McAfee Predicts Mobile Devices May Be Corporate America’s Real Trojan Horse

If security firm McAfee is right, 2011 may be the tablet computer takes over corporate America. Or more specifically, the year the tablet takes over corporate networks. McAfee predicts that the onslaught of consumer-owned and lent smartphone and tablet devices entering and exiting the office space may pose a new unanticipated threat to corporate security. Their concern is that, not only is the consumer largely ill-prepared to secure devices that may amount to a hole in the Trojan wall big enough to drive a wooden horse into, but that the lack of comprehensive security tools designed around the likes of iPhones, iPads and Android devices, leaves them ill-equipped, even if they were prepared. Potentially, this could mean that personal gadgetry may become the host du jour for new infectious computer viruses, malware, and most alarmingly, remote access to the network the form of "Trojan horses".

While McAfee, one of the world's largest anti-virus software manufacturers, is understandably concerned about the interconnection of consumer-maintained -- and largely unsecured -- devices to more secure corporate networks, I think they may be missing an even bigger threat. While for years USB "thumb drives" have been cheap and affordable, and available in sizes small enough to swallow, they still required the physical removal of data from the premises. This meant exhaustively copying and then walking data out of the building. (See "sneakernet".) And, while every year these storage devices hold more and more data, so does the average corporate server. It's unlikely that portable media will ever quite catchup.

On the other hand, the prevalence of high-powered personal computing devices (yes, I'm talking about your average smartphone) connected to the corporate network allows, not only for the immediate transmission of data off-the-premises, but potentially even the cheapest, least sophisticated, pre-paid Android phone, left "cradled" overnight to a desktop computer, (the same cradle used to charge the battery, and synchronize contacts and calendar events,) could allow for unrestricted unauthorized remote network access over a hard-to-trace personal cellular data connection. Not only is this possible today, but it doesn't require a sophisticated computer virus to accomplish.

Read more at http://www.technewsworld.com/story/71541.html


Feds Charge Two for Allegedly Exploiting Bug in Video Poker Machines

Source: Wikipedia

Source: Wikipedia

Federal prosecutors this week leveled conspiracy charges against two men who allegedly used an exploit against a line of video poker machines to win hundreds of thousands of dollars in unearned jackpots.

Read full article at http://feeds.wired.com/~r/wired/index/~3/BN3JIom0HR4/


Obama Looks to Silicon Valley to Solve Identity Crisis

The federal government thinks identity and passwords need to be fixed to keep the internet healthy, but is declining, thankfully, to try to fix it themselves. Instead, they are pushing internet entrepreneurs to build something robust and open.

Read full article at http://feeds.wired.com/~r/wired/index/~3/3Uts2JG5xFc/


Was convicted hacker on the Secret Service payroll?

"Secret Service paid TJX Hacker $75,000 a Year"

U.S. Secret ServiceAccording to Wired, a convicted hacker and credit card thief was paid to work undercover for the U.S. Secret Service. A convicted accomplice told Wired that Albert Gonzalez was paid $75,000 a year in cash as a confidential informant to the U.S. Government.

Though the Secret Service would not comment, a former federal prosecutor told Wired that the payment was not unusual. He compared it to "million-dollar payouts" to informants involved in organized crime investigations. According to Department of Justice guidelines, agents are required to advise confidential informants that payments "may be taxable income that must be reported to appropriate tax authorities".

Albert Gonzalez was arrested in 2008 and accused of running one of the largest identity theft crimes in U.S. history. After his arrest Gonzalez lead instigators to more than $1 million buried behind his parent's home.

Gonzalez will be sentenced on Thursday. The government is seeking a 25 year sentence.


If your car’s not owned it could be pwned

Disgruntled Hacker [Debt Collector] Disables More Than 100 Cars Remotely

Pay Technology's Webtech Plus

Cleveland-based Pay Technologies is a company that sells hidden wireless black boxes that allow car dealers to remotely disable a car’s ignition, or trigger the horn to begin honking, as a not-so-gentle reminder that a payment is due. The Webtech Plus responds to commands issued through a central website, and relayed over a wireless pager network.

