Subscribe to Monitoring Matters RSS Feed

Monitoring Matters

by: Ginger Hill - Wednesday, October 16, 2019

Cyber Security Awareness Month is in full swing; social media is buzzing with extremely helpful content and resources, mostly of which is free to help businesses and individuals gain and stay in control of their digital worlds. As the saying goes, “you learn something new every day,” or you should. Through social media related to #NCSAM, #cybersecurityawarenessmonth and #BeCyberAware, I heard about a newer way hackers are stealing data – formjacking.

I knew the term “jacking” meant stealing, but combing it with the word “form,” it could mean a variety of things, so I reached out to my friends at the Security Industry Association (SIA) for some guidance. 

“Formjacking is the injection of malicious code into a seemingly trustworthy website form that relays a copy of the field inputs to an attacker,” Joe Gittens, director of standards, SIA, explained. “In these cases, the victim’s transaction with the trust source is not interrupted; however, information from the from, which could include sensitive data, is relayed to the attacker.” 

That literally gave me chills. I can’t speak for you, but I know I have filled out at least hundreds of forms in my digital life; reflecting back over my past 20 years, there’s no telling what data I’ve shared. And, with formjacking, here’s the kicker – there are no red flags for the average online user to look for. 

“Unlike with spoofing and phishing, there are very few tell-tale signs that a form has been compromised,” Min Kyriannis, head, technology business development, Jaros, Baum & Bolles and member of SIA’s Cybersecurity Advisory Board. In fact, the only way to detect formjacking is looking at the code, “and, unless you’re trained, it’s hard to detect,” Gittens said. 

It looks like the regular, every day Joe who is going online and filling out forms has absolutely no way of knowing his data could be at risk, although end users can self-sabotage through installing browser plug-ins, Gittens said. Therefore, it’s mainly up to the company behind the online form to ensure people and their data are protected. 

“Companies need to ensure that all software, plug-ins and any third-party applications or extensions have been vetted and check for vulnerabilities,” Kyriannis advised. “These need to be continuously checked, since software is constantly being updated.” 

It amazes me how smart cybercriminals/hackers truly are, and it’s important to never underestimate them. Think about it in these terms: once a threat is recognized and identified by the “good guys,” the “bad guys” have already moved on “looking for more covert ways to harvest data,” Gittens said, in a way that’s the “easiest to hide and what’s most lucrative” for them,” added Kyriannis.

Gittens identified partner trust as key and noted that formjacking can and has affected large and mom-and-pop institutions. “Just like with other attacks, understanding exactly what type of privileges a third-party service has on your website or your browser and only allowing the most trusted services into your ecosystem can help protect you and your business. Also, be careful about what types of information you are collecting in forms in case you are attacked. If you don’t have to collect sensitive data, don’t do it – contract a trusted third party to perform the transaction for you who has better security protocols in place and can provide you and your customers with assurances. The SIA Cybersecurity Advisory Board will soon look to provide guidance on how security stakeholders can foster more trust within the device and application ecosystem.”

Kyriannis concurs that trust is key, but “people with malicious intent will always find new ways to sneak under the radar. The industry must lead in bringing awareness to their clients, customers, etc., and self-awareness is critical – for end users, that means setting up security parameters for themselves,” such as tagging credit cards to constantly monitor charges. 

Formjacking Key Takeways

  1. Any and all information shared via an online form is at risk of being stolen. 
  2. The only way to detect formjacking is to look at the code. 
  3. Ensure software, plug-ins and any third-party applications or extensions have been vetted and regularly check for vulnerabilities.
  4. Understand the exact privileges a third-party service has on your website/browser. 
  5. If you don’t have to collect sensitive data, don’t. 
  6. Set up security parameters for yourself.
by: Ginger Hill - Wednesday, October 9, 2019

As October presents itself in terms of pumpkin-spiced “everything,” cooler temps, colorful leaves, National Cyber Security Awareness Month (NCSAM) (ICYMI – we are 2019 Champions) and the announcement of SecurityNext’s program, Fall is a whirlwind of excitement! This time of year also reminds me of the extensive travel that takes place to family and friends’ homes for holiday gatherings, industry conferences and other work trips, vacations and the like. And, since the world is so hyper-connected, it is critical and crucial that everyone plans for and takes cybersecurity action when traveling. 

