Even Biometric Locks Can be Picked

How can we ensure that someone is who they say they are? How can be sure that the person in our system, both digitally speaking or physically in front of us, is who whom they claim to be?

You may think that a good password is the answer, but with so many ways to break into a computer system these methods are clearly not always effective – as can be seen from the unfortunate hacked celebrities whose naked pictures were strewn across the internet recently, or the Oleg Pliss ransomware that locks iPhones until the extortioner is paid. Even a combination of a good username and password may not be enough.

An organic alternative to passwords

What about biometrics? This technology uses human physical attributes as locks and keys, such as fingerprints, iris scans or, as is now suggested, the veins in the human fingertip, making them highly individual ways to identify one user from another.

Using biometrics is not especially new. For example, while the likes of iris scanners may be familiar from sci-fi films, they’re also (or were until recently) found in real life airports too. Often mistakenly called retinal scanners, they are based on scanning the unique pattern of the iris, the coloured part of the eye.

But the technology needed to complete an effective and trusted scan is expensive and can be tricked by technologically capable hackers. These are great for entry control systems on the buildings of large organisations, or for the occasional secret bunker seen in films. But they are extremely costly – prohibitively so if a bank was to insist that every customer had one at home – and false readings become a problem as the number of people using it scales.

On the other hand, fingerprint technology has become cheaper and more available – fingerprint scanners are now sufficiently small and accurate that they started appearing in laptops 10 years ago, and are even in small devices like the iPhone 5S. This is one way that banks could allow smartphone and laptop users to access their financial services, with users presenting a finger rather than a passcode.

In fact it’s easy to obtain a range of low-cost scanners for all sorts of authentication uses. But that doesn’t mean the users will like doing so – there are ethical issues to consider, as some UK schools discovered in 2012 when their use of fingerprint scanners to monitor pupil attendance led to an outcry and a government ban without explicit consent from parents.

Read More

North Bergen high school “Eye in the Sky” keeps students safe

Behind a closed door in the administrative area of North Bergen High School sits a huge monitor, upon which are displayed dozens of images from throughout the building and vicinity.

The same images can be viewed by the police in real time at the town’s CCTV monitoring center, or even on handheld devices by school personnel.

A similar scenario applies to all the schools in the district. It’s all part of a $1.4 million effort to keep the school children of North Bergen safe and protected.

“Every time the school system can add a layer of security, whether it’s identification cards or uniforms or cameras, it only helps to increase the level of safety on the campus so that eventually they can meet their real goal, which is to give the best learning environment the students can possibly receive,” said Police Chief Robert Dowd.

As an example, “We had an incident last year where a woman came in demanding that her child was assaulted, and when we went to the video, we found out that her child was actually the aggressor,” said Dowd. “We got a girl who pulled the fire alarm too. It was clear she was the one who pulled the fire alarm.”

From analog to digital

The district first installed cameras in the high school about 12 years ago, at a time when thefts from lockers were common. Initially 65 or so cameras went into the hallways and were eventually increased to nearly l00. The cameras were low-resolution, with grainy images stored on clunky videotapes. Still, they served their purpose.

“As soon as word got around that we arrested people who stole things out of lockers, it was unbelievable how the thefts stopped,” recalled Superintendent of Schools Dr. George Solter. “The other thing was fighting in the hallway between students. We were able to see how the fight started so we were able to discipline appropriately. So the safety of the kids was greatly improved.”

Some incidents were caught even with the previous generation of equipment. “The old cameras were replaced entirely,” said School Business Administrator Steve Somick.

Read More

5 Million Gmail Usernames And Associated Passwords Leaked

It’s time to change your Gmail password — again.

Around 5 million Gmail usernames and associated passwords were leaked on a Russian Internet forum on Tuesday.

Thankfully, less than 2 percent of real, current username and password combinations, or about 100,000, were released, Google’s Spam & Abuse Team wrote in a blog post. Many are old and many don’t match — for example, the user name is for Gmail, but the password is for Facebook.

If your current Gmail password and username were compromised, Gmail would have let you know by now.

“It’s important to note that in this case and in others, the leaked usernames and passwords were not the result of a breach of Google systems,” Google wrote. “Often, these credentials are obtained through a combination of other sources.”

