Analysis of the Technical Mujahid - Issue One

An OSINT conducted, a tax payer's buck saved somewhere.

Last week, the mainstream media was abuzz with the release of the first jihadist e-zine discussing hacking, information hiding, of course in between the lines of radical propaganda, whereas no one was providing more information on the exact nature of the articles, but the SITE institute. So I decided to take a peek at the Technical Mujahid for myself, in order to break through the FUD, or not see the "threat sliced on pieces" by different news sources.

According to the official release, the magazine's download locations seem to be slowly becoming useless, besides the Rapidshare link which seems to be still fully working -- the Internet Haganah reasonably points out that owning a copy of it might get you in trouble in some countries, so don't.

Despite that I don't speak any Arabic languages, and I pressume neither do you, the e-zine is rich on visual materials and you can pretty much grasp the big picture. Namely, that it's practical compared to theoretical source of information, it's targeting mixed audiences, and it's keeping it very simple. So I've decided to compile a summary of the key sections and topics in the articles covered for future references. In one sentence - its simplicity is not to be feared, but its practicality.

The release of the magazine is an indication of the ongoing use of the Internet for mass-education -- economies of scale -- through videos and visual howto's, but much more advanced information related to information security could be obtained from public sources. The cellphone triangulation in Iraq, and the demonstration of Hacker Defender are worth mentioning, but overall, concepts such as information warfare or online PSYOPS remain unstructured and abstract ideas to the average jihadist - for now. Notice the multimedia file used as an example for the alternate data stream as well and draw up the conclusions on your own.

Don't exclude the logical possibility of on purposely disinforming the general public and various intel folks across the world on a relatively primitive inforwar practices such as using PGP and alternate data streams.

Here are the articles themselves :

01. Article One - Alternate Data Streams - steganography example given, rootkits - hacker defender covered, examples provided, abomosab.jpg used as an example

02. Article Two - Satellite Communications and the importance of GPS, handheld GPS, explains triangulation, mentions satellite imagery's power, and satellite transfer speeds, mentions 1575 and 1227 as carrier frequencies and Digital Sequence Spread Specturm - DSSS, mentions handheld GPS receiver, includes photos of 3G data card, laptop. It then discusses a locked device with a "WARNING" sign on it

03. Article Three - Visual HOWTO on Install VMware

04. Article Four - Article on digital media players, the different formats, subtitles, and the NTSC and PAL systems, recording basics as it looks like

05. Article Five - Introduction to PGP - Zimmerman is quoted, explanation of the RSA algorithm, recommending the use of PGP Whole Disk, features warning message that trial versions of PGP Whole Disk will self-decrypt

And SITE Institute's comments on the propaganda side in the introduction and conclusion :

"For future issues, the editors urge members of the jihadist Internet community to submit articles in the field of technology for publishing. They write: “My kind, technical Mujahid brother, the magnitude of responsibility which is placed upon you is equal to what you know in the regard of information. Do not underestimate anything that you know; perhaps a small article that you write and publish can benefit one Mujahid in the Cause of Allah or can protect a brother of yours in Allah. This way you will gain the great reward with the permission of Allah."

If you perceive the Technical Mujahid magazine as a threat to the national security of any country, old issues of Phrack magazine must be giving you the nightmares.

Have a productive week everyone, and stay informed!

Continue reading →

Analysis of the Technical Mujahid - Issue One

An OSINT conducted, a tax payer's buck saved somewhere.

Last week, the mainstream media was abuzz with the release of the first jihadist e-zine discussing hacking, information hiding, of course in between the lines of radical propaganda, whereas no one was providing more information on the exact nature of the articles, but the SITE institute. So I decided to take a peek at the Technical Mujahid for myself, in order to break through the FUD, or not see the "threat sliced on pieces" by different news sources.

According to the official release, the magazine's download locations seem to be slowly becoming useless, besides the Rapidshare link which seems to be still fully working -- the Internet Haganah reasonably points out that owning a copy of it might get you in trouble in some countries, so don't.

Despite that I don't speak any Arabic languages, and I pressume neither do you, the e-zine is rich on visual materials and you can pretty much grasp the big picture. Namely, that it's practical compared to theoretical source of information, it's targeting mixed audiences, and it's keeping it very simple. So I've decided to compile a summary of the key sections and topics in the articles covered for future references. In one sentence - its simplicity is not to be feared, but its practicality.

