Tuesday, November 17, 2009

Security Smorgasbord, Vol 1, No. 7

WaPo: Bad Guys targeting Law Firms

Actually, it was the FBI who said it; the Washington Post just reported it:
Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.

The FBI has issued an advisory that warns companies of "noticeable increases" in efforts to hack into the law firms' computer systems - a trend that cyber experts say began as far back as two years ago but has grown dramatically.

...

"Law firms have a tremendous concentration of really critical, private information," said Bradford Bleier, unit chief with the FBI's cyber division. Infiltrating those computer systems, he said, "is a really optimal way to obtain economic, personal and personal security related information."

There's no question that Law Firms have some really valuable information. It's also undeniable that the Bad Guys have been increasingly targeting information for profit. So is this just Fed.Gov hype, or is it really happening? Dunno. As the Mythbusters might say, "plausible".

Airport facial recognition technology can't tell the difference between Winona Ryder and Osama bin Laden

You really can't make this sort of thing up, you know:
Except the gates in Manchester [UK] were throwing up so many false results that staff effectively turned them off. Previously matches had to be 80 per cent the same - this was quickly changed to 30 per cent.

This means the machines are unable to distinguish between the faces of Winona Ryder and Osama bin Laden. Even more worryingly, the adjusted gates failed to distinguish between renownded pseudo-Scot Mel Gibson and actual Scot [UK Prime Minister] Gordon Brown.

Fake Verizon "Balance checker" installs malware

People are getting emails saying that their account balance is overdue. The helpful "balance checker application" is - of course - malware:
Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a "balance checker" program to review their payments.

The e-mail messages, which look like they come from Verizon Wireless, are fakes; the balance checker is actually a malicious Trojan horse program.

"If you run the tool, obviously, your computer is toast," said Nick Bilogorskiy, manager of antivirus research at SonicWall. "You get infected with a Trojan that SonicWall catches under the name Regrun."

Common sense says that yur cell phone company knows how to send you a bill in the (snail) mail. That's not (yet) a way to get malware.

1 comment:

Eagle said...

Re. facial recognition: When working for Polaroid, I implemented the first DL/ID system in the US that used facial image recognition to confirm identification (fingerprints were optional according to state law).

In our case, every person at every DMV office stood at the exact same distance from the camera against the exact same colored background, and looked directly into the camera. We used a fairly advanced set of algorithms that used both eigenvalues and other data to determine a "template" value (2k bytes).

Even in this *ideal* environment, we were never able to achieve less than a 5% "false negative" or "false positive" value.

Now, imagine trying to do "in the crowd" facial image recognition where individuals are NOT looking at the camera, or whose faces are partially concealed, or whose faces are at different distances from the camera, and where there may be hundreds of people in the camera's view ...

... and now, add to this the database of "possibles" that you have to match *face by face* to everyone in every camera in every airport across the nation ...

... and you're beginning to understand the problem here.

Will we eventually get to the point where scanners can read your retina while you're walking thru a mall and provide holographic advertisements customized for you (a la "Minority Report")? Sure... but not while we're still using Microsoft Windows... heh...