Krypt3ia

(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for January 12th, 2009

Just a note on format here…

leave a comment »

Since joining the wordpress site, I have decided that all photography will be going to my second site “carte de visite” so all former posts that were brought over will be the last of photos on CoB. So surf on over if you want to see photos… Well someday soon as I have only posted one so far. RSS may be the key…

Written by Krypt3ia

2009/01/12 at 23:09

Posted in Information

Pretexting.. Heh, used to be called Social Engineering

leave a comment »

First ‘Pretexting’ Charges Filed Under Law Passed After HP Spy Scandal

By Kim Zetter EmailJanuary 09, 2009 | 2:30:28 PMCategories: Crime

Prosecutors have filed “pretexting” charges in the first cases brought under a federal law passed in 2006 in the wake of the Hewlett-Packard spying scandal.

Pretexting is a method in which a perpetrator poses as a phone-company customer, or someone else, in order to request records of the customer’s phone calls.

Authorities in Ohio filed an indictment last month against 28-year-old Vaden Anderson alleging that the defendant used pretexting to obtain confidential phone records from Sprint/Nextel. According to the indictment, Anderson served the phone company with a fake U.S. District Court civil subpoena to obtain the records.

If convicted, Anderson faces a maximum prison sentence of 10 years and a $250,000 fine.

In a separate Alabama case, Nicholas Shaun Bunch was charged in November with using a victim’s name and the last four digits of his Social Security number to obtain confidential phone records from T-Mobile. He was also charged with aggravated identity theft for use of the victim’s Social Security number.

Bunch agreed to plead guilty to both charges and pay restitution in an amount to be determined by the court. The pretexting charge, as in the Ohio case, carries a possible prison sentence of up to 10 years and a fine up to $250,000. The aggravated-identity-theft charge carries a possible sentence of up to two years per offense and a fine of up to $250,000. The government has agreed to recommend a decrease in his sentence for his cooperation.

Private investigators and data brokers have used pretexting for years to obtain records for their clients, but the tactic was unknown to the general public until September 2006 when private investigators working for Hewlett-Packard were found to have used the method to spy on company board members and reporters.

The Telephone Records and Privacy Act, which outlaws the pretexting of phone records, was introduced in the House in February 2006, shortly after news broke that Verizon had filed lawsuits against data brokers who used pretexting to obtain the phone records of thousands of its customers. The House passed the bill, and it moved to the Senate in April of that year where it languished until the HP story broke that September. The Senate passed the bill three months later in December, and the law went into effect in January 2007.
So I am guessing that this is focused on “phone records” and not so much a charge that could be used against someone performing a social engineering exploit? Either way, it seems that perhaps you could be charged with the above sentencing guidelines for “pretexting” anything…

Written by Krypt3ia

2009/01/12 at 22:55

Posted in Infosec

leave a comment »

Open Wi-Fi Aids Terrorists, Mumbai Cops Say

By Noah Shachtman EmailJanuary 12, 2009 | 12:51:55 PMCategories: Gadgets and Gear, Info War, T is for Terror

Open wi-fi is a terrorist tool and has to be shut down, right this second. That’s the conclusion, at least, of the Mumbai police. Starting today, the Times of India reports, “several police teams, armed with laptops and internet-enabled mobile phones, will randomly visit homes to detect unprotected networks.”

“If a particular place’s wi-fi is not password-protected or secured then the policemen at the spot has the authority to issue notice to the owner of the wi-fi connection directing him to secure the connection,” deputy commissioner of police Sanjay Mohite tells The Hindu. Repeat wi-fi offenders may receive “notices under the Criminal Procedure Code,” another senior officer warns the Times.

Mohite notes that e-mails taking credit for terror attacks in New Delhi and Ahmedabad were sent through open wireless networks. “Unprotected IP addresses can be misused for cyber crimes,” he says. Other Indian cities now require cyber cafes to install surveillance cameras, and to collect identification from all customers.

But plugging up all those perceived security sieves in Mumbai is going to take some work. A quick Sheriff’s Brigade survey on Sunday showed that 80 percent of wi-fi networks in South Mumbai were left unlocked. And it’s not like terrorists are all that 802.11-dependent, of course. An e-mail also took credit for December’s massacre in Mumbai. Whether that came from an open wi-fi connection or not is unclear — the mailer used an anonymizer service, to cover his electronic tracks.

My take:

Interesting story there, so the Indian cops are going to make the rounds to people’s homes to check their WIFI? I agree though, that overall, more people should be aware of their security or lack of it to protect themselves and also to protect the internet in general by proxy.

Now as to the “terror” aspect here, not so sure of the validity of the case, but, overall wouldn’t YOU not want to have someone on your network/router (that is unless you are the wolf and they are the sheep) without your knowledge or permission?

Yeah…

Written by Krypt3ia

2009/01/12 at 22:42

Posted in Infosec

Daemon

leave a comment »

Daemon by Daniel Suarez

Daemon by Daniel Suarez

Finally someone from the infosec field wrote a novel that is not only fairly well written, but also weaves today’s technology properly within the confines of the story. This is the first novel for Mr. Suarez  and so far I have been hooked from page one. It’s a murder mystery with a technothriller twist.

If you are in tech and like the genre of cyber/techno, get this one…

Written by Krypt3ia

2009/01/12 at 22:23

Posted in Books

Tagged with

Transition Complete

with 2 comments

Well, the LJ has been hoovered into an xml file and then imported to wordpress. I just posted to the LJ my “So long” and am ready to begin anew… Ok not so anew as I have transplanted the blog here. Meh. I have also added a secondary site called Cartedevisite here on wordpress also. This will be my photography only site. Posts about photography, photo postings, and general photo musings.

So far, I like this site. The interface is nice and gives some features not readily available on the LJ.

Take er out Mr. Sulu…

Written by Krypt3ia

2009/01/12 at 02:52

Posted in Uncategorized