The Null Device

Could this be the worst security hole ever? The Oklahoma Department of Corrections' sex offender database site allowed users to issue arbitrary SQL queries on their database (which contained the complete details of anyone who has ever been on the wrong side of the law). The "print friendly link" took, as its argument, a SQL query, which it would then execute. Which, of course, means that not only could someone get enough details about anyone in the database to steal their identity, but could quite possibly insert arbitrary data into the government's official sex offender database. You can probably imagine the kinds of fun that someone could have with that.

(via Schneier) ¶ privacy security sql stupidity tech [no comments]

Someone is sending pro-Tibet groups documents infected with keylogging malware, configured to send back keystrokes to a server in China. The documents are sent from addresses forged to resemble human rights groups, and purport to be details of Chinese massacres in Tibet and similar information.

The exploit silently drops and runs a file called C:\Program Files\Update\winkey.exe. This is a keylogger that collects and sends everything typed on the affected machine to a server running at xsz.8800.org. And 8800.org is a Chinese DNS-bouncer system that, while not rogue by itself, has been used over and over again in various targeted attacks.

The exploit inside the PDF file was crafted to evade detection by most antivirus products at the time it was sent.

Somebody is trying to use pro-Tibet themed emails to infect computers of the members of pro-Tibet groups to spy on their actions.

(via Schneier) ¶ china cyberwar deception espionage malware security skulduggery tibet [2 comments]

Details have emerged of how the Bavarian police intercept Skype calls and encrypted internet traffic. Apparently they use specially written malware, from a company named Digitask. The malware needs to be installed on the suspect's computer (which can be done in a number of ways; if they can't get a black-bag team in, they can send an email carrying the trojan. Looks like Bavaria's safe from criminals who use Windows then.

(via /.) ¶ crime germany law enforcement malware security skype voip [no comments]

As reported elsewhwere, Bruce Schneier, the Chuck Norris of computer security, leaves his home wireless network open:

To me, it's basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea. But to some observers, it's both wrong and dangerous.

I can count five open wireless networks in coffee shops within a mile of my house, and any potential spammer is far more likely to sit in a warm room with a cup of coffee and a scone than in a cold car outside my house. And yes, if someone did commit a crime using my network the police might visit, but what better defense is there than the fact that I have an open wireless network? If I enabled wireless security on my network and someone hacked it, I would have a far harder time proving my innocence.

I'm also unmoved by those who say I'm putting my own data at risk, because hackers might park in front of my house, log on to my open network and eavesdrop on my internet traffic or break into my computers. This is true, but my computers are much more at risk when I use them on wireless networks in airports, coffee shops and other public places. If I configure my computer to be secure regardless of the network it's on, then it simply doesn't matt

¶ bruce schneier contrarianism security wifi [no comments]

14-year-old "electronics genius" in Lódz, Poland, built a remote control for the city's tram system (apparently out of a TV remote control, though presumably they mean that he housed it in a TV remote control case ) and used it to change points, forcing trams onto the wrong tracks, until he was arrested.

"He had converted the television control into a device capable of controlling all the junctions on the line and wrote in the pages of a school exercise book where the best junctions were to move trams around and what signals to change.

Problems with the signalling system on Lodz's tram network became apparent on Tuesday when a driver attempting to steer his vehicle to the right was involuntarily taken to the left. As a result the rear wagon of the train jumped the rails and collided with another passing tram. Transport staff immediately suspected outside interference.

¶ hacks poland pranks risks security trams [no comments]

Facebook is in the news again, with (so far) the first known instance of a Facebook application being used to install adware on users' PCs. If your friends invite you to install the "Secret Crush" application, you accept, and you are using Windows, then the application will install the Zango adware program on your PC, not to mention arm-twist you into spamming your friends with requests to add it.

If Secret Crush actually needs you to click buttons to invite your friends to add it, the criminal scumbags who designed it have missed a trick; some other applications, such as RockYou's Super Wall and related applications, are able to send messages to randomly selected individuals from a user's friend list, purporting to be that user and asking to be installed to see a message from them, without the user's intervention. (I once found in my notifications the notice that I had messaged three randomly-chosen people, whose relationships to me have nothing in common, inviting them to install Super Wall. Soon after that, Super Wall was no longer installed on my page.)

