Wednesday, November 24, 2010

It's the bank job to protect your money, but don't you have an obligation to investigate how they will do it? (e.g. Look to see if the do have a vault.)

Escrow Co. Sues Bank Over $440K Cyber Theft

November 24, 2010 by admin

Brian Krebs writes:

An escrow firm in Missouri is suing its bank to recover $440,000 that organized cyber thieves stole in an online robbery earlier this year, claiming the bank’s reliance on passwords to secure high-dollar transactions failed to measure up to federal e-banking security guidelines.

The attack against Springfield, Mo. based title insurance provider Choice Escrow and Land Title LLC began late in the afternoon on St. Patrick’s Day, when hackers who had stolen the firm’s online banking ID and password used the information to make a single unauthorized wire transfer for $440,000 to a corporate bank account in Cyprus.


Just because you bought it doesn't mean you own it. What liability would this create for an organization? Another area that “Access Policies” need to address. (If they have sufficient access rights to “wipe” your messages, they probably have sufficient access rights to copy and read them as well.)

When Your Company Remote-Wipes Your Personal Phone

Posted by kdawson on Tuesday November 23, @05:33PM

"NPR has a story about someone whose personal iPhone got remotely wiped by their employer. It was actually a mistake, but it was something of a surprise because they didn't believe they had given their employer any kind of access to do that. This may already be very familiar to Microsoft Exchange admins, but the problem was her iPhone's integration with MS Exchange automatically gives the server admin access to do remote wipes. All you have to do is configure the phone to receive email from an MS Exchange server and the server admin can wipe your phone at will. The phone wasn't bricked, even though absolutely all of its data was wiped, because the data could be restored from backup, assuming that someone had remembered to make one. But this also works on other devices like iPads, Blackberry phones, and other smartphones that integrate with MS Exchange. So if you read your work email on your personal phone or tablet, you might want to make sure that you keep backups, just in case."

It fits. “Citizens gots no rights whatout da gov'mint giz em to em.” (famous New Jersey Philosopher)

MUST READ: DHS & TSA: Making a list, checking it twice

November 23, 2010 by Dissent

I have no way of verifying the accuracy of this column by Doug Hagmann, but think it’s so troubling that it needs to be shared in case the memo is exactly as he summarizes it:

Following the publication of my article titled “Gate Rape of America,” I was contacted by a source within the DHS who is troubled by the terminology and content of an internal memo reportedly issued yesterday at the hand of DHS Secretary Janet Napolitano. Indeed, both the terminology and content contained in the document are troubling. The dissemination of the document itself is restricted by virtue of its classification, which prohibits any manner of public release. While the document cannot be posted or published, the more salient points are revealed here.

The memo, which actually takes the form of an administrative directive, appears to be the product of undated but recent high level meetings between Napolitano, John Pistole, head of the Transportation Security Administration (TSA),and one or more of Obama’s national security advisors. This document officially addresses those who are opposed to, or engaged in the disruption of the implementation of the enhanced airport screening procedures as “domestic extremists.”


The terminology contained within the reported memo is indeed troubling. It labels any person who “interferes” with TSA airport security screening procedure protocol and operations by actively objecting to the established screening process, “including but not limited to the anticipated national opt-out day” as a “domestic extremist.” The label is then broadened to include “any person, group or alternative media source” that actively objects to, causes others to object to, supports and/or elicits support for anyone who engages in such travel disruptions at U.S. airports in response to the enhanced security procedures.

For individuals who engaged in such activity at screening points, it instructs TSA operations to obtain the identities of those individuals and other applicable information and submit the same electronically to the Homeland Environment Threat Analysis Division, the Extremism and Radicalization branch of the Office of Intelligence & Analysis (IA) division of the Department of Homeland Security.

Read more on Canadian Free Press.

(Related) At some point the politicians will hear the voice of the voter... Won't they?