The release of the magazine is an indication of the ongoing use of the Internet for mass-education -- economies of scale -- through videos and visual howto's, but much more advanced information related to information security could be obtained from public sources. The cellphone triangulation in Iraq, and the demonstration of Hacker Defender are worth mentioning, but overall, concepts such as information warfare or online PSYOPS remain unstructured and abstract ideas to the average jihadist - for now. Notice the multimedia file used as an example for the alternate data stream as well and draw up the conclusions on your own.

Don't exclude the logical possibility of on purposely disinforming the general public and various intel folks across the world on a relatively primitive inforwar practices such as using PGP and alternate data streams.

Here are the articles themselves :

01. Article One - Alternate Data Streams - steganography example given, rootkits - hacker defender covered, examples provided, abomosab.jpg used as an example

02. Article Two - Satellite Communications and the importance of GPS, handheld GPS, explains triangulation, mentions satellite imagery's power, and satellite transfer speeds, mentions 1575 and 1227 as carrier frequencies and Digital Sequence Spread Specturm - DSSS, mentions handheld GPS receiver, includes photos of 3G data card, laptop. It then discusses a locked device with a "WARNING" sign on it

03. Article Three - Visual HOWTO on Install VMware

04. Article Four - Article on digital media players, the different formats, subtitles, and the NTSC and PAL systems, recording basics as it looks like

05. Article Five - Introduction to PGP - Zimmerman is quoted, explanation of the RSA algorithm, recommending the use of PGP Whole Disk, features warning message that trial versions of PGP Whole Disk will self-decrypt

And SITE Institute's comments on the propaganda side in the introduction and conclusion :

"For future issues, the editors urge members of the jihadist Internet community to submit articles in the field of technology for publishing. They write: “My kind, technical Mujahid brother, the magnitude of responsibility which is placed upon you is equal to what you know in the regard of information. Do not underestimate anything that you know; perhaps a small article that you write and publish can benefit one Mujahid in the Cause of Allah or can protect a brother of yours in Allah. This way you will gain the great reward with the permission of Allah."

If you perceive the Technical Mujahid magazine as a threat to the national security of any country, old issues of Phrack magazine must be giving you the nightmares.

Have a productive week everyone, and stay informed!

Continue reading →

Full List of Hezbollah's Internet Sites

Some of the propaganda is so catchy it can easily compete with the Soviet propaganda posters during the Cold War visualizing the evil forces from their point of view. Great case studies on Internet psychological operations, and Hezbollah's understanding of Cyberterrorism.

Here's a list of the URLs mentioned :
moqawama.org
moqawama.tv
ghaliboun.net
hizbollah.org
nasrollah.org
hizbollah.tv
moqawama.info
moqawama.net
moqawama.org
moqavemat.com
moqavemat.ir
shiaweb.org
manartv.com.lb
almanar.com.lb
islamicdigest.net
manartv.com.lb
al-nour.net
intiqadonline.com
alintiqad.com
alahed.org
wa3ad.org
islamicdigest.net
somod.org
bintjbeil.com
altaybeh.net
deirqanounalnahr.jeeran.com
alshahid.org
almahdiscouts.org
jihadbinaa.org
samirkuntar.org
groups.msn.com/justiciadivinavenezuela
es.groups.yahoo.com/group/Hezboallah_latino
groups.msn.com/autonomiaislamicawayuu
groups.msn.com/Hezbollahelsalvador
hezboallahpartidoislamico.blogspot.es

And the IPs for your network reconnaissance pleasure :

82.137.205.249
82.137.205.247
202.75.42.155
205.178.189.131
216.21.229.196
202.71.104.241
209.85.5.112
203.121.71.217
82.137.205.249
82.137.205.249
69.10.136.210
207.44.244.117
66.98.225.220
209.172.35.181
209.85.5.113
208.64.28.10
66.199.236.147

Related posts:
Analysis of the Technical Mujahid Magazine - Issue One
Hezbollah's DNS Service Providers from 1998 to 2006
Hezbollah's use of Unmanned Aerial Vehicles - UAVs Continue reading →

Digital Terrorism and Hate 2006 CD-ROM

In some of my previous investigative posts "Tracking Down Internet Terrorist Propaganda", "Arabic Extremist Group Forum Messages' Characteristics", "Cyber Terrorism Communications and Propaganda", "Steganography and Cyber Terrorism Communications", "A Cost-Benefit Analysis of Cyber Terrorism", I extensively blogged about Cyberterrorism and emphasized on the defensive use of it, communication channels under the shadow of SCADA devices and critical infrastructure getting attacked. Perspectives like these often ruin someone's self-mythology, but the Pupper Master too made a point when saying that your desire to remain what you're is what limits you, so evolve, or end up on the verge of extinction.

