Tag Archive for 'Security'

Page 3 of 4

Social Engineering Tactics

Published on June 17, 2009 in Security. 0 Comments Tags: .

Top 10 Social Engineering Tactics

A social engineer is someone who uses deception, persuasion, and influence to get information that would otherwise be unavailable. To social engineers, the fact that “there is a sucker born every minute” gives them the opportunity to circumvent some of the most secure data centers in the world.

Chained Exploits: Advanced Hacking Attacks from Start to Finish

Nowadays, it’s rare for malicious hackers to rely on just one exploit or tool; instead, they use “chained” exploits that integrate multiple forms of attack to achieve their goals. Chained exploits are far more complex and far more difficult to defend. Few security or hacking books cover them well and most don’t cover them at all. Now there’s a book that brings together start-to-finish information about today’s most widespread chained exploits–both how to perform them and how to prevent them.

The Modern Slave Bracelet

Published on April 24, 2009 in Communication, Dirty Tricks, Privacy, Security and Surveillance. 0 Comments Tags: , , , , .

Your mobile phone can become a slave bracelet if it is compromised by malicious software.

Google Docs Privacy Risk

Published on March 9, 2009 in News, Privacy and Security. 1 Comment Tags: , , .

The following article illustrates the dangers of using web-base collaborative applications.

Google Privacy Blunder Shares Your Docs Without Permission
by Jason Kincaid on March 7, 2009

In a privacy error that underscores some of the biggest problems surrounding cloud-based services, Google has sent a notice to a number of users of its Document and Spreadsheets products stating that it may have inadvertently shared some of their documents with contacts who were never granted access to them.

The Anonymous Investigator

Published on February 2, 2009 in Communication, Methods, Private Investigator, Security and The Investigator's Computer. 1 Comment Tags: , , , , .

The Onion Router (TOR)

Thousands of people around the world use Onion Routing or  TOR to do things on the Internet. Private Investigators should use it to maintain anonymity during investigations. Continue reading ‘The Anonymous Investigator’

Mobile Phones & Tin Foil Hats

Published on January 12, 2009 in Espionage, Industrial Espionage, Intelligence Services, Security and Surveillance. 1 Comment Tags: , , , .

Under certain circumstances, if you lose sight of your mobile telephone, then you may reasonably assume it has been compromised. These circumstances are more common than you might think. Here are two cases of this that I have encountered over the last year or so. Continue reading ‘Mobile Phones & Tin Foil Hats’

Data Slurping

Published on November 11, 2008 in Industrial Espionage and Security. 0 Comments Tags: , .

An excellent article at Sharp Ideas about software called Slurp that turns an I-pod into a covert data theft device.

An unauthorized visitor shows up after work hours disguised as a janitor and carrying an iPod…He walks from computer to computer and “slurps” up all of the Microsoft Office files from each system. Within an hour he has acquired 20,000 files from over a dozen workstations…

From Competitive Intelligence to Counter Intelligence

Published on August 28, 2008 in Competitive Intelligence, Industrial Espionage and Security. 0 Comments Tags: , , .

I see a lot of silly security measures against the most improbable risk scenarios. Yet the simplest attacks succeed over and over again. We have to do more to defend against these simple, direct, and constantly repeated attacks.

The following books illustrate that mundane attacks, which so often succeed, represent an enormous drain on our economy. Understanding why these attacks result in large losses is the first step in preventing them. To work both sides of the street, the Competitive Intelligence professional should understand these attacks. The Competitive Intelligence professional will understand the risk better than anybody and should educate his colleagues about  the risks and solutions. The Competitive Intelligence professional will also be positioned to exploit the opposition’s failings where legally and ethically permitted.

Confessions of a Corporate Spy

A former National Security Agency analyst who is now an expert on corporate espionage offered chilling accounts yesterday of his easy penetration into a variety of U.S. companies. In one case, in just a few hours he was able to make off with product plans and specifications worth billions of dollars.

“Never measure security budgets by IT,” said Winkler, author of [asa link]0764584685[/asa].

Other excellent books in this area are:

[asa link]1591096227[/asa]

and  [asa link]0595301290[/asa].

Napoleon said, “The art of war does not require complicated maneuvers; the simplest are the best, and common sense is fundamental. From which one might wonder how it is generals make blunders; it is because they try to be clever.”

Applying Napoleon’s maxim on simplicity to protecting critical data throughout your organization would go a long way to securing your company’s most precious asset.

Tax Authorities Parties to Theft

Published on August 18, 2008 in Security. 0 Comments Tags: .

Is this proof that most tax authorities are crooks?

Vanished tycoon named in tax haven inquiry

 …stolen bank documents that were sold to the tax authorities by a whistleblower thief  who worked at LGT, one of the principality’s biggest banks.

Tax authorities across the world are now using the data to investigate people suspected of hiding their assets in the tax haven.

Germany’s government last week bought another set of data listing the names of 1,850 more people with bank accounts in the principality.

A partner at one the world’s biggest accountancy firms said: “By buying stolen data, tax authorities have encouraged anyone in a bank in Liechtenstein, Monaco or any other tax haven to sell private banking records for cash.

The thief, Heinrich Kieber, according to Forbes, financed a real estate deal in Spain during 1996 with “uncovered checks”. He was not charged and did not have a criminal record when he joined the bank in Liechtenstein. However, the consequences of his Spanish real estate deal followed him to Liechtenstein. In 2001, he was fined 600,000 Swiss francs ($552,000) for fraud by the Liechtenstein judicial system. To get out of this, he tried to blackmail the authorities with the stolen data. When that didn’t work-out to his satisfaction he sold the data to Germany.