Hackers may have gotten these names and passwords from other sites. If people used the same usernames and passwords on Gmail as they do on a site that was hacked, your Gmail could be compromised. We’ve said it before and we’ll say it again: don’t repeat or reuse passwords.

There’s a link being passed around called IsLeaked.com, where you can allegedly check to see if your Gmail was hacked. DO NOT DO THAT!

Some point out that the website launched right before the hacks, and may be a trap to gather more email addresses.

When in doubt, just change your password.

View Source

Phone Firewall Identifies Rogue Cell Towers Trying to Intercept Your Calls

Rogue cell phone towers can track your phone and intercept your calls, and it’s only a matter of time before they’re as ubiquitous as GPS trackers. But at least now there’s a way to spot them.

A firewall developed by the German firm GSMK for its secure CryptoPhone lets people know when a rogue cell tower is connecting to their phone. It’s the first system available that can do this, though it’s currently only available for enterprise customers using Android phones.

GSMK’s CryptoPhone 500, a high-end phone that costs more than $3,000 and combines a Samsung Galaxy S3 handset with the CryptoPhone operating system, offers strong end-to-end encryption along with a specially hardened Android operating system that offers more security than other Android phones and the patented baseband firewall that can alert customers when a rogue tower has connected to their phone or turned off the mobile network’s standard encryption.

The problem with rogue cell towers is widespread. The FCC is assembling a task force to address the illicit use of so-called IMSI catchers—the devices that pose as rogue cell towers. But the task force will only examine the use of the devices by hackers and criminals—and possibly foreign intelligence agencies—not their warrantless use by law enforcement agencies bent on deceiving judges about their deployment of the powerful surveillance technology.

IMSI catchers, stingrays or GSM interceptors as they’re also called, force a phone to connect to them by emitting a stronger signal than the legitimate towers around them. Once connected, pings from the phone can help the rogue tower identify a phone in the vicinity and track the phone’s location and movement while passing the phone signals on to a legitimate tower so the user still receives service. Some of the IMSI software and devices also intercept and decrypt calls and can be used to push malware to vulnerable phones, and they can also be used to locate air cards used with computers. The systems are designed to be portable so they can be operated from a van or on foot to track a phone as it moves. But some can be stationary and operate from, say, a military base or an embassy. The reach of a rogue tower can be up to a mile away, forcing thousands of phones in a region to connect to it without anyone knowing.

Read More

Fake Security Screener Highlights a Concern

THE man wearing a blue shirt and khaki pants stood casually inside a security screening area at a San Francisco airport terminal. As security officers and passengers bustled, he pointed to a woman and took her into the private screening room. Later, he pointed to another woman, and she followed him in as well.

The man, despite also wearing the blue latex gloves used by screeners, was no professional officer, said John S. Pistole, the administrator of the Transportation Security Administration. He was just another passenger with an international ticket.

Mr. Pistole described the encounters for me based on the surveillance video from the international terminal at San Francisco International Airport. Around noon on July 15, the man acted “like a security officer,” Mr. Pistole said, directing two women into the private area for extra screening, for about a minute at a time.

Each woman left the room not exhibiting apparent signs of distress. But an actual screener thought that something was wrong. Only female officers are supposed to accompany women sent into the private room for extra screening, which can include a full-body pat-down. And blue shirt and gloves notwithstanding, the man had no badge or emblem on his shirt, clearly not a screening officer.

The man, whom the San Mateo County Sheriff’s Office identified as Eric Slighton, 53, was arrested, charged with public intoxication, taken to jail and released on bail. He had been scheduled for an arraignment this week, but on Friday, the district attorney’s office said it would not prosecute. “We could not prove the elements of the offense beyond a reasonable doubt,” said Albert A. Serrato, an assistant district attorney.

The police tried to identify which flights any possible victims might have taken or where they might have flown, the sheriff’s office said. But the women have not been found.

