During his speech at the McAfee Focus Event in London, David Blunkett, the former British Minister of Internal Affairs, provided some details about the 2000 negotiations with Nicolas Sarcozy (the French Minister of the Interior at that time), where the latter admitted that France had been intercepting electronic correspondence of the British embassy.

The future president of France thereby confirmed the fact of active hi-tech espionage on the state level. These days, virtually all government agencies use strong data encryption for all correspondence, especially for messages sent abroad.

During his address, Blunkett also raised the topic of “advanced persistent threats (APT’s), which usually target the IT systems of public organizations and government agencies.

One of the characteristics of APT’s is that hackers disguise their activities using the tools already present in the system being attacked, exploit commonly used ports, mask their activities as actions performed by standard applications or even hide their control communications in HTML comments, which allows them to capture highly-confidential and secret information for prolonged periods of time.

Some time ago, Facebook got involved in a new scandal. The hype was based around the fact that HTTP cookies saved by Facebook on users’ computers remained there even after they logged out of the social network, thus casting a shadow of suspicion on it developers and created an impression that they could be monitoring users’ activities on other sites.

On September 25, Facebook officials sent a statement to major mass media assuring the public that they were not monitoring users’ activities on other websites.

However, on September 22, the US Patent and Trademarks Office received a patent application for a technology that made it possible to track user’s actions outside a social network.

It’s clear that “to patent” does not equal “to use”, but hardly anybody can guarantee that the social network will not get such functionality in the future.

Chaos Computer Club (CCC), a Germany-based hacker group, published a proof of the use of spyware by the government, which resulted in a serious scandal on the highest level.

The spyware mentioned in the publication was found on a laptop that belonged to a person who was suspected of illegal export of pharmaceuticals. The program was allegedly installed during a customs inspection at an airport.

This program captures the URL’s of visited websites and email communications and then sends the collected data to a remote server, presumably outside the country. Besides, it allows the operator to upload and launch any applications on a remote computer.

Joachim Hermann, the Minister of Interior of Bavaria, confirmed that state authorities in this land had been using spyware since 2009, but refused to provide specific examples. In his opinion, this practice in not in breach of any laws, although this issue is subject to further discussion. Authorities from three other lands (Baden-Württemberg, Brandenburg and Niedersachsen) also confirmed that they had been using similar software.

In response to the furious public reaction, some high-profile authorities were forced to provide comments on the situation.

Germany’s Minister of Justice, Sabine Leutheusser-Schnarrenberger, and Chancellor Angela Merkel demanded that a thorough investigation of the incident be conducted. The result of this investigation should be a mechanism aimed at protecting the citizens’ rights to privacy.

Therefore, Germany’s laws related to the use of spyware may change considerably in the nearest future.

AirPatrol has presented a new wireless security technology called ZoneDefense. This system uses a new unique approach to the prevention of corporate data leaks.

This a narrowly focused technology that prevents data leaks through mobile devices and applications. ZoneDefense integrates into the structure of a protected building (with its elements being placed in every room) and detects the location of any mobile device with 6-7 foot accuracy.

However, this is not all the system is capable of.

Not only does it allow to find devices within a protected building, but can also make them work according to system-wide rules. Depending on the rules, ZoneDefense can either allow or block the work of both devices and specific mobile applications using a number of parameters: device ownership by a specific employee, type of application, movement direction and even proximity of other devices.

This system can also set off an alarm notifying the security service about a possible data leak or detection of a suspicious device in an unauthorized area.

According to a research conducted by the Internet Development Fund, children in Europe and the NIS states usually know more about the Internet than their parents do.

From the one hand, this is a positive and logical thing. From the other hand – we don’t really know how children understand the basics of online security. Regular incidents involving Internet fraud and harassment prove that the problem is very real and the level of online threat awareness among teenagers is very low.

You can try to shield your kids from such threats in many ways, but you must be ready to face the fact that an Internet-savvy teenager won’t have any problems finding a workaround. And that is why you, as a parent, will have to explain the basics of online security to them.

Google has published a guide for parents and teachers that explains how online dangers can be avoided and how the rules of online conduct can be efficiently communicated to minors. All of these materials have been published as “Family Safety Center”.

The guide contains articles written by Google and other companies working on the problems of online security for children.

However, we should not forget than no technology, even the most advanced one, will ever be able to replace parental control and proper upbringing.

