Monday, June 29, 2009

Security Director Alert - Fake Tweets

Twitter users have caused an uproar by impersonating celebrities on the popular micro-blogging service. Businesses, too, are targets of fake Twitter profiles -- sometimes from competitors.

Exxon Mobil Corp. has found at least two unauthorized Twitter accounts under variations of its name. Twitter -- a networking service where users create profiles and send out short messages, or "tweets" to their followers -- terminated one of the profiles last summer. An Exxon spokesman says the oil company is considering what to do about the second profile, which it discovered several weeks ago.

In a defensive move, AMR Corp.'s American Airlines in April "registered every possible Twitter name that could be associated with us," a spokesman says. The move came after airline employees last summer found a rogue profile in the name AmericanAir, which was shut down four weeks later.

At Elevation Burger, a seven-outlet chain owned by Elevation Franchise Ventures LLC, a vendor in March found an unauthorized Twitter profile with tweets promoting rival Z Burger. Hans Hess, Elevation's founder and chief executive, complained to Z Burger and Twitter, which later suspended the profile after a letter from Mr. Hess's lawyer.

Amusement-park operator Cedar Fair LP, of Sandusky, Ohio, received an email from a marketing consultant who had created a Twitter profile in the name of its Cedar Point amusement park. The consultant, David Goebel, president of Goebel Group Inc., offered to relinquish control of the account in exchange for season passes to the Cedar Fair park and suggested that the company hire his firm to oversee its Twitter account. (more)

Recommendation: Get to know Twitter. Monitor it for malicious content about your company, the same way you monitor the Web and chat groups.

You do monitor, don't you?


Ok, I'll give you this tip for free...
Plug yourself into Addictomatic.com. It's free too.

Bugs found in Georgian Opposition Party's office

In the office of Georgian opposition party “Way of Georgia” eavesdropping bugs were discovered to have been installed in the office’s electrical sockets.

The leader of the party, ex-minister of foreign affairs Salome Zurabishvili, said that the devices were found where meetings take place among leaders of the party, which is demanding the resignation of current Georgian President Mikhail Saakashvili.

“They were found by employees of the party in the electrical sockets of the room,” said Zurabishvili, who showed the devices to journalists. (more)

SpyCam Story #539 - The Watchful Neighbor

CA- Police in Newbury Park say they've found evidence that a man arrested for allegedly spying on his female neighbors with a hidden camera may have taped other people as well.

Police say Michael Farge, 38, recorded the daily activities of his neighbors, including them changing, for more than two years.

Residents of the community of condos near Wheelwright Lane told KTLA that Farge was good friends with the women he is accused of watching, a woman and her 19-year-old daughter.


They said Farge had a key to the victims' house and watched their house and pets when they were out of town. (more) (video)

Technical director of new product development... charged with 5 counts of spying

A federal grand jury indicted former Arlington Heights resident David Yen Lee on charges he stole trade secrets to divulge to a competitor.

The indictment, which U.S. attorney Patrick Fitzgerald announced Friday, charges Lee with five counts of economic espionage.

According to the indictment, the 52-year-old Lee worked as technical director of new product development for the Wheeling branch of Valspar Corp., a Minneapolis-based paint company, from 2006 to March 2009.

According to the indictment, Lee downloaded documents and data from Valspar and its China subsidiary, Huarun Ltd., to an external thumb drive... (more)

Building Spy Bats

Researchers are studying creatures that fly through the night in hopes of making tiny flying spies.

(right) AeroVironment's DARPA-funded prototype drone made a successful test flight, lifting itself and its energy source.

The most popular of these drones are called Ravens, built by the Monrovia, Calif., company AeroVironment. They are about 4.5 feet across, weigh six pounds and can stay aloft for about an hour and a half. (More, with two cool clips of a bat flying in slow motion.)

Friday, June 26, 2009

FutureWatch - Amazing MagLev

Is this cool, or what?!?!
Enjoy your weekend.
See you Monday.

Japan discovers 1970's 'Broken Window Theory'

A Tokyo district plagued with burglaries has turned to planting flowers to beautify its streets and help stamp out crime.

"'Operation Flower' began about three years ago. By planting flowers facing the street, more people will be keeping an eye out while taking care of the flowers or watering them," said Kiyotaka Ohyagi, a Suginami City official...

Suginami, with a population of 528,800, saw a record 1,710 break-ins in 2002... Suginami says its efforts have paid off, with the number of burglaries falling to 390 in 2008, down almost 80 percent from 2002.

