6 lakh account logins get compromised every day on Facebook

New official statistics by the social networking giant revealed that 0.06 percent of the billion logins that they have each day are compromised. That's more than 600,000 per day - that is one in every 140 milliseconds. (By comparison, a blink of the eye takes 300-400 milliseconds).

The statistic was revealed in an infographic published alongside an official Facebook blog post trumpeting new security features introduced by the firm. The new security features include ‘Trusted Friends’ (called "Guardian angels" in the infographic).

Facebook says that "one will be able to nominate three to five "trusted" friends who can help you if you have a problem accessing your account - if, for instance, someone else has changed its password and locked you out of your e-mail account. The idea is that if you need to login to Facebook but can't access your email account, Facebook will send codes to your friends that they can pass on to you."

Graham Cluley, Senior Technology Consultant at Sophos said, "None of your friends on their own has enough information to access your account, as they are only sent a single code. But, of course, if your "trusted" friends turned out to be untrustworthy and banded together they would - between them - be able to access your account. So you best be sure that you keep a close eye on who your trusted friends are (especially if you're prone to falling out, or they think practical jokes are amusing), and be pretty confident that they are taking their own computer security seriously. Another thought occurs to me - if a bad guy has taken over your Facebook and e-mail account, isn't it likely that he will also change who your trusted friends are at the same time? Wouldn't that make the whole security measure kind of pointless?"

Another new announcement is ‘App passwords’ - meaning that one will no longer have to log into Facebook apps with the same credentials that he uses for his Facebook account. It's certainly a good idea not to use Facebook password with anybody other than Facebook.

"However, it's not hard to predict that the only people who might use such a feature might be those who are already very aware of privacy issues, rather than the great unwashed majority on Facebook," Cluley said.

Google's bouncer ejects malware from Android market

Google, which has always maintained that the Android Market, although not immune to malware, was not heavily affected by it, revealed Thursday it has been using a technology called Bouncer to monitor apps for malware. Although only saying that Bouncer has been in use "for a while now," Google said it saw a 40 percent reduction in the number of potentially malicious apps downloaded from the market between the first and second halves of 2011. Bouncer removes apps that it identifies as containing malware, spyware, or trojans.

Google is quick to point out that the significant reduction in potentially dangerous applications occurred in the same time frame that anti-virus vendors made a lot of noise, well covered in the media, about the huge growth in malware-infected applications coming straight from the Android Market to users' devices. It's no secret that Google does not think well of anti-virus vendors, which it has called "charlatans" for selling anti-virus software. Google has said anti-virus software is a worse blight than the malware itself.

Bouncer looks at applications in the Market and in developer accounts, searching for known code or behaviors that seem suspicious, and comparing new apps against previously uploaded versions. Additionally, apps are run on what is likely--Google doesn't say--an Android simulator in the Google Cloud to look for behaviors that are not obvious from the code analysis.

Red-flag behaviors result in the app being pulled from the Market, and can also result in the developer's account being closed for repeated malicious behavior. Google also has the capability to remove an app from a user's device via its Remote Application Removal feature. This feature has been rarely used to this point, with Google only commenting on its use in removing a test app that a security researcher uploaded to the market.

Google cautions users to look at the permissions that an app requests, and if the requests seem suspicious, to stop the installation. Of course, this means users have to understand the permissions being granted, and for most non-technical users, this is an onerous requirement. So far, nothing has been released via the Market that can't be removed by simply uninstalling the offending app. Should that change, then Google's offhand approach to protecting users might see a change.

Source: InformationWeek USA

India and APNIC reach agreement on National Internet registry

A new National Internet Registry (NIR) has been launched in India, following the successful conclusion of talks between the Asia Pacific Network Information Centre (APNIC) and the Government of India. The Indian Registry for Internet Names and Numbers (IRINN) will be run by the National Internet Exchange of India (NIXI) and serve ISPs within the country that wish to sign up.

It is the result of a long collaboration between APNIC and NIXI, with APNIC staff sharing their expertise with NIXI, and NIXI officials putting together an impressive technical installation in preparation for the launch.

The new registry was announced on the final day of APNIC 33, a technical conference conducted in conjunction with the Asia Pacific Regional Internet Conference on Operational Technologies (APRICOT 2012).

