sending a business card to a phone.

Or you could be accessing a website in a cafe. At Wi-Fi hotspots, fraudsters create bogus gateways, known as "evil twins", to which the latest mobile phones will automatically connect. Once a connection is established, all the information passing through the gateway can be read directly or decrypted, allowing fraudsters to harvest user names, passwords and messages.

Until now, these attacks have been rare. But experts say that's just because smartphones are still taking off. "We're walking into a minefield," said Mr Fidgen, who has been warning about the risks of mobile banking for several months, "but nobody's bloody listening". (more)

The Spy in the Condé Nast Elevator

Following a day of speculation about the identity of the person behind @CondeElevator, the account appears to have gone dark. "Girl or Guy #1 [in elevator alone]: This got really crazy. Love my job. Better stop," the account tweeted on Wednesday...

The account, which presents all tweets as if they are true, was launched just last Saturday, but it already has amassed more than 50,000 followers. In less than a week, @CondeElevator has become a dishy fly-on-the-wall at a company known for its strict rules, shone a light on the intimidating culture that still exists in the rarified halls of Old Media, and incited a massive witch hunt as outlets race to unveil the author. (more)

Why this is important.

It doesn't matter if the tweets are fact, or self-promoting fiction, it proves Twitter is a powerful technology. Your marketing people may see it as a boon. Your security people may see it as a nightmare. Point is, you need to see it, and keep an eye on it. See who's talking about your company.

Last Laugh - Briton, SpyCam Capital of the World

Can you think of a worse place in the world to riot in the streets?

SHOP A MORON - Name and shame a rioter

Click to enlarge.

These are just some of the 2,000 suspects being hunted today over Britain's riot mayhem. Police issued the CCTV shots and appealed to witnesses to identify anyone they recognise. Sun readers are urged to name and shame any morons they saw looting or committing arson and wrecking property. (more)

FutureWatch: A flood of RFP's for High-Def SpyCams. Darwin Awards.

N.B. Not to be confused with Photoshoplooter... 
(more)

Quote of the Day: “If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password.”

An uncomfortably large percentage of mobile applications are storing sensitive user account information unencrypted on owners’ smartphones, according to a new survey of 100 consumer smartphone apps.

Click to enlarge.

Some 76 percent of the apps tested stored cleartext usernames on the devices, and 10 percent of the tested applications, including popular apps LinkedIn and Netflix, were found storing passwords on the phone in cleartext.

Conducted by digital security firm ViaForensics, the testing occurred over a period of over eight months and spanned multiple categories, ranging from social networking applications to mobile banking software. The firm tested apps only for iOS and Android, the market’s leading mobile platforms.

“If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password,” said Ted Eull, techology services vice president at ViaForensics, in an interview. (The Bad App List.)

Read up on what to do about it, here.

FBI, Texas Rangers Search City Offices for Bugging Devices

TX - Tenaha Mayor George Bowers has confirmed that Texas Rangers and FBI agents searched city property for bugging devices this week.

Bowers said he was present on Monday as the state and federal agents scoured the workplace for bugging devices. The search was conducted after city work hours, according to Bowers...

There are rumors several bugging devices were found inside the police station. City Marshall Tom Reader acknowledged the searches, but would not confirm or deny that any were found in the police station. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Security Flaws in Feds’ Radios Make for Easy Eavesdropping

via The Wall Street Journal...

The portable radios used by many federal law enforcement agents have major security flaws that allowed researchers to intercept hundreds of hours of sensitive traffic sent without encryption over the past two years, according to a new study being released today.

While studying the technology, researchers from the University of Pennsylvania overheard conversations that included descriptions of undercover agents and confidential informants, plans for forthcoming arrests and information on the technology used in surveillance operations...

Their research also shows that the radios can be effectively jammed using a pink electronic child’s toy and that the standard used by the radios “provides a convenient means for an attacker” to continuously track the location of a radio’s user.

The authors say they are extremely concerned about the security lapses found in the radios, which are used by the FBI and Homeland Security as well as state and local law enforcement. “We strongly urge that a high priority be placed” on a “substantial top-to-bottom redesign” of the system, dubbed P25, they write. (more) (study)

Today in Spy History

On Aug. 9, 1974, President Richard Nixon resigned following damaging revelations in the Watergate scandal. (more)

Faulty Towers, or The Young Ones strike back

Scarborough bed-and-breakfast owner Paul Williams has been jailed for 18 weeks for spying on his guests through secret peepholes and making audio recordings of their most intimate moments.

Paul Williams, 60, watched three couple from holes which he had drilled in the doors of the rooms at his bed-and-breakfast in Scarborough, North Yorkshire.

He was discovered when one of his victims, a 16-year-old student, spotted a poster placed over one of the holes begin to move. Her boyfriend investigated and found a hole which provided a view directly on to the bed. He then heard movement in the corridor outside and discovered Williams who was wearing just a dressing gown.

Audio recording equipment was then discovered at the Sandsea guest house. Guests were left feeling ''sick and horrified'' when they discovered what had happened.

Williams, of Devonshire Drive, Scarborough, pleaded guilty to charges of voyeurism and was sentenced at the town's magistrates' court today. (more)

Blackmail She Wrote - 'Explosive' Jackie O Tapes to Be Released

Jackie Onassis believed that Lyndon B Johnson and a cabal of Texas tycoons were involved in the assassination of her husband John F Kennedy, ‘explosive’ recordings are set to reveal.

The secret tapes will show that the former first lady felt that her husband’s successor was at the heart of the plot to murder him.

 She became convinced that the then vice president, along with businessmen in the South, had orchestrated the Dallas shooting, with gunman Lee Harvey Oswald – long claimed to have been a lone assassin – merely part of a much larger conspiracy...

The tapes were recorded with leading historian Arthur Schlesinger Jr. within months of the assassination on November 22, 1963, and had been sealed in a vault at the Kennedy Library in Boston.

Caroline Kennedy, has agreed to release them early and have them aired on a special program on ABC. It is believed she agreed to the release in exchange for the network dropping its $10 million series about the family. (more) (must-see TV)

Point & Shoot Android Hacker Toolkit - $10.

While iOS users can pretend to be hackers with games like Hack RUN and iHack, those who own Android gadgets will soon be able to break into networks and computers for real. That’s because Israeli security firm zImperium is about to launch an app that can search for vulnerable targets and infiltrate them, allowing users to eavesdrop or even “attack” the devices.



The app is called Anti, short for Android Network Toolkit. It was introduced by zImperium at last week’s Defcon hacking conference, and reportedly impressed several attendees for its ease of use and affordability. With Anti, a user can infiltrate Windows machines, devices running an unspecified older version of Android and yes, even iPhones. Anti will debut at the Android Market next week as a free app that can be upgraded for $10 (USD). (more)