¶ adware crime facebook fraud security social engineering spam viral marketing [1 comment]

The issue of data portability, or who owns your personal information and friend lists online, has entered the news recently as Facebook deleted the account of blogger Robert Scoble for using a script to automatically fetch his contact list, in violation the site's terms of service (which prohibit scripts, as they can be used for spamming and such). Scoble's account has been reinstated, on the proviso that he doesn't do it again, but not before raising an outcry on his high-profile blog.

¶ data portability facebook privacy rights robert scoble security [no comments]

It seems that online criminals aren't waiting for zero-day exploits to be found, but are now making their own: someone broke into the sourcecode for SquirrelMail, an open-source webmail client, and introduced a bug which allows arbitrary remote code execution. This was detected and rectified fairly quickly (mostly because the MD5s of the package were stored elsewhere), though anyone running one of the vulnerable version may want to check their server logs to make sure they're not hosting anything like this.

This is probably just the tip of the iceberg; it's not unlikely that criminals (or, for that matter, intelligence agencies) have attempted to introduce security holes into other pieces of net-facing software.

Meanwhile, Windows Vista now not only chews up your CPU cycles on behalf of the RIAA/MPAA, but also includes a random-number generator believed to contain a NSA security hole.

(via /.) ¶ crime security squirrelmail [no comments]

As we dig in for the long siege and see potential terrorists in every shadow, the war on terror is, according to Bruce Schneier, turning into a war on the unexpected, with untrained civilians encouraged to report anything out of the ordinary, and the authorities escalating such reports to full-blown incidents:

We've opened up a new front on the war on terror. It's an attack on the unique, the unorthodox, the unexpected; it's a war on different. If you act different, you might find yourself investigated, questioned, and even arrested -- even if you did nothing wrong, and had no intention of doing anything wrong. The problem is a combination of citizen informants and a CYA attitude among police that results in a knee-jerk escalation of reported threats.

This story has been repeated endlessly, both in the U.S. and in other countries. Someone -- these are all real -- notices a funny smell, or some white powder, or two people passing an envelope, or a dark-skinned man leaving boxes at the curb, or a cell phone in an airplane seat; the police cordon off the area, make arrests, and/or evacuate airplanes; and in the end the cause of the alarm is revealed as a pot of Thai chili sauce, or flour, or a utility bill, or an English professor recycling, or a cell phone in an airplane seat.

(via Schneier) ¶ paedoterrorists paranoia security terrorism the long siege [no comments]

Speculation has arisen about the US intelligence services deploying insect-sized surveillance drones after anti-war protesters reported seeing unusually large and odd-looking dragonflies at a demonstration:

"I'd never seen anything like it in my life," the Washington lawyer said. "They were large for dragonflies. I thought, 'Is that mechanical, or is that alive?' "

At the same time, he added, some details do not make sense. Three people at the D.C. event independently described a row of spheres, the size of small berries, attached along the tails of the big dragonflies -- an accoutrement that Louton could not explain. And all reported seeing at least three maneuvering in unison. "Dragonflies never fly in a pack," he said.

(If these things do exist, it's a good thing that America is immune to totalitarianism; imagine what, say, the Stasi or the Burmese junta would do with such technologies.)

Actually, the CIA/FBI may be a red herring. Has anybody asked Google about these bugs?

(via Engadget) ¶ espionage national security paranoia robotics security surveillance the long siege [1 comment]

A technical problem causes Facebook to display its PHP source code; someone grabs this source code and posts it online; the code itself doesn't contain anything more revealing than variable names and include paths. Meanwhile, the non-technical press posts vague yet ominous-sounding warnings about how it could help criminals to steal users' identities (conceding that it doesn't actually allow them to do so as such).

Which is not to say that there aren't any risks; as always, one should exercise common sense. Facebook is an entertainment site, and thus engineered to less stringent standards of security than, say, banking sites. Even if the site itself is secure, your "private", "friends-only" information could fall into the hands of third parties in other ways (if, for example, criminals take control of a router between you and the Facebook servers and sniff all the traffic going through it, or if one of your friends (who is able to see your information) has a Windows virus on their PC which captures the pages they see). The same goes for other sites with "friends-only" capabilities, such as LiveJournal, Flickr, or various members-only forums or mailing lists.

