Feds Move to Break Voting-Machine Monopoly: Via Threat Level.

Citing anti-competitive concerns, the Justice Department sued Election Systems & Software in order to force the company to divest itself of the voting machine assets it obtained from Premier Election Solutions last year.

The department’s Antitrust Division, along with nine state attorneys general, filed the civil antitrust lawsuit (.pdf) in U.S. District Court in Washington, D.C., charging that the acquisition threatened competition. The department proposed a settlement that, if accepted, would dissolve the merger and force ES&S to sell its Premier business to a buyer approved by the Justice Department.

“The proposed settlement (.pdf) will restore competition, provide a greater range of choices and create incentives to provide secure, accurate and reliable voting equipment systems now and in the future,” said Molly S. Boast, deputy assistant attorney general for the Antitrust Division in a statement. [ Read more ... ]

Security Pros Question Deployment of Smart Meters: Via Threat Level.

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.

But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week. [ Read more ... ]

Introducing the iKey – Apple's answer to the humble door key: Via Telegraph(UK).

Apple has already revolutionised the personal stereo and mobile phone, but now the computer firm behind the iPhone has its sights set on the humble front door key.

The computer giant, which manufactures the iPod and iPhone, has plans to replace the traditional door key with a hi-tech alternative.

It is developing technology, already being nicknamed the "iKey", which will mean that rather than carrying around a bunch of keys, people will be able to use a single electronic device to unlock their car, front door and gain access to their office.

Users would simply have to enter a pin code and wave the device over an electronic pad fitted beside a door to open it.

The technology is revealed in a newly published patent application, which has generated speculation that the next model of the iPhone will contain this feature. [ Read more ... ]

Security Pros Question Deployment of Smart Meters: Via Threat Level.

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.

But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week. [ Read more ... ]

The Spy at Harriton High: Via Stryde Hax blog.

This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the toolchain used to accomplish spying. Taking a look at the LMSD Staff List, Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large online web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon.
PanoMasterMind

The primary piece of evidence, already being reported on by a Fox affiliate, is this amazing promotional webcast for a remote monitoring product named LANRev. [ Read more ... ]

Another Debit Card Skimmer: Via Schneier on Security.

This one is installed inside gas pumps. There's nothing the customer can detect.

Read Original Article:(Via Schneier on Security.)

Hackers, Troops Rejoice: Pentagon Lifts Thumb Drive Ban: Via Danger Room.

Soldiers, you are now cleared to use your thumb drives again. U.S. Strategic Command has lifted its ban on the tiny drives, memory sticks, CDs, and other “removable flash media” on military networks.

The repeal, first reported by InsideDefense.com, may be good news for troops, who depend on the drives to move data in bandwidth-starved locations. But it may be good news for hackers, too. The original network security concerns which prompted the ban haven’t really been addressed, one Strategic Command cyber defense specialist tells Danger Room: “Not much changed. STRATCOM simply does not have the support to enforce such a ban indefinitely.”

STRATCOM prohibited the drives’ use back in November, 2008 after the Agent.btz virus began working its way through military networks. A variation of the “SillyFDC” worm, Agent.btz spreads by copying itself from thumb drive to computer and back again. Once on a PC, “it automatically downloads code from another location. And that code could be pretty much anything,” iDefense computer security expert Ryan Olson said at the time. [ Read more ... ]

Privacy and Medical issues of Airport body scanners: Via The Malta Independent Online.

The attempted terror attack on a Delta/Northwest flight to Detroit from Amsterdam, averted by quick passenger reaction, has brought the so-called body-scanners (or screeners) into the limelight. In Malta, the question was also raised by the local press at the MIA meeting when the annual statistics were presented in January.

The debate in the EU focuses on two controversial issues of security technology: on the one hand the ‘naked’ issue and data protection, and, to a lesser extent, the medical issue.

The ‘naked’ issue

As regards the first issue, while there was a lot of hype about how technology can hide ‘critical’ areas, one might consider that people on the beach do not look that different, do they?

However, people choose to so ‘present themselves’ on the beach, but here one does not have a choice. For people with some handicap it might mean extra unwanted exposure, and who guarantees that the photos are not stored in some way? [ Read more ... ]

Can you trust Chinese computer equipment?: Via ITworld.

