CONTEST: The Tunny Machine Missing Diagrams Question

(WE HAVE A WINNER. DF from Canada.)

UK - The National Museum of Computing has finished restoring a Tunny machine - a key part of Allied code-cracking during World War II.

Tunny machines helped to unscramble Allied interceptions of the encrypted orders Hitler sent to his generals.

The rebuild was completed even though almost no circuit diagrams or parts of the original machines survived...

The first Tunny machine was built in 1942 by mathematician Bill Tutte. He drew up plans for it after analysing intercepted encrypted radio signals Hitler was sending to the Nazi high command. (more)

CONTEST: What happened to the original circuit diagrams?

PRIZE: First correct answer wins an autographed copy of "Is My Cell Phone Bugged? Everything you need to know to keep your mobile communications private."

CONTEST Alert

Another Security Scrapbook Contest is coming. 
(Hey, it has been a while.)

Here, Tuesday, May 31 at 12:01 PM, New York City time.

The first correct answer wins.

(This pre-contest announcement is made to give everyone who is interested 24-hours notice to get to the starting line at the same time.)

Hold on to Your Wallet - Here Comes Google

"Your phone will be your wallet." That's what Google's promising with Google Wallet and Google Offers, which'll combine payments and deals in one neat package. And it's a pretty compelling little vision of the future of paying for stuff. (What could possibly go wrong?)

Google Wallet isn't really one thing, so much as a bundle things tied together in one package. It's an Android app. It's a way for you to pay for things with your credit or debit cards, using your phone. It's a coupon collector and loyalty card system. It's another way for merchants to let you pay and offer up deals. It hooks into other Google services, like Shopper (which shows you nearby deals) and Google Offers. And Google is planning for it to eventually store everything you'd keep in a wallet.

The core payment technology uses wireless NFC and more specifically, MasterCard's PayPass system, so you'll be able to use it anywhere that's hooked up with PayPass, which is at a lot of retailers already. (more)

FutureWatch: Your phone becomes your electronic ID and Passport. 

Hey, why are we still calling this do-it-all device a phone, anyway? 


Probably the same reason we still say "dialing the phone" when the dial is long gone, and "the phone is ringing" when a Lady Gaga singtone is belting out the request to connect.

On the plus side, "Hello, Central!" finally exited the lexicon, and "It's your nickle" rates made a come back.

Man Hacks 100+ Webcams and Makes Blackmail Videos

Many computers sold these days come with web cameras built right in. You may never use it, but hackers can spy on you and record things going on inside your home and even use it to blackmail you.

Watch Brian Mylar's Report 

The FBI recently arrested Luis Mijangos for hacking into more than 100 homes by turning on the webcams in their home computers. "In some cases, he was able to turn on the web cameras that were on people's computers and, just by dumb luck, happen to catch them walking naked across the room," said an unidentified spokesman for the FBI.

 

Then, in a "sextortion" plot, Mijangos emailed those people and threatened to release the video unless they made more sexual videos. He also posed as the victims' boyfriend, asking women to send sexually explicit photos and videos and he told the FBI he's part of a big hacking group. (more)

Tip: Cover the camera when not in use.

And on his farm he had a cow, E-I-E-I-O With a "moo-moo" here and a... You're under arrest!

Iowa is on the verge of becoming the first state to criminalize recording sights and sounds at farms without permission from owners.

The hot-button issue surfaced in the waning days of the legislative session and pits environment and animal rights groups against farmers and agribusiness.

On one side are activists who surreptitiously record how animals are raised or slaughtered. On the other, owners who don't want what they see as interference.

The activists maintain their actions are protected under the First Amendment. Farmers counter the acts represent an invasion of privacy intentionally designed to damage their industry. (more)

Yipes Skypes! VoIP Phone Encryption - Busted.

A team of researchers and linguists have found a fatal flaw in supposedly encrypted internet phone calls that allow them to eavesdrop on conversations.

University of North Carolina scientists took a novel approach to 'listening in' on voice-over-internet-protocol (VoIP) conversations by analysing the 'encrypted' data packets used to transmit people's conversations.

