Hacker Disables More Than 100 Cars Remotely: Via Threat Level.

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

“We initially dismissed it as mechanical failure,” says Texas Auto Center manager Martin Garcia. “We started having a rash of up to a hundred customers at one time complaining. Some customers complained of the horns going off in the middle of the night. The only option they had was to remove the battery.”

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due. The system will not stop a running vehicle. [ Read more ... ]

Wanted: Trust Detector: Via Schneier on Security.

It's good to dream:

IARPA's five-year plan aims to design experiments that can measure trust with high certainty -- a tricky proposition for a psychological study. Developing such experimental protocols could prove very useful for assessing levels of trust within one-on-one talks, or even during group interactions.

A second part of the IARPA proposal might involve using new types of sensors and software to gauge human facial, language or body signals that might help predict trustworthiness. Perhaps facial recognition technology that could deduce emotions or facial tics might help, not to mention better lie detectors.

IARPA is the Intelligence Advanced Research Projects Activity, the U.S. intelligence community's answer to DARPA.

Read Original Article:(Via Schneier on Security.)

Mobile that allows bosses to snoop on staff developed: Via BBC News.

Researchers have produced a mobile phone that could be a boon for prying bosses wanting to keep tabs on the movements of their staff.

Japanese phone giant KDDI Corporation has developed technology that tracks even the tiniest movement of the user and beams the information back to HQ.

It works by analysing the movement of accelerometers, found in many handsets.

Activities such as walking, climbing stairs or even cleaning can be identified, the researchers say.

The company plans to sell the service to clients such as managers, foremen and employment agencies.

"Technically, I think this is an incredibly important innovation," says Philip Sugai, director of the mobile consumer lab at the International University of Japan. [ Read more ... ]

Major ISPs Help Fund BitTorrent User Tracking Research: Via Slashdot YRO.

An anonymous reader writes "I was scanning conference proceedings to come up with ideas for a reading group I run at my workplace, and I noticed an interesting paper from the new IEEE WIFS forensics conference. Researchers from the University of Colorado have published a technique for tracking BitTorrent users (PDF) by joining and actively probing torrent swarms using low-cost cloud computing services. They claim their methods allowed them to monitor the entire Pirate Bay torrent set for as little as $13/mo using EC2. But that's not even the interesting part. Their work appears to have been 'funded in part through gifts from PolyCipher' — a broadband ISP consortium. That's right; three major national ISPs funded this round of BitTorrent tracking research, not the MPAA/RIAA. Could this be evidence of ISP support for ACTA and a global three-strikes law?"

Read Original Article:(Via Slashdot.)

Security Pros Question Deployment of Smart Meters: Via Threat Level.

The country’s swift deployment of smart-grid technology has security professionals concerned that utilities and smart-meter vendors are repeating the mistakes made in the rollout of the public internet, when security became a priority only after malicious attacks had reached mass levels.

But when it comes to the power grid, the costs of remote hack attacks are potentially more dramatic.

“The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco this week. [ Read more ... ]

Introducing the iKey – Apple's answer to the humble door key: Via Telegraph(UK).

Apple has already revolutionised the personal stereo and mobile phone, but now the computer firm behind the iPhone has its sights set on the humble front door key.

The computer giant, which manufactures the iPod and iPhone, has plans to replace the traditional door key with a hi-tech alternative.

It is developing technology, already being nicknamed the "iKey", which will mean that rather than carrying around a bunch of keys, people will be able to use a single electronic device to unlock their car, front door and gain access to their office.

Users would simply have to enter a pin code and wave the device over an electronic pad fitted beside a door to open it.

The technology is revealed in a newly published patent application, which has generated speculation that the next model of the iPhone will contain this feature. [ Read more ... ]

Cyberwar Hype Intended to Destroy the Open Internet: Via Threat Level.

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering:  McConnell is the nice-seeming guy who is willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those not in the know.

When he was head of the country’s national intelligence, he scared President Bush with visions of e-doom, prompting the president to sign a comprehensive secret order that unleashed tens of billions of dollars into the military’s black budget so they can start making firewalls and malware into military equipment. And now McConnell, back safely in civilian life as a vice president at the secretive defense contracting giant Booz Allen Hamilton, is out in front of Congress and the media, peddling the same Cybaremaggedon! gloom.

And now he says we need to re-engineer the internet. [ Read more ... ]

Augmented Identity App Helps You Identify and Friend Perfect Strangers, Face to Face : Via Popular Science.

