Category Archives: Privacy

US Secret Service Recent Promo / Congrats to Graduating Class

I am very impressed with the Secret Service or any branch of military or government body that produces fine men and women in service to the US. I am all for it. Almost went myself a few times but got old. I’m a fan of Jesse Ventura or any Navy Seal for that matter (He’s just more vocal/flare). However, in a recent LinkedIn Recruiting / Promotional post featured below, a few of us wise and sympathetic patriots noticed that maybe not the best delivery. Some thought showing the faces was not so secret anymore. Read below.

us_ss

My comment after my friend and former CT House Representative 47th District, Chris Coutu posted his about not being so secret, was the following.

us_ss_chris_kevin_response

So I get the promotional thing but aren’t all the documentaries online shadowing and muffling face and voices respectively to protect our active agents in the field ?! (Rhetorical) Moving on…OK so now we have our graduating class. Great, I’m happy for them and I hope they do well. Now after this I actually clicked on the link to see the youtube channel for the Secret Service. I watched one video posted here I watched a few clips and noticed a few things. Starters I like the car drill but we get past that and see them running or lifting weights and…tires. I see that the requirement for SS is not being in shape before you attend. I see that there are stomachs jiggling around the track/building and lifting a barbell. In the same clip we see last names on the back of the agents. While not giving a lot of information, still some information is showing. The reporter mentions a ballet dancer whom I think is probably in better shape than anyone as one of the recruits. Diversity is great and thats what makes the USA a great place, I think personal care of ones health is job number one. Looks like these guys eat whatever they want and work out vs sacrificing that donut, bread on a sandwich. and soda. The following video shows guys lifting a log over their heads in unison and I noticed more bellies. The narrator mentions if sitting on the couch is what you have done and are thinking of joining you might consider something else. “Sorry buddy, off the couch I can run 3 miles and not get winded, no training 100% pure genetics.” Also, it looks like potatoes and fries in the video.

us_ss30_bodyfat

I’m sorry but that my friend is not respect for one’s body. eat ice and drink water cold water and lots of water to fight that urge to eat what you should not. Also, you should just get involved doing something else to keep you busy or mind off eating if thats the case. Become a gym addict….but apathy never won anything.

So my advice to the Secret Service…..raise the bar, define physical requirements (I think the state Police used to). It does take more than physical fitness to be in any of that line of work, don’t get me wrong, its just the videos are not as inspiring as they could be. On the other side it also means that you or I could be there if we were committed to the cause. So this blog is not a review but one that looks at what is being presented based off perception of what we think Secret Service and public service are all about. In addition what must be done to qualify for that service details. Also to protect the safety of those that serve, photographs, last names, and interviews shouldn’t be presented. The only thing I can think of in all of this is that all the people that are posted in the pics, videos and interviews are all actors. Then this post means nothing.

Lifelock Alerts – You’ve Been Hacked or A Social Site Was…Where’s the Proof Lifelock?

Recently I was made aware that my personal email account was some where on the black market from an alert from Lifelock. OK, I can see how that can happen when LinkedIn dropped the ball on security. It was attributed to the LinkedIn Hack from a while back in 2012 and now the spoils of hacking resurfaced May 2016.

LinkedIn

In May 2016, LinkedIn had 164 million email addresses and passwords exposed. Originally hacked in 2012, the data remained out of sight until being offered for sale on a dark market site 4 years later. The passwords in the breach were stored as SHA1 hashes without salt, the vast majority of which were quickly cracked in the days following the release of the data.

Compromised data: Email addresses, Passwords

The website havieibeenpwned has recorded the hacks and is a great source to use. The reason why I point you to that site is from a call to Lifelock that didn’t go the way I wanted it to go. First off I wanted to know what site out there has my information that they were able to scour and find. Lifelock Operator “I’m sorry sir, we don’t have that information in the alert. I can only see what you see. I do know that they scan 10,000 sites for this information.” Yes OK great, now please go get your supervisor. Supervisor “Sir, yes its true this happened and we urge that you change your password and maybe even your email account altogether.” OK Ms. Supervisor but where did you get that information from? I work in security and I work with ones and zeroes. Apparently, I can’t get away from the zeroes. If the site exists you must have a record somewhere with my email address and old password is located. All Ms. Supervisor could do was re-state the obvious that they didn’t have the information. How about your IT department I said, can they help us out? Nothing.

So later on trying to do something else I hop over to Netherlands and try to get some email and wouldn’t you know some Google Alerts say “hey someone tried logging in with your account”. I’m like yes, me. Shortly after the next day Lifelock gets the same thing and I get an alert sent to my cell. OK this is how Lifelock works. Working with Google finding out when someone attempted to use my account. Not impressing me.

