Satellite phones are considered to be inherently secure and a safe way for people to talk without fear of someone listening in. This is the perception because the phones use encryption to encode the audio before it is transmitted and then decrypt it when it is received on the other end. It is all nice a seamless and the whole process leaves people feeling a little more secure.

The problem is that a research team from the Ruhr University Bochum in Germany have just blown a big hole in that sense of security with the announcement that they have broken  the two common types of encryption used in the two types of satellite phone standards used around the world.

The secret encryption algorithms have been shown to be easily broken in sharp contrast to other more common encryption schemes, like AES and Blowfish. The researchers discovered this when they reverse engineered phones that use the GMR-1 and GMR-2 standards and found that even with a modest PC running open source software the encryption could be broken within an hour.

The team will be presenting their paper (PDF) to the IEEE Symposium on Security and Privacy 2012 but in it they say:

“Contrary to the practice recommended in modern security engineering, both standards rely on proprietary algorithms for (voice) encryption,” the researchers wrote in the paper. “Even though it is impossible for outsiders (like us) to decide whether this is due to historic developments or because secret algorithms were believed to provide a higher level of ‘security,’ the findings of our work are not encouraging from a security point of view.”

via Ars Technica

It seems, according to the team, that the main security principal behind the proprietary encryption algorithms being ‘secure’ was the fact that they were propriatary and ‘secret’ in the first place. As we have seen though this is often far from the case.

Secure satellite phones not so secure as crypto crack makes them vulnerable is a post from: The Inquisitr

Back in the 1960′s anyone who wore a flower in their hair or wore bluejeans with patches on them was looked upon as a dangerous radical by the FBI and could end up with having a surveillance file about them somewhere deep within the FBI vaults.

Times haven’t changed all that much it would seem if this flyer from the FBI is any indication. The flyer which is being distributed to coffee shops and internet cafes advising them to be on the look out for “suspicious” people.

So how do you tell if you might be dealing with a “suspicious” person? Well if they are overly concerned about privacy, have an interest in technology and, gawd forbid, prefer to pay in cash.

Still not sure? Well here’s a few more ways you might be able to tell:

• Evidence of a residential based internet provider (signs on to Comcast, AOL, etc.)
• Use of anonymizers, portals, or other means to shield IP address
• Communicating through a PC game
• Obtain maps or diagrams of transportation
• Download or transfer files with “how-to” content such as information about electronics

Well that should cover 99% of the people who might be at the coffee shop or internet cafe so the flyer tries to mitigate the overall tone of madness and stupidity with this little disclaimer in the fine print at the bottom of the flyer.

Each indictor listed above, is by itself, lawful conduct or behavior and may also constitute the exercise of rights guaranteed by the U.S. Constitution. In addition, there may be a wholly innocent explanation for conduct or behavior that appears suspicious in nature.

via DVICE

It is so reassuring to know that such capable and technologically capable people are helping to protect the country.

Here’s the full flyer – click for full view or try this link.

Part of the FBI terrorist checklist? You are if you have an interest in privacy and electronics is a post from: The Inquisitr

One of the big disadvantages over releasing an ‘open’ operating system is that because of its ‘openness’ it is also much more prone to malware attacks, as Microsoft has had to deal with over the years.

The ‘open’ operating system in this case is Android and according to security company Symantec the Android Market is undergoing a major malware infestation. The company reported today that a bug going by the name Android.Counterclank has infected between 1 million and 5 million Android users.

Symantec also noted that this slimy piece of malware has the highest distribution of any malware identified so far this year and may actually be the largest malware infection seen by Android users in the operating systems short life.

Here is the list of apps that are carrying this latest piece of nastiness (courtesy of SlashGear)

So if you are an Android user you might want to check and make sure that you haven’t installed any of the infected apps, and if you have then uninstall it and reboot as soon as possible.

Android Market is being hit with its largest malware infection yet according to Symantec is a post from: The Inquisitr

Israel is taking hacking quite seriously after a hacker with the name “OxOmar”, said he had posted 11,000 credit card details online Thursday. This was also behind him saying that ”greatest Saudi Arabian hacker team” posted details of a whopping 400,000 credit cards earlier in the week.

