Careful, watching to many spy movies and TV cartoons may give you strange ideas.

Neatorama has published the Top 10 strangest anti-terrorism patents. Here they are:

• The Anti-Terrorist Truck
  and its hidden machine gun turret made to surprise terrorists passing by
• The Face Protector Against Poisonous Gas
  certainly made in Gotham city but I have seen some in Pyongyang.
• Biohazard Suit with Built-In Toilet
  to protect these who wear it, or these around ?
• Railroad Missile System
  this one also inspired by North-Korean leader or some 007′s foes
• The Doggie Earphone
  “His Master’s Voice”
• The Airplane Trap Door
  is an option with crocodiles available ?
• Passenger Control System During Flight
  Be all nice, wear the armband has requested… it’s for your own safety !
• Airplane Sleeping Gas System
  Is the cockpit’s door air locked ?
• Explosion Containment Net
  Gladiators ! Gladiators !
• Mobile Crematorium
  “Nice” but what about CO2 footprint ??

Anyone else with such “brilliant” ideas ?

Source: Neatorama via Schneier on Security

Following Windows XP Service Pack 2 released in August 2004, Microsoft finallz releases the long waited Windows XP SP3 which includes all previously released Windows XP updates, including security updates and hotfixes, and select out-of-band releases.

Microsoft is not adding significant Windows Vista functionality to Windows XP through SP3. However, SP3 does include Network Access Protection (NAP) to help organizations that use Windows XP to take advantage of new features in the Windows Server® 2008 operating system. Further, Windows XP SP3 does not include Windows Internet Explorer 7

Previously Released Functionality

• MMC 3.0
• MSXML6
• Microsoft Windows Installer 3.1
• Background Intelligent Transfer Service (BITS) 2.5
• IPsec Simple Policy Update for Windows Server 2003 and Windows XP
• Digital Identity Management Service (DIMS) DIMS makes it possible for users who log on to any domain-joined computer to silently access all of their certificates and private keys for applications and services. Peer Name
• Peer Name Resolution Protocol (PNRP) 2.1
• Wi-Fi Protected Access 2 (WPA2)

New and Enhanced Functionality

• “Black Hole” Router Detection
• Network Access Protection (NAP)
• Descriptive Security Options User Interface
• Enhanced security for Administrator and Service policy entries
• Microsoft Kernel Mode Cryptographic Module
• Windows Product Activation

All details on Windows SP3 page

The 320 MB Windows XP SP3 is available for download here

The Register published the result of a survey, among office worker in London, which reveals that women are 4 (four) times more likely than men to give out "passwords" in exchange for chocolate bars.

The survey by of 576 office workers in London found that women are by far more likely to give  their computer login credentials to total strangers than their male colleagues in a ratio above 4/1 (45% vs. 10%).

The bogus researchers also asked for workers' names and telephone numbers, ostensibly so they could be entered into a draw to go to Paris.

The complete article is on Register website 

InfoWorld published the 10 most common security land mines that experts say you need to avoid.

Many companies spend a small fortune and deploy a small army to secure themselves from the many security threats lurking these days. But all those efforts can come to naught when making any of these common mistakes. The results can range from embarrassing to devastating, but security experts say that all are easily avoidable.

And almost all can be done without spending one more dime.

1. A slip of the finger reveals the company secret

2. People give away passwords and other secrets without thinking

3. A trusted partner ends up not being so trustworthy with your data

4. Web-based apps can be portals to leaks and thieves

5. Hoping the worse doesn’t happen only makes it worse

6. Avoiding or diluting response leadership makes breaches worse

7. Handling breach details sloppily tips off the perp

8. Trusting "silver bullet" technology hides real threats

9. Spending unthinkingly wastes resources you might need for important threats

10. Don't save the wrong data

In short, weakest point in ICT technologies is always the same one… guess who ?

The full article is available here on InfoWorld

London police launched on 25th of February a new advertising campaign. Posters and TV ads are urging Londoners to turn in people who might be taking pictures of CCTV cameras.

"Thousands of people take photos every day.

What if one of them seems odd ?