Lifelock is basically selling Cyber Insurance and are not providing the details of where they found my information. This post is to challenge you to think what exactly are we getting for a service that I can’t get from News Sources on the web about breaches. Where is the proof Lifelock? That is my challenge to you. Don’t call me up and tell me something is out there…we all know that.

While you’re browsing the web, here is a nice article, recent too, about identity protection services not what its cracked up to be. Why Identity-Theft Protection Isn’t All It’s Cracked Up To Be (Kaveh Waddell)

A better eyebrow raiser Despite Promises, Lifelock Knows Public Data is A Risk Guess I’m not the only one calling Lifelock out in the street.

XKeyscore: NSA tool collects ‘nearly everything a user does on the internet’

Amazing in and of itself but I guess it’s fair game for thwarting terrorism. If used to target anyone with that intent of hostile acts. I would agree with the program if and only if it was used to collect data on people of interest and not just random or everyone. That being said there must be some control used in the system to do that effectively. However, it is alo just as easy to spoof email addresses and come up with rogue or false chat systems just to make the data useless. Remember a system is only as good as the data in it. So in theory, the NSA could not omit regular general public because the bad people could also be using spoofed email addresses and IRC chats etc and fake systems just to introduce false information or hide under the guise of some other legitamate system. So it is easier for them to collect data from anyone. If anyone gave enough time and effort to build a system to make this system useless, than that would be a good attack platform.

Anyways…a good read into the intrigue.

XKeyscore- NSA Tool that Collects….Everything??

Going Black – Making it Tough for Big Brother (Series)

Good day, I hope today finds you in perfect peace. Today we are going to talk about a new service and a new approach to keeping your data private. Recent events showing that the NSA as well as the big companies out there are profiling you. They want to store your identity and habits for future use. Netwerk Guardian is going to show you how to thwart their efforts. What good is it to the NSA or Google or any place that collects and harvests your personal profile through behavior monitoring, its information on how you think and live. They can use that information against you if they would like to have a contest of who can put more shame on whom. More likely, they will use it to see your political bias and connections. After the Snowden release, they really cannot be any more shameful than now. Therefore, we are going to show you how to give them useless data. Useless data really renders a system useless and reduces the taxpayer’s dollar (your money) to really a waste of money and time. I hope that enough people do this, maybe then they will get the picture and just stop. This will be at the end of the series. However, the evil in man and the lust for power and control will likely just make this tick them off and come up with some other regulatory way to make you commit information to them about you.

First step in going off the grid and going black is to change everything you use to something else. Change you email address, your online profiles, if you have Facebook, MySpace or other limelight platforms…ditch them. YouTube is going to be tough to leave but granted, if another site is made that offers the same service then that too will be a success. Until then use TOR network and a VMware appliance. The best way to change your email address is buy a domain. It can cost you but what is your privacy worth?!

Second, is buy or use free encryption software to encrypt your emails. Granted, it is going to be a bit painful in the beginning but you will sleep better knowing that it is you and the close ones around you that know who you are. There are a few places on the web you can go to get this service. However, I would rather encrypt locally. One place is while I have not used it, it seems to do the job. There is a group researching the use of a java based encryption and decryption tool that works on anything found here . I think this will carry for into the future for use on mobile devices with various platforms running. More to come on this as more software comes to mind.

Third thing that can be done is to start using TOR network for browsing as well as proxy servers for ditching your fingerprints on the web.

Fourth, is that you could start using another forma of currency that the Federal Reserve will not approve, BitCoin. Untraceable but holds it worth. There is movement to make this outlawed since it cannot be regulated by one particular body (Global Banks) so it obviously works.

In the meant time if you have time, you can use some automation and start sending up erroneous web traffic data under your old Gmail account and start using Google search page.

More to come as we investigate and get back in control of who gets access to what. Stay tuned because this service is being launched by Netwerk Guardian to accept requests to anonymize one’s identity and provide safe ways of browsing and using the internet.

Just think…I privatized your God given right to be yourself. This peace of mind comes with a little costs but we now will have done two things, privatized anonymity and stimulated the economy in the technology and security sector.

Keep the Internet Free- Notice from Google

Looks like the UN is meeting in Dubai to try and start to regulate and police/censor the internet. Please make your voice known and sign any petition that will expose and stop this. The UN is the end of everything good for everyone.

Sign the Google Survey Here

Greetings Person,

A closed-door meeting of the world’s governments is starting today. The future of the internet is on the agenda. Some governments want to use this meeting of the International Telecommunication Union to increase censorship and regulate the Internet.
I am concerned, and I am not alone. More than 1,000 organizations from 163 countries have raised concerns about this upcoming closed-door meeting in Dubai. They are joined by hundreds of thousands of Internet users who are standing up for a free and open Internet. These people are in just about every country around the world — take a look.
If you agree and support a free and open Internet, join them and raise your voice: google.com/takeaction
Together, we can protect the free and open Internet. Please make your voice heard and spread the word.

