>From - Sat Mar 02 00:57:24 2024
Received: by 10.220.87.146 with SMTP id w18mr283783vcl.7.1252613669759;
Thu, 10 Sep 2009 13:14:29 -0700 (PDT)
Received: by 10.220.87.146 with SMTP id w18mr283782vcl.7.1252613669708;
Thu, 10 Sep 2009 13:14:29 -0700 (PDT)
Return-Path: <ber..._at_netaxs.com>
Received: from newmx3.fast.net (newmx3.fast.net [209.92.1.33])
by gmr-mx.google.com with SMTP id 23si194216vws.10.2009.09.10.13.14.29;
Thu, 10 Sep 2009 13:14:29 -0700 (PDT)
Received-SPF: neutral (google.com: 209.92.1.33 is neither permitted nor denied by best guess record for domain of ber..._at_netaxs.com) client-ip=209.92.1.33;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 209.92.1.33 is neither permitted nor denied by best guess record for domain of ber..._at_netaxs.com) smtp.mail=ber..._at_netaxs.com
Received: (qmail 960 invoked from network); 10 Sep 2009 20:14:28 -0000
Received: from unknown (HELO localhost) ([216.48.8.17]) (envelope-sender <ber..._at_netaxs.com>)
by newmx3.fast.net (qmail-ldap-1.03) with SMTP
for <tscm-..._at_googlegroups.com>; 10 Sep 2009 20:14:28 -0000
Received: from 173-114-87-145.pools.spcsdns.net (173-114-87-145.pools.spcsdns.net [173.114.87.145])
by webmail.uslec.net (IMP) with HTTP
for <ber..._at_popcorn.netaxs.com>; Thu, 10 Sep 2009 16:14:26 -0400
Message-ID: <1252613666.4aa95e22a578b_at_webmail.uslec.net>
Date: Thu, 10 Sep 2009 16:14:26 -0400
From: ed <ber..._at_netaxs.com>
To: tscm-l2006_at_googlegroups.com
Subject: Re: [TSCM-L] {4219} Re: Tech gadgets help corporate spying surge in tough times
References: <84105790-d9a0-4236-bcae-7bf037df02f6_at_p23g2000vbl.googlegroups.com> <4883F8D3.BFAE.4A64.AF15.83C89D1378AE_at_aol.com> <006e01ca3208$3dab8ae0$b902a0a0$_at_com>
In-Reply-To: <006e01ca3208$3dab8ae0$b902a0a0$_at_com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.1
Ian,
Is your "encrypted mobile phone software" source code freely available for
review? And is Apple's iPhone source code freely available for review? (We all
know the answer to the second question.)
Unless all the source code for the "encrypted mobile phone software"--and the
handset on which it runs--is freely available for review, there's no way to
ascertain if it's free of security bugs and backdoors.
The alternative GSMK Cryptophone product's source code has been freely available
for review for quite awhile, and has been peer-reviewed by respected
cryptologists without any findings of security bugs or backdoors:
http://www.cryptophone.de/
-ed
Quoting urbanreef <urban..._at_googlemail.com>:
> Hello
> We would like announce our latest encrypted mobile phone software release
> which supports all models of Apple's iPhone:
>
> * iPhone
> * iPhone 3G
> * iPhone 3GS
>
> our software for iPhone is completely compatible with all other devices -
> PCs, Laptops, Nokia devices and Windows Mobile devices.
>
> Please contact me for a free trial
>
> Regards
>
> Ian
>
>
>
>
>
> From: TSCM-..._at_googlegroups.com [mailto:TSCM-..._at_googlegroups.com] On
> Behalf Of socalsweeps
> Sent: 10 August 2009 04:54
> To: TSCM-..._at_googlegroups.com
> Subject: [TSCM-L] {4094} Re: Tech gadgets help corporate spying surge in
> tough times
>
>
>
>
>
>
> subrosa, please post the whole article, not just the links
>
>
>
> subrosa, please post the whole article, not just the links
>
> Tech gadgets help corporate spying surge in tough times
>
>
>
>
> Updated 7/29/2009 2:19 AM |
> <http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
> ionage-recession-tech_N.htm#uslPageReturn> Comments 22 |
> <javascript:void('Recommend')> Recommend 17
>
>
> <http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
> ionage-recession-tech_N.htm> E-mail |
> <http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
> ionage-recession-tech_N.htm> Save |
> <http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
> ionage-recession-tech_N.htm> Print | <javaScript:RightslinkPopUp()>
> Reprints & Permissions |
> <http://asp.usatoday.com/marketing/rss/rsstrans.aspx?ssts=tech%7Cnews%7Ccomp
> utersecurity> Subscribe to stories like this
>
>
>
>
>
> <javascript:;> Counter-surveillance specialist J.D. LeaSure checks offices
> for video cameras by using an optical signal identifier that emits an
> infrared pulsating light that reflects against camera lenses.