Karsten Nohl, a German network security and cryptography expert, announced the discovery of a relatively simple technique of intercepting and decrypting data transmitted over the GPRS protocol.
His team also discovered that many mobile carriers use a low-security variant of GPRS, while some of them disable GPRS traffic encryption altogether.
There can be two reasons behind such ignorant attitude of mobile carriers to the security of their clients’ data:

• An attempt to save on equipment required for proper data protection.
• Deliberate disablement of data encryption for retaining access to clients’ data.

Karsten Nohl claims that his discovery is far from being theoretical: his team was able to capture and decrypt data in T-Mobile, O2 Germany, Vodafone and E-Plus networks. What made matters worse was that they did not have to use cumbersome equipment (they used a reflashed Motorola C-123 phone) or expensive software (they only used publicly available freeware). Even in this case, they managed to capture data in the radius of 5 km.
The details of this technique have not been published yet to avoid damage to the clients of cell phone companies. The research group believes that it’s high time that mobile operators did their homework and configured their GPRS gateways and checked all cryptographic systems, as the methodology they followed will be made public shortly.
However, Russian operators were quick to react: according to “The Big Three” (Beeline, Megafon, MTS), they don’t see how this could jeopardize their clients’ security and suggest using better-protected technologies, such as 3G.

Not long ago, an Apple notebook owner (Josh Kaufman) had an unfortunate experience. His MacBook was stolen and the police were not interested in investigating. Usually, that would be the end of the story, but in this case something else happened.

Shortly before the robbery, the owner installed a program on his MacBook which secretly tracked the user. It took screen shots, photos from the inbuilt camera and even identified the probable location of the device by using the Wi-Fi network. The software regularly sent all this data to the owner’s email.

The owner of the stolen computer wrote a blog called “This Guy Has My MacBook” and began to publish the screenshots and photographs in the hope of identifying the thief or of getting the police more interested. Fortunately, the thief didn’t wipe the disk or sell the laptop, but kept and used it himself. As a result Kaufman quickly collected a lot of photographs of the thief sleeping, sitting at the computer, driving his car, etc.

A few days later the police arrested the criminal and returned the stolen property to its owner. According to the police, they were able to make the arrest thanks to the photographs provided by Kaufman.

This story has caused a lot of discussion among MacBook owners. Many of them have asked Apple to add an app similar to the already existing services Find My iPhone and Find My iPad for iOS to the next MacOS version.

A scandal ignited on the web today as it turned out that Ant Video Downloader and Player, a Firefox and Internet Explorer plugin for downloading videos, spied on its users.

The plugin does its job really well — until today, it had a 5 out of 5 rating and the number of daily installations reached 7000. Its spy part was also developed by professionals: URL’s of visited sites and other personal information (associated with a unique user identifier) are sent to an unknown address even in privacy mode or when using data encryption mechanisms like Tor.

With a database of 11 million users and their visited pages, hackers can easily identify people and make their life a lot harder — just with this information at hand. It’s not yet known exactly what information was stolen and how it will be used.

Such activity of the plugin was detected by security experts on May 10th, but the plugin is still available for installation in Firefox and Internet Explorer. Unfortunately, there is no efficient way of blocking such spyware and its activities at the moment.

Business owners and managers across the world are steadily growing aware of the necessity of high-quality monitoring of their employees, both for reasons of information security and employee performance. And as the saying goes, demand creates offer.

Engineers from Sony (Japan) и Anybots (USA) found their own solutions for this problem. They suggested using remotely controlled robots for simulating the presence of a manager in an office.

Sony developed a device called Telepresence Balloon — a relatively small airship type device around 3 feet wide that floats through open office spaces using small propellers. The user can control it remotely by watching live webcam streams, while the user’s face is projected onto the surface of the balloon. It probably look somewhat creepy, but it should also produce the desired effect (at least to a certain extent).

Anybots presented a less conceptual and a less frightening product — their robot uses wheels to move around the office and resembles WALL-E, a popular cartoon character, yet with a longer neck. Due to its design, it has one serious weakness — stairs.

Symantec (a leading information security software development company) is warning that one of the most popular networks in the world, Facebook.com, may have been leaking personal information for several years.

Experts believe that advertisers on the social network obtained information not only on customer profiles but also pages containing photo albums and personal correspondence. Moreover, they have the ability to post fake messages.

The social network’s applications also have a problem with personal information security. Experts believe that leaks are possible from over 100 thousand applications.

Facebook management have been informed of these issues and are already taking steps to guarantee users’ security. However, there has so far been no comment from the company.