Photochaining - Great art, terrible security

Photochaining.com is a new website that encourages the sharing of random memory cards.

Whilst this may provide a fantastic variation of images and input it presents a very significant security problem.

'Seeding' memory devices (including memory cards and USB keys) is a classic way to covertly install spyware such a keylogging software. It is now a common practice by the criminal fraternity (or unscrupulous Private Detectives)  to leave 'seeded' usb keys in your target companies favorite Starbucks. People will often take a found memory key and plug it into their computer 'to have a little look around'. when you put the 'seeded' USB key in you may find something like a PowerPoint presentation called 'honeymoon pics, open in private, i love u'. If you open it you will see some apparently private and intimate pictures. Unfortunately at the same time keylogger software will be installed on your machine recording and reporting back everything you ever type. 

If you think this is the realms of super-criminals you should be aware that these kind of programs are readily available for about £50.00. 

Times Photochaining article.

Photochaining.com

Vista and XP password recovery using Backtrack 4

Have you ever wondered how passwords are recovered. One way is to boot from a Linux Live CD/DVD/USB device running special software such as Backtrack 4

This is readily available software and whilst a little outside the average users skill-set, anyone who has a basic understanding of command line code should be able to use it.

The link here is from Cybexin's blog (one of my favorite's). He posts many informative video's about how-to which can be quite shocking if you ever thought your information was secure. If your information has value and you want to know how to protect it from these kinds of attacks contact FaberBrent.

Backtrack 4 video here. Warning do not try this at home kids.

Another article about workstation security

As reported recently there is finally a trend towards awareness of physical endpoint security.

The following article talks about some of the risks including bootable Linux Live CD's with programs such as Backtrack (read more about Backtrack here)

Are people beginning to grasp that security needs a holistic approach to be effective?

Article here...

Enterprise becoming aware of keylogger threat

The threat from hardware keyloggers is beginning to gain some more awareness. this is a very significant problem that will not be detected by any kind of software system. The only solution is an expert physical search.

Interesting article here...

Google maps, CCTV and the FBI come together

The FBI and other law enforcement agencies are starting to utilise online networks to publish virtual 'Wanted' posters. How long until we can watch the robbery live?

Read more here...

Remote laptop Kill-Switch from Ericsson

Ericsson's F3607gw module working with Intel's Anti-theft technology will allow a computer to be rendered inoperable by remote command. 

Lets hope know one discovers how to hack this function - can you imagine being held to ransom if you want your laptop to work.

Also watch out if you got a 'free' laptop as part of a broadband deal. I wonder what the small-print says if you default on the bill or change providers?

Read more here...

Conficker virus update - Day Zero

So we were all waiting for the world to end (anyone remember Y2K)  but so far nothing much has happened.

The vast bot army has yet to show its hand but there is still time. Conficker is no different to other computer viruses so the usual precautions should keep you clean. Keep your OS and Anti-Virus fully patched, don't visit dodgy websites and don't accept unknown external devices (like USB keys).

More on the story here...

Attempted sale of MP's expenses receipts

The Times has a detailed article on how they were approached by a 'businessman' to sell them a copy of the past 5 years of MP's expense receipts. this information is stored by the Stationary Office. He claims and 'inadvertent copy' of the data was made covering all expenses for the last 5 years.

Why do people find it surprising that data can be copied. The defence seems to be that there was no 'official' data copies missing. if you want to know how to prevent 'unofficial' copies of your data contact FaberBrent.

Read more here...

US Man Charged With Theft Of Trade Secrets

If you want to know how to protect your company against industrial espionage contact us.

LEE, who is a naturalized U.S. Citizen of Chinese descent, abruptly resigned his employment with Valspar on March 16th of this year, just two weeks after returning from a business trip to the People’s Republic of China.  At the time of his resignation, LEE relinquished both his company issued laptop computer and AT&T Blackberry wireless device.

A subsequent examination of the laptop computer by Valspar network analysts discovered that all of the temporary files had been deleted, suggesting that LEE had taken steps to “clean” the computer’s history. Additional examination of the laptop discovered a hidden file, which contained unauthorized software programs, including a data copying program.  It was also discovered that approximately 44 gigabytes of data, including Valspar trade secret information, had been downloaded to LEE’s computer without authorization. more...

Pigeons fly mobile phones to Brazilian prisoners

For those of you that don't know elicit mobile phones are a big problem in prisons worldwide. Gotta love the innovation here.

Brazilian inmates have turned to carrier pigeons in their quest for communication with the outside world.

Guards have intercepted two carrier pigeons carrying mobile phones to detainees at a prison in Sorocaba, 62 miles from Sao Paolo, a spokesman for the state penitentiary system said. more...

