Security Alert: Time to Update Your HP Printers' Firmware

Not a real HP fire. Just shown to get your attention.

HP announced that the potential existed for a certain type of unauthorized access (info-theft, fiery sabotage, etc.) (more) to some HP LaserJet printers and confirmed it has received no customer reports of unauthorized access. HP has issued the following statement:

HP has built a firmware update to mitigate this issue and is communicating this proactively to customers and partners. No customer has reported unauthorized access to HP. HP reiterates its recommendation to follow best practices for securing devices by placing printers behind a firewall and, where possible, disabling remote firmware upload on exposed printers.

The firmware update can be found at www.hp.com/support and selecting Drivers.

Additional printer security information is available at www.hp.com/go/secureprinting.

FREE - Mobile Security V6.0 - Android Security Software

Now available as a free download, Mobile Security V6.0 offers Android users several new features to protect their privacy and financial information, as well as significant improvements to the user interface.

Mobile Security 6.0 detects and deletes viruses, malicious URLs, and other threats before you even know they exist. With newly enhanced features including GPS-based anti-loss/theft features, backup and restore tools for your contacts, complete privacy protection, traffic monitoring, and more...
 
Version 6.0 includes the following features that enhance the already extensive capabilities of 5.0:

Anti-eavesdropping protection: With anti-eavesdropping, users can be sure their calls are not being recorded by third party apps or viruses.

Financial security protection: When users access financial websites via their system browser or start e-bank/securities apps, NQ Mobile Security V6.0 automatically scans all running apps to determine if any active apps pose a security risk.

Mobile Security: Fights malware, spyware, phishing, viruses, hacking, and more.

Privacy Protection: Protects the data stored on your phone, ensuring that your social networking, email, and financial accounts can't be hacked and your personal calls can't be recorded.

Anti-Theft/Anti-Loss: Remotely locates, locks, or deletes information from a lost or stolen mobile device, and sounds an alarm to help you find it.

Backup and Restore: Safely and seamlessly stores your contacts so you can easily access them from any Web browser.

System Optimization: Provides control over running apps and power consumption.

Traffic Monitoring: Provides real-time updates on data usage and caps on maximum data usage.

NQ Mobile Security V6.0 for Android can be downloaded for FREE at: http://www.nq.com/mobilesecurity or from the Android Market. (more)

SpyCam Story #635 - Stock(boy) Photography

IL - Madison County prosecutors have charged a Troy man with spying on a woman in a restroom in a store in Troy on July 16.

Police Sgt. James Newcombe said police believe 21-year-old Jonathan D. Spotanski used a mobile phone to make a video recording in a public restroom at the Schuette SuperValu market, 523 Troy Road. Newcombe said Spotanski resigned shortly after he was spotted trying to retrieve the phone from a dropped ceiling. (more)

Mandela Spy Camera Probe Continues

South Africa - A probe was still under way into the spying on former South African President Nelson Mandela by two Western news agencies, authorities said on Friday.

A completed docket against British news agency Reuters and US Associated Press (AP) have been handed over to prosecutors, Eastern Cape police said. Meanwhile, national police confirmed that the probe was still under way.

Reuters and AP reportedly had installed at least three closed circuit television (CCTV) cameras spying on Mandela's house in Qunu in the Eastern Cape. (more)

Business Espionage: Arrest for Unsportsmanlike Conduct

UK - A third person has been arrested by police investigating allegations that people acting for Premier League soccer club Tottenham spied on officials during the club's failed bid to take over London's Olympic Stadium after the Games.

Tottenham has been accused of ordering surveillance on the London Olympic executives who eventually chose the bid of rival London club West Ham to take over the stadium.

Since August, London police have been investigating allegations of wrongdoing in the bidding process that were made by West Ham and the Olympic Park Legacy Company, whose board members decide the future of venues on the site of the Games. (more)

SpyCam Story #634 - The Busted Busman

NH - The former Provider bus driver charged with sexually assaulting two boys riding his school bus allegedly filmed those assaults with hidden cameras, according to recently unsealed court documents.

The documents, an affidavit and inventory regarding a Sept. 28 search at the home of John Allen Wright, 45, of Milton, allege Wright used a number of cameras hidden in pens and a pair of sunglasses to film encounters, both sexual and not, on his bus... a pair of spy-camera sunglasses and directions on how to use them were found in Wright's living room, along with a number of pens containing hidden cameras. (more)

SpyCam Story #633 - "A big troop cheer for the FBI!"

MI - Scott Allan Herrick, 40, of Twin Lakes, Michigan, was sentenced to serve 95 years in prison, U.S. Attorney Donald A. Davis announced today. Herrick surreptitiously videotaped boys as they were dressing in the boys’ locker room in the YMCA in Muskegon and kept a massive collection of 100,000 images of child pornography with him at the Gerber Boy Scout Camp in Twin Lakes, Michigan. He was convicted at trial of three counts of attempting to produce child pornography. On the first day of trial, Herrick pleaded guilty to two counts of distributing child pornography and one count of possessing child pornography...

