Banner
Home The News
The News
MI6 Images sold on ebay

MI6 photos 'sold on auction site'



Police are investigating the sale of a digital camera said to contain MI6 images of terror suspects, the Foreign Office has said.

The camera was bought for £17 on auction website eBay by a 28-year-old from Hemel Hempstead, Hertfordshire, the Sun newspaper reported.

The pictures were also said to include rocket launchers and missiles.

Hertfordshire Police said intelligence officers were investigating after a camera was seized.

Holiday photos

A Foreign Office spokeswoman said: "We can confirm a police investigation is under way."

However, she refused to comment on the report that the camera was sold by an MI6 agent.

The newspaper said the man only discovered the pictures when he downloaded his holiday photographs from the Nikon Coolpix camera.

A friend of the man is quoted as saying: "He flew home early this month and downloaded his holiday pictures and saw some of rocket launchers and missiles.

"He knew he hadn't taken them so he asked his friends about it and they suggested going to the police."

 

*Source BBC NEWS
 
Catching a Free Ride - Oyster Hack

Details of how to hack one of the world's most popular smartcards have been published online.

The research by Professor Bart Jacobs and colleagues at Radboud University in Holland reveals a weakness in the widely used Mifare Classic RFID chip.

This is used in building entry systems and is embedded in the Oyster card used on London's transport network.

Publication of the research was delayed by legal action taken by the chip's manufacturer.

Paper chase

Prof Jacobs and his team first identified the vulnerability in a research paper that was due to be published in March 2008.

However, the release of the article was delayed after chip manufacturer NXP attempted to secure a court injunction against its publication.

The paper was finally released on Monday at the European Symposium on Research in Computer Security (Esorics) 2008 security conference held in Malaga, Spain.

Sensitive data stored on the Mifare Classic chip is protected by a unique number that acts as a key. When the chip, or a card bearing it, is placed near a reader it transmits and receives information based on its key. The security of the system depends on the key remaining secret.

In March Prof Jacobs and his colleagues discovered a flaw in the chip's design which makes those keys easy to calculate and copy.

"Once we knew how the system worked and what the vulnerabilities were, it turned out to be very simple to actually clone cards, steal someone's identity and enter a building as someone else", he said.



After making the discovery the researchers informed the Dutch government and the chip's manufacturer, NXP.

When it knew about the research NXP moved to delay publication by seeking an injunction.

Steve Owen, vice president of sales and marketing - identification at NXP Semiconductors, told the BBC's Click programme that it was motivated to take legal action to give its customers time to update their systems.

"We sought the injunction to cause a delay, not to completely stop the publication," he said.

Mr Owen recommends that the card alone should not be relied upon for secure access to buildings.

"We do not recommend the use of Mifare Classic for new installations," said Mr Owen. "We are working with customers to review their security."

Read more...
 
What an eBay Bargain

For less than a pound a security expert has got front-door access to a council's internal network.

Andrew Mason from security firm Random Storm bought some network hardware from auction site eBay for 99p.

When he switched it on and plugged it in, the device automatically connected to the internal network of Kirklees Council in West Yorkshire.

Kirklees council called the discovery "concerning" but said its data had not been compromised.

Privileged access

For 99p Mr Mason bought what is known as a virtual private network (VPN) server made by the firm Cisco Systems that automates all the steps needed to get remote access to a network.

Many staff working overseas or off-site use a VPN to connect back to corporate systems.

On powering it his new hardware Mr Mason expected that the device would need network settings to be input but, without prompting, it connected to the last place it was used.

Subsequent investigation found that the internet, or IP, address to which it connected was owned by Cap Gemini, in a range of addresses allocated to Kirklees Council.

"It is like having a long ethernet cable from the Council office to anywhere where I connected the device," said Mr Mason.

A connection such as this allows privileged access to networks. In the wrong hands, such as criminally-minded hackers, it would allow them to conduct reconnaissance and find out if the network had any vulnerabilities worth exploiting.



Internal network access permitted the credit card detail theft from retailers TK Maxx last year and Cotton Traders in June.

Read more...
 
NHS Trust loses USB Stick with 200 Patients details
Lost USB

An NHS trust has apologised after a computer memory stick, containing the confidential files of 200 patients, was found in a street.

Tees, Esk and Wear Valleys Trust said the stick was found by a member of the public in Barnard Castle, Co Durham.

It stored a summary of medical histories and patients' national insurance numbers and addresses.

The trust confirmed the stick was lost by a computer technician upgrading computers in Teesdale and Weardale.

Trust chief executive Martin Barkley said an investigation was under way into the "isolated incident".

Hard drives

He said: "There has been a serious breach of these policies and of patient confidentiality.

"We are very sorry this has happened but grateful that it has been brought to our attention.

"We have already written out to all staff to remind them of their responsibility to safeguard patient information and to follow trust procedure. "

He added early investigations had also confirmed that a number of staff stored confidential data on their hard drives, contravening trust policies on information security.

The trust took over services run by the former County Durham and Darlington Priority Services NHS Trust and Tees and North East Yorkshire NHS Trust in April 2006.

* Source BBC NEWS
 
Troop movements found on USB Stick in Nightclub

The discovery at a Cornish nightclub of a computer memory stick with details of troop movements on it is being probed by the Ministry of Defence (MoD).

The USB stick, outlining training for 70 soldiers from the 3rd Battalion, Yorkshire Regiment, was found on the floor of The Beach in Newquay in May.

Times, locations and travel and accommodation details for the troops were included in files on the device.

The MoD said it would take appropriate action over the "regrettable incident".

Report recommendations

A clubber found the memory stick and handed it in to a national newspaper.

The MoD said that it was carrying out a full forensic examination on the stick this week.

It added that it was "undertaking a programme of improvement to safeguard personal data and sensitive information" as recommended in the Burton report.

The report on MoD data losses by Sir Edmund Burton was published in June 2008. He began an investigation after a laptop with the records of 600,000 recruits was stolen from a Royal Navy recruiter's car last January.

It made 51 recommendations about how the MoD should handle data and how data loss incidents should be dealt with.

*Source BBC News*
Read more...
 
More Articles...
<< Start < Prev 1 2 3 4 5 Next > End >>

Page 1 of 5
Back to the top
© Security Active