You've Got Something in Your Eye

Or that's what the always getting bigger, Big Brother says :

"Avigilon's 16 megapixel cameras are the first surveillance cameras that can continuously monitor large fields of view while maintaining high levels of detail. In the past, security professionals have had to rely on opto-mechanical PTZ cameras for wide field of view surveillance and were forced to make a tradeoff between field of view and image detail. Avigilon's 16 megapixel cameras provide a superior solution for post incident investigation because they provide detailed images of the entire field of view, without the requirement of an operator to control the camera."

I like the press release debunking the idea of real-time incident prevention due to CCTV surveillance compared to historical performance and analyzing past events. Not that's it's not possible, but the investments are not worth the ROI, and if self-regulation is the single most visible return on investment here, that's a bad deal. But in reality, keep on living in a CCTV myopia world, where covering the "blind spot" of one camera gets covered by installing another one, and the "blind spot" of the second one gets covered by a third one. It's about time your CCTV expenditures start declining given reasonable metrics defining a successful investment appear soon.

Now let's hope these cameras never get installed in public restrooms, shall we?

Ghosts in the Keyboard

KeyGhost is a nasty type of hardware keylogger that if ignored as a concept can truly expose a lot of data, with one downsize - the logged data has to be retrieved physically in the very same fashion the keylogger got installed. Here's how the six-year-olds do it :

"A six-year-old girl has successfully hacked into the UK Parliament's computer system, installing a keylogger onto an MPs machine. Guildford MP Anne Milton agreed to leave her computer unattended for 60 seconds as part of a test of House of Commons IT security by the BBC's Inside Out programme. Brianagh, a schoolgirl from Winchester, took just a quarter of that time to install the keylogging software without being noticed. Such easily available applications record all the keystrokes made on a machine and can therefore be used to steal passwords, financial data and personal information."

The article starts by mentioning the software and ends up with a quote on the "device" itself. The story is a great wake up call, especially the six-year-old girl part, as it will position the computer system's security as an extremely weak one in the minds of the masses, no wait the tax payers. But age doesn't really matter here, it's the idea that the majority of insecurities have an outside-towards-inside trend, namely they come from the Internet, not from within as we see in this case. In case you're interested, there're already various business development activities in releasing a laptop based PCI card keylogger given the obvious incompatibilities with a PC.

Related posts:
USB Surveillance Sticks
Espionage Ghost Busters

Take this Malicious Site Down - Processing Order..

Yet another pay-pal-secure-login.tld domain gets registered, and even more ironic in its directory listings you'll be able to digg out several other financial institutions and online companies logins, even competitors. Financial institutions cannot cope with the level of such registered domains and some -- even after reported to the usual abuse account -- remain active for weeks to come. So how do you protect these businesses and cash in between for doing so? Looks like RSA are diversifying their service from phishing hosting sites to malware hosting ones :

"EMC's RSA division plans to launch a new service next month that will help financial institutions take down Web sites associated with malicious Trojan Horse software. The service is planned as an extension to the FraudAction phishing takedown service already offered by RSA, said Louie Gasparini, co-chief technical officer with RSA's Consumer Solutions unit. "We're leveraging the same infrastructure we already have in place... and now we're focusing our attention on how Trojans work," he said. Gasparini said he expects financial services companies, auction sites, and online merchants to use the service. "It's really allowing the institution to better protect its customers," he said."

Can RSA really cash in by re-intermediating the current communication model, and most importantly do a better job? It can sure allow the targeted companies to focus on innovation and growth, not on online impersonation attacks so I find this a sound product line extension, but need more performance stats to offer valuable recommendations.

According to the latest Anti-Phishing.org report, the threatscape looks very favorable in respect to communicating with the major country hosting phishing sites - the U.S, followed by China and South Korea. In between companies diversifying their portfolios of services and products, there's one other thing to keep in mind and that's how can you achieve the same results in more cost effective way than the commercial propositions? And can you actually? Do you even have to dedicate financial resources to shut down these sites compared to educating your customers on how to use their brains? Ask yourself these questions before losing it in a budget allocation myopia. Something else to keep in mind - ISPs will also start getting interested in the idea of equal distribution of revenues given the sound business model.

Related posts:
The Phishing Ecosystem
Anti-phishing Toolbars - Can You Trust Them?
Google's Anti-phishing Black and White Lists

Tricking an UAV's Thermal Imagery

Give me a hug so that we become "thermally one" for the thermal paparazi to see. When you know how it works you can either improve, abuse or destroy it. Very interesting abuse of technology by the people knowing how it works :

"The Marines cuffed Awad and took him to a nearby bomb crater. At this point the drone approached for its first pass overhead. One of the group moved forward and dug a hole at the crater, while the others posed with Awad behind a wall. The recorded thermal imagery from the aircraft seemed to show troops watching an insurgent digging by the road, perhaps to place a bomb. After the drone had passed, the group moved Awad forward to the hole. But at this point the surveillance platform returned, so one of the Marines wrapped himself around Awad so as to create a single thermal signature, disguising the captive's presence."

If you're under thermal surveillance a cold shower's your invisibility coat if one's available. Wired has some photos on this story.

Zoom Zoom Zoom - Boom!

If you could only eradicate the radicalization of immature islamic youth over the Internet with the push of a button. Great surgical shot!

A Documentary on CCTVs in the U.K

Every breath you take, every move you make, I'll be watching you. Used to be a great song, but has a disturbing context these days. Nino Leitner's EveryStepYouTake documentary on the state of surveillance in the U.K will premier this month, and I suspect the full version will be made available for the world to see too :

"Trying to answer questions like these, Nino Leitner’s one-hour documentary “EVERY STEP YOU TAKE” digs deep into an entirely British phenomenon: nation-wide video surveillance. It features formal interviews with the surveillance researcher Professor Clive Norris, Deputy Chief Constable Andy Trotter from the British Transport Police, a representative of Britain’s largest civil rights group Liberty, a CCTV manager from a public local CCTV scheme, experts in the field of transport policing and many more. The surveillance reality in Britain is compared with another member of the E.U., Austria. Compared to the UK, it can be seen as a developing country in terms of CCTV, but just as elsewhere all over the world, politicians are eager to extend the surveillance gaze."

Here's an animation to help you explain what surveillance means to your cat, another one fully loaded with attitude, and let's not exclude the big picture.

Related posts:
London's Police Experimenting with Head-Mounted Surveillance Cameras
Head Mounted Surveillance System
Eyes in London's Sky - Surveillance Poster
External links