Big Brother is watching: surveillance box to track drivers is backed

This kind of thing was always on the cards.  Also a little concerning if this follows the speed-camera model of guilty unless you can prove your innocence. Still for every signal there is a jammer so the innocent will have their privacy invaded and the guilty will bypass the system.

The government is backing a project to install a "communication box" in new cars to track the whereabouts of drivers anywhere in Europe, the Guardian can reveal.

Under the proposals, vehicles will emit a constant "heartbeat" revealing their location, speed and direction of travel. The EU officials behind the plan believe it will significantly reduce road accidents, congestion and carbon emissions. A consortium of manufacturers has indicated that the router device could be installed in all new cars as early as 2013. more...

19,000 UK credit card details posted on the Net...and accessible on Google

What is really frustrating here is that Google failed to remove the data even after the breach had become public.

A good idea for online shopping: Use only one credit card for all your online transactions, don't use it for anything else and keep a modest spending limit. It is then easy to check your statement and fraud should be very obvious.

The credit card details of up to 19,000 British shoppers were published on the internet - where they could be found using a simple search on Google.

The details apparently originated from the website of a criminal gang in the Far East.

he list, obtained by the Mail, includes the names, home addresses and full card details of thousands of Visa, Mastercard and American Express customers. more...

Spy chiefs fear Chinese cyber attack

Anyone see a pattern emerging here?

INTELLIGENCE chiefs have warned that China may have gained the capability to shut down Britain by crippling its telecoms and utilities.

They have told ministers of their fears that equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies. more...

Vast Spy System Loots Computers in 103 Countries

TORONTO — A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.

In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved. more...

The House of Commons IT systems has reportedly been infected by the infamous Conficker superworm

Several problems here:

One - Why is there not sufficient procedures, policy and systems in place to prevent this kind of virus?

Two  - Why is there not sufficient procedures, policy and systems in place to prevent this kind of report being leaked?

Three - Why are you allowed to connect an MP3 player to the House of Commons IT system? 

The House of Commons IT systems has reportedly been infected by the infamous Conficker superworm, which has previously infected millions of Windows PCs and affected the operation of hospitals, military and large corporate systems.

Political blog Dizzy Thinks first reported that a memo (below) sent out to parliamentary IT network users on Tuesday night warned that Conficker had disrupted the operation of parliamentary systems.

The infection has reportedly prompted a clean-up operation as well as a temporary ban on the use of mass storage devices, including MP3 players, on parliamentary systems. more...

UK Police Identify 200 Children As Potential Terrorists

Parents - please love your children.....

Two hundred schoolchildren in Britain, some as young as 13, have been identified as potential terrorists by a police scheme that aims to spot youngsters who are “vulnerable” to Islamic radicalisation.

The number was revealed to The Independent by Sir Norman Bettison, the chief constable of West Yorkshire Police and Britain’s most senior officer in charge of terror prevention. more...

New Chatham House report, Cyberspace and the National Security of the United Kingdom

FaberBrent were at Chatham House last night for the launch of this important new report.

It was comforting to hear Rex Hughes (via web link from the US) state that we need to see a convergence of traditional security and information security for effective defence. Sounds like holistic security to us.

This report provides a general overview of the problem of cybersecurity. The aim of the report is to inform debate and to make the case for a more coherent, comprehensive and anticipatory policy response, both nationally and internationally. more...

Download the paper here

TelTech intros pay-as-you-use lie detector phone service

I wonder if it actually provides any consistent data as voice analysis is only a small component of lie detection. This compounded with the reduced audio quality of a signal bounced over several phone-lines and i wonder how effective it can really be?

TelTech has launched what appears to be the industry's first pay-as-you-use telephone voice analysis (lie detection) service.

The service, appropriately named `LiarCard,' requires users to route a phone call via a US toll-free number, with onward dialling to the required party whose voice is to be analysed for truthfulness and other stress issues. more...

Cybercrime revenues exceeding drug trafficking?

Now this is quite a statement. I wonder when the cybercrime enforcement agencies are going to get the same budget as the DEA?

Testimony from AT&T's Chief Security Officer Edward Amoroso, in which he told a US Senate Commerce Committee that revenues from cybercrime - at $1 trillion annually - are now exceeding those of drug crime, have been confirmed by Finjan, the business Internet security expert.

"Our latest research suggests that, whilst the economic downturn is reducing the income of drug traffickers, cybercriminals are becoming ever more innovative in the ways they extract money from companies and individual," said Yuval Ben Itzhak, Finjan's Chief Technology Officer. more...

Madoff data is exempt from data protection law and can be exported, rules High Court

Public interest.....

Data which is protected by the Data Protection Act can be transferred to the US to help in the investigation of companies run by Bernard Madoff, the High Court has said. The transfer would usually be barred but is justified in this case, the Court said. more...