More document forensics

Naked Security has a great story about a couple whose real estate fraud was revealed by some document forensics. The couple produced documents as evidence of real estate deals in 1995 and 2004, but the documents used fonts that only became available in 2007.

This reminds me of the story of the NSA contractor who got caught leaking classified information, because invisible dots on pages she printed identified her printer.

Both stories are fascinating to me, because they show how much extra information shows up in our documents, and we don’t even realize it. These would make great twists in a story if a character needed to disprove a document or identify its owner.

Advertisements

Mid-January 2019 news roundup

Here are a few interesting items that have come through my news reader recently.

uPNP abuse

Universal Plug-and-Play (uPNP) is a feature that is enabled by default in most home routers. uPNP allows a network-enabled device on your home network to tell your router to allow external connections back to the device, like a gaming console or a media server.

While this feature might be useful in some cases, it has a history of security-related problems. A recent example involves tricking chromecast and other google-friendly devices into playing a video promoting someone’s youtube channel. You might enjoy reading that article if you want an idea of how a character in your story could get a victim’s TV to show a video of your character’s choice. Imagine getting someone’s TV to show a forged emergency broadcast system alert, for example.

You might also want to consider disabling uPNP on your home router.

Non-technical cyberwarfare

Gizmodo has an article reminding us that sometimes you don’t need mad skills to crack a network. The FBI was able to acquire evidence against drug kingpin El Chapo by persuading his sysadmin to give them the keys to decrypt encrypted voice-over-IP conversations. If your story’s character needs to compromise an otherwise secure computer network, bribing or blackmailing an insider might be a good alternative.

Biometrics v. photography

Have you ever seen a movie where someone is only able to enter a lab or operations center after putting their palm on a handprint scanner? Apparently that’s a real thing: the scanner looks at how the user’s veins are arranged. It turns out that a photograph FROM SEVERAL METERS AWAY reveals enough detail to create a wax hand that will fool some of these scanners.

I recently watched Die Another Day (2002), and I think they used a severed hand to get through one of these things. So, that kind of messy unpleasantness isn’t even necessary any more!

And if you’re a Bond villain with a lair under a volcano that you access with a handprint scanner, think about wearing gloves in public.