Vint Cerf
Google

John Jay High School Infringes on Student Privacy – Superintendent was Schooled!

Fri 10/12/2012 12:04 PM


Greetings Dr. Brian T. Woods, John Jay High School and Anson Jones Middle School in San Antonio, Texas

The story about your schools are hitting the news for infringing on privacy of students. What has gotten into that Ph.D. head of yours to think that chipping students provide any benefit? The below excerpt from http://rt.com/usa/news/texas-school-id-hernandez-033/ seems to me that the bully on the playground are the administrators. If she does not wear the card, you are going to take your “ball” and leave the game. Stating she cannot have voting rights because of this and you are ruining the one era of a child’s life before they hit the real world.
After Hernandez refused to wear an RFID chip, WND reported that Deputy Superintendent Ray Galindo issued a statement to the girl’s parents: “We are simply asking your daughter to wear an ID badge as every other student and adult on the Jay campus is asked to do.” If she is allowed to forego the tracking now, the repercussions will be harsher than just revoking voting rights for homecoming contests once the school makes location-monitoring mandatory, he argued.

I am curious to see just what your agenda is with your training and education. Are you there to advance the educational opportunities of the students or are you there to make a test bed for bringing in big brother as your political science major might indicate. What did schools do in the early years? The technology you are using to curb attendance is to help you get some “money” from a state that probably should not spend money. Remember nothing is free and someone is paying. The tax payers in your state and the tax payers of the nation might be for any grants or budgets given at the federal level. Are you a left winged socialist who wants everyone to pay and advance your school’s agenda? Even in my town the social left want to take from the State of CT as much as possible without letting the light go on in their heads that…we all eventually pay the bill.

More frightening is the information below.

“Using this information along with an RFID reader means a predator could use this information to determine if the student is at home and then track them wherever they go. These chips are always broadcasting so anyone with a reader can track them anywhere,” she said.

I am a certified ethical hacker and computer hacking forensic investigator. The technology you employ is most vulnerable to hijacking and data leakage. If you are looking for a career ending move, you just set yourself up to be an example. With the story going viral and the insecurity of the technology by those wishing to do harm, will come and prey upon the children as unemployment and idle time rises. In an investigation of the deep web and TOR sites the majority of the listings to be against the basic moral code. The pedophiles that are out there with their sites are at an alarming rate. Read the article my colleague posted “What is the deep web. A trip into the Abyss“.

What I am saying is do not do this. You are approaching this the wrong way. Notably, you did not receive any technological advice before proceeding. My alma mater, NFA, Norwich Free Academy in Norwich CT. has other rules in place to curb attendance without an RFID card. My graduating year was the last year of tolerance of missed days before they enacted this. I have a mind like a steel trap and remember too much, but it has its advantages. NFA has it where if the student misses too many days they don’t graduate. Pretty simple.

Here are the vulnerabilities to RFID in brief:
RFID hacking
• Vulnerabilities include
o RFID viruses
o SQL injection attacks, injecting more info than expected
o Privacy disclosure
o maybe used to identify nationality of person on train
o Vendor information can be retrieved
o Inventory may be monitored, part of footprinting process by cracker

1. RFID Worms -abuse network connections and spread via attacking online service tags. RFID worms get code from bad servers and then use them to execute from malware middle ware servers.
2. RFID Viruses -self replicate and infect new RFID tags independently, without the need of network connection. They do not have a payload so they do not interrupt backend servers or. If the tags pass information on to reader and then on to control management systems then they can infect other readers and control management systems.
3. RFID Exploits – are harmful RFID tag data that attack part of the RFID open to attackers. When the reader reads the tag it expects readable data format, instead it gets junk and it corrupts the system.

1. List various applications of RFID. They are used to track items like clothing for theft, parts or machines use and maintenance, tracking animals like invisible fences.

Nowhere in the above does it say to use it to track people. Maybe you should do the same.

Thank you,

Kevin Pescatello
Network Security Engineer
Netwerk Guardian LLC
CCNA Security #11488924
Certified Ethical Hacker v6
Computer Hacking Forensics Investigator v4
GIAC 2700
V (860) 556-3001
F (855) 864-5500

**************************** UPDATE ****************************
Article just released from WIRED shows how sick minded school systems and Professionals can be. They are asking that the parent of the daughter now expelled to stop publicly trashing the school for its Big Brother approach to curb attendance and endorse it. The student is suggested to attned in order to go to a magnet school with the chip removed from the card.