>
> <http://i.usatoday.net/_common/_images/clear.gif>
>
>
> <javascript:;> Enlarge image <javascript:;> Enlarge
>
> By Chuck Thomas for USA TODAY
>
>
> <http://i.usatoday.net/_common/_images/clear.gif>
>
>
> Counter-surveillance specialist J.D. LeaSure checks offices for video
> cameras by using an optical signal identifier that emits an infrared
> pulsating light that reflects against camera lenses.
>
>
>
>
>
> <http://mixx.com/submit/story?page_url=http://www.usatoday.com/tech/news/com
> putersecurity/2009-07-28-corporate-espionage-recession-tech_N.htm&partner=us
> at>
>
> <http://i.usatoday.net/_common/_images/_bugs/owts.gif>
>
> o
> <http://buzz.yahoo.com/buzz?publisherurn=usatoday&guid=http%3A%2F%2Fwww.usat
> oday.com%2Ftech%2Fnews%2Fcomputersecurity%2F2009-07-28-corporate-espionage-r
> ecession-tech_N.htm%3Fcsp%3D34> Yahoo! Buzz
>
> o
> <http://digg.com/submit?phase=2&url=http://www.usatoday.com/tech/news/comput
> ersecurity/2009-07-28-corporate-espionage-recession-tech_N.htm&title=Tech%20
> gadgets%20help%20corporate%20spying%20surge%20in%20tough%20times&topic=>
> Digg
>
> o
> <http://www.newsvine.com/_wine/save?aff=usatoday&u=http://www.usatoday.com/t
> ech/news/computersecurity/2009-07-28-corporate-espionage-recession-tech_N.ht
> m&h=Tech%20gadgets%20help%20corporate%20spying%20surge%20in%20tough%20times&
> t=> Newsvine
>
> o
> <http://reddit.com/submit?url=http://www.usatoday.com/tech/news/computersecu
> rity/2009-07-28-corporate-espionage-recession-tech_N.htm&title=Tech%20gadget
> s%20help%20corporate%20spying%20surge%20in%20tough%20times> Reddit
>
> o
> <http://www.facebook.com/sharer.php?u=http://www.usatoday.com/tech/news/comp
> utersecurity/2009-07-28-corporate-espionage-recession-tech_N.htm&title=Tech%
> 20gadgets%20help%20corporate%20spying%20surge%20in%20tough%20times> Facebook
>
> o
> <http://www.usatoday.com/tech/news/computersecurity/2009-07-28-corporate-esp
> ionage-recession-tech_N.htm#open-share-help> What's this?
>
> By <http://www.usatoday.com/community/tags/reporter.aspx?id=88> Byron
> Acohido, USA TODAY
>
> Marla Suttenberg had a sinking feeling that a corporate spy was shadowing
> her.
>
> In March 2008, the owner of Woodcliff Lake, N.J.-based Sapphire Marketing
> was preparing to give a longtime client a generous price cut on $134,000
> worth of audio/videoconferencing equipment.
>
> But before her sales rep could extend the offer, her chief rival, David
> Goldenberg, then regional vice president of sales for AMX, a Dallas-based
> conferencing systems maker, sent the client an e-mail disparaging Sapphire
> and offering a steeper AMX discount.
>
> "I felt sick to my stomach," Suttenberg recalls. To pull that off, someone
> had to have infiltrated Sapphire's internal e-mail, she thought at the time.