November 23, 2010

Majority of Americans Now Oppose Body Scanners and TSA Pat Downs

EPIC: "A new poll by Zogby International finds that 61% of Americans polled between Nov. 19 and Nov. 22 oppose the use of full body scans and TSA pat downs. Of those polled, 52% believe the enhanced security measures will not prevent terrorist activity, almost half (48%) say it is a violation of privacy rights, 33% say they should not have to go through enhanced security methods to get on an airplane, and 32% believe the full body scans and TSA pat downs to be sexual harassment. The Zogby Poll is the most recent survey of American opinion on the new airport screening procedures. Combined with earlier polls by USA Today and the Washington Post-ABC News, the Zogby Poll reflects declining support for the TSA program."

  • News release: "U.S. Rep. Rush Holt, a scientist and the Chairman of the House Select Intelligence Oversight Panel, Friday wrote the Administrator of the Transportation Security Administration (TSA), reiterating his concerns about the use of body imaging technology, notably about potential health effects and the effectiveness of the screening to detect the full range of explosive threats known or anticipated to be used by potential terrorists...the majority of the radiation from X-ray backscatter machines strikes the top of the head, which is where 85 percent of the 800,000 cases of basal cell carcinoma diagnosed in the United States each year develop."

(Related) Apparently this has become a “big enough” story that editors are willing to invest some time to do research.

Your risks and rights with TSA's 'enhanced' screening (FAQ)


Survive a TSA Screening

You can take pictures, but you can't take good pictures? What is the basis for this? All terrorists have DSLRs?

Kuwait Bans DSLR Cameras Use For Non-Journalists

Posted by kdawson on Tuesday November 23, @02:25PM

"Kuwait has banned the use of Digital Single Lens Reflex (DSLR) cameras in public places for anyone who is not a journalist. The ban, which was passed by the unanimous agreement of the country's Ministry of Social Affairs, Ministry of Information and Ministry of Finance, prevents the public from using DSLR devices on the streets of the Middle Eastern State. Tourists are to be affected by the new laws and must be aware of this before travelling to Kuwait. Smaller digital cameras and camera phones are exempt from the ban."

Interesting question for my Computer Security students: Can a “social network” be made “Secure?”

Open-Source Social Network Diaspora Goes Live

Posted by timothy on Tuesday November 23, @11:44PM

"Diaspora, a widely anticipated social network site built on open-source code, has cracked open its doors for business, at least for a handful of invited participants. 'Every week, we'll invite more people,' stated the developers behind the project, in a blog item posted Tuesday announcing the alpha release of the service. 'By taking these baby steps, we'll be able to quickly identify performance problems and iterate on features as quickly as possible.' Such a cautious rollout may be necessary, given how fresh the code is. In September, when the first version of the working code behind the service was posted, it was promptly criticized for being riddled with security errors. While Facebook creator Mark Zuckerberg may not be worried about Diaspora quite yet, the service is one of a growing number of efforts to build out open-source-based social-networking software and services."

Also for my Computer Security students

November 22, 2010

EFF Tool Offers New Protection Against Exploits of Webpage Security Flaws

News release: "The Electronic Frontier Foundation (EFF) has launched a new version of HTTPS Everywhere, a security tool that offers enhanced protection for Firefox browser users against "Firesheep" and other exploits of webpage security flaws. HTTPS secures web browsing by encrypting both requests from your browser to websites and the resulting pages that are displayed. Without HTTPS, your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking... This new version of HTTPS Everywhere responds to growing concerns about website vulnerability in the wake of Firesheep, an attack tool that could enable an eavesdropper on a network to take over another user's web accounts -- on social networking sites or webmail systems, for example -- if the browser's connection to the web application either does not use cryptography or does not use it thoroughly enough... Other sites targeted by Firesheep that now receive protection from HTTPS Everywhere include, Cisco, Dropbox, Evernote, and GitHub. In addition to the HTTPS Everywhere update, EFF also released a guide to help website operators implement HTTPS properly."

For my Ethical Hackers. A computer is a computer is a computer...

Rootkit In a Network Card Demonstrated

Posted by kdawson on Tuesday November 23, @03:11PM

KindMind notes coverage in The Register on a researcher who has developed a firmware-based rootkit that resides in a network card. Here is the developer's blog entry.