APNIC Executive Council Chairman, Akinori Maemura said of the announcement, “We are extremely happy that this process is heading towards a positive conclusion; which, on the other hand, is also a commencement of a new relationship. I would like to thank the NIXI team for their support and the hard work they have demonstrated in making this a reality.”

APNIC is an open, membership-based, not-for-profit organization that serves as the Regional Internet Registries (RIRs) for the Asia Pacific.It is one of five Regional Internet Registries (RIRs) charged with ensuring the fair distribution and responsible management of IP addresses and related resources. IP addresses are how are device is identified when connecting to the global Internet and responsible management is required for the stable and reliable operation of this.

The NIR will streamline access to resources for current or future network administrators and so assist the Indian Internet that is currently experiencing a period of extraordinary growth. Director General of APNIC, Paul Wilson commented, ”We welcome the new National Internet Registry in India to the APNIC community.  The Internet is a global community and IRINN, as the NIR is being called, should be part of that. I hope that many new Internet Services Providers will be formed in India, and they will always be able to choose between IRINN and APNIC for IP addresses. The market here is big enough and that kind of diversity will ensure better services and lower prices for all Indians."

APNIC has over 300 members locally, mostly Internet Services Providers and Telecommunication Communications companies, and over 6 million Internet Protocol version 4 (IPv4) addresses were allocated in 2011. There are already 6 National Internet Registries in Asia in South Korea: (KISA KRNIC), Japan (JPNIC), China (CNNIC), Indonesia (IDNIC) and Vietnam (VNNIC). This is out of 56 economies in the Asia Pacific region.

“It’s really about what is a better fit for the individual organizations. Typically we tend to see larger organizations prefer a regional service especially those who operate in multiple economies to maintain an account with APNIC.” Says Director General, Paul Wilson. 

Indian Internet economy forecast to contribute Rs 10.8 trillion to the overall economy by 2016

Indian Internet economy contributed Rs. 3.2 trillion to the overall economy in 2010, representing 4.1 percent of GDP, and is projected to rise to Rs 10.8 trillion by 2016, according to a new report in The Boston Consulting Group’s Connected World series. According to the report, by 2016 the total size of the G-20 Internet economy will be USD 4.2 trillion, equivalent to 5.3 percent of GDP, up from USD 2.3 trillion or 4.1 percent in 2010.

The Internet Economy in the G-20' finds that if the Internet were a sector, it would be the 8th largest in India – larger than mining and utilities. It is driven especially by exports of IT services: net exports make up 59 percent of the Indian Internet economy, while consumption is only 20 percent.

India's Internet economy growth rate of 23.0 percent places it as the second fastest across the G-20 and ahead of many other developing nations in the G-20, which are growing at an average of 17.8 percent. Projected growth rates elsewhere are: 24.3 percent in Argentina, 18.3 percent in Russia and 15.6 percent in Mexico. In 2010 developed markets contributed 76 percent of the G-20's Internet economy; by 2016 that will fall to 66 percent.

“Consumption is the principal driver of Internet GDP in most countries, typically representing more than 50 percent of the total in 2010. It will remain the largest single driver through 2016. China and India stand out for their enormous Internet related exports- China in goods, India in services – which propel their internet-economy rankings toward the top of the chart,” said Arvind Subramanian, a Mumbai-based BCG Partner. He further added, “In emerging countries like India, social media are fast becoming the Internet medium and mobile the access medium of choice.

Commenting on the report, Rajan Anandan, VP - Sales and Operations & Managing Director, Google India, said, "India is seeing one of the fastest rates of Internet adoption across the globe. It is up to all of us- users, businesses and the government -- to leverage the potential of the Internet to deliver value and wealth. We see emerging opportunities for innovation in areas like mobile, e-commerce and cloud and are committed to growing the market by offering more locally relevant services."

Online Commerce

In 2010, the share of total retail carried out online in India was only 0.9 percent but is projected to reach 4.5 percent by 2016. What's more, the Internet influences only an additional 0.8 percent of total retail from connected consumers researching online and purchasing offline ('ROPO'). These numbers compare to 3.1 percent for online sales and 4.0 percent for ROPO in Brazil, 1.7 percent and 4.8 percent in Russia, and 5.0 percent and 9.6 percent in the U.S.