Attempts to reach Mr. Slighton, who had a ticket that day to fly to Hong Kong, were not successful. A resident of San Francisco and Hong Kong, Mr. Slighton is a director at Aktis Capital Singapore, a private equity firm. A statement acknowledging the incident by the related Aktis Hanxi Group said, “Mr. Slighton has been granted a leave of absence.” Calls and emails to the group’s offices were not returned.

Read More

Google Just Bought a Company That Snoops on Your Chats

Google just bought another online communications channel it can fill with ads.

The tech giant confirms it has acquired Emu, a startup that offers a kind of instant messaging tool. The price was not disclosed, but Google’s interest in the company isn’t hard to divine: Emu has built a system that can monitor chats, infer what people are talking about, and insert relevant links—including ads.

Emu, which has been subsisting for two-and-a-half years on venture funding, doesn’t insert such ads today. Instead, it uses its monitoring tools to identify certain other information that might be helpful to you. For example, if you’re chatting on the Emu service and the other person types something about getting lunch, Emu might suggest nearby restaurants or show the mid-day schedule from your calendar. But it’s a very short leap from such information to commercial promotion. A nearby cafe might pay for ad to appear every time the word “coffee” comes up in your chat.

The Emu buy is part of a much larger trend to monitor and thus profit from new chunks of people’s lives. Foursquare just rolled out a new version that, by default, tracks your movements continuously, negating the need for a “check in” button. Google, meanwhile, isn’t just interested in chats; the company has said that it may eventually show ads on internet-connected home devices, such as thermostats.

A NEARBY CAFE MIGHT PAY FOR AD TO APPEAR EVERY TIME THE WORD “COFFEE” COMES UP IN YOUR CHAT.

Emu fills a growing hole in Google’s ad offerings. Google mines search terms and emails for advertising purposes, but not yet chats. As people shift their computing to smartphones and other mobile devices, chatting—short, immediate, and part of phone culture for decades—has become more popular.

Read More

Police getting real-time access to private security cameras

GRAND RAPIDS, MI — Downtown businesses are giving area law enforcement agencies greater access to private video surveillance feeds under a new push to increase real-time monitoring capabilities in Grand Rapids.

Jack Stewart, Kent County emergency management coordinator, said the Grand Rapids Police and Kent County Sheriff’s departments are increasing access to the downtown surveillance apparatus under a new public-private partnership program.

The two agencies are tapping into private video feeds from existing cameras mounted on the exterior of private commercial buildings downtown, he said.

Previously, police would request video from private feeds during the course of a criminal investigation. Now, police will be able to monitor the feeds in real time from county and city dispatch centers.

“This is the same technology that helped catch the Boston Marathon bombers,” said Stewart. “This is not day-to-day monitoring. It’s just in the event of an emergency. There would have to be an event serious enough to trigger us to monitor the cameras.”

The program, which Stewart said is pursuing federal Dept. of Homeland Security grants to expand the surveillance capability downtown with new and upgraded equipment, has been in the works for several years.

“Some of the cameras are hooked-up already, but we’d like to offer to enhance and expand to other businesses and facilities that want to hook-up to the project,” said Stewart about uses for the possible grant money.

The program is a response to increasing activity in the downtown area, and disclosure of the project follows a pair of downtown shootings this month that have caused Grand Rapids police to step up their presence in the district.

Shots fired outside McFadden’s Saloon on June 15, and the shooting of a two teenagers downtown on June 18 after the Bruno Mars concert are “good examples” of when the technology would be used, said Stewart.

Large events like ArtPrize or the Fifth Third River Bank Run are also examples of when real time monitoring would be useful, he said.

Stewart said there are roughly 100 exterior video cameras right now that are or could be accessed under the program, many of them concentrated around government and critical infrastructure buildings.

Non-disclosure agreements precluded Stewart from naming specific businesses participating in the program, but some were willing to disclose that on their own.

Cameras mounted on Amway Hotel Corporation properties downtown are part of the program, according to Amway Corp. representatives.

Read More

BodyGuard stun-glove leaps out of comic books

What’s better than a seasoned crime fighter? How about a seasoned crime fighter packing a 300,000-volt punch? A new prototype stun-glove is poised to make such Robocop-inspired dreams a reality, integrating a non-lethal taser, LED flashlight, and laser guided video camera into a fetching piece of futuristic armor. Activated by pulling out a grenade-like pin and palming an embedded finger pad, the Armstar BodyGuard 9XI-HD01 sparks a loud and visible arc of electricity between its wrist-mounted taser spikes, a sight that inventor David Brown hopes will encourage would-be crooks to surrender.

