Thieves bypassed all security systems by simply posing as the security company on the phone. [via]
A classic piece of social engineering.
Category: Security
In stark contrast with the UK a former federal computer crimes prosecutor believes that ISP Content Filtering Might be a ‘Five Year Felony’
University of Colorado law professor Paul Ohm, argues that ISPs such as Comcast, AT&T and Charter Communications that are or are contemplating ways to throttle bandwidth, police for copyright violations and serve targeted ads by examining their customers’ internet packets are putting themselves in criminal and civil jeopardy by breaking federal wiretapping laws.
In spite of this I’m sure that there will be a push by the US government as there has been here in the UK for ISPs to start doing this.
The Times: ‘Big Brother’ database for phones and e-mails
A massive government database holding details of every phone call, e-mail and time spent on the internet by the public is being planned as part of the fight against crime and terrorism. Internet service providers (ISPs) and telecoms companies would hand over the records to the Home Office under plans put forward by officials.
This seems very much par for the course with this Labour government put absolutely everyone under surveillance in order to catch the criminals and terrorists. I think ministers are being lobbied by technology companies that promise more than they can deliver because the government seeks technological solutions to problems that might otherwise be solved in better ways or in ways that at least do not have a negative impact on British citizens as a whole.
This will be just a step towards a future where they keep a permanent database of every single email you receive, every website you visit and everything you download.
Security expert Bruce Schneier gave a talk last month at InfoSecurity Europe in London which was a follow-on to his work on the psychology of security.
The full talk can be viewed online here. (43 mins)
Great talk and very much worth watching if wish to understand the pros and cons of security theatre and how security threats are presented by the media.
Ross Anderson, Professor of Security Engineering at the Computer Laboratory of The University of Cambridge has just published the second edition of his book Security Engineering, the preface and six chapters of which is available to download.
To quote Bruce Schneier “This is the best book on the topic there is, and I recommend it to everyone working in this field — and not just because I wrote the foreword.”
Professor Anderson has made the first edition of his fantastic book available to download for free as a 17MB pdf.
Owen Bowcott reports in The Guardian that CCTV boom has failed to slash crime, say police.
A senior police officer confirms what I’ve suspected for a long while that the massive increase in the number of CCTV cameras has not seen a corresponding decrease in crime.
Use of CCTV images for court evidence has so far been very poor, according to Detective Chief Inspector Mick Neville, the officer in charge of the Metropolitan police unit. “CCTV was originally seen as a preventative measure,” Neville told the Security Document World Conference in London. “Billions of pounds has been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court. It’s been an utter fiasco: only 3% of crimes were solved by CCTV. There’s no fear of CCTV. Why don’t people fear it? [They think] the cameras are not working.”
Presumably the criminals think the cameras do not work because they are able to get away with their crimes in full view of them. However the general public have a great deal of faith in the ability of CCTV to cut crime because they have been sold on the idea by the politicians and the police.
With the differing perception of the effect of CCTV the increase in number might have an effect to increase crime because people become more complacent in a heavily surveilled area believing they are safe from criminals.
Categories
Pupils posing as paedophiles
Pupils posing as paedophiles in cyber-bullying, police warn [via]
Children as young as 10 may be posing as predatory paedophiles on internet networking sites to frighten boys and girls they have fallen out with, police revealed yesterday. Officers have warned parents and children to be vigilant after as many as nine youngsters in Padstow, Cornwall, were targeted through the networking sites Bebo and MSN.
Seems inevitable to me that something like this would happen given the British tabloids obsession with the threat of paedophiles to the nation’s children that kids would pick up on this and use the fear of paedophiles as a way to scare and bully their victims.
Categories
Spam with good security message
Bit of spam that I received that contains a good message about security.
A true story:
This lady has changed her habits after her handbag was
stolen. Her handbag which contained her mobile, credit card,
purse etc was stolen. 20 minutes later when she called her husband,
telling him what had happened, he said ‘I’ve just received your SMS asking
about our Pin number and I’ve replied a little while ago.’When they rushed down to the bank, the bank staff told them all the
money was already withdrawn.The pickpocket had actually used the stolen mobile phone to SMS ‘hubby’
in the contact list and get hold of the pin number. Within 20 minutes
he had withdrawn all the money from the bank account.Moral of the lesson:
Do not disclose the relationship between you and the people in your
contact list. Avoid using names like Home, Honey, Hubby, sweetheart, Dad,
Mum etc, and very importantly, when sensitive info is being asked
through SMS, CONFIRM by calling back.Vidya
——————————————————————————–
Exclusive Marriage Proposals! Find UR life partner at Shaadi.com Try it!
Very odd but I can’t argue with the content of the message, it is pretty good advice about how to avoid identity theft.
Arman Noory’s “The War on Terror” is a short film that he created for his senior-year (Canadian) Politics class and it includes amongst other pieces of video safe-for-work scenes of a 1980s porn video. [via]
Kid Does His War on Terror School Project using Porn (Clean) from Arman Noory on Vimeo.
Dispatches: Checking-in To Airport Chaos
Andrew Gilligan investigates the priorities and business tactics of the airports industry, asking how secure our airports are and who will be the winners and losers from airport expansion?
Explosives expert Sidney Alford highlights how ill-thought out and arbitrary the security rules regarding the carrying liquids is by creating an explosive that could be carried on in bottles of no more than 100ml and mixed on board and assuming there were co-conspirators on board an even greater amount could be accumulated. Alford doesn’t explain what exactly the liquids he was using are but does say that they are not particularly tightly controlled substances and can be sourced from several disparate industries in which their use is commonplace. so an amateur such as a terrorist could with a little research carry out exactly the same process.
Other experts such as Norman shanks BAA head of security 1991-1996 says that the industry always reacts to the last known threat.
Philip Baum Editor of Aviation Security International says it is all just security theatre and that he cannot cite a single example of when a bomb has been detected by the x-ray machines alone. He has carried out tests for governments and the results are very worrying one test involving a woman carrying bomb parts through 24 different airports every single one failed to detect a single component that she carried. Other results show that operators succeeded only 73% of the time to detect guns or knives.
Behaviour pattern recognition where staff are trained to spot suspicious behaviour was deemed not to be testable by the department of Transport and so the programme wasn’t implemented. They are far keener on technological answers!
I’m not sure why BAA don’t implement such procedures anyway. Where does responsibility lie? What role do they and the DoT play?
BAA also didn’t respond quickly enough to deal with the new security procedures and the result was huge queues at their airports whereas other airports owned for example by local government returned to normality pretty soon after the security scare.
Airlines are not happy with the way that BAA measures queues and would appear to be undercounting them and it is in their interest to lie as they are required to refund landing fees if queues are over a certain point. Independent surveys find their airports to be far less satisfactory than BAAs own surveys.
Almost seems designed to create long waiting times in BAAs airport shopping areas to maximise their retail revenues.
Expansion plans the government seems to have been influenced by BAA to allow the Heathrow third runway to be built ironically the CAA indicates there might not be sufficient airspace to accommodate the scale of predicted traffic growth.