A car dealer in Austin Texas began receiving complaints from hundreds of stranded customers late last month. According to the dealership's manager, the complaints stopped several days later, when he reset all the Webtech Plus employee passwords. Then police obtained access logs from Pay Technologies, and traced an IP address to a former employee. Police say he hacked into the dealership's computer system to deactivate the starters on the cars and set off their horns.

To call the suspect a "hacker" is really an insult to hackers. On the other hand, anyone who's ever spoken with a debt collector probably isn't very surprised by allegations of unethical behavior.

According to the dealership, the employee's account had been closed when he was terminated last month, but they allege he got in through another employee’s account. They claim he was working his way alphabetically through a database of all 1,100 customers whose cars were equipped with the device.


FTC Queues-in on Netflix Member Privacy

Attn. MPAA: There are much worse ways to copy movies than with a computer.

In 2007 prosecutors in Anchorage Alaska accused 34 year old stripper Mechele Linehan of plotting a murder based on the 1994 movie "The Last Seduction". Life so closely imitated art, said prosecutors, that they even tried to have the movie played for the jury.

Rockstar Games Grand Theft Auto

In 2008 a teenager confessed that he was trying to imitate scenes from the video game "Grand Theft Auto" when he robbed a murdered a taxicab driver in Bangkok Thailand. Movies like "The Deer Hunter" (1978) are even believed to have inspired several "copycat" suicides in the late 1970's and early 80's.

All of this may seem like fodder for censorship advocates, but that debate has largely come and gone in favor preserving the First Amendment's right to free speech. Wise as the framers of the U.S. Constitution may have been, few would accuse them of being clairvoyant. After all, who could have predicted the impact the Internet would some day have on both the precept of free speech and the concept of privacy?

Though many speak of the "right to privacy", it is not, at least as far as the U.S. Constitution is concerned, a right at all. It is, nonetheless, an ethos that has long been coveted by Americans, and is implicit in the Fourth Amendment's:

...right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures...

Of course, mention the term "search" to most people today, and it's far more likely to conjure thoughts of friends lists", home pages and e-books, than actual people, houses and papers. And while, in just the past few years, popular culture has come to embrace the sharing of intimate, private and personal details with virtual strangers, the desire to remain "secure" seems to be very much alive in the 21st Century. In fact, more than any other, the Fourth Amendment has played a central, albeit contested, role in the litigation of hi-tech criminal evidence.

I know what you watched last summer...

So, what does all this have to do with your Netflix queue? Though Americans, and many other people around the world, may be willing to voluntarily divulge personal information, either in trade for modern conveniences and services, or increasingly, for a sense of online significance, we're not quite as enthusiastic when it's taken from us and shared without any tangible return. It's no longer a secret that the monetary value of data has been pre-calculated into the return on investment (ROI) of so many of today's business models, but consumers still tend to expect a certain level of security. In recent years the bar has been set pretty low. Still, it may surprise many to learn that "anonymous" usage data can be deciphered into personally-identifiable intelligence, as proven by a pair of researchers at the University of Texas using what was thought to be anonymous user data provided to contestants in the three-year $1 million "Netflix Prize" to improve the site's recommendation results.

The UT's results brought both unwanted attention from the Federal Trade Commission and a lawsuit from a private firm, resulting in Netflix's decision last week to cancel a planned sequel to the prize awarded last year.

It's not hard to imagine how this sort of data could be exploited to peddle shoes to people who have rented all six seasons of "Sex in the City", or BestBuy ads targeted at fans of NBC's "Chuck".

Dreamworks Minority Report (2002)

It's no longer extraordinary to see similar data exploited in the process of investigating crimes either. Certainly the viewing interests and habits of the individuals mentioned above have been considered relevant discovery by law enforcement. In these cases, there's little, if anything, to decipher.  Anything that Netflix knows about you, your account, and your viewing habits, is subject to a warrant, and, with or without much imagination, could be incriminating. How many of us haven't seen a good fictional car case, a well-written murder plot, a scripted street-fight, or a perfectly executed crime? The consumption of such fiction could be hazardous to your defense, if it proceeds similar accusations.

Now, imagine the same evidence available to anyone, without a warrant, subpoena, or probable cause. Perhaps someone at the FTC had the movie "Minority Report" in their queue.