The gauntlet’s hard plastic shell is even roomy enough to add GPS equipment, biometrics, chemical sensors, or other embedded additions, as needed. The first batch of pre-production superhero gloves will hit the streets of LA later this year for testing and evaluation. Need more? Check out the via to see Kevin Costner (what field of dreams did he walk out of?) take the edge off this shocker in a surprisingly dull video.

View Source

K-9s work to sniff explosives at Tampa airport

The decoy waited behind closed doors for a crowd to emerge from Tampa International Airport’s airside shuttle. Taking up a backpack and carrying a water bottle, he melded with the crowd heading toward security screening.

In the long, winding maze leading toward the checkpoint, John Forbes, a Transportation Security Administration employee, made his way toward the X-ray machines.

Up ahead, Explosives Detection K-9 Handler Brandy Smith walked Guiness down the rows, against the crowd.

The demure 40-pound Labrador mix eyeballed passengers lugging carry-­on bags and purses, occasionally sniffing.

The moment Forbes walked past, Guiness alerted, lunging toward the training decoy, then sitting next to his suspect. No aggression, no panic, no barking. His immediate paycheck: a few moments tugging at a squeaky toy.

Guiness is one of four explosives-detection dogs at Tampa International to screen passengers as they make their way toward the security checkpoint. About 100 screening dogs work for TSA throughout the country.

Passengers who get a casual sniff are sometimes fast-tracked through security using the TSA’s new precheck line, skipping the removal of jackets, shoes and laptops.

“That sniff deems them low risk” and allows security personnel to keep the line moving faster, said TSA spokesman Mark Howell.

Charles Cloyd, TSA K-9 supervisor and a onetime handler, said: “Right now, we are using them at the larger, busier airports. They are deployed based on risk.

“These dogs are excellent,” Cloyd said. “Their capabilities exceed electronic detection, and their mobility is another advantage.”

The dogs are carefully vetted before going through training, which takes place at Lackland Air Force Base in San Antonio.

If a dog shows signs of aggression or a lack of drive, it’s out.

The dogs are medium-sized so passengers don’t perceive them as intimidating, Cloyd said.

“People like them and tend to feel safer knowing they are sniffing their fellow passengers,” he said.

“These dogs can detect parts per trillion of explosives,” Cloyd said.

And it’s not just actual explosives, but also components of explosives, Cloyd said.

The dogs are trained specifically for this task, not for subduing other criminals or tracking down drugs. But they may detect someone with marijuana if it carries the scent of fertilizer, a potential bomb-making compound.

Read More

Better security too expensive for many schools

At the Seattle University security headquarters, officers keep constant vigil over their campus.

“We’re just always looking for anything out of the ordinary,” says officer John Irby.

Irby monitors dozens of surveillance screens, while the images of two school shootings in less than a week replay over and over in his head. “It’s the last thing you ever want to see happen, but the first thing you think about in this job,” he says.

Cameras on campuses are now as common as textbooks. Texting and electronic notification systems are becoming quite common, as well. A new generation of school security is now allowing police to lock inside and outside doors remotely if a shooter is spotted on or near campus. The military uses “gunshot detectors” that hear gun fire and can track where the bullets are coming from. Few schools, however, can afford such expensive technology.

“This is something every police, fire and public safety person thinks about all the time,” says Seattle University’s Executive Director of Public Safety, Tim Marron.

Experts point out that everything that could’ve possibly gone right at last week’s deadly shooting at Seattle Pacific University did go right. But even a rapid police response, immediate lockdown and a heroic student security staffer couldn’t save everyone, and that’s troubling.

“Most campuses in this state are not prepared to the level that SPU is,” says school security expert Erick Slabaugh.
Slabaugh’s company, Absco Solutions, outfits schools with security systems. He says SPU is one of the safest schools he’s ever seen, but most others still lag behind because of the cost.


Read More