Saturday, January 28, 2006

H5N1 News: U.S. Medical Centers Seeking Volunteers to Test Bird Flu Vaccine

An AFP newswire article, via, reports that:

Medical centers in four US states are seeking volunteers for the first human testing of a bird flu vaccine made in Britain by Chiron Corporation, researchers said.

Stanford Medical Center, in Palo Alto near San Francisco, is one of four centers recruiting "healthy subjects" to be injected with "inactive influenza A/H5N1 vaccine," said research assistant Ernesto Martin Gonzalez.

Michigan Court: Downloading Child Porn is the Same as Making Child Porn

A UPI newswire article, via Science Daily, reports that:

A Michigan appeals court has ruled that downloading child pornography from the Internet can be charged as "making" the material.

Making or manufacturing child pornography is a felony in Michigan with a potential sentence of 20 years in prison. The court upheld the position of the Muskegon County prosecutor in the case of former Egelston Township Treasurer Brian Hill, the Muskegon Chronicle reported.

Hill is awaiting trial. The court ruling has put his case on the docket, although the issue is likely to be decided by the state Supreme Court. Fix

Via Enjoy!

Seeing Fakes, Angry Traders Confront eBay

Katie Hafner writes in The New York Times:

A year ago Jacqui Rogers, a retiree in southern Oregon who dabbles in vintage costume jewelry, went on eBay and bought 10 butterfly brooches made by Weiss, a well-known maker of high-quality costume jewelry in the 1950's and 1960's.

At first, Ms. Rogers thought she had snagged a great deal. But when the jewelry arrived from a seller in Rhode Island, her well-trained eye told her that all of the pieces were knockoffs.

Even though Ms. Rogers received a refund after she confronted the seller, eBay refused to remove hundreds of listings for identical "Weiss" pieces. It said it had no responsibility for the fakes because it was nothing more than a marketplace that links buyers and sellers.

Canadian Newspaper Reporter Could Go to Prison For Refusing to Surrender Notes to Police

Via Reporters sans Frontières.

Reporters Without Borders voiced deep concern today at what awaits Bill Dunphy of the Hamilton Spectator (a daily newspaper based in Hamilton, Ontario) if he fails to comply with a court order to hand over to the police his notes of interviews with a convicted drug dealer.

“Dunphy could go to prison under a new provision of the criminal code that forces journalists to act as police informants or law enforcement auxiliaries, which is not their job,” the press freedom organisation said.

Blogs Attack From Left as Democrats Reach for Center

Jim VandeHei writes in The Washington Post:

Democrats are getting an early glimpse of an intraparty rift that could complicate efforts to win back the White House: fiery liberals raising their voices on Web sites and in interest groups vs. elected officials trying to appeal to a much broader audience.

These activists -- spearheaded by battle-ready bloggers and making their influence felt through relentless e-mail campaigns -- have denounced what they regard as a flaccid Democratic response to the Supreme Court fight, President Bush's upcoming State of the Union address and the Iraq war. In every case, they have portrayed party leaders as gutless sellouts.

User Friendly: Don't Delete That Spam!


Click for larger image.

UK: Big Brother is Watching You on Britain's Roads

An AFP newswire article, via, reports that:

Big Brother-style surveillance is growing on Britain's roads, where police will have the greatest ability in the world to scrutinise, control and record the movements of drivers by the end of the year.

Thousands of cameras reading vehicle number plates and comparing data with a central data base will analyse some 35 million pieces of information per day.

The data will be transmitted to the police and also MI5, Britain's domestic intelligence agency, to help in the hunt for suspected criminals or terrorists. It will be kept for two years, but the period may be extended to five years.

Prime Minister Tony Blair's centre-left government has invested some 15 million pounds (27 million dollars, 22 million euros) in the project this year.

Toon: RFID 'Goodness'

Thanks, Bruce Schneier.

Click for larger image.

Microsoft Anti-spyware Will Soon Shift To Round Two

Gregg Keizer writes on TechWeb News:

Windows Defender, Microsoft's free anti-spyware program that's been in beta for more than a year, will shift into its second round of testing in the next two months, developers for the Redmond, Wash. company said recently in an online chat.

Defender is the new brand name for what Microsoft still calls Windows AntiSpyware, the add-on that's been in Beta 1 since it debuted more than a year ago. Beta 1 only works in Windows XP.

Windows Defender Beta 2, on the other hand, will be available for Windows 2000, Windows XP, Windows Server 2003, and Windows Vista, with additional editions for earlier Windows posted at some undisclosed future date. It will be included with both the client and server versions of Vista, Microsoft's next operating system, which is to unveil late in 2006.

EFF on the Broadcast Flag: History and Senator Stevens' iPod

Via The EFF.

Yesterday's [24 January 2006] Senate Commerce Committee hearing on the Broadcast Flag--and its younger, brattier, brother, the RIAA's proposed "Audio Flag"--swung a little wildly from its pre-ordained course.

It began with committee chairman Senator Stevens and Senator Inouye, his Democrat counterpart, declaring, as with all good anti-piracy measures, that Something Had To Be Done, and that Congress should pass the flag as soon as possible.

The agenda seemed set. In the face of it, those who objected to the Broadcast Flag--technologists, librarians, and civil libertarians--were forced to spend much of their Congressional time requesting narrow exceptions that might lessen its damage.

Then two things happened...

Much more here.

EU Tells Microsoft Source Code Isn't Enough

Via The Inquirer.

THE WALL STREET JOURNAL has seen a confidential document from the European Commission telling Microsoft that offering source code wouldn't be enough to avoid antitrust action.

That explains why a representative of the Commission told the BBC earlier this week that Microsoft had decided to hold a press party when it could have popped round the corner and had real discussions.

The Wall Street Journal exclusive sight of the memo shows that behind the scenes there is a real war going on. Microsoft faces the prospect of paying €2 million a day in fines if it doesn't comply with the Commission's terms.

The Top 5 Open Proxy Ports & How To Fix Them

Via eMail Battles.

Over the last few days we've prowled the dark side, compiling a list of computers vulnerable to exploitation as open proxies. We logged their IP addresses and the ports they left open for intruders.

We discovered that attackers generally prefer ports 80, 81, 3128, 8000 and 8080. They frequently get their wish, as ports 80, 3128 and 8080 are among those most often left open.

Their targets, however, are most likely to leave port 50050 open for exploitation. All told, ports 80, 3124, 3128, 8080 and 50050 comprise over 78% of all ports open for business as unwitting mules for proxying.

Much more here.

Spain Shuts Down 62 Internet Child Porn Forums

A Reuters newswire article, via Yahoo! News, reports that:

Spanish police have arrested six people in Spain and shut down 62 international Internet "communities" that exchanged child pornography, the Interior Ministry said on Saturday.

