At a recent Black Hat security conference in DC, two cyber-security techies showed how easy it is to wiretap another person’s cellphone.

David Hulton and Steve Muller showed off a new method for breaking the GSM encryption used by major cellphone service providers to prevent eavesdropping on cellphone communications.

Hulton and Muller say their method allows an eavesdropper to record conversations on cellphone networks from miles away and decode it within a half hour using just $1,000 in computer equipment.

Hulton, an applications director for high-performance computing company Pico, and Muller, mobile security researcher for CellCrypt, plan to make their decryption method freely available to the general public public.

However, they hope to start selling a faster version that can crack cellphone encryption in only 30 seconds. This premium version will cost between $200,000 and $500,000.

As to the issue of eroding the privacy of cellphone users, Muller says that he and Hulton didn’t invent the hacking technology; they just brought attention to its vulnerabilities and made the technology public.

According to Muller: “If governments or other people with millions of dollars can listen to your conversations right now, why shouldn’t your next-door neighbor?”

David Pringle, a spokesman for the GSMA trade association, which represents 700 GSM cellphone carriers worldwide, stated that decrypting GSM still requires special technology and is more secure than a landline.

As for intercepting conversations on Hulton and Muller’s cellphones, don’t bother. They don’t use them.

Source: Forbes

Proving that anyone can be the victim of identity theft, the Associated Press has run a news story on how a Moroccan prince had his identity stolen on FaceBook.com by a government employee.

According to the AP story –

Moroccan police have arrested a state-employed engineer for allegedly stealing the identity of King Mohammed VI’s brother on the social network site Facebook.com.

Fouad Mourtada was detained in Casablanca over “villainous practices” linked to the alleged theft of the identity of Prince Moulay Rachid.

Source: CNN.com.

Online phishing scams cost people a lot of privacy and money each year. Think you will never get caught by a phishing scam? Take McAfee’s 10 question online phishing scam quiz and test your phishing IQ. This quiz is useful for everyone from your average online layperson on up to a company’s Chief Technology / Information Officer.

You can take the McAfee phishing test @ McAfee SiteAdvisor Phishing Quiz.

In a controversial move to fight the spread of HIV in Indonesia’s Papau, lawmakers are considering a proposal to monitor the behavior of known HIV carriers with a microchip implant.

From Breitbart.com –

Lawmakers in Indonesia’s Papua are mulling the selective use of chip implants in HIV carriers to monitor their behaviour in a bid to keep them from infecting others, a doctor said Tuesday.

John Manangsang, a doctor who is helping to prepare a new healthcare regulation bill for Papua’s provincial parliament, said that unusual measures were needed to combat the virus.

“We in the government in Papua have to think hard on ways to provide protection to people from the spread of the disease,” Manangsang told AFP.

“Some of the infected people experience a change of behaviour and can turn more aggressive and would not think twice of infecting others,” he alleged, saying lawmakers were considering various sanctions for these people.

“Among one of the means being considered is the monitoring of those infected people who can pose a danger to others,” Manangsang said.

“The use of chip implants is one of the ways to do so, but only for those few who turn aggressive and clearly continue to disregard what they know about the disease and spread the virus to others,” he said.

A decision was still a long way off, he added.

Source:
Microchips mulled for HIV carriers in Indonesia’s Papua

According to a 4/15/2007 Washington Post article, student loan providers with access to a national student database have searched the personal and confidential information for tens of millions of student borrowers in ways that violate federal rules.

The questionable searches on the database have grown so considerable that the Education Department is considering a temporary shutdown of the service.

The database contains confidential and personal information for millions of students, including social security numbers, email addresses, phone numbers, birth dates, loan balances and other financial information.

Source: Lenders Misusing Student Database.