by Stephan Varty, Vulnerability Analyst, in Nortel's Voice Security Blog...
Many people assume a certain level of confidentiality is assured when they use their phone. Concerns have been raised about the increased risk of someone eavesdropping on a VoIP call compared to a traditional PSTN call. Although the concern applies similarly to other VoIP protocols such as UNIStim, H.323, or SCCP as well, what follows is an opinion on the susceptibility of a SIP call to remote eavesdropping...
...due to common vulnerabilities such as missing or outdated patches, misconfiguration, and undetected software defects, it is likely that in many cases a determined sophisticated attacker would be capable of eavesdropping on unencrypted SIP calls. (more)
Lessons:
• Employ encryption.
• Install all software patches and updates.
• Double check your configurations.
Extra Credit:
Eavesdropping an IP Telephony Call
Thursday, July 24, 2008
Tapped Out Friends Tap Friendship
IL - Two friends of former police officer Drew Peterson told a newspaper he made incriminating statements during secretly taped conversations following the disappearance of his fourth wife — claims that Peterson denies... Peterson said the couple had asked him for money and became angry when he would not lend it to them. (more)
Email Sinks Two Anchors - Keystroke Logger Helped
Philadelphia, PA - A longtime television newscaster was charged Monday with illegally accessing the e-mail of his glamorous former co-anchor, who suspected details of her social life were being leaked to gossip columnists.
Federal prosecutors say fired KYW-TV anchor Larry Mendte accessed Alycia Lane's and leaked her personal information to a Philadelphia Daily News reporter. Lane's personal life had routinely become tabloid fodder and eventually led to her own dismissal from the station.
"The mere accessing and reading of privileged information is criminal," acting U.S. Attorney Laurie Magid said. "This case, however, went well beyond just reading someone's e-mail." (more)
How Alycia Lane's passwords were tapped...
According to sources close to the case, former CBS anchor Larry Mendte used a hardware keylogger system to obtain Alycia Lane's e-mail passwords. Keylogger systems secretly capture every keystroke made on a targeted computer.
Keyloggers come in two forms: software, which is installed on a computer, and hardware, which is a battery-sized recording device that is secretly attached to the cord between the keyboard and a computer. The precise type and brand of keylogger used in the Mendte case could not be determined, but sources said it was the hardware version. (more)
My all-time favorite newscasters. ~ KDM
(John Hart, Jon Stewart, Paul Harvey, Jim Hartz, Walter Cronkite, Susan Stamberg, Charles Osgood, Charles Kuralt, Lloyd Dobbins, Linda Ellerbee, Tom Snyder and you know who.)
Federal prosecutors say fired KYW-TV anchor Larry Mendte accessed Alycia Lane's and leaked her personal information to a Philadelphia Daily News reporter. Lane's personal life had routinely become tabloid fodder and eventually led to her own dismissal from the station."The mere accessing and reading of privileged information is criminal," acting U.S. Attorney Laurie Magid said. "This case, however, went well beyond just reading someone's e-mail." (more)
How Alycia Lane's passwords were tapped...
According to sources close to the case, former CBS anchor Larry Mendte used a hardware keylogger system to obtain Alycia Lane's e-mail passwords. Keylogger systems secretly capture every keystroke made on a targeted computer.
Keyloggers come in two forms: software, which is installed on a computer, and hardware, which is a battery-sized recording device that is secretly attached to the cord between the keyboard and a computer. The precise type and brand of keylogger used in the Mendte case could not be determined, but sources said it was the hardware version. (more)
My all-time favorite newscasters. ~ KDM
(John Hart, Jon Stewart, Paul Harvey, Jim Hartz, Walter Cronkite, Susan Stamberg, Charles Osgood, Charles Kuralt, Lloyd Dobbins, Linda Ellerbee, Tom Snyder and you know who.)
Rogue Lid Shuts Grid
Rogue laptops aren't the only rogues out there...
A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.
Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.
Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said. He was taken into custody Sunday. (more)
So, how do you protect yourself against insider hijacking?
One way to start...
• Don't give the keys to the kingdom to only one person.
• "Checks and Balance" "Checks and Balance" "Checks..."
• Establish an admin / root password emergency reset plan.
• Bell your cat(5). Get notified when it hits the fan: Tripwire
• Keep my number handy. Rogues are know for their bug and wiretap tricks, too.
A disgruntled city computer engineer has virtually commandeered San Francisco's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.
Terry Childs, a 43-year-old computer network administrator who lives in Pittsburg, has been charged with four counts of computer tampering and is scheduled to be arraigned today.Prosecutors say Childs, who works in the Department of Technology at a base salary of just over $126,000, tampered with the city's new FiberWAN (Wide Area Network), where records such as officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings are stored.
Childs created a password that granted him exclusive access to the system, authorities said. He initially gave pass codes to police, but they didn't work. When pressed, Childs refused to divulge the real code even when threatened with arrest, they said. He was taken into custody Sunday. (more)
So, how do you protect yourself against insider hijacking?