China may not only be breaking into Google's network, but giving people deliberately bugged technology gear. Can we trust any technology that comes from China?

As you surely know, Google has accused China of hacking into its systems and is considering pulling out of China altogether. The U.S. government is taking this seriously, and Google has partnered with the NSA (National Security Agency) to get to the bottom of this. What you may not know is that the United Kingdom's MI5 -- Americans can think of this as a combination of the FBI and CIA -- has reported that the Chinese government has been giving UK executives electronics with built-in security holes.

According to the Sunday Times, "A leaked MI5 document says that undercover intelligence officers from the People's Liberation Army and the Ministry of Public Security have also approached UK businessmen at trade fairs and exhibitions with the offer of 'gifts' and 'lavish hospitality.' The gifts -- cameras and memory sticks -- have been found to contain electronic Trojan bugs which provide the Chinese with remote access to users' computers." [ Read more ... ]

Cisco's wiretapping system open to exploit, says researcher: Via Law & Disorder Section - Ars Technica.

To meet the needs of law enforcement, most telecommunications equipment includes hardware and software that allow for the monitoring of traffic originating with the targets of investigations. The precise capabilities are often dictated by formalized standards, which allow any hardware maker to implement a compliant system. Unfortunately, these standards often leave the hardware wide open to various attacks that leave regular users vulnerable, and provide savvy surveillance targets the opportunity to evade the snooping. An IBM researcher has put Cisco's system under the microscope at a Black Hat Conference, and found it comes up short. [ Read more ... ]

CCTV in the sky: police plan to use military-style spy drones: Via UK news | The Guardian.

Police in the UK are planning to use unmanned spy drones, controversially deployed in Afghanistan, for the "routine" monitoring of antisocial motorists, protesters, agricultural thieves and fly-tippers, in a significant expansion of covert state surveillance.

The arms manufacturer BAE Systems, which produces a range of unmanned aerial vehicles (UAVs) for war zones, is adapting the military-style planes for a consortium of government agencies led by Kent police.

Documents from the South Coast Partnership, a Home Office-backed project in which Kent police and others are developing a national drone plan with BAE, have been obtained by the Guardian under the Freedom of Information Act.

They reveal the partnership intends to begin using the drones in time for the 2012 Olympics. They also indicate that police claims that the technology will be used for maritime surveillance fall well short of their intended use – which could span a range of police activity – and that officers have talked about selling the surveillance data to private companies. [ Read more ... ]

CCTV in the sky: police plan to use military-style spy drones: Via UK news | The Guardian.

Police in the UK are planning to use unmanned spy drones, controversially deployed in Afghanistan, for the "routine" monitoring of antisocial motorists, protesters, agricultural thieves and fly-tippers, in a significant expansion of covert state surveillance.

The arms manufacturer BAE Systems, which produces a range of unmanned aerial vehicles (UAVs) for war zones, is adapting the military-style planes for a consortium of government agencies led by Kent police.

Documents from the South Coast Partnership, a Home Office-backed project in which Kent police and others are developing a national drone plan with BAE, have been obtained by the Guardian under the Freedom of Information Act.

They reveal the partnership intends to begin using the drones in time for the 2012 Olympics. They also indicate that police claims that the technology will be used for maritime surveillance fall well short of their intended use – which could span a range of police activity – and that officers have talked about selling the surveillance data to private companies. A prototype drone equipped with high-powered cameras and sensors is set to take to the skies for test flights later this year. [ Read more ... ]

Paging James Cameron: Pentagon Wants 3-D Surveillance: Via Danger Room.

Think Avatar, for military spies. Pentagon far-out research arm Darpa wants to turn surveillance into a 3D experience for troops. They’ve launched the Fine Detail Optical Surveillance (FDOS) Program, and are requesting proposals for prototypes of optical imaging systems that would use “advanced high-resolution 3D imaging technology.” Darpa wants two kinds of surveillance systems: portable units for active battle, and drone-ready systems for unmanned planes.

The agency wants proposals that start from scratch, using a fundamentally new model for obtaining video footage. The 3D surveillance should be able to monitor moving targets with high resolution, from different ranges, and without the need for users to do much legwork, like scanning or refocusing on a target. Darpa anticipates that 3D surveillance would boost field of vision and depth of vision “by over 100X” compared to existing systems. [ Read more ... ]

Report: U.S. Drone Goes Down Over Pakistan. Again.: Via Danger Room.