In an almost year-long investigation, Spanish police detected the Web connections of 2,870 Internet users in 40 countries, including Spain, who distributed pictures and videos of babies and children through online forums or "communities" of paedophiles.

The investigation led to the arrest of six people in Spain who were accused of distributing child pornography, the ministry said in a statement. It carries a sentence of up to eight years in prison.

Friday, January 27, 2006

Feds' Wiretapping Rules Challenged in Court

Declan McCullagh writes on C|Net News:

Universities, libraries and technology companies are asking a federal court to block controversial wiretap rules designed to facilitate police surveillance of the Internet.

In a 71-page brief sent to the U.S. Court of Appeals in Washington, D.C., on Thursday, they ask the judges to overturn a wiretap ruling from the Federal Communications Commission that applies to "any type of broadband Internet access service" and many Internet phone services.

The Bush administration claims that last year's FCC rules are necessary to make it easier to catch "criminals, terrorists and spies" that would otherwise be able to evade detection.

CNNIC Will Revise .CN Domain Name Registration Rules


The China Internet Network Information Center (CNNIC) plans to amend its existing rules surrounding domain name dispute resolutions, leaving trademark owners without claim over some domain names.

The revised rules will feature three major changes with emphases on the protection of a domain name applicant's rights and interests. The rules will go into effect in the next month.

Credit Card Numbers Stolen Off Car Registration Web Site

An AP newswire article by Ray Henry, via Yahoo! News, reports that:

Thousands of credit card numbers were stolen from a state government Web site that allows residents to register their cars and buy state permits, authorities said Friday.

The private company that runs said that 4,118 credit card numbers had probably been taken, a state official said. All online transactions were suspended Friday until any possible security problems could be fixed.

"We just can't risk it," said Department of Administration Director Beverly Najarian.

The company, New England Interactive, originally told state officials late last month that eight credit card numbers were stolen during a security breach, but said Thursday that thousands had probably been taken, Najarian said.

Army to Investigate Gay Porn Allegations

An AP newswire article by Estes Thompson, via Yahoo! News, reports that:

Army officials are investigating allegations that members of the celebrated 82nd Airborne Division appear on a gay pornography Web site, a spokeswoman said Friday.

Authorities at Fort Bragg have begun an inquiry into whether the paratroopers' actions violated the military conduct code.

Division spokeswoman Maj. Amy Hannah declined to say how many paratroopers are involved or identify their unit within the division. A defense official speaking on condition of anonymity said up to seven soldiers are involved.

Is AMD and Google Planning Something?

Charlie Demerjian writes on The Inquirer:

THIS IS A LITTLE more vague than usual, but here goes.

AMD and Google have something cooking. It sounds, from the vague, repeated, and quickly backpedalled upon hints that I am getting to be more than the Cringely-Karts, but no one is being specific.

People keep talking about the impact, and how 'big' and 'good' it is going to be, but the question of what is still up in the air.

Keep an eye out for cars, or 747s, going back and forth between the respective HQs, there is a bunch of work going on.

My bets are on 1) Search accelerators 2) HT backplanes of a large scale 3) Power power power. Anyone know for sure?

U.S. Plans to 'Fight the Net' Revealed

Adam Brookes writes for The BBC:

Bloggers beware.

As the world turns networked, the Pentagon is calculating the military opportunities that computer networks, wireless technologies and the modern media offer.

From influencing public opinion through new media to designing "computer network attack" weapons, the US military is learning to fight an electronic war.

The declassified document is called "Information Operations Roadmap". It was obtained by the National Security Archive at George Washington University using the Freedom of Information Act.

Officials in the Pentagon wrote it in 2003. The Secretary of Defense, Donald Rumsfeld, signed it.

More here.

Tibetans Protest at Googleplex

Elinor Mills writes on the C|Net Google Blog:

A group of Tibetans and supporters held a protest Wednesday night at Google's headquarters in Mountain View, Calif., to oppose the company's launch of a search site for China that censors results that Chinese authorities object to. The results include "Free Tibet," "Tibetan independence" and other terms related to the controversy over China taking control over the formerly independent small central Asian country.

Several dozen people showed up for the protest, waving placards with sayings like "Google Don't Be Evil" in reference to Google's much cited mantra, said Tenzin Wangchuk, president of the Regional San Francisco Tibetan Youth Congress. That group helped organize the protest along with Students for a Free Tibet.

Google representatives did not immediately respond to an e-mail seeking comment.

Microsoft Relesease BlackWorm Anti-Malware Removal Tool After D-Day?

Well, this just doesn't make ANY sense, given that the payload trigger for the BlackWorm worm is 3 February 2006.

Via the Microsoft Anti-Malware Engineering Team Blog:

Microsoft releases a new version of the Windows Malicious Software Removal Tool every month on the second Tuesday of the month together with the other security updates. The next version, targeted for release on February 14th will detect and remove this worm. Also, the beta version of Windows OneCare Live protects against this threat. It can be obtained here:

Having said that, there have been reliable reports that Semantec's removal tool for the BlackWorm worm works fine. You can obtain it here:

More nonsense here.

Bertelsmann May Do IPO?

Via Red Herring.

German media giant Bertelsmann, the name behind Random House publishing and other top properties, said Friday it’s prepared to go public after minority shareholder Groupe Bruxelles said it would exercise an option to ask for an IPO.

Bertelsmann owns some of the most prominent media names and also has a 50 percent stake in Sony BMG Music Entertainment, as well as a 75 percent stake in magazine publisher Gruner+Jahr.

The company used to own a stake in digital music service Napster, but sold the name and remaining assets to Roxio in November 2002 after a series of lawsuits by music companies sent Napster into bankruptcy.

Judge Gives Man Two Years in Microsoft Case

Via Reuters.

A federal judge on Friday sentenced a convicted hacker known as "illwill" to two years in prison for selling the code, or software blueprint, for Microsoft Corp.'s closely guarded Windows programs.

William Genovese, Jr., 29, pleaded guilty last year to one count of unlawful distribution of trade secrets for putting Microsoft's source code for its Windows 4.0 and Windows 2000 programs on his Web site and selling it.

The plea agreement called for a sentence ranging from 10 months to 30 months in federal prison.

"I screwed up," Genovese said in court.

Maryland Court Rules Spam Law Applies to All

An AP newswire article by Kristen Wyatt, via Yahoo! News, reports that:

Annoying e-mails offering home financing deals or other offers can violate Maryland law, even if they're sent from out of state, a state appeals court judge ruled.

