SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.4 hits, 5 required) SPAM: Hit! (-0.1 points) Subject: ends in a question mark SPAM: Hit! (2.7 points) Subject contains lots of white space SPAM: Hit! (0.8 points) BODY: Uses words and phrases which indicate porn (11) SPAM: Hit! (1.0 point) Received via an IP in dynablock.njabl.org SPAM: [RBL check: found 200.244.200.151.dynablock.njabl.org.] SPAM: Hit! (1.0 point) DNSBL: Received via an IP in dynablock.njabl.org SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- Here's a press release saying that DNC cops are using handhelds with (apparently) 802.11 to access law enforcement databases: http://www.findbiometrics.com/viewnews.php?id=1326 --- From: "John F. McMullen" <observer@private> Date: July 26, 2004 2:09:11 PM PDT To: Dave Farber <farber@private>, Declan McCullagh <declan@private>, Peter Neumann <neumann@private> Subject: [johnmacsgroup] Cybersecurity: they just don't get it... FYI ---------- Forwarded message ---------- From: wes_morgan@private To: johnmacsgroup@private Subject: [johnmacsgroup] Cybersecurity: they just don't get it... I'm watching CNN's Headline News, and they run a story on security preparations for this week's Democratic Convention in Boston. They go on, at great length, about the extensive network of cameras--approximately 75 of them, scattered around various Federal buildings and convention sites--and make it a point to illustrate how the security force, with their wireless networks and handheld devices, can grab the feed from any of these cameras at the tap of a stylus. So, they show one such device - with it's 802.11b card clearly identifiable - and show another agent viewing a webcam of the Boston Harbor shoreline - with the URL of the hosting site clearly readable. When talking about the cameras, they show several different cameras on different buildings, some of which seem fairly unusual in their architecture. I now know that they're using 802.11b, and I know the name at least one system handling the webcam feeds, and (with a bit of reconaissance) I can probably determine the position of at least one camera. So much for cybersecurity; I can't believe that the Feds even let that stuff on the air, much less that they did so without obfuscating critical information. *sigh* What were they thinking? --- -------- Original Message -------- Subject: Re: [IP] Cybersecurity: they just don't get it... Date: Mon, 26 Jul 2004 17:06:32 -0700 From: Ross Stapleton-Gray <amicus@private> To: dave@private, johnmacsgroup@private CC: Declan McCullagh <declan@private>, Peter Neumann <neumann@private> References: <C11581D0-DF5D-11D8-811D-000393D166C6@private> At 04:44 PM 7/26/2004, wes_morgan@private wrote: >I now know that they're using 802.11b, and I know the name at least one >system handling the webcam feeds, and (with a bit of reconaissance) I can >probably determine the position of at least one camera. > >So much for cybersecurity; I can't believe that the Feds even let that >stuff on the air, much less that they did so without obfuscating critical >information. > >*sigh* What were they thinking I would guess that the single greatest impact of any of this would be in the public at large thinking, "Ah, they're using modern technology to monitor things at the convention... looks like they're prepared!" Given that this is so much more an era of perceptions than of reality, you could chalk this (exposure of security systems on CNN) down as "doing their (primary) job." And there are a variety of other potential wrinkles. It could be that this was entirely scripted, and the intent is to dangle a tempting vulnerability in hopes of attracting attention... that 802.11b network *is* exposed, *but* part of a honeynet; that one camera, and others looking like it, are either dummies, or secondary to the *real* cameras, which are all hard-wired, and not looking all that much like the ones they highlighted on CNN... I suspect, like the pre-selection of all the candidates rendering the actual purpose of a convention into that of an infomercial, that this layer of physical security won't really matter all that much. I'd worry about other things, e.g., "smart target" hacking, where [pick your terrorist bogeyman] cons one or more of the protesting groups into becoming martyrs to the cause of socio-economic terrorism, and summons a "flash mob" of jubilant and radicalized techno-youth to convene on the spot where they've previously deposited the explosives-laden backpack... Ross ----- Ross Stapleton-Gray, Ph.D., CISSP Stapleton-Gray & Associates, Inc. http://www.stapleton-gray.com _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Mon Jul 26 2004 - 23:03:25 PDT