Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Tuesday, December 19, 2006
Phishing Domains Hosting Multiple Phishing Sites
baldwindy.name
leqwas.biz
noosfo.biz
rsytarai.biz, another one
Multiple hosting:
201.195.156.13
lugers.biz
loreta.biz
tuker.info
Now, try searching the entire .biz space for "Bank Austria Creditanstalt". The good news is that even the average anti-phishing toolbar is capable of detecting these. The bad news is that customers aren't currently using such toolbars as much as they should. And with phishing toolkits lowering the entry barriers in this space by making it easy for wannabe phishers to "make an impact", we've got an efficient problem to deal with.
Google and Yahoo's Shareholders Against Censorship
"The New York City Pension Fund wants shareholders to force Google and Yahoo to refuse Internet censorship requests by governments. The fund, which owns nearly $280 million worth of Google shares and $110 million in Yahoo shares, filed resolutions for shareholders at the two Internet companies to vote on at the next shareholder meetings. The resolution states that U.S.-based technology companies "that operate in countries controlled by authoritarian governments have an obligation to comply with the principles of the United Nations Declaration of Human Rights."
Go, go, go, shareholders. So that by the time censorship ends up where it's most aggressive for the time being, we can feel proud of ourselves living in a World 2.0, a world in which we all have universal access to the collective wisdom of everyone. Wait, that used to be part of both, Google's and Yahoo's mission statements once. From another perspective, the companies themselves have their hands tied by the overal Western world's revenues generation greed, and outsourcing inspirations in China's booming economy. But pretending it isn't happening is like ignoring the existence of the thought police these days.
Monday, December 18, 2006
Le Cyber Jihad
Thursday, December 14, 2006
Top Ten Scams of 2006
01. Fake Lottery Scam
ConsumerAffairs.com reported on one case in which an elderly Kansas man lost over $300,000. You should have Asked Merrill to point you to the "tickets" with the highest probability of success, but it's too late for you now. Baby booming gullibility in action.
02. Phishing-Vishing Scams
I'm very surprised it's the second and not the first complain, but how come? Consumers aren't even aware they got scammed at the first place. Do yourself a favour, and don't discuss your financial details with automated systems. Think before you act, it's like deciding whether to enter a singles bar or not.
03. Phony Job Scam
"Any employment offered online without a formal interview, no matter where it originates, should be treated with skepticism," said Arkansas Attorney General Mike Beebe, who investigated one of these scams in 2006. Thank you, you've just ruined the entire virtual telecommuting concept. I'm aware of another type of scam where fake job postings seek to harvest as much personal information from applications as possible. Other practices are also used.
04. Negative Option Scams
Look for the ASTERISKS, it should be somewhere around the FREE proposal.
05. Nigerian 419 Scams
People falling into this one, are the type of people suffering from the "rich-uncle complex". You don't know his exact wealth, but you secretly hope that on a sunny day a handsome, and of course charging by the minute laywer will bring the news you've been subconsciously expecting your entire life. Think for real and forget about the Internet. Would a complete stranger offer you millions of dollars because he has no one else to give the money to, or cannot open up a bank account for themselves?
06. Pump & Dump Scam
Rainer Böhme and Thorsten Holz evaluated the situation.
07. Bogus Fuel Saving Devices
Make an analogy with washing powder/tablets/liquid who's actively advertised as an "energy saver" due to its sophisticated technology that doesn't require hot water, when it happens to be a commodity and if you're going to be saving energy from it, then you've either watched a movie about the Third World, or are very desperate.
08. Grandparents Scam
An elderly person is targeted by the scammer who calls and says something like, "It's me, grandpa." The elderly person will respond, thinking it's one of their grandchildren. Unbelieavable, and perhaps another reason to keep in touch with your grand-parents more often, so they could at least recognize your voice.
09. Oprah Ticket Scam
In case you fall victim into this one, you're not just bored to the bottom of your brain, but a potential guest at Oprah's show with the unique ability to explain how this scam ruined your life, but later on helped your meet the person of your life, where else if not in an online scam discussion group. I feel you.
10. craigslist Scam
It's like the Yellow Pages, some postings are so automatically generated that they happen to be a waste of time, but hopefully not money, so be aware.
Terrorism Cartoon Contest
Busy Wednesday
Tuesday, December 12, 2006
BuzZzZ Generation
- Linuxsecurity.com - "Analysis of the Technical Mujahid - Issue One" ; "Current State of Internet Jihad"
- Informit.com - "How do terrorists spell rootkit in Farsi?"
