The US authorities demand that everybody entering their country have a passport and identity documents compliant with their security standards, but when it comes to their own passports, they have a much lower security standard than they demand of other countries.
The blank passports travel to Europe where a microchip is inserted in the back cover and then onto Thailand where they are fitted with a radio antenna. The Netherlands company that makes the covers for the passport said in October that China stole the technology for the microchips, the Times said.
The Government Printing Office’s decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.
I previously wrote about Bill C-27 and how it will make it an offence in Canada to recklessly make available or sell personal information knowing it will be used to commit fraud.
Google, and others, offer tools such as on-line word processing but your data is housed by that entity, usually in the USA, and is thus subject to the US Patriot Act, and other laws that allow government surveillance of your data.
In my view, using these Web-based collaborative tools amounts to Reckless Personal Information Handling.
Web-based Collaborative Tools
The Globe and Mail recently published an interesting article about this:
Patriot Act haunts Google service
by SIMON AVERY, Globe and Mail March 24, 2008
Some other organizations are banning Google’s innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures.
Nigel Stanley, at Bloor Research article entitled Ounce Labs weighs into rogue code about the dangers of outsourcing software development. The most interesting part of the article follows:
Industrial espionage, or good old fashioned spying, is as alive and well today as it has ever been. In fact, a lot of time and effort from the security agencies is tied up in dealing with this issue, and contacts have assured me it is worse now than it has ever been as developing countries try to steal a march (maybe even literally) against the developed world. Spying between developed nations is also a problem, with some larger European countries having a dreadful reputation for trying to obtain industrial secrets from so called allies. Software development is an obvious target…
The downside of this approach is that decision makers get seduced by green lights whilst their developers look for even more creative ways of inserting malicious code. No sensible person will ever declare that a product such as Ounce 5 will guarantee that your code is 100% secure…
An excellent CI related blog, Brand Killer Robots, offers this fun comparison of the black-hat hacker and the good guy training people to protect their assets.
Why have Ethical Hacker Training companies got it so wrong?
We ask, just who are the people that you are sending on Ethical hacker training courses and why are you sending them?
So lets first look at the white hats. Continue reading ‘Why Ethical Hacker Training Fails’
The Deccan Herald, one of my favorite sources of news of India, has this wonderful anecdote about bugging:
The great British statesman Winston Churchill had one standard procedure, whenever he was housed in magnificent Russian palaces during his state visits. The first thing the British Prime Minister used to do was to go through all the rooms of his suite shouting “You b@#*%#ds, I know this room is bugged and will not be fooled by you.”
EASY TO PLANT CAMERAS IN HOTEL ROOMS
THE recent sex DVD scandal involving former Malaysian Health Minister Datuk Seri Dr Chua Soi Lek shows how easy it is to rig a spy camera and film someone without their knowledge.
Experts tell The New Paper on Sunday that it takes anyone just 30 minutes to rig a spy cam.
It takes the professionally trained even less time…
A few weeks ago I wrote about a botched background investigation of a former FBI and CIA Intelligence Analyst who entered into a sham marriage to gain citizenship. It turns out that she had ties to Hezbollah.
Now a US Marine Captain has plead guilty of helping the potential Hezbollah operative gain citizenship in the same way she herself did. Read Hezbollah: Signs of a Sophisticated Intelligence Apparatus to see how an incompetent background investigation can have far-reaching implications.
the cases demonstrate that the FBI, CIA and Marine Corps all failed to detect this web of sham marriages when they conducted background investigations on the women in question, especially since the marriages were within the seven-year investigative window required for Prouty’s FBI clearance and Spinelli’s enlistment in the Marine Corps. A full field background investigation should have been able to determine the nature of the sham marriages, given that the women never lived with their purported husbands.”
China’s intelligence service gained access to a secret National Security Agency listening post in Hawaii through a Chinese-language translation service, according to U.S. intelligence officials.
According to officials who spoke on the condition of anonymity, China’s Ministry of State Security, the main civilian spy service, carried out the operations by setting up a Chinese translation service in Hawaii that represented itself as a U.S.-origin company.
South Korea - Concerns have re-emerged over the illegal transfer of high technology abroad, which has been worsening in recent years, in the wake of the latest leak case in which industrial spies handed over key automobile building technology of Hyundai Motor to Chinese firms.
Prosecutors Friday arrested two Hyundai Motor employees, who stole core technology for the automatic transmission of a sports utility vehicle (SUV) that the carmaker has developed with an investment of 300 billion won ($323 million) for two years, to a Chinese carmaker….
Samsung Electronics, for example, has already adopted an advanced security system in its Digital Media Research Center, where each researcher’s location can be traced through satellite-recognized identification cards, in addition to anti-eavesdropping devices.
Rapid7 announced that an attacker with a directional antenna and a laptop can eavesdrop on wireless keyboards manufactured by Microsoft, Logitech, and other vendors, capturing every keystroke from a distance of over 30 feet away. This leaves corporate networks open to illicit intrusion and data theft that will probably look like a data breach originating from within the company.
For a look at the hacker will get, go to this interesting presentation.
Would this be Reckless Personal Information Handling if this vulnerability was exploited at your company?
Blogger and analyst for the Federation of American Scientists (FAS), Hans M. Kristensen, recently discovered a photo of a second and possibly a third Jin-class nuclear-powered submarine at Bohai Shipyard in northeast China. He discovered the image using Google Earth, an online mapping service provided by Internet search engine giant Google, and posted his discovery on his blog on October 4.
The use of Google Earth for this creates some interesting challenges for both governments and private industry. In the private sector, security officials now must consider the loss of proprietary and competitive data through satellite imagery. An example of this might be the construction of new production facilities. In the past, overflights of such facilities have given rise to law suits. Now that the data already exists and is searchable, how does one protect against a loss of critical information in this manner?
I predict the creative use of camouflage will become normal practice over the next couple of decades.
Google accounts present a serious risk to employees who use them in the workplace. Google accounts allow you access to Gmail and another interestng feature, your search history. Unfortunately, your Google account does not time-out.
Now imagine you’re at work. You sign-on to your Google account and check your mail and use Google Reader to check some RSS feeds. You are then called away from your desk. You don’t sign-off, afterall, its only Google. Well your collegue drops by and decides to do a search and check his mail. He searches for a prostitute for tomorrow evening and checks his Gmail and finds yours.
Your collegue has now added some interesting entries to your search history and read your mail. My Yahoo presents a similar risk.
This leads me to think of some interesting oportunities that this offers if I set-up virgin Google and My Yahoo accounts and place them on an unattended PC.
A whistle blower is a person who discovers illegal activity going on in government and exposes that illegal activity.
Jeffrey Monaghan, who was arrested for leaking documents that prematurely revealed details of the government’s climate- change plan, was not a whistleblower. If he released the documents, then he violated the terms of his employment and committed a criminal offence.
Monaghan might like us to believe he is a crusader for the public good, but that is no more creditable than his claim to be an anarchist while working for the government and a member of a “collective” that runs a book store. Don’t let this nomenclature-challenged individual, and his media groupies, confuse you. He’s not a whistleblower and he is not an anarchist. Shame on the so-called journalists for using this incorrect nomenclature.
