Security Alert: iCracked
By on 29/10/2010
Keep abreast of the espionage threats facing your organisation.
Firesheep Makes Stealing Your Wi-Fi Secrets Easy
via Steven J. Vaughan-Nichols
From all the yammering, you’d actually think there was something new about Firesheep, the Firefox extension that lets you grab login IDs, passwords, and other important information. What a joke. I, and any hacker or network administrator worth his salt, have been able to do this kind of stuff for years.
The only thing “new” about Firesheep is that how it easy makes it to do. I’m unimpressed. Anyone who was serious about grabbing your personal information has already been doing it for years. Trust me, if someone really wanted your data and you’ve been using open Wi-Fi networks, they already grabbed it.
No, the real worry isn’t about some jerk grabbing your Twitter password in a coffee house. The real worry has always been that your office Wi-Fi is easy to compromise and then someone can use a packet-sniffer to get something that really matters like your your Accounts Payable password. (more)Need a Wi-Fi Security Audit and Compliance Inspection? (you do) Please call me. (more)
11/4/10 – UPDATE: IBM researchers are proposing an approach to WiFi security they call Secure Open Wireless in light of the release of the Firesheep tool. (more)
11/5/10 – UPDATE: 10 Ways to Protect Yourself from Firesheep Attacks (more)
By on 28/10/2010
Our Spy Coin Receives the Ultimate Compliment
I give spy coins to my clients.
It is a reminder that information loss is mostly a people problem, not an electronic problem. Filing cabinets of information can walk out the door in pocket change!
It is a reminder that information loss is mostly a people problem, not an electronic problem. Filing cabinets of information can walk out the door in pocket change!
Careless people often blab information, forget to secure it, toss it in the garbage can, or otherwise lose it—hundreds of laptops are lost every day. People also steal it when they become greedy, spiteful, conned, blackmailed, or caught up in a “cause.”
Investigating an information loss, however, begins with an electronic surveillance detection audit.
Here’s why…
• Serious espionage will include electronic surveillance.
• The possibility must be resolved before accusing people.
• Bugging is the easiest spy technique to discover.
• Electronic surveillance evidence helps prove your case.
Best advice… Conduct audits on a regular basis. Uncover signs of espionage during the intelligence collection stage, before your information can be abused. (more)
A client reports back…
“I think of all of the trinket type things we’ve accumulated over the years, the spy coin is *by far* the coolest, and is made even cooler with the background story provided on the chip!!
I took mine with me to the FBI building today and had the guards there X-ray it along-side of a normal quarter to see if its secret contents could be seen on an “airport quality” X ray machine. They printed out a copy of the scan image, I’ve attached it to this email for your amusement as well.
Several agents commented on how well it was made, and how hard it would be to detect such a thing.“
By on 28/10/2010
Why Wiretap When You Can buy the Phone Company?
A proposed deal between Sprint Nextel, Cricket and two Chinese telecom companies has raised a few eyebrows, with some U.S. senators concerned about security.
The Hill reports a bipartisan group of legislators wrote a letter seeking reassurance about the deal from Federal Communications Commission Chairman Julius Genachowski.
The letter, signed by Susan Collins (R-Maine), Jon Kyl (R-Ariz.) and Joe Lieberman (I-Conn.), contends the two Chinese companies, ZTE Corporation and Huawei, have ties to the Chinese military and are financed by the Chinese government.
The letter raised the specter of the Chinese government or military using the companies to spy on American communications. (more)
By on 25/10/2010