- Defensetech.org - "Rapid fire 1" ; "Rapid fire 2"
- Net-security.org - "Analysis of the Technical Mujahid - Issue One"
- Cyberia.org.il
Interested in knowing how was Al Qaeda using the Internet before 9/11 with all the multimedia released back then? Moreover, have you ever wanted to take a peek at some of the most recent tools-of-the-trade malware authors use on a daily basis? Stay tuned for the Christmas Full Disclosure Series summarizing some of my recent findings, and beyond!
Share your knowledge. It's a way to achieve immortality. Dalai Lama
Google Translate Hack
Monday, December 11, 2006
Analysis of the Technical Mujahid - Issue One
According to the official release, the magazine's download locations seem to be slowly becoming useless, besides the Rapidshare link which seems to be still fully working -- the Internet Haganah reasonably points out that owning a copy of it might get you in trouble in some countries, so don't.
Analysis of the Technical Mujahid - Issue One
According to the official release, the magazine's download locations seem to be slowly becoming useless, besides the Rapidshare link which seems to be still fully working -- the Internet Haganah reasonably points out that owning a copy of it might get you in trouble in some countries, so don't.
Sunday, December 10, 2006
Full List of Hezbollah's Internet Sites
Here's a list of the URLs mentioned :
moqawama.org
moqawama.tv
ghaliboun.net
hizbollah.org
nasrollah.org
hizbollah.tv
moqawama.info
moqawama.net
moqawama.org
moqavemat.com
moqavemat.ir
shiaweb.org
manartv.com.lb
almanar.com.lb
islamicdigest.net
manartv.com.lb
al-nour.net
intiqadonline.com
alintiqad.com
alahed.org
wa3ad.org
islamicdigest.net
somod.org
bintjbeil.com
altaybeh.net
deirqanounalnahr.jeeran.com
alshahid.org
almahdiscouts.org
jihadbinaa.org
samirkuntar.org
groups.msn.com/justiciadivinavenezuela
es.groups.yahoo.com/group/Hezboallah_latino
groups.msn.com/autonomiaislamicawayuu
groups.msn.com/Hezbollahelsalvador
hezboallahpartidoislamico.blogspot.es
And the IPs for your network reconnaissance pleasure :
82.137.205.249
82.137.205.247
202.75.42.155
205.178.189.131
216.21.229.196
202.71.104.241
209.85.5.112
203.121.71.217
82.137.205.249
82.137.205.249
69.10.136.210
207.44.244.117
66.98.225.220
209.172.35.181
209.85.5.113
208.64.28.10
66.199.236.147
Related posts:
Analysis of the Technical Mujahid Magazine - Issue One
Hezbollah's DNS Service Providers from 1998 to 2006
Hezbollah's use of Unmanned Aerial Vehicles - UAVs
Digital Terrorism and Hate 2006 CD-ROM
Here's a little something for everyone thinking cyberterrorism is surreal. Considering for a while that even primitive forms of existence such as street gangs utilize the Internet for propaganda, wouldn't a much better financed terrorist organization be compelled to participate? In fact they've been doing so even before 9/11, but I feel it's the good guys' cavalier attitude that ended up in the now, mature cyberterrorism platform.
A great source for open source intelligence to anyone interested in, here's a summary :
"This sixth and newest version of the Simon Wiesenthal Center's annual report of problematic websites exposes the growing use of the Internet as a key propaganda weapon, marketing tool and fundraising engine by terrorist groups such as Al Qaeda and Hamas, in addition to its continuing assessment of traditional extremist groups such as the KKK and neo-Nazis. "Although they swear to destroy the West, extremists and terrorists have taken to using Western technology to recruit, finance and plan their insidious actions," said Mark Weitzman, Director of the Simon Wiesenthal Center's Task Force Against Hate."
Now what would an intelligence agency do when knowing exactly where to look? Shut them down and prosecute someone, or adapt deep within the community to gather as much OSINT as possible. Whatever the outcome, keep in mind on the possibility of indirect intelligence engineering, as the way you're watching them, the same way they're watching you, watching them.
Current State of Internet Jihad
"Some of the techniques of evasion are disarmingly simple. Rather than send emails, some jihadists simply write and save draft emails, storing them in an account with a password that's known to other members of the cell. Because they are never actually sent, they can't be detected by intelligence agencies."