¶ facebook media php scaremongering security [no comments]

There are a few interesting articles about cybercrime and the seamy side of the net at CIO.com: a fictionalised "CIO to the Mob" explains how online crime can pay, how online criminals use anti-forensics technology to be nigh-impossible to catch, and how the online porn and gambling industries are, as always, pushing the envelope in technological innovation and practice:

Red light sites probably aren't places CIOs normally would look to find innovative IT. But the sex and gambling industries have always been at the forefront of technological innovation. During World War II, the illegal telephone network that bookies developed was more reliable than the one the War Department used, says Harold Layer, professor emeritus at San Francisco State University. And the pornography industry has helped select technology winners and losers for ages. In the 1980s, for example, demand for adult material gave VCR makers the economies of scale they needed to make their devices affordable, says Jonathan Coopersmith, a professor of technology history at Texas A&M University.

With every program available at any moment, how will users find programs? Piper believes that search will be the killer app of IPTV. To that end, New Frontier is obsessive about metadata, watching every frame of every video it digitizes and recording as many attributes as it can. Customers can use these metadata tags to refine their searches until they find precisely what they're looking for. (For example, if you have a thing for blondes on the beach, a search on New Frontier's adult website Ten.com for "clothing-accessories-sunglasses," combined with "setting-outdoors-beach," and "physical-hair-blonde," returns two 15-minute clips, the fourth scene from Lock, Stock and Two Smoking Bimbos 2 and the first scene from Pick Up Lines 82.)

(via /.) ¶ crime fear gambling internet porn security tech [no comments]

Was US President Bush's watch stolen in Albania, while he was wearing it and surrounded by five bodyguards? The US embassy is denying it, of course, but the video clearly shows Bush with and later without his watch, not to mention a hand grabbing his wrist in the interim.

By the look of it, someone in Albania is going to have a hell of a story to tell his grandchildren; that is, assuming he doesn't die in a CIA black prison or something.

(via Schneier) ¶ albania audacity crime security usa [1 comment]

Security researchers have found that it is trivially easy to transmit false traffic reports to in-car navigation units. The units look for messages transmitted as digital data piggybacked onto FM radio signals using a protocol known as RDS, and it seems not to have occurred to whoever designed the RDS system that anyone might tamper with these messages; as such, they are transmitted in the clear, and without any sort of authentication. The units also scan the entire FM spectrum, looking for anything that looks like a radio station with a RDS channel containing traffic information. The rest is left as an exercise to the reader:

Through trial and error, they discovered that transmitting certain code numbers translates into certain warnings that are displayed on the satellite navigation system. Some were amusing. One code number alerts users that there's a bull fight in progress. Another one indicates delays due to a parade. But some weren't so funny. One tells users that there has been a terrorist incident. Another indicates a bomb alert and another an air crash.

(via /.) ¶ hacks navigation oops rds security [no comments]

Security researchers dissect a Russian spam botnet; it turns out that these things are getting alarmingly sophisticated:

Once a Windows machine is infected, it becomes a peer in a peer-to-peer botnet controlled by a central server. If the control server is disabled by botnet hunters, the spammer simply has to control a single peer to retain control of all the bots and send instructions on the location of a new control server.

Stewart said about 20 small investment and financial news sites have been breached for the express purpose of downloading user databases with e-mail addresses matched to names and other site registration data. On the bot herder's control server, Stewart found a MySQL database dump of e-mail addresses associated with an online shop. "They're breaking into sites that are somewhat related to the stock market and stealing e-mail address from those databases. The thinking is, if they get an e-mail address for someone reading stock market and investment news, that's a perfect target for these penny stock scams," Stewart said in an interview with eWEEK.

The SpamThru spammer also controls lists of millions of e-mail addresses harvested from the hard drives of computers already in the botnet. "This gives the spammer the ability to reach individuals who have never published their e-mail address online or given it to anyone other than personal contacts," Stewart explained.

Stewart discovered that the image files in the templates are modified with every e-mail message sent, allowing the spammer to change the width and height. The image-based spam also includes random pixels at the bottom, specifically to defeat anti-spam technologies that reject mail based on a static image.