Consumer Value

Consumers are the big winners of the Internet economy and BCG's study highlights just how essential it has become to everyday life and the value which consumers attach to it. Asked how much they would have to be paid to live without Internet access, Indian respondents said an average of Rs. 21,436 per year, or 2.8 times what they pay for access and services. When asked whether they would forgo showering for a year in order to keep Internet access, 36 percent of Indian online consumers said they would; 64 percent said they would forgo chocolate; 63 percent coffee; and 70 percent would give up alcohol.

SMEs – The Growth Engines of the Economy

BCG report finds that “High web” companies in India – ones that use the Internet for marketing, sales and interactions with customers and suppliers – grew their revenues 19 percent over the past three years, compared to only 13 percent for those who made low or no use of the Internet.

"Around the world SMEs which embrace the Internet are growing faster and adding more jobs than those that don’t. By encouraging businesses to adopt the Internet, countries can improve their competitiveness and growth prospects," said David Dean, BCG Senior Partner and co-author of the report.

Unilog gains competitive advantage with Microsoft Office 365

Unilog Content Solutions, a company that specializes in Big Data Analytics and Product Data Management for eCommerce, recently deployed Microsoft Office 365 across its offices in Bangalore, Mysore, and Philadelphia.

Unilog’s hosted mail service was the primary pain point as it outgrew its existing solutions, resulting in significant downtimes, loss of mission critical e-mails and difficulty in maintaining a higher mailbox quota. These problems were directly affecting business performance. Hence, to improve reliability and communications while reducing costs, Unilog evaluated hosted solutions from Google and Microsoft but finally adopted Office 365. The company deployed Office 365 due to its ability to maintain a hybrid cloud/on-premises deployment and it fits the varying needs of businesses, providing rich features and functionality. The entire transition to Office 365 was completed in three days with the support of Microsoft Partner – Acropetal Technologies.

Suchit Bachalli, Executive Vice President, Unilog Content Solutions, said, “With Office 365, we have experienced significant improvement in the reliability of our messaging system, document sharing, and communication capabilities while reducing IT costs and administration. Also, by reducing the time to react to a situation and take appropriate decisions, we are seen as proactive by our customers. This is very positive for the business. Office 365 clearly delivers far greater value than Google Apps at any price point.”

Unilog has seen significant benefits since the time it has moved to the cloud with Office 365 – employee productivity has improved by 12 percent through instant messages, audio/video calling between PCs and online document sharing. The transition has enabled the company to reduce administration, maintenance, IT, and up-gradation costs, thus resulting in lower total cost of ownership. The company has experienced zero downtime, which results in increased reliability.

“In today’s hypercompetitive marketplace, it has become increasingly important to empower people and teams to deliver exceptional customer experiences, be more productive, and respond quickly to change and opportunities. Unilog’s decision to implement Office 365 over Google Apps validates our approach to a robust and familiar desktop, browser and mobile clients for access virtually anywhere delivering real value,” said Ramkumar Pichai, General Manager - Microsoft Office Division, Microsoft India.

CCTV (Closed Circuit Television) Cameras

CCTV (Closed Circuit Television)

Cameras

Closed Circuit Television (CCTV) Cameras are the key facilitator of all homes, business areas, educational institutions, and other public places as they provide ultimate security and ensure safety. Today, we come across CCTV monitoring systems and CCTV surveillance equipment in almost all places we visit. With the wide usage of CCTV cameras, the number of CCTV vendors CCTV installers is also considerably increased in India.

Out of other CCTV equipments used by people, CCTV cameras are the maximum preferred equipments by majority. So what makes these CCTV cameras so unique and dependable? Here are some most important benefits of CCTV Camera System.

Benefits of CCTV Cameras(by CyberLab)

1. Compact – CCTV camera and CCTV camera system is a compact package. The sizes of the cameras and the camera system will be small and will be less spacious. These compact CCTV surveillance cameras will not occupy more space in only your house or office now the CCTV cameras can also used in cars!

2. Available in Different Sizes & Shapes – There not just one size or shape in which CCTV camera system is available but in various sizes and shapes these cameras are available. There are CCTV surveillance cameras that comes in various sizes and shapes that will not make people realize a CCTV surveillance camera is fixed in the particular area.

