The pocket spy: Will your Smartphone rat you out?
by Linda Geddes,14 October 2009 issue of New Scientist
According FakeResume.com, a web site that teaches job seekers how to lie and get away with it, 53% of job applicants lie to get a job.
The top 3 lies that candidates tell HR are as follows:
1. Covering up employment gaps
2. Fake references
3. Phony responsibilities
I guess I have too much time on my hands — look at what I found.
CASTING CALL – Real Working Security Guards
If this sounds like you, we want to hear from you. You could be the star of the first season of The Real Security Guards.
I guess it had to happen — I just hope the resulting show favorably illustrates the value of this industry and the challenges its people face.
The add provides Sandi Butler as the contact at Tricon Films & Television in Toronto with 416-341-9926 or email: realmallcops@triconfilms.com.
During a recent project I came across an interesting study about the vulnerability of hotels from Cornell’s Center for Hospitality Research which finds that safety and security equipment in U.S. hotels varies dramatically by size, location, and overall hotel class.
For more on hotel Wi-Fi security in hotels, check out Dan Lohrman’s blog post and Hotel Network Security: A Study of the Computer Networks in U.S. Hotels also from Cornell.
An article entitled, Study: Terror attacks on hotels surge since 9/11, refers to a STRATFOR study entitled, Special Security Report: The Militant Threat to Hotels.
While it’s impossible to escape every social networking threat out there, there are steps one can take to significantly reduce the risks
A social engineer is someone who uses deception, persuasion, and influence to get information that would otherwise be unavailable. To social engineers, the fact that “there is a sucker born every minute” gives them the opportunity to circumvent some of the most secure data centers in the world.
Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.
Delivery of large reports and file material is becoming a problem for many organisations. Electronic file delivery poses risks to the integrity and security of the data, and delivery of printed copies is too slow and expensive. Email delivery is not possible in many cases as the files may be too large, even when zipped.
You can resort to establishing an FTP site of your own, or create a secure delivery site using something like OWL, or use a third party service.
A usable third party solution to this problem is YouSendIt. This lets you send and receive files up to 2GB in size. A zipped 2GB file represents a large volume of data. Passwords control access to files you are sending and receiving, but YouSendIt does not encrypted files on their servers.
Regardless of the solution selected, the person transmitting the data must assume responsibility for the encryption. Never, ever, let somebody else take responsibility for the encryption — do it yourself on your own computer.
Your mobile phone can become a slave bracelet if it is compromised by malicious software.
The following article illustrates the dangers of using web-base collaborative applications.
Google Privacy Blunder Shares Your Docs Without Permission
by Jason Kincaid on March 7, 2009
In a privacy error that underscores some of the biggest problems surrounding cloud-based services, Google has sent a notice to a number of users of its Document and Spreadsheets products stating that it may have inadvertently shared some of their documents with contacts who were never granted access to them.
Thousands of people around the world use Onion Routing or TOR to do things on the Internet. Private Investigators should use it to maintain anonymity during investigations. Continue reading ‘The Anonymous Investigator’
Under certain circumstances, if you lose sight of your mobile telephone, then you may reasonably assume it has been compromised. These circumstances are more common than you might think. Here are two cases of this that I have encountered over the last year or so. Continue reading ‘Mobile Phones & Tin Foil Hats’
An excellent article at Sharp Ideas about software called Slurp that turns an I-pod into a covert data theft device.
An unauthorized visitor shows up after work hours disguised as a janitor and carrying an iPod…He walks from computer to computer and “slurps” up all of the Microsoft Office files from each system. Within an hour he has acquired 20,000 files from over a dozen workstations…
I see a lot of silly security measures against the most improbable risk scenarios. Yet the simplest attacks succeed over and over again. We have to do more to defend against these simple, direct, and constantly repeated attacks.
The following books illustrate that mundane attacks, which so often succeed, represent an enormous drain on our economy. Understanding why these attacks result in large losses is the first step in preventing them. To work both sides of the street, the Competitive Intelligence professional should understand these attacks. The Competitive Intelligence professional will understand the risk better than anybody and should educate his colleagues about the risks and solutions. The Competitive Intelligence professional will also be positioned to exploit the opposition’s failings where legally and ethically permitted.
Confessions of a Corporate Spy
A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars.
“Never measure security budgets by IT,” said Winkler, author of .
Other excellent books in this area are:
and .
Napoleon said, “The art of war does not require complicated maneuvers; the simplest are the best, and common sense is fundamental. From which one might wonder how it is generals make blunders; it is because they try to be clever.”
Applying Napoleon’s maxim on simplicity to protecting critical data throughout your organization would go a long way to securing your company’s most precious asset.
Is this proof that most tax authorities are crooks?
Vanished tycoon named in tax haven inquiry
…stolen bank documents that were sold to the tax authorities by a
whistleblowerthief who worked at LGT, one of the principality’s biggest banks.Tax authorities across the world are now using the data to investigate people suspected of hiding their assets in the tax haven.
Germany’s government last week bought another set of data listing the names of 1,850 more people with bank accounts in the principality.
A partner at one the world’s biggest accountancy firms said: “By buying stolen data, tax authorities have encouraged anyone in a bank in Liechtenstein, Monaco or any other tax haven to sell private banking records for cash.
The thief, Heinrich Kieber, according to Forbes, financed a real estate deal in Spain during 1996 with “uncovered checks”. He was not charged and did not have a criminal record when he joined the bank in Liechtenstein. However, the consequences of his Spanish real estate deal followed him to Liechtenstein. In 2001, he was fined 600,000 Swiss francs ($552,000) for fraud by the Liechtenstein judicial system. To get out of this, he tried to blackmail the authorities with the stolen data. When that didn’t work-out to his satisfaction he sold the data to Germany.
I wonder if this thief and extortionist is paying taxes on his $7.5 million blood money from under his rock or wherever he is hiding. On the other hand, I am certain that the public officials who were complicit in this crime kept their jobs or were promoted.
The U.S. government has published its policy regarding seizing laptops and other devices capable of storing data.
Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption, or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, US Customs and Border Protection and US Immigration and Customs Enforcement… DHS officials said that the newly disclosed policies — which apply to anyone entering the country, including US citizens — are reasonable and necessary to prevent terrorism… The policies cover ‘any device capable of storing information in digital or analog form,’ including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover ‘all papers and other written documentation,’ including books, pamphlets and ‘written materials commonly referred to as “pocket trash…”
It seems the best thing is to keep encrypted files on a network drive at home, and download the needed encrypted data after crossing the border.