[Quote]:

A Houston area law enforcement agency is prepared to launch an unmanned drone that could someday carry weapons, Local 2 Investigates reported Friday.

The Montgomery County Sheriff’s Office in Conroe paid $300,000 in federal homeland security grant money and Friday it received the ShadowHawk unmanned helicopter made by Vanguard Defense Industries of Spring.

[..]

Michael Buscher, chief executive officer of manufacturer Vanguard Defense Industries, said this is the first local law enforcement agency to buy one of his units.

He said they are designed to carry weapons for local law enforcement.

“The aircraft has the capability to have a number of different systems on board. Mostly, for law enforcement, we focus on what we call less lethal systems,” he said, including Tazers that can send a jolt to a criminal on the ground or a gun that fires bean bags known as a “stun baton.”

“You have a stun baton where you can actually engage somebody at altitude with the aircraft. A stun baton would essentially disable a suspect,” he said.

Gage said he has no immediate plans to outfit his drone with weapons, and he also ruled out using the chopper for catching speeders.

Well, I feel safer already.

[Quote]:

Most air travelers now endure naked scans or genital pat-downs by gloved agents of the government without surprise or complaint. But before invasive security became normal, there was a backlash. And at its height, Transportation Security Administration boss John Pistole said something revealing. "I see flying as a privilege that is a public safety issue. So the government has a role in providing for the public safety and we need to do everything we can in partnership with the traveling public, to inform them about what their options are," he told reporters. "I clearly believe that passengers have a number of options as they go through screening. But the bottom line is, if someone decides they don’t want to have screening, they don’t have the right to get on the plane."

You don’t really have to drive your car either, right?

[Quote]:

You’re probably used to seeing TSA’s signature blue uniforms at the airport, but now agents are hitting the interstates to fight terrorism with Visible Intermodal Prevention and Response (VIPR).

"Where is a terrorist more apt to be found? Not these days on an airplane more likely on the interstate," said Tennessee Department of Safety & Homeland Security Commissioner Bill Gibbons.

Tuesday Tennessee was first to deploy VIPR simultaneously at five weigh stations and two bus stations across the state.

Agents are recruiting truck drivers, like Rudy Gonzales, into the First Observer Highway Security Program to say something if they see something.

"Not only truck drivers, but cars, everybody should be aware of what’s going on, on the road," said Gonzales.

Feel safer yet?

[Quote]:

Recent news stories (based on research by Stanford student Feross Aboukhadijeh) state that an Adobe bug made it possible for remote sites to turn on a viewer’s camera and microphone. That sounds bad enough, but that’s not the really disturbing part. Consider this text from the Register article:

Adobe said on Thursday it was planning to fix the vulnerability, which stems from flaws in the Flash Player Settings Manager. The panel, which is used to designate which sites may access feeds from an enduser’s camera and mic, is delivered in the SWF format used by Flash.

…

Because the settings manager is hosted on Adobe servers, engineers were able to close the hole without updating enduser software, company spokeswoman Wiebke Lips said.

That’s right — code on a remote computer somewhere decides whether or not random web sites can spy on you. If someone changes that code, accidentally or deliberately, your own computer has just been turned into a bug, without any need for them to attack your machine.

From a technical perspective, it’s simply wrong for a design to outsource a critical access control decision to a third party. My computer should decide what sites can turn on my camera and microphone, not one of Adobe’s servers.

The policy side is even worse. What if the FBI wanted to bug you? Could they get a court order compelling Adobe to make an access control decision that would turn on your microphone?

[Quote]:

We’ve seen before that organizations don’t seem to react well to outside security folks pointing out vulnerabilities in their systems. They very often take a “blame the messenger” approach — as if pointing out a flaw suddenly makes that flaw come into existence. But one company seems to be taking it to another level. That Anonymous Coward points us to a story in which a security professional found a big and ridiculously obvious bug in the website of an Australian investment fund, First State Superannuation. Apparently you could see other people’s accounts by merely changing the account numbers in the URL. Increase the number by one, and see the next user in line. This is the kind of extraordinarily basic mistake that I thought had been eradicated a decade ago. Apparently not.

