The thief entered a hotel room by opening its electronic lock using a special device and stole a laptop. Quite naturally, the police found no evidence of a break-in and none of the hotel’s keys were used. The investigation showed that the lock was opened using a special electronic tool. As the result, the police arrested the 27-year-old Matthew Allen Cook, who had been previously convicted for theft. He was caught trying to sell the stolen equipment.

He entered the hotel room using a security flaw in electronic locks made by Onity. Such locks are used in 4 million hotels around the globe.

The vulnerability was presented at the Black Hat Security conference by Cody Brocious, a security expert who used a sub $50 programming device to demonstrate how any hotel room can be easily opened. The vulnerability exists due to the fact that opened unencrypted ports of the lock allow any device to read device management data from its memory.

The manufacturer of electronic locks who obviously underestimated the value of information security, has been refraining from comments so far.

A US citizen formerly convicted for phaedophilia filed a lawsuit against Facebook demanding compensation for moral damage caused by the content of a user’s page. The man demands that the social network disable the page titled “keeping our kids safe from predators“.

This page is intended for sharing information about phaedophiles in Northern Ireland, which, its creators believe, helps prevent the impairment of children’s rights. The man’s personal details were published on the page, which resulted in the lawsuit being filed.

According to mass media, back in 1980, this man was found guilty in with 15 phaedophilia-related episodes and sentenced to a prison term, but has been out for some time now.
“I am worried about my own safely and am currently under a lot of stress, since an assault on me is just a matter of time now,” he says.

This is not his first lawsuit against Facebook. In the first case, the court ordered the social network to block the page, but several clones appeared just a few days later.
At that time, the judge commented on the situation in the following way: “He has already been punished with his conviction, and his life at the moment is being substantially regulated by officials anyway.”

For several years now, the U.S. Central Intelligence Agency (CIA) has had a special unit for monitoring social networks all over the world. The official name of this bureau is “Open Source Center”. Its employees are mostly hackers and linguists.

The primary goal of the bureau is the collection, filtration and analysis of information coming from social networks, as well as local forums, TV channels and other mass media. The reports of the bureau go directly to the White House.

Linguists and professional hackers from OSC are capable of filtering millions of posts in Twitter alone and finding information that others don’t have a clue about.
The bureau was created after 9/11 and the official reason for this was, obviously, “war on terrorism”.

One of the American schools competing for a 2 million-dollar government grant from the state of Texas has started using RFID (Radio Frequency Identification) tags to control the location of students hoping to improve the attendance rate. According to the school’s administration, this should have a positive effect on the safety of students as well, since they believe that public schools are safe places to be in.
However, students and their parents do not always agree with this opinion. Andrea Hernandez was suspended from classes for a categorical refusal to wear an RFID tag. Her agitation among peers against the use of this technology was also prohibited. The student believes that this new practice violates her right to privacy and infringes her religious beliefs and freedom of expression.
Andrea goes to another school now, while her parents and a group of civil rights activists are trying to sue the administration of the old school that refused to let her continue her education. They may well win the case — personal rights and freedoms have always been prioritized in the US.

Neil Smith, an IT security expert, found a hidden embedded program in Samsung printers that makes it possible to remotely connect to them, change settings and manage printing. This is a real backdoor created by the manufacturer for the convenience of technical support experts.

Apparently, the company never disclosed the existence of such functionality. The same kind of program was found in Dell printers, which can be attributed to their mutual manufacturing contracts.

This backdoor uses a modified version of the SNMP protocol that is not visible in the list of connections and continues to work even if the user disables SNMP in the printer settings.

Since the information has been made public, emergence of working exploits for this vulnerability is just a matter of time. Obviously, these exploits will not try to intercept documents being printed, but will aim to execute arbitrary unauthorized code with administrator rights in an external network. Samsung believes that it will be able to release a patch before hackers find a way to create an exploit.

Security experts from the University of Birmingham and the Technical University of Berlin have discovered a number of vulnerabilities in the 3G mobile telecommunications technology and managed to exploit them under near-life conditions – they were able to locate a specific phone and capture its exact coordinates.

In the 3G communications standard, the international mobile subscriber identity (IMSI) is not used for security reasons and is replaced with the varying temporary mobile subscriber identity (TMSI).

The scientists used a femtocell (a compact portable cellular base station, a fairly simple device) to find two ways of obtaining the IMSI of a specific device and intercepting its coordinates.

In the first case, they managed to intercept the communications between a device and a base station when they exchanged a pair of IMSI/TMSI values.
In the second case, they managed to intercept the transmission of authentication parameters and a secret session key. After that, they forwarded the signal to all devices in range, including the one being attacked. The synchronization error signal revealed the necessary device.

