Archive for the ‘Technical’ Category

« Older Entries
Newer Entries »

Cameras May Open Up the Board Room to Hackers

Monday, January 23rd, 2012

One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment.

With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table.

In this case, the hacker was HD Moore, a chief security officer at Rapid7, a Boston based company that looks for security holes in computer systems that are used in devices like toaster ovens and Mars landing equipment. His latest find: videoconferencing equipment is often left vulnerable to hackers.

Businesses collectively spend billions of dollars each year beefing up security on their computer systems and employee laptops. They agonize over the confidential information that employees send to their Gmail and Dropbox accounts and store on their iPads and smartphones. But rarely do they give much thought to the ease with which anyone can penetrate a videoconference room where their most guarded trade secrets are openly discussed.

– More…

– Research thanks to Gerry B.

Posted in CrashBlogging, CyberChaos, Tech-Hardware, The Perfect Storm | No Comments »

Paybacks are hell: Parental spying prompts infiltration of German police system

Wednesday, January 11th, 2012

Der Spiegel published a story in yesterday’s edition of their magazine that the hack on the German police surveillance system “Patras” was prompted by a senior officer spying on his daughter’s internet activities.

The Patras system is used by the police to track suspects using so-called “silent” SMSs and GPS tracking devices planted on automobiles.

It appears that a senior policeman from Frankfurt am Main installed spyware onto his daughter’s computer to keep an eye on her online activities.

It is unclear whether this is legal under German law. It is also unknown whether he used the famous Bundestrojaner or some sort of commercial off-the-shelf spyware.

One of his daughters friends then discovered the spyware on her computer and decided that was justification enough to hack into her father’s computer.

Upon invading her dad’s system he found a selection of sensitive security related emails that enabled access to the Patras system. Two German hackers from a group called n0n4m3 cr3w (noname crew) were arrested after the system was breached in July of 2011.

According to Der Spiegel the policeman had redirected his work emails to his home computer. I expect that this is against the rules and is almost always a bad idea.

The worst part is that such a sensitive network used to covertly track people was accessible without any sort of two-factor authentication.

You would hope that intercepting a few sensitive emails would not provide enough information to allow a VPN connection or access critical infrastructure with such ease.

It is not clear whether this incident is the one that resulted in the successful attack against Patras last summer, or whether they were in fact breached twice.

It is one thing to accept the need of law enforcement to track suspects after receiving the approval of a judge, but it is becoming clear that access to these systems is too easy. It almost invites abuse and could result in criminal cases being compromised.

With great power comes great responsibility, and hopefully the German police have implemented more strict access controls and other authorities with similar power have heard this story and will look into their own security.

– To the original…

 

Posted in CrashBlogging, CyberChaos, Tech-Software, The Perfect Storm | No Comments »

Why is it not good to use proprietary Software or Formats?

Monday, October 31st, 2011

Proprietary Software can include back doors – see Skype and Microsoft.

Proprietary formats can include metadata. This is data, which you can’t see but it can lead to your identity. They caught a Greek anonymous activist, because he uploaded a word document with his real name in the metadata.

If you are no computer expert don’t upload anything else then plain TXT files to the Internet. You can use copy and past as well to post it in web services. Even graphic formats like JPEG or TIFF can include data like GPS coordinates, the used camera, user and software name.

It’s very difficult for beginners to find this metadata. So if you are a good designer like the poor Greek one, send your PDF files to a computer expert. He can clean the metadata before the upload.

These programms can show you the metadata:

PDF – BeCyPDFMetaEdit
Viewer for many formats: http://regex.info/exif.cgi

[UPDATE]
The metadata can be useful to locate the author of a document in real life, if you have questions for example. Open source programs like Libre Office uses metadata too. The trick is not to fill in your real name during installation and don’t use your real name for login.

You can use a Linux live system (like TAILS) to produce anonymous documents.

Comments:

The UK government has its problems with PDF formats too:

http://news.slashdot.org/story/11/04/17/0831204/MoDs-Error-Leaks-Secrets-of-UK-Nuclear-Submarine

“UK’s Ministry of Defence admitted that secret information about its nuclear powered submarines was leaked on the internet by mistake.

and

FOCA is a good program to show meta data for windows. You have to give an email adr. to dowload the program …

http://www.informatica64.com/DownloadFOCA/

– To the original…

 

Posted in CounterCurrents, CyberChaos, Tech-Software, The Perfect Storm | No Comments »

QR Tags Can Be Rigged to Attack Smartphones

Tuesday, September 13th, 2011

A blogger has demonstrated how these innocuous tags can be made into cybercrime weapons

The one to the side here says, “Samadhisoft Blog” and is harmless.