3. Climate Compatible – CCTV surveillance cameras can be used both in indoor and at outdoor locations. The CCTV camera system is water resistant and also dust resistant so that it can also be used in outdoors like traffic signals, entrance gates, in extreme outdoor areas like amusement parks etc. where the CCTV camera system will prove its durability even in the extreme weather conditions.

4. Economical – A CCTV camera system is highly economical and affordable for all.

5. User Friendly – The mechanism of CCTV camera system is very much user-friendly and so that everyone can easily handle them (provided they have the access). The CCTV camera system also provides high-end security and privacy options so that not everybody can access the data recorded.

6. Keeps a Clear Record – The CCTV cameras are capable of functioning even for 4 days without power supply and maintenance! The CCTV camera system keeps a clear record of the data recorded without any interruptions in the recordings so that the surveillance process becomes easy and simple.

7. Control Access to Various Equipments – CCTV camera system has a highly sophisticated control access to a huge number of devices. Not only computers but also through your televisions and mobile phones you can now gain access to the CCTV surveillance cameras.

8. For Home Security – CCTV surveillance cameras provides absolute security to the houses when installed in the right places. CCTV cameras for home comes in many forms apart from its classic camera look. There are CCTV cameras available in forms of pen, door locks, bags, flower vases etc.

9. For Office/Shops/Malls Security – CCTV cameras not only works good as surveillance cameras but also for other important office purposes like attendance system, customer care support (answering the customers without directly talking to them), and also for the data management purposes.

Fingerprint Scanner Technologies

What is a fingerprint Scanner Technologies ?

CyberLab Biometric Systems

Biometric technology offers advanced verification for employees in every industry. Because biometric systems identify people through physical measurements of unique human characteristics or behavior, they thwart attempts of time fraud, where one employee punches for another. Biometric systems do not require easily-lost or stolen badges, or other identifying objects. Employee attendance verification is a major use of biometrics today.Biometric technology offers the promise of an easy, secure method to make highly accurate verifications of individuals. Not only does this technology make our lives easier by eliminating the need to carry badges and other identification, but it prevents the use of forged tickets, badges, or passports. These verifications have broad applicability, and people are already being verified by biometrics in airports, office buildings, manufacturing centers, hospitals, and even amusement parks. A biometric scan can provide security access to protected areas, serve as a day pass at an attraction, punch an employee in at the start of the work day, or allow an executive access to his laptop computer.

U.are.U 4500 Fingerprint Reader(by CyberLab)

The U.are.U 4500 Reader is a USB fingerprint reader featuring an elegant, sleek design with a soft, cool blue glow and, of course, the unsurpassed performance DigitalPersona is known for. Made for power-users and shared environments, the 4500 is the natural choice for those that want and need the very best. Here’s a look at just some of its features and benefits:

Blue LED	Soft, cool blue glow fits into any environment. Provides a pleasing presence; doesn't compete in low light environments, such as restaurants, or conflict with alarm condition colors, such as in healthcare.
Small form factor	Conserves valuable desk space.
Rugged construction	High-quality metal casing weighted to resist unintentional movement.
Special undercoating	Stays where you put it because of a special undercoating.
Rotation invariant	Touch it from any direction, it still provides a high quality image and matching performance, perfect for shared environments.
Excellent image quality	High-quality optics ensure best image every time.
Works well with dry, moist, or rough fingerprints	Reliable performance over the widest population of users. Reads even the most difficult fingerprints.

Some of the many applications and verticals markets in which the U.are.U Readers may be used include:

Drug dispensary Prescription fulfillment Time and Attendance Point of Service (Retail and Restaurant)

Health Club membership access Finance and Banking account access Law Enforcement State and Local Government

Easy-to-use
To use, simply place a finger on the reader window and the reader quickly and automatically captures and encrypts the fingerprint image before sending it to the DigitalPersona IDentity Engine for verification.
DigitalPersona products utilize optical fingerprint scanning technology for superior image quality and product reliability. The combination of a U.are.U 4500 Fingerprint Reader with the DigitalPersona IDentity Engine produces an unmatched ability to recognize even the most difficult fingerprints.

Access Control System

What is Access Control System ?

Access control security systems are designed to restrict physical entry to only users with authorization. Many organizations, governmental and private, have started adopting access control security systems for physical entry into their facilities. Whether it is a simple non intelligent access control system like a punching in a password, or advanced biometric systems that scan and permit entry very specifically, there are many advantages to employing these security systems.