The district, in a letter last week to the family, said it would allow her to continue attending the magnet school with “the battery and chip removed.” But the girl’s father, Steve Hernandez, said the district told him that the offer came on the condition that he must “agree to stop criticizing the program and publicly support it,” a proposition the father told WND Education that he could not stomach.

****************** Update 2-Dec-2012 ****************************

Here we have action against the school from the hacker group Anonymous. The actions taken are illegal and the end does not justify the means. Folks, no matter how we feel or what side or position we take, cracking into/against a site is not the answer. We must solicit and petition those in power over us to make an appeal and amend the action that we believe is against the cause.

It appears that a hacker going by the name tr1xxyanon has taken down the www.nisd.net site. You can read the story here by Mireya Villarreal. This is in response the above mentioned invasion of privacy of children. High school is the last frontier before death and taxes folks. Why infringe upon the children when they have the rest of their lives to be like us tax paying citizens. As you can see I don’t agree with NISD decision to chip I don’t condone illegal activities.

TPP – Trans Pacific Partnership – US Citizens Beware

A free trade agreement being negotiated behind close doors. It leads to millions of jobs off shored, expensive medicines, financial deregulation, foods unregulated and not safe, no buy American, and a section to help protect companies from copy righted material. Members of congress are being denied to see documents used to setup this agreement. Someone leaked the document here Language used in SOPA is found in this treaty here. Anonymous has something to say about it as to how they are going to handle it may not be legal. US citizens should call the senators and speak out about this. See what you can copy and paste to your senators via email.

https://www.eff.org/issues/tpp Electronic Frontier Foundation – Stance

As a consumer and constituent, I am very concerned about the Trans-Pacific Partnership Agreement currently being negotiated by the Office of the United States Trade Representative. I urge you to bring transparency to this agreement and ensure that the TPP text reflects the interests of all U.S. industries and citizens.

Reports indicate that the USTR has introduced an intellectual property chapter to TPP that will export controversial aspects of U.S. copyright law while excluding important legal safeguards for free expression and innovation. I am concerned that this agreement will lock in controversial aspects of U.S. law, restrict Congress’ ability to craft laws that meet U.S. domestic priorities, and eliminate potential export markets for innovative U.S. consumer electronics and technology companies.

I am disturbed to discover that this agreement, which could have such wide-ranging effects on American citizens and the dynamic technology sector, is being conducted entirely behind closed doors in an opaque and profoundly undemocratic process.

U.S. copyright law includes a carefully crafted balance of public and private rights that encourages creation, while providing incentives for innovation and access for education, libraries, and other socially beneficial purposes. Balanced policy making that serves the needs of all stakeholders in the information economy requires transparency.

I ask you to please:

* Sign the letter to Ambassador Ron Kirk of the U.S. Trade Representative, co-authored by Senator Ron Wyden and Representative Darrell Issa, insisting that they reveal to the American people what specifically the USTR is seeking in the TPP agreement in respect to intellectual property rights.

* Call for a congressional hearing on the Trans-Pacific Partnership agreement, so that Congress can hear from all affected stakeholders—including the Electronic Frontier Foundation—and provide meaningful input into its content.

* Call for the Office of the U.S. Trade Representative to release the text of the agreement and solicit public comments.

Microsoft Eavesdropping with Skype?

Microsoft some time ago bought Skype in 2011. Recently Microsoft was awarded a patnet for a software package that eaves drops on users calls and is undetectable. (Author Notes – Folks nothing is undetectable, it will show at some layer in the OSI model.) The recent advance in recording users conversations comes in light of law enforcement requests for select users also known as U.S. Citizens. This is the lawful intercept for what one believes is preventative policing before crimes occur. Reminds me of Minority Report, oh wait that’s on TNT tonight. Read the story here

A few things you can do to avoid this are;

  • Uninstall and stop using Skype
  • Use other communications software like Teamspeak.
  • Create your own secure communications over a VPN
  • NSA Whistle Blower Thomas Andrews Drake – Exempt

    Thomas Andrews Drake exposes the NSA for violating the 4th amendment and the fact that the NSA did spy on American people. Previously charged with espionage but he is not guilty. Mr. Drake exposed Operation Trailblazer which is responsible for executing massive fraud and abuses including violating the foreign intelligence surveillance act. The act prohibits the NSA from spying on their own US citizens.

    OUCH!

    NSA – Not Sticking to Acts (NSA) – apparently if you cannot stay focused in a discipline and you slide and become a back slidden NSA agency then you have no honor and no power and no influence. You end up becoming a shadow of your former selves and a shadow is darkness and no longer in the light.

    The eye gripping factor of this operation is the abuse of knowledge of the people’s privacy. Technology today has made it easy to capture, store, and make searchable the information that people use and make on the internet.