Posts Tagged OPSEC

Possible Backdoor in iPhone OS

From The Daily Mail:

A security expert has warned Apple’s iOS software contains potentially sinister tools that could be used by governments to spy on iPhone and iPad users.

Speaking at the ‘Hackers on planet Earth’ conference in New York, Jonathan Zdziarski said that most users are unaware of the lack of protection for iPhone data.

He added files found hidden within the firm’s software contain a file-relay service that can be used to access the user’s address book, photos, voicemail and any accounts configured on the device.

However, Apple has denied the claims the backdoor was created deliberately for government or surveillance purposes.

, , , , , , , , , ,

No Comments

Concern Increasing Over Skype’s Security

From Electronic Freedom Foundation:

This security limitation has concerned us for a long time. Last year, Chris Soghoian argued that, for this reason, “Skype is in a position to give the government sufficient data to perform a man in the middle attack against Skype users.” Soghoian argued that Skype should change its design to eliminate this ability, or else disclose the risk more prominently. One way of limiting man-in-the-middle attacks would be for Skype to introduce a way for users to do their own encryption key verification, without relying on the Skype service. As Soghoian notes, that’s what many other encrypted communications tools do—but such a verification option is missing from Skype.

, , , , , , ,

No Comments

Creating and Managing Passwords: How the Experts Do It

From Ars Technica:

I recently checked in with five security experts to learn about their approach to choosing and storing crack-resistant passwords. They include renowned cryptographer Bruce Schneier, who is a “security futurologist” at BT and recently joined the Electronic Frontier Foundation’s board of directors; Adriel T. Desautels, CEO of Netragard, a firm that gets paid to hack large companies and then tell them how it was done; Jeremiah Grossman, founder and CTO of WhiteHat Security; Jeffrey Goldberg, “defender against the dark arts” at AgileBits, a company that develops the popular 1Password password manager; and Jeremi Gosney, a password security expert at Stricture Consulting.

, , , ,

No Comments

Why ‘I Have Nothing to Hide’ Is the Wrong Way to Think About Surveillance

The problem is that “good” people almost never see how fascist government actions will ever effect them. They just don’t think that way. They believe as long as they are law abiding, the government will never do them harm. But ask someone who lived with the Stazi (Ministry for State Security) in East Germany or the KGB (Committee for State Security) in the Soviet Union, watching their every move. They can tell you why you should be afraid, and there are plenty of them still around to talk to. If we don’t stop this now we will probably never again have the chance.

From: Wired

If the federal government can’t even count how many laws there are, what chance does an individual have of being certain that they are not acting in violation of one of them?


, , , , ,

No Comments

President Obama says he’s not Big Brother, NPR responds.

George Orwell

George Orwell

NPR is, in my opinion, the undisputed master of ultra-subtle propaganda. The publicly funded “News” organization is actually a chillingly effective tool of Collectivism and Big (Brother) Government.  Effective because most of my right-leaning moderate friends can see no manipulation at all. After reading this piece on what NPR calls “Our Surveillance Society” you most likely will consider it balanced and objective.  And yet I feel like a hound that can’t get the blaring tea kettle sound from two blocks away out of his head, while no one around him can hear it at all. Well at least they bothered to write something instead of ignoring it. That in and of itself, plus the exquisite subtlety of the propaganda, is an indication of just how onerous these unconstitutional actions are.

From: NPR

President Obama says he’s not Big Brother. The author who created the concept might disagree.

Addressing the controversy over widespread government surveillance of telephone records and Internet traffic Friday, Obama said, “In the abstract, you can complain about Big Brother and how this is a potential program run amok, but when you actually look at the details, then I think we’ve struck the right balance.”


, , , , , ,

No Comments

OPSEC For Journalists And Leakers

Wired’s Danger Room has some tips for journalists to protect their identity from subpoenas like the one involving the AP.

We now live in a world where public servants informing the public about government behavior or wrongdoing must practice the tradecraft of drug dealers and spies. Otherwise, these informants could get caught in the web of administrations that view George Orwell’s 1984 as an operations manual.

, , , , , , , , , , , ,

No Comments

Anonymity Impossible?

MIT asks the question in an article about how much information individuals create about themselves.