What Advantages of Access Control Systems ?

• Reduced Requirement for Manpower
• Allows Access and Restriction to Multiple Entries and Exits
• Internal Levels of Restriction and Access
• Time Based Control for Security Systems
• Keeping Check of Punch-in and Punch-out Time
• Biometric Systems

Types of Access Control Locks ?

Access control devices are the primary among the essential security products available for both residential and office security. The access control devices are easier to install and they are more effective than regular biometric access control devices. There are important types of access control locks which can be used in all places. These locks are mostly electrical devices which can be connected to many other devices like computers etc. easily.

1. Door Locks – The door locks are the primary type of access control devices used for security purposes. These door locks can be used in houses and also in offices. They use keypad locking/unlocking system to operate.
2. Fingerprint Locks – These access control devices will make use of finger prints for locking and unlocking. The can be connected to electricity to operate. These locks are mostly used in offices to control access in certain rooms and halls.
3. Card Readers – Card readers are also a type of lock system in access control. These card readers are used for limiting the access in certain areas. Bar code reader which is a type of access control card reader does not fall under the access control locks category.
4. Gate Automation - The gate automation system is used to operate the gates and main entrances of big houses and also in offices. Using access control gate automation system is a growing trend in India.
5. Electronic Locks – This type of access control system has 2 sub-types:
   • Electromagnetic locks which can be mounted on the doors to restrict the invalid entries. When this access control device is powered, the magnet will be charged and disable the operations of the entry doors.
   • Electric strikes which are similar to the latches in the door panel. These latches can be enabled and disabled using electric power.

What is Iris Recognition in Access Control?

Iris recognition has been the most authentic and reliable security device used in access control security system. Iris scanner is used for physical security as it inspects far better than other iris recognition devices. Iris scanner will take a digital photo of the iris of a person which cannot be altered or manipulated with ease. The access control iris scanner will take the photograph of the iris of a person using infra red rays which are less or no harmful to the most sensitive organ of a human body. Once the digital photograph is taken,the iris scanner compares it with the recorded iris proof of a particular person to grant access. 

Advantages of Access Control Iris Scanner.

• Iris scanner is much faster in doing the iris identification process than other iris recognition devices.
• Iris scanners are capable of recognition more than a million different subjects and can produce results without confusion.
• Iris scanner can not only be used as a recognition or attendance device in access control but they can also be used as locking system.
• The imaging process of iris scanner involves no harmful infra red rays or laser lights that will affect the subjected part.
• Iris recognition devices in access control system are also available with voice support which is an added advantage.
• It is easy to search through the access log of the device anytime and acquire the data.
• Iris scanners consume very less electricity thus they are pocket friendly too.
• Iris recognition device of access control system can be used in severe weather conditions too.

Biometrics Technology

What is Biometrics Technology ?

The Biometrics technologies used to measure and analyze personalcharacteristics, both physiological and behavioral. These characteristics include fingerprints, voice patterns, hand measurements, irises and others, all used to identify human characteristics and to verify identity. These biometrics or characteristics are tightly connected to an individual and cannot be forgotten,shared, stolen or easily hacked. These characteristics can uniquely identify a person, replacing or supplementing traditional security methods by providing two major improvements: personal biometrics cannot be easily stolen and an individual does not need to memorize passwords or codes. Since biometrics can better solve the problems of access control, fraud and theft, more and more organizations are considering biometrics a solution to their security problems. Biometrics gives you an alternative and higher security compared to passwords or pin identification due to the fact that passwords and pin #s can easily be compromised.

Authentication by biometric verification is becoming increasingly common in corporate and public security systems, consumer electronics and point of sale (POS) applications. In addition to security, the driving force behind biometric verification has been convenience. Biometric devices, such as fingerscanners, consist of:

• A reader or scanning device
• Software that converts the scanned information into digital form and compares match points
• A database that stores the biometric data for comparison

To prevent identity theft, biometric data is usually encrypted when it's gathered. Here's how biometric verification works on the back end: To convert the biometric input, a software application is used to identify specific points of data as match points. The match points in the database are processed using an algorithm that translates that information into a numeric value. The database value is compared with the biometric input the end user has entered into the scanner and authentication is either approved or denied.

What is Biometric Attendance System?

