[SecurityRatty] tag: snoop

Comcast cap may mean less snooping on your browsing

Mon, 29 Sep 2008 20:00:00 +0000

Comcast's move to limit its broadband customers' throughput to 250GB per month starting in October might anger those who want unlimited access, but it's actually good for privacy. Because the cap applies to all traffic equally, it doesn't require that Comcast snoop for particular types of application data. Contrast that with its previous (and initially undisclosed) practice of interfering with peer-to-peer traffic (in an effort to limit customers' downloading of huge, bandwidth-hogging files). The ISP says less than 1 percent of customers will be affected.

Backdoording Cyber Jihadist Ebooks for Surveillance Purposes

Wed, 25 Jun 2008 13:06:38 +0000

It appears that cyber jihadists are striking back at the academic and intelligence community, by binding their propaganda Ebooks with malware, then distributing them across different forums, thanks to a recently analyzed Ebook entitled "The Al-Qaeda network's timely entrance in Palestine" distributed by the Global Islamic Media Front - hat tip to Warintel.

If it were posted by a newly joined forum member, it would have logically raises the suspicion that it's in fact intelligence agencies spreading malware infected Ebooks around cyber jihadist forums, but it's since this one in particular is being distributed by what looks like a hardcore cyber jihadist, it brings the discussion to a whole new level.

What are they trying to achive? Abuse the already established trust of their readers and cyber jihadist supporters in order to snoop on their Internet activities, or it's the academic and intelligence community they are trying to monitor? In times when botnets can be rented and created on demand, they seem to be more interested in infecting their enemies. Moreover, I suspect that prior to the forum posting, private messages and emails were automatically sent to notify members whose number of posts at the forum greate outpace those of average observers, perhaps the target in such an attack.

The malware is detected by 9 out of 33 antivirus scanners as Trojan.Midgare.gra. Consider reading a previous post on "Terror on the Internet - Conflict of Interest" as well as through the related posts summarizing all the cyber jihadist research I've conducted so far.

$1B market for meddling with DNS poses security problem

Mon, 23 Jun 2008 20:00:00 +0000

The interception of Internet traffic to snoop on phone calls or track surfers' behavior is a hot topic -- but what's keeping members of ICANN's Security and Stability Advisory Committee up at night is the interception of traffic to and from sites that don't even exist. They explained why in a session at ICANN's public meeting in Paris on Monday.

Nearly Half of IT Workers Snoop in Confidential Files

Sun, 22 Jun 2008 10:08:33 +0000

Nearly half of IT workers have admitted to snooping around networks to look at confidential information, according to research from software firm Cyber-Ark. "When it comes down to it, IT has essentially enabled snooping to happen. It's easy -- all you need is access to the right passwords or privileged accounts and you're privy to everything that'

Comcast Is Hiring an Internet Snoop for the Feds

Fri, 30 May 2008 16:00:00 +0000

Wanna tap e-mail, voice and Web traffic for the government? Here's your chance. Comcast, the country's second-largest Internet provider, is looking for an engineer to handle "reconnaissance" and "analysis" of "subscriber intelligence" for the company's "National Security Operations."

BlackBerry Giving Encryption Keys to Indian Government

Wed, 21 May 2008 10:09:54 +0000

RIM encrypts e-mail between BlackBerry devices and the server the server with 236-bit AES encryption. The Indian government doesn't like this at all; they want to snoop on the data. RIM's response was basically: that's not possible. The Indian government's counter was: Then we'll ban BlackBerries. After months of threats, it looks like RIM is giving in to Indian demands and handing over the encryption keys.

10 Myths About Life As An IT Security Professional

Fri, 25 Apr 2008 19:08:41 +0000

When you picture the future, what do you see yourself doing? If you find the subject of IT security fascinating, you may be considering a career as an IT Security Professional. To help you decide, here are 10 myths about life as an IT Security Professional.