Israel said that they “will respond to cyber-attacks in the same way it responds to violent “terrorist” acts, by striking back with force against hackers who threaten the Jewish state.”

Hacking continues to be a problem for countries and companies with various movements such as Anonymous and also hackers focused on exposing information for personal financial gain, such as what happened with the over 400,000 credit card details.

The good part is that despite the leak of such information, Israel’s three largest credit card companies reported only 6,050 of the 11,000 exposed being affected and just 14,000 of the 400,000 had been exposed.

Cyber attacks are starting to be viewed as a terrorist act and whenever you throw that word around, the consequences can become even more serious. Granted, no one is being killed in the process, but that doesn’t matter in the eyes of the government.

With that said, if the hacker “OxOmar” along with these supposed Saudi Arabian hackers are caught, they could face some serious jail time and won’t be touching a computer for a long time, that’s for sure.

“Hackers stand warned, Deputy Foreign Minister Dany Ayalon said. “They are putting themselves in danger and that they will not benefit from any immunity against reprisal actions from Israel.” Cyber-attacks amount to “terrorism that must be treated as such. In cyberspace, we have active capacities and we can hit those who try to hit us.”

Israel To Hackers: “We’ll Respond The Same Way We Do To Terrorist Acts” is a post from: The Inquisitr

Mobile experts from Security Research Labs warned on Sunday that a vulnerability in a widely used wireless technology can be exploited by hackers to take control of your smartphone and use it to send text messages and make calls without your knowledge, Fox News is reporting.

The vulnerability exists in GSM networks, the type that run about 80% of the world’s phones.  If hackers exploit this loophole, they could use your phone to call premium service text and pay lines to charge huge bills to victims.

The Security service told the conference that while hackers had been able to hack individual phones in the past, this type of attack could commandeer hundreds of thousands of cellphones in seconds.

Even though the security firm says they will not reveal the code at the conference, it is usually within weeks of these kinds of announcements that hacking networks figure out how to do it on their own.

This type of vulnerability has already been done and in fact is fairly common in business based landlines.  Hackers set up huge networks of bogus pay per service lines and have thousands of landlines call them at once charging huge bills to the business.  The telephone company who provides the lines usually winds up taking a large hit for the problem.

The security company said that most GSM providers have been lacking when it comes to network security.  A lot of times they are able to provide higher levels of security just by constantly updating their internal software.

Researchers reviewed operators in Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand.

Security Experts: 80% of All Smartphones Vulnerable to Hijack Scams is a post from: The Inquisitr

Having been around this computer thing, and the online world, for a long time I am never surprised when I hear of some new vector being exploited by malware and the people that create them. So hearing that Facebook has become the newest platform of these jerk-offs doesn’t come as any great shock.

Just like the new one that is apparently making the rounds on Facebook right now through their chat service. It works by hijacking a users’ chat in order to spread a download link to a piece of software that will install a Dorkbot malware program when clicked on.

The malware gives the malware author access to the accounts of the infected user, which in turn allows it to send the same malware infected link to their friends, according to the folks over at the Sophos Naked Security blog.

Sophos is also reporting that Facebook’s own anti-virus hasn’t been able to detect the trojan and as a result it is continuing to spread through the net via Facebook.

The download link points to an image of two blonde women, however, it has been infused with a malicious screensaver. When the malicious program begins to execute, it attempts to download more malware files hosted on a compromised Israeli website. The worm has been developed using Visual Basic 6.0 and “contains numerous Anti-VM tricks directed against VMware, Sandboxie, Virtual Box, etc.,” according to the Dutch CSIS Security Group, which first detected the spread of the worm.

via Techie-Buzz

With some 800 million users, not all of whom are technically literate or security conscious, this kind of infection attack is going to see a large degree of success and it means that Facebook has to be more proactive in this area.