You’ve probably seen QR tags thousands of times, from advertisements in the subway to coupon flyer in the mail to products in the supermarket. They look like stamp-size bar codes, a grid of small black-and-white rectangles and squares, usually with bigger black squares in the corners.

A marketer’s dream-come-true, these tiny images are capable of storing and transmitting loads of data directly to the smartphones of interested customers. When a person scans a QR tag with a smartphone, the tag can do any number of things, including taking the user right to the product’s website.

But like any technology, they can also be manipulated to bite the hands — or phones — that feed them. On the mobile security blog Kaotico Neutral, researcher Augusto Pereyra demonstrated how these innocuous QR tags can be made into cybercrime weapons.

In his proof-of-concept hack, Pereyra took a QR tag he created from a free online tag creator and embedded in it the URL for an attack server called evilsite.dyndns.org. When the target smartphone scanned the tag, the browser was directed to the spoofed site and fed malware.

QR tags are touted for their convenience, but it’s that same convenience — coupled with their increasing prevalence — that Pereyra believes could allow them to becomedangerous attack vectors. Popular QR tag-scanning software, such as ScanLife, automatically takes mobile browsers to the site embedded within the tag, and while it makes the process quick, it does nothing for its safety.

“This is a serious problem since this is the equivalent of clicking a link with your eyes closed,” Pereyra wrote.

– More…

Posted in CrashBlogging, CyberChaos, Tech-Software, The Perfect Storm | No Comments »

Telex to help defeat web censors

Wednesday, August 3rd, 2011

Developed by US computer scientists the software, called Telex, hides data from banned websites inside traffic from sites deemed safe.

The software draws on well-known encryption techniques to conceal data making it hard to decipher.

So far, Telex is only a prototype but in tests it has been able to defeat Chinese web filters.

Outside in

Telex was developed to get around the problem that stops other anti-censorship technologies being more effective, said Dr Alex Halderman, one of the four-strong team that has worked on Telex since early 2010.

Many existing anti-censorship systems involve connecting to a server or network outside the country in which a user lives.

This approach relies on spreading information about these servers and networks widely enough that citizens hear about them but not so much that censors can find out and block them.

Telex turns this approach on its head, said Dr Halderman.

“Instead of having some server outside the network that’s participating we are doing it in the core of the network,” he said.

Telex exploits the fact that few net-censoring nations block all access and most are happy to let citizens visit a select number of sites regarded as safe.

When a user wants to visit a banned site they initially point their web browser at a safe site. As they connect, Telex software installed on their PC puts a tag or marker on the datastream being sent to that safe destination.

Net routers outside the country recognise that the datastream has been marked and re-direct a request to a banned site. Data from censored webpages is piped back to the user in a datastream disguised to resemble that from safe sites.

– More…

Posted in And Now for Something Completely Different, CounterCurrents, Politics - The Right Way, Tech-General | No Comments »

Anonymous speaks: the inside story of the HBGary hack

Sunday, February 20th, 2011

– Smashing stuff.   Absolutely top notch.  Anonymous has truly taken the stuffed shirt out of these folks.   And good on them for doing it. – dennis

– Check out the two posts previous to this one:   and as well.

– – – – – – – – – – – – – – – – – – – –

It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group’s actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary’s servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. As an added bonus, a second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.

Over the last week, I’ve talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary’s defenses and gave the company such a stunning black eye—and what the HBGary example means for the rest of us mere mortals who use the Internet.

– Please, read more…

-Research thanks to Alan T.

Posted in And Now for Something Completely Different, CyberChaos, Politics, Technical | 1 Comment »

Anonymous victim HBGary goes to ground

Friday, February 18th, 2011

– Great follow up story to my previous one.  Got to love the Anonymous folks – speaking truth to power.  – dennis

– – – – – – – – – – – – – –

The computer security company hacked by members of activist group Anonymous has gone to ground as further revelations about its activites leak online.

HBGary has cancelled its appearances at public events, saying that members of staff had been threatened.

It follows the release of internal documents which appear to show the firm offered to smear Wikileaks’ supporters.

HBGary officials said the online messages could have been altered prior to publication.

The company’s founder, Greg Hoglund had been scheduled to give a talk at the RSA Security conference in San Francisco this week, but pulled out at the last minute.

The company also withdrew from an associated exhibition.

