[SecurityRatty] tag: glasses

UK Police Seize War on Terror Board Game

Fri, 15 Aug 2008 02:50:02 +0000

They said -- and it's almost to stupid to believe -- that:

the balaclava "could be used to conceal someone's identity or could be used in the course of a criminal act".

Don't they realize that balaclavas are for sale everywhere in the UK? Or that scarves, hoods, handkerchiefs, and dark glasses could also be used to conceal someone's identity?

The game sounds like it could be fun, though:

Each player starts as an empire filled with good intentions and a determination to liberate the world from terrorists and from each other.
Then the reality of world politics kicks and terrorist states emerge.

Andrew said: "The terrorists can win and quite often do and it's global anarchy. It sums up the randomness of geo-politics pretty well."

In their cardboard version of realpolitik George Bush's "Axis of Evil" is reduced to a spinner in the middle of the board, which determines which player is designated a terrorist state.

That person then has to wear a balaclava (included in the box set) with the word "Evil" stitched on to it.

Buy yours here; I first blogged about it in 2006.

Sunglasses that Hide your Face from Cameras

Mon, 07 Jul 2008 09:54:18 +0000

Clever. Article and video:

They work by mounting two small infrared lights on the front. The wearer is completely inconspicuous to the human eye, but cameras only see a big white blur where your face should be. Building them is a snap: just take a pair of sunglasses, attach two small but powerful IR LEDS to two pairs of wires, one wire per LED. Then attach the LEDs to the glasses; the video suggests making a hole in the rim of the glasses to embed the LEDs. Glue or otherwise affix the wires to the temples of the glasses. At the end of the temples, attach lithium batteries. They should make contact with the black wire, but the red wires should be left suspended near the batteries without making contact. When you put them on the red wire makes contact, turning the lights on. It's functional, but we're thinking that installing an on/off switch would be more elegant and it would allow you to wear them without depleting the batteries.

Password Expiration: Like Margarine and Water?

Mon, 26 May 2008 20:00:00 +0000

We often swallow ideas that we needn't or shouldn't. Take the onetime urging of nutritionists to substitute margarine for butter in the cause of cardiovascular health. When this advice was first circulating, most margarines contained high quantities of trans fats, concoctions that have turned out to be so harmful - to the heart, among other things - that they are now banned in restaurants in NYC. Similar dogma applies to the advice to drink eight eight-ounce glasses of water a day for overall good health. Everyone knows the advice. But no one seems to know where the 8x8 rule comes from or if it is good or bad. So what pieces of conventional wisdom in computer security are like margarine and the 8x8 water doctrine? I'd hold forth password expiration as a prime candidate.

Netflow visibility inside Virtual Environments

Tue, 22 Apr 2008 14:07:24 +0000

I blogged on this topic a few weeks ago but given the huge interest in this topic I’ve decided to blog on it again. One of the major concerns in virtualized environments is the lack of visibility of the communication between virtual machines. With this lack of visibility a number of challenges start to appear such as security, monitoring and capacity planning. It’s hard to secure what you can’t see or don’t know about and it’s hard to determine when you need to add more resources when you don’t have a clear picture into what applications are consuming them.

This problem is widely known and as a result there are a few companies that are starting to pop up that are building Virtual Network Visibility tools. But should you buy yet another tool to gain visibility into your Virtual Network communication when you may already have a tool for your physical network? Should you have to have separate tools for your physical network and virtual network?

One common method of gaining visibility into network communication is through a technology called Netflow. Netflow was originally developed by Cisco Systems but has since become a defacto standard for Network Monitoring and Network Behavioral Analysis. Companies such as Lancope, Mazu Networks, Plixer International and Arbor Networks all have products that enable network visibility, monitoring and analysis. These tools typicaly take Netflow feeds from a switch of some sort. Knowing that some of these tools may have already been deployed in physical environments, IT staff will now need to consider whether or not to buy new visibility tools to give them visibility into their virtual environment communication or try and leverage existing solutions already deployed in their physical environments.

Up until recently there has been no elegant way to export Netflow records from virtual environments such as VMWare and as a result companies have had consider purchasing new visibility tools that would often antiquate their existing physical solutions. This is due to their migration from physical environments to virtual environments.

Montego Networks now has Netflow capability in its HyperSwitch product which runs inside VMWare and enables security, visibility and control for the virtual environment by leveraging existing tools. Through its API’s and standards based methods Montego can enable customers to leverage existing infrastructure purchases to gain visibility and control within the virtual environment.

So, enough of the commercial and lets get on to the technical meat of this new Netflow enablement within the virtual environment.