The Honorable Paul L. Maloney, Chief U.S. District Judge, presided over the trial and sentencing... sentencing Herrick to 1140 months (95 years) of incarceration...

Herrick was the camp director for Gerber Boy Scout Camp in Twin Lakes, Michigan. Herrick also worked as a pool safety instructor for third grade children at the YMCA in Muskegon, Michigan. Herrick was trading child pornography and was discovered during a series of undercover FBI operations. On July 1, 2010, FBI and Homeland Security Investigations-Immigration and Customs Enforcement (“HSI-ICE”) agents executed a search warrant on the Gerber Boy Scout Camp and discovered evidence of child pornography. Herrick was arrested on July 8, 2010, and has been held in custody since. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

Peter Shankman on Situational Awareness - A Cautionary Tale

How One Bit of Stupidity Could Have Brought Down a Multi-Million Dollar Media Company - An (abridged) true story, by Peter Shankman, who has a better grasp of business espionage than most executives.

Everyone is always concerned about digital espionage. “My account was hacked!” “I clicked on a bad link!” “Fifty million credit card numbers were stolen!” The fact is, however, that digital espionage is the least worrisome thing for the majority of companies. The chances of your company getting “hacked” and information being stolen is minimal, compared to getting in trouble due to the stupidity of your employees.

I was flying home this past weekend from Florida. I got into my seat and got settled. My seatmate sat down, an older gentleman in a suit and tie...

I happened to look over to my left, and this man was reading a huge binder. Had to be at least 100 pages, if not more. He was on the first few pages. I looked over, and in giant letters, it said “KEY INVESTMENT HIGHLIGHTS.” That caught my interest, as it would anyone. Within five words, I realized that he was reading an overview of a very large media company – In another thirty seconds, I’d put it together – This guy worked for a company that was hired to help this very large media company sell themselves. In other words, a company that produces both online and offline properties, that you probably read every week, was up for sale.

My seatmate couldn’t have been more clueless. He had his headphones on, enjoying his silence, while flipping pages in this binder, taking notes, not looking up, not aware of his surroundings in the slightest...

He spent an hour of the flight on several pages that were titled “Liabilities” – It was all proprietary information about problems the company was having, and how they planned to fix them. Unreal...

...the man sitting next to me was reading proprietary information, information that could be very, very damaging to this company if in the wrong hands, and he couldn’t have cared less about it. When I landed, I confirmed it. This was extremely private information.

I’ve often said that privacy doesn’t exist, that we all need to be smarter, that instead of working on new ways to gain more fans, perhaps we should take a day and work on situational awareness!

I decided to see how out of it he really was, and also prove a point. Check this out.


Heavily Redacted by Me

This is one of a handful of photos I took with both my iPad and my Droid. Just to see if I could, which obviously, I could.

The man next to me caught a break that day. I’m not a dick. I’m not going to name the company, nor the company he works for (which was on the bottom of every page of the report.) But I have a feeling I’m in the minority here.

Guys, we have to be smarter than this. We simply have to. We can’t afford not to. Here are four tips on how to be:

1) Assume you’re always being watched. Assume everything you do can be watched, and probably is. You have to assume this for everything, from your work life to your personal life. It means you’ll be seen doing anything stupid that could get you in trouble, from doing drugs with people you assume are friends, to meeting someone for insider information in a parking lot. It’s too easy to get caught nowadays.

2) Assume most people are much less nice than me. I knew immediately what I was looking at, and also that I’d never go public with the information... I’m not saying don’t be nice to people you meet – But don’t start sharing information with people until you truly trust them. In other words, enter every interaction with a healthy dose of cynicism. That’s not a bad thing. It’s a smart thing.

3) It’s always little things that will nail you. You have any idea how many times I’ve been in an airport or hotel lounge, when I’ve heard someone spouting off their credit card to the person they’re talking to? Or explaining, step by step, their entire itinerary, while their home address sits on their luggage?... We need to pull our heads out of our collective smart-phone asses and start realizing what the hell is going on around us!

4) As always, alcohol comes into play. Some of the most fun I’ve ever had in my life has come at events where I’ve stayed sober... I still say the best way to get drunk is with a trusted friend, in your own home. Anything else just asks for trouble.

I’d suggest that we make 2012 the year we become smarter – But I’ve been suggesting that for years. And it never seems to happen.

We need to be smarter. (unabridged version)

From our "You Can't Make This Stuff Up" files...

A Polish military prosecutor has shot himself in the head during a break in a press conference at which he was defending his office against allegations of illegal wiretapping. (more)

SpyCam Story #632 - Darwin Award to Video Voyeur

Australia - A man who secretly filmed his housemate showering is ashamed and embarrassed about what he did, a Northern Territory court has been told.