A U.S. drone reportedly crashed in Pakistan on Sunday. The Associated Press calls it “a rare mishap for a program Washington has increasingly relied on to kill Taliban and al-Qaida militants.” But that’s not quite right; American unmanned aircraft go down all the time. They’ve even gone down before in Pakistan.

According to U.S. Air Force statistics, Predator and Reapers drones have suffered at least 85 “class A mishaps” — accidents which caused a million dollars’ worth of damage or more. Typically, one of these accidents takes place about 14 times for every 100,000 hours a Predator flies.

Drones are more glitch-prone than traditional planes. Communications with their remote pilots regularly cut out, forcing the robotic aircraft into automatic holding patterns.  The unmanned planes don’t handle rain, snow, heavy clouds, or high winds particularly well; [ Read more ... ]

Crack New Scanner Looks for Bombs Inside Body Cavities: Via Danger Room | Wired.com .

The “underpants bomber” has renewed calls for new and more invasive security measures. Already, there’s a push to install scanners that show travelers’ naked bodies through clothing, using either millimeter wave or backscatter X-ray imaging. But even those scanners might not have caught the terrorist who nearly brought down Northwest flight 253.

That’s why one company is trumpeting a sensor that can supposedly “detect substances such as explosive materials … hidden inside or outside of the human body.” First step: Actually build a human-sized machine.

There has already been one report of a suicide bomber carrying explosives internally. Many sources, including the BBC, carried an early report suggesting that Abdullah Hassan Al Aseeri adopted the new tactic of “carrying explosives in his anal cavity” for an attack in September. The target, a Saudi prince, survived, but Aseeri was reportedly blown in half by the blast. Later reports suggest the explosives were actually sewn into his underwear, but security experts believe there is a real danger of “internally carried” bombs,  a technique used for years by drug smugglers. [ Read more ... ]

German TV on the Failure of Full-Body Scanners: Via Schneier on Security.

The video is worth watching, even if you don't speak German. The scanner caught a subject's cell phone and Swiss Army knife -- and the microphone he was wearing -- but missed all the components to make a bomb that he hid on his body. Admittedly, he only faced the scanner from the front and not from the side. But he also didn't hide anything in a body cavity other than his mouth -- I didn't think about that one -- he didn't use low density or thinly sliced PETN, and he didn't hide anything in his carry-on luggage.

Full-body scanners: they're not just a dumb idea, they don't actually work.

Read Original Article:(Via Schneier on Security.)

Navy Wants Troops Wearing Brain-Scanners Into War: Via Danger Room.

The Pentagon’s been pushing for better ways to diagnose, treat and prevent wartime brain injuries. Last year, they requested proposals for pharmacological methods to stave off PTSD. New genetic tests and brain scans, meant to identify war-fighters who are “vulnerable” to stress reactions, are ongoing. Now, the Navy’s looking to speed up the diagnosis of brain trauma, with a portable, weather-proof, multipurpose brain scanner.

The Navy’s Bureau of Medicine and Surgery is requesting proposals for a brain-scanning system that can assess a myriad of neuro-cognitive abilities, including reaction times, problem solving and memory recall. [ Read more ... ]

More flash drive firms warn of security flaw; NIST investigates: Via Computerworld Security News.

The drives were certified to meet NIST standards

SanDisk Corp. and Verbatim Corp. have joined Kingston Technology Inc. in warning customers about a potential security threat posed by a flaw in the hardware-based AES 256-bit encryption on their USB flash drives.

The hole could allow unauthorized access to encrypted data on a USB flash drive by circumventing the password authorization software on a host computer.

"It's really onerous. It's a stupid crypto mistake and they screwed up, and they should be rightfully embarrassed for making it," said cryptographer and computer security specialist Bruce Schneier. [ Read more ... ]

FIPS 140-2 Level 2 Certified USB Memory Stick Cracked: Via Schneier on Security.

Kind of a dumb mistake:

The USB drives in question encrypt the stored data via the practically uncrackable AES 256-bit hardware encryption system. Therefore, the main point of attack for accessing the plain text data stored on the drive is the password entry mechanism. When analysing the relevant Windows program, the SySS security experts found a rather blatant flaw that has quite obviously slipped through testers' nets. During a successful authorisation procedure the program will, irrespective of the password, always send the same character string to the drive after performing various crypto operations -- and this is the case for all USB Flash drives of this type.