>
> She was right. A few days later, Goldenberg, 48, of Oceanside, N.Y., was
> arrested. He subsequently pleaded guilty to felony wiretapping for tampering
> with Sapphire's e-mail. He was sentenced last month to three months
> probation and ordered to undergo counseling. "There was nothing
> sophisticated about me getting into their e-mail," he said in an interview.
> "Honestly, I had no idea that it was illegal."
>
> FIND MORE STORIES IN:
> <http://content.usatoday.com/topics/topic/Organizations/Companies/Technology
> /Microsoft> Microsoft |
> <http://content.usatoday.com/topics/topic/Organizations/Companies/Technology
> /Yahoo!> Yahoo! |
> <http://content.usatoday.com/topics/topic/Culture/Computers+and+Internet/Fac
> ebook> Facebook |
> <http://content.usatoday.com/topics/topic/Culture/Computers+and+Internet/Twi
> tter> Twitter
>
> Corporate espionage using very simple tactics - much of it carried out by
> trusted insiders, familiar business acquaintances, even janitors - is
> surging. That's because businesses large and small are collecting and
> storing more data than ever before. What's more, companies are blithely
> allowing broad access to this data via nifty Internet services and cool
> digital devices.
>
> "Having more sensitive information being seen by more people and accessed on
> more devices drives up risk significantly," says Kurt Johnson, vice
> president at Courion, a supplier of identity management systems.
>
> The slumping economy doesn't help. "Mass layoffs have increased internal
> threat levels dramatically," says Grant Evans, CEO of ActivIdentity, which
> makes smart cards and security tokens.
>
> Employees worried about job security face rising temptations to seek out and
> hoard proprietary data that could help boost their job performance, or at
> least make them more marketable should they get laid off, says Adam Bosnian,
> vice president at Cyber-Ark Software, another identity management systems
> supplier.
>
> Of the 400 information technology pros who participated in a recent
> Cyber-Ark survey, 74% said they knew how to circumvent security to access
> sensitive data, and 35% admitted doing so without permission. Among the most
> commonly targeted items: customer databases, e-mail controls and CEO
> passwords.
>
> Cellphones, digital cameras and USB dongles come with vast memory - enough
> to store data that a few years ago might have required a stack of CDs, says
> Nick Newman, computer crimes specialist at the non-profit National White
> Collar Crime Center. Web services, such as Hotmail, Yahoo Mail and Gmail,
> and popular social networks, such as Facebook and
> <http://content.usatoday.com/topics/topic/Culture/Computers+and+Internet/Twi
> tter> Twitter, make terrific free tools for transferring and storing
> pilfered data anonymously.
>
> "If you create an environment where your employees can walk freely out the
> door with unencrypted, proprietary data, it's only a matter of time before
> someone actually does it," says Sam Masiello, vice president at messaging
> and browser security firm MX Logic.
>
> Lax passwords a danger
>
> The exposure redoubles at companies that are lax about passwords. Last week,
> a hacker pilfered sensitive Twitter business documents and released them
> publicly. Twitter co-founder Biz Stone said in a statement that the hacker
> got in by figuring out the log-on of a Twitter employee who used the same
> non-unique password for several online accounts.
>
> "The unauthorized extraction of information is epidemic and essentially
> unstoppable," says Phil Lieberman, CEO of Lieberman Software, which makes
> password security systems.
>
> Goldenberg's caper illustrates just how easy it can be. In an interview, he
> said it all began in September 2007 when one of the sales reps who reported
> to him at AMX jumped ship to rival Sapphire, the sales arm of Crestron
> Electronics, a Rockleigh, N.J.-based maker of conferencing systems.
> Goldenberg says he inspected the company laptop turned in by the departing
> rep and found an e-mail from Sapphire welcoming the new recruit.
>
> The message, he says, included the Web address to Sapphire's e-mail server
> and the recruit's new e-mail address and password. Goldenberg says he logged
> on as the recruit and quickly figured out the log-ons of three other
> employees. Like the recruit, they used their first name as part of their
> e-mail address - and as their password.
>
> "He didn't go searching for this," says Dean Schneider, Goldenberg's
> attorney. "It basically hit him in the face."