Here's a little something for everyone thinking cyberterrorism is surreal. Considering for a while that even primitive forms of existence such as street gangs utilize the Internet for propaganda, wouldn't a much better financed terrorist organization be compelled to participate? In fact they've been doing so even before 9/11, but I feel it's the good guys' cavalier attitude that ended up in the now, mature cyberterrorism platform.

A great source for open source intelligence to anyone interested in, here's a summary :

"This sixth and newest version of the Simon Wiesenthal Center's annual report of problematic websites exposes the growing use of the Internet as a key propaganda weapon, marketing tool and fundraising engine by terrorist groups such as Al Qaeda and Hamas, in addition to its continuing assessment of traditional extremist groups such as the KKK and neo-Nazis. "Although they swear to destroy the West, extremists and terrorists have taken to using Western technology to recruit, finance and plan their insidious actions," said Mark Weitzman, Director of the Simon Wiesenthal Center's Task Force Against Hate."

Now what would an intelligence agency do when knowing exactly where to look? Shut them down and prosecute someone, or adapt deep within the community to gather as much OSINT as possible. Whatever the outcome, keep in mind on the possibility of indirect intelligence engineering, as the way you're watching them, the same way they're watching you, watching them. Continue reading →

Current State of Internet Jihad

Very good article on various geopolitical issues related to the Middle East vs the West, and most importantly an overview of the current state of online jihad. Excluding webcasts, video howto's, and video games as a commodity in the big picture, what's left at the bottom line is easily accessible open source intelligence, and tactical warfare practices such as this one :

"Some of the techniques of evasion are disarmingly simple. Rather than send emails, some jihadists simply write and save draft emails, storing them in an account with a password that's known to other members of the cell. Because they are never actually sent, they can't be detected by intelligence agencies."

Can you intercept an email that's never been sent? And what if a legitimate user's account end up as a dead box? Moreover, the article points out to the recently released Technical Mujahid magazine :

"Raisman points to a recent publication by the al-Fajr group, another communications arm of al-Qaeda and its fellow travellers. He said it contained a very sophisticated manual on internet security, how to avoid hackers, secure personal files and ensure any computer that is captured is of little value to Western authorities."

Going through the magazine itself as I indeed obtained a copy and will publish a summary of it anytime now, there's nothing really that very sophisticated to be afraid of, unless you know nothing about installing a virtual machine, or what triangulation is all about.

A handy summary of the article and things to keep in mind :

- There are over 5000 militant Islamic websites, up from less than a dozen in 1998 -- these are only the static ones compared to hundreds more temporary campaign ones

- They are an extremely effective way for terrorist groups to plan operations, recruit followers, raise funds and distribute propaganda -- centralization of forces and services is exactly what a terrorist organization isn't into. Diversification and autonomous management for the sake of improving the continuity of the site in operation is what really matter, namely you'll have the propaganda platform spreading online details on how to donate cash on a site that's been set up for this purpose only. By the time there's been a leak in the "good guys" covert competitive intelligence efforts, the donation site will dissapear and reappear somewhere else, while the central propaganda platform remains fully active. Take the other perspective, if the "bad guys" are aware the "good guys" are reading, they may logically leave a decoy to later on analyze how it's being processed and disinform on what may seem a very decent first-hand information gathered through open source intelligence.

- Their mastery of the web could extend to cyber-terrorism, such as disabling the communication systems that underpin key sectors such as banking and energy -- any government's single biggest mistake is stereotyping about cyberterrorism, namely that it's the offensive use of cyberterrorism to worry about, whereas the defensive, or passive concepts are already maturing.

- Western agencies are almost powerless to stop the jihadists' internet activities -- of course they aren't, and stopping compared to monitoring is totally wrong, the enemy's location you know is better than the enemy's location you don't know.