But the company that runs the fund, Pillar, went quite crazy about this. While the company did fix the security hole, it also sent the police to interrogate the security researcher, Patrick Webster. Pillar also sent a letter to customers (pdf) in which it suggests that Webster created this massive security flaw, rather than their own dreadful programming:

It has come to our attention that a member of First State Super, who has online access to their account, devised a way to view an image of your statement.

And then, to add insult to injury, Pillar sent Webster a letter saying he broke the law, they were closing his account, and may seek money from him to fix the vulnerability

[Quote]:

A virus has made its way into the operating center of the US drone fleet — and no one is quite sure what the infection is up to. The virus runs a keylogger that records every movement of the people operating our drones. So far, it hasn’t tried to make contact with any outside source to transmit that information

Ruh-oh. I’m sure the computers in the operating center are not connected to the Internet, right? Right?

[Quote]:

n what appears to be a crucial false-positive, Microsoft’s security tools are removing Chrome from Windows machines, marking it as a variant of the notorious Zeus (Zbot) malware family.

*grabs popcorn*

[Quote]:

You may have heard about the Cellebrite cell phone extraction device (UFED) in the news lately. It gives law enforcement officials the ability to access all the information on your cell phone within a few short minutes. When it became known that Michigan State Police had been using the tool to access cell phones during traffic stops, it raised concern with the ACLU. Now, everyone is wondering if cops will be using devices like this elsewhere. Will this new law enforcement tool be abused, or will it be used responsibly in the pursuit of justice?

Call us paranoid, but we obtained a law-enforcement-grade software extraction tool for the iPhone to see exactly what data is up for grabs. You’d be surprised to see just how much data today’s smartphones can store — and police can access.

The weird thing is, it can also insert data. See: http://www.cellebrite.com/images/stories/ufed%202/UFED_PA_user_guide.pdf Staring under “Create a new call”

What court would ever accept anything by this software as evidence?

I guess I’ll have to start carrying around a second phone so I can hand over innocent data…

Quote

The United States is looking at building fences along the border with Canada to help keep out terrorists and other criminals.

…

Ironically, the moves come as Canada and the U.S. try to finalize a perimeter security arrangement that would focus on continental defences while easing border congestion. It would be aimed at speeding passage of goods and people across the Canada-U.S. border, which has become something of a bottleneck since the 9/11 terrorist attacks.

The line formerly known as the Longest Undefended Border in the World  is crossed, at Buffalo, by the Peace Bridge. Should this be renamed the Bridge of Uneasy Vigilance?

Mexico-US border fence

[Quote]:

Het bedrijf Diginotar is dinsdag failliet verklaard. Dat heeft het moederbedrijf Vasco Data Security bekendgemaakt.

Translation: Diginotar is bankrupt.

[Quote]:

"If you’re not doing anything wrong, you have nothing to worry about."

Many Americans have said this, or heard it, when discussing the expanded surveillance capabilities the government has claimed since 9/11.

[..]

The question should be, “If you’re not doing anything wrong, why is the government snooping on you?”

[Quote]:

TAHERI-AZAR’S INCOMPETENCE as a terrorist is bewildering. Surely someone who was willing to kill and die for his cause, spending months contemplating an attack, could have found a more effective way to kill people. Why wasn’t he able to obtain a firearm or improvise an explosive device or try any of the hundreds of murderous schemes that we all know from movies, television shows, and the Internet, not to mention the news? And once Taheri-Azar decided to run people over with a car, why did he pick a site with so little room to accelerate?

Even more bewildering is that we don’t see more terrorism of this sort, a decade into the "global war on terror" launched by the United States in response to the attacks of Sept. 11, 2001. If every car is a potential weapon, then why aren’t there more automotive attacks? Car bombs have been around since the 1920s, when the first one was detonated on Wall Street in New York City, but they require a fair bit of skill. Drive-through murder, on the other hand, takes very little skill at all. People have been killing people with cars ever since the automobile was invented, and the political use of automotive assault was immortalized in a famous 1966 film, The Battle of Algiers, in which two Algerian revolutionaries drive into a bus stand full of French settlers. Yet very few people resort to this accessible form of terrorism. Out of several million Muslims in the United States, it appears that Taheri-Azar was the first to attempt this sort of attack; so far he has been followed by two possible copycats, leading to one fatality.

