Programming Note
I am in the process of moving, travelling, etc. for the next few days, so posting will probably be light.
- ferg
I am in the process of moving, travelling, etc. for the next few days, so posting will probably be light.
- ferg
Vicars in the UK are up in arms after parts of a program they use to organise church services were branded spyware.More here.
Many users of the Visual Liturgy software rendered the program useless after deleting a file wrongly identified as spyware.
The creators of Visual Liturgy criticised anti-virus firm Symantec for the time it took to fix the bug.
Symantec said the mistake had been fixed and users could avoid the problem by updating their anti-virus software.
Roy Mark writes on internetnews.com:
Since the now infamous ChoicePoint data breach 17 months ago, Congress has angrily talked of holding data brokers accountable for the security of consumers' personal identifiable information.More here.
So far, it's still just that: talk.
In the interim, The Privacy Rights Clearinghouse has documented data security breaches affecting almost 90 million people who have had their personal information potentially exposed by unauthorized access to their data.
The list of offenders is long, including Bank of America, LexisNexis, DSW, MCI, Ameritrade, Time Warner, Boeing, Ford Motor Company, Verizon, MasterCard, Wells Fargo, the American Red Cross and a host of colleges and government agencies.
The Fairness Doctrine is a former policy of the United States's Federal Communications Commission. It required broadcast licensees to present controversial issues of public importance, and to present such issues in an honest, equal and balanced manner.More here.
In Red Lion Broadcasting Co. v. FCC (1969), the Supreme Court upheld the constitutionality of the Fairness Doctrine, under challenges that it violated the First Amendment. Although similar laws had been deemed unconstitutional when applied to newspapers (and the court, five years later, would unanimously overturn a Florida statute on newspapers), the Court ruled that radio stations could be regulated in this way because of the scarcity of radio stations.
Critics of the Red Lion decision have pointed out that most markets then and now are served by a greater number of radio stations than newspapers. Critics of the Fairness Doctrine believed that it was primarily used to intimidate and silence political opposition. Although the Doctrine was rarely enforced, many radio broadcasters believed it had a "chilling effect" on their broadcasting, forcing them to avoid any commