Beware the co-worker with a camera-equipped spywatch

Given the proliferation of micro-cameras and mobile devices, I guess any expectation of privacy we might have had ended, oh, about 12 minutes ago.

A story has reached me of one [particular IT worker]. I won't betray his place of employment, save to say that it is in a large corporation in New York. I will, though, betray his simple method of, well, amusing himself. He takes pictures of the ladies in his office with his watch. His gentlemanliness is such that he takes these pictures without them knowing.

What he does with them is still open to conjecture. However, it seems that his watch is the SVP MW09.

How can I possibly know this? This particular IT guy thinks there's nothing wrong with wandering around the office taking covert pictures. Perhaps he even believes it's part of a subtle seduction technique.

Oddly, last week he thought there was nothing wrong with admitting to one of the subjects of his covert photography what he is doing... [and she] asked that I might make others aware of the possibilities that these no doubt fine pieces of technology offer to the unscrupulous.

She told me: "How do I know what kind of pictures he already has and how long he's been doing this?"

...Clearly anyone in any place of work could buy one of these watches... So, as you wander into your office tomorrow morning, admire everyone's watch--and then check it for a hidden camera. Just, you know, for fun.

The next growth industry: counter-surveillance tools that can help detect and defeat spy-cams and the like.

Security: Humans are always the weakest link

Good article in today's Wall Street Journal describing the weakest link in the information security chain. The summary? You can have your firewalls, your intrusion prevention systems, your endpoint security systems, your anti-virus, your spam filters, your zero-day detection appliances, your application-aware firewalls, and the rest.

But then there's this:

Chris Patten called a large investment-management firm to report that he was going through a divorce and was worried that his wife had set up an account under a false name.

And with that story—entirely plausible but in this case a lie—a customer-service representative turned over customer account numbers and other details with a readiness that makes banks and other companies cringe.

Mr. Patten, a 35-year-old cybersecurity expert who was with the U.S. Air Force before he started working for a consulting firm in Kansas City, Mo., didn't actually use or sell the data, which he gathered in running a test for the investment firm of its security arrangements. But the ease with which the employee was persuaded to divulge the information points to a troubling trend, security experts and law enforcement officials say.

As banks and other large companies spend large amounts of money on building firewalls and using complex technology to fortify their systems, it is often their own employees who are letting identity thieves in the door...

User education and awareness are good starting points. And solid browsers that can help point out phishing attempts certainly help.

But the fact remains: social engineering is just too damn easy and there's no silver bullet. What's that old quote? "Make it idiot-proof, and someone will make a better idiot."

Trinity College Boots Professor for Being a Politically Incorrect 'Barbarian'

Marfdrat alerts us to a professor at Ireland's Trinity College who has been terminated -- it would seem -- for political incorrectness. The professor's bio on the college website, which has since been removed, is epic:

Long Room Hub Associate Professor in Hyborian Studies and Tyrant Slaying.

Dr Conan T. Barbarian was ripped from his mother's womb on the corpse-strewn battlefields of his war-torn homeland, Cimmeria, and has been preparing for academic life ever since. A firm believer in the dictum that "that which does not kill us makes us stronger," he took time out to avenge the death of his parents following a sojourn pursuing his strong interest in Post-Colonial theory at the Sorbonne. In between, he spent several years tethered to the fearsome "Wheel of Pain", time which he now feels helped provide him with the mental discipline and sado-masochistic proclivities necessary to sucessfully tackle contemporary critical theory. He completed his PhD, entitled "To Hear The Lamentation of Their Women: Constructions of Masculinity in Contemporary Zamoran Literature" at UCD and was appointed to the School of English in 2006, after sucessfully decapitating his predecessor during a bloody battle which will long be remembered in legend and song. In 2011/12, he will be teaching on the following courses: "The Relevance of Crom in the Modern World", "Theories of Literature", "Vengeance for Beginners", "Deciphering the Riddle of Steel" and "D.H. Lawrence". He strongly objects to the terms of the Croke Park agreement and the current trend for remaking 1980s films that he believes were perfectly good enough in the first place.

He is happy to hear from potential research students with an interest of any of these topics, but applicants should note that anyone found guilty of academic misconduct or weakness in the face of the enemy will be crucified as an example to the others.

Email: conanb@tcd.ie

The Irish Times reports that Professor Conan's bio was an "inside job", not an external hack.