I wonder if this thief and extortionist is paying taxes on his $7.5 million blood money from under his rock or wherever he is hiding. On the other hand, I am certain that the public officials who were complicit in this crime kept their jobs or were promoted.

U.S. Policy of Seizing Data at the Border

Published on August 5, 2008 in Intelligence Services and Security. 1 Comment Tags: , .

The U.S. government has published its policy regarding seizing laptops and other devices capable of storing data.

Federal agents may take a traveler’s laptop or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption, or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, US Customs and Border Protection and US Immigration and Customs Enforcement… DHS officials said that the newly disclosed policies — which apply to anyone entering the country, including US citizens — are reasonable and necessary to prevent terrorism… The policies cover ‘any device capable of storing information in digital or analog form,’ including hard drives, flash drives, cell phones, iPods, pagers, beepers, and video and audio tapes. They also cover ‘all papers and other written documentation,’ including books, pamphlets and ‘written materials commonly referred to as “pocket trash…”

It seems the best thing is to keep encrypted files on a network drive at home, and download the needed encrypted data  after crossing the border.

Power User 115 – The Page File

Published on July 28, 2008 in Power User Tips, Privacy, Security and The Investigator's Computer. 0 Comments Tags: , , , .

With Windows XP, to clear the page file on shutdown go to Control Panel->Administrative Tools-> Local Security Policy->Local Policies->Security Options->Shutdown: Clear Virtual Memory Pagefile … enable it. It is wise to enable this setting on every computer you use.

We tell people to travel with a “clean” laptop.  However, Windows creates a lot of  temporary files. The most damaging can be the Page file. Everything that went into virtual memory is there in a file on the hard drive. Of course you should also use a good file erasure programme before shutting off the laptop.

Power User 114 – File Wipers

Published on July 23, 2008 in Power User Tips, Privacy, Security and The Investigator's Computer. 0 Comments Tags: , , , .

Even computer ‘wipers’ leave a mark

Evidence Eliminator and similar software can kill out files and perform other tasks. But their use can raise red flags in a legal dispute.

But the wiper programs don’t ensure a clean getaway. They leave behind a kind of digital calling card.

“Not only do these programs leave a trace that they were used, they each have a distinctive fingerprint,” Kessler said. “Evidence Eliminator leaves one that’s different from Window Washer, and so on.”

I recommend the use of file erasure tools, especially when crossing international borders with computers. If you use such a programme regularly you have plausible deniability if you’re accused of erasing data to keep it from the police or the courts. If you always use it, then its “fingerprint” will always be there. If the install date matches the computer’s purchase date, then they can’t say you did this to eliminate the evidence the courts or police were seeking. Also, get a receipt for the wiper programme to show when it was purchased for the same reason.

File erasure programmes are part of prudent security practices and should not be viewed as something suspicious.

Secret Laser Printer ID Codes

Published on July 18, 2008 in Forgery, Privacy, Private Investigator, Report Writing and Security. 0 Comments Tags: , , , , .

This is not a new issue. A 2004 PC World article described the technology. In February, 2008, I wrote about the EU concerns that these secret printer ID codes may break EU Privacy laws. The EFF has a list of the printers that print these secret codes used by the US government to match a document to the laser printer that produced it.

Another article about this appeared in USA Today a few days ago.

Printer dots raise privacy concerns

The dots, invisible to the naked eye, can be seen using a blue LED light and are used by authorities such as the Secret Service to investigate counterfeit bills made with laser printers…

Privacy advocates worry that the little-known technology could ensnare political dissidents, whistle-blowers or anyone who prints materials that authorities want to track.

The dots are produced only on laser devices and not ink-jet printers, which are most commonly used at home…

As an investigator, this might present an opportunity if the dot pattern is consistent enough to be matched to a particular printer or printer type without being able to decode the dots. If this were the case, then you might not need the ability to decode the dots in some instances. For example, at a company with many different types of laser printers. The process of elimination might indicate which printer(s) could have created a document.

Dumpster-diving in the Digital Age

Published on July 2, 2008 in Competitive Intelligence, Industrial Espionage and Security. 0 Comments Tags: , , .

Dumpster-diving — going through trash bins in hopes of finding paper records with valuable information like customer names or future product plans — is alive and well in the age of USB flash drives and portable music players.

An excellent article from Robert L. Scheier in Computerworld, on Monday, December 17, 2007 entitled, Dumpster-diving for e-data, discusses the risk factors and offers some solutions.

Popular Mechanics offers advice on how to destroy hard drives.

Security Scanner or Research Tool

Published on June 4, 2008 in Search Engines, Search Strategies and Security. 0 Comments Tags: , , , .

FoundStone (a division of McAffee) recently released a free tool called SiteDigger. The tool uses the Google API to scan cached pages of a web site and then performs security checks on those cached pages. One of the things it will look for is open security webcams.

Chinese Spies Steal US Passport Smart Chip

Published on April 22, 2008 in Espionage, Forgery, Identity Fraud, Industrial Espionage, Intelligence Services, Security, Terrorism and U.S.A.. 0 Comments Tags: , , , , , , , , .

The US authorities demand that everybody entering their country have a passport and identity documents compliant with their security standards, but when it comes to their own passports, they have a much lower security standard than they demand of other countries.

Outsourcing passports ‘profound liability’

The blank passports travel to Europe where a microchip is inserted in the back cover and then onto Thailand where they are fitted with a radio antenna. The Netherlands company that makes the covers for the passport said in October that China stole the technology for the microchips, the Times said.

Outsourced passports netting govt. profits, risking national security

The Government Printing Office’s decision to export the work has proved lucrative, allowing the agency to book more than $100 million in recent profits by charging the State Department more money for blank passports than it actually costs to make them, according to interviews with federal officials and documents obtained by The Times.