Here are a few stories from the publishing space that caught my attention this week. Pushing the envelope in ebook lending innovation Martin Bryant at The Next Web took a look at this week at Ownshelf, a startup looking to … View full post on O’Reilly News and Commentary
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
View full post on National Cyber Security
Top Priority Sector: airport_aviation_security Image Caption: NASA Cirrus SR-22 The National Aeronautic and Space Administration (NASA), a not-for-profit research and development organization and a university completed two weeks of flight testing “sense and avoid” technology that could help unmanned aircraft better integrate into the national air transportation system some day. The MITRE Corporation and the [...]
View full post on The Cyber Wars
Mark Rockwell Top Priority Sector: cbrne_detection Image Caption: RAP exercise Radiological emergency response teams gathered for a terror-attack response exercise in Albuquerque, NM, the week of Sept. 10. Members of the National Nuclear Security Agency’s (NNSA) Radiological Assistance Teams working under the NNSA’s Radiological Assistance Program (RAP) attended intensive training classes during the exercise, said [...]
View full post on The Cyber Wars
Top Priority Sector: maritime_port_security Image Caption: PowerBuoy Pennington, NJ-based Ocean Power Technologies, Inc. has entered into a Cooperative Research and Development Agreement (“CRADA”) with the U.S. Department of Homeland Security (“DHS”) Science & Technology Directorate (“S&T”) to perform a new round of in-ocean tests on its autonomous PowerBuoy application for ocean surveillance. Homepage position: 10 [...]
View full post on The Cyber Wars
Mark Rockwell Top Priority Sector: cbrne_detection Image Caption: MBTA Somerville station The planned tests of bio sensors in Boston’s “T” subway by the Department of Homeland Security’s Science and Technology Directorate (DHS S&T) using real, but harmless, biological agents are underway. A statement by DHS S&T on Aug. 24, said the agency’s planned release of [...]
View full post on The Cyber Wars
By Chris Hadnagy
For the past few months, I’ve brought you articles on launching your career as a social engineer, the psychology and history behind hacking humans and even some scams you can pull on your clients for their own good. As wonderful as it is to talk about the methods, the tricks and the sexy stories of social engineering pwnage, we need to take a step back and discuss the business end of this spectrum.
Yes, I said it… business side. After all, most of us reading this article either are in IT/Security or want to be….
View full post on The Ethical Hacker Network RSS News Feed
View full post on National Cyber Security
A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012.
View full post on SearchSecurity: Security Wire Daily News
View full post on National Cyber Security
Germany’s federal criminal agency, the BKA, is testing at least one commercial spyware program, FinSpy, delivered through the German subsidiary of Britain’s Gamma International.
FinSpy was exposed last year as being a surveillance application that was used in Mubarak’s Egypt. It infects computers by fooling targets into installing a fake update for iTunes on desktop computers, or even a spoof download for BlackBerry mobile phones. Then, the application can provide surveillance through the computer’s own webcam and microphone, and download files without being detected.
This revelation comes three months after the German government admitted to using a software surveillance tool after a Berlin hacker group announced it had found serious flaws in that application.
The German government confirmed the use of the commercial surveillance software last week in a response to an inquiry by Green Party parliamentarian, Konstantin von Notz, a representative from Mölln, outside of Hamburg, in northern Germany.
In his blog, von Notz published government responses to various questions he raised on the continued and planned future use of spyware developed in the private sector.
Bildunterschrift: Großansicht des Bildes mit der Bildunterschrift: Konstantin von Notz published government responses to his inquiry about online surveillanceOwn surveillance software competence
The government confirmed that the BKA acquired in early 2011 a license to test FinSpy for a limited period. The deal was signed previous to the decision that the government would establish its own software surveillance development program.
Moreover, the German government confirmed that the BKA is currently reviewing which commercial software it will deploy for the interim period.
Von Notz believes, however, that the BKA has more in mind than just a test or even an interim solution but possibly a “replacement” for the previous spyware programs used by the authority.
Late last year, the Chaos Computer Club (CCC), a well-known German hacker group, revealed that the so-called “Bundestrojaner,” or “Federal Trojan,” went beyond it legal restrictions of wiretapping and surveillance of a target computer. The spyware also had the capability to record keystrokes, take screenshots and activate a computer’s webcam and microphone.
Complicating matters, BKA director Jörg Ziercke later told parliamentarians that his agency never examined the source code, or fundamental blueprints, of the Federal Trojan surveillance software.
‘Practically impossible to detect’
Numerous privacy experts frequently warn of the dangers of improperly audited spyware.
“The potential for abuse in the hands of low-level law enforcement is extraordinarily high, given the limits of any possible oversight mechanisms,” Eric King, human rights and technology adviser at Privacy International, told Deutsche Welle in an e-mail response.
“While the intelligence services are only supposed to exercise their powers in the interests of national security, the reality is that this technology is designed to be practically impossible to detect and it would be very difficult to know how or when it is being used.”
