Insert your organization's name where you see the word "Army".
 |
| Click to enlarge. |
Friday, April 19, 2013
DoD Inspector General v. Army Commercial Mobile Devices (CMD)
There are lessons for your organization in this report.
Insert your organization's name where you see the word "Army".
"The Army did not implement an effective cybersecurity program for commercial mobiles (sic) devices. If devices remain unsecure, malicious activities could disrupt Army networks and compromise sensitive DoD information." (full report)
Insert your organization's name where you see the word "Army".
Wednesday, April 17, 2013
If you travel with a cell phone, tablet and/or laptop...
...this should interest you...
35,000. That’s how many business travelers depart the United States every day. With them goes over 40,000 cell phones, more than 50,000 laptops, and nearly 500,000 pages of business documents holding privileged information. When you travel abroad, your company is at risk.
Among Enemies tells you how to protect yourself.
Luke Bencie has traveled to more than 100 countries over the past 15 years on behalf of the U.S. intelligence community, as well as for the private defense industry.
While abroad, he has experienced, firsthand and sometimes painfully, the threat of espionage and the lengths to which foreign intelligence services and other hostile global competitors will go to steal American business secrets.
Mr. Bencie currently serves
as the managing director of Security Management International, LLC, a
security-consulting firm in the Washington, D.C. area.
Among Enemies tells you how to protect yourself.
Luke Bencie has traveled to more than 100 countries over the past 15 years on behalf of the U.S. intelligence community, as well as for the private defense industry.
While abroad, he has experienced, firsthand and sometimes painfully, the threat of espionage and the lengths to which foreign intelligence services and other hostile global competitors will go to steal American business secrets.
Sen. Mitch McConnell's "Bug" - Recorded Acoustical Leakage
The center of political intrigue and an FBI investigation in Kentucky's U.S. Senate race is the otherwise inconspicuous second floor hallway of the Watterson West office building in Louisville.
...behind plain, black doors is Sen. Mitch McConnell's campaign headquarters.
It is in this hallway on February 2 that two members of the Progress Kentucky SuperPAC allegedly recorded a private campaign strategy meeting underway inside an office on the other side of one of those plain, black doors, according to Jacob Conway a member of the Jefferson County Democratic Party's Executive Committee.
"You have about a half an inch gap right there where a recording device or a microphone could have been inserted," Benton said, pointing to the bottom of the door...
With the campaign's permission, WHAS11 tested whether an iPhone voice memo program could successfully record a conversation by placing the phone's mouthpiece at the bottom door opening.
Playback of the test recording confirmed that it captured the voices of campaign workers meeting behind the door. The workers had been advised of the recording test...
Some legal analysts suggest that if the closed door meeting could be heard from the hallway, the recording might not be a crime. During the WHAS11 visit, some voices could be heard, without electronic assistance, from the hallway. (more)
Imagine, two guys in the hallway listening under the door. Eavesdropping doesn't get any more basic than that. Spying tricks haven't changed, there are just more of them these days. All the old tricks still work.
If they had their offices inspected by a TSCM team they would have been notified about the acoustical leakage vulnerability... in time to protect themselves.
...behind plain, black doors is Sen. Mitch McConnell's campaign headquarters.
It is in this hallway on February 2 that two members of the Progress Kentucky SuperPAC allegedly recorded a private campaign strategy meeting underway inside an office on the other side of one of those plain, black doors, according to Jacob Conway a member of the Jefferson County Democratic Party's Executive Committee.
"You have about a half an inch gap right there where a recording device or a microphone could have been inserted," Benton said, pointing to the bottom of the door...
Playback of the test recording confirmed that it captured the voices of campaign workers meeting behind the door. The workers had been advised of the recording test...
Some legal analysts suggest that if the closed door meeting could be heard from the hallway, the recording might not be a crime. During the WHAS11 visit, some voices could be heard, without electronic assistance, from the hallway. (more)
Imagine, two guys in the hallway listening under the door. Eavesdropping doesn't get any more basic than that. Spying tricks haven't changed, there are just more of them these days. All the old tricks still work.
If they had their offices inspected by a TSCM team they would have been notified about the acoustical leakage vulnerability... in time to protect themselves.
FREE Security "Green" Papers on Laptop, Mobile Phones & Storage Devices
IT Governance is a supplier of corporate and IT Governance related books, toolkits, training and consultancy. They offer a wealth of knowledge and experience.