Cracking the drives is therefore quite simple. The SySS experts wrote a small tool for the active password entry program's RAM which always made sure that the appropriate string was sent to the drive, irrespective of the password entered and as a result gained immediate access to all the data on the drive. The vulnerable devices include the Kingston DataTraveler BlackBox, the SanDisk Cruzer Enterprise FIPS Edition and the Verbatim Corporate Secure FIPS Edition.

Nice piece of analysis work.

The article goes on to question the value of the FIPS certification: [ Read more ... ]

Debate Over Full-Body Scans vs. Invasion of Privacy Flares Anew After Incident: Via NYT > Privacy.

The technology exists to reveal objects hidden under clothes at airport checkpoints, and many experts say it would have detected the explosive packet carried aboard the Detroit-bound flight last week. But it has been fought by privacy advocates who say it is too intrusive, leading to a newly intensified debate over the limits of security.

Screening technologies with names like millimeter-wave and backscatter X-ray can show the contours of the body and reveal foreign objects. Such machines, properly used, are a leap ahead of the metal detectors used in most airports, and supporters say they are necessary to keep up with the plans of potential terrorists. [ Read more ... ]

Satellite TV to FCC: we're special, don't make us open up: Via Law & Disorder Section - Ars Technica.

If you've tried to pump your fully-paid-up cable connection into, say, a computer running Windows Media Center, you've probably come up against the closed nature of pay-TV and the severe limitations of CableCARD. And what about satellite TV? Don't even think about it.

The FCC wants to blow open the market for third-party video devices, scrapping some of the current (failed) CableCARD rules and adding satellite providers to the list. [ Read more ... ]

Virtual insecurity: Who controls your virtual machines?: Via Computerworld Security News.

Server virtualization has reached an inflection point in the enterprise at the 10-year mark. Capital expense savings from physical server consolidation are leveling off and early gains in IT operational efficiency are at risk due to rapidly growing and increasingly complex virtual infrastructures. Moreover, business-critical production applications -- the next virtualization frontier -- demand higher levels of service and strict security and compliance oversight, further challenging IT operations teams.

The next phase of virtualization is about control, with the emphasis on efficiency, performance and agility. What's needed now are "command and control" management solutions that go beyond the inventory-focused tools prevalent today. In order to virtualize more workloads faster while protecting returns, next-generation tools need to address access control, policy enforcement, configuration control and activity logging. [ Read more ... ]

Predator drones use less encryption than your TV, DVDs: Via Law & Disorder Section - Ars Technica.

What three-letter Internet acronym best fits the bizarre news out of Iraq and Afghanistan that militants there have been intercepting US Predator drone video feeds using laptops and a $30 piece of Russian software: LOL, WTF, or OMG? [ Read more ... ]

MPAA to FCC: critics of video blocking proposals are lying: Via Law & Disorder Section - Ars Technica.

The movie studios have a new Holy Grail, it seems: Federal Communications Commission permission to cable companies to shut down the analog streams on video-on-demand movie programming. As Ars readers know, we've been covering this issue for a while. But the Motion Picture Association of America's latest letter to the FCC pulls out all the stops, rhetoric-wise, calling criticisms of this scheme "complete and utter nonsense that only can be intended to stir up baseless fears among consumers that their equipment will suddenly go dark and be unusable for any purpose." [ Read more ... ]

Best Buy Sells Surveillance Tracker: Via Schneier on Security.

Best Buy Sells Surveillance Tracker
Only $99.99:

Keep tabs on your child at all times with this small but sophisticated device that combines GPS and cellular technology to provide you with real-time location updates. The small and lightweight Little Buddy transmitter fits easily into a backpack, lunchbox or other receptacle, making it easy for your child to carry so you can check his or her location at any time using a smartphone or computer. Customizable safety checks allow you to establish specific times and locations where your child is supposed to be -- for example, in school -- causing the device to alert you with a text message if your child leaves the designated area during that time. Additional real-time alerts let you know when the device's battery is running low so you can take steps to ensure your monitoring isn't interrupted.

Presumably it can also be used to track people who aren't your kids.

Read Original Article:(Via Schneier on Security.)