Bildunterschrift: Großansicht des Bildes mit der Bildunterschrift: BKA director Jörg Ziercke has been criticized for not being stringent enough in examining these surveillance toolIn his blog, von Notz questions whether the BKA has been given access to the source code of the FinSpy software, which can be used to tap Internet telephony calls. He received no confirmation.
“It would be unusual if BKA didn’t have access to the source code,” Dirk Kollberg, a specialist with the anti-virus software firm Sophos, told Deutsche Welle. “There may be some reasons. Maybe the government doesn’t have the people trained to analyze such code.”
Von Notz also questioned whether the government was aware of the FinSpy surveillance technology being used by authorities of former Egyptian president Hosni Mubarak.
Gamma International is rumored to have supplied the technology to other repressive regimes in countries such as Oman and Turkmenistan.
However, some experts believe von Notz and his colleagues may be asking for too much, and that the German government can be trusted with such tools.
“Why on Earth should BKA not use commercial ‘spy’ software?” wrote Ulrich Boerger, a Hamburg-based privacy lawyer, in an e-mail to Deutsche Welle. “There are most detailed laws and jurisprudence on what law enforcement folks can and can not do. That applies to the use of firearms just as ‘spyware.’ This is a complete non-issue.”
Author: John Blau
Editor: Cyrus Farivar
Article source: http://www.dw-world.de/dw/article/0,,15672048,00.html?maca=en-rss-en-all-1573-rdf
View full post on National Cyber Security » Spyware/ Cyber Snooping
Gary McKinnon attends a press conference in London, on January 15, 2009. (Photo: Leon Neal / AFP / Getty Images)
The following is a guest post from London by TIME writer-reporter Megan Gibson.
Sometimes the bleakest of battles can find some unexpected support.
In 2002, a Scottish man living in North London found himself under suspicion for hacking into dozens of Pentagon and NASA databases from his home computer. Fast forward nearly a decade and Gary McKinnon, a 45-year-old with Asperger’s syndrome, is still battling a grueling extradition process under a U.K.-U.S. treaty enacted in the wake of 9/11. If extradited, McKinnon could find himself facing up to 70 years in a U.S. prison. The process has been blasted by McKinnon’s mother, Janis Sharp, who’s said her son has “lost almost 10 years of his life and has served a nine-and-a-half year sentence of psychological torture, despite the crown prosecuting service testifying to the court in 2009 that the US has provided not one shred of evidence of any extraditable offence … because they are not required to.”
Of course, McKinnon’s mother has considerable stake in the case, but she might also have a point.
It’s a complex issue, made more complicated by the ill-defined international agreement. Sharp is hardly the only one rising to McKinnon’s defense against extradition. On Monday, the UK’s House of Commons held a debate over the viability of the extradition agreement. The Conservative MP, Dominic Raab, who initiated the debate said that reform “is not about abolishing extradition, which is vital to international efforts in relation to law enforcement; it’s about whether, in taking the fight to the terrorists and the serious criminals after 9/11, the pendulum swung too far the other way.” The debate saw MPs unanimously agree that the current treaty was in need of change.
The agreement was negotiated in 2003, when both the U.S. and Britain were intent on cracking down on possible terrorists. Today, however, most critics of the treaty are quick to point out the discrepancy in the way each extradition process is carried out. They say that while American authorities need to only show “reasonable suspicion,” which entails outlining the crime, punishment and a justifiable reason for focusing in on a suspect, British authorities have the weight of “probable cause” on their shoulders, where they must provide evidence of guilt in order to extradite a suspect from the US. Critics can point to the numbers. Reports show that 130 people had been extradited to the U.S. under the treaty while only 54 people have faced similar extradition to the UK.
The specifics of McKinnon’s particular case also complicate the issue. He’s been accused of hacking into 81 U.S military computers and another 16 NASA databases, compromising military safety, prompting the shutdown of a large Washington network, and causing a total of $700,000 worth of damage. While he does admit to hacking into the U.S. databases, McKinnon claims that he was merely searching for evidence of extraterrestrial energy, not launching a cyber attack on the US system. He’s also said that the reason he was caught was because he hadn’t used a false e-mail address when registering software he was using and was smoking a lot of marijuana at the time. Not exactly what you’d expect from a seasoned cyber-terrorist. Certainly these are serious accusations, and in the fallout of a WikiLeaked world, these crimes likely loom all the more dangerous in the eyes of U.S. officials. Yet in the U.K., there’s a large and persuasive argument that McKinnon’s human rights would be violated if he were to be extradited. Numerous medical experts have testified that McKinnon’s mental condition is precarious, as he’s suffering from severe depression. If extradited, they say McKinnon would likely become suicidal.