Court of Special Appeals Judge Sally D. Adkins rejected an argument by a New York state marketer who said he could not be punished for violating Maryland law because he had no way of knowing whether his e-mails would be opened in Maryland.

Texas AG Investigates Sale of Cell Phone Records

Via The Austin Business Journal.

Spurred by widespread reports of cell phone privacy abuse, Texas Attorney General Greg Abbott is investigating allegations that several Web sites are illegally selling Texas consumers' private cell phone records.

He also contacted cell phone providers about actions they are taking to better safeguard customer information.

"This is a serious breach of personal privacy," Abbott says. "The business of using trickery to obtain consumers' cell phone records amounts to nothing more than the illegal trafficking of private information."

MSN Spaces Update a Little Bumpy

Ed Oswald writes on BetaNews:

Microsoft's MSN division rolled out a new version of its Spaces blogging platform on Thursday afternoon, but it was not without hiccups that caused service to be spotty for over a day following its release.

Users reported issues with image loading, as well as some features not loading correctly or at all. Spaces also seemed much slower than normal for many. "The service may be a little slow for a little while it stabilizes," MSN Spaces product manager Mike Torres told users.

U.S. Court Sets Date for Google Hearing

Nancy Weil writes on InfoWorld:

Google attorneys will square off against the U.S. Department of Justice (DOJ) at a Feb. 27 hearing over the issue of providing the government with information about searches for pornography on the company's site.

U.S. District Court Judge James Ware on Thursday set that hearing date in the case, which will be heard in the U.S. District Court for the Northern District of California in San Jose. U.S. Attorney General Alberto Gonzales filed a motion in that court to compel Google to comply with a subpoena for search records. The DOJ claims that it needs the records to bolster its argument that a federal law is more effective than filtering software when it comes to restricting access by children under the age of 18 to pornographic content on the Internet.

Black Hat Fed: Countries Make Dangerous Cyber Adversaries

Michael Arnone writes on

When other countries launch cyberattacks, the United States should expect to see more robust ways to crack systems and more dangerous methods to manipulate them, two cybersecurity experts said yesterday.

Countries have many resources and can attack at least as effectively as independent cybercriminals can, said Matthew Devost, president and chief executive officer of the Terrorism Research Center.

China, North Korea and Russia already use cyberattacks to advance their interests, Devost said, speaking on a panel at the Black Hat Federal conference in Arlington, Va.

IBM Files For DVR Instant-Replay Patent

Marc Perton writes over on Engadget:

We can only assume that IBM's new focus in seeking patents is to throw in as many gimmicks as possible in order to fend off any claims of prior art. How else to explain this recent application, seeking a patent for "retrospective television viewing?" The application seeks to patent instant replay functions. But not any old instant replay. These are instant replays on a DVR. In a picture-in-picture window. With the data stored in the remote control.

Okay, IBM, you win. We're pretty sure nobody's covered this exact combo of features before. And we're pretty sure nobody's going to rush out and manufacture anything based on this either.

Gaming Hypocrisy: Crime Is OK, but Sex Isn't?

An AP newswire article, via Wired News, report sthat:

The Los Angeles city attorney's office has sued the makers of Grand Theft Auto: San Andreas for allegedly hiding pornographic material inside the video game, officials said.

Rocky Delgadillo said his office sued Rockstar Games and its parent company, Take-Two Interactive Software, for making misleading statements in marketing the game and engaging in unfair competition.

A telephone call made after business hours to a Take-Two spokesman in New York was not returned.

Drunken Gluttons Order and Eat 100-Patty Hamburger

Tech angle: Who cares. :-)

Via Boing Boing.

A group of drunken pals went to an In-N-Out burger shop on Hallowe'en 2004 and demanded a burger with 100 patties, setting some sort of gluttony record at the burger joint. In-N-Out is justly famous for making excellent fast-food burgers in an open kitchen, and for allowing customers to order as many patties as they'd like, at $1 per patty.

The tale told on this website details the attempt of eight people to eat $100 worth of discount fried beef and "sweaty cheese."

User Friendly: Google's Diabolical GMail Game


Click for larger image.

AOL Secures High-Speed Internet Deals

Nate Mook writes on BetaNews:

One day after announcing a deal with Sony to ship its applications on all new VAIO computers and become the default homepage, AOL has inked partnerships with BellSouth and AT&T to bundle exclusive programming for broadband users. AOL will also provide security software to customers from both companies.

With its dial-up business dwindling, AOL has turned to its content and software as a way to keep consumers visiting the company's properties, and in turn focusing on the advertising revenue such traffic brings in. Such deals with BellSouth and AT&T join similar agreements with Verizon and Time Warner as a way to keep AOL relevant in the broadband era.

Japanese Police Arrest Spyware Suspect

Sumner Lemon writes on InfoWorld:

Japanese police have arrested a suspected spyware developer believed responsible for stealing Internet banking passwords, according to Kyodo News.

Atsushi Takewaka is accused of conspiring with Kiichi Hirayama to use a spyware program to steal Internet banking passwords that were later used to withdraw money from online accounts, Kyodo News reported, citing information provided by police in Japan.

Takewaka is believed to have developed the spyware program at Hirayama's request, the Kyodo report said. Hirayama later sent out CD-ROMs to several companies that installed the spyware program when run on a PC, it said, noting that the two men have admitted to stealing around ¥3 million ($25,904) in this way.

UK: BT's Ongoing VoIP Service Problems

Tony Richardson writes on The Register:

BT is keeping its fingers crossed that its Broadband Voice VoIP service is working again after its went titsup earlier this week.

Thousands of BT punters have struggled with the service since last week when the broadband telephony service started to drop calls after around three minutes.

Problems got worse at the weekend when users found the service was completely dead and they were unable to get a dial tone.

A spokesman for the UK telco giant was unable to say how many of its 22,000 Broadband Voice punters had been hit by the glitch, but admitted that it would be in the "thousands".

UK File-Sharers Fined More Than £20,000

Tony Smith writes on The Register:

The English High Court has ordered two men to pay a combined £6,500 in damages after deciding they illegally distributed music through P2P file-sharing networks.

The two cases were brought separately by the British Phonographic Industry (BPI), the UK's equivalent of the Recording Industry Ass. of America (RIAA), and are the first of their kind in the UK. Both men were offered the opportunity to settle, but neither chose to do so, the BPI said. Neither man was named. Fix

Via Enjoy!

Firefox 1.5 Tops 20 Million Downloads

William Eazel writes on

Mozilla has announced that over 20 million internet users have downloaded the Firefox web browser since the release of version 1.5 on 29 November last year.

The company claims to have seen strong demand for the browser, with " hundreds of thousands" of people downloading the new version of Firefox every day since its release.

Interest is thought to have been boosted by the 35 local language versions also available as free downloads.

Megadeth Turns to Online Artists to Revamp Mascot

A Reuters newswire article by Gelu Sulugiuc, via Yahoo! News, reports that:

Heavy metal veterans Megadeth have turned to an online community of artists to redesign their longtime mascot, Vic Rattlehead.

Dave Mustaine, the band's founder, singer and guitarist, ran into licensing issues with the artist who originally drew the mascot in the early 1980s based on Mustaine's idea -- a skull with jaws wired shut, steel visor and metal earplugs.

So he started a contest on Internet site deviantART, where 2 million members post photographs, traditional and digital art, and even poetry.

Bill Gates: Beating Asian Software Piracy Will Take 10 Years

Bill Hirschler writes for Reuters:

Microsoft Corp. founder Bill Gates said on Friday that beating software piracy in China and India and getting compliance up to U.S. and European levels would take 10 years.

Gates said sales of the company's software in both countries were increasing every year and he was optimistic that China and India would eventually adopt proper licensing practices, just as Taiwan and South Korea had done.

Massachusetts Murder Probes eBay Scam, Internet Porn

Alexander Wolfe writes on TechWeb News:

Allegations of an eBay scam and involvement in a get-rich-quick Internet porn scheme are swirling around a Massachusetts murder case.

The case involves the murder of Rachel Entwistle, 27, and her nine-month-old daughter Lillian. The two were found shot to death Sunday in their home in Hopkinton, Mass.

Massachusetts detectives have traveled to England to question Rachel Entwistle's husband, Neil Entwistle. He is being described by police as a "person of interest" in the case, though he is not a suspect at this time, The Boston Globe reported on Friday.

Thursday, January 26, 2006

Intruders at U.S. Chemical Arsenal May Have Been Animals?

Huh? Okay, this is starting to get out of hand....

An AP newswire article, via MSNBC, reports that:

A guard who reported a security breach inside the nation’s second-largest chemical weapons depot may have mistaken wildlife for human intruders, authorities said Thursday.

The commander of the Pine Bluff Arsenal said officials combed the area but found no footprints or other evidence of human intruders.

“There’s no doubt in my mind that the officer saw something, but it wasn’t human,” Col. Brian S. Lindamood said. “At this time I have no idea what it could be.”

Thief Nabs Backup Data on 365,000 Patients

Todd R. Weiss writes on

About 365,000 hospice and home health care patients in Oregon and Washington are being notified about the theft of computer backup data disks and tapes late last month that included personal information and confidential medical records.

In an announcement yesterday, Providence Home Services, a division of Seattle-based Providence Health Systems, said the records and other data were on several disks and tapes stolen from the car of a Providence employee at his home. The incident was reported by the employee on Dec. 31, according to the health care system.

More here.

Feds Arrest Alleged Internet ID Thief

Alorie Gilbert writes on C|Net News:

A California man who allegedly duped America Online customers into disclosing their credit card information over the Web was arrested on wire fraud and other charges Thursday.

According to the charges, Jeffrey Brett Goodin of Azusa, Calif., used the fraudulently obtained information to make unauthorized charges using the credit and debit cards of his victims. He allegedly tricked his victims, all America Online subscribers, by sending e-mails urging them to "update" their AOL billing information or lose their service--a method known as phishing.

Canadian Music Giant Sues RIAA

Wow. Alright!

Andrew Orlowski writes on The Register:

Canada's biggest record label, publisher and management company is suing the Recording Industry Ass. Of America on behalf of a US family targeted by the lobby group for copyright infringement.

The privately-owned Nettwerk Music Group is intervening, it says, because the songs downloaded and identified by the RIAA by the Gruebel family include Avril Lavigne, a Nettwerk management client.

"The current actions of the RIAA are not in my artists' best interests," said Nettwerk chief executive Terry McBride in a prepared statement.

China: Eleven Sentenced For Stealing Little Smart Phones And Calling Cards


Eleven people in Guangdong Province's Zhongshan city have been handed sentences of between 18 months and 15 years' imprisonment for stealing Little Smart PHS phones and their related calling cards.

The court found that the eleven had stolen RMB180,000 [US$22,330] in calling fees and cards as well as 166 Little Smart phones worth RMB83,000 [US$10,297] from Zhongshan Huoju Telecom Branch.

They also stole RMB880,000 [US$109,173] and 495 Little Smart Phones worth RMB247,000 [US$30,643] from the Huangpu Telecom Branch.

There was no word about when the heists took place or whether the eleven will appeal.

Coolness: Home Theater That Looks Like NCC-1701's Bridge

Via Boing Boing.

Captain Kirk would love it.

A geeky home-theater enthusiast has built and lavishly documented a home theater setup that resembles the bridge of the Starship Enterprise.

New Worm Crawling Through Blogs?!

Yes, that's right -- call me a sucker. :-)

Joris Evers writes on the C|Net Security Blog:

I spotted it on Christopher Boyd's Vital Security blog. Chris is a Microsoft security MVP and security research manager at FaceTime, an instant messaging security company. However, this worm appears to have spread much further and has slithered around the world.

The worm is actually an animated GIF image. Bloggers all over have embedded it in their blogs and link to the creator's Web site.To infect your blog, you have to copy and paste a piece of HTML code into your blog.


This is funny, but on the flipside, however, there could be some security implications if the hoster of this "worm" decided to upload a malicious image that took control of the PC's that visit sites that show it. (Or if the hoster's site was hacked.)

More here.

John Gilmore Update: Court Backs Airport ID Checks

A Reuters newswire article, via Wired News, reports that:

Airlines and the U.S. government have the right to keep passengers from boarding planes if they refuse to show personal identification, a U.S. appeals court ruled Thursday.

John Gilmore, co-founder of online civil liberties group the Electronic Frontier Foundation, sued after Southwest and United Airlines in 2002 both did not allow him on board their flights when he refused to show any ID.

In court filing, he argued that requiring identification from airline passengers was unconstitutional, but a three-judge panel of the 9th U.S. Circuit Court of Appeals disagreed.

"We hold that neither the identification policy nor its application to Gilmore violated Gilmore's constitutional rights, and therefore we deny the petition," Judge Richard Paez wrote. "The Constitution does not guarantee the right to travel by any particular form of transportation."

More here.

Online Activists Aid Woman in RIAA Music Piracy Case

An AP newswire article by Jim Fitzgerald, via Yahoo! News, reports that:

Patricia Santangelo just wanted to save money, but the mother of five quickly realized that acting as her own lawyer against the music companies accusing her of illegal downloading was a big-time money-burner. Fortunately, for her, it didn't take long for the Internet crowd to help her out.