With this information at hand, one can intercept the exact location of the necessary person even without involving the mobile carrier’s infrastructure. This operation requires fairly simple and widely available equipment, so practical skills and knowledge of standard 3G protocols are the only limiting factors in preparation for such attacks, and obtaining them is essentially just a matter of time.

From time to time, we get contacted by people complaining that they cannot connect to a remote computer using Mipko Employee Monitor. Unfortunately, such situations do happen because of the differences in network architectures, computer settings, user permissions and other parameters. We have compiled a list of recommendations that will most probably help you solve your problem and successfully establish a connection. Here they are.

One.

Make sure that the script is installed and launched on monitored computers (just in case you missed something). The following instruction explains how it can be created and installed.
The work of the script can be tested in the following way:
If the script was installed, you will find a folder called C:\Documents and Settings\All Users\Application Data\MPK (in Windows XP) or C:\ProgrammData\MPK (in Windows 7) containing logs and the executable file of the program. If the program is running, it won’t be possible to delete or move the executable file (with the *.exe extension).

Two.

Try adding the target computer using its IP address instead of its network name.
Try navigating from the observer’s computer to C$, the hidden shared folder of the client system being monitored and make sure it is accessible under the current user without errors or issues of any sort. If it’s not, try looking for a possible reason and fixing it.
My Computer > address bar > \\IP address or name of the client computer\C$ > Enter
If it didn’t help and didn’t solve the problem, carry on with the instruction.

Three.

Make sure that the DWORD RestrictAnonymous key is set to zero in the HKLM\SYSTEM\CurrentControlSet\Control\Lsa registry node on all monitored computers. This is a recommendation from Microsoft.
In Windows 7, disable the “Password protected sharing” option:
Control Panel > Network and Internet > View network status and tasks > Change advanced sharing settings > Home or Work (current profile) > Password protected sharing > Turn off password protected sharing.

Make sure that all computers are in the same workgroup or domain. This is important – if they are not, it may cause problems.
If you have completed the steps described above, restarted the computer and the problem still persists, please contact our technical support service, we’ll do our best to assist you.

By the day after release of Apple’s new iPad 3, hackers had already found three ways to jailbreak the OS of the tablet device. This represented a drop of six days compared to the time necessary for jailbreaking the iPad 2 after launch.

Hackers also dryly noted that out of Apple’s entire device lineup, the best-protected device is also the very cheapest one: the Apple TV 3.1 television appliance.

Why? Most of the features in Apple’s iOS operating system, which is used on all of the company’s mobile devices, are simply discarded and disabled on the Apple TV. This reduces the “area for attack” available to hackers, thus creating significant obstacles for them.

Although the newer version of the Apple TV was ultimately hacked nonetheless, the jailbreak tool did not catch on with users. It is usually the case that Apple gradually updates the operating system with the features that users had hoped to gain through jailbreaking their devices.

According to a research called “The Impact of Mobile Devices on Information Security” published by Check Point® Software Technologies Ltd., the number of mobile devices connected to corporate networks doubled in 2010-2011. Half of these devices contain confidential information.

The management of 70% of the surveyed companies are confident that it is the use of mobile devices that results in the increased number of data leaks. This mostly happens when devices containing corporate emails (80% of cases), client databases (around 50%) and corporate passwords (around 40%) get lost or stolen.

Corporate users are actively embracing mobile devices and services, thus creating a lot of problems for IT experts responsible for the security of corporate data. Modern standards do not cover new security threads, and yet it’s not reasonable to completely stop using mobile devices, since they give users a number of advantages that boost their performance and provide them with quick and convenient mobile access to corporate resources.

Check Point report highlights:

• In 94% of companies, the number of mobile devices connected to corporate networks has increased.
• In 78% of companies, their number has more than doubled over the past two years.
• The most popular mobile platforms used in corporate networks are:

1. Apple (30%)
2. BlackBerry (29%)
3. Android (21%)

• 43% of companies believe that Android-based devices pose a serious threat to their information security.
• The key threats undermining information security are:

1. Lack of knowledge in the information security field among corporate users (over 70%).
2. Use of mobile devices for web browsing (61%)
3. Use of unprotected wireless connections (59%)
4. Device loss of theft (58%)
5. Downloading of malicious software to mobile devices (57%).

In this program update there are not that many innovations, but it’s worth writing about it as well. It is made almost completely on the basis of joint work by programmers, the technical support department, and actual users of our programs.

In all the programs, we added the feature of capturing user’s messages in the VKontakte (vk.com) social network. Many users have asked me for this for a long time now.

The Ukrainian language was added to the programs’ interface. The translation was done by one of our users, so thank you very much to him.

We are continuing to work on improving the encrypting system for logs in Employee Monitor and Terminal Monitor. In extremely rare cases, it works incorrectly and greatly slows down the work of the program.

Thanks to reports like this from our users, we were able to solve the problem. In the next versions of the programs, we will be able to get rid of it completely.