The motion from the MPs, however, is a significant boon for McKinnon’s cause. The unanimous vote from the often-divided parliament is something of a landmark. It also places an extraordinary amount of pressure on Prime Minister David Cameron and his government to act. While parliament’s agreement may be persuasive, pressing to remodel the treaty – the fairness of which, US general attorney Eric Holder recently said, “has been demonstrated by its application during the years it has been in force” – would require some diplomatic finagling.
One possible reform to the current treaty would be implementing what’s known as the “forum bar” to the extradition process. Such a regulation would allow a British court to block a request for extradition if the criminal actions took place in the U.K., rather than in the U.S. This would not only address McKinnon’s particular case, but could also help negate the pressure on British courts to agree to US terms of evidence. While the British government hasn’t officially responded to the MP’s motion, immigration minister Damian Greene has said the government is currently weighing their options.
While there’s been debate over the treaty in the past, clearly McKinnon’s case has been something of a catalyst. As MP Raab stressed in the debate, reform was necessary to prevent violating the hacker’s rights. “Gary McKinnon should not be treated like some gangland mobster or Al-Qaeda mastermind,” he said.
Article source: http://globalspin.blogs.time.com/2011/12/06/case-of-scottish-hacker-illustrates-divide-between-u-s-and-u-k-extradition-laws/?xid=rss-topstories
View full post on National Cyber Security » Computer Hacking
Many free-of-charge antivirus products fail to protect Android smartphone against malware effectively, leaving users with a false sense of security as a result.
Tests by antivirus testing lab AV-Test.org revealed that the best freebie Android anti-virus scanner, Zoner Antivirus, caught 32 per cent of 160 recent Android threats. The other six free-of-charge Android products fared abysmally, with the best of the rest detecting just 10 per cent of the threats. One detected none whatsoever.
AV-Test.org tested seven free-of-charge anti-virus products that it downloaded from the Android marketplace, after searching “anti-virus”. The most widely used of these – Antivirus Free from Creative Apps – has over a million users but is still way behind either Lookout Mobile Security and AVG’s DroidSecurity, which number 12 million and 10 million plus users respectively. AV-Test.org omitted these products from the tests because Lookout also offers a paid-for security software for Android and, in the case of DroidSecurity, because the technology was recently acquired by AVG (and rechristened AVG Mobilation).
The omission of the products from the tests mean that AV-Test.org’s test results are less than comprehensive. But even their findings of a less than complete sample of Android anti-malware products are a real eye-opener, not least because they come from one of the few recognised authorities in anti-virus testing.
Each of the tested security software products was installed on an Android smartphone deliberately infected with inactive specimens of more than 150 recent Android threats. AV-Test.org ran on-demand scans in each case, recording how many threats were detected.
AV-Test.org also included test on F-Secure Mobile Security and Kaspersky Mobile Security, both commercial products, for comparison purposes. Kaspersky and F-Secure both detected more than 50 per cent of threats analysed, substantially better than any of the freebie products tested though poor when compared to the performance of their desktop products.
The second half of these tests involved deliberately attempting to infected freshly cleaned devices with 10 strains of Android malware. Products from F-Secure and Kaspersky detected and blocked all the samples. Zoner Antivirus blocked eight while the other six freebie products blocked either one or none. BluePoint AntiVirus Free, Kinetoo Malware Scan and Privateer Lite warned against one malicious app. Antivirus Free by Creative Apps, GuardX Antivirus and LabMSF Antivirus beta failed completely.
“In general, the free products didn’t perform very well (with just one exception), but the commercial products which were tested as reference performed significantly better,” Andreas Marx, chief executive officer of AV-Test.org, told El Reg. “We’re working on a review with a focus on commercial apps within the coming weeks.”
Marx explained the rationale for the omission of both Lookout and DroidSecurity from this round of tests.
“The product selection is based on the criterion of how common the different freeware anti-virus products are (including their user ratings), based on the Android market scores/data. We wanted to limit the testing to no more than 10 products total in order to perform everything in a timely manner,” Marx told El Reg.
“In this first Android test-run, we focused on ‘free’ anti-virus offerings (the two commercial products from Kaspersky and F-Secure were included as reference only with no final scores given). We consider Lookout’s offering as a commercial product, despite the fact that there is also a freeware edition available. The product also includes much more features than a dedicated anti-virus offering. Other products like ‘DroidSecurity’ were not included, as this one was recently acquired be AVG Technologies, so we considered it also as ‘commercial’ product.”
A greater range of Android security products will be put through their paces in further tests by AV-Test.org.
“As we have received an enormous feedback on this first Android security test report, we will perform further Android reviews in near future which are focusing on much more Android security products and anti-virus offerings. This one will include ‘freeware’ and ‘commercial’ offerings from a wide range of vendors,” he added.
AV-Test.org full report on anti-virus scanners for Android can be found here [PDF].
El Reg has contacted Kaspersky and F-Secure about the results. We’ll update this story as soon as we hear more. ®
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2011/11/14/android_anti_virus/
View full post on National Cyber Security » Virus/Malware/Worms