Much of this data is invisible to people and seems impersonal. But it’s not. What modern data science is finding is that nearly any type of data can be used, much like a fingerprint, to identify the person who created it: your choice of movies on Netflix, the location signals emitted by your cell phone, even your pattern of walking as recorded by a surveillance camera. In effect, the more data there is, the less any of it can be said to be private, since the richness of that data makes pinpointing people “algorithmically possible,” says Princeton University computer scientist Arvind Narayanan.

, , , , , , , , , , ,

No Comments

Joe Biden Accidentally Helped Us All E-Mail in Private

From: Danger Room

In the late ’80s and early ’90s, Phil Zimmermann was a Colorado peacenik with a half-written program that he swore would one day let people exchange messages without Big Brother peering inside. The problem was, with a freelance job and two kids, Zimmermann could never quite find the time to finish the damn code — until Joe Biden came along.


, , , ,

No Comments

National Security leaks from the Obama Administration

These Intelligence and Special Operations Professionals were mocked, ignored and belittled by the National Media this summer when much of this activity was revealed.

From: OPSECTeam via YouTube

Intelligence and Special Operations forces are furious and frustrated at how President Obama and those in positions of authority have exploited their service for political advantage. Countless leaks, interviews and decisions by the Obama Administration and other government officials have undermined the success of our Intelligence and Special Operations forces and put future missions and personnel at risk.

The unwarranted and dangerous public disclosure of Special Forces Operations is so serious — that for the first time ever — former operators have agreed to risk their reputations and go ‘on the record’ in a special documentary titled “Dishonorable Disclosures.” Its goal is to educate America about serious breaches of security and prevent them from ever happening again.

Use of military ranks, titles & photographs in uniform does not imply endorsement of the Dept of the Army or the Department of Defense. All individuals are no longer in active service with any federal agency or military service.

, , , , , ,

No Comments

Google Accidentally Transmits Self-Destruct Code to Army of Chrome Browsers

From: Wired Enterprise

Google’s Gmail service went down for about 20 minutes on Monday. That was annoying, but not exactly unprecedented. These sorts of outages happen all the time. What was strange is that the Gmail outage coincided with widespread reports that Google’s Chrome browser was also crashing.

Late Monday, Google engineer Tim Steele confirmed what developers had been suspecting. The crashes were affecting Chrome users who were using another Google web service known as Sync, and that Sync and other Google services — presumably Gmail too — were clobbered Monday when Google misconfigured its load-balancing servers.


, , , , , ,

No Comments

Operations Security and Intelligence


I am working on what may end up being a multi-part piece on Mexican DTO’s, but that research (in addition to my graduate work and…uhh… work) will take bit.

In the meantime, I got some requests to discuss OPSEC. OPSEC is a serious subject and it is thrown around a lot, sometimes correctly and sometimes incorrectly. So let us start with defining it. According to DoD Directive 5205.02 (DoD Operations Security (OPSEC) Program) OPSEC is:


E2.1.3. Operations Security (OPSEC). A process of identifying critical information and analyzing friendly actions attendant to military operations and other activities including:

E2.1.3.1. Identify those actions that can be observed by adversary intelligence systems.

E2.1.3.2. Determining indicators that hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical intelligence in time to be useful to adversaries.

E2.1.3.3. Selecting and executing measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation.

This is a DoD wide instruction, however, there are similar instructions for agencies outside the DoD including but not limited to: The Department of Commerce, CIA, and FBI.

, , ,

No Comments

Pedestrian Intelligence


The hardest part of staying informed as citizens of the U.S. or wherever your home happens to be is whether you can rely on the validity of the information that you’re given. And that’s the first rule of what I call “Pedestrian Intelligence”, or in other words, intelligence for the rest of us.

Rule 1: Only infants are spoon-fed

Go out and get your information. Don’t rely on others to give it to you. This applies to all sources, regardless of your political affiliation. Do not rely on Fox, CNN, NPR, CBS or any other outfit. They all must make editing decisions to fit a number of parameters (scheduling, editorial, etc.), none of which support your need for reliable information (aka intelligence) that you need in order to make sound judgments.