Santangelo, who is being sued by the Recording Industry Association of America for allegedly pirating songs, said Thursday that pending court approval she is hiring an attorney to defend her in the civil case being brought here.

The Wappingers Falls woman says she never downloaded any songs and if it was done on her computer by her children or their friends it's the fault of a file-sharing program for allowing them to do it.

No Booze, or Jokes, or Gays (Oh, My!) For Googlers in China

Declan McCullagh writes on C|Net News:

Google's new China search engine not only censors many Web sites that question the Chinese government, but it goes further than similar services from Microsoft and Yahoo by targeting teen pregnancy, homosexuality, dating, beer and jokes.

In addition, CNET has found that contrary to Google co-founder Sergey Brin's promise to inform users when their search results are censored, the company frequently filters out sites without revealing it.

Some of the blackballing appeared to be a mistake. The University of Pennsylvania's entire engineering school server--which hosted one Falun Gong site--was blocked from Google's China site. So was an Essex County Web site, which sports the word "sex"--as in "Essex"--in its domain name. also doesn't display to someone who's hunting for the rival Microsoft service.

NASA Pauses to Honor Fallen Astronauts

The 20th anniversary of the Challenger tragedy adds special
poignancy to NASA's "Day of Remembrance" observations this year.
This 1986 photo shows the Challenger crew members:
Ellison Onizuka, Mike Smith, Christa McAuliffe, Dick Scobee,
Greg Jarvis, Ron McNair and Judy Resnick.
Image source: MSNBC / AP

I'll never forget where I was when the Challenger disaster happened -- I was at home on leave from the U.S. Army in Germany, at my mother's house in Southwestern Virginia (the house I basically grew up in). I was just getting out of the shower, and while I was shaving, I had the door open in the bathroom so I could watch the television in the adjoining family room.

About 5 years later, I went in to work for NASA Space Station, through one of the SSEIC (Space Station Engineering Contractors) partners -- Grumman Aerospace (now Northrop Grumman) when the Space Station proram office was in it's infancy in Reston, Virginia -- they later moved the program office to Houston.

I guess some things you never forget. And they will not be forgotten.

An AP newswire article by Pam Easton, via MSNBC, reports that:

NASA employees throughout the country paused Thursday to rededicate themselves to space exploration and remember their 17 astronaut colleagues who died pursuing it.

"They and their families sacrificed much in the pursuit of their dreams and our dreams. We have not, will not, ever forget what their sacrifice has meant to each of us," Johnson Space Center Director Mike Coats told hundreds of NASA workers.

NASA Administrator Michael Griffin said he would lay a wreath at Arlington National Cemetery in memory of the astronauts lost in the Apollo 1, Challenger and Columbia tragedies.

H5N1 News: Scientists Develop Bird Flu Vaccine

A UPI newswire article, via, reports that:

University of Pittsburgh scientists say they've genetically engineered an avian flu vaccine that has proven 100 percent effective in mice and chickens.

The vaccine was produced from the critical components of the deadly H5N1 virus that has devastated bird populations in Southeast Asia and Europe and has killed more than 80 people.

Since the newly developed vaccine contains a live virus, researchers say it may be more immune-activating than avian flu vaccines prepared by traditional methods. Furthermore, because it is grown in cells, it can be produced much more quickly than traditional vaccines, thereby making it an extremely attractive candidate for preventing the spread of the virus in domestic livestock populations and, potentially, in humans.

Gadget of the Day: A Beer Pouring Robot!

Image source: Gizmodo

Via Gizmodo.

This is it, it has finally happened. I think I can confidently say that regardless of anything else posted here, nothing will ever top this gadget. This is Asahi, a beer pouring robot from Japan. It can refrigerate up to six cans of beer, two mugs, and with a simple push of a button it will pour a beer into the mug with perfect head every time.

It gets even better too, this thing is free! Kind of. You have to collect 36 seals found on specially marked Asahi beer, but I wouldn’t have a problem with that. Now if I could only teach it to make me a sandwich and cuddle.

Huawei Says Soft-Switches Held Fast During Haj

A UPI newswire article, via, report that:

China's Huawei Technologies is boasting that its softswitch system helped Saudi Telecom sail through the crush of calls during the recent Haj.

Huawei said Thursday that cell-phone traffic in Saudi Arabia soared to 20 times above normal as more than 3 million Muslim pilgrims gathered in Mecca on Jan. 9 alone. Peak calling attempts reached 300,000 in one hour as the pilgrims called home or kept in touch with other participants in the holy march.

'Bubble' Bursts Over Hollywood

This should actually prove to be an interesting experiment.

Also, I heard an excellent interview with the Director of this film, Steven Sonderbergh, by Terry Gross on NPR's Fresh Air a couple of days ago -- worth a listen. You can find a pointer to that show here.

This article snippet below comes to us via Red Herring.

In a challenge to the way films are distributed, entrepreneurs Mark Cuban and Todd Wagner on Friday will release their film Bubble in theaters, on cable, and, within days, on DVD.

It’s the first high-profile film to do that, and it will pave the path of what the industry refers to as “simultaneous distribution.” And Hollywood is on the edge of its seat, riddled with a combination of fear and excitement.

If the experiment works, films of equal prominence could follow, breaking the distribution chain that has bound the industry for decades.

Some say the move could kill movie theaters, which are already suffering from competition from “home theaters” that have consumers munching popcorn on their own couches instead of in large auditoriums. The trend is likely to accelerate as the long-awaited convergence of computers and entertainment media finally takes place.

AOL Wins Judgment Against Spammer

An AP newswire article by Matthew Barakat, via The Globe and Mail, reports that:

A man who sent billions of junk e-mails hawking on-line college degrees, sexually explicit websites and "generic Viagra" must pay more than $5-million in penalties to America On-line, a federal judge ruled.

Christopher William Smith, of Prior Lake, Minn., was considered one of the world's worst spammers, operating under the name Rizler. He is now in jail in Minnesota awaiting trial on criminal charges that he violated federal drug laws while operating an on-line pharmacy.

Delay on $20B Federal Network Costs Carriers Million$

Via NetworkWorld.

An unexpected delay in the award of a 10-year, $20 billion network deal will cost U.S. carriers millions of dollars in lost revenue and lack of productivity from key staff, industry analysts say.

In a surprise move, the federal government announced Tuesday it would delay for nine months the award of Networx, which is one of the largest network bids up for grabs in the world today. The Networx program will provide legacy and leading-edge voice, data and video services to all federal agencies.

LURHQ: Current BlackWorm Statistics

BlackWork Infection Distribution by Country.
Image source: LURHQ

Via LURHQ Threat Intelligence Group.