Malicious malware link is being served up through Facebook chat is a post from: The Inquisitr

It’s pretty much accepted fact, or rumor depending on your point of view, that the law enforcement agencies have inside information about accessing your data from various online networks like Facebook, Microsoft, and others. These guidelines tell among other things what kind of data is stored, how long it is kept, and to how to get a hold of the data.

Well it turns out that much of this information meant for law enforcement made its way on to the web through different means over the last little while. When it comes to AOL, Microsoft, and Blizzard that information was part of a data dump by Anonymous. Then the Facebook “manual” was released by PublicIntelligence.net in 2010.

However the most extensive collection of these “not for public use” documents for law enforcement use came from John Young, a retired architect who also happens to run Cryptome.org which is a document repository.

Some of the policies from the various companies are:

Blizzard: Logs of Internet Protocol addresses are kept “indefinitely,” according to the company behind World of Warcraft. Sent mail is not retained. Deleted mail messages are not retained.

Facebook: An earlier version of the company’s manual from 2008 said that “IP log data is generally retained for 90 days.” That statement is missing from the newly-released 2010 version, indicating that Facebook now may store data longer (a company spokesman did not respond to that question).

Microsoft/MSN: Hotmail IP logs are kept for 60 days. MSN TV’s Web site logs are kept for 13 days. No logs are kept for conversations taking place through MSN chat rooms and MSN instant messenger. The leaked document is from April 2005, though, and may be out of date.

AOL: IP logs for the AIM and ICQ messaging services are stored for up to 90 days. Customer logs are kept for 6 months. All AOL e-mail, including from portals such as AOL.ca, AOL.fr, and AOL.mx, is stored in its Northern Virginia data center.

It’s so nice to know that these companies care so much about our data, but then we do hand it over to them without any questions whatsoever so I guess we get what we deserve eh.

via CNET

Guidelines for police access to Facebook and other online accounts leaked to the web is a post from: The Inquisitr

It’s a pretty common scenario in television cop shows where the cops swoop in, grab the computers, and then before you know crack it wide open like some sort of cyber lobster. There’s a slight problem with that whole idea though as a joint US and UK research team found out.

It’s bogus.

Seriously. It seems that even using the most common forms of hard drive encryption is enough to stop all levels of law enforcement, from your local police to some alphabet soup agency dead in their tracks. While there are a number of things that law enforcement can do to get around the problem the basic fact is that once a drive has been encrypted there is very little they can do to open up the data.

I am sure this is something that the police and other agencies don’t want to get out there because it would make an already difficult job even harder but as the researchers said in their paper; “The Growing Impact of Full Disk Encryption on Digital Forensics” in the Digital Investigation magazine FDE can significantly hamper digital investigations.

They also say that in order to address this challenge there needs  to be more effective on scene capabilities to detect and preserve encryption before pulling the power plug on seized computers.

via PhysOrg

Even the most common hard drive encryption is good enough to foil law enforcement is a post from: The Inquisitr

When one thinks of data security companies like VISA don’t generally show up near the top of the list but the fact is they have a global security system that would probably equal some government agencies. At least this is what Michael Fitzgerald from Fast Company found out recently when he was allowed a behind the scenes look at the company’s “NASA-like command center”.

While he wasn’t allowed to disclose the exact location he was able to get a really good look at the company’s newest, and most modern U.S. data centers, otherwise known as Operations Center East (OCE). VISA acknowledges that the data that flows through their networks is probably some of the most wanted information by black market hackers and as a result their operations centers could be compared to modern day fortified castles.

Some of the efforts taken to keep the data, and the data center safe include:

• Four conduits bring electricity into the building so that if, for whatever reason, one of the conduits gets destroyed there is backup power at all times.
• Each pod within the complex has two rooms with UPS in order to condition the power coming in and make sure there are no system threatening surges.
• Also in those two rooms there are 1,000 heavy duty batteries
• Additionally each pod has two massive diesel generators that are capable of generating 4 megawatts of power

This is also one of the first of VISA’s operational centers that has been built to not only withstand California-style earthquakes but also Midwest-type super tornadoes.