IT Security is basically about Passwords and Anti-virus. This is completely untrue. You may hear this from people that don’t get paid to do security, but think they know all about it. Security is a very diverse field covering a wide range of skills including; threat modeling, risk analysis, policy creation, security awareness, incident response (wide field), forensics (desktop, server, network), platform specific security (e.g. Windows, UNIX, Linux, OS/400), network security (WAN/LAN/Internet/wireless/telco), vulnerability assessment, penetration testing, application security, reverse engineering, malware analysis, vulnerability analysis, exploit development, social engineering, physical security, cryptography, crisis management, disaster recovery, 3rd party security reviews etc etc.
You get to bark security orders. Some people feel that holding a security policy in their hand means they get to call the shots. Do this on a regular basis and not only is it counterproductive but its a surefire CLM (Career Limiting Move). Some years ago, this may have been possible but these days its much more myth than fact. From my experience, you can get a *lot* further in the long term through a mix of explanation, persuasion, technical demonstration (”look how easy that was to break into!”), humour and relationship building. And sometimes, the policy is wrong and you have to big enough to admit it and fix it. One thing to note: in a crisis or other time sensitive incident, it may be time to bark the orders. Most reasonable people will understand that after the event.
You don’t need any technical skills. I believe you do need *some* technical security skills to be effective. However, that doesn’t mean you need them before you start the job, just you should be prepared to develop them. If your role is writing general security policies - frequently seen as a non-technical role - you will write better policies if you have an appreciation of technical issues. What’s the right level? Hard to say as it will depend on the composition of the team. If its just you, a strong grasp of technical security will be vital.
You won’t learn as much as someone doing a “normal” IT job. Possibly the biggest myth. From my own experience: I used to manage very high-end UNIX and ORACLE servers. At the time, I thought I was pretty knowledgeable - I was working on the latest kit, worth millions of dollars. I was considered something of an authority. But then I stumbled into IT security and soon realised that despite my deep system administration knowledge I didn’t understand the detail of what was going on “underneath the surface” and specifically, how it could be subverted. From that day forward, I made it my mission to learn everything I could. I am still learning now, a decade later. It was the best switch I could have made.
Your friends will disown you - IT security is geek - but not “cool” geek. Thats a funny one. Some people get hung up that their friends will think their job is boring. If you work in the IT industry, your non-IT friends probably think you are boring already - get over it :-). Who are you doing this for, you or your friends? Besides, over time, you will develop new friends who work in the same industry as you and by definition, they will think you’re cool ;-). Plus, if you get to do really cool security stuff at work, your friends will ultimately be jealous of you.
You get to read security mailing lists and RSS feeds all day. Ha! Drinking from the firehose of the Internet is generally not recommended. A few gulps a day is definitely helpful, but the reality is that organisations typically have a slew of security issues to deal with. Wrapping your head around those and figuring out creative ways to handle them is more fulfilling and why you got hired. Staying up to date is important, but unless you are a full time researcher, its 20 minutes to an hour per day on average.
Security is a dead end job. Firstly, there is so much scope within IT security you will never run out of career options within the Industry. Secondly, if management is your thing, large companies frequently have a CISO (Chief Information Security Officer). The CTO (Chief Technology Officer) position is a popular jump at some large companies or leaving the fold and becoming a ‘consultant’. Either way, your options will not be limited.
You get to snoop on employees under the pretense of ’security’. No-one I know gets to ’snoop’ on fellow employees just because they ‘feel’ like it. From time to time you may have cause to investigate the activity of company employees. Company security policy likely requires that certain criteria be met first and HR and senior management must be informed - prior to any monitoring taking place. Failure to follow that kind of policy could easily get you fired.
You get to write exploits all day. Its true that some people do get paid to write exploits but for most people in the Industry its a definite myth. Developing reliable exploit code for non-trivial vulnerabilities can be time consuming and hence expensive from the employers perspective, hence there are few opportunities. Unless you can demonstrate talent and strong potential, its unlikely you’ll get hired to develop exploits all day.
You get to break into company systems when you feel like it. A dangerous myth these days! Even if your boss thinks its a good idea, you’ll be needing a legal sign off letter from an authorised party (typically a CIO) before running *any* attacks. This is your ‘get out of jail free’ card. The sign off should include specific dates, IP ranges and any specific limitations. No company is interested in having random attacks that potentially crash key operational systems or hinder development schedules (let alone open themselves to the accountability issues). A desire to test security is understandable, but its very easy to break things, especially when you don’t have much experience. Even if you don’t crash anything, if you were not specifically authorised, you would likely get fired (and maybe arrested) if you got found out.

Snoop Dogg's out-of-shape bodyguard

Mon, 17 Mar 2008 00:50:00 +0000

Last week was my "WJFK Radio week". I was listening to the Sports Junkie's morning radio show on Friday as I drove to an event. They happened to be talking about the entertainer, Snoop Dogg.