VOIP services such as Skype transmit speech over the internet by encoding and the encrypting the conversation into individual data packets.

According to The New Scientist, Linguists noticed the size of each packet mirrored the composition of the original speech itself - allowing them to reconstruct words and phrases from the original voice.

By splitting the packet sequences into phonemes - the smallest sounds that make up a language - linguists were able to reconstruct the data into discernible words. (more)

Just for fun... The world's best web store display!

I love great promotion. A Dutch department store has the most clever home page I have ever seen. If you don't laugh, I'll return double the money you spent for your Security Scrapbook subscription.

What does this have to do with spying?

Tip: Humor is a great diversion and ice breaker. In this case, your resistance to buying products is eroded and your loyalty to a particular store is being reinforced. Spies use the same techniques when social engineering their marks. Be sensitive to this red flag. ~Kevin

Turkey Acknowledges Eavesdropping Concerns... and evidence.

Turkey - There are dead-serious problems concerning the “privacy of personal life and communication” in Ankara at the moment. Video tapes are pouring in as records of private phone conversations, obtained through wiretapping, are making the rounds. Cyber attacks targeting politicians are continuing incessantly. There are as many records that have been obtained illegally as there are records that have been obtained legally and leaked.

Video or audio tapes have both become evidence in court cases and have been used for blackmail. Some of the Nationalist Movement Party, or MHP, candidates have had to resign or withdraw due to sex tapes featuring them.

Since these are cyber attacks, everyone is trying to gain protection either through personal or corporate measures. While jammer-like equipment to stop the transfer of phone and video conversations are being used by political parties, parliamentary deputies are choosing similar equipment sold on the market.

There are concerns about being bugged even in top offices in the capital. (more)

Memorial Day Weekend in the USA

Monday is Memorial Day here in the USA. 

"Memorial Day is a United States federal holiday observed on the last Monday of May (May 30 in 2011). Formerly known as Decoration Day, it commemorates men and women who died while in military service to the United States (including its spies). First enacted to honor Union and Confederate soldiers following the American Civil War, it was extended after World War I to honor Americans who have died in all wars." (Wikipedia)

Many countries have national holidays like Memorial Day, and each takes theirs very seriously and solemnly. It is one holiday we wish we didn't have to have. 

Confucius never said this, but we all know it is true... "War does not determine who is right; it determines who is left." Maybe this is why it is also a three-day weekend of not just sad reflection and appreciation (in fact, there is never enough of this), but also a time of gathering and camaraderie. ~Kevin
 

Hedge Fund Head Sends Spy into Employees' Personal Life

In late November 2008, Tobin Gover, a top financial mathematician known to his friends as Sam, got a call through to his desk at work in Limassol, Cyprus.

The woman on the line – a new neighbour ... purporting to be Laura Maria van Egmond, scion of Dutch nobility convalescing in Cyprus following a motoring accident – was in fact, Mr Gover claims in a UK court case, “a security consultant involved in covert close protection and undercover investigations ... trained in Israel” and “trained in unarmed combat”...

Ms Van Egmond – who within months went from being a regular yoga-buddy of his wife to a close family friend who spent Christmas with them and would be left alone to look after their infant son – was, in fact, Laura Merts, a Dutch spy, hired by Elena Ambrosiadou, head of Ikos and one of the world’s wealthiest women.

The UK High Court has given judgment in Mr Gover’s favour.

Ms Ambrosiadou filed no defence and has agreed to pay damages.

The accusations levelled against her are now set to reverberate around the hedge fund world. (more)

ElcomSoft Breaks iPhone Encryption, Offers Forensic Access to File System Dumps

via ElcomSoft...

"Let’s make it very clear: no privacy purist should ever use an iPhone (or any other smartphone, probably). iPhone devices store or cache humungous amounts of information about how, when, and where the device has been used. 

The amount of sensitive information collected and stored in Apple smartphones is beyond what had previously been imaginable. Pictures, emails and text messages included deleted ones, calls placed and received are just a few things to mention. 