- Western governments have been very slow to respond and are only now turning their attention to combating the potent "story" promulgated over the internet -- they wouldn't be that very slow in responding if they actually knew how many people read and got brainwashed by it, thus what conversion rate can we talk about from a reader, to collaborator, to wannabe terrorist, come up with metrics and raise eyebrows. Continue reading →

Full List of Hezbollah's Internet Sites

Some of the propaganda is so catchy it can easily compete with the Soviet propaganda posters during the Cold War visualizing the evil forces from their point of view. Great case studies on Internet psychological operations, and Hezbollah's understanding of Cyberterrorism.

Here's a list of the URLs mentioned :
moqawama.org
moqawama.tv
ghaliboun.net
hizbollah.org
nasrollah.org
hizbollah.tv
moqawama.info
moqawama.net
moqawama.org
moqavemat.com
moqavemat.ir
shiaweb.org
manartv.com.lb
almanar.com.lb
islamicdigest.net
manartv.com.lb
al-nour.net
intiqadonline.com
alintiqad.com
alahed.org
wa3ad.org
islamicdigest.net
somod.org
bintjbeil.com
altaybeh.net
deirqanounalnahr.jeeran.com
alshahid.org
almahdiscouts.org
jihadbinaa.org
samirkuntar.org
groups.msn.com/justiciadivinavenezuela
es.groups.yahoo.com/group/Hezboallah_latino
groups.msn.com/autonomiaislamicawayuu
groups.msn.com/Hezbollahelsalvador
hezboallahpartidoislamico.blogspot.es

And the IPs for your network reconnaissance pleasure :

82.137.205.249
82.137.205.247
202.75.42.155
205.178.189.131
216.21.229.196
202.71.104.241
209.85.5.112
203.121.71.217
82.137.205.249
82.137.205.249
69.10.136.210
207.44.244.117
66.98.225.220
209.172.35.181
209.85.5.113
208.64.28.10
66.199.236.147

Related posts:
Analysis of the Technical Mujahid Magazine - Issue One
Hezbollah's DNS Service Providers from 1998 to 2006
Hezbollah's use of Unmanned Aerial Vehicles - UAVs Continue reading →

Digital Terrorism and Hate 2006 CD-ROM

In some of my previous investigative posts "Tracking Down Internet Terrorist Propaganda", "Arabic Extremist Group Forum Messages' Characteristics", "Cyber Terrorism Communications and Propaganda", "Steganography and Cyber Terrorism Communications", "A Cost-Benefit Analysis of Cyber Terrorism", I extensively blogged about Cyberterrorism and emphasized on the defensive use of it, communication channels under the shadow of SCADA devices and critical infrastructure getting attacked. Perspectives like these often ruin someone's self-mythology, but the Pupper Master too made a point when saying that your desire to remain what you're is what limits you, so evolve, or end up on the verge of extinction.

Here's a little something for everyone thinking cyberterrorism is surreal. Considering for a while that even primitive forms of existence such as street gangs utilize the Internet for propaganda, wouldn't a much better financed terrorist organization be compelled to participate? In fact they've been doing so even before 9/11, but I feel it's the good guys' cavalier attitude that ended up in the now, mature cyberterrorism platform.

A great source for open source intelligence to anyone interested in, here's a summary :

"This sixth and newest version of the Simon Wiesenthal Center's annual report of problematic websites exposes the growing use of the Internet as a key propaganda weapon, marketing tool and fundraising engine by terrorist groups such as Al Qaeda and Hamas, in addition to its continuing assessment of traditional extremist groups such as the KKK and neo-Nazis. "Although they swear to destroy the West, extremists and terrorists have taken to using Western technology to recruit, finance and plan their insidious actions," said Mark Weitzman, Director of the Simon Wiesenthal Center's Task Force Against Hate."

Now what would an intelligence agency do when knowing exactly where to look? Shut them down and prosecute someone, or adapt deep within the community to gather as much OSINT as possible. Whatever the outcome, keep in mind on the possibility of indirect intelligence engineering, as the way you're watching them, the same way they're watching you, watching them. Continue reading →

Current State of Internet Jihad

Very good article on various geopolitical issues related to the Middle East vs the West, and most importantly an overview of the current state of online jihad. Excluding webcasts, video howto's, and video games as a commodity in the big picture, what's left at the bottom line is easily accessible open source intelligence, and tactical warfare practices such as this one :

"Some of the techniques of evasion are disarmingly simple. Rather than send emails, some jihadists simply write and save draft emails, storing them in an account with a password that's known to other members of the cell. Because they are never actually sent, they can't be detected by intelligence agencies."