A couple of the D.J.'s were commenting on the singer's reality t.v. show and the fact that he did not appear to be doing that well, financially speaking, since he was living in a normal house in a normal neighborhood. One of them then mentioned that he was still quite famous since he employed a Bodyguard.

That was the part that got my attention and made me call in to the radio show. Being the owner of a security company that hires and trains bodyguards, or as we prefer to call them: Personal Protection Specialists, I was put on the air right away.

I had seen an episode of the show that took place inside a gym. Snoop Dogg was trying to take up Yoga and his bodyguard was right there with him on the floor. His bodyguard was an immensely unfit looking individual who appeared to be 150-200lbs overweight. The poor man was so unfit that he had difficulty getting up from the floor and was visibly huffing and puffing simply from the effort of getting up on his feet.

As I told the radio show, he was not the type of individual who would be hired by Sexton Executive Security, at least not in his current unhealthy state. How can one be expected to protect a client if they are in such poor health? having a big overweight guy like that for protection is all for show.

Thankfully, most clients these days realize that they need to hire personal protection agents for their professional abilities and not for the fact that they eat like Sumo wrestlers. Unfortunately, many in the entertainment industry still seem to prefer brawn over brain.

Wireless holes - protecting retailers from themselves

Wed, 16 Jan 2008 12:57:00 +0000

Interesting article in Network World on some of the holes many retailers have in their wireless infrastructure. Apparently, wireless security company AirDefense walked around New York City and ran their analyzer against many small retailers. They found that over a third did not have even basic and easily hacked WEP protection!

According to the article:

"..access to the unprotected access points and unencrypted traffic -- spilled well beyond the walls of the store. Attackers could set up shop outside, snoop on the WLAN traffic, and collect MAC addresses and other data that could be used to hack deeper into the store’s net, servers and data. "

Apparently the TJX scenario has not yet put feet to the fire for smaller retailers! Now, I agree that some technology solutions can be expensive - but surely, using inbuilt protection all wireless products come with can't be that hard?

The Spyware Threat

Wed, 01 Aug 2007 15:22:00 +0000

The Spyware Threat

Spyware and adware programs have become constant threats to computer users. Spyware as well as adware programs work their way into computers and can become a hassle and may even do damage in a variety of ways. In such cases, an adware or spyware removal tool may be used to protect computers from such threats and keep it safe from further damage.

In essence, there is a fine line whether a malicious program can be called either an adware or a spyware. An adware is usually considered as a legitimate alternative offered by software companies to consumers who do not wish to pay for a software product. An adware can be distributed as a program, game or software utility designed and distributed as freeware.

There are cases where adware programs that are considered as freeware have features and functions that are blocked until you pay in order to register it. As freeware, most or all features are enabled for use but may have sponsored advertisements that come along with them while the freeware is being used. These sponsored advertisements usually run in a small section of the software interface or it can be displayed as a pop-up ad box on your PC. When you stop running the software, the ads should disappear.

There are times that these ads frequently pop-up on your desktop when you least expect them to. Such adware programs may suddenly come as you are doing some important work on your PC and may become somewhat of a hassle. Try as you might, you cannot find a way disable them and stop distracting you.

For the distraction that they cause, some adware programs would try to force their way into bombarding you with ads even though you do not wish to buy any of the product that they offer. You begin to lose control of your computer and may not be able to do your job well on your PC because of some adware nuisance, as remedy, you might need an adware removal tool for this.

Spy ware, on the other hand, can be a hassle to a computer user in a different sort of way. A spyware may work and look like an adware but is usually a separate program. The functions of a certain spyware program can be malicious and may secretly work its havoc without you ever noticing it. They can be installed by posing as a freeware that is offering a computer user something useful. Once the freeware has been downloaded, the spyware may then find its way into your computer and do its dirty deed.

Spyware programs usually try to monitor your online activity and transmit that information to the spyware propagator. Some spyware programs will force your PC to download a certain software product even if you don't want it. Some more malicious spyware programs even go to the extent of monitoring your keystrokes which makes it possible for some spyware propagators to record and find out about sensitive computer information such as passwords, credit card numbers and email addresses.

Some spyware programs are so sophisticated that they can snoop inside a computer user's hard drive, spread its way into other computers, change and download software into a computer or even damage a PC's internal system. In order to remedy such a threat, a computer should have an updated and effective spyware removal tool in order to get rid of such malicious and pesky programs.