A comprehensive history of user’s locations complete with geographic coordinates and timestamps. Google maps and routes ever accessed. 

Web browsing history and browser cache, screen shots of applications being used, usernames, Web site passwords and the password to iPhone backups made with iTunes software, and just about everything typed on the iPhone is being cached by the device." (more)

The Most Secure Mobile Phone OS's - Ranked from Best to Worst

By Drew Turney, ZDNet.com.au

Smartphone security is fraught with peril. So few casual users realise they're carrying a complete personal computer in their pocket — one that's designed to connect to networks and transfer more data than their PC ever does.

Some commentators say that mobile vendors themselves aren't taking security seriously. Electronic Frontier Foundation technology director Chris Palmer, who was also a former Android security framework engineer, said in a January 2011 blog post that mobile systems "lag far behind the established industry standard" for security.

But some might lag farther behind than others. Today, five mobile operating systems dominate the market. We've done the heavy lifting for you by looking at the advantages and disadvantages of each OS, and then ranking the systems from best to worst. (more)

http://tinyurl.com/The-Best-iOS

World's Smallest GSM Cell Phone Eavesdropping Bug

from, Is My Cell Phone Bugged?

A cousin to the ZombiePhone is the GSM micro-bug. These are miniaturized cell phones made specifically for covert eavesdropping! Like ZombiePhone bugs but without normal cell phone features, these are tiny, creepy, robotic, cell phone bugs often hidden in such everyday objects as power strips and lighting fixtures.
 

Their tiny size is possible because they do not have keypads, ringers, displays, or smart-phone features. When called from any other phone, they become eavesdropping bugs automatically.
 

Shown with wall charger and USB cable.

Groupe Spécial Mobile (GSM) is the name of the world’s most popular cellular telephone standard. GSM micro-bugs work on this standard, which means they can work in almost anywhere on Earth where there is cellular telephone service. Like normal cell phones whose features are set to Auto-Answer and No Ring, GSM bugs are equally hard to detect because they sleep most of the time. The thing that awakens them is the call from the eavesdropper. 

Some models also awaken when they hear sound being made near them. Some awaken when they sense vibration or light. Should you awaken one, it will silently call the eavesdropper.

If you feel you are being eavesdropped on and you are sure your cell phone is free of spyware, a GSM bug may be the culprit.
 

Bug microphones are much more sensitive than most people realize. The microphones in GSM micro-bugs are very sensitive and can capture sound from large areas like bedrooms, offices, and vehicles. Ideally, bugs are placed as close to the sound source as possible, but the rule of thumb when searching is: If your ear can hear it, so can the bug.

Ever wonder where all these bugs come from? This link is the first step to solving the mystery.

"Is My Cell Phone Bugged?" interview on KZSB – AM 1290

If you are in the Santa Barbara, CA area Tuesday, tune in to  KZSB – AM 1290. You will hear Mike Williams interview me about eavesdropping spyware on smartphones and other mobile communications privacy issues. This new book, Is My Cell Phone Bugged? Everything you need to know to keep your mobile communications private is the topic of the interview.

The program starts at 10:00 AM (PST) and will be rebroadcast Tuesday evening at 9:00 PM and again on Saturday at 1:00 PM. The feed is also available at newspress.com. Once the show has been recorded I will post the link. ~Kevin

Extortionography - Turkish Tacky Video Changes the Course of a Nation

Turkey - Just weeks before general elections in Turkey, six leading members of an opposition party were forced to resign from Parliament on Saturday after sexually explicit videos of one of them were posted on the Internet.

The Web site that posted the videos had threatened to release others that it said showed the five other members who resigned.

The resignations could severely weaken the Nationalist Movement Party, the second largest opposition group in Parliament, which is struggling to win the minimum of 10 percent of the vote required to be seated in Parliament.

Four members of Parliament from the same party resigned earlier this month after similar videos were posted on the same Web site.

The Web site, farkliulkuculer.com, has cast itself as part of a breakaway ultranationalist group aiming to cleanse and reform the nationalist movement in Turkey. The site’s administrators are anonymous. (more)