Based on information provided by National Initiative for Cybersecurity Careers and Studies (NICCS), an online resource for cybersecurity training that connects government employees, students, educators and industry with cybersecurity training providers throughout the nation, as well as the Department of Homeland Security, and in honor of our SecurityNext conference, February 9-11, 2020 at the Royal Sonesta in NOLA, and NCSAM, here are some tips to keep yourself, family and friends safe before and during travel:

Before Travel

Update mobile software. Keep the operating system software, web browsers and apps updated will improve your device’s ability to defend against malware. Sign up for and/or turn on automatic updates; set security software to run regular scans; and use anti-virus software.

Back up information. Put contacts, financial data, photos, videos and other mobile data onto another device or external hard drive, or in the cloud. 

Keep devices under lock (and key). Lock your device when you’re not using it; it only takes a few minutes for someone to steal/destroy your data. Set devices to automatically lock after a short time; use strong PINs and passwords. (This is a cool video from HABITU8 for establishing passphrases!) 

Double your login protection. Enable multi-factor authentication (MFA) for email, banking, social media and other services that require logging in. Enable MFA on trusted mobile devices, an authenticator app or a secure token (a small physical device that you can hook onto your key ring, for example.) 

During Travel

No auto-connecting. Disable remote connectivity and Bluetooth to prevent wirelessly connecting automatically to other devices — headphones, automobile infotainment systems, etc. Be choosey when deciding which wireless and Bluetooth networks to connect to. 

Think before connecting. Before connecting to any public wireless hotspot, confirm the network name and exact login procedures with appropriate staff. Your personal hotspot is usually a safer alternative to free Wi-Fi, and only use sites that begin with “https://”.

Play hard to get with strangers. If an email looks “phishy,” do not respond or click on any links or attachments. Use the “junk” or “block” option to no longer receive messages from the sender. 

Never click and tell. Limit the type of information shared on social media and other online places. Keep your full name, address, birthday and vacation plans private, and disable location services. Before posting pictures, make sure there is nothing in it to identify your location such as an address on a building, a street sign, the name of a business, etc. 

Physically guard mobile devices. Never leave devices or components, such as USBs or external hard drives, alone and keep them secured in taxis, at airports, on airplanes and in hotel rooms, lock them up in the commonly provided safe if you don’t want to lug them around with you.

by: Ginger Hill - Wednesday, October 2, 2019

The first thought that popped into my head when hearing about Maureen Carlo, director of strategic alliances – North America at BCDVideo, named as the recipient of this year’s SIA Progress Award: “It couldn’t have happened to a more deserving, humble and truly amazing individual.” 

Carlo and I met my first year in the industry – back in 2010-ish. After an encounter on Twitter and several tweets later, we became fast social media pals. Then, serendipitously, at my second ISC West in a rather obscure hallway, off the beaten path of the show, we found ourselves walking toward each other. Carlo recognized me and said, “Ginger?” And, I literally screamed, “Maureen!” as we gave each other a hug, having met for the first time in person. Since that moment, I have proudly called her my friend. (See how social media can bring people together?) 

It is truly an honor to be writing about Carlo, an industry veteran whose 15-year tenure includes roles at BCDVideo, Videotec Security, NeuEon, Venture Communications & Security and Wells Communication. Through her work in the industry and her seemingly magical way of building strong relationships with others, Carlo has developed an international reputation as a strategic electronic security and integrated systems leader. 

Carlo is dedicated to the advancement of SIA’s mission and serves as committee co-chair of the SIA Women in Security Forum, in which I, too, am a member. (I was so honored when Carlo presented me a membership pin and bag at ISC West at the Women in Security Forum’s breakfast!) Her passion for diversity and inclusivity in the security industry is inspiring, as she helps guide SIA’s efforts in engaging security professionals to promote, recruit and cultivate the leadership of women. 

“Joining SIA offered me the opportunity to connect with the most prestigious leaders in our industry, and together we have created a movement with the Women in Security Forum that is engaging and influencing our integrated security world through diversity and inclusivity,” Carlo said in the announcement. “I am inspired by this award and awed by the honor of receiving the 2019 SIA Progress Award. When we are dedicated to championing others and recognize values, vulnerability, courage and grit as part of the process, our partnerships and participation grow – the effects are force multipliers in bettering our workforce and advancing the next generation of our converged physical and cybersecurity industry.” 

Recent activities in which she helped organize and present lively networking and professional growth include a breakfast at ISC West 2019 and happy hour at GSX 2019; moderator of the ISC West session, “Being a Woman Business Owner in the Security Industry is an Advantage, Not a Disadvantage,” and panelist in the ISC East session, “Strategies for Successful Leadership in the Security Industry.” 