(via /.) ¶ crime security spam [no comments]

The UK's terror threat level has been downgraded from "critical" to "severe". It is not clear whether this is a result of confidence that the worst threat is over, or because airports have been unable to cope with the new security measures.

And it now emerges that the attack may not have been imminent (the suspects had not purchased tickets and some didn't even have passports), but the timing of the arrests was forced by US officials. And this (somewhat more sensationalistic) article (via jwz) claims that the timing was "nothing more than political fabrication". And here is the Independent's roundup of what we know and don't know.

And Bruce Schneier has weighed in, on the subject of effective security and "security theatre":

None of the airplane security measures implemented because of 9/11 -- no-fly lists, secondary screening, prohibitions against pocket knives and corkscrews -- had anything to do with last week's arrests. And they wouldn't have prevented the planned attacks, had the terrorists not been arrested. A national ID card wouldn't have made a difference, either.

The new airplane security measures focus on that plot, because authorities believe they have not captured everyone involved. It's reasonable to assume that a few lone plotters, knowing their compatriots are in jail and fearing their own arrest, would try to finish the job on their own. The authorities are not being public with the details -- much of the "explosive liquid" story doesn't hang together -- but the excessive security measures seem prudent.

But only temporarily. Banning box cutters since 9/11, or taking off our shoes since Richard Reid, has not made us any safer. And a long-term prohibition against liquid carry-ons won't make us safer, either. It's not just that there are ways around the rules, it's that focusing on tactics is a losing proposition.

The goal of a terrorist is to cause terror. Last week's arrests demonstrate how real security doesn't focus on possible terrorist tactics, but on the terrorists themselves. It's a victory for intelligence and investigation, and a dramatic demonstration of how investments in these areas pay off.

¶ bruce schneier paranoia security terrorism [no comments]

Air transport authorities are warning that increased security measures, including cabin baggage restrictions and extra screening, will be permanent, with restrictions on liquids and bans on certain types of cabin luggage remaining in force. Passengers may next have to surrender belts and trousers (or wear special pocketless flight suits, yet to be introduced) as such could be used by terrorists to smuggle explosives undetectably. Though even that won't stop terror mules with bombs inside their bodies:

"Quite frankly, that kind of experimentation has been taking place. We know that they have been testing strapped-on explosives on animals in the Middle East for years and it's not a magical leap to try inserting it into the rectum," he said.

Terrorists have already used mocked pregnancy prosthetics to slip bombs aboard planes, but no one has tried the mule approach yet, according to Harvey "Jack" McGeorge, a former Marine Corps bomb disposal specialist and a former Secret Service security specialist.

By smuggling explosives inside one's body, a suicide bomber would likely foil all of the current airport scanning technologies, as well as many future ones.

¶ a modest proposal paranoia security terrorism [1 comment]

Want a glimpse of a possible future of air travel in the age of al-Qaeda? Look no further than Israel and its national carrier, El Al, which despite being a prize target for Islamic militants across the world, has never lost a plane:

At a checkpoint before Ben Gurion airport vehicles come under scrutiny. Passengers may be picked out for passport checks. There is another spot check and a metal detector as they enter the terminal. Then they join the queue for questioning.

"What was the purpose of your visit to Israel? What did you do here? Who did you meet? Which cities did you visit? Is this your only passport? How many times have you been to Israel? Do you speak Arabic? Have you any knives?"

The questions come thick and fast. Officials are not interested in these details. They are looking for inconsistencies that suggest someone is hiding something.

¶ airlines israel security [no comments]

It looks like those bans on carry-on luggage on airliners could be here to stay, or at least until they find a way of detecting undetectable liquid explosives:

"A lot of these components are clear and have no smell and you could mix them on board. You do not need much explosive to bring down an aircraft," he said.

"The trouble with airport security measures is that a lot of machines do not spot a lot of explosives. It is still a case of dogs and people taking their clothes off."

Airports and aeroplanes have been a key target for terrorists for decades. British-born Richard Reid tried to detonate a shoebomb on a transatlantic flight from Paris to Miami in late 2001. He was overpowered by passengers as he tried to ignite the explosives and was later jailed for life by a US court.