Biometric time attendance system used to track each and every person coming to your place is actually who he claims to be or not with its time and other details. It uses finger and face recognition system to verify person's identity and record its time-in and time-out with all required details.

Benefits of Biometric Attendance System?

• It has many advantages over conventional time tracking used at organizations. Typically such organizations maintain a register book, where people entry their name, time-in, time-out and other required details but the problem with this manual system is inaccuracy, time consuming, unreliable and most important is less secure.
• Biometric time attendance is very user friendly and easy to use; any person can use it very easily. It is very fast also, user has to see once in front of system and all details including its time will be recorded automatically. In this way it saves lot of time and still record details very accurately. One can avoid early punching, late punching and buddy punching very easily.
• Many schools, college used Biometric Time Attendance to track their student's attendance. The Biggest advantage of Biometric Time Attendance over manual tracking is better security. Many shops and shopping mall use biometric time attendance for security purpose and it really works a lot.
• If someone wants to use it for business or organization, then they can easily integrate it to payroll systems, account systems and billing systems. So in that way it is very flexible also and it also shows that time attendance system can be used for all type of business and organizations with great flexibility.
• In a nutshell biometric time attendance solution permits you to focus on your core business by giving quickest and easiest way to overcome your time tracking issues.

Return on Investment in Biometric Time System Installations..

Biometric time clocks, which are used to record employee start and end times, are popular in organizations where security is an issue, or where employees may falsely record their time worked. Because biometric technology is more expensive than other forms of time clock identification, such as magnetic badges or personal identification numbers, it is important to evaluate the potential return on investment should biometric devices be installed. In service environments where employees punch in and out to work, return on investment can be considerable because biometric devices virtually eliminate the ability of employees to “buddy punch.”
In buddy punching, an employee either types a tardy employee’s PIN or swipes the tardy employee’s badge earlier than he arrives to work or after he leaves work. The organizational costs of this kind of time theft can be enormous. The company loses money a few minutes at a time compounded across departments and locations. Biometrics makes it almost impossible for employees to defraud a time and attendance system.
Other returns on investment can be gained through the use of the biometric system as a security access monitor, as well. In this case, the biometric system is used to grant or deny access to restricted areas. The cost of purchasing and maintaining magnetic or proximity identification cards, which do not prevent fraudulent access, can be eliminated.

RFID Technology

What is a RFID 

System ?

Radio frequency identification (RFID) first appeared in tracking and access applications during the 1985 . These wireless devices systems allow for non -contact reading and are effective in manufacturing and other hostile environments where barcode labels could not survive . RFID has established it self in a wide range of m ar ket s including livestock identification and automated vehicle identification (AVI) systems because of its ability to track moving objects .

What is an Attendance Monitoring System ?

An attendance-monitoring system serves as a time log that is set up as a computerized database. An attendance- monitoring system maintains a daily record of a person's arrival and departure time from work or school. The attendance-monitoring system database is an application that contains electronic files about a person's history. An attendance-monitoring system contains a person's name, address, date of birth, medical history and attendance history. 

What is a RFID Card Based Attendance Monitoring System ?

RFID (Radio Frequency Identification) based Attendance Monitoring System is a compact unit to monitor the employees attendance through proximity access ID cards. The cards are supplied with the unit. They serve dual purpose, for both identification and for time entry.
Attendance monitoring is very simple. This System assigns a unique card number for each employee. An employee places the RFID card within 10 cm distance from the RFID Reader. The RFID Reader writes down the time, date and type of departure / arrival. The type of arrival / departure is indicated on the LCD display. The display also indicates the current time.
One RFID Reader can hold up to 50,000/80,000 event records. There 30,000/50,000 or more number is the card resister capacity. The Interface software is responsible for attendance record processing and it produces attendance reports in the customer-preferred format.

Why a Computerized Attendance Monitoring System ?

• Want a comprehensive, flexible and extensible yet user friendly time clock software for PC?
• Want to accurately track your employee time, attendance, punctuality and leave?
• Want to save time by drastically reduce the time spent in calculating employee worked hours and pay?
• Want to save money by not overpaying your employees?
• Want to instantly know which employee is in or out of the office?
• Want to prevent buddy punching (i.e. employee asking another employee to punch in/out for him)?
• Want to provide your managers the convenience of tracking employee attendance remotely from their own computers?
• Want to provide your employees the convenience of punching in/out on their own computers and at the same time have a secure network instant messaging system within your company?