Can you intercept an email that's never been sent? And what if a legitimate user's account end up as a dead box? Moreover, the article points out to the recently released Technical Mujahid magazine :
"Raisman points to a recent publication by the al-Fajr group, another communications arm of al-Qaeda and its fellow travellers. He said it contained a very sophisticated manual on internet security, how to avoid hackers, secure personal files and ensure any computer that is captured is of little value to Western authorities."
Going through the magazine itself as I indeed obtained a copy and will publish a summary of it anytime now, there's nothing really that very sophisticated to be afraid of, unless you know nothing about installing a virtual machine, or what triangulation is all about.
A handy summary of the article and things to keep in mind :
- There are over 5000 militant Islamic websites, up from less than a dozen in 1998 -- these are only the static ones compared to hundreds more temporary campaign ones
- They are an extremely effective way for terrorist groups to plan operations, recruit followers, raise funds and distribute propaganda -- centralization of forces and services is exactly what a terrorist organization isn't into. Diversification and autonomous management for the sake of improving the continuity of the site in operation is what really matter, namely you'll have the propaganda platform spreading online details on how to donate cash on a site that's been set up for this purpose only. By the time there's been a leak in the "good guys" covert competitive intelligence efforts, the donation site will dissapear and reappear somewhere else, while the central propaganda platform remains fully active. Take the other perspective, if the "bad guys" are aware the "good guys" are reading, they may logically leave a decoy to later on analyze how it's being processed and disinform on what may seem a very decent first-hand information gathered through open source intelligence.
- Their mastery of the web could extend to cyber-terrorism, such as disabling the communication systems that underpin key sectors such as banking and energy -- any government's single biggest mistake is stereotyping about cyberterrorism, namely that it's the offensive use of cyberterrorism to worry about, whereas the defensive, or passive concepts are already maturing.
- Western agencies are almost powerless to stop the jihadists' internet activities -- of course they aren't, and stopping compared to monitoring is totally wrong, the enemy's location you know is better than the enemy's location you don't know.
- Western governments have been very slow to respond and are only now turning their attention to combating the potent "story" promulgated over the internet -- they wouldn't be that very slow in responding if they actually knew how many people read and got brainwashed by it, thus what conversion rate can we talk about from a reader, to collaborator, to wannabe terrorist, come up with metrics and raise eyebrows.
Full List of Hezbollah's Internet Sites
Here's a list of the URLs mentioned :
moqawama.org
moqawama.tv
ghaliboun.net
hizbollah.org
nasrollah.org
hizbollah.tv
moqawama.info
moqawama.net
moqawama.org
moqavemat.com
moqavemat.ir
shiaweb.org
manartv.com.lb
almanar.com.lb
islamicdigest.net
manartv.com.lb
al-nour.net
intiqadonline.com
alintiqad.com
alahed.org
wa3ad.org
islamicdigest.net
somod.org
bintjbeil.com
altaybeh.net
deirqanounalnahr.jeeran.com
alshahid.org
almahdiscouts.org
jihadbinaa.org
samirkuntar.org
groups.msn.com/justiciadivinavenezuela
es.groups.yahoo.com/group/Hezboallah_latino
groups.msn.com/autonomiaislamicawayuu
groups.msn.com/Hezbollahelsalvador
hezboallahpartidoislamico.blogspot.es
And the IPs for your network reconnaissance pleasure :
82.137.205.249
82.137.205.247
202.75.42.155
205.178.189.131
216.21.229.196
202.71.104.241
209.85.5.112
203.121.71.217
82.137.205.249
82.137.205.249
69.10.136.210
207.44.244.117
66.98.225.220
209.172.35.181
209.85.5.113
208.64.28.10
66.199.236.147
Related posts:
Analysis of the Technical Mujahid Magazine - Issue One
Hezbollah's DNS Service Providers from 1998 to 2006
Hezbollah's use of Unmanned Aerial Vehicles - UAVs
Digital Terrorism and Hate 2006 CD-ROM
Here's a little something for everyone thinking cyberterrorism is surreal. Considering for a while that even primitive forms of existence such as street gangs utilize the Internet for propaganda, wouldn't a much better financed terrorist organization be compelled to participate? In fact they've been doing so even before 9/11, but I feel it's the good guys' cavalier attitude that ended up in the now, mature cyberterrorism platform.