, , ,

No Comments

4th Amendment Under Attack Yet Again

This stuff is serious. Maybe most of the “People” protected by the Constitution do not have enough imagination to see how terribly wrong this is going to go for all of us, and I mean ALL of us. Well, I can imagine it because I’ve worked for governments, I know what they are capable of, and I promise you it will not be good. To quote Bogey, “maybe not today, maybe not tomorrow, but soon, and for the rest of your life”,  if you can call existence in a police state a life. Think this is hyperbole? We’ll see.

I know first hand that getting warrants can be a pain in the ass, but too bad, its our job to defend and protect the constitution, not whine about how hard it is to do our jobs and still abide by the “current” law, or to look for shortcuts and ways to get around the only document that stands between freedom and totalitarianism.

But don’t worry, I’m clearly over reacting because if I wasn’t, those vigilant watchdogs of the Fourth Estate would surely mention the trampling of our fundamental freedoms in their newspapers, websites and TV news shows, wouldn’t they?

Here is the latest assault on our freedoms from the EFF

DOJ Official: Any Privacy Protection is Too Much Privacy Protection for Cell Phone Tracking

Jason Weinstein, a deputy assistant attorney general in the Department of Justice’s criminal division, told a panel at the Congressional Internet Caucus Advisory Committee’s “State of the Mobile Net” conference yesterday that requiring a search warrant to obtain location tracking information from cell phones  would “cripple” prosecutors and law enforcement officials. We couldn’t disagree more.

For years, we’ve been arguing that cell phone location data should only be accessible to law enforcement with a search warrant. After all, as web enabled smart phones become more prevalent, this location data reveals an incredibly revealing portrait of your every move. As we’ve waged this legal battle, the government has naturally disagreed with us, claiming that the Stored Communications Act authorizes the disclosure of cell phone location data with a lesser showing than the probable cause requirement demanded by a search warrant.  Read the rest of this entry »

, , , , , , , , ,

No Comments

Mobile users more vulnerable to phishing scams

2011 story from: Fierce CIO

Security vendor: Mobile users more vulnerable to phishing scams
January 10, 2011 — 12:18am ET | By Caron Carlson

It’s not as though we need more reminders of the security risks mobile devices pose to the enterprise, but according to security vendor Trusteer, mobile users are three times more likely to be the victim of phishing scams than desktop users.

According to Trusteer’s research, based on a review of log files of a number of web servers hosting phishing sites, when mobile users access phishing sites, they are three times more likely to hand over their login data. Why are mobile users so gullible? One possibility is that it is more difficult to detect a phishing site on a mobile device, the company suggests.

Part of the vulnerability for mobile users is simply that they are always connected and inclined to read their email as it arrives, writes Trusteer CEO Mickey Boodaei, in a post on his company’s blog. “The first couple of hours in a phishing attack are critical. After that many attacks are blocked by phishing filters or taken down,” he writes. “Hence mobile users are more likely to be hit by Phishing just because they’re ‘always on.'”


, , ,

No Comments

A Practical Guide to Situational Awareness


By Scott Stewart

For the past three weeks we have been running a series in the Security Weekly that focuses on some of the fundamentals of terrorism. First, we noted that terrorism is a tactic not exclusive to any one group and that the tactic would not end even if the jihadist threat were to disappear. We then discussed how actors planning terrorist attacks have to follow a planning process and noted that there are times during that process when such plots are vulnerable to detection.

Last week we discussed how one of the most important vulnerabilities during the terrorism planning process is surveillance, and we outlined what bad surveillance looks like and described some basic tools to help identify those conducting it. At the end of last week’s Security Weekly we also discussed how living in a state of paranoia and looking for a terrorist behind every bush not only is dangerous to one’s physical and mental health but also results in poor security. This brings us to this week, where we want to discuss the fundamentals of situational awareness and explain how people can practice the technique in a relaxed and sustainable way.

Situational awareness is very important, not just for personal security but as a fundamental building block in collective security. Because of this importance, Stratfor has written about situational awareness many times in the past. However, we believe it merits repeating again in order to share these concepts with our new readers as well as serve as a reminder for our longtime readers. Read the rest of this entry »

, , , , ,

No Comments