[Quote]:

Belgian security firm GlobalSign has temporarily stopped issuing authentication certificates for secure websites.

It comes after an anonymous hacker claimed to have gained access to the company’s servers.

If confirmed, it would be the second security breach at a European certificate authority in two months.

Hundreds of bogus DigiNotar authentications were issued following an intrusion into its systems.

According to the State Department’s recent report, fifteen American private citizens died in terrorist attacks in 2010: thirteen in Afghanistan and one each in Iraq and Uganda.

More people die of peanut allergy each year.

[Quote]:

Here is an important question: What single organization is responsible for more terror plots in the USA than any other?

Possible answers: Al Qaida. That would no doubt be the popular answer but it would be wrong. The KKK. Way past their prime, so that is not it. The Jewish Defense League. Good guess, but still not it. So what is the correct answer?

It is the Federal Bureau of Investigation, AKA the FBI. Don’t believe me? Well, just read Trevor Aaronson’s expose entitled “The Informants” published in the September/October 2011 issue of Mother Jones.

[Quote]:

It would appear that a Florida bank has been the victim of a $13 million ATM heist, but just how did the cyber-robbers pull it off?

Although the security breach which led to the ATM fraud itself seems to have taken place in March, and was disclosed in the first quarter earnings statement for Fidelity National Information Services Inc (FIS) back in May, details of exactly what happened are only just starting to leak from the FBI probe that followed.

[Quote]:

“I forward this file to you for review. Please open and view it.”

[Quote]:

The LA Times, and most people who denounce these spending "inefficiencies," have the causation backwards: fighting Terrorism isn’t the goal that security spending is supposed to fulfill; the security spending (and power vested by surveillance) is the goal itself, and Terrorism is the pretext for it. For that reason, whether the spending efficiently addresses a Terrorism threat is totally irrelevant.

[Quote]:

Security researchers have discovered a counterfeit web certificate for Google.com circulating on the internet that gives attackers the encryption keys needed to impersonate Gmail and virtually every other digitally signed Google property.

The forged certificate was issued on July 10 to digitally sign Google pages protected by SSL, or secure sockets layer. It was issued by DigiNotar, a certificate authority located in the Netherlands. The forged certificate is valid for *.google.com, giving its unknown holders the means to mount transparent attacks on a wide range of Google users who access pages on networks controlled by the counterfeiters.

[..]

Google and Mozilla have responded to the forgery by preparing updates to Chrome, Firefox and other software programs that take the highly unusual step of blocking all certificates issued by DigiNotar while the forgery is being investigated.

This one apparently was used by the Iranian government. Diginotar is used by the Dutch government for a lot of their (legit) certificates, it’ll be interesting to see which parts of the government are hit by these emergency patches.

[Quote]:

You might be a domestic terrorist if you pay cash or if you "insist" on privacy when, for no reason, you are asked to show your identification. Sadly this is part two and not a You-Might-Be-a-Redneck-If-type joke as there is more proof that you might be a domestic terrorist if you actually believe your Constitutional Rights, or if you express concerns about Big Brother, or even if you have ever discussed the apocalypse online and your ‘radical’ Christian beliefs. When it comes to disasters, if your plan is to "be prepared" like the Boy Scout motto, then guess what? Be prepared to be suspicious and end up on a watchlist as a domestic terrorist. Prepared Girl Scouts are not safe either.

[..]

You might be a domestic terrorist if you are supporter of Ron Paul for president. Missouri law enforcement has been encouraged to report such suspicious behavior as having a bumper sticker that supports Ron Paul.