A great source for open source intelligence to anyone interested in, here's a summary :
"This sixth and newest version of the Simon Wiesenthal Center's annual report of problematic websites exposes the growing use of the Internet as a key propaganda weapon, marketing tool and fundraising engine by terrorist groups such as Al Qaeda and Hamas, in addition to its continuing assessment of traditional extremist groups such as the KKK and neo-Nazis. "Although they swear to destroy the West, extremists and terrorists have taken to using Western technology to recruit, finance and plan their insidious actions," said Mark Weitzman, Director of the Simon Wiesenthal Center's Task Force Against Hate."
Now what would an intelligence agency do when knowing exactly where to look? Shut them down and prosecute someone, or adapt deep within the community to gather as much OSINT as possible. Whatever the outcome, keep in mind on the possibility of indirect intelligence engineering, as the way you're watching them, the same way they're watching you, watching them.
Current State of Internet Jihad
"Some of the techniques of evasion are disarmingly simple. Rather than send emails, some jihadists simply write and save draft emails, storing them in an account with a password that's known to other members of the cell. Because they are never actually sent, they can't be detected by intelligence agencies."
Can you intercept an email that's never been sent? And what if a legitimate user's account end up as a dead box? Moreover, the article points out to the recently released Technical Mujahid magazine :
"Raisman points to a recent publication by the al-Fajr group, another communications arm of al-Qaeda and its fellow travellers. He said it contained a very sophisticated manual on internet security, how to avoid hackers, secure personal files and ensure any computer that is captured is of little value to Western authorities."
Going through the magazine itself as I indeed obtained a copy and will publish a summary of it anytime now, there's nothing really that very sophisticated to be afraid of, unless you know nothing about installing a virtual machine, or what triangulation is all about.
A handy summary of the article and things to keep in mind :
- There are over 5000 militant Islamic websites, up from less than a dozen in 1998 -- these are only the static ones compared to hundreds more temporary campaign ones
- They are an extremely effective way for terrorist groups to plan operations, recruit followers, raise funds and distribute propaganda -- centralization of forces and services is exactly what a terrorist organization isn't into. Diversification and autonomous management for the sake of improving the continuity of the site in operation is what really matter, namely you'll have the propaganda platform spreading online details on how to donate cash on a site that's been set up for this purpose only. By the time there's been a leak in the "good guys" covert competitive intelligence efforts, the donation site will dissapear and reappear somewhere else, while the central propaganda platform remains fully active. Take the other perspective, if the "bad guys" are aware the "good guys" are reading, they may logically leave a decoy to later on analyze how it's being processed and disinform on what may seem a very decent first-hand information gathered through open source intelligence.
- Their mastery of the web could extend to cyber-terrorism, such as disabling the communication systems that underpin key sectors such as banking and energy -- any government's single biggest mistake is stereotyping about cyberterrorism, namely that it's the offensive use of cyberterrorism to worry about, whereas the defensive, or passive concepts are already maturing.
- Western agencies are almost powerless to stop the jihadists' internet activities -- of course they aren't, and stopping compared to monitoring is totally wrong, the enemy's location you know is better than the enemy's location you don't know.
- Western governments have been very slow to respond and are only now turning their attention to combating the potent "story" promulgated over the internet -- they wouldn't be that very slow in responding if they actually knew how many people read and got brainwashed by it, thus what conversion rate can we talk about from a reader, to collaborator, to wannabe terrorist, come up with metrics and raise eyebrows.
Friday, December 08, 2006
Censoring Seductive Child Behaviour
define:immature
define:maturing
"Covert pedophilia in the Victorian society". Is that a good line, or is that a good line? Censorship as a matter of viewpoint - as of recently Globe and Mail want you to purchase the article without realizing the click-through rates for both, Doubleclick serving the ads at their site and them, if it were distributing it for free, but anyway guess they should have told Google either :
"The Legards' central thesis is that the debate over children and sexual imagery has been dominated and distorted by two opposing myths: one is "the quasi-religious conception of childhood innocence," which involves "the irrational denial of childhood sexuality"; the other is "the ideology" of the artist as someone "possessing mystical abilities and unique rights" that should not be constrained by the state."
After thoughtcrime and intention-crime policing, it's about time behaviour-policing starts taking place, now wouldn't that be truly outrageous? Something no one is again going to do anything about, thinking he's either the only one seeing it, or perhaps prefers to keep playing in his own corner?
Anyway, discussions like these should only happen after the real problem, with real child porn online gets solved. And that wouldn't happen by fighting the distribution channels as they're too many to control and police, but by making sure the production stage never happens at the first place.
Another article on the topic "Clothed Child Porn Online?". By the way, are you finally seduced now? A rocket scientist doesn't seem to be, throughout the "decade of dedicating downloading". Such a collection can now definitely acts as a new digitally fingerprinted database to keep track of.
Censoring Seductive Child Behaviour
define:unaware
define:immature
define:maturing
"Covert pedophilia in the Victorian society". Is that a good line, or is that a good line? Censorship as a matter of viewpoint - as of recently Globe and Mail want you to purchase the article without realizing the click-through rates for both, Doubleclick serving the ads at their site and them, if it were distributing it for free, but anyway guess they should have told Google either :
"The Legards' central thesis is that the debate over children and sexual imagery has been dominated and distorted by two opposing myths: one is "the quasi-religious conception of childhood innocence," which involves "the irrational denial of childhood sexuality"; the other is "the ideology" of the artist as someone "possessing mystical abilities and unique rights" that should not be constrained by the state."
After thoughtcrime and intention-crime policing, it's about time behaviour-policing starts taking place, now wouldn't that be truly outrageous? Something no one is again going to do anything about, thinking he's either the only one seeing it, or perhaps prefers to keep playing in his own corner?
Anyway, discussions like these should only happen after the real problem, with real child porn online gets solved. And that wouldn't happen by fighting the distribution channels as they're too many to control and police, but by making sure the production stage never happens at the first place.
Another article on the topic "Clothed Child Porn Online?". By the way, are you finally seduced now? A rocket scientist doesn't seem to be, throughout the "decade of dedicating downloading". Such a collection can now definitely acts as a new digitally fingerprinted database to keep track of.
Thursday, December 07, 2006
Symantec's Invisible Burglar Game
Good one!
Try the infamous Airport security flash game too, and search everyone for exploding toothpastes, and other dangerous substances as they become dangerous throughout the game.
Symantec's Invisible Burglar Game
Good one!
Try the infamous Airport security flash game too, and search everyone for exploding toothpastes, and other dangerous substances as they become dangerous throughout the game.
Thursday, November 30, 2006
A Chart of Personal Data Security Breaches 2005-2006
A Movie About Trusted Computing
Wednesday, November 29, 2006
CIA Personality Quiz
I feel the quiz is more of an ice-breaker, and it's hell of an amusing one as a matter of fact. Hint to the CIA's HR department - promise to show the ones who make it up for a final interview a randomly chosen analyst's collection of secret UFO files, and see your conversion rates skyrocketing. Then explain them the basics of access programs based on classification and why they have to perform better. Arbeit macht access to secret UFO files as a factor for productivity, cute.
More comments from another wannabe secret AGent.
Video of Birds Attacking an Unmanned Aerial Vehicle (UAV)
And no, don't even think on speculating of terrorists training divisions of crows to attack, or early warn of UAVs flying around the birds' air space, unless of course your wild imagination prevails.
Monday, November 27, 2006
How to Fake Fingerprints
"In order to fake a fingerprint, one needs an original first. Latent fingerprints are nothing but fat and sweat on touched items. Thus to retrieve someone elses fingerprint (in this case the fingerprint you want to forge) one should rely on well tested forensic research methods. Which is what's to be explained here."
Bow to the CCC's full disclosure shedding more light on a common sense insecurity. While it can be tackled by both ensuring the quality of the fingerprinting process, and by technological means such as adding extra layers or cross-referencing through different databases, multiple-factor authentication's benefits are proportional with their immaturity and usability issues. Fancy? For sure. Cutting-edge security? Absolutely from a technological point of view. But when fingerprints start getting more empowerment and integration within our daily lifes, malicious parties would have already taken notice, and again be a step ahead of the technological bias on fingerprinting. Coming up with new identities may indeed end up as a commodity neatly stored in a central database, or perhaps ones collected from elsewhere.
Global Map of Security Incidents and Terrorist Events
- Airport/Aviation Incidents
No more "slicing the threat on pieces", now you can see the big picture for yourself.
To Publish a Privacy Policy or Not to Publish a Privacy Policy
"This case demonstrates a complication relating to companies' claiming that they have security measures to protect their end users' privacy. Large, established companies, like Eli Lilly, understand this issue but may still have problems ensuring compliance to their privacy policy. But many emerging companies immediately post their claimed privacy policies on their company websites. These companies often fail to assess the potential risks, burdens and liabilities associated with publishing a privacy policy. They do not realize that publishing a privacy statement may be more harmful than not publishing one."
Privacy exposure assessments still remain rather unpopular among leading companies, and compliance with industry specific requirements for processing and storing personal information continue indirectly replacing what a Chief Privacy Officer would have done in a much more adaptive manner. Can we that easily talk about Total Privacy Management (TPM), the way talk about Total Quality Management (TQM) as an internal key objective for strengthening a company's reputation as a socially-oriented one? It would definitely turn into a criteria for the stakeholders, and a differentiating point for any company in question in the long term. The future of privacy? Don't over-empower the watchers or you'll have the entire data aggregation model of our society used against your rights for the sake of protecting you from "the enemy or the threat of the day".
You may also find some comments from a previous post on "Examining Internet Privacy Policies" relevant to the topic :
"Accountability, public commitment, or copywriters charging per word, privacy policies are often taken for fully enforced ones, whereas the truth is that actually no one is reading, bothering to assess them. And why would you, as by the time you've finished you'll again have no other choice but to accept them in order to use the service in question -- too much personal and sensitive identifying information is what I hear ticking. That's of course the privacy conscious perspective, and to me security is a matter of viewpoint, the way you perceive it going beyond the basics, the very same way you're going to implement it -- Identity 2.0 as a single sign on Web is slowly emerging as the real beast."
How to Tell if Someone's Lying to You
01. Watch Body Language
02. Seek Detail
03. Beware Unpleasantness
04. Observe Eye Contact
05. Signs of Stress
06. Listen for the Pause
07. Ask Again
08. Beware Those Who Protest Too Much
09. Know Thyself
10. Work on Your Intuition
Two more I can add -- answering without being asked, and on purposely stating the possibility as a negative statement already. Here's the article itself, as well as several more handy tips on detecting lies. Don't forget - if someone's being too nice with you, it means they're beating you already.
Ear whisper courtesy of Cartoonstock.com
Monday, November 20, 2006
London's Police Experimenting with Head-Mounted Surveillance Cameras
"The world draws ever-closer to the dystopia imagined in Hollywood blockbusters -- police in London are to be equipped with head-mounted cameras which will record everything in the direction the officer is looking. The tiny cameras are about the size of an AA battery and can record images of an extremely high quality.
Claimed to be a deterrent for anti-social behaviour, the first run of head-cams are being tested by eight Metropolitan beat officers this month. If successful, all police officers will eventually be equipped with a head camera.
These new 'robocops' add to the growing number of surveillance machines that peer at the public. Cynics argue that the logical progression of the police head-cam will be head-cameras that all citizens are required to wear. The video data would be relayed back to a central database where transgressions are recorded by a computer."
George Orwell is definitely turning upside down in his grave in the time of writing, and it's entirely up to you to come up with the possible scenarios for abusing this innovation -- The Final Cut too, has a good perspective.
Think that's not enough to raise your eyebrows? British Telecom is also about to "put thousands of spy camera recorders in its phone boxes and beam suspects mugshots to police. Cameras stationed on top of lampposts near the kiosks will send images to hidden digital video recorders inside the booths. Suspects photos will then be messaged almost instantly to hand-held digital assistants used by police and emergency services."
Issues to keep in mind:
- No more tax payers' money wasted on CCTVs to only cover the blind spots introduced by the old ones, now you have the "walking CCTVs" taking care
- Face and voice recognition, as well as parabolic type of remote listening capabilities will be the next milestones to reach
- Data collected would prove invaluable to ongoing investigations, and you know, "computers never lie" so digitally introducing minor motives here and there becomes a handy weakness
- More entertaining reality shows will follow for the purpose of communicating the value of the cameras to the general public
- Someone will sooner or later find a way to jam the stream
There's a saying about not looking anyone straight into the eyes on the mean streets of New York, guess the same applies to not looking straight into the eyes of London's police anymore. Every country needs an EFF of its own, especially the U.K these days. To illustrate what I have in mind, EPIC's listing the U.K at the top of the leading EU surveillance societies, and you may also find the U.K's opinion on its state of total surveillance, informative as well.
Finger-mounted keyboard chick courtesy of Kittytech.
Tuesday, November 14, 2006
Widener University Forensics Course
Satellite Imagery Trade-offs
"Eventually, Andersen said, the big but light telescopes could solve a spy-satellite conundrum. Now, those camera equipped satellites must fly closer to Earth to generate usable pictures. That means their orbits exceed the speed of Earth’s rotation, so the satellites cannot spend much time photographing one location. If spy satellites had huge telescopes, they could be placed higher above the planet in an orbit that moves at the same speed as Earth’s rotation, so they could photograph the same region constantly."
There's just one tiny comment that makes a bad impression - “That way, you could keep a constant eye on someone like Osama bin Laden” he said." In exactly the say way a security consultant wrongly tries to talk top management into increasing a budget by using the buzzword cyberterrorism, it wouldn't work and it's a rather desperate move. Even though, in case you're interested in keeping track of Bin Laden's desert trips, make sure you add a detection pattern for a white horse riding through Afghanistan.
Go through some of my previous posts to catch up with my comments on related topics.U.S No-Fly-List Enforced at Deutsche Bank NYC
"We hear Deutsche Bank’s super-suped-up security extends beyond just the beefy armed guards patrolling the street outside its headquarters at 60 Wall. Yesterday apparently a consultant who was scheduled to attend a meeting at the bank was denied entry because his name appears on the federal “no fly” list. “It was the most intense security I've seen, except for maybe the Israeli consulate,” a source who was present when the consultant was denied entry tells DealBreaker."
While that's a very unpragmatic paranoia, a U.S congresswoman seems to have recently experienced the "no-fly-list trip" too :
"Sanchez said her staff had booked her a one-way ticket from Boise, Idaho to Cincinnati through Denver. Her staff, however, was prevented from printing her boarding pass online and were also blocked from printing her boarding pass at an airport kiosk. Sanchez said she was instructed to check in with a United employee, who told her she was on the terrorist watch list. The employee asked her for identification, Sanchez recalled. "I handed over my congressional ID and he started laughing and said, 'I'm going to need an ID that has your birthday on it,'" Sanchez said in a phone interview with The Associated Press. The employee used Sanchez's birth date to determine that she was not the same Loretta Sanchez listed in the database and she was able to board her flight, she said."
Bureaucrats don't just slow down innovation and take credit for it, but when they also fall down from a window it takes a week for them to hit the ground.
Monday, November 13, 2006
Jihadi PSYOPS - CIA Attacks on Terrorist Websites
Now while this is totally untrue -- the CIA would rather be monitoring instead of shuting them down, or shut them down only after they've gathered enough info -- it's a good example of twisting the facts to improve the productivity and self-esteem of the jihadists supposed to strike back.
Bill Gates on Traffic Acquisition and Internet Bubbles
"There are a hundred YouTube sites out there," Gates said during an interview with a group of journalists in Brussels before a speech to European lawmakers. "You never know. It's very complicated in terms of what are the business models for these sites." Some of them, including sites that offer Web-based word processing and search engines, are being promoted by their creators and analysts as possible competitors to makers of retail packaged software like Microsoft. "We're back kind of in Internet-bubble era in terms of people thinking: 'O.K., traffic. We want traffic. We want traffic,'" Gates said. "There are still some areas where it is unclear what's going to come out of that."
The very basics of Internet marketing which transform branding into communication, segments into communities for instance doesn't necessarily mean that traffic is the cornerstone of E-business. Eyeballs, thus participants marely visitors converted into revenue sources speak for themselves. Win-win-win business models need no comment. Once you get the traffic, boy, what wonders are there for you to discover, sense and profitably respond to. But then again, keep in mind that search and online video represent a tiny portion of the overal Internet user's activities. Don't look for the next Google, or the next YouTube, look beyond.
Having R&D centers on enemy territories creates more job opportunities, and improves Microsoft's comfortability with its stakeholders :
"Microsoft said that it would invest $7.8 billion globally in research and development this year, about 15 percent of sales, and it plans to spend $500 million in Europe next year. Microsoft operates its main European research center on the campus of Cambridge University in England, with other research offices in Denmark and Ireland."
While it's also cheaper to operate them in Europe than in the U.S, money cannot buy innovation and many other things, so don't get too excited but learn how to surf tidal waves, the ones Bill Gates himself predicted back in 1995.
Related posts:
5 things Microsoft can do to secure the Internet, and why it wouldn't?
Microsoft in the Information Security Market
Microsoft's OneCare Penetration Pricing Strategy
Thursday, November 09, 2006
The Nuclear Grabber Toolkit
All Your Electromagnetic Transmissions Are Belong To Us
"The Ministry of Defence has admitted that a fault at a radar dome was responsible for causing electrical problems with dozens of cars. Engines and lights cut out and speedometer dials swung up to 150mph as motorists drove past the dome. At the time the MoD said there was no guarantee that the Trimingham radar on the north Norfolk coast was the cause."