Let’s say that you have a virtual machine that is infected with a BOT and it is communicating to a Command and Control Site of a BOT-Army. How would you know this? Well, you could have a NetFlow tap at a network switch close to your internet connection. But what if you have some sort of communication between VM’s on a non standard port that you are not aware of? Maybe a machine got infected and is sending data from the database virtual machine to a web server virtual machine and then feeding that info from the web server virtual machine to the internet. Your Netflow tap on the internet facing switch would see traffic coming from the web server virtual machine to the internet but wouldn’t see that data was being taken from the database, put on the web server and then fed out to the internet. Kinda tricky to hunt this problem down isn’t it?

So, whats needed is Netflow all the way into the virtual environment so that it can be fed to the same tools in your physical environment for easy correlation.

Take a look at the attached screen shot which shows Lancope and Montego Networks in action.

<---Click to Enlarge

With this level of visibility now you can see who is talking to who, when are they communicating and how much traffic is being consumed by which applications and which virtual machines. This can now all be done by leveraging existing Netflow analytics tools.

This screen shot is showing flow data of Virtual Machines talking either to the Internet or to other virtual machines within the same environment. You will notice from the flow data that one of the Virtual Machines has iTunes running on it. An IT Administrator may have not sanctioned this or even know about it. But with Flow records you can now see! Like a new pair of glasses for your virtual environment. With this visibility you can now go in to the Montego HyperSwitch and enable a firewall policy to block that iTunes traffic as an example.

Lancope is just one example here and its important to note that, because Netflow is a defacto standard for this type of visibility, other tools such as those from Mazu Networks, Plixer International and others can be used as well. They all have their unique advantages and disadvantages but the point here is that dependent upon your prior network purchases in this area you will now be able to leverage existing tools vs. having to purchase new ones in many cases.

Check out Montego Networks at Networld Interop 2008 in the Lancope booth to see the solution in action!

John Peterson
CTO Montego Networks

Netflow visibility inside Virtual Environments

Tue, 22 Apr 2008 14:07:24 +0000

I blogged on this topic a few weeks ago but given the huge interest in this topic I???ve decided to blog on it again. One of the major concerns in virtualized environments is the lack of visibility of the communication between virtual machines. With this lack of visibility a number of challenges start to appear such as security, monitoring and capacity planning. It???s hard to secure what you can???t see or don???t know about and it???s hard to determine when you need to add more resources when you don???t have a clear picture into what applications are consuming them.

Montego Networks now has Netflow capability in its HyperSwitch product which runs inside VMWare and enables security, visibility and control for the virtual environment by leveraging existing tools. Through its API???s and standards based methods Montego can enable customers to leverage existing infrastructure purchases to gain visibility and control within the virtual environment.

So, enough of the commercial and lets get on to the technical meat of this new Netflow enablement within the virtual environment.

Let???s say that you have a virtual machine that is infected with a BOT and it is communicating to a Command and Control Site of a BOT-Army. How would you know this? Well, you could have a NetFlow tap at a network switch close to your internet connection. But what if you have some sort of communication between VM???s on a non standard port that you are not aware of? Maybe a machine got infected and is sending data from the database virtual machine to a web server virtual machine and then feeding that info from the web server virtual machine to the internet. Your Netflow tap on the internet facing switch would see traffic coming from the web server virtual machine to the internet but wouldn???t see that data was being taken from the database, put on the web server and then fed out to the internet. Kinda tricky to hunt this problem down isn???t it?

So, whats needed is Netflow all the way into the virtual environment so that it can be fed to the same tools in your physical environment for easy correlation.

Take a look at the attached screen shot which shows Lancope and Montego Networks in action.

<---Click to Enlarge

Check out Montego Networks at Networld Interop 2008 in the Lancope booth to see the solution in action!

John Peterson
CTO Montego Networks

Chertoff Says Fingerprints Aren't Personal Data

Mon, 21 Apr 2008 02:54:40 +0000

Homeland Security Secretary Michael Chertoff says:

QUESTION: Some are raising that the privacy aspects of this thing, you know, sharing of that kind of data, very personal data, among four countries is quite a scary thing.
SECRETARY CHERTOFF: Well, first of all, a fingerprint is hardly personal data because you leave it on glasses and silverware and articles all over the world, they're like footprints. They're not particularly private.

Sounds like he's confusing "secret" data with "personal" data. Lots of personal data isn't particularly secret.

Hotel's Dirty Drinks

Sat, 22 Mar 2008 19:41:25 +0000

.. and I don’t mean Martinis.

I’m frequently in hotels. And I’m frequently drinking water. It’s usually room-temperature tap water, so when I started noticing funny tastes and smells in hotel room glasses, it got me wondering exactly how they clean and replace those in-room glasses.

Over the past several weeks I took a mental survey of housekeeping carts. (I frequently sneak an extra shampoo or conditioner at some point, so I’ve usually spent a bit of time exploring the carts, and what’s on them.) I thought about it and realized I’ve never seen glasses (clean or dirty) on any housekeeping carts…. hmm…. they’re not changing them out… so how are they cleaning the glasses?