By this point, we're all familiar with augmented reality, but Swedish mobile software firm The Astonishing Tribe is taking information overload to the next logical step: augmented identity. Mashing up face recognition technology, computer vision, cloud computing, and augmented reality with the complex digital lives many of us lead on the Internet, TAT has created an app that allows you to gather information on a person and their social networking life simply by pointing your camera phone at their face.

Dubbed Recognizr, the app essentially works like this: the user points the camera at a person across the room. Face recognition software creates a 3-D model of the person's mug and sends it across a server where it's matched with an identity in the database. A cloud server conducts the facial recognition since and sends back the subject's name as well as links to any social networking sites the person has provided access to. [ Read more ... ]

Security Co. Keystroke Data To Support Behaviorally Targeted Ads 02/18/2010: Via MediaPost Publications.

Next month Scout Analytics will begin testing keystroke dynamics -- technology that creates individual digital fingerprints for each consumer user -- as a behavioral targeting tactic.
A Scout media client will perform the test for several months. Then Scout plans to offer its technology to retailers and other businesses that target ads directly to consumers through behavioral targeting platforms.

Keystroke dynamics analyze typing patterns such as how long each key gets held down while typing, and the length of time between each press. These typing patterns represent a signature. So, rather than rely on a cookie that can get wiped out by clearing a browser, now behavioral targeters can use parameters from browsers that create a digital fingerprint.

"It's one way to track individual users without providing personally identifiable information," says Matt Shanahan, vice president of strategy for Scout Analytics. [ Read more ... ]

Privacy and Medical issues of Airport body scanners: Via The Malta Independent Online.

The attempted terror attack on a Delta/Northwest flight to Detroit from Amsterdam, averted by quick passenger reaction, has brought the so-called body-scanners (or screeners) into the limelight. In Malta, the question was also raised by the local press at the MIA meeting when the annual statistics were presented in January.

The debate in the EU focuses on two controversial issues of security technology: on the one hand the ‘naked’ issue and data protection, and, to a lesser extent, the medical issue.

The ‘naked’ issue

As regards the first issue, while there was a lot of hype about how technology can hide ‘critical’ areas, one might consider that people on the beach do not look that different, do they?

However, people choose to so ‘present themselves’ on the beach, but here one does not have a choice. For people with some handicap it might mean extra unwanted exposure, and who guarantees that the photos are not stored in some way? [ Read more ... ]

Anonymous Unfurls ‘Operation Titstorm’: Via Threat Level.

Several Australian government websites were slowly recovering Wednesday hours after the online prankster group, Anonymous, unleashed a massive distributed denial-of-service attack to protest the country’s evolution toward internet censorship.

The group, which has brought down Scientology’s websites and undertaken a host of other online pranks, dubbed the attack “Operation Titstorm” to protest the government’s move to require the filtering of pornography hosting adult actors if they appeared under age. Other violent material targeting children is also to be censored.

Anonymous, whose past targets include uncool virtual worlds, an epilepsy message board and a Neo-Nazi webcaster,  sent Australian media e-mail messages warning of the attack, the Sydney Morning Herald said. [ Read more ... ]

Online Credit/Debit Card Security Failure: Via Schneier on Security.

Ross Anderson reports:

Online transactions with credit cards or debit cards are increasingly verified using the 3D Secure system, which is branded as "Verified by VISA" and "MasterCard SecureCode". This is now the most widely-used single sign-on scheme ever, with over 200 million cardholders registered. It's getting hard to shop online without being forced to use it.

In a paper I'm presenting today at Financial Cryptography, Steven Murdoch and I analyse 3D Secure. From the engineering point of view, it does just about everything wrong, and it's becoming a fat target for phishing. So why did it succeed in the marketplace? [ Read more ... ]

Bookmark/Search this post with:

• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo

CCTV in the sky: police plan to use military-style spy drones: Via UK news | The Guardian.

Police in the UK are planning to use unmanned spy drones, controversially deployed in Afghanistan, for the "routine" monitoring of antisocial motorists, protesters, agricultural thieves and fly-tippers, in a significant expansion of covert state surveillance.

The arms manufacturer BAE Systems, which produces a range of unmanned aerial vehicles (UAVs) for war zones, is adapting the military-style planes for a consortium of government agencies led by Kent police.

Documents from the South Coast Partnership, a Home Office-backed project in which Kent police and others are developing a national drone plan with BAE, have been obtained by the Guardian under the Freedom of Information Act.

They reveal the partnership intends to begin using the drones in time for the 2012 Olympics. They also indicate that police claims that the technology will be used for maritime surveillance fall well short of their intended use – which could span a range of police activity – and that officers have talked about selling the surveillance data to private companies. [ Read more ... ]

CCTV in the sky: police plan to use military-style spy drones: Via UK news | The Guardian.