"Guillaume Delugré, a reverse engineer at French security firm Sogeti ESEC, was able to develop proof-of-concept code after studying the firmware from Broadcom Ethernet NetExtreme PCI Ethernet cards... Using the knowledge gained from this process, Delugré was able to develop custom firmware code and flash the device so that his proof-of-concept code ran on the CPU of the network card."

For my Ethical Hackers.

Crooks Hack Music Players For ATM Skimmers

Posted by kdawson on Tuesday November 23, @01:37PM

tsu doh nimh sends in a report that criminals increasingly are cannibalizing parts from handheld audio players and cheap spy cams to make extremely stealthy and effective ATM skimmers. These are devices designed to be attached to cash machines to siphon card + PIN data.

"The European ATM Security Team (EAST) found that a new type of analogue skimming device — using audio technology — has been reported by five countries, two of them 'major ATM deployers' (defined as having more than 40,000 ATMs)... The basic method for conducting these attacks was mentioned in a 1992 edition of the hacker e-zine Phrack (the edition that explains audio-based skimmers is Phrack 37)."

Strategy: Fight every action strongly and immediately.

EMI Seeks to Bar EFF From Cloud-Music Case

Billion-dollar record label EMI has asked a New York City federal judge to bar a non-profit legal rights group from filing a friend-of-the-court brief in a closely watched internet copyright case that could have broad implications for the future of cloud computing.

EMI says the brief filed last week by the Electronic Frontier Foundation and other groups supporting MP3tunes’s argument that it’s not responsible for what music its users store on its servers should be barred because it is “a pure advocacy piece, not a ‘friend of the court.’”

… EMI argues that EFF’s brief is too long

… Because EFF’s brief supports MP3tunes, EMI says, its arguments are “duplicative”

… EFF’s brief “contains unsupported speculation that is not helpful to the Court.”

They're kidding, right? “Helen of Troy: The (thing above the neck on the front of the head) that launched a thousand ships.”

Patent Office Agrees To Facebook’s “Face” Trademark

Facebook is just a payment away from trademarking the word “Face.” As of today the U.S. Patent And Trademark Office has sent the social networking site a Notice of Allowance, which means they have agreed to grant the “Face” trademark to Facebook.

Think outside the textbook! - Find & Download eBooks

As its name suggests, eBookBrowse is a site where you can find all the eBooks that you might possibly want to read. What the name does not tell you is that through the site you will also be able to download any of the featured titles, and then take them with you wherever you go.

The site features a neat search tool that will let you specify both the name of the book (or document) that you want to get your hands on, and also the kind of filetype that you are primarily interested in getting. If you are aware that your computer is actually a bit archaic and you want to play it safe, you can request that only PDF files be looked up.

Besides, the site will let you see all the documents that people have searched the most during the past week or month - whatever suits you best. And it is possible to see these documents that have been commented by users of the site more actively, too.

This looks to be very handy...

Draw Diagrams & Pictures On Your Computer Screen During Presentations With Sketch It

Wouldn’t it be nice … to have the ability to simply draw, sketch or jot notes anywhere on the screen during a presentation or video conference? Thankfully, there’s an innovative app called Sketch It that lets you do just that.

Don't let my wife see this article. She thinks I like Pumpkin Pie because I look like a pumpkin...

Pumpkin Pie increases Male Sex Drive

Posted by samzenpus on Tuesday November 23, @03:05PM

Dr. Alan Hirsch, Director of Chicago's Smell and Taste Treatment and Research Center, says the key to a man's heart, and other parts, is pumpkin pie. Out of the 40 odors tested in Hirsch's study, a mixture of lavender and pumpkin pie got the biggest rise out of men ages 18 to 64. [“Biggest rise” – I get it. Bob] That particular fragrance was found to increase penile blood flow by an average of 40%. "Maybe the odors acted to reduce anxiety. By reducing anxiety, it acted to remove inhibitions," said Hirsch.

No comments: