Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: 03/27/07

Tuesday, March 27, 2007

You've Got Something in Your Eye

Or that's what the always getting bigger, Big Brother says :

"Avigilon's 16 megapixel cameras are the first surveillance cameras that can continuously monitor large fields of view while maintaining high levels of detail. In the past, security professionals have had to rely on opto-mechanical PTZ cameras for wide field of view surveillance and were forced to make a tradeoff between field of view and image detail. Avigilon's 16 megapixel cameras provide a superior solution for post incident investigation because they provide detailed images of the entire field of view, without the requirement of an operator to control the camera."

I like the press release debunking the idea of real-time incident prevention due to CCTV surveillance compared to historical performance and analyzing past events. Not that's it's not possible, but the investments are not worth the ROI, and if self-regulation is the single most visible return on investment here, that's a bad deal. But in reality, keep on living in a CCTV myopia world, where covering the "blind spot" of one camera gets covered by installing another one, and the "blind spot" of the second one gets covered by a third one. It's about time your CCTV expenditures start declining given reasonable metrics defining a successful investment appear soon.

Now let's hope these cameras never get installed in public restrooms, shall we?

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Ghosts in the Keyboard

KeyGhost is a nasty type of hardware keylogger that if ignored as a concept can truly expose a lot of data, with one downsize - the logged data has to be retrieved physically in the very same fashion the keylogger got installed. Here's how the six-year-olds do it :

"A six-year-old girl has successfully hacked into the UK Parliament's computer system, installing a keylogger onto an MPs machine. Guildford MP Anne Milton agreed to leave her computer unattended for 60 seconds as part of a test of House of Commons IT security by the BBC's Inside Out programme. Brianagh, a schoolgirl from Winchester, took just a quarter of that time to install the keylogging software without being noticed. Such easily available applications record all the keystrokes made on a machine and can therefore be used to steal passwords, financial data and personal information."

The article starts by mentioning the software and ends up with a quote on the "device" itself. The story is a great wake up call, especially the six-year-old girl part, as it will position the computer system's security as an extremely weak one in the minds of the masses, no wait the tax payers. But age doesn't really matter here, it's the idea that the majority of insecurities have an outside-towards-inside trend, namely they come from the Internet, not from within as we see in this case. In case you're interested, there're already various business development activities in releasing a laptop based PCI card keylogger given the obvious incompatibilities with a PC.

Related posts:
USB Surveillance Sticks
Espionage Ghost Busters

Dancho Danchev