Terrorists use surveillance to help plan attacks, taking photos and making notes about security measures like the location of CCTV cameras.If you see someone doing that, we need to know.

Let experienced officers decide what action to take." 

Other posters target households:

"you see hundreds of houses every day. What if one has unusual activities and seems suspicious"

as well as mobile phone users :

"Thousands of people have mobiles. What if someone with several seems suspicious?"

What's going on in London ? Is the Metropolitan police not busy enough ? did they become completely paranoiac ? or do they need some budget increase ?

Where is this so famous British phlegm ?

As a response, many people have already redesigned the posters to point out the absurdity of them. Some samples are available on BoingBoing.

Just after posting the article about new safety measures on US aircraft I found an interesting post on New York Times "Jet Lagged" blog titled "Airport Security Folies"

Here after a short excerpt of Patrick Smith article

" Six years after the terrorist attacks of 2001, airport security remains a theater of the absurd. The changes put in place following the September 11th catastrophe have been drastic, and largely of two kinds: those practical and effective, and those irrational, wasteful and pointless.

The first variety have taken place almost entirely behind the scenes. Explosives scanning for checked luggage, for instance, was long overdue and is perhaps the most welcome addition. Unfortunately, at concourse checkpoints all across America, the madness of passenger screening continues in plain view. It began with pat-downs and the senseless confiscation of pointy objects. Then came the mandatory shoe removal, followed in the summer of 2006 by the prohibition of liquids and gels. We can only imagine what is next…."

Continue reading it on NYT website 

On my own opinion, Airport security today is a mix between relevant and must have security measures on a side but also theatrical, annoying and ridiculous measures. Some of these measures are time consuming, put passengers and crew on their nerves for no safety added value. What does really justify them?

• Government "zero  political risk" (if something happens they will be able to tell that all possible protection measures were already taken) ?
• Fear factor = better military/law enforcement budget ?
• Security private experts / companies have highly increase their financial income since September 2001. They certainly not ready to give this golden egg away.
• Did I speak about million dollars detectors and scanners manipulated by low trained personnel ?    

but do you think air travels are safer to face well prepared, organized and motivated enemies ?

Passengers will no longer be able to pack loose lithium batteries in checked luggage beginning January 1, 2008 as new federal safety rules take effect. The new regulation, designed to reduce the risk of lithium battery fires, will continue to allow lithium batteries in checked baggage if they are installed in electronic devices, or in carry-on baggage if stored in plastic bags.

Common consumer electronics such as travel cameras, cell phones, and most laptop computers are still allowed in carry-on and checked luggage.  However, the rule limits individuals to bringing only two extended-life spare rechargeable lithium batteries, such as laptop and professional audio/video/camera equipment lithium batteries in carry-on baggage

The following quantity limits apply to both your spare and installed batteries. The limits are expressed in grams of “equivalent lithium content.” 8 grams of equivalent lithium content is approximately 100 watt-hours. 25 grams is approximately 300 watt-hours:

• Under the new rules, you can bring batteries with up to 8-gram equivalent lithium content. All lithium ion batteries in cell phones are below 8 gram equivalent lithium content. Nearly all laptop computers also are below this quantity threshold.

• You can also bring up to two spare batteries with an aggregate equivalent lithium content of up to 25 grams, in addition to any batteries that fall below the 8-gram threshold. Examples of two types of lithium ion batteries with equivalent lithium content over 8 grams but below 25 are shown below.
• For a lithium metal battery, whether installed in a device or carried as a spare, the limit on lithium content is 2 grams of lithium metal per battery.
• Almost all consumer-type lithium metal batteries are below 2 grams of lithium metal. But if you are unsure, contact the manufacturer!

Indeed this regulation will first be applicable on US registered aircrafts but as usual we may see this new regulation applicable on all International flights. 

Usually all electrical devices, including batteries, are subject to safety certification so either their are considered to be safe or manufacturer has to review quality and safety of its products. 

I really wonder on which basis these new rules are made from. Did anyone saw any incident statistics, reports etc.. (apart Sony made laptop batteries) or is it just one additional constraints air travel passengers will have to deal with.

After lighters and matches in 06, liquids in 07, 08 will add batteries to the restriction list.