>
> For each e-mail account, Goldenberg activated a feature to forward copies of
> all incoming messages to a fresh Gmail account he created. He then spent
> long hours and days on end poring over Sapphire e-mail, says Bergen County
> prosecutor Brian Lynch. "It was voyeuristic," says Lynch. "That's why we
> recommended counseling."
>
> Court records show Goldenberg may have initially gained access to Sapphire's
> e-mail months earlier than he claims.
>
> "Admittedly some of our people's passwords probably were not as strong as
> they should have been," Suttenberg says. "But just because you have a cheap
> lock doesn't mean it's legal to pick the lock."
>
> The customer whom Goldenberg tried to steal contacted Sapphire to inquire
> how Goldenberg knew specifics about Sapphire's discount before he did.
> Suttenberg talked the customer into sticking with Sapphire.
>
> "He was too blatant," she says of Goldenberg.
>
> A new system
>
> Suttenberg has since scrapped the bare-bones e-mail service supplied by her
> local Internet service provider, which cost her a few hundred dollars a
> month. She now pays thousands of dollars a month for an in-house Microsoft
> Exchange e-mail server brimming with security features. She also instructed
> her 10 employees to change their e-mail account passwords frequently and to
> avoid passwords "that your co-workers and contacts can figure out."
>
> While Suttenberg has buttoned up Sapphire, millions of small-business owners
> - and plenty of big corporations - continue to make it easy for larcenous
> insiders. With the exception of highly regulated banking and health care
> companies, most businesses are just beginning to discuss how to repel
> insider intrusions, security experts say.
>
> The basics include taking stock of how sensitive information is conveyed,
> collected and stored - and strictly controlling who has access to it. "We're
> seeing 70% to 80% of breaches originating from the inside," says Vladimir
> Chernavsky, president of DeviceLock, which makes systems that restrict data
> transfers. "Companies need to enforce security policies and make sure
> employees know there are severe consequences to a breach."
>
> Spy toys
>
> And then there are the janitors and groundskeepers to worry about, says J.D.
> LeaSure, a Virginia Beach counter-surveillance specialist. LeaSure makes his
> living conducting "sweeps" that ferret out miniature listening bugs and
> video cameras hidden in executive suites, conference rooms and other
> settings.
>
> Insider intruders, he says, have come to see value in making audio and video
> recordings of certain closed-door discussions. They need only do a Web
> search on the phrase "spy bug," and a trove of eavesdropping and peeping-Tom
> gadgetry that would impress James Bond turns up. LeaSure calls them
> "spy-shop toys."
>
> One of the latest: an ordinary-looking USB cable. You plug one end into a
> printer or other peripheral device and the other end into the computer's USB
> port. Nothing looks amiss, and the cable operates normally. But it also
> houses a sensitive microphone and antenna that continually transmits a UHF
> audio signal to a receiver that can be up to 160 feet away. "You can hear
> every whisper within the confines of the room,"' says LeaSure.
>
> There are dime-size "contact bugs," which anyone could stick to the outside
> of a conference room window and matchbox-size "SIM bugs," or listen-only
> cellphones that don't ring or light up, that can be activated by a phone
> call an hour, a week or a month later.
>
> Another readily available gadget looks like a luminescent jawbreaker. It is
> really a motion-activated video camera and digital video recorder capable of
> capturing 33 hours of activity. All one needs to do is perch it where it
> won't be noticed on a Monday and retrieve it on a Friday.
>
> LeaSure recently did a security sweep of the CEO's office at a publicly
> traded corporation in the Southeast, which he declined to name because of
> client confidentiality. There, he found an innocuous-looking ballpoint pen
> in a cup with a handful of other pens and pencils. The pen wrote
> beautifully. It also contained a voice-activated audio recorder with 2
> gigabytes of memory.
>
> LeaSure set up a hidden surveillance camera and caught the janitor swapping
> out a fresh pen recorder every third day. The janitor was fired, with no
> other repercussions, after disclosing the identity of the insider who put
> her up to it.
>
> That person stopped spying after being threatened with legal action, says
> LeaSure, but nothing else was done. "The principal did not want the
> stockholders or press getting a hold of the fact that company secrets were
> leaked because of what that would do to the company's stock price," he says.
>
>
>
>
>
>
>
>
> >
>
Received on Sat Mar 02 2024 - 00:57:24 CST