As reported in the previous analysis, BlackWorm contacts a web stats counter to report infections. Working with the ISP hosting the counter along with the TISF BlackWorm task force, we have obtained and analyzed the logs from the counter.

An attempt was made by an unknown party to artificially inflate the counter using a set of 279 distributed (presumably compromised) computers. However, it is easy to differentiate these requests from the actual infected systems. As of the time these statistics were taken, the counter is well above 5 million, however, the actual count of infected users is closer to 300,000 worldwide and not increasing at too great a rate.

Much more here.

U.S. States Ask DHS For More Cybersecurity Cash

Anne Broache writes on C|Net News:

Cybersecurity weaknesses persist in state and local governments because of insufficient money and aid from the U.S. Department of Homeland Security, a recent survey suggested.

The seven-page report [.pdf], which was released Wednesday by the National Association of State Chief Information Officers, recommends that the Department of Homeland Security pay for fellowships for state and local employees in the agency's National Cybersecurity Division, better define and market what federal resources exist for combating cyberthreats, and hand over more funding for local training programs.

Dilbert: Serve Someone

Click for larger image.

How the Malicious Software on Sony CDs Works

Via Boing Boing.

Security researchers at Princeton are making great strides in picking apart the systems used by copy-restriction companies to corrupt the CDs sold by music labels like Sony-BMG. Princeton's Alex Halderman has published preliminary results of his and Ed Felten's work on reverse-engineering the Digital Rights Management systems that were the subject of so much controversy when Sony was caught infecting its customers' computers with them: MediaMax from Suncomm and XCP from First4Internet.

Halderman's paper shows that these systems contain numerous implementation mistakes that would make it simple to circumvent them, once their presence was known.

Much more here.

Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack

Via Cisco.

The Cisco VPN 3000 series concentrators are a family of purpose-built, remote access Virtual Private Network (VPN) platforms for data encryption and authentication.

A malicious user may be able to send a crafted HTTP (Hypertext Transfer Protocol) packet to the concentrators which may cause the device to reload and drop user connections.

Repeated exploitation of this vulnerability will create a sustained DoS (denial of service).

Ben Edelman: Pushing Spyware Through Search

Image source:

The "Guru of All Things Spyware and Adware," Ben Edelman, writes on his blog:

Much of the computer security industry acts like spyware is immaculately conceived. Somehow it just appears on computers, we are led to believe, and supposedly all we can do is clean up the mess after it happens, rather than prevent it in the first place. I disagree.

Now, we all love Google. I use Google's search site all day every day, and I enjoy their downloadable applications too. So I have the greatest respect for Google's core service. But there's another side to their business. Indirectly, Google and other search engines make big money from spyware, through paid search advertising that infects users who don't know any better or don't understand what they're getting into.

Much more here.

Microsoft CEO Steve Ballmer to Speak at WCIT 2006

Via The Austin Business Journal.

Microsoft Corp. CEO Steve Ballmer will speak at the World Congress on Information Technology 2006.

WCIT 2006 Inc. is the nonprofit organizing [this] year's World Congress on Information Technology in Austin, which is expected to draw 2,000 attendees from 80 countries and generate $44 million for the Texas economy.

University of Texas Gets IBM 'Champion' Supercomputer

Via The Austin Business Journal.

The Texas Advanced Computing Center at the University of Texas is the new owner of an IBM Corp. supercomputer able to handle 730 billion calculations per second.

The machine will be the most powerful computer of its type in Texas. The center has named it "Champion" in honor of UT's recent national championship titles in football and baseball.

Fear of Evolution Debate Delays Florida Science Curriculum

A UPI newsbrief, via, reports that:

Florida's public school science curriculum won't be updated until 2008, reportedly to avoid an evolution fight until Gov. Jeb Bush leaves office.

The Miami Herald reported last month the update was likely to be delayed far beyond its originally scheduled completion of in June 2007. The curriculum review is now expected to be finished by February 2008.

Until that review is completed, Florida Education Commissioner John Winn has said he will not take a position on how the state's public schools should teach the origins of man.

Seven Admit Copying Star Wars DVD

Via The BBC.

Seven Star Wars fans have admitted copying Revenge of the Sith a week before its cinema release.

They admitted piracy charges after copying and passing a DVD copy of the movie among them last May.

The six US men and one woman also pleaded guilty to criminal conduct in allowing an eighth person to obtain the film and upload it onto the internet.

They each face a maximum penalty of a $100,000 (£56,000) fine and one year in jail when sentenced on 12 April.

Level 3 Buys Progress Telecom For $137M

Matt Hines writes on eWeek:

Level 3 Communications announced that it has acquired Progress Telecom, a provider of wireless and land-line phone services in the Southeastern United States, for about $137 million in cash and stock.

Under the terms of the deal, Level 3 will pay $68.5 million in unregistered shares of its stock and $68.5 million in cash to Progress Energy and Odyssey Telecorp, the joint owners of Progress Telecom.

Better Hacking Through Science: New and Improved Ways to Hide Rootkits

William Jackson writes on

In the cat-and-mouse game of computer security, rootkits are a powerful way to hide malicious code on a compromised computer where it is difficult to detect and remove.

As detection tools become more sophisticated, one researcher thinks that the BIOS may be the new frontier for rootkits.

“There are no tools now to audit your BIOS for a rootkit,” said John Heasman, principal security consultant for NGS Software Ltd. of the U.K. Heasman, speaking at the Black Hat Federal Briefings in Arlington, Va., described a proof of concept technique for placing a rootkit at such a low level on the computer’s system that it would survive reboots, reinstallation of operating systems and even replacement of the hard drive.

More here.

UK: Denial of Service to be Criminalized by Autumn 2006


Launching a Denial of Service attack in the UK is set to become a new offence within the year. The Government included updates to the country's main cybercrime law – with new offences and stiffer penalties – in its Police and Justice Bill, introduced yesterday.

The Computer Misuse Act is now 15 years old and legal experts have long questioned whether it adequately outlaws Denial of Service attacks. This is an attack in which a web or email server is deliberately flooded with information to the point of collapse. Fix

Via Enjoy!

Mike Magee Sells The Inquirer to VNU (?!)

Kieren McCarthy writes on his blog:

This is one really only for the IT online media industry, but I've just heard that "Mad" Mike Magee has sold his break-away IT news website The Inquirer to VNU.

What an extremely odd sale. I don't know how much Mike got (hopefully plenty) but this has to be one of the most unlikely deals since the dotcom boom.

The Inquirer is very much the creation of Mike Magee - short, tight news clips and throw-away pieces of gossip usually covering a niche part of the IT market.

We Already Knew It: Engineers Just Want To Have Fun

...although I don't immediately see any mention of "drinking beer"...