Oh, by the way...
The flowers are part of a wider crime prevention campaign. The district also has 9,600 volunteer patrollers and 200 security cameras set up in areas where there are frequent break-ins. It also emails crime information daily to residents. (more)

Broken Window Theory... (via The Atlantic - March 1982)
...at the community level, disorder and crime are usually inextricably linked, in a kind of developmental sequence. Social psychologists and police officers tend to agree that if a window in a building is broken and is left unrepaired, all the rest of the windows will soon be broken. This is as true in nice neighborhoods as in rundown ones. Window-breaking does not necessarily occur on a large scale because some areas are inhabited by determined window-breakers whereas others are populated by window-lovers; rather, one unrepaired broken window is a signal that no one cares, and so breaking more windows costs nothing. (It has always been fun.)

Philip Zimbardo, a Stanford psychologist, reported in 1969 on some experiments testing the broken-window theory. He arranged to have an automobile without license plates parked with its hood up on a street in the Bronx and a comparable automobile on a street in Palo Alto, California. The car in the Bronx was attacked by "vandals" within ten minutes of its "abandonment." The first to arrive were a family—father, mother, and young son—who removed the radiator and battery. Within twenty-four hours, virtually everything of value had been removed. Then random destruction began—windows were smashed, parts torn off, upholstery ripped. Children began to use the car as a playground. Most of the adult "vandals" were well-dressed, apparently clean-cut whites. The car in Palo Alto sat untouched for more than a week. Then Zimbardo smashed part of it with a sledgehammer. Soon, passersby were joining in. Within a few hours, the car had been turned upside down and utterly destroyed. Again, the "vandals" appeared to be primarily respectable whites. (more)

"How does this apply to information security?"
If management doesn't care, employees won't care. When employees don't care, your company is easy pickings for info-vultures. Patch all the holes. ~Kevin

FutureWatch - Your Own Private Internet

For those struggling with privacy on the Web, security researchers at Hewlett-Packard might have found the light at the end of tunnel.

A duo from HP's Web security group, Billy Hoffman and Matt Wood, are scheduled to present an idea at the BlackHat security conference in July that could shed new light on an old idea about how to communicate privately over the Internet.

The researchers, who previewed their concept to Forbes, say
their model works like a private Internet on top of the existing public one: People can share information like files and messages via the Internet medium, but without the kind of public-facing personally identifiable information that Internet protocol addresses provide...

The darknet concept as we know it today has been around for a while, and current implementations usually rely on some sort of third-party technology to make it work. The model Hoffman and Wood are previewing is notable in that it uses the latest in rich Internet technologies to make using a darknet as simple as browsing a Web site. That innovation should drastically reduce the barrier to sharing secure information over darknets. (
more)

Thursday, June 25, 2009

The Apple Lesson

"You can only give them as much security as they will take," the old saying goes.

Most organizations don't take much.
"Not our corporate culture."
"People would quit."
"How do you enforce that!"
These excuses are lame.
Worse, they are profit suckers.

Considering information is the genesis of profits, it is hard to fathom laissez faire attitudes. Employees want to be part of a successful, cool, winning organization. They want their company to be profitable. To them it means job security, better salaries and prestige.

All they need is leadership.


"Prove it," I hear you say.

via The New York Times...
Apple is one of the world’s coolest companies. But there is one cool-company trend it has rejected: chatting with the world through blogs and dropping tidbits of information about its inner workings.

Few companies, indeed, are more secretive than Apple, or as punitive to those who dare violate the company’s rules on keeping tight control over information. Employees have been fired for leaking news tidbits to outsiders, and the company has been known to spread disinformation about product plans to its own workers.

“They make everyone super, super paranoid about security,” said Mark Hamblin, who worked on the touch-screen technology for the iPhone and left Apple last year. “I have never seen anything else like it at another company.”...

Secrecy at Apple is not just the prevailing communications strategy; it is baked into the corporate culture. Employees working on top-secret projects must pass through a maze of security doors, swiping their badges again and again and finally entering a numeric code to reach their offices, according to one former employee who worked in such areas...

...the culture of secrecy had its origin in the release of the first Macintosh, which competitors like Microsoft and Sony knew about before it was unveiled. (more)

There is a lesson here.
On September 25, 1981 Apple stock traded at $1.78; today, $139.86.

This doesn't happen by letting someone pick your intellectual pockets.
Be proactive. Create a strong information secuity program.
Your employees will love it, and respect you for it.