All details are here as well as the complete list of items with air travel restrictions

British secret services MI5 warned UK businesses about Chinese hackers.

MI5 director-general wrote to 300 UK firms including Banks and law firms to warn them about "electronic espionage attacks" conducted by "Chinese state organizations".

IT Security company Sophos reports that 30 per cent of malware are "made in China". Trojan horses are designed to rob login credentials of anything including email and games. 

China's People's Liberation Army (PLA) was already blamed in September 2007 for attacking governments computers of France, Germany, New Zealand, Australia and United States, including Pentagon systems.

Trojan horses often target computers with unpatched vulnerabilities and without proper level of security deployed.  

The Chinese government has denied any involvement in the attacks and pointed its finger to unidentified hackers.

The question is now to discover if malware "made in China" are really powerful and smart of if attacked computers were the result of a serious lack of security and preventive protection measures.

Source: The Register 

I found the article below on "The Register" site and asked myself the following question: 

If connecting to Internet using an open and unsecured wifi access point is considered as a crime, why authorities do not apply the same principle to other services (mainly electricity and water) we often use without any formal agreement of the owner ?

 " More than half of computer users have illegally stolen Wi-Fi connections, according to The Times – but only 11 alleged offenders have been arrested in the UK, as the police seem to think those deploying Wi-Fi should be more careful about securing their connections.

The data was collected from a "Have Your Say" survey on the website of security-specialist Sophos: apparently 54 per cent of the 560 people who responded admitted nicking bandwidth from insecure Wi-Fi routers.

This might say more about Sophos customers than the general population, and extrapolating the results to every computer user in the country is probably a crime against statistics: so that's exactly what The Times has done.

…

Anyone caught stealing a Wi-Fi connection can be fined up to a grand, even if it's left unsecured, so make sure you ask nicely next time you're looking to log on, and if the person next to you has never stolen a Wi-Fi connection then we have to assume that you have. "

What is your opinion about accessing open wifi ? Do you think it is a crime ?

Source: The Register

The attacks on Swiss financial institutes with the aim of unjustified enrichment and the threat of the targeted industrial espionage via the internet are the main topics of the fifth semi-annual report of the Reporting and Analysis Centre for Information Assurance.

The report assesses the situation of the first half of the year 2007 in Switzerland and is now available online and clearly shows that the human factor remains the weakest point of ICT security.

Focus areas of issue 2007/I

• Attacks on Swiss financial services
  "Classic" phishing attacks by e-mail with password requests have decreased substantially in Switzerland. Moreover, all such attacks have been unsuccessful. On the other hand, successful attacks with malware have increased. Two-factor authentication systems (e.g. transaction authentication numbers, SecurID, etc.) do not afford protection against such attacks and must be viewed as insecure once the computer of the customer has been infected with malware.

• Industrial espionage and data theft
  The threat posed by targeted state or private industrial espionage continues. Not only the operators of critical infrastructures, the armament industry, or public authorities are threatened. Medium-sized industrial companies as well as manufacturers of luxury articles and fashion are also being targeted. The attacks are carried out by sending targeted e-mails to individual employees which contain malware in their attachments or links to bogus websites.
• Attacks on web servers:
  malware distribution, phishing, data theft Compromising of web servers has increased. The purpose is to use web servers to distribute malware, such as by drive-by infection, to steal data (especially on commercially used servers), to carry out (interim) storage of data (e.g. in connection with phishing), or to distribute messages that are generally political in nature.
• Malware / attack vectors
  Malware is still usually distributed through e-mail attachments or e-mails with links to bogus websites. Using clever social engineering techniques, the victim is deceived into opening the attachment or clicking on the link. Websites installing malware on the computer without any action by the user (drive-by infections) have heavily increased as an infection vector. Vulnerabilities in the operating system, the browser, or other applications are exploited. For a long time now, this no longer only happens on dubious sites, but also on (compromised) serious and well-known sites. Rates of recognition of malware by anti-virus software remain low.

The complete report is available on Melani website in italian, german, french and english.

A complete and useful list of all Internet risks and related protection measures is also available.