BlackBerry App Can Spy on You, US CERT Warns

The United States Computer Emergency Readiness Team (US-CERT) has warned BlackBerry users that a new application has the ability to turn their smartphone into a surveillance tool.

"This software allows an attacker to call a user's BlackBerry and listen to personal conversations," says US-CERT's public warning. "In order to install and setup the PhoneSnoop application, attackers must have physical access to the user's device or convince a user to install PhoneSnoop."

But there's a catch: if you want to try the application, you have to e-mail the IT security consultant who wrote it.

Sheran Gunasekera, a Sri Lankan programmer who heads the security division for Hermis Consulting and blogs at Chirashi Security under the handle Chopstick, is looking for beta testers to try out the application so he can write a paper on it.

In the blog post announcing the application, Gunasekera explains how the surveillance application works.

You install and run PhoneSnoop on a victims’ BlackBerry.  PhoneSnoop sets up a PhoneListener and waits for an incoming call from a specific number.  Once it detects a call from that specific number, it automatically answers the victims’ phone and puts the phone into SpeakerPhone mode.  This way, the attacker that called can now hear whats going on at the victims end. 

But because Gunasekera isn't interested in snooping on anyone, the application is less than stealthy, reports The Washington Post.

There are some very real limitations of this spying app: For starters, an attacker would need to have physical access to the victim's phone in order to install the app. PhoneSnoop also can't listen in on the victim's phone calls, and it leaves a conspicuous new program icon in the victim's app list.

The application also leaves a conspicuous icon on the phone's interface and a victim could also discover the application when the attacker called to activate the speakerphone.

Nevertheless, Gunasekera is trying to prove a point, which is why he called his application a proof-of-concept. "BlackBerry is one of the most secure platforms out there, so what I wanted to do was highlight that even though you have a secure platform, in the end the user is probably going to be the weakest link," Gunasekera told the Post.

What he's saying is don't leave your phone laying around. And for those who are given their phone, say from their boss or their spouse, it's probably not a bad idea to see what software's installed on it.

If you think something malicious might be lurking on their phone, Gunasekera has also written and released "Kisses," a free application that detects hidden programs on various BlackBerry smartphones.

DHS Improperly Investigated and Surveilled U.S. Muslims, Documents Reveal

Documents obtained by two civil liberties organizations reveal that during the Bush administration the Department of Homeland Security improperly investigated and surveiled American Muslims who had no ties to criminal activity or terrorism. The information collected, however, was destroyed after internal processes uncovered the violations of intelligence oversight guidelines.

In the first incident, uncovered by a Freedom of Information Act request from the American Civil Liberties Union and the Electronic Frontier Foundation, DHS' Office of Intelligence and Analysis (I&A) wrote and distributed "an intelligence note" in September 2007 on the lines of succession at the Nation of Islam, an African-American Muslim organization, after its leader Louis Farrakhan ceded control of the organization, reports The Los Angeles Times.

In a quarterly report from DHS to the Intelligence Oversight Board, the department called the incident a "questionable" activity. The note, entitled Nation of Islam: Uncertain Leadership Succession Poses Risk, was distributed to 482 e-mail addresses, including those of other federal agencies, the intelligence community, and one state government entity.

Immediately after it was sent, the report notes, a lawyer and an intelligence oversight officer at DHS I&A expressed concern and the office recalled the note and asked all recipients to delete it. An inquiry into the incident subsequently determined "I&A had violated internal intelligence oversight guidelines by collecting and retaining information on the Nation of Islam and other U.S. Persons named in the intelligence note."

In a letter attached to the quarterly report, then-Undersecretary of Intelligence and Analysis Charles E. Allen told DHS' Acting General Counsel Gus Coldebella and Inspector General Richard Skinner that the intelligence note on the Nation of Islam should have never have been issued because "the organization-despite its highly volatile and extreme rhetoric-has neither advocated violence nor engaged in violence."

In 2008, another DHS quarterly report to the Intelligence Oversight Board details a May 2008 incident in which I&A once again overstepped its bounds by collecting and storing information on a Muslim conference in Georgia and its speakers, some of whom were U.S. citizens, while it conducted surveillance on two individuals that go unnamed in the documents.