Can you intercept an email that's never been sent? And what if a legitimate user's account end up as a dead box? Moreover, the article points out to the recently released Technical Mujahid magazine :

"Raisman points to a recent publication by the al-Fajr group, another communications arm of al-Qaeda and its fellow travellers. He said it contained a very sophisticated manual on internet security, how to avoid hackers, secure personal files and ensure any computer that is captured is of little value to Western authorities."

Going through the magazine itself as I indeed obtained a copy and will publish a summary of it anytime now, there's nothing really that very sophisticated to be afraid of, unless you know nothing about installing a virtual machine, or what triangulation is all about.

A handy summary of the article and things to keep in mind :

- There are over 5000 militant Islamic websites, up from less than a dozen in 1998 -- these are only the static ones compared to hundreds more temporary campaign ones

- They are an extremely effective way for terrorist groups to plan operations, recruit followers, raise funds and distribute propaganda -- centralization of forces and services is exactly what a terrorist organization isn't into. Diversification and autonomous management for the sake of improving the continuity of the site in operation is what really matter, namely you'll have the propaganda platform spreading online details on how to donate cash on a site that's been set up for this purpose only. By the time there's been a leak in the "good guys" covert competitive intelligence efforts, the donation site will dissapear and reappear somewhere else, while the central propaganda platform remains fully active. Take the other perspective, if the "bad guys" are aware the "good guys" are reading, they may logically leave a decoy to later on analyze how it's being processed and disinform on what may seem a very decent first-hand information gathered through open source intelligence.

- Their mastery of the web could extend to cyber-terrorism, such as disabling the communication systems that underpin key sectors such as banking and energy -- any government's single biggest mistake is stereotyping about cyberterrorism, namely that it's the offensive use of cyberterrorism to worry about, whereas the defensive, or passive concepts are already maturing.

- Western agencies are almost powerless to stop the jihadists' internet activities -- of course they aren't, and stopping compared to monitoring is totally wrong, the enemy's location you know is better than the enemy's location you don't know.

- Western governments have been very slow to respond and are only now turning their attention to combating the potent "story" promulgated over the internet -- they wouldn't be that very slow in responding if they actually knew how many people read and got brainwashed by it, thus what conversion rate can we talk about from a reader, to collaborator, to wannabe terrorist, come up with metrics and raise eyebrows. Continue reading →

Censoring Seductive Child Behaviour

define:seductive

define:unaware
define:immature
define:maturing

"Covert pedophilia in the Victorian society". Is that a good line, or is that a good line? Censorship as a matter of viewpoint - as of recently Globe and Mail want you to purchase the article without realizing the click-through rates for both, Doubleclick serving the ads at their site and them, if it were distributing it for free, but anyway guess they should have told Google either :

"The Legards' central thesis is that the debate over children and sexual imagery has been dominated and distorted by two opposing myths: one is "the quasi-religious conception of childhood innocence," which involves "the irrational denial of childhood sexuality"; the other is "the ideology" of the artist as someone "possessing mystical abilities and unique rights" that should not be constrained by the state."

After thoughtcrime and intention-crime policing, it's about time behaviour-policing starts taking place, now wouldn't that be truly outrageous? Something no one is again going to do anything about, thinking he's either the only one seeing it, or perhaps prefers to keep playing in his own corner?

Anyway, discussions like these should only happen after the real problem, with real child porn online gets solved. And that wouldn't happen by fighting the distribution channels as they're too many to control and police, but by making sure the production stage never happens at the first place.

Another article on the topic "Clothed Child Porn Online?". By the way, are you finally seduced now? A rocket scientist doesn't seem to be, throughout the "decade of dedicating downloading". Such a collection can now definitely acts as a new digitally fingerprinted database to keep track of. Continue reading →

Censoring Seductive Child Behaviour

define:seductive
define:unaware
define:immature
define:maturing

"Covert pedophilia in the Victorian society". Is that a good line, or is that a good line? Censorship as a matter of viewpoint - as of recently Globe and Mail want you to purchase the article without realizing the click-through rates for both, Doubleclick serving the ads at their site and them, if it were distributing it for free, but anyway guess they should have told Google either :

"The Legards' central thesis is that the debate over children and sexual imagery has been dominated and distorted by two opposing myths: one is "the quasi-religious conception of childhood innocence," which involves "the irrational denial of childhood sexuality"; the other is "the ideology" of the artist as someone "possessing mystical abilities and unique rights" that should not be constrained by the state."