¶ paranoia security shoebomb terrorism [1 comment]

More details are emerging on the terrorist attacks allegedly thwarted: they involved liquid explosives, carried by British-born terrorists (some with Pakistani connections), who allegedly planned to blow up airliners in waves of three at a time, for the glory of God the All-Merciful. The authorities claim the attack would have caused loss of life on an "unprecedented scale", which (after 9/11) makes one wonder how many aircraft they planned to blow up.

Anyway, until further notice, passengers on flights leaving the UK are prohibited from taking carry-on luggage or liquids into the cabin, except for a few small things (passport, sanitary items, and baby milk, which must be tasted by the passenger in question on check-in). Certainly no books, MP3 players, games, laptops or PDAs. Which makes me glad I'm not flying to Australia (about 21 hours each way) any time soon.

Of course, medicines with prescriptions are exempted from the rules. I hope no terrorist manages to forge a prescription and bring along some liquid explosive in a medicine bottle.

On a related note, Charlie Stross points to this paper, which provides some perspective about the magnitude of the terrorist threat and the response to it:

Until 2001, far fewer Americans were killed in any grouping of years by all forms of international terrorism than were killed by lightning, and almost none of those terrorist deaths occurred within the United States itself. Even with the September 11 attacks included in the count, the number of Americans killed by international terrorism since the late 1960s (which is when the State Department began counting) is about the same as the number ofAmericans killed over the same period by lightning, accident-causing deer, or severe allergic reaction to peanuts.

it would seem to be reasonable for those in charge of our safety to inform the public about how many airliners would have to crash before flying becomes as dangerous asdriving the same distance in an automobile. It turns out that someone has made that calculation: there would have to be one set of September 11 crashes a month for the risks to balance out. More generally, they calculate thatan American's chance of being killed in one nonstop airline flight is about one in 13 million (even taking the September 11 crashes into account). To reach that same level of risk when driving on America's safest roads -- rural interstate highways -- one would have to travel a mere 11.2 miles.

Accordingly, three key issues, set out by risk analyst Howard Kunreuther, require careful discussion but do not seem ever to get it:

• How much should we be willing to pay for a small reduction in probabilities that are already extremely low?
• How much should we be willing to pay for actions that are primarily reassuring but do little to change the actual risk?
• How can measures such as strengthening the public health system, which provide much broader benefits than those against terrorism, get the attention they deserve?

¶ charlie stross paranoia reality check security terrorism [no comments]

Police and MI5 claim to have foiled a terrorist plot to blow up airliners, arresting 18 people. The principal plotters are said to be all British-born. The UK is at its highest terrorist alert state, "critical" (meaning "This is it we're all going to die! I'm a teapot, I'm a teapot!"), incoming flights have been suspended, as have some outgoing flights, and for the foreseeable future, passengers flying out of the UK will not be able to take luggage into the cabin.

¶ security terrorism uk [no comments]

Bruce Schneier has a post about an interesting way to beat buffer overrun attacks:

Fortunately, buffer-overflow attacks have a weakness: the intruder must know precisely what part of the computer's memory to target. In 1996, Forrest realised that these attacks could be foiled by scrambling the way a program uses a computer's memory. When you launch a program, the operating system normally allocates the same locations in a computer's random access memory (RAM) each time. Forrest wondered whether she could rewrite the operating system to force the program to use different memory locations that are picked randomly every time, thus flummoxing buffer-overflow attacks.

Memory scrambling isn't the only way to add diversity to operating systems. Even more sophisticated techniques are in the works. Forrest has tried altering "instruction sets", commands that programs use to communicate with a computer's hardware, such as its processor chip or memory.

This produces an elegant form of protection. If an attacker manages to insert malicious code into a running program, that code will also be decrypted by the translator when it is passed to the hardware. However, since the attacker's code is not encrypted in the first place, the decryption process turns it into digital gibberish so the computer hardware cannot understand it.

(via schneier) ¶ bruce schneier machine language programming security [no comments]

According to this article, there are two ways to compromise computer security by plugging an untrusted USB/FireWire device into a computer.