A UPI newswire article, via, reports that:

Researchers writing in IEEE Spectrum's February issue say you wouldn't believe what some engineers get to do for a living.

The Franklin, Tenn.-based magazine says engineering is sometimes seen as stodgy, yet many engineers find both fun and excitement in their jobs and in locales ranging from the Kalahari bush to the California wine country.

The magazine's study centers on 10 engineers who say they have found their "dream jobs," including designing spy planes, updating R2-D2 and tracking wild animals.

User Friendly: The GMail Delete Button


Click for larger image.

Rumor of the Day: Yahoo! Buying Digg?

Maragret Kane writes on the C|Net Blogma Blog:

Yahoo is at the center of the latest rumor sweeping the blogging world.

Several sites are reporting that the media company is getting ready to acquire, an online news community that's quickly become one of the popular gathering spaces for technophiles.

The reports are still rumors, but most bloggers seemed to think that such a deal makes sense; Yahoo has shown a strong interest in Web 2.0 companies, having acquired Flickr and Delicious.

FTC Fines ChoicePoint Over Data Breach

An AP newswire article by Harry S. Weber, via, reports that:

The Federal Trade Commission said Thursday that data warehouser ChoicePoint Inc. will pay $15 million to settle charges that its security and record-handling procedures violated consumers' privacy rights and federal laws.

The FTC said it had fined the Alpharetta, Ga.-based company $10 million and that Choicepoint would pay an additional $5 million that will be used to compensate consumers.

Choicepoint had revealed last year that its massive database of consumer information was accessed by thieves.

UK: Home Office Pushes Tough Anti-Hacker Law

John Leyden writes on The Register:

The UK Government plans to toughen up computer crime laws under proposals outlined in the Police and Justice Bill on Wednesday. The bill would double the maximum jail sentence for hacking into computer systems from five years to ten years, a provision that will classify hacking as a more serious offense and make it easier to extradite computer crime suspects from overseas. Denial of service attacks, something of a grey area under current regulations, would be clearly classified as a criminal offense under amendments to the 1990 Computer Misuse Act (CMA) proposed in the bill.

Industry pressed for changes along these lines even prior to the 2004 inquiry by MPs that recommended changes to the CMA to modernise UK computer crime law. Other provisions in the bill are likely to prove far more controversial. Clause 35 of the bill contains provisions to ban the development, ownership and distribution of so-called "hacker tools".

But the clause fails to draw adequate distinction between tools which might be used for legal as well as unlawful purposes.

EU Official Surprised by Microsoft Source Code Offer

A Reuters newswire article, via Yahoo! News, reports that:

European Union Competition Commissioner Neelie Kroes said on Thursday she was surprised by Microsoft's decision to disclose its source code.

Kroes said her staff was analyzing whether the offer would resolve a dispute where the Commission has threatened to fine Microsoft up to two million euros daily. One key issue is the Commission's requirement that the software giant must give adequate documentation to rivals.

California Telecom Consumer 'Bill of Rights' Revived

Ryan Kim writes on

The California Public Utilities Commission is about to take up competing proposals to resurrect a far-reaching telecommunications consumer bill of rights that has been on the shelf for a year.

Commissioner Dian Gruenreich unveiled a proposal on Wednesday that would restore key components to strengthen consumer rights that she argues were removed from the original draft of the bill of rights.

Her proposal comes a month after Commission President Michael Peevey unveiled his proposed bill of rights that consumer-rights proponents have decried as too soft.

U.S. Congressman Takes Google to Task on China

Stephanie Kirchgaessner writes on

Google will be called to task in Washington next month following a controversial decision by the internet search engine to launch a China-based version of its website that will censor results to avoid angering the country’s Communist government.

The decision by Chris Smith, a Republican congressman from New Jersey who chairs a House subcommittee on Human Rights, to call for a February 16 hearing to examine the operating procedures of US internet companies in China, represents the first signs of what could become a serious backlash against Google and other internet companies in Washington that are perceived as capitulating to the Chinese government.

Mr Smith on Wednesday accused Google of “collaborating .. with persecutors” who imprison and torture Chinese citizens “in the service of truth”.

U.S. Government Subpoenas Hotmail Account

Via The Inquirer.

THE USA government has issued a subpoena to an individual and to Microsoft to view the contents of a Hotmail account.

John C. Gurganus jr, assistant US attorney at the Department of Justice (DoJ), applied for the subpoena on the 24th of January at the middle district of Pennsylvania (Scranton).

The individual concerned is one Michael Curtis Reynolds.

No details of why the subpoena was issued are in the public domain.

Music Industry Claims Victory in Hong Kong Piracy Court Rule

An AFP newswire article, via Yahoo! News, reoprts that:

Hong Kong's music industry says it has been provided with a crucial weapon in the fight against online piracy after a court ruled Internet service providers hand over personal details on 22 suspected file sharers.

The High Court ordered four firms to submit details of the 22 sought by seven record labels, including the local subsidiaries of global giants like Sony and Warner.

The move is expected to result in legal proceedings against the 22 who are suspected of breaching copyright laws by illegally uploading more than 300 music files each onto the Internet, judicial sources said.

Microsoft to Launch New Internet Research Effort

Via Reuters.

Microsoft Corp said on Thursday that it would launch a new research laboratory aimed at developing technology for the Internet.

The Redmond, Washington-based company said the unit, called Live Labs, would be headed by Dr. Gary William Flake, a Microsoft technical fellow, and include staff from its online service MSN and its main research group.

Wednesday, January 25, 2006

Ameriprise Loses Data on 230,000 Customers and Advisers

Eric Dash writes in The New York Times:

Ameriprise Financial, the investment advisory unit spun off from American Express last year, said today that lists with the personal information of about 230,000 customers and financial advisers were potentially exposed to fraud.

The breach occurred in late December after a company laptop was stolen from an employee's car. It contained lists of reassigned customer accounts that were being stored unencrypted on a computer in violation of Ameriprise's rules.

The information on the laptop included the names and Social Security numbers of more than 70,000 current and former financial advisers and the names and internal account numbers of about 158,000 customers. The data was being stored in separate lists, but it is possible that there could be some overlap between the two.

Patriot Act Talks Hit Roadblock On Privacy Issue

Charles Babington writes in The Washington Post:

Efforts to resolve House and Senate differences over a revised USA Patriot Act have reached a stalemate, a key committee chairman said yesterday. That means the current version of the law is likely to remain in place through next month or longer unless Senate Democrats and a handful of Republicans drop their demands for greater privacy safeguards in a proposed renewal, the chairman said.

But another senator said that the Bush administration continues to discuss possible changes, and that a resolution of the impasse is still possible.

