Macrocosmic Technologies

It looks like Norm Coleman may have a new challenge: Violating state laws related to breach notifications. Politico is reporting that his web site exposed credit card details, and he hasn’t notified folks that their financial information was exposed. While the breach happened back in January, it wasn’t until this past Wednesday that the campaign issued a statement on the matter. This was precipitated by lists of the donors (and their information) being made available online.

Wired is running an outstanding story about the 2003 Antwerp diamond heist. The story provides a lot of information about how the heist itself was carried out, from the high tech reconnaissance that was conducted with a stealthy camera, to the blindingly low-tech of using a plexiglass shield to hide a heat signature. My favorite was spraying the heat and motion detector in the vault with hairspray to temporarily blind it.

Like most criminals, they got sloppy. They dumped incriminating garbage in property abutting a highway. Unluckily for them, the property owner was one who would routinely call police whenever he found stray signs of people on his property. It’s no surprise that four days after one of the largest diamond robberies in history, police were very interested in trash that included envelopes from the Antwerp diamond center. There were also receipts for equipment used during the robbery, including the name of one of the robbers.

The thing I find most surprising is that someone implicated in a 20 to 100 million dollar (depending upon whose figures you use) theft only spent six years in prison. Each individual share is believed to have been at least three million dollars. That’s about $1370 per day in jail. How many people would spend six years in prison in exchange for three million dollars?

Within the security world, caller ID is widely known to be broken. Its use as an authenticator SHOULD be none, as it’s trivially easy to spoof the information. Whether you’re using it to call your friends (and make it appear as their boss’ phone), or you’re using it to call the police, making them believe there’s a hostage situation at someone’s home, people place way too much faith in caller ID.

While not the first such service, 123Spoof looks to be making it the easiest to use, for Blackberry users anyway. Their service, an application that integrates with the Blackberry address book, will allow people to call anyone with forged caller ID information, has many international access numbers to use, and even has a voice changer available as an option. While currently free, the only cost to users is listening to a ten second advertisement before their call is connected.

Although most use of this service is likely to be harmless pranks between friends, providers recognize the very real possibility that their services will be used maliciously, and have created an opt-out registry to allow people to block their numbers from receiving spoofed calls.