The first one's the obvious one: somehow convince a user to plug a USB flash drive or similar into their Windows PC, without disabling autostarting. The PC will automatically run whatever program the AUTORUN.INF file on the flash drive tells it to, and this can then do whatever it likes to the PC. Of course, this won't work if the user holds down SHIFT, disables auto-starting or uses a machine with a less-brain-damaged operating system.

The second method is more intriguing. To allow fast data transfers along USB and FireWire buses, such buses implement direct memory access (DMA). What this means is that anything plugged into them can access (or modify) anything mapped into the machine's memory space at the hardware level, bypassing the operating system altogether. Of course, it requires more work (the device has to be an actual programmable computer, and not just a flash drive), but once that hurdle is crossed, the possibilities, as they say, are endless:

Recently a number of computer security researchers realized the tremendous potential of using DMA over FireWire or USB as an attack vector. At the CanSec West '05 conference, Michael Becher, Maximillian Dornseif and Christian N. Klein demonstrated an exploit that used DMA read arbitrary memory locations of a FireWire-enabled system. The exploit was based on an iPod running Linux. For example, they could plug their customized iPod into a victim computer and grab a copy of that computer's screen--not just without the computer's permission, but even without its knowledge!

Aside: I wonder whether it'd be possible to use such an approach on, say, a PlayStation 2 (which has two USB ports on the front, sitting rather uselessly), or indeed any other notionally tamperproof computer-based device with USB/FireWire ports. If one could access arbitrary memory inside such a device, one could get up to all sorts of mischief.

(via Schneier) ¶ hacks security tech usb [3 comments]

Bruce Schneier looks at the question of whom your computer's loyalties really belong to, with not only crackers and criminals competing for them but also rightsholders, software vendors and other companies, whose behind-the-scenes deals often mean that the software they sell you serves other masters:

Entertainment software: In October 2005, it emerged that Sony had distributed a rootkit with several music CDs -- the same kind of software that crackers use to own people's computers. This rootkit secretly installed itself when the music CD was played on a computer. Its purpose was to prevent people from doing things with the music that Sony didn't approve of: It was a DRM system. If the exact same piece of software had been installed secretly by a hacker, this would have been an illegal act. But Sony believed that it had legitimate reasons for wanting to own its customers' machines.

Antivirus: You might have expected your antivirus software to detect Sony's rootkit. After all, that's why you bought it. But initially, the security programs sold by Symantec and others did not detect it, because Sony had asked them not to. You might have thought that the software you bought was working for you, but you would have been wrong.

Internet services: Hotmail allows you to blacklist certain e-mail addresses, so that mail from them automatically goes into your spam trap. Have you ever tried blocking all that incessant marketing e-mail from Microsoft? You can't.

Application software: Internet Explorer users might have expected the program to incorporate easy-to-use cookie handling and pop-up blockers. After all, other browsers do, and users have found them useful in defending against Internet annoyances. But Microsoft isn't just selling software to you; it sells Internet advertising as well. It isn't in the company's best interest to offer users features that would adversely affect its business partners.

If left to grow, these external control systems will fundamentally change your relationship with your computer. They will make your computer much less useful by letting corporations limit what you can do with it. They will make your computer much less reliable because you will no longer have control of what is running on your machine, what it does, and how the various software components interact. At the extreme, they will transform your computer into a glorified boob tube.

You can fight back against this trend by only using software that respects your boundaries. Boycott companies that don't honestly serve their customers, that don't disclose their alliances, that treat users like marketing assets. Use open-source software -- software created and owned by users, with no hidden agendas, no secret alliances and no back-room marketing deals.

¶ adware architectures of control bruce schneier drm security [no comments]

BBC Newsnight's Adam Livingstone sets the record straight on paedophiles, terrorists and file sharing:

First though, an apology. File sharing is not theft. It has never been theft. Anyone who says it is theft is wrong and has unthinkingly absorbed too many Recording Industry Association of America press releases. We know that script line was wrong. It was a mistake. We're very, very sorry.

If copyright infringement was theft then I'd be in jail every time I accidentally used football pix on Newsnight without putting "Pictures from Sky Sport" in the top left corner of the screen. And I'm not. So it isn't. So you can stop telling us if you like. We hear you.