According to the letter explaining the incident:

I&A did not have any evidence the conference or the speakers promoted radical extremism or terrorist activity, and their activity is protected by the First Amendment of the Constitution. Reporting on it violated I&A's Interim Intelligence Oversight Guidelines.

The report goes on to state that the "source information has been destroyed or deleted."

“I think it’s a positive sign that these agencies responded to this and took steps to correct the situation,” Marcia Hofmann, a staff attorney for the EFF, told The New York Times. She added, “We would never have known that this happened had we not seen these internal reports.”

DHS also responded to the incidents discovered by the FOIA release.

DHS spokesman Matt Chandler told the LA Times "DHS is fully committed to securing the nation from terrorist attacks and other threats, and we take very seriously our responsibility to protect the civil rights and liberties of the American people while fulfilling this mission." He also said DHS has instituted safeguards to ensure intelligence notes like the one referring to the Nation of Islam do not happen again.

This isn't the first time that DHS I&A has come under scrutiny. During the spring, it produced and disseminated an internal threat assessment to state and local law enforcement that theorized returning U.S. veterans of Iraq and Afghanistan could be recruited by rightwing extremists to attack the United States. After the document was leaked, it resulted in a firestorm of criticism for DHS Secretary Janet Napolitano, who recalled the document and instituted processes to ensure it does not happen again.

DHS Wants to Turn Cell Phones Into Chemical Sensors

The Department of Homeland Security's (DHS) research and development arm wants to turn the smartphone in your pocket into the high-tech equivalent of a canary in a coalmine—all for about a dollar a phone.

On Friday, the Department of Homeland Security's Science & Technology Directorate (S&T) announced it has begun to fund its Cell-All program, which has been in the research phase since 2007, reports Information Week. The program would embed a chemical sensor worth about a dollar into every cell phone, which would detect deadly chemicals without harming the smart phone's battery life.

“Our goal is to create a lightweight, cost-effective, power-efficient solution,” says Stephen Dennis, Cell-All’s program manager. To help make the concept a reality, S&T is pursuing cooperative research agreements with Apple, LG, Qualcomm, and Samsung. If successful, Dennis hopes to have 40 prototypes next year. The first-generation sniffing smartphones would start small by detecting only carbon monoxide and fire.

The DHS Web site explains how "this wizardry" would work.

Just as antivirus software bides its time in the background and springs to life when it spies suspicious activity, so Cell-All regularly sniffs the surrounding air for certain volatile chemical compounds.

When a threat is sensed, a virtual ah-choo! ensues in one of two ways. For personal safety issues such as a chlorine gas leak, a warning is sounded; the user can choose a vibration, noise, text message, or phone call. For catastrophes such as a sarin gas attack, details—including time, location, and the compound—are phoned home to an emergency operations center.

And the technology's effectiveness will only increase as more and more smartphone users acquire it. This will allow the technology to "crowdsource," or use the sensors from multiple smartphones to adequately diagnose and relay a release quickly to first responders. S&T hopes this will reduce, if not eliminate, human error.

Rather than relying on a person to phone in a chemical release or remain calm enough to describe what's occurring, the chemical sensors in the cell phone will automatically contact emergency personnel when it detects a chemical release, identify the source, and provide first responders with the location. This means the sensor will detect and notify authorities of a chemical release even when it's undetectable by humans. And as more and more people utilize the technology, S&T says it will help eliminate false positives as the sensors detect the same release from multiple smartphones at a specific location.

"The end result: emergency responders can get to the scene sooner and cover a larger area—essentially anywhere people are—casting a wider net than stationary sensors can," DHS explains.

S&T also says Cell-All will not jeopardize personal privacy. A smartphone user would have to opt-in to the program and the data transmitted by the phone would remain anonymous. “Privacy is as important as technology,” avers Dennis. “After all, for Cell-All to succeed, people must be comfortable enough to turn it on in the first place.”

While acknowledging the idea is a work in progress, S&T seems upbeat chemical-sniffing cellphones isn't science fiction, but a commercially viable option in the next few years.

"Just as Bill Gates once envisioned a computer on every desk in every home, so Stephen Dennis envisions a chemical sensor in every cell phone in every pocket, purse, or belt holster," the DHS Web site proclaims.