“SIA is thrilled to present the 2019 SIA Progress Award to Maureen Carlo in recognition of her strong dedication to furthering the growth of women in the security industry,” Don Erickson, CEO, SIA said. “Her enthusiastic efforts to elevate women in security through outreach, engagement and leadership have helped to grow the forum and shed light on challenges women face in the industry.” 

SIA’s Progress Award recognizes SIA members who have shown excellence in their advancement of opportunities and success for women in the security industry. Recipients are determined based on their contributions to fostering women in the industry, promotion of women’s professional growth though mentorship and/or sponsorship, recognitions and awards for activities and demonstration of the highest levels of professionalism and integrity in the industry. 

SIA will present Carlo with her award during SIA Honors Night, November 20, in New York City.

 
by: Ginger Hill - Wednesday, September 25, 2019

As the saying goes, “it takes a village,” and nothing is farther from the truth when confronting cybersecurity. It will literally take everyone working together to combat cyber risks and threats. As more and more organizations take the necessary steps to become and stay cyber safe, these same and other organizations are reaching out and showing their support of various campaigns centered around cyber. 

And, now an important announcement … drum roll please!

As of this blog post, Security Systems News is proud to be the only security industry publication recognized as a 2019 Champion Organization of National Cybersecurity Awareness Month (NCSAM) co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and infrastructure Agency (CISA) of the U.S. Department of Homeland Security. 

In just five days, October will be here, the month of ghouls and goblins, candy and trick-or-treating, and perhaps most importantly, NCSAM, a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals to be committed to this year’s NCSAM overarching team of “Own It. Secure It. Protect It.” This theme serves as encouragement to everyone to #BeCyberSmart through personal accountability and proactive behavior in security best practices and digital privacy.

“Cybersecurity is important to the success of all businesses and organizations,” Kelvin Coleman, executive director, NCSA, said. “NCSA is proud to have such a strong and active community helping to encourage proactive behavior and prioritize cybersecurity in their organizations.” 

So, what does this amazing news mean for you, our amazing readers? Well, throughout the month of October, we will provide you with the latest and greatest tips, discussion topics, free resources, videos, quizzes and more to ensure you are cybersafe!  

To gain access to these must-have tools, be sure to: 

  1. Follow SSN Managing Editor, Ginger Hill, on Twitter @SSN_Ginger; 
  2. If you miss any tweets, search on Twitter using #SSNTalks to see all our previous tweets.
  3. Follow SSN/SecurityNext on LinkedIn; and 
  4. Follow SSN on Facebook

When you see our posts on Twitter, LinkedIn and Facebook, be sure to comment, using #SSNTalks and #BeCyberSmart, like and share! We will respond to all comments! 

Everyone here at SSN is super excited to be a 2019 NCSAM Champion and to join in the fight for cybersecurity!

by: Ginger Hill - Wednesday, September 18, 2019

As a security journalist, I hate to admit that I’m a bit torn on the whole privacy vs. security of video doorbells and whether it’s unethical or not. I mean, I should take a stand, right? Either I support video doorbells or I don’t but, I really do see both sides of this hot debate. 

Here’s an example: My mom lives alone and is a very spry 73-year-old who is quite capable of looking through the peephole of her door to see who’s knocking on it. However, should someone cover her peephole, having a video doorbell, enabling her to see exactly who is at her door before she opens it, and record them, especially if they plan on causing some type of harm, I see is a must. 

But at the same time, let’s say a Girl Scout or Boy Scout rang my mom’s doorbell to sell cookies or popcorn. In my opinion, recording them, or any child for that matter, is very unethical and a huge invasion of privacy, unless, of course, the parents know and give permission. 

To my knowledge there isn’t a video doorbell (yet) that can – with 100 percent accuracy – distinguish between adults who intend to do harmful acts and children. At this point, it just seems video doorbells are an all-or-nothing device that are causing some major disruption.  

A recent ABC news story highlighted attorney, David Barnett, who specializes in privacy law. Barnett suggested letting people know they are under surveillance if using a video doorbell, and take into consideration that these cameras are aimed at property, with the expectation that places such as backyards, windows and bathrooms are private. But, even if the camera is aimed at the front of a home and let’s say children are outside playing in the camera’s recording range, recording them is wrong and what if that camera got hacked? Hackers would then be able to see those children. 