20 year old Jayden Trevitt, 20, cried in the Darwin Magistrates Court as he was given a two-month jail sentence, which was then suspended.

Trevitt had pleaded guilty to filming his housemate on his phone while she was showering. He secretly filmed her from outside a bathroom window on five separate occasions last year. (more)

SpyCam Story #630 - The Road to Woodinville

WA - The husband of a Juanita High School (girl's) volleyball coach has been charged with voyeurism in a case involving many of the coach's players.

Kirkland resident Steve C. Meeks, 23, is accused of videotaping five victims while in a restroom during a non-high school sanctioned team sleepover on Nov. 5, according to charging documents...

Meek's wife, who was a coach for the Juanita High School volleyball team and a former coach of the Kamiakin Junior High volleyball team, arranged for the Rebel volleyball players to have a sleepover at her father's Woodinville warehouse...

During the evening, a hidden video camera was spotted in the ceiling tile of the woman's bathroom by a 17-year-old high school student as she was using the toilet. (more)

Why mention these incidents?

To give show the depth of the problem. (Remember, these are only the failed attempts.)

To give you clues as to where people hide spycams, so you can protect your own privacy.

P.S. King County detectives later found there were actually more than one camera. "We found two hidden cameras – one hidden above the toilet and the other in the ceiling tiles," said Cindi West, a spokesperson for the King County Sheriff's Office, noting the cameras were not wireless and were part of a retail home security system. "There were wires running through the ceiling and it was connected to a DVR (digital video recorder) in another room … There is quite a bit of investigation involved with this case."

P.P.S. Not fur nottin', but... If the warehouse is owned by Ms. Meek's father, and the cameras were part of a hard-wired, overall security system, lawyers might want to check the old man's pockets for depth, and him for culpability. Just a thought. 

Hey, ever see The Road to Wellville? Some things never change, do they?

SpyCam Story #631 - Pfuhl Hides SpyCam at Work

NM - A businessman from Rio Rancho, in jail, accused of using a hidden camera to watch his workers go the bathroom. Richard Pfuhl owns Fine Line Home Inspection...

Back in November, two women who worked for him say they saw a camera behind a vent and called the cops. They say they also found recording equipment inside Pfuhl's bedroom and DVD's of women using the bathroom. (more)

Pocket 3G Spy Car (Yes, it rhymes with noodle.)

This just in...

Click to enlarge.

 from the seller... "See live video on your Mobile phone from anywhere in the world. No time limit no distance limit No internet or IP address needed. Just simply call your 3G camera and see live video of your home, office, car, or even your Nanny." (more)

Why do I mention it?

So you will know what you're up against.

Social Engineering Attacks on the Enterprise in 2012

Amit Klein, CTO for security company Trusteer has just published his predictions for cybercrime trends in 2012... The following is one of his observations for the year ahead:

• Personal information, disclosed on social networks, will be used in social engineering attacks against the enterprise. Fraudsters, all too aware of the valuable intelligence freely available on social networks, are starting to mine these data sources, capturing the personal details needed to successfully complete social engineering attacks. Trusteer predicts this will manifest itself over the coming year as an enterprise issue.

Example: The "mark" might receive an email from someone who claims to be an old high school classmate. The email has a link to an invitation to a class reunion, except that the link really goes to a website that surreptitiously drops a keystroke logger on the unsuspecting person's computer.

Criminals are finding it easier than ever to create a pretext using the unprecedented amount of personal information that people willingly publish about themselves on Facebook, LinkedIn and scores of other social sites...

In the case of attacks against enterprises, every employee is a viable target, from the people in the mailroom to the ones in the corner offices...

Security Tips...

• Train employees to recognize and avoid phishing and other social engineering attacks. Good educational products are available from PhishMe and Wombat Security Technologies.

• Restrict the use of company email addresses for business use only. Encourage employees to use a personal email account for everything that isn't related to company business.

• Implement strict security rules to filter out spam and phishing messages. Wombat has an anti-phishing tool called PhishPatrol that specifically catches phishing and spear-phishing emails. (more)

Security Directors: FREE Security White Paper - "Surreptitious Workplace Recording ...and what you can do about it."   

iSnitch, ilLumiaNaughty & RIMshot Cell Out

India - Apple, Nokia and Research In Motion (RIM) gave Indian intelligence agencies secret access to encrypted smartphone communications as the price of doing business in the country, according to what appear to be leaked Indian government documents.

The purported documents, if they are real, indicate that the smartphone giants gave India's Central Bureau of Investigation (CBI) and Indian military intelligence "backdoor" tools that would let the Indian agencies read encrypted emails sent to and from RIM's BlackBerrys, Apple's iPhones and Nokia smartphones...

A "decision was made earlier this year to sign an agreement with mobile manufacturers (MM) in exchange for the Indian market presence," the military intelligence document reads. (more)