Their Green Papers contain information and guidance on specific problems and discuss many issues. Here are two just published this month...
Technical Briefing on Laptop and Mobile Storage Devices
Technical Briefing on Mobile Phones and Tablets
About two dozen more may be found here.
Their Green Papers contain information and guidance on specific problems and discuss many issues. Here are two just published this month...Technical Briefing on Laptop and Mobile Storage Devices
Technical Briefing on Mobile Phones and Tablets
About two dozen more may be found here.
... thus, giving new meaning to a bright idea!
Optogenetics is the process by which genetically-programmed neurons or other cells can be activated by subjecting them to light. Among other things, the technology helps scientists understand how the brain works, which could in turn lead to new treatments for brain disorders.
Presently, fiber optic cables must be wired into the brains of test animals in order to deliver light to the desired regions. That may be about to change, however, as scientists have created tiny LEDs that can be injected into the brain.
The LEDs were developed by a team led by Prof. John A. Rogers from the University of Illinois at Urbana-Champaign, and Prof. Michael R. Bruchas from Washington University. The lights themselves can be as small as single cells and are printed onto the end of a flexible plastic ribbon that’s thinner than a human hair. Using a micro-injection needle, they can be injected precisely and deeply into the brain, with a minimum of disturbance to the brain tissue. (more)
FutureWatch - Mico-sensors to allow downloading of consciousness - knowledge, visuals, ideas, etc..
Presently, fiber optic cables must be wired into the brains of test animals in order to deliver light to the desired regions. That may be about to change, however, as scientists have created tiny LEDs that can be injected into the brain. The LEDs were developed by a team led by Prof. John A. Rogers from the University of Illinois at Urbana-Champaign, and Prof. Michael R. Bruchas from Washington University. The lights themselves can be as small as single cells and are printed onto the end of a flexible plastic ribbon that’s thinner than a human hair. Using a micro-injection needle, they can be injected precisely and deeply into the brain, with a minimum of disturbance to the brain tissue. (more)
FutureWatch - Mico-sensors to allow downloading of consciousness - knowledge, visuals, ideas, etc..
Tuesday, April 16, 2013
Small Business Espionage Attacks Up 42%
Smaller companies, their websites and their intellectual property are increasingly being targeted by cyberattacks, a new report on IT security trends says.
Targeted attacks were up 42 per cent in 2012 compared to the year before, and businesses with fewer than 250 employees are the fastest growing segment being targeted, according to the annual internet security threat report issued Tuesday by Symantec...
The type of information being targeted by attackers is also changing — financial information is now losing ground to other kinds of competitive data, the report found. (more)
The type of information being targeted by attackers is also changing — financial information is now losing ground to other kinds of competitive data, the report found. (more)
McConnell's Suspected Bugger Has Hand Out
The man who is suspected of bugging Senate Minority Leader Mitch McConnell’s office has started a legal defense fund aimed at raising $10,000 — and so far, he’s received $185.
Breitbart reported that Curtis Morrison, who’s also a Progress Kentucky volunteer, said in a message about his fund that he’s cooperating with the FBI. But he’s struggling to pay for his legal defense...
A Kentucky Democratic Party operative and the founder of Progress Kentucky outed Mr. Morrison last week as the person who allegedly bugged Mr. McConnell’s office, Breitbart reported. (more)
Breitbart reported that Curtis Morrison, who’s also a Progress Kentucky volunteer, said in a message about his fund that he’s cooperating with the FBI. But he’s struggling to pay for his legal defense...A Kentucky Democratic Party operative and the founder of Progress Kentucky outed Mr. Morrison last week as the person who allegedly bugged Mr. McConnell’s office, Breitbart reported. (more)
The Schizo Illinois Eavesdropping Law
There was major development Tuesday in the fight over the state's controversial eavesdropping law. A court decision now allows citizens to record the audio of police officers on the job in public.
Citizens can legally record video of police officers doing their jobs on the public way, as long as you don't interfere, but the Illinois Eavesdropping Act does not permit you to record audio.
If you do, you're still subject to arrest and criminal charges, even though two state court judges in Illinois have declared the law unconstitutional.
It remains a law on the books without clarity though a new agreement just approved by a federal court judge will change things in Cook County. (more)
Weird.
Citizens can legally record video of police officers doing their jobs on the public way, as long as you don't interfere, but the Illinois Eavesdropping Act does not permit you to record audio.
If you do, you're still subject to arrest and criminal charges, even though two state court judges in Illinois have declared the law unconstitutional.