After thoughtcrime and intention-crime policing, it's about time behaviour-policing starts taking place, now wouldn't that be truly outrageous? Something no one is again going to do anything about, thinking he's either the only one seeing it, or perhaps prefers to keep playing in his own corner?

Anyway, discussions like these should only happen after the real problem, with real child porn online gets solved. And that wouldn't happen by fighting the distribution channels as they're too many to control and police, but by making sure the production stage never happens at the first place.

Another article on the topic "Clothed Child Porn Online?". By the way, are you finally seduced now? A rocket scientist doesn't seem to be, throughout the "decade of dedicating downloading". Such a collection can now definitely acts as a new digitally fingerprinted database to keep track of. Continue reading →

Symantec's Invisible Burglar Game

Cheers to Symantec's PR folks for coming up with such an entertaining promotion of Norton 360, so that "if everything gets too much hit the spacebar to activate the Norton 360 force field to destroy everything in sight."

Good one!

Try the infamous Airport security flash game too, and search everyone for exploding toothpastes, and other dangerous substances as they become dangerous throughout the game.

Continue reading →

Symantec's Invisible Burglar Game

Cheers to Symantec's PR folks for coming up with such an entertaining promotion of Norton 360, so that "if everything gets too much hit the spacebar to activate the Norton 360 force field to destroy everything in sight."

Good one!

Try the infamous Airport security flash game too, and search everyone for exploding toothpastes, and other dangerous substances as they become dangerous throughout the game. Continue reading →

A Chart of Personal Data Security Breaches 2005-2006

Following my previous post on "Personal Data Security Breaches - 2000/2005", you may also find this "Chart of Security Breaches for 2005 - 2006" worth taking a look at -- lost or stolen equipment with data dominate the threatscape.

With the eye-popping big bubbles, and hundreds of thousands of people exposed due to the centralized and insecure nature of storing and processing their information, ask yourself why would an attacker ever bother to initiate a network level attack against a data aggregator nowadays? Consider the other perspective when it comes to data security breaches, namely "To report, or not to report?" a breach, and how is an organization supposed to report when they're not ever aware that personal information has already been exposed.

Take your time to go through a very good resource keeping track of all reported data security breaches and notice the most common patterns for yourself.

Continue reading →

A Movie About Trusted Computing

Great opinionated introduction to the topic. Trusted computing isn't the panacea of total security simply because there can never be 100% secure OS or a device, unless of course you put so much security layers in place to end up with zero usability, so what's it gonna be? Insecurities are a commodity, but security and usability issues are always a matter of viewpoint, so don't act as if you can provide 100% security, because what you're actually offering is a marginal thinking while proposing a solution. Continue reading →

CIA Personality Quiz

An impressive mastermind is what I got as a type of personality, quite a bit of suspicious flattery isn't it?

I feel the quiz is more of an ice-breaker, and it's hell of an amusing one as a matter of fact. Hint to the CIA's HR department - promise to show the ones who make it up for a final interview a randomly chosen analyst's collection of secret UFO files, and see your conversion rates skyrocketing. Then explain them the basics of access programs based on classification and why they have to perform better. Arbeit macht access to secret UFO files as a factor for productivity, cute.

More comments from another wannabe secret AGent. Continue reading →

Video of Birds Attacking an Unmanned Aerial Vehicle (UAV)

Mother Nature on the basics of asymmetric warfare :

"However, on one flight, a test Raven attracted the attention of two nearby crows, who initially squawked a territorial warning at the UAV. Unsuprisingly undeterred by the warnings, the UAVs carried on on their descent and were subsequently attacked by the crows. See the video clip below.

The UAVs were required to remain at low altitude for the duration of each sortie, airspace above the city forming part of the western approaches to Brisbane International airport."

And no, don't even think on speculating of terrorists training divisions of crows to attack, or early warn of UAVs flying around the birds' air space, unless of course your wild imagination prevails.

Continue reading →

How to Fake Fingerprints

With all the buzz of fingerprinting this and that, fingerprint these instructions on how copy and fake fingerprints :

"In order to fake a fingerprint, one needs an original first. Latent fingerprints are nothing but fat and sweat on touched items. Thus to retrieve someone elses fingerprint (in this case the fingerprint you want to forge) one should rely on well tested forensic research methods. Which is what's to be explained here."