Wednesday, June 24, 2009

Paris Hilton bugged by hotel-room bugging

For once, it seems that someone is actually interested in what Paris Hilton has to say, as the heiress' bodyguards have reportedly found a secret recording device hidden in her hotel room in Dubai.

The U.K. Daily Express reports that Hilton, 28, was less than pleased after the bug was discovered, immediately ordering more security and demanding that hotel staff investigate where the device came from. The incident has not stalled production of the Dubai edition of Hilton's My New BFF reality show.


"
We're not sure what the device picked up or whom it was transmitting to. But it did leave Paris very jittery," a source working with Hilton told the Express. "Everyone she has come into contact with during her stay in Dubai has been fantastic and gracious. We've been told there are some quarters where there is anti-American feeling." (more)

While you may not be a Paris Hilton fan, give her credit. She hired competent security who knew how to find bugs. Should you need the same,
contact me. ~Kevin

Update...
Paris Hilton has played down media reports that her Dubai hotel room was bugged, saying stories in the British tabloids were "another lie created by the media"... None of Hilton's spokespeople were available to comment on Wednesday morning. (more)

We'll keep you posted.

Spies Under Every Watt?

The electric-utility industry is planning a pilot initiative to see whether Chinese spies have infiltrated computer networks running the power grid, according to people familiar with the effort.

Officials of the North American Electric Reliability Corp., an industry regulatory group, are negotiating with a defense contractor for the job of searching for breaches by cyberspies, according to people familiar with the plans...


The Wall Street Journal reported in April that Russian and Chinese spies had penetrated the U.S. electric grid. (more)

China dominates NSA-backed coding contest

About 4,200 people participated in the U.S. National Security Agency-supported challenge... Programmers from China and Russia have dominated an international competition on everything from writing algorithms to designing components... Of 70 finalists, 20 were from China, 10 from Russia and two from the U.S.... Of the total number of contestants, 93% were male, and 84% were aged between 18 and 24. (more)

"You too may be a big hero,
Once you've learned to count backwards to zero.
'In German oder English I know how to count down,
Und I'm learning Chinese,' says Wernher von Braun."
Tom Lehrer1965

From our 'What in this World Could Possibly Go Wrong' files

North Korean leader Kim Jong Il has put his youngest son in charge of the country's spy agency in a move aimed at handing the communist regime over to him, a news report said Wednesday. (more)

The Obama administration is planning to eliminate a spy satellite program at the Department of Homeland Security that had produced concerns about domestic spying, officials said. The program would have given state and local law enforcement officials access to high-resolution imagery from spy satellites to aid them in disaster relief efforts, bolster border security and help secure major events like the Super Bowl. (more)

The Iranian regime has developed, with the assistance of European telecommunications companies, one of the world's most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale. (more)

Kuwait's parliament will hold a vote of no-confidence on the interior minister next week after he was quizzed on Tuesday over accusations that include spying on MPs and squandering public funds. (more)

Colombia's Prosecutor General's office called Noguera and three other former DAS directors for questioning about their alleged involvement in the wiretapping scandal of the intelligence agency. (more)

Canadian police will be given new powers to eavesdrop on Internet-based communications... (more)

FutureWatch - Social Networking Strangulation

If you're planning to apply for a job with the city of Bozeman, Montana, be prepared to hand over much more than your references and résumé. The Rocky Mountain city instructs all job applicants to divulge their usernames and passwords for "any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc."

"Before we offer people employment in a public trust position we have a responsibility to do a thorough background check," Chuck Winn, Bozeman's assistant city manager, told CBSNews.com in an interview on Thursday. "This is just a component of a thorough background check." (more)

FutureWatch...
Yin: Expect this trend to continue and expand.
Yang:
Expect to see dual social networking - one for due diligence consumption, and a sub-rosa one, for real.

Monday, June 22, 2009

Wiretap Using an Erricson Cell Phone

...unconfirmed, but interesting...
"Erricson's WAP, Wireless Application Protocol, suffers from a security flaw that allows attackers to listen into other WAP sessions traveling on the cellular carrier wave... This attack is limited, since you cannot choose which number to wiretap on, and you cannot talk at the same time that you are wiretapping a line. This vulnerability shows the lack of security of WAP as it is offered in today's cellular networks. (more)
Blue Blaze Irregulars, check and advise!
How to wiretap from an Erricson Cell Phone:
1) Type 904059
2) Menu
3) Yes
4) 1
5) RCL
6) Yes
7) 8300**
8) Yes
9) 86
(Instead of the ** you can write any number you wish, except for the number 00)
To stop the wiretapping:
1) Type RCL
2) 3
3) Yes