Read some of the memories of a serviceman that was stationed there during the 60s :
"Another story that might be of interest relates to the time that a Russian trawler went aground at Skaw. The indications were that it was an Elint (Electronic intelligence gathering) vessel as the crew hid what they were doing from an RAF Shackleton which flew overhead as part of the search and rescue mission. Whether there was any spying equipment on board is debatable. In any event, the Unst folk did well in "liberating" fishing nets and sundry bits and pieces including the steering wheel, which was subsequently returned to the Russians. However, two RAF lads a steward and a cook found signals, maps and other papers in the skipper's cabin, some of this hidden under his mattress. They brought these back to me and our station intelligence officer had a look at them. By chance he was a Russian linguist and was able to provide a summary of what was in the documents before they were forwarded to the RAF intelligence staff at the Ministry of Defence. One of the documents proved extremely valuable to the Navy but what amazed them was that the translated summary had been done by an RAF flying officer on Unst."
You may also be interested in going through a table that "includes all military sites which have significant intelligence-gathering or analysis capability with official US presence; these are the sites which have figures for numbers of US and UK personnel".
Trimingham's radar dome courtesy of munkt0n, and Flickr's Radars group.
Related posts:
Why's that radar screen not blinking over there?
Achieving Information Warfare Dominance Back in 1962
Tuesday, November 07, 2006
The Blogosphere and Splogs
"As we’ve said in the past, some of the new blogs in our index are Spam blogs or 'splogs'. The good news is Technorati has gotten much better at preventing these kinds of blogs from getting into our indexes in the first place, which may be a factor in the slight slowing in the average of new blogs created each day.
The spikes in red on the chart above shows the increased activity that occurs when spammers create massive numbers of fake blogs and try to get them into our indexes. As the chart shows, we’ve done a much better job over the last quarter at nearly eliminating those red spikes. While last quarter I reported about 8% of new blogs that get past our filters and make it into the index are splogs, I’m happy to report that that number is now more like 4%. As always, we’ll continue to be hyper-focused on making sure that new attacks are spotted and eliminated as quickly as possible.
My gut feeling is that since we're better at dealing with Spam now, even some of the blue areas in last quarter's graph were probably accountable to spam, which would mean that rather than the bumpy ride shown above, we're actually seeing a steady increased (but slower) growth of the blogosphere. Hopefully we'll be able to have a more detailed analysis of these issues next quarter."
Meanwhile, the splogfigher is doing an amazing job of analyzing and coming up with exact splog URLs -- I'm reposting so that third-parties of particular interest reading here take a notice -- and week ago came up with 150,000 splogs, notice the dominating blogging platform? Blogspot all the way!
"I see that Google has been deleting quite a large number of splogs but even then they are on average about 20% effective. What that means is if a single spammer creates 1000 splogs, Google will eventually delete at most about 200 of them leaving 800 alone. Obvously this is rather poor percentage and hopefully my efforts will bump up that figure close to 90% and above.
20061030_1.txt - 19401 splogs20061030_2.txt - 4332 splogs
20061030_3.txt - 8936 splogs
20061030_4.txt - 8794 splogs
20061030_5.txt - 18912 splogs
20061030_6.txt - 5158 splogs
20061030_7.txt - 70755 splogs
20061030_8.txt - 1182 splogs
20061030_9.txt - 11410 splogs
20061030_10.txt - 968 splogs
20061030_11.txt - 1584 splogs
Here is a tarball of all splog list files listed above: 20061030.tar.gz"
Obviously, spammers are exploiting Blogspot's signup process, and I really feel it's about time Google starts tolerating more errors with users having trouble reading a sophisticated CAPTCHA, compared to its current too user-friendly and easily defeated one. They can balance for sure. Something else to consider, take for example the splogs collected for May, and whole the splogfighter is pointing out on the engineered 404s and Google's efforts in removing them, I was able to verify content response from over 200 splogs reported back then, take cigar-accessories-2008.blogspot.com for instance -- anyone up for crawling the lists and clustering the results? Once the signup process is flawed, not even the wisdom of crowds flagging splogs can help you.
Another recommended and very recent analysis "Characterizing the Splogosphere" is also full of juicy details, and statistical info on the emerging problem. Spammers are anything but old-fashioned.