There are also the terms of service of the video doorbell manufacturers that puts a lot of the responsibility on the person installing the device. Ring’s, for example, says, “Privacy and other laws applicable in your jurisdiction may impose certain responsibilities on you and your use of the Products and Services. You agree that it is your responsibility, and not the responsibility of Ring, to ensure that you comply with any applicable laws …” (I’m quite sure people aren’t allowed to point cameras at public streets or into their neighbor’s yards, for example, which if done, can lead to privacy invasion, but where is the responsibility of the manufacturers of these products?)

Then, of course, there’s apps being connected to these video doorbells. Not to pick on Ring, but its new app, Neighbors – where most posts are captured videos – could expose people to a whole new level of privacy invasion, taking the old-school “nosey neighbor” to the extreme. Again, in Ring’s terms of service, it says: “You are solely responsible for all Content that you upload, post, email, transmit or otherwise disseminate using, or in connection with, the Products or Services …” And, again, I ask, shouldn’t the manufacturers of video doorbells take on at least some of the responsibility?

Overall, this topic is a tough one, filled with “ifs, ands and buts,” amazing use cases where lives were saved and the possibility of privacy invasion. This makes me want to subscribe to the old-school method of using the peephole, and if it’s covered, asking “who’s there,” and if there’s no answer, not answering the door. 

What are your thoughts on video doorbells and privacy? Let’s talk about it on Twitter @SSN_Ginger or email me directly at ghill@securitysystemsnews.com

by: Ginger Hill - Wednesday, September 11, 2019

I just completed an article about perimeter school security, “The undogging debacle: perimeter security in a school environment,” in which I had the opportunity to speak with a director of safety and security for a school district, who also has a 14-year background at the local police department, most recently of which was supervisor for the School Resource Officer Unit. He told me something that really opened my eyes and I think that all security professionals involved in the school security niche need to hear. 

Here’s the question I asked: “If you could pick only one security measure that all school environments must have, what would that be and why?” 

The response: “If you limit me to just one security measure, I would have to say it would be hiring the right people, and training them properly in school safety and security,” Mike Johnson, director of safety and security at Rock Hill Schools, said.  

Read that again … limited to ONE security measure, he relies on people, but not just any people, though, trained people, not equipment or services. 

“The people we have in critical places, from administrators and teachers to support staff, are the biggest asset and the strongest point of any safety and security program,” Johnson continued. “Without quality people who are versed in safety and security, we would have nothing.”

Of course, without equipment or services, school security would be impossible in our modern day of school shootings, cyber-attacks, physical breaches, etc.; however, the key to it all is training. Equipment and service users, the people, must be properly trained to use the equipment and services to effectively and efficiently achieve their security goals. Any school could have the latest and greatest security equipment and services deployed, but if it’s not being used properly or even at all, then, really, what’s the point? 

“All the best products in the world are worthless if you don’t have the right people, who are properly trained, using them,” Johnson said. 

So, security professionals, I ask you, “Who is responsible for this training?” I would hope that every security professional, whether an integrator, consultant, sales person, manufacturer, etc., answered with, “I am responsible.” 

I would love to hear your feedback! Please comment here, over on Twitter @SSN_Ginger or email me directly

 

by: Ginger Hill - Wednesday, September 4, 2019

I have a special affinity toward cybersecurity, probably because I’ve witnessed it grow from not even being a word, much less a concept to indoctrinating itself into society on a second by second basis. People must be alert, knowledgeable and actionable in order to stay safe from cybercriminals, and thankfully, there are various organizations available to help. 

During August, I attended the National Cyber Security Alliance and Infosec webinar that explored the cyber threats phishing, smishing and vishing, and offered steps of protection. Daniel Eliot, director of education and strategic initiatives, National Cyber Security Alliance moderated as Tiffany Schoenike, chief operating officer, National Cyber Security Alliance and Lisa Plaggemier, chief evangelist, Infosec took center stage.

“At their core, phish are just tools criminals use for social engineering, which is the use of deception to manipulate individuals into doing something they wouldn’t normally,” Plaggemier explained during the webinar. “Thieves are generally after two things: money and things they can turn into money, and over three billion phishes are sent every single day” to try and gain access to private information, engage with people to develop trust, present links that download malware when clicked, modify data, etc.

Here’s some common types of phish you need to know about: 

  • Spear phishing: a targeted attack that usually involves cybercriminals gathering intel to use to send emails that appear to be from a known or trusted sender.
  • Whaling: attacks that target senior-level employees. 
  • Credential harvesting: an attack that allows unauthorized access to usernames and/or emails with corresponding passwords. 