One way to start...
• Don't give the keys to the kingdom to only one person.
• "Checks and Balance" "Checks and Balance" "Checks..."
• Establish an admin / root password emergency reset plan.
• Bell your cat(5). Get notified when it hits the fan: Tripwire
• Keep my number handy. Rogues are know for their bug and wiretap tricks, too.
Wednesday, July 23, 2008
We think the Hamburglar is behind this one...
For the three weeks between July 25 and Aug. 14, 2008, kids can collect official Spy Gear gadgets with the purchase of a Happy Meal or Mighty Kids Meal at participating McDonald's restaurants.Kids can embark on imaginative spy missions using six new Spy Gear toys offered exclusively at McDonald's: Secret Wrist Beam, Spy Guard Motion Alarm, Spy Disc Defender, Invisible Message Pen, Rear View Spy Scope and Mobile Message Bot.
The Spy Gear Happy Meal is timed with Wild Planet's 10th anniversary of making spy toys, and precedes the release of the company's first Spy Gear board games, Spy Trackdown and Spy Wire. (more)
"In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood are unwittingly being cultivated." (more)
Whatta fun couple! "It's party time!" (fabadabaZap)
Lisa Cohen, 28, garnered media attention when she released tapes in March of her former fiance, Lee County Sheriff's Cpl. Michael DeTar, using a Taser on party guests.
Cohen pleaded guilty to three misdemeanor charges lessened from two felony charges against DeTar — eavesdropping and disrupting computer services for an authorized user. She pleaded guilty to stalking, making a false report and criminal mischief above $200.
Today...
...the Cape Coral woman who allegedly brought a gun into the Lee County Justice Center in March, pleaded no contest today to a misdemeanor charge of possession of a firearm in a restricted area. (more)
Extra Credit...
Tired of Tupperware?
Taser Parties - A Shocking Success (more)
Cohen pleaded guilty to three misdemeanor charges lessened from two felony charges against DeTar — eavesdropping and disrupting computer services for an authorized user. She pleaded guilty to stalking, making a false report and criminal mischief above $200.
Today...
...the Cape Coral woman who allegedly brought a gun into the Lee County Justice Center in March, pleaded no contest today to a misdemeanor charge of possession of a firearm in a restricted area. (more)
Extra Credit...Tired of Tupperware?
Taser Parties - A Shocking Success (more)
SpyCam Story #452 - "What goes around...eh, Rod"
Alex Rodriguez's wife wants to know if he hired private detectives or had wiretaps installed to spy on her. Cynthia Rodriguez's lawyers demanded any surveillance information as part of a records request in the Miami divorce case.
The document asks for any tape recordings, photographs, reports from investigators or results from possible wiretaps. (more)
According to British tabloid The Daily Star, an unidentified man has come forward claiming that he secretly filmed Yankee star Alex Rodriguez and Madonna having sex, by use of a hidden camera installed in one of Madonna’s Kabbalah practicing friends’ home, who is also friends with him. (more)
The document asks for any tape recordings, photographs, reports from investigators or results from possible wiretaps. (more)
According to British tabloid The Daily Star, an unidentified man has come forward claiming that he secretly filmed Yankee star Alex Rodriguez and Madonna having sex, by use of a hidden camera installed in one of Madonna’s Kabbalah practicing friends’ home, who is also friends with him. (more)
Tuesday, July 22, 2008
Wikileaks Strikes - Canadian Wiretapping
from Wikileaks...
"In a dramatic turn of events, it has been revealed that a wiretap was issued on several protesters of the Mohawk tribe in Canada who were protesting poverty. The news story was leaked yesterday on Wikileaks in part because of a media ban on the subject.
According to the discussion page prosecutors were trying to ban the entire story from the media, but ultimately failed to do so...
In short, the law enforcement in charge of keeping the situation calm ordered a wiretap on the protesters without a court order. It's unlikely that the public will treat this aspect lightly because it puts into serious question just how far law enforcement is willing to go. In a country where privacy is of greater concern then in other countries, one might expect some form of outrage at some point in the near future." (more)
Wikileaks.org and "malignant activism" (Security Scrapbook, 2/17/03) are old alert topics for my security director clients. Today's leak is a good example of these warnings. Organizational attacks like these can be mitigated if an information security program - which includes counterespionage elements - is in place. ~ Kevin
"In a dramatic turn of events, it has been revealed that a wiretap was issued on several protesters of the Mohawk tribe in Canada who were protesting poverty. The news story was leaked yesterday on Wikileaks in part because of a media ban on the subject.
According to the discussion page prosecutors were trying to ban the entire story from the media, but ultimately failed to do so...