“In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks,” it said in a statement posted on its website.

According to e-mails that Anonymous claims to have taken from HBGary’s servers, the company had proposed a plan to undermine Wikileaks.

At the time, the whistleblowing website was planning to release documents relating to Bank of America.

The leaked emails also suggest that HBGary had discovered evidence that US officials were attempting to monitor visitors to websites affiliated to al Qaeda.

These messages have been posted online via the Anonymous-supported site Anonleaks.ru.

– More…

Posted in And Now for Something Completely Different, CyberChaos, Politics, Technical | 1 Comment »

Hackers find plan to attack WikiLeaks

Tuesday, February 15th, 2011

– Least anyone wonder, I fully support what Assange’s done.   Governments, and I mean the U.S. especially here, keep far too much secret.   Democracy should be as transparent as it can be consistant with security but most governments err far over that mark.

– So, I applaude Anonymous and their efforts to make the control and suppresdsion of information painful for those who participate in it. – dennis

= = = = = = = = = = = = = = = = = = = = = = = = = = = = =

LONDON – The computer hackers’ collective Anonymous has uncovered a proposal by a consortium of private contractors to attack and discredit WikiLeaks.

Last week Anonymous volunteers broke into the servers of HB Gary Federal, a security company that sells investigative services to companies, and posted thousands of the firm’s emails on to the internet.

The attack was in revenge for claims by the company’s chief executive Aaron Barr that he had successfully infiltrated the shadowy cyber protest network and discovered details of its leadership and structure.

Hacktivists, journalists and bloggers have since pored over the emails and discovered what appears to be a proposal that was intended to be pitched to the Bank of America to sabotage WikiLeaks and discredit journalists who are sympathetic to the whistle-blowing website.

The PowerPoint presentation claims a trio of internet security companies – HB Gary Federal, Palantir Technologies and Berico Technologies – are already prepared to attack WikiLeaks which is rumoured to be getting ready to release a cache of potentially embarrassing information on the Bank of America.

– more…

Posted in And Now for Something Completely Different, CyberChaos, Politics, Technical | No Comments »

Privacy – not!

Thursday, February 3rd, 2011

– Ever worry about your personal privacy?   Like to keep your address secret?   Love how cute your kids are but would, perhaps, not care to let the entire world know where such cute kids live?   Ever posted pics of your jewelery?    Yes?   Well, I hope you don’t shoot your pics with an iPhone because if you do, you’ve just gotten a whole bunch more to worry about in your life.

– Check out this video:  

– Wonder if such an amazing thing could be true?    It is.   I checked it out with my iPhone and every photo I’ve ever shot has the GPS coordinates of where I shot it embedded in the information that travels with the photo.   Damn!   You’d think on  feature like that, Apple would have set it to ‘off’ unless someone understood the risks and made a conscious decision to turn it “on”.

– dennis

– research thanks to Carol S.

Posted in And Now for Something Completely Different, Mental Irrationality, Technical | No Comments »

US unable to win a cyber war

Monday, April 5th, 2010

24 Feb 2010

The inability to deflect even a simulated cyber attack or mitigate its effects shown in the exercise that took place some six days ago at Washington’s Mandarin Oriental Hotel doesn’t bode well for the US.

Mike McConnell, the former Director of National Intelligence, said to the US Senate Commerce, Science, and Transportation Committee yesterday that if the US got involved in a cyber war at this moment, they would surely lose. “We’re the most vulnerable. We’re the most connected. We have the most to lose,” he stated.

Three years ago, McConnell referred to cybersecurity as the ‘‘soft underbelly of this country’’ and it’s clear that he thinks things haven’t changed much since then.

And he isn’t that optimistic about what warnings about the possibility might achieve. According to InfoWorld, he thinks that only an attack with catastrophic consequences will spur the government into action. “We will not mitigate this risk,” he says. “We will talk about it, we will wave our hands, we’ll have a bill, but we will not mitigate this risk.”

James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, thinks that cyber security is not something that has to be left in the hands of private companies and that government intervention should be called for. “Government needs to give the market a kick,” says McConnell.

Not so long ago, the introduction of two Senate bills that would allow the US president to shut down the Internet in case of a cyber emergency made corporations all over the country sweat. But, it’s plain to see that government affiliated experts would welcome it with open arms and are longing to see the government taking a more active role when it comes to cybersecurity.

– To the original…

Posted in Conflict, CrashBlogging, CyberChaos, Tech-General, The Perfect Storm | No Comments »

« Older Entries
Newer Entries »