jump to navigation

Lindsey Stone – Disrespecting the Tomb of the Unknowns November 20, 2012

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
3 comments

Forgive this rant on this blog.  Several months ago, a person posted a video mocking Islam and it created issues that resulted in riots.  Yesterday we have a young woman named Lindsey Stone who works for LifeCapeCod posting a picture on the Internet of her disrespecting the Tomb of the Unknowns.    When taken to task for the posting her response was what one would expect of a self described “douchebag” (her words…not mine).  Here is her response.  “Whoa, whoa, whoa…wait.  This is just us being the douchebags that we are, challenging authority in general. Much like the pic posted the night before, of me smoking right next to a no smoking sign. OBVIOUSLY we meant NO disrespect to people that serve or have served our country.”  I find it particularly interesting that she is willing to act in such a disrespectful manner and the, when caught, disavow her behavior.  Protest is a great part of our country’s history.  Disrespectful, offensive behavior in front of memorials is deplorable.  Not only did Lindsey Stone disrespect a memorial she chose the one memorial dedicated to those brave men and women who were not identified and in turn whose own families have not had a chance to properly mourn their loved ones.  The Tomb of the Unknowns is a sacred memorial for those who have paid the ultimate price.  It is offensive for Ms. Stone to equate her behavior to that of “smoking next to a non smoking sign.”  She should be ashamed and her parents and friends should be ashamed.

“Here Rests In Honored Glory and American Solder Known But To God.”

Chris in October 2012 Issue of PenTest Magazine October 30, 2012

Posted by Chris Mark in Uncategorized.
Tags: , , , , , , , , ,
add a comment

Check out the October 2012 issue of PenTest Magazine for tons of valuable information on the PCI DSS and how Pen Testing can be used to support compliance and validation.  I have an article in the magazine titled: “Introduction to PCI DSS for the PenTester”  You need to register as a user or subscribe to access the articles.

“Boo!” – October 2012 issue of TransactionWorld October 30, 2012

Posted by Chris Mark in Uncategorized.
Tags: , , , , , ,
add a comment

I (Chris) am finally back in the US after traveling for the past two months.  If you haven’t had a chance yet, please check out October’s issue of TransactionWorld and read articles by Chris Mark (Security Economics) and Heather Mark (Portable Security).  If you don’t subscribe to TW, you should check it out.  Everything you could want to know about payments. (well..not everything but quite a bit).

“Why does the FBI have your UDID (and 12.4 million more)?” FBI Laptop Hacked…1 million Apple IDS posted online September 4, 2012

Posted by Chris Mark in cyberespionage, cybersecurity.
Tags: , , , , , , , ,
add a comment

*UPDATE* It was reported yesterday that the FBI laptop was not, in fact, the source of UUIDs that were hacked.  A company called Blue Toad revealed that it was the source of the stolen ids.  It’s not clear how the data was stolen from Blue Toad or what, if any relationship exists between the company and the laptop that was first identified as the source of the breach.***

According to NBC News, hackers associated with the anti-government group AntiSec have hacked an FBI Agent’s laptop and posted over 1 million Apple Unique Device Identification Number or UDIDs online.   The Apple UDID is used by Apple to determine what applications are running and to lock down the phones, IPads and computers from other applications.  Alone, they do not represent personally identifiable information but However, New Zealand-based security researcher Aldo Cortesi has shown that thanks to disregard of Apple’s security guidelines by iOS game and app developers, it’s possible to determine a user’s identity through an UDID alone.  According to the story:

“The Pastebin post claims that the UDIDs were stolen thanks to an Anonymous hack into the laptop of FBI agent Christopher Stangl, a member of a New York-based cybercrime task force. “During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,” the posting states. “During the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc. the personal details fields referring to people appears many times empty leaving the whole list incompleted on many parts.”

Why the FBI has such a list of over 12 million UDIDs is an interesting question. Why the list would be on a laptop is another interesting question. To check whether your iPhone, iPad or iPod Touch’s UDID might be among those affected, a Unix developer based in Florida has already posted a tool: http://kimosabe.net/test.html

“Cyber Espionage is Alive and Well”; Motorola Employee Sentenced in theft of IP August 30, 2012

Posted by Chris Mark in cyberespionage, cybersecurity.
Tags: , , , , , , , ,
add a comment

According to a story in CIO, a former Motorola employee was sentenced to 4 years in prison for theft of trade secrets. For more information on the cyber espionage threat, you can read my  article: “The Rise of CyberEspionage” published in The Counter Terrorist Magazine.

Below is an excerpt of the CIO article.

“Hanjuan Jin, 41, a nine-year Motorola software engineer, conducted a “purposeful raid to steal technology,” U.S. District Judge Ruben Castillo said while imposing the sentence, according to a statement by the department.

The Judge did not however find her guilty of three counts of economic espionage for the benefit of China and its military, although he found by a preponderance of the evidence, that Jin “was willing to betray her naturalized country,” according to the department. Jin had earlier been convicted by the court of three counts of theft of trade secrets.

Judge Castillo’s order was not immediately available on the website of the U.S. District Court for the Northern District of Illinois, Eastern Division where Jin was on trial.

Jin, who is a naturalized U.S. citizen born in China, was stopped from traveling on a one-way ticket to China on Feb. 28, 2007 at O’Hare International Airport by U.S. customs officials who are said to have seized from her possession more than 1,000 electronic and paper documents from Motorola.”

Companies need to be vigilant and understand that the same techniques used to steal national secrets are being employed in US businesses.  While not exclusive to China, they certainly represent the greatest threat today.