In short, the law enforcement in charge of keeping the situation calm ordered a wiretap on the protesters without a court order. It's unlikely that the public will treat this aspect lightly because it puts into serious question just how far law enforcement is willing to go. In a country where privacy is of greater concern then in other countries, one might expect some form of outrage at some point in the near future." (more)
Wikileaks.org and "malignant activism" (Security Scrapbook, 2/17/03) are old alert topics for my security director clients. Today's leak is a good example of these warnings. Organizational attacks like these can be mitigated if an information security program - which includes counterespionage elements - is in place. ~ Kevin
Dark Knight Wiretapping Thoughts from The Web
"Did anybody else notice the strong anti-wiretapping note that Morgan Freeman’s character hits in Dark Knight?" (more)"Normally, I’m not prone to political analysis of blockbuster movies, but “The Dark Knight” seems to beg for it with its consistent references to current events, most spectacularly in the wiretapping sequence." (more)
"Like Bush, Batman has his own warantless wiretapping program, but Nolan is kind enough to assure us that, once his goal is accomplished, the superhero will blow it up. Is he suggesting that we can count on the Dark President to do the same?" (more)
"Batman is truly trying to do the right thing for the citizens of Gotham even if he steps into gray (or black) areas. Did the wiretapping save dozens of lives? Yes. Did he use it for any other purpose? No. Was it destroyed after it was used to capture the most dangerous criminal in Gotham? Yes." (more)
...and from The New York Times...
Lucius Fox — Batman’s aide de camp and weapon-supplier — makes a brief civil liberties speech, and says he will only go along with the spying project once. ... Societies get the heroes they deserve. Seven years after Sept. 11, the United States is caught up in a misbegotten war in Iraq, is granting immunity to telecommunications companies that helped the Bush administration illegally spy on the public, and is unwilling to unequivocally renounce torture as a tactic. (more)
"Keep your berries in your pants 'ol chap."
UK - Concerns have been raised about the security of British secrets after a top political aide lost his BlackBerry device to a suspected Chinese spy, sources say.
The Sunday Times newspaper says one of Prime Minister Gordon Brown's most senior aides was the victim of a "honeytrap" scheme in which the man was lured to a hotel room by a woman he met in a disco in Shanghai, China, only to find the next morning that his BlackBerry device had been stolen. (more)
The Sunday Times newspaper says one of Prime Minister Gordon Brown's most senior aides was the victim of a "honeytrap" scheme in which the man was lured to a hotel room by a woman he met in a disco in Shanghai, China, only to find the next morning that his BlackBerry device had been stolen. (more)
7 Mediterranean Islands of Carefree Wiretapping
Malta - Although the new telephone and Internet eavesdropping system commissioned by the Malta Communications Authority on behalf of the Malta Security Service began operating in October 2006, it has been up and running in the absence of a set of technical obligations that undertakings related to the system need to adhere to. The lack of technical obligations, a situation that had persisted for at least close to a year and a half, leaves a concerning void in the regulation and operation of the State’s practice of tapping the Maltese public’s phone calls and monitoring their Internet communications. (more)
Money Card Bugs
A UK crime survey shows credit and debit card fraud has reached a record high of £535 million...new trend was the use of bugging devices which are fitted near shop tills to record the information stored on the magnetic microchip. (more)
Kids Science Camp - Learning to Become a Detective
WA - A group of 75-kids, from kindergarten to fifth grade...learned how to become a detective. They built a spy kit, including a homemade listening device.
"It was pretty fun. We made spy ears, pens. We made everything a detective has and stuff," said Brian McMurray, camper. (more)
Note to Washington State University - Tri-Cities teachers... (oopsie)
It is illegal for private detectives, teachers and students to possess electronic eavesdropping devices. Besides, this is not what most detectives do, and parentsmay should object on moral grounds. The rest of the curriculum looks very worthwhile, however. No wonder all the classes are sold out!
"It was pretty fun. We made spy ears, pens. We made everything a detective has and stuff," said Brian McMurray, camper. (more)
Note to Washington State University - Tri-Cities teachers... (oopsie)
It is illegal for private detectives, teachers and students to possess electronic eavesdropping devices. Besides, this is not what most detectives do, and parents
Sunday, July 20, 2008
"Bad artists copy. Good artists steal." ~ P.P.
Brazil - Police have arrested a suspect in the heist of two Pablo Picasso prints from a museum in Sao Paulo and recovered one of the works, police and a museum official said Saturday.Inspector Cesar Carlos Dias said information obtained through wiretaps of gang members involved in unrelated robberies led police to Ueslei Barros, the suspect in the July robbery. (more)
Want your own Picasso?
Make it yourself.
Click here.
"How Can I Stop My Ex From Bugging My Phone & PC?"
My ex is a Private Investigator, and I believe he is bugging my phone–and possibly my PC. What can I do to stop this and/or prosecute? I have Vonage and my phone goes through a cable connection, as does my pc.
Thank you,
Patricia
(answers)
Thank you,
Patricia
(answers)
Subscribe to:
Posts (Atom)