It remains a law on the books without clarity though a new agreement just approved by a federal court judge will change things in Cook County. (more)
Weird.
RFID Tracks Jewelry Popularity
Interesting application of RFID technology.
RFID smart shelves can help retailers analyze market demand.
Beyond sales reports, retailers want to understand which items had the highest shopper interest. For example, while one jewelry item is picked up 100 times and sold 90 time, another jewelry item is picked up 100 times but only sold 10 times. Retail statistics monitoring shopper behavior cannot be accurately counted by man.
However, the RFID Jewelry Smart Shelf Solution developed by Alpha Solutions enables retailers to clearly see data on which types of jewelry are picked up frequently. From the data obtained, discount promotions and programs can be made for the jewelry types that are having trouble selling.
RFID smart shelves can help retailers analyze market demand.
Beyond sales reports, retailers want to understand which items had the highest shopper interest. For example, while one jewelry item is picked up 100 times and sold 90 time, another jewelry item is picked up 100 times but only sold 10 times. Retail statistics monitoring shopper behavior cannot be accurately counted by man.However, the RFID Jewelry Smart Shelf Solution developed by Alpha Solutions enables retailers to clearly see data on which types of jewelry are picked up frequently. From the data obtained, discount promotions and programs can be made for the jewelry types that are having trouble selling.
Thursday, April 11, 2013
There is a Magazine for Everything... Even Penetration Testing
Kamil Sobieraj, editor of PenTest Magazine introduced me to his publication this week. It was an eye-opener. If you have anything to do with protecting information, you will find this as interesting as I did...
PenTest Magazine is a weekly downloadable IT security magazine, devoted exclusively to penetration testing. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. All aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions are covered.
48 issues per year (4 issues in a month).
A different title is published every week of the month:
• PenTest Regular – 1st Monday
• Auditing & Standards PenTest – 2nd Monday
• PenTest Extra – 3rd Monday
• Web App Pentesting – 4th Monday
...about 200 pages of content per month.
Each issue contains...
• News
• Tools testing and reviews
• Articles – advanced technical articles showing techniques in practice
• Book review
• Interviews with IT security experts
(more)
Nice to know there is a smart way to keep up with the bad guys.
48 issues per year (4 issues in a month).
A different title is published every week of the month:
• PenTest Regular – 1st Monday
• Auditing & Standards PenTest – 2nd Monday
• PenTest Extra – 3rd Monday
• Web App Pentesting – 4th Monday
...about 200 pages of content per month.Each issue contains...
• News
• Tools testing and reviews
• Articles – advanced technical articles showing techniques in practice
• Book review
• Interviews with IT security experts
(more)
Nice to know there is a smart way to keep up with the bad guys.
Wednesday, April 10, 2013
Campaign Headquarters Bugged - FBI Investigating
Senate Minority Leader Mitch McConnell (R-Ky.) accused opponents Tuesday of bugging his headquarters and asked for an FBI investigation after a recording from an internal campaign meeting surfaced in a magazine report.
The 12-minute audiotape released by Mother Jones magazine reveals McConnell and his campaign staff at a Feb. 2 meeting lampooning actress Ashley Judd — then a potential Senate candidate — and comparing her to “a haystack of needles” because of her potential political liabilities. Judd has since decided not to run.
“We’ve always said the left will stop at nothing to attack Sen. McConnell, but Nixonian tactics to bug campaign headquarters is above and beyond,” campaign manager Jesse Benton said in a statement. (more)
UPDATE: "It is our understanding that the tape was not the product of a Watergate-style bugging operation. We cannot comment beyond that." – David Corn, Editor, Mother Jones (more)
Note: More than one person is heard speaking on the tapes (above is just an excerpt). Based on this, (and room echoes) the FBI will be able to figure out the location of the microphone. Hope everyone remembers where they were sitting.
The 12-minute audiotape released by Mother Jones magazine reveals McConnell and his campaign staff at a Feb. 2 meeting lampooning actress Ashley Judd — then a potential Senate candidate — and comparing her to “a haystack of needles” because of her potential political liabilities. Judd has since decided not to run.
“We’ve always said the left will stop at nothing to attack Sen. McConnell, but Nixonian tactics to bug campaign headquarters is above and beyond,” campaign manager Jesse Benton said in a statement. (more)
UPDATE: "It is our understanding that the tape was not the product of a Watergate-style bugging operation. We cannot comment beyond that." – David Corn, Editor, Mother Jones (more)
Note: More than one person is heard speaking on the tapes (above is just an excerpt). Based on this, (and room echoes) the FBI will be able to figure out the location of the microphone. Hope everyone remembers where they were sitting.