According to Fitzgerald the only thing that could take down one of these centers is us:

The only thing that might take down the OCE, it seems, is us. Transaction growth has averaged 7% to 17% annually. Visa expects the OCE to handle growth into the 2020s, but at some point, of course, something will give.

image courtesy of Fast Company

VISA’s incredible effort to protect your data is a post from: The Inquisitr

Banks are having such a rough time these days. If it isn’t customers getting pissed off over being charged to use their bank debit cards it’s those nasty hackers breaking into their computer systems and making off with all kinds of information.

While there isn’t much that will be done about the first problem, after all who gives a crap about customers anyway, it seems that the National Security Agency, which is some super secret arm of the US military, has decided that they are perfectly suited to help those Wall Street banks fight back against those evil hackers.

This is all part of a larger attempt by these incredibly powerful and rich banks to get the US military and private defense contractors to fight off all those horrible cyber criminals out there. Claiming that hackers could possibly take up residence within the computer systems used by banking companies the banks say they could then disable trading systems, create fake crashes which could lead to real ones, and of course the good old stealing of money via huge wire transfers.

At this point the co-operation is still in discussion stages with NSA director Keith Alexander saying that the talks are just about them sharing information with banks about malicious software making the rounds. Additionally the NSA is working with the NASDAQ to improve their defenses against cyber attacks after it was found that their network had been broken into last year.

Apparently also on the list of companies that are supposedly perfect targets for hackers are oil companies, gas companies, technology companies, and defense contracting companies.

via Reuters

NSA getting into bed with Banks to help them fight hackers is a post from: The Inquisitr

Just how secure is our data?

Just how secure are all those databases that our information is stored in?

Security companies would have us believe that biometrics are the best way to secure our data and to verify that we are who we say we are. This is why you see things like fingerprints, photographs, and iris scans being collected in giant databases as well as being used as a verification to view those databases.

The problem is those databases are only as secure as the people both working on them and supposedly protecting them. So what happens when one of those people decides that they are also a perfect way to make money by selling that biometric data to the highest bidder.

This is what has happened in Israel as the records of 9 million Israelis, both living and dead, has ended up in the hands of criminals. This data includes name, date of birth, their national identification numbers, and family members; but what is even worse is that the database contained the information of the birth parents of hundreds of thousand adopted citizens.

This breach was discovered this past Monday when a contract worker for the Israeli Welfare Ministry was arrested for stealing the country’s primary national biometric database back in 2006. It was only after he was fired from his job for unrelated reasons that he began to offer the database for sale resulting in his arrest.

Subsequently an additional suspect uploaded the whole biometric records database to the web where, with some quick Google searches, you can find more than a few torrents for the files.

via Fast Company

The double edged sword of using biometrics for data security is a post from: The Inquisitr

Users have a hard enough time dealing with all the crapware, malware, and other nasties that are dreamed up by folks looking to mess you over by stealing your information anyway that they can without any help from people who are suppose to be the good guys.

It seems though that some rather clever researchers at Georgia Tech and MIT have discovered a new, and admittedly very clever, way to record your keystrokes if you are using an iPhone.

Simply put, they have figured out how to use the accelerometer of all things to record your keystrokes. Now that might sound just a little more than strange since the the accelerometer has no relation with the virtual keyboard used in the iPhone. However principal researcher Patrick Traynor, assistant professor at Georgia Tech’s School of Computer Science has developed a proof of concept that shows it is possible.

The methodology is outlined in a paper title “(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometer” and the method is correct 80 percent of the time with a 58,000 word dictionary.

While the method can’t reliably pinpoint a single keystroke it does identify keystrokes by identifying the successive strokes as left-right, right-left, left-left, or right-right; and then that information is statistically analyzed to represent letter pairs which are then compared against a dictionary.

