Archive for the 'Security' Category

This week, IBM ran a full-page ad in the Wall Street Journal, which advertised that: New York’s “Real Time Crime Center can quickly query millions of pieces of information to uncover previously unknown data relationships and points of connection.” In Poland “personal and vehicle IDs can be instantly checked in an EU-wide database.” In Chicago: […]

Read Full Post »

No matter where you go, your computer leaves footprints on the network. When you connect to the network, logon to your workstation, or surf the web, these activities leave trails throughout your employer or ISP’s network– even when the administrators are not deliberately trying to monitor your activity. Forensic analysts traditionally focus on hard drive […]

Read Full Post »

Rogue Wireless Gets Sneakier

For $40, anyone can purchase a cheap wireless AP and plug it into the company network. Often, employees do this simply for the sake of convenience, not realizing that it opens the company to attack. Criminals also deliberately plant wireless access points, which allow them to bypass the pesky firewall and remotely access the network […]

Read Full Post »

The National Drug Intelligence Center has developed software called (ahem) “HashKeeper” “as its principal tool to expedite the analysis of electronic media.” Hahahaha….. Apparently, “HashKeeper is available free of charge.” Contact the National Drug Intelligence Center for more information. National Drug Intelligence Center c/o Mr. Steve Gironda Telephone: 814-532-4987 E-mail: ndic.domex.request@usdoj.gov Hat tip to John […]

Read Full Post »

Last week marked the original official deadline for the Digital Television Transition, after which analog television broadcasts would be terminated. (The official deadline was recently extended to June 12, 2009.) To ease the transition, the US government launched the TV Converter Box Coupon Program, which “allows U.S. households to obtain up to two coupons, each […]

Read Full Post »

White-Collar Looting

One midsummer night in 1977, the power went out in New York City. “Thousands of people took to the streets and smashed store windows looking for TVs, furniture, or clothing… The police made 3,776 arrests, although…many thousands escaped before being caught. 1,037 fires burned throughout the City…” (Blackout History Project) The troublemakers weren’t faceless terrorists […]

Read Full Post »

Walking through the Minneapolis airport, a friend and I came across something… not right. Apparently, the “New and Improved” Internet Access GateStation kiosk had rebooted, and hung with the BIOS displayed. We laughed and walked closer to get a good look. Interesting. It was configured to boot off a USB floppy drive. There couldn’t be […]

Read Full Post »

Credit bureaus and credit card companies have direct control over the risk of identity theft. They control the systems for granting and rescinding credit, including fundamental mediums for communication and related security features. Oddly, that doesn’t stop them from trying to profit when things go wrong. Credit companies strongly push their identity theft “protection” services, […]

Read Full Post »

Our Revised News

Sign on the old historical archive in Santa Fe, New Mexico. One chilly day last September, United Airlines’ stock temporarily crashed more than $1 billion due to an accidental re-release of an old news report about its 2002 bankruptcy. The New York Times reported that “shares of United traded at one cent… down 99.92 percent, […]

Read Full Post »

Matt Knox, a talented Ruby instructor and coder, talks about his early days designing and writing adware for Direct Revenue. (Direct Revenue was sued by Eliot Spitzer in 2006 for allegedly surreptitiously installing adware on millions of computers.) S: You wrote adware. You bastard. M: [sheepishly] Yes, I did.  I got to write half of […]

Read Full Post »

30-Second Security Assessment

You can tell a lot about a company’s information security posture in 30 seconds. As a security consultant, I’m often amazed at how much I can infer from a simple walk between the front door and the conference room. If you see many computers of the same make and model with the same type of […]

Read Full Post »

Last week, the NSA was granted a patent which supposedly allows them to “Spot Network Snoops.”1 At first glance, the patent seems rather obscure and boring. However, it could have major implications for anonymity and privacy on the Internet. Back in 2005, the same NSA inventor, Michael Reifer, and a colleague were granted a patent […]

Read Full Post »

Watching Big Brother

Early one recent Sunday, I took the train from Boston to New York City to visit the Transit Museum. When I arrived in New York, it was still too early for the museum to be open. I decided to step outside at Penn Station and grab a sandwich. I was surprised to see these signs: […]

Read Full Post »

A few months ago I walked into Radio Shack, looking for a short-range FM transmitter. I asked the woman behind the counter if the store sold FM transmitters. “I don’t know,” she frowned. “The Internet’s down. I can’t access our product catalog.” (Gah!) Weeks later, I walked into a U-Haul to rent a truck. The […]

Read Full Post »

United Airlines Stock Crash

United Airlines stock temporarily lost more than $1 billion in value last week, due to an “accidental” reposting of an old news article which indicated that UA was bankrupt. From the New York Times: “An erroneous headline that flashed across trading screens Monday, saying United had filed for a second bankruptcy, sent the airline’s stock […]

Read Full Post »

GPS and Wall Street

For those of you who didn’t catch the full significance of Jon Warner’s GPS Spoofing demonstration, consider that GPS timing information is crucial for the financial industry: “Banking institutions and Foreign Exchange networks rely heavily on precision timing so a stock order placed on one side of the globe can be received almost instantly in […]

Read Full Post »

GPS Spoofing

Our global society relies on the civilian GPS for our communications networks, transportation of goods, power distribution, financial transactions and emergency response, using precise location information and time synchronization. Unfortunately, the GPS system was not designed for this purpose. The civilian GPS has dangerous security vulnerabilities which now leave our global society at risk of […]

Read Full Post »

Tampering with Transportainers

I stood in a dimly lit room at Argonne National Labs with both wrists handcuffed, working a tool into the mechanism on my right hand. “Push the cuff up and then down,” said Jon Warner helpfully. The cuff snapped open. We were in the Vulnerability Assessment Team’s (VAT) “museum,” a small display room in Argonne […]

Read Full Post »

Deconstructing Botnets

A friend of mine runs public servers which are regularly attacked by botnets. He writes: The hardest way to shut down a botnet is to just collect IPs and report it to the provider and the Feds… Sometimes, you just need to get proactive. Below are some excerpts from our latest discussion. Names have been […]

Read Full Post »

Yesterday, USA Today published an article about fliers without ID, saying: “The Transportation Security Administration has collected records on thousands of passengers who went to airport checkpoints without identification, adding them to a database of people who violated security laws or were questioned for suspicious behavior… The database has 16,500 records of such people and […]

Read Full Post »

« Prev - Next »