Insights For Success

Strategy, Innovation, Leadership and Security

Security

Now you can buy a bulletproof suit

SecurityEdward KiledjianComment
BulletProof_suit_1.png

Sure most of us don't need  a bullet proof suit but it sure sound very James Bond-esque. Garrison Bespoke uses a special carbon nanotube material so that the suits are flexible and normal. The minute a bullet makes contact with the material, it hardens to protect the principal wearing this magical clothing.  

The material is 50% lighter than Kevlar (the traditional bullet proof material) and was tested to stop .22 and .40 caliber bullets.   Before you run out to buy one, its important to remember that this wondrous tech costs about $US20,000 but I'm sure the intended customers can easily afford this additional layer of protection.

Garrison Bespoke

How to detect counterfeit headphones

SecurityEdward KiledjianComment

There are thousands of counterfeit products being sold on Craigslist, Kijiji, eBay and other consumer to consumer online sites. During a trip to New York last year, I even found counterfeit Apple products and headphones being sold in a brick and mortar store. As a consumer, you want to make sure you are buying the real thing.

First rule of thumb

Counterfeit products never perform like the real authentic product. Don't listen to what anybody says, they just don't. Best case, the counterfeit product just per form’s bad. Worst case, the counterfeit product may be dangerous for your health and safety.

Regardless of what you have been told, the Original Equipment Manufacturers charge more because their products are built to higher quality/safety standards. These higher standards require higher end components and all of this costs money.

If the deal looks too good to be true, it probably is.

Never buy products sold without boxes

There are legitimate reasons why an online retailer or store may be selling a product without the original box but I’m not interested. Too often, missing boxes are a technique used by those selling counterfeit wares and I’m not interested.

Always look for a box that is clean and complete. It should have the same original seals or shrink wrap as a product sold in a local big box store.

Before buying anything, visit your local bog box store and examine the product. Look at the box closely. What is written? How is it written? How is the box sealed? If the store will allow it, take plenty of pictures. You need an original reference for comparison later.

Start with the batteries

If buying a product that requires AA or AAA batteries, find out what brand they are. Name brand manufacturers use Energizer or Duracell batteries but most Chinese knock-offs I have evaluated came with some other Chinese brand one.

On a recent trip to the "fake mall" in Shanghai, we were accosted by retailers peddling fake Beats headphones.

Every single one we examined came with local Chinese made batteries (while the original comes with Duracell).

When a product comes with a manufacturer brand battery (some Bose QC brand headphones), this is a little more difficult but can still be useful. In this case, you have to compare every detail from an original with the one you are evaluating. Look for different fonts or font sizes. Look for errors in spelling or missing certification labels. Look at the shape very closely as some counterfeits come close but aren't perfect replicas. If anything is off even slightly, you may be looking at a copy.

Examine the box and manual

Previously I asked that you examine the original product in a reliable big box store. This info will now be put to good use. Look at the packaging. I mean really look at it like an inspector.

You are looking for cheap quality printing, faded packaging or labels, strange markings not found on the original box, different fonts or colors used on text, compare or product names and misspelled words.

Do the above check on the box and the manual. Take the time to really look for these telltale signs in detail. If you see any of the above, you are likely holding a counterfeit product.

Presentation of the product

Manufacturers go to great lengths to ensure the customer has an exceptional unboxing experience. Every step of the process is carefully designed to be easy and be a satisfying experience. Compare the placement and internal packaging of the product with an original.

Are items presented in the rights order (i.e. product, cables, manuals)? Is the product inserter into the packaging the same way as an original? IS the product presented properly (righ and left sides of the product in the right position, proper placement of the transport case, inclusion of the proper accessories, etc).

Finally examine the product itself

Go through the markers I mentioned for the packaging. Look for things that are different or unusual. Markings, finishing, quality, weight, etc.

The counterfeit Beat headphones I examined in Shanghai had very different weights than the original we were comparing it too. We then played Apple lossless encoded music from an iPhone 4s and you immediately could head the difference in the sound quality. The original was rich with strong clean bass whereas the counterfeit sounded like it was being played through a can.

Any edges on the original were clean and smooth. The counterfeit product had more jagged edges and looked "less professional".

What to do if you bought a counterfeit product

  • Try to return the product back to the seller for a full refund. Be nebulous about the reason.

  • Call your credit card company and file a complaint asking for a charge-back (aka a charge reversal).

  • If you bought it on eBay with Paypal, file a complaint and ask for a refund. In your complaint be as specific as possible and take pictures as proof.

  • If the item was sent via mail, you can sometimes file a complain with your countries postmaster who may choose to conduct a more in depth investigation and block additional shipment from that seller into your country.

What if I'm not sure

There may be situations where you have doubts but aren't sure something is counterfeit. In that case, contact the support department of the manufacturer and ask for help. Some may politely reply with "Too bad you should have bought it from an authorized retailer." But more often than not, they will likely give you specific queues to look for [on their product] to help authenticate it.

There was one case where I sent the questionable product to the manufacturer (asking being asked to do it) and was told it was a counterfeit. In this case the manufacturer had amazing customer service and shipped me a replacement (since the original was purchased from a brick and mortar store that should have been authentic).