RIM: Work-Around Ready If Needed to Avoid Service Disruption

Matt Hamblen writes on ComputerWorld:

Research In Motion Ltd. (RIM) said today that it has a software work-around design that is ready and can be implemented if necessary to resolve its patent dispute with NTP Inc.

Mark Guibert, vice president of corporate marketing at Waterloo, Ontario-based RIM, responded to a question from Computerworld about the status of any work-around in an e-mail today, and he said that RIM has built software. But he gave few details.

Wal-Mart Launches Online Music Service

An AP newswire article by Marcus Kabel, via Yahoo! News, reports that:

Wal-Mart Stores Inc. launched an online music video and audio service with exclusive studio performances Wednesday, part of a broader strategy to make itself trendier and draw consumers already in the store for cheap staples into other departments.

Dubbed "Wal-Mart Soundcheck", the service features studio performances and interviews with new and established bands and musicians, the Bentonville, Ark.-based company said in a statement. First up were punk pop fivesome Yellowcard and rock band Switchfoot.

AT&T, Avaya, Juniper: All Team-Up On Enterprise & Secure VoIP

A couple of interersting announcements this afternoon.

First: AT&T Teams With Avaya For Enterprise VoIP, NetworkWorld, Author: Tim Greene

AT&T and Avaya have launched an alliance to migrate businesses to VoIP.

Using Avaya gear to run VoIP traffic over AT&T's IP backbone, the companies hope to smooth the way for customers that want to use VoIP in their businesses but also want to do so with a managed service.

While AT&T says its services can interoperate with customer-site gear from other vendors, with this alliance, AT&T offers management of the VoIP network down to the handset.

Second: Avaya, Juniper Team Up For Secure IP Telephony, InfoWorld, Author: Stephen Lawson

Avaya Inc. and Juniper Networks Inc. have tightened a partnership to bring security together with the next wave of enterprise telephony.

Avaya will resell Juniper security products alongside its own IP (Internet Protocol) telephony gear and offer integration and support for both, the companies said Wednesday. Some channel partners of the two vendors will also be able to offer that package, said Lawrence Byrd, director of IP telephony and mobility at Avaya.

'I'm Feeling . . . Surveilled.'

Eugene Robinson writes in a Washington Post OpEd:

Google is able to know too much, and I guess it's no surprise that the Bush administration wants in on the action. The Justice Department's demand to see an entire week's worth of Google searches looks to me like an attempt by the administration to get its foot in the door, and if I'm right, it's even more of an Orwellian threat than the National Security Agency's snooping on phone calls and e-mails.

The NSA snooping is illegal and unforgivable, to be sure, but the spooks want access to communications, and when we communicate with another human being we always censor ourselves to some degree. When we ask a question of Google, it's akin to being in the privacy of the confessional. We lay ourselves bare.

Much more of Mr. Robinson's thoughtful commentary here.

Shanghai Telecom Expands Network Capacity


Cisco announced that Shanghai Telecom will expand on its Cisco Internet Protocol Next-Generation Network (IP NGN) by deploying the Cisco CRS-1 multichassis carrier routing system to meet the future growth demands of its business.

Shanghai Telecom is currently China's leading broadband service supplier with more than 1.7 million broadband users and a large number of Internet data center users. The non-voice business of Shanghai Telecom in the first half of 2005 accounted for 40% of its total business, surpassing in advance its goal of reaching 35% by 2007.

Spam History Goes '404'

Brian McWilliams writes over on the Spam Kings blog:

In recent weeks, spammers have been accused of trying to erase the past. But it seems that anti-spammers sometimes have an interest in obliterating the historical record as well.

Late in 2005, ancient spam king Jerry Reynolds sued anti-spammers Ed Falk and David Ritz to try to get Internet postings about his spam and porn operation removed. We also had the case of the anti-spam software company using search-engine tricks to hide complaints about its spamming. And most recently, there was the pill spammer suing to get Usenet postings about him taken down.

But some anti-spammers have (preemptively?) taken to scrubbing their sites clean of spam-fighting records.

Much more here.

Cisco Security Notice: Response to AAA Command Authorization By-Pass

Via Cisco.

A vulnerability exists within Cisco Internetwork Operating System (IOS) Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (Tcl) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.

Devices not running AAA command authorization feature, or do not support Tcl functionality are not affected by this vulnerability.

Phishing for Open Proxies: Baby Squid Hooked In Under 18 Hours

Via eMail Battles.

Our unpublished squid server was up for just 17 hours and 35 minutes before an attacker tried to use it as an open proxy. The attacker's bot knocked on our door from a Korea Telecom-assigned portable IP. The idea: Use our server to call a server running ip1.cgi, which is based on Proxy Judge. This is code designed to determine the security level of web proxies.

The fact that our visitor used Proxy Judge told us little about intent. That's because both white hats and black hats use programs like Proxy Judge and ip.cgi to return the IP addresses of calling computers.

But after finding the actual command string,, on a few hacking sites, the intentions became clearer. For example, Proxy Leecher, a site that openly posts the IP:Port addresses of open proxies, lists the command string as a proxy judge.

In other words, if the Korean door-knocker had succeeded, our server would have been added to a list of open proxies.

More here.

Capitol Hill Roiling Over Online Phone Records

Roy Mark writes on

The furor over online data brokers selling personal telephone data continues to roil on Capitol Hill with a House panel now demanding to know when the Federal Communications Commission (FCC) will complete its investigation.

Since August, the FCC has been dealing with a barrage of complaints that telephone carriers are not adequately protecting the personal information of subscribers, increasing consumer vulnerability to identity theft, fraud and online stalkers.

The data the brokers are selling allegedly includes numbers dialed, calls received and the location of callers. The privacy watchdog Electronic Privacy Information Center (EPIC) estimates at least 40 Web sites are selling the information.

Researcher Bares Oracle Zero-Day Flaw at Black Hat

Ryan Naraine writes on eWeek:

British security researcher David Litchfield used the spotlight of the Black Hat Federal Briefings here to call attention to a gaping flaw in the Oracle PL/SQL Gateway that remains unpatched three months after it was first reported to the database server giant.

In a rare departure from his company's policy of withholding technical details on unpatched vulnerabilities, Litchfield provided a blow-by-blow demonstration of an exploit that could be used to gain full database administrator control of the back-end database server.

Cray Wins British Nuclear Weapons Deal

Stephen Shankland writes on C|Net News:

Cray has sold an XT3 supercomputer worth more than $36 million to the United Kingdom's Atomic Weapons Establishment, the company said Tuesday.

The system, based on Advanced Micro Devices' Opteron processor and originally developed at Sandia National Laboratories' Red Storm project, will be delivered in the second quarter of 2006 and enter full production use by the end of the year.