Police in the UK are planning to use unmanned spy drones, controversially deployed in Afghanistan, for the "routine" monitoring of antisocial motorists, protesters, agricultural thieves and fly-tippers, in a significant expansion of covert state surveillance.

The arms manufacturer BAE Systems, which produces a range of unmanned aerial vehicles (UAVs) for war zones, is adapting the military-style planes for a consortium of government agencies led by Kent police.

Documents from the South Coast Partnership, a Home Office-backed project in which Kent police and others are developing a national drone plan with BAE, have been obtained by the Guardian under the Freedom of Information Act.

They reveal the partnership intends to begin using the drones in time for the 2012 Olympics. They also indicate that police claims that the technology will be used for maritime surveillance fall well short of their intended use – which could span a range of police activity – and that officers have talked about selling the surveillance data to private companies. A prototype drone equipped with high-powered cameras and sensors is set to take to the skies for test flights later this year. [ Read more ... ]

Pentagon Searches for ‘Digital DNA’ to Identify Hackers: Via Danger Room.

One of the trickiest problems in cyber security is trying to figure who’s really behind an attack. Darpa, the Pentagon agency that created the Internet, is trying to fix that, with a new effort to develop the “cyber equivalent of fingerprints or DNA” that can identify even the best-cloaked hackers.

The recent malware hit on Google and other U.S. tech firms showed once again just how hard it is to pin a network strike on a particular person or group. Engineers are pretty sure the attack came from China, and it sure was sophisticated enough to come from a state military like China’s. But it’s hard to say conclusively that the People’s Liberation Army launched the strike.

It’s the kind of problem Darpa will try to solve with its “Cyber Genome” project. [ Read more ... ]

Paging James Cameron: Pentagon Wants 3-D Surveillance: Via Danger Room.

Think Avatar, for military spies. Pentagon far-out research arm Darpa wants to turn surveillance into a 3D experience for troops. They’ve launched the Fine Detail Optical Surveillance (FDOS) Program, and are requesting proposals for prototypes of optical imaging systems that would use “advanced high-resolution 3D imaging technology.” Darpa wants two kinds of surveillance systems: portable units for active battle, and drone-ready systems for unmanned planes.

The agency wants proposals that start from scratch, using a fundamentally new model for obtaining video footage. The 3D surveillance should be able to monitor moving targets with high resolution, from different ranges, and without the need for users to do much legwork, like scanning or refocusing on a target. Darpa anticipates that 3D surveillance would boost field of vision and depth of vision “by over 100X” compared to existing systems. [ Read more ... ]

Science Friday: Facial Recognition: Via NPR's Science Friday.

Photo management programs such as Picasa and iPhoto can pick out a snapshot of your cousin Dave from a stack of party pictures -- but what about more complex uses of facial recognition in less controlled situations? In this segment, we'll take a look at the state of the art in facial recognition, from 'Google Goggles' that give you additional information about things your cell phone camera sees, to security applications that scan faces at airports. How good is the technology, and how can it be employed while respecting privacy concerns? [ Read more ... ]

Crack New Scanner Looks for Bombs Inside Body Cavities: Via Danger Room | Wired.com .

The “underpants bomber” has renewed calls for new and more invasive security measures. Already, there’s a push to install scanners that show travelers’ naked bodies through clothing, using either millimeter wave or backscatter X-ray imaging. But even those scanners might not have caught the terrorist who nearly brought down Northwest flight 253.

That’s why one company is trumpeting a sensor that can supposedly “detect substances such as explosive materials … hidden inside or outside of the human body.” First step: Actually build a human-sized machine.

There has already been one report of a suicide bomber carrying explosives internally. Many sources, including the BBC, carried an early report suggesting that Abdullah Hassan Al Aseeri adopted the new tactic of “carrying explosives in his anal cavity” for an attack in September. The target, a Saudi prince, survived, but Aseeri was reportedly blown in half by the blast. Later reports suggest the explosives were actually sewn into his underwear, but security experts believe there is a real danger of “internally carried” bombs,  a technique used for years by drug smugglers. [ Read more ... ]

German TV on the Failure of Full-Body Scanners: Via Schneier on Security.

The video is worth watching, even if you don't speak German. The scanner caught a subject's cell phone and Swiss Army knife -- and the microphone he was wearing -- but missed all the components to make a bomb that he hid on his body. Admittedly, he only faced the scanner from the front and not from the side. But he also didn't hide anything in a body cavity other than his mouth -- I didn't think about that one -- he didn't use low density or thinly sliced PETN, and he didn't hide anything in his carry-on luggage.

Full-body scanners: they're not just a dumb idea, they don't actually work.