The rest of the article goes on about ISPs blocking BitTorrent, other clients using encryption to bypass the blocks, and the resulting increase in encrypted content on the net allowing suspicious encrypted paedoterrorist communications, which would have otherwise drawn the security services' attention, to sink into the encryption soup unnoticed.

(via Boing Boing) ¶ bbc copyfight encryption paedoterrorists security [no comments]

After alleged British spies were caught in Russia using a wireless receiver hidden inside a rock to communicate with recruits (though it has been suggested that the story was partly if not wholly made up by Russian government agencies to justify a crackdown on non-government organisations), security guru Bruce Schneier's blog discusses the possibility of wireless "dead drops"; and, if anything, there would be less easily detectable ways of doing it than hiding a device in a rock:

Even better, hide your wireless dead drop in plain sight by making it an open, public access point with an Internet connection so the sight of random people loitering with open laptops won't be at all unusual.

To keep the counterespionage people from wiretapping the hotspot's ISP and performing traffic analysis, hang a PC off the access point and use it as a local drop box so the communications in question never go to the ISP.

Replace one access point at a support provider for Starbucks and then have someone figure out which one it is after it's up. Use an asic mac filter to send traffic to a special part of the access point itself.

Port knocking on that dangling PC. The PC stays in stealth mode and only replies (briefly) when knocked upon.

Even better, how about hacking one's wireless configuration manager to hide the contraband data in unused header fields, passing it to a similarly hacked access point that would be an otherwise functional dead end. The spy's laptop wifi antenna could be accidentally left activated and innocently trying to associate with whatever WAP it sees (like my wife's does in our neighborhood). Hit the right WAP(s) and the data is passed.

All that spam you get in your in-box is merely steganography. The word "viagra" isn't mis-spelled to get around the spam filters, it's a complicated encoding allowing the spammers and their prospective recipients to exchange messages without anyone suspecting that there are people who want the message in the message. That's why spammers don't care if they send it to people who don't want it, their goal is to make people think of their communications as discardable trash, rather than something that may have a value.

(via schneier) ¶ bruce schneier espionage security spam tradecraft [no comments]

Urban design for a paranoid age: the Safe Bedside Table, which easily comes apart to form a club and a shield for fighting off intruders.

(via bOING bOING) ¶ paranoia security [no comments]

The latest advance in Windows worms is a worm which takes over people's instant-messaging accounts and chats to their friends, attempting to talk them into downloading it; in short, an automated form of social engineering:

According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded, perhaps asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus", IMlogic said.

I wonder whether this will lead to an arms race in worm conversational abilities. Perhaps the next one will trawl message logs and pick out phrases/words used by that contact (or use them to change its own writing style)?

(via /.) ¶ ai crime im malware risks security turing test [no comments]

An inventor in Wales has invented a teenager repellant. It's a device that emits an annoying noise at a frequency only youths can hear; the youths then scatter, leaving the oldies in peace.

The device, called the Mosquito ("It's small and annoying," Mr. Stapleton said), emits a high-frequency pulsing sound that, he says, can be heard by most people younger than 20 and almost no one older than 30. The sound is designed to so irritate young people that after several minutes, they cannot stand it and go away.

At first, members of the usual crowd tried to gather as normal, repeatedly going inside the store with their fingers in their ears and "begging me to turn it off," Mr. Gough said. But he held firm and neatly avoided possible aggressive confrontations: "I told them it was to keep birds away because of the bird flu epidemic."

Andrew King, a professor of neurophysiology at Oxford University, said in an e-mail interview that while the ability to hear high frequencies deteriorates with age, the change happens so gradually that many non-teenagers might well hear the Mosquito's noise. "Unless the store owners wish to sell their goods only to senior citizens," he wrote, "I doubt that this would work."

(via Make) ¶ crime mosquito security teenagers [2 comments]

Scare meme of the day: if bird flu, al-Qaeda weaponised ebola or a meteor strike don't get us, alien computer viruses exploiting Seti@Home to take over Earth's computer systems just might. Assuming, of course, that the aliens understand enough about our puny earthling computer architectures, operating systems and library vulnerabilities to write a useful exploit and encode it the right way in a radio signal.

(via bOING bOING) ¶ aliens malware risks security [no comments]