Monthly Archive

I enjoy the occasional fun of testing IT security devices and systems. Yes, I cannot hide that fact.

And as many of you know, I am always a bit surprised by the ignorance most people show when it comes to understanding even the most basic threats.

I came by this whitepaper made by a Mr. Antoniewicz, at Foundstone (part of McAfee). Most whitepapers tends to focus on how wonderful the manufacturers tools and solutions are, and quite frankly, I find most of the boring.

Not so this time.

Mr. Antoniewicz has authored a nice overview of some of the methods of hacking WIFI. He does not provide you a step-by-step how-to, but it is not far from it. Most of my readers may find it too technical - but I suggest you speed read it anyway - as it will help you realize just how vulnerable you are! 

Go on! Read it! 

Michael Dahn has an interesting post on PCI and the lack of education. 

One of the questions he poses is:

"Are we so willing to sell security that we ignore the care involved in properly educating someone how to use it?"

 I have been asking the same question too, and my answer is "Yes, it certainly seems that way". 

I think the reason is twofold - lack of education and understanding among the clients, and the fact that security companies are companies - they are out to make a profit. 

There is a need for proper training. No doubt. But on the other hand, most business' is not about security - they just require a minimum level of security. 

When things are taken to extremes, there will always be jokers out there taking advantage. Airport security has been a long time standing joke.

This music video takes things to the extreme alright!

CCTV (Closed Circuite TV – not the Chinese television station) has become a comodity these days. Everyone wants it, and everyone seems to think I should sell it. At leased if I take a look at the requests I get from CCTV manufacturer around.

Sure, I reccognize the need for surveilance. And yes, CCTV offers a very good value to do just that. Particularly these days, when you get IP-based CCTV that connects directly to your LAN and even WAN. Your surveillance technology makes it easier all the time. These days, you no longer need to hire specialists and pay big bucks for CCTV systems – you can just shop online or by a variety of catalogues. And if you know your way around computers and networks, you can set it all up by yourself.

I am not selling these things. I am not even an expert on it. I do, however, have opinions on the increased “big brother” tendensies we have around the world. I just don’t like it. Hey, you even got cams in the public toilets these days. And my regular readers know how I prefer my toilet visits!

If you are located in the US (as many of my readers seems to be), and are into CCTV, you might find this site of interest. They sell CCTV, no surprise there. When browsing their site, you might also find “spy” cams – hidden in a nice looking toy, or in a motion decting lamp. They even say that these things are so common, that noone will ever suspect they are hidden cams! So go ahead, start spying on your wife, neighbour or even your boss! They will never suspect it, will they? If they are anything like me, they don’t even have a reason to suspect it!

If you are the more conventional type, you get all the wistles and fun of traditional cams of course. These things I see a point in, though. Not as a means to “protect yourself and your loved ones” as cams will never be able to actually protect you, but as a means to monitor hazardious areas or as a way to document theft.

Those who are serious about video surveillance you know you need more than the actual CCTV cams. You need a monitoring system, and today there are no reasons not to use a computer/PC based setup. Personally, I prefer IP-based communication, as it enables me to use all data/communication over one cable, but many CCTV systems still use old technology based on RCA or BNC for the video. For smaller systems, this might not be a challenge, but for larger or growing installations, I suggest you consider IP based technology.

Another monitoring issue is the option of remotely access your video streams. This comes in handy when monitoring off-site places, production facilities in different areas, or just as a way to avoid on-location security staff on remote locations. With alarms and remote IP access, you get access to the live stream from anywhere with an Internet connection.

Just keep in mind – a camera (or a number of cams) will never be able to prevent the theft itself – it can only help you spot it – during stakeout, during the theft itself, or later when you review the taped video. 

In some areas and countries (Norway being one), CCTV is not allowed in public space unless you have a permit. You might want to check if this is true in your area before setting up your new toys.

I have one saying – if someone wants something bad enough, there will be no way to stop them. All you can do is to make it harder for them to get at it. And CCTV might help doing just that.