The paper will be presented at the 18th ACM Conference on Computer and Communications Security which is currently underway.

via Ars Technica 

Apple iPhone’s next spying trick – keylogging using the accelerometer is a post from: The Inquisitr

Somehow I am not the least bit surprised by this little tidbit of news but it seems that according to a recent report from Commtouch finds that only bout a third of users even notice if their Gmail, Yahoo, Hotmail, or even Facebook accounts have been hacked. The other little kicker is that the only reason that they probably know about the hack is because a friend told them.

Security companies like Eset are finding that in this day and age of Facebook and Twitter that social engineering is playing an even larger role in hacking accounts than in the past. Today the attacks are much more sophisticated and sequential.

This means that hacking your email account may only be the beginning of a much deeper hacking attack which due to the common practice of using the username/password combination across many services makes it easier to hack social accounts as well.

Where once it might have been only about getting email access it now is the collection of Facebook accounts, Twitter identifications, and gaming site log-ins.

In the report titled: The State of Hacked Accounts, it was found that one in eight hijacked accounts were used for phoney distress scams and more than half were used to send spam.

They also found that of the 34% who knew their accounts had been attacked, 15% claimed a WiFi connection, 15% clicked on email-based malware, and 15% said it was due to a Facebook scam link.

Most users don’t even notice if their accounts are hacked is a post from: The Inquisitr

There isn’t much said about it but it is well known in security circles that the Predator and Reaper drones used by the American military do have security flaws with the most well known one being that the video sent to US ground troops is unencrypted.

However word has broken that about the fact that a computer virus has infected Predator and Reaper drones, logging pilot’s keystrokes as they fly remote missions over Afghanistan and other war zones.

It seems that the virus was first notice almost two weeks ago by the military and its Host-Based Security System. This discovery hasn’t stopped any of the missions being flown and there has been no confirmation yet of any classified data being sent to outside sources.

Ars Technica is reporting that sources within the military and familiar with the infection are saying that every effort to remove the infection is being taken but every time they remove one instance of the virus another replaces it.

Military security experts aren’t sure how the infection got started int he first place and they aren’t sure of just how far the infection has spread but they are pretty sure that it has hit both classified and unclassified machines.

This uncertainty leaves open the possibility that classified inc=formation may have indeed been captured via the virus payload and sent to outside individuals.

The US Reaper and Predator drone fleet hit by virus is a post from: The Inquisitr

During a meeting on Capital Hill Federal officials defended their move towards cloud computing, citing increased security measures as a means to an end.

David McClure, associate administrator for the General Services Administration’s (GSA’s) Office of Citizen Services and Innovative Technologies spoke to the House Subcommittee on Cybersecurity and noted:

“Our problems with security are not unique to cloud-computing systems.”

That response came after committee chairman Rep. Dan Lungren argued that the federal government must prove that cloud computing poses no more of a risk to national security that in-house and legacy systems.

Lungren revealed:

“You’ve got to have a promise that the security of the cloud is going to be measurably better than the security we have in the current system.”

In response McClure said new systems currently being worked on and tested by federal works will help ensure better security for cloud computing systems used by governmental agencies.

In the meantime supporters of the cloud computing program point out that the new systems will save governmental agencies money and provide a more robust computing system that can scale for each agencies future needs.

According to InformationWeek:

The key measure agencies are taking to secure the use of both public and private cloud systems is the Federal Risk and Authorization Management Program, or FedRAMP, which centralizes security for cloud computing, addressing three critical problems that McClure outlined before the House Thursday.

The system will set up baseline security controls and continuous monitoring requirements, maintain assessment criteria for the security of cloud systems, and maintain an active inventory of approved systems, he said.

Do you believe that cloud computing is a smart move for the federal government given the ability to scale systems?

Federal Government Defends Move Towards Cloud Computing is a post from: The Inquisitr

HTC on Tuesday confirmed that a security vulnerability exists on their Smartphones that allows any app requesting internet access to look at a users account information, GPS location, system logs and other potentially private data.

The manufacturer assured customers that while their own software won’t harm user data they have warned that third party malware could exploit the security flaw and cause information to be stolen.

HTC programmers are already building a patch for the flaw and they promise that an over-the-air patch update will arrive as soon as possible.