Read Original Article:(Via Schneier on Security.)

Navy Wants Troops Wearing Brain-Scanners Into War: Via Danger Room.

The Pentagon’s been pushing for better ways to diagnose, treat and prevent wartime brain injuries. Last year, they requested proposals for pharmacological methods to stave off PTSD. New genetic tests and brain scans, meant to identify war-fighters who are “vulnerable” to stress reactions, are ongoing. Now, the Navy’s looking to speed up the diagnosis of brain trauma, with a portable, weather-proof, multipurpose brain scanner.

The Navy’s Bureau of Medicine and Surgery is requesting proposals for a brain-scanning system that can assess a myriad of neuro-cognitive abilities, including reaction times, problem solving and memory recall. [ Read more ... ]

TV Everywhere: Collusion Anywhere?: Via Freedom to Tinker.

FreePress and the National Cable and Telecom Association (NCTA) are talking past each other about TV Everywhere, a new initiative from the cable TV industry. FreePress says TV Everywhere is the cable industry's collusive attempt to limit competition; the NCTA says it's an exciting new product opportunity for consumers. Let's unpack this issue and see who might have a point, and who is blowing smoke.

We're at a critical point in the history of television. In recent years, most people have gotten TV shows from a traditional cable or satellite service. Now more and more people are getting shows on the Internet. Cable companies need to adapt, somehow, or become dinosaurs.

Which brings us to TV Everywhere. The idea, according to the NCTA, is for cable companies to offer their residential subscribers online access to the same shows they get at home. Existing consumers get more, at no extra charge -- who would complain about that? -- but only if they keep buying traditional cable service.

FreePress tells a different story, in which cable industry companies have agreed among themselves that this is their sole Internet distribution strategy. If such an agreement exists, it is problematic -- it looks like a classic market division agreement, which is bad for consumers and (as I understand it) presumptively illegal. [ Read more ... ]

Will they ever learn? Hollywood still pursuing DRM: Via Freedom to Tinker.

In today's New York Times, we read that Hollywood is working on a grand unified video DRM scheme intended to allow for video portability, such as, for example, when you visit a hotel room, you'd like to have your videos with you.

What's sad, of course, is that you can have all of this today with very little fuss. I use iTiVo to extract videos from my TiVo, transcoding them to an iPhone-compatible format. I similarly use Fairmount to rip DVDs to my hard drive, making them easy to play later without worrying about the physical media getting damaged or lost. But if I want to download video, I have no easy mechanism to download non-DRM content. BitTorrent gives access to many things, including my favorite Top Gear, which I cannot get through any other channel, but many things I'd like aren't available, and of course, there's the whole legality issue. [ Read more ... ]

Suricata Beta Available for Download!!: Via The Open Information Security Foundation.

It's been about three years in the making, but the day has finally come! We have the first release of the Suricata Engine! The engine is an Open Source Next Generation Intrusion Detection and Prevention Tool, not intended to just replace or emulate the existing tools in the industry, but to bring new ideas and technologies to the field.

The OISF is part of and funded by the Department of Homeland Security's Directorate for Science and Technology HOST program (Homeland Open Security Technology), by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as through the very generous support of the members of the OISF Consortium. More information about the Consortium is available, as well as a list of our current Consortium Members. 

The Suricata Engine and the HTP Library are available to use under the GPLv2. 

The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of Mod Security fame for the OISF. [ Read more ... ]

Quantum Cryptography Cracked: Via Schneier on Security.

Impressive:

This presentation will show the first experimental implementation of an eavesdropper for quantum cryptosystem. Although quantum cryptography has been proven unconditionally secure, by exploiting physical imperfections (detector vulnerability) we have successfully built an intercept-resend attack and demonstrated eavesdropping under realistic conditions on an installed quantum key distribution line. The actual eavesdropping hardware we have built will be shown during the conference.

While I am very interested in quantum cryptography, I have never been optimistic about its practicality. And it's always interesting to see provably secure cryptosystems broken.

Read Original Article:(Via Schneier on Security.)

Debate Over Full-Body Scans vs. Invasion of Privacy Flares Anew After Incident: Via NYT > Privacy.

The technology exists to reveal objects hidden under clothes at airport checkpoints, and many experts say it would have detected the explosive packet carried aboard the Detroit-bound flight last week. But it has been fought by privacy advocates who say it is too intrusive, leading to a newly intensified debate over the limits of security.

Screening technologies with names like millimeter-wave and backscatter X-ray can show the contours of the body and reveal foreign objects. Such machines, properly used, are a leap ahead of the metal detectors used in most airports, and supporters say they are necessary to keep up with the plans of potential terrorists. [ Read more ... ]