To identify phishes, Plaggemier said to look for things such as spoofed sender addresses that may be off by a letter or two; misspelled words and bad grammar; strange URLs; the use of scare tactics; buzzwords such as cool job offers and last but not least, use your own senses. If you feel something isn’t right, you’re probably correct. 

With smishing, the cybercriminal uses text or SMS messaging to try and trick people into giving out private information while vishing uses the phone via a call. 

To protect yourself and your organization against phishing, smishing and vishing, consider the following: 

  • Enable strong authentication.
  • Think before you share personal information. 
  • Never give personal information over the phone. 
  • Use unique and the longest passphrases possible as passwords
  • Keep your computer system and smartphone’s software updated. 
  • Only download apps from trusted sources. 
  • Train employees. 
  • Establish, maintain, use and enforce policies and procedures. 
  • Report all phishing incidents to DHS Cybersecurity and Infrastructure Security Agency and the Federal Trade Commission

For more information on how small and medium-sized businesses can be safer and more secure online, visit National Cyber Security Alliance’s national program, CyberSecure My Business, which consists of in-person, interactive workshops, monthly webinars, an online portal of resources and monthly newsletters that summarize the latest cybersecurity news.

by: Ginger Hill - Friday, August 23, 2019

I remember in elementary school those little gold, silver, red, green and blue foil star stickers the teacher would put at the top of my paper, each color reflecting my grade: gold for the perfect score of 100; silver for 90s; blue for 80s; and green for 70s. If I saw a red star, just forget it, because that meant redoing the whole assignment, usually DURING recess, or when I got home from school DURING my favorite TV shows — Woody Wood Pecker, Tom & Jerry and Heathcliff. 

Let’s see if you pass the star test or if you’ll be caught at your local Department of Motor Vehicles during your recess, what we adults commonly call our lunch break! Take out your driver’s license. Does it have a black or gold star on it? If so, you passed and your lunch break is safe. If not, looks like a trip to your state’s Department of Motor Vehicles (DMV) is in your future if you plan on using your driver’s license to fly. 

Back in 2005, Congress passed the Real ID Act, designed to ensure that people boarding a flight or entering a federal building are exactly who they claim to be in all U.S. states and territories including Puerto Rico, Guam, Northern Mariana Islands and U.S. Virgin Islands. Now, 14 years later, all states and territories are compliant or have an extension (Maine, New Jersey, Oklahoma and Oregon are extended until Oct. 10, 2019) and are awaiting each and every citizen over the age of 18 to pay a visit to their local DMVs. 

Technically you have until October 1, 2020 to get your star, but as busy security professionals, 13 months will pass faster than a hot knife through butter! (That’s Texan for “quickly.”)  So, here are some strategies and tips to make the process as painless as possible: 

Decide if you even need a Real ID. If you want to fly with only your state-issued ID, don’t have a passport or other TSA-approved ID or need to visit a security federal facility, such as a military base, then yes, you do need a Real ID. 

If you only need your state-issued ID for identification purposes, don’t mind bringing a TSA-approved ID, like a passport, starting October 1, 2020, or are under age 18, then no, you do NOT need a Real ID. 

Physically go to a DMV office. Be sure to bring along identification documents such as a birth certificate and passport. Some states are requiring up to four pieces of identification, so be sure to check your state’s requirements BEFORE standing in that long line, finally arriving at the clerk’s desk after a five hour wait (that’s the typical wait time in Texas) just to be turned away to go back home, retrieve said documents and then wait another five hours in line! (As “they” say, “Everything’s bigger in Texas;” I guess that includes these lines, too!)

  • Tip #1: To be on the safe side, at the very least, bring proof of identity, social security number and residency, proof of name change (if applicable) and of course, money (a fee is involved).
  • Tip #2: I would suggest bringing cash and/or check in case your DMV doesn’t accept credit cards or charges a fee. It looks like North Carolina is the cheapest at $13.00 and Massachusetts is the highest at $85.00. Check your particular state’s DMV website for the fee schedule. 
  • Tip #3: If your state allows it, make an appointment to visit your DMV. This will cut back on wait time and frustration. 

 

I wish you well on your endeavor to obtain your star!