Let’s play $100 Password!

$100 Dollar Password

You probably won't find much sympathy for Elane Cioni. A mistress scorned, she's been convicted of hacking into the email account of her former-boss, the man with whom she was having an affair, and then his wife, his other girlfriends, and even his kids. (I suppose, that doesn't engender much sympathy for her main-target either.) But, you might be surprised to find out Cioni's not a very good hacker.

You might also be surprised to learn that there's a market for professional hacking and, similar to many legitimate professions, the jobs are going offshore. When it comes to password hacking, those who can, do. Those who can't, outsource. When Cioni wanted back into her boyfriend's life she turned to one of an increasing number of web sites with offers like this:

"Need to monitor your Child? Your Spouse? Your Boyfriend/Girlfriend? We Hack Passwords for $100 USD. We Crack all major web based emails. This include Hotmail, Yahoo! AOL and Gmail. We Provide Proofs Before payment." ... CONTINUE READING »


Electronic privacy is for the birds.

Source: Wikipedia

Source: Wikipedia

In a match between Bird-brain vs. broadband, you might be surprised to see who wins.

An old friend of mine pointed out what sounded like an interesting story out of South Africa. Tired of slow download speeds, a South African call center pitted a racing pigeon against Telkom South Africa Ltd.’s ADSL data service to see which could move a 4GB file faster. In total it took just under three hours for the bird to fly approximately 50 miles--about 30 times faster than the ADSL service, which had only downloaded 4% of the file in the same time.

I'm afraid we're not really comparing apapane to apapane, or even apapane to ostriches. I doubt, for instance, that the pigeon would fair quite as well over, say, a 500 or 5000 mile "data run". ... CONTINUE READING »


Wi-Fi security — gone in 60 seconds, AGAIN.

Wi-Fi_ZoneYou're not one of those people who leave their wi-fi network open to anyone who passes by, are you? You realize, of course, that--beside the obvious security risks to your computers, your network, your passwords, email, accounting files, your bank account, private identity, maybe even sensitive medical information--that anything someone else does on your network will be traced back to you--the resident and ISP subscriber? Say, for example, the kid next door decides to use your "lightning fast DSL" to download, or worse--share--his music collection via Bit Torrent. The RIAA subpoena will be addressed to you. Or, suppose someone driving by decides to stop and explore his sexual curiosities where they can't be traced back to his network. The search warrant will be addressed to you.

But, that's not your problem, right? Because your wi-fi network is encrypted, right? I remember, back in the day, I used to brag that it would be easier to poach my cable connection from the street than hack my wi-fi, because I was using WEP encryption (cracked in 2001), a MAC filter (easily spoofed), AND I cloaked my SSID (worthless). Since then, came WPA, and more recently WPA2.

Linksys settings for WPA2 wireless secruity.

Linksys settings for WPA2 wireless secruity.

If I lost you at "lighting fast DSL", then the following probably is your problem: Computer scientists in Japan have developed a way to break the WPA encryption system used in wireless routers in just one minute. For those keeping up, presumably you upgraded your router firmware some time back, or purchased and configured a new router to utilize WPA2--which is, so far, considered to be secure. ... CONTINUE READING »


Good news for bad behavior: Cyberbullying mom aquitted.

Source: Reuters

Source: Reuters

Lori Drew will likely forever be known as the mom found guilty of "cyberbullying" and taunting teenager Megan Meier to commit suicide. Nothing, however, could be further from fact. Drew was, in fact, found guilty of violating MySpace's terms of service (ToS), by posing as a fictitious teenage boy, AKA "Josh Evans". A victory, perhaps, far greater for the software industry than for the Meier family.

Similar to convicting Al Capone for income tax evasion, ToS violations are more commonly associated with hacker prosecutions. US District Judge George Wu has now overturned the ruling, saying that the conviction could have set a dangerous precedent for other legal cases. ... CONTINUE READING »


Log In

Join the conversation...

Join the conversation on Twitter

Join the conversation on Facebook

disquslogo_180 Subscribe to RSS feed

Join the Google conversaton…

Geo Visitors Map