Here’s the official security statement from HTC:

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

Customers are urged to avoid non-trusted apps until the patch is made available and installed.

HTC Confirms Security Flaw, Says Fix Is On The Way is a post from: The Inquisitr

If the Jackson Five were touring these days it would be a long wait before they could all pass through TSA security and board a plane thanks to the TSA’s new warning to employees. TSA officials in Atlanta stopped a 53-year-old black woman this week and demanded to search her afro.

According to hairdresser Isis Brantley she was walking through Atlanta’s Hartsfield-Jackson airport when:

“I just heard these voices saying, ‘Hey you, hey you, ma’am, stop. Stop—the lady with the hair, you.”

Brantley then says a TSA official began “digging into her scalp” as they looked for explosives and guns.

When asked about the incident TSA officials released the following statement:

“Additional screening may be required for clothing, headwear or hair where prohibited items could be hidden. This passenger left the checkpoint prior to the completion of the screening process. She was offered but refused private screening.”

I don’t necessarily disagree with this new screening process, I just find it amusing that there’s a chance people might try to sneak weapons onto an airplane using their giant hairdo’s. I also find it suspect that Isis was able to move fast enough through the security checkpoint that TSA officials had to chase her down after she breached their perimeter.

I would personally rather have my hair checked then my groin grabbed, do you believe the TSA has overstepped their bounds by implementing this new hair searching procedure?

TSA Now Searching Afros and other Big Hairstyles is a post from: The Inquisitr

While Wikileaks has released thousands of documents to the general public the truth of the matter is more than 4 million American’s already have security clearances of their own.

A new study has declared that 4.2 million American’s have access to classified government information, far more people than the Government Accountability Office declared two years ago when they revealed that nearly 2.4 million American’s had security access of varying degrees.

As the Washington Post points out current clearance numbers are just shy of  the entire population of the Washington, DC, area.

After revealing the large number of people with national security clearances one member of the Federation of American Scientists said the figure is “astonishingly large” while adding that it’s  “another reminder of how quickly the national security bureaucracy has expanded over the past decade.”

The study also revealed that of those with secret clearances one million are private sector contractors. The study also reveals that almost as many private contractors have secret clearances as federal workers.

Does it surprise you to learn that so many American’s have access to secret documents, especially in the private sector? Maybe they should start calling it “not-so-secret clearance.”

4.2 Million Americans Have National Security Clearances [Study] is a post from: The Inquisitr

NFL officials announced on Friday that they have “enhanced” the pat-down procedure that is used when fans enter their stadiums on game days.

The move is meant to help identify individuals who may bring illegal substances and weapons into stadiums and stems from an incident last week at the Dallas Cowboys-New York Jets game in which a fan brought in and used an illegal stun gun on another fan.

Under the new plan the league is asking that teams at all 32 stadiums search fans from the ankles to the knees, previously fans were only patted down from the waist up.

When asked about the procedure NFL spokesman Brian McCarthy said that “enhanced security procedures” were not put into place because of any one incident, rather because the NFL is “always refining and improving” security.

After witnessing the new pat-down procedure at last weeks opening season games NFL officials are urging fans to arrive earlier than usual since the new pat-downs take more time to complete.

What do you think about the new NFL procedures? Are they a waste of time or a necessary precaution stemming from the stun gun incident?

NFL Announces Heightened “Pat Downs” After Illegal Stun Gun Incident is a post from: The Inquisitr

Anyone who didn’t see this coming needs to get a reality check but it seems that the folks at the CA Security Advisor blog have gotten their hands on a really nasty Android trojan.

While there have already been trojans out in the wild that will record your calls time and duration, which is then saved to a local text file, this new one steps up the game by recording the actual audio of the phone call, and then saving it to the SD card.

For all that we rely on our smartphones they could turn out to be our biggest personal security risks, if our general computer history is any indication.

h/t to @edbott on Twitter

New Android trojan gets fancy and actually records your phone calls is a post from: The Inquisitr