For you non-dutch out there: garbage disposal in some cities require a personal chip-card, which households need to buy yearly. This five year old found a chip card meant for public transport (which is cheap to get, but you need to “charge” it with money before you can travel with it) and on a lark tried it out. Guess what.

Great security there, guys!

[Quote]:

At the DEF CON 19 hacking conference, which took place between August 4 and 7, it seems that a full man-in-the-middle (MITM) attack was successfully launched against all 4G and CDMA transmissions in and around the venue, the Rio Hotel in Las Vegas. This MITM attack enabled hackers to gain permanent kernel-level root access in some Android and PC devices using a rootkit, and non-persistent user space access in others. In both cases, whoever launched this attack on CDMA and 4G devices was able to steal data and monitor conversations.

Call me silly, but if I were to attend DEF CON, I’d leave my phone, and likely my laptop as well, at home.

[Quote]:

Enlarge pictureGoogle has admitted complying with requests from US intelligence agencies for data stored in its European data centers, most likely in violation of European Union data protection laws.Gordon Frazer, Microsoft UK’s managing director, made news headlines some weeks ago when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world.At the center of this problem is the USA PATRIOT ACT, which states that companies incorporated in the United States must hand over data administered by their foreign subsidiaries if requested.Not only that, but they can be forced to keep quiet about it in order to avoid exposing active investigations and alert those targeted by the probes.

[Quote]:

The German Federal Criminal Police (the “Bundeskriminalamt” or BKA for short) recently warned consumers about a new Windows malware strain that waits until the victim logs in to his bank account. The malware then presents the customer with a message stating that a credit has been made to his account by mistake, and that the account has been frozen until the errant payment is transferred back.

When the unwitting user views his account balance, the malware modifies the amounts displayed in his browser; it appears that he has recently received a large transfer into his account. The victim is told to immediately make a transfer to return the funds and unlock his account. The malicious software presents an already filled-in online transfer form — with the account and routing numbers for a bank account the attacker controls.

[Quote]:

Those freaked out by facial recognition technology have fresh fodder: a study from Carnegie Mellon University in which researchers were able to predict people’s social security numbers after taking a photo of them with a cheap webcam.

[Quote]:

Is that an iPad in your pants or are you happy to see me? In a TSA officer’s case it really was an iPad! He had stole it from a passenger’s luggage and stuffed it down his pants. Smooth.

It’s not the only thing he stole either! Over a 6 month period, Nelson Santiago, a TSA officer since 2009, has stole $50,000 worth of electronics from passengers traveling through Fort Lauderdale-Hollywood International Airport’s Terminal 1. That includes computers, video cameras, GPS and more.

Feel safer yet?

"It is more important that innocence be protected than it is that guilt be punished, for guilt and crimes are so frequent in this world that they cannot all be punished. But if innocence itself is brought to the bar and condemned, perhaps to die, then the citizen will say, "whether I do good or whether I do evil is immaterial, for innocence itself is no protection," and if such an idea as that were to take hold in the mind of the citizen that would be the end of security whatsoever."

— John Adams

[Quote]:

At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data — regardless of where it is in the world — is not protected against the USA PATRIOT Act.

It was honestly music to my ears. After a year of researching the Patriot Act’s breadth and ability to access data held within protected EU boundaries, Microsoft finally and openly admitted it.

[Quote]:

Americans must decide if, in the name of homeland security, they are willing to allow TSA operatives to storm public places in their communities with no warning, pat them down, and search their bags. And they better decide quickly.

[Quote]:

“Apple cannot continue to lock down its iOS platform and restrict the types of software developed for it, says security firm Kaspersky’s CTO Nikolay Grebennikov,” Stuart Sumner reports for Computing.

Sumner reports, “He said: ‘Apple simply can’t continue with its current closed approach, and in my opinion, to remain competitive it should be looking to open up its platform within a year. The Android platform, which is growing its market share, is much more open than the Apple iOS and it’s easier to create new applications for Android, including security software,’ said Grebennikov.”

[..]

Why didn’t he just come right out and say, “We wish Apple would make its platform insecure like Google, so that we can sell ‘security’ to hundreds of millions of iOS users?”