Menu
Navigation

Global articles on espionage, spying, bugs, and other interesting topics.

Keep abreast of the espionage threats facing your organisation.

Firesheep Makes Stealing Your Wi-Fi Secrets Easy

via Steven J. Vaughan-Nichols
From all the yammering, you’d actually think there was something new about Firesheep, the Firefox extension that lets you grab login IDs, passwords, and other important information. What a joke. I, and any hacker or network administrator worth his salt, have been able to do this kind of stuff for years.
The only thing “new” about Firesheep is that how it easy makes it to do. I’m unimpressed. Anyone who was serious about grabbing your personal information has already been doing it for years. Trust me, if someone really wanted your data and you’ve been using open Wi-Fi networks, they already grabbed it.
No, the real worry isn’t about some jerk grabbing your Twitter password in a coffee house. The real worry has always been that your office Wi-Fi is easy to compromise and then someone can use a packet-sniffer to get something that really matters like your your Accounts Payable password. (more)
Need a Wi-Fi Security Audit and Compliance Inspection? (you do) Please call me. (more)

11/4/10 – UPDATE:  IBM researchers are proposing an approach to WiFi security they call Secure Open Wireless in light of the release of the Firesheep tool. (more)

11/5/10 – UPDATE: 10 Ways to Protect Yourself from Firesheep Attacks (more)


Espionage Research Institute – Day 1

Attending and presenting at the annual ERI meeting means telling clients we will be unavailable for a few days. They understand once I tell them what goes on behind these closed doors. The information I gather directly benefits them. If you think any of this can help you, give me a call and I will brief you in greater detail.

This is what I heard today…

Need to make sure the people outside of your room can’t overhear you?

Dynasound to the rescue. As they say, “These are not your father’s white noise generators.” Made to be un-filterable, this white noise is injected directly into construction materials (as opposed to vibrated in with old piezo-electric transducers). The benefit… walls, windows, ceilings and floors transmit the sound outward. People in the room can hardly hear it. Bonus… Need a temporary solution (as in a hotel) or need to move the permanent installation? No problem. The new transducers are easy to move.

• Want to have 24/7 monitoring of an area for certain types of bugging devices?
Global TSCM Group has an answer. Their multi-faceted monitoring system may be monitored anywhere via the Internet. It may not be the total answer, but it helps when securing Boardrooms and creating secure conference rooms.

• Need to control Wi-Fi and cell phone usage in your building?
AirPatrol can do it. Once their system is installed, you will know where every rogue laptop, unauthorized Wi-Fi appearance point and cell phone is… within six feet of its exact location, plotted on a computer map. Also, monitorable via the Internet. (PS – There is a whole lot more their system does. Visit their web site.)

Ok… Lunch break.
• Need portable secure storage for cell phones and tablets when everyone enters the top secret meeting? Hey, you never know whose cell phone is infected with spyware, turning their phone into a bugging device. Vector Technologies has the answer, and if the answer doesn’t suit you, talk to them. They will make whatever you need. Bonus… It won’t look like an old pirate’s chest. They make really nice looking stuff with pneumatic lids! Independent testing labs certify effectiveness. Call 540-872-0444.

The rest of the afternoon, ERI members taught what they know…
• “Finds in the Computer World” – Dr. Gordon Mitchell
• “Access Control / Physical Security” – Mark Clayton
• “Building and Using a UV LED Light Source” – Dr. Gordon Mitchell
• “Adventures with Software Defined Radio” – Kevin D. Murray

More tomorrow…
(MJD, DC can be fun. Make the TSCM hajj next year.)