 

 

by: Ginger Hill - Wednesday, August 21, 2019

Whomever is the culprit for all these ransomware attacks on local U.S. government entities sure is getting a ton of notoriety in the media. With 22 reported and known public-sector attacks so far this year, and none tracked by the federal government or FBI, according to CNN, I say, the more information available the better for those needing to protect themselves. 

The most recent ransomware attack happened in my home state of Texas against 22 small-town governments, and while our “Don’t mess with Texas” campaign is aimed at road-side litter, I think it’s appropriate that we take out the trash on cybercrime, too! Here’s 5 important facts you need to know about these attacks: 

Names of the attacked municipalities are undisclosed, except for two. The city of Borger, Texas, located a few miles north of Amarillo in the Texas Panhandle, issued a statement noting that as of Monday, August 19, 2019, birth and death certifications are offline, and the city is unable to take utility or other payments. The city reassured residents that no late fees would be assessed nor would any utilities be shut off.

Keene, Texas, located just outside Ft. Worth, Texas, was also affected in a similar fashion as Borger. They, too, are unable to process utility payments via credit card. Keene Mayor, Gary Heinrich, told NPR, that hackers breached the information technology software used by the city and managed by an outsourced company, which according to the Mayor also supports many of the other targeted municipalities. 

Heinrich also noted that the hackers demanded a collective ransom of $2.5 million but also said there’s no way his city will be coughing up the dough!
“Stupid people,” Heinrich told NPR, referring to the cyber attackers. “You know, just no sense in all this at all.” 

Attacks seem to be from one, single threat actor. This means only one cybercriminal or cyber-criminal group is responsible for the attacks. 

Attacks are coordinated. What’s so alarming about these attacks is that they simultaneously targeted approximately two dozen cities, dubbing it as a “digital assault.”

Attacks are mostly rural. Small-town governments usually don’t have the budget to staff in-house IT, instead using outsourced specialists. This could mean valuable time that should have been used to quickly assess each incident was spent bringing the outsourced specialists up to speed about the details of the attack before any response could begin. 

The overarching goal is response and recovery. The affected municipalities are assessing and responding and, as quickly as possible, moving into remediation and recovery to get back to operations as usual as soon as possible. 

 
by: Ginger Hill - Wednesday, August 14, 2019

It seems Joe Public is shouting “privacy here, privacy there, privacy everywhere,” as people are pushing back against certain technologies that could, or people believe could, misidentify them and track, monitor and record their actions, or be the catalyst to their personal information and identity being stolen.

It’s a double-edged sword really; people want to use the technology to ensure safety and security, but at the same time, they want no interference with their privacy. It’s all or nothing. Unfortunately, we aren’t at a point with technology where “good” people are automatically excluded from the “bad.” However, one solution to protect privacy presented itself about a week ago at none other than DEFCON 27

As over 25,000 security professionals and researchers, federal government employees, lawyers, journalists, and of course, hackers with an interest in anything and everything that can be hacked descended on Las Vegas’ Paris, Bally’s, Flamingo and Planet Hollywood Convention Centers, professional ethical hacker and now, fashion designer, Kate Rose, debuted her weapon of choice against ALPRs and surveillance — t-shirts, hoodies, jackets, dresses and skirts. 

Knows as Adversarial Fashion, each garment is purposely designed to trigger ALPRs and inject data rubbish into systems used by states and its contractors, believed by some to monitor and track civilians. Rose tested a series of modified license plate images with commercial ALPR APIs and created fabric patterns that read into LPRs as if they are authentic license plates. Priced at no more than 50 bucks, tops, you too can now fool ALPRs with your clothes! 

Don’t feel like shelling out your hard-earned money? Not to worry! Rose lists all the resources needed to make your own computer vision-triggering fashion and fabric designs on her site, along with a hyperlinked list of libraries and APIs, image editing tools, color palette extraction tools and textile pattern tutorials. In addition, slides from her DEFCON 27 Crypto and Privacy Village talk, “Sartorial Hacking to Combat Surveillance,” offering the following how-to guide of designing your own anti-surveillance clothes: 

  1. Choose a recognition system and experiment with design constraints, starting with high confidence images.
  2. Test tolerances by making slight modifications to source images. 
  3. Make notes of “cue” attributes that affect confidence scores. 
  4. Plot enough images to determine what seems to work. 
  5. Use images that work to design a pattern and digitally print it onto fabric. 

I’m not too sure if this is a 5-step method to early retirement, but I can say people are demanding privacy and obviously, being very creative in their fight for it. 

 

Pages