Bow to the CCC's full disclosure shedding more light on a common sense insecurity. While it can be tackled by both ensuring the quality of the fingerprinting process, and by technological means such as adding extra layers or cross-referencing through different databases, multiple-factor authentication's benefits are proportional with their immaturity and usability issues. Fancy? For sure. Cutting-edge security? Absolutely from a technological point of view. But when fingerprints start getting more empowerment and integration within our daily lifes, malicious parties would have already taken notice, and again be a step ahead of the technological bias on fingerprinting. Coming up with new identities may indeed end up as a commodity neatly stored in a central database, or perhaps ones collected from elsewhere. Continue reading →

Global Map of Security Incidents and Terrorist Events

Outstanding project demonstrating the benefits of open source intelligence positioned on Google Maps while providing you with the very latest global security and suspicious events in categories such as :

- Airport/Aviation Incidents

- Arson/Fire Incidents

- Biological Incidents/ Threats/ Anthrax Hoaxes etc

- Bomb Incidents/Explosives/ Hoax Devices

- Chemical Incident

- Dam Incident

- Radiation Incidents/ Smuggling/ Proliferation

- Chemical Attack

- Other Suspicious Activity

- Shipping/Maritime/Ports/Cargo/Waterways Security

- Assassination/ Assassination Attempt

- Railways/Train Stations

- Bus Stations/ Bus Security/ Bus Related Incidents

- Bridge / Tunnel Incidents and Security

- Shootings / Sniper Incidents/ Etc

- Terrorist Arrests/Captured/Killed Locations

No more "slicing the threat on pieces", now you can see the big picture for yourself.

Continue reading →

To Publish a Privacy Policy or Not to Publish a Privacy Policy

Here's an article arguing that "publishing a privacy statement may be more harmful than not publishing one"only if enforcement, implementation and monitoring don't intersect as they should :

"This case demonstrates a complication relating to companies' claiming that they have security measures to protect their end users' privacy. Large, established companies, like Eli Lilly, understand this issue but may still have problems ensuring compliance to their privacy policy. But many emerging companies immediately post their claimed privacy policies on their company websites. These companies often fail to assess the potential risks, burdens and liabilities associated with publishing a privacy policy. They do not realize that publishing a privacy statement may be more harmful than not publishing one."

Privacy exposure assessments still remain rather unpopular among leading companies, and compliance with industry specific requirements for processing and storing personal information continue indirectly replacing what a Chief Privacy Officer would have done in a much more adaptive manner. Can we that easily talk about Total Privacy Management (TPM), the way talk about Total Quality Management (TQM) as an internal key objective for strengthening a company's reputation as a socially-oriented one? It would definitely turn into a criteria for the stakeholders, and a differentiating point for any company in question in the long term. The future of privacy? Don't over-empower the watchers or you'll have the entire data aggregation model of our society used against your rights for the sake of protecting you from "the enemy or the threat of the day".

You may also find some comments from a previous post on "Examining Internet Privacy Policies" relevant to the topic :

"Accountability, public commitment, or copywriters charging per word, privacy policies are often taken for fully enforced ones, whereas the truth is that actually no one is reading, bothering to assess them. And why would you, as by the time you've finished you'll again have no other choice but to accept them in order to use the service in question -- too much personal and sensitive identifying information is what I hear ticking. That's of course the privacy conscious perspective, and to me security is a matter of viewpoint, the way you perceive it going beyond the basics, the very same way you're going to implement it -- Identity 2.0 as a single sign on Web is slowly emerging as the real beast." Continue reading →

How to Tell if Someone's Lying to You

Interactive slideshow providing ten tips on how to tell if someone's lying to you. These can of course be interpreted in different ways and applied under specific circumstances only. Some are very practical though :

01. Watch Body Language
02. Seek Detail
03. Beware Unpleasantness
04. Observe Eye Contact
05. Signs of Stress
06. Listen for the Pause
07. Ask Again
08. Beware Those Who Protest Too Much
09. Know Thyself
10. Work on Your Intuition

Two more I can add -- answering without being asked, and on purposely stating the possibility as a negative statement already. Here's the article itself, as well as several more handy tips on detecting lies. Don't forget - if someone's being too nice with you, it means they're beating you already.

Ear whisper courtesy of Cartoonstock.com Continue reading →