Buyer beware!

Anonymous is targeting Zynga because of "unfair layoff" practices

SecurityEdward KiledjianComment

Anonymous has now targeted the game-maker Zynga after its latest round of layoffs. The group called the layoffs “an insult to the population” and an “end of the U.S. game market.”

Anonymous wants Zynga to reverse course or they will release documents showing Zynga plans to move jobs to other countries and they threatened to release a bunch of Zynga games for free. The company has been given until November 5, which is also Guy Fawkes Day. 

Although Anonymous is a powerful enemy, some organizations have been able to take a stand against them and have thrived.

Source AnonNews

 

SilentCircle protects you from espionage or government monitoring

SecurityEdward Kiledjian2 Comments

I not only work in Information Security, I love it. In the era of “everything digital”, nothing else is as important. Well imagine my excitement when I learned of a newly formed company, called SilentCircle, which was promising a very secure yet easy to use communication product.

The company

The company says that it was started by 2 former Nacy Seals and the world-renown creator of PGP, Phil Zimmermann. It wanted to create a military grade encryption product for securing phone calls (VOIP), text messages, emails and video. It’s goal was to create a secure product, with the ease of use of an iPhone app (all for $20 per subscriber per month).

Services include:

 

  • Encrypted voice
  • Encrypted text
  • Encrypted Video
  • Encrypted email
  • Ability to call anyone (non subscriber). Your session is encrypted until the SilentCircle servers

 

The need

Anyone with a public profile has a need for secure communication. Secure from whom? Secure from competitors, government agencies and foreign nations.

How

The design of the solution has been well thought out and all encryption is performed on the end device. Once a communication stream is completed, the keys used to encrypt that communication are securely deleted making future decoding more difficult. They store only minimal system logs (required to maintain the service) and these logs are stored in Canada and Switzerland (who have stricter privacy laws).

They offer a service called Burn Notice which automatically destroys the sent information (photo, message, email, etc) after a pre-determine timeframe.

Resistance

Current US wiretapping laws do not apply to VOIP but some officials are pushing to have these older laws amended to include VOIP. It is conceivable that future laws may make this type of service illegal or highly regulated but [for now] you can rest assured that your discussing with nana about her top secret apple pie recipe will stay confidential.

Verdict

Since I haven’t tested the service, I can’t vouch for how it will actually work but it looks great on paper. If you are concerned about eavesdropping or espionage, take a look at this new tool.

You are Facebook's product, not its customer

SecurityEdward KiledjianComment

Anytime Facebook makes a site change or updates one of its mobile products, users get angry and rant about how “Facebook isn’t listening to the needs of its customers” or “How Facebook is out of touch with what its customers want”. I’m going to make a bold statement you probably won’t like but You are not Facebook’s customer, you are one of their products.

Facebook’s only goal is to monetize the social graph of its users. Don’t believe me? Ask yourself how Facebook keeps the lights on. Advertisers pay the bills at Facebook and Facebook generates revenue by selling YOU. During an interesting discussion on Metafilter, one of the users (blue_beetle) said “If you’re not paying for something, you’re not the customer; you’re the product being sold”. 

The value of knowing you

It is important to keep in mind that everything you do on Facebook is tracked, recorded and analyzed. From profile pages you visit, to pictures you post and people you hang out with. Leveraging facial recognition, the millions of people already tagged in photos and their check-in system, Facebook can track you online and offline. This incredibly detailed profile is worth real-money and is sold & resold without you knowing. 

Most people don’t realize that even when you are sign-out of Facebook and you clear you cookies and cache, they can still track your online movement. Smart marketers, online service providers and other less honorable entities use browser based fingerprinting to track you on the web. In simple terms, they extract as much information as technically possible from your browser (configuration, plug-ins, etc) and then use this as a homing beacon.

The Electronic Frontier Foundation has a test site (Panopticlick) that shows you how this works and confirms how unique your browser fingerprint is.  I ran the test on one of my browsers and was told my browser fingerprint is unique and that my "browser has a fingerprint that conveys at least 21.22 bits of identifying information."

Comparing it to traditional marketing

As consumers, we are now use to being offered “free or subsidized” services in exchange for being bombarded by advertising (think TV, free newspapers, radio, etc). But there is one very important difference; social networks connect to your personal life and therefore have incredibly detailed insight into our likes and dislikes.

Also any data they collect is theirs. You have no say on how it is used and when (if ever) it is destroyed. Can Facebook decide to do less honorable "things" with the data? Of course. Remember that once you sign-up and start using their service, they own any data you generate. They know your circles of friends (frequency of profile visits, pictures you upload and tag, walls on which you comment the most), they know the kinds of comments you share and can build a fairly accurate psych profile about you.

So what should you do? 

Many users call Facebook a necessary evil. It allows you to connect with and stay updated with acquaintances you otherwise would lose touch with. Every time you interact with Facebook, be aware that your actions are being tracked, recorded (forever) and analyzed until the cows come home.

Everything you do, stays in the Facebook hive brain forever. I often wonder who else could be leveraging this incredible data. Could foreign government compromise Facebook's security and steal this data? Could certain government agencies work with Facebook to build more accurate personnel profiles?