I was getting ready to post a blog asking just that question when I did a search online and confirmed my worst suspicions. Looks like there’s a nation-wide coup over just this very topic, after numerous TV news ‘stings’ with hidden cameras. On the first search page, I found such video from LA, Maryland and Atlanta, and saw links to several other postings.

If you’re curious… check out some of the findings… I’ll warn you though, in more than one video, there’s a glove, toilet swishing and then glass-cleaning… same glove. (uggggh)

Good Morning America Report - link
News in Atlanta - link
ABC 2 in Maryland - link
ABC 7 in LA - link

I think I’ll have to start packing my own bottles… the only dirty drink I want comes with gin and olives. ;)

# # #

TSA Misses the Point, Again

Tue, 29 Jan 2008 12:13:57 +0000

They're checking IDs more carefully, looking for forgeries:

Black lights will help screeners inspect the ID cards by illuminating holograms, typically of government seals, that are found in licenses and passports. Screeners also are getting magnifying glasses that highlight tiny inscriptions found in borders of passports and other IDs. About 2,100 of each are going to the nation's 800 airport checkpoints.
The closer scrutiny of passenger IDs is the latest Transportation Security Administration effort to check passengers more thoroughly than simply having them walk through metal detectors.

[...]

More than 40 passengers have been arrested since June in cases when TSA screeners spotted altered passports, fraudulent visas and resident ID cards, and forged driver's licenses. Many of them were arrested on immigration charges.

ID checks have nothing to do with airport security. And even if they did, anyone can fly on a fake ID. And enforcing immigration laws is not what the TSA does.

In related news, look at this page from the TSA's website:

We screen every passenger; we screen every bag so that your memories are from where you went, not how you got there. We're here to help your travel plans be smooth and stress free. Please take a moment to become familiar with some of our security measures. Doing so now will help save you time once you arrive at the airport.

I know they don't mean it that way, but doesn't it sound like it's saying "We know it doesn't help, but it might make you feel better"?

And why is this even news?

So Jason -- looking every bit the middle-aged man on an uneventful trip to anywhere -- shows a boarding pass and an ID to a TSA document checker, and he is directed to a checkpoint where, unbeknown to the security officer on site, the real test begins.
He gets through, which in real life would mean a terrorist was headed toward a plane with a bomb.

To be clear, the TSA allowed CNN to see and record this test, and the agency is not concerned with CNN showing it. The TSA says techniques such as the one used in Tampa are known to terrorists and openly discussed on known terror Web sites.

Also relevant: "Confessions of a TSA Agent":

The traveling public has no idea that the changes the TSA makes come as orders sent down directly from Washington D.C. Those orders may have reasons, but we little screeners at a screening checkpoint will never be told what the background might be. We get told to do something, and just as in the military, we are expected to make it happen -- no ifs, ands or buts about it. Perhaps the changes are as a result of some event occurring in the nation or the world, perhaps it's based on some newly received information or interrogation. What the traveling public needs to understand the necessity for flexibility. If a passenger asks us why we're doing something, in all likelihood we couldn't tell them even if we really did know the answer. This is a business of sensitive information that is used to make choices that can have life changing effects if the information is divulged to the wrong person(s). Just trust that we must know something that prompts us to be doing something.

I have no idea why Kip Hawley is surprised that the TSA is as unpopular with Americans as the IRS.

From Self-Defending Networks to Realtime Compliance

Wed, 28 Mar 2007 03:03:03 +0000

A while ago the phrase "Self-Defending Network" was popularized by Cisco. I am not sure why I do not hear this phrase often. What's up with that?

Here are reasons why Self-Defending Network is a far-fetched idea:

1. Security is not just technology alone. Security is people, security is process, security is technology.

2. The threats are evolving and moving up the stack. The motive of hackers is financial gain, not ego display as in the past. The exploits are very focused & covert vs. widespread & ostentatious. It is hard for Self-Defending network to identify distinguish a focused & covert traffic from a normal traffic.

3. Network is an ecosystem of software and hardware from multitude of vendors. A Self-Defending Network cannot keep a tab on the vulnerabilities across the board.

4. Number of vulnerabilities is not finite. The permutations and combinations of vulnerabilities add more complexity. Self-Defending Network cannot keep a tab on all those.

5. The components (Firewall, IPS, NAC Et. Al.) of Self-Defending network should evolve synchronously in order to inter-operate and still be effective which is less than likely.

6. Self-Defending network cannot understand your business systems and prioritize risks.

7. Self-Defending Network cannot provide physical security to itself.

and many more..

Building and maintaining a network which can shield network from threats that you perceive as risks to business [within the limits of your budget] is practical.

At RSA 2007 compliance phrases were flying all over, Real-time Compliance, Continuous Compliance, Sustainable Compliance, ad-nauseum. The famous McAfee party was my savior, I downed few glasses of wine and that helped me regain my orientation. Riding back home on the cal-train I was wondering if customers buy vendor phrase or real solution that address their concern. The vendor phrase seems to be an eternal winner.