Tuesday, April 9, 2013
Shodan - The Scary Search Engine
Cautionary Tale...
Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet's back channels. It's a kind of "dark" Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet...
It's stunning what can be found with a simple search on Shodan. Countless traffic lights, security cameras, home automation devices and heating systems are connected to the Internet and easy to spot.
Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.
What's really noteworthy about Shodan's ability to find all of this -- and what makes Shodan so scary -- is that very few of those devices have any kind of security built into them. (more)
Unlike Google, which crawls the Web looking for websites, Shodan navigates the Internet's back channels. It's a kind of "dark" Google, looking for the servers, webcams, printers, routers and all the other stuff that is connected to and makes up the Internet...
Shodan searchers have found control systems for a water park, a gas station, a hotel wine cooler and a crematorium. Cybersecurity researchers have even located command and control systems for nuclear power plants and a particle-accelerating cyclotron by using Shodan.
What's really noteworthy about Shodan's ability to find all of this -- and what makes Shodan so scary -- is that very few of those devices have any kind of security built into them. (more)
Free - Computer Security Tools Book
"Open Source Security Tools: A Practical Guide to Security Applications"
Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses.
Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. Seasoned security expert Tony Howlett has reviewed the overwhelming assortment of these free and low-cost solutions to provide you with the “best of breed” for all major areas of information security.
By Tony Howlett. Published by Prentice Hall. Part of the Bruce Perens' Open Source Series.
Offered Free by: informIT
A 600-page PDF, written in 2004, which still contains useful information.
Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. Seasoned security expert Tony Howlett has reviewed the overwhelming assortment of these free and low-cost solutions to provide you with the “best of breed” for all major areas of information security.
By Tony Howlett. Published by Prentice Hall. Part of the Bruce Perens' Open Source Series.
Offered Free by: informIT
A 600-page PDF, written in 2004, which still contains useful information.
Sunday, April 7, 2013
Son Bugs Mom (yawn)... with a Wiretap!
UK - Police have arrested a Lincoln man on suspicion that he bugged his 90-year-old mother’s phone.
Richard Stamler, 59, was arrested Thursday night for unlawful interception of communications, a felony, Lincoln Police Officer Katie Flood said.
Stamler’s sister called police March 28 to say she found a recording device in the basement of her mother’s home that had been connected to the phone line, Flood said.
The woman played the tape, Flood said, and recognized her brother’s voice reciting date information. The device was set to record any time someone in the house picked up a phone. (more)
Stamler’s sister called police March 28 to say she found a recording device in the basement of her mother’s home that had been connected to the phone line, Flood said.
The woman played the tape, Flood said, and recognized her brother’s voice reciting date information. The device was set to record any time someone in the house picked up a phone. (more)
Saturday, April 6, 2013
Canadian Technical Security Conference (CTSC) - April 23-25, 2013
Canadian Technical Security Conference (CTSC) - April 23-25, 2013
The annual Canadian Technical Security Conference (CTSC) event (Cornwall, Ontario) is a three (3) day professional development and networking opportunity with a local, regional, national and international following of professional technical operators, TSCM specific and test & measurement based equipment manufacturers and service providers.
The conference is being held at Strathmere, near Ottawa.
GPS Coordinates, Latitude 45.157216, Longitude 75.703858
This annual CTSC conference event is of special interest to local, regional and international technical security professionals from the private sector, corporate security industry, financial sector, oil, gas and mining sector, government, law enforcement and military organizations and agencies. (more) Contact: Paul D Turner, TSS TSI
This is the conference's 8th year. Every year I hear reports about how worthwhile it is. Every year they schedule it when I am obligated to be elsewhere :(
The conference is being held at Strathmere, near Ottawa.
GPS Coordinates, Latitude 45.157216, Longitude 75.703858
This annual CTSC conference event is of special interest to local, regional and international technical security professionals from the private sector, corporate security industry, financial sector, oil, gas and mining sector, government, law enforcement and military organizations and agencies. (more) Contact: Paul D Turner, TSS TSI
This is the conference's 8th year. Every year I hear reports about how worthwhile it is. Every year they schedule it when I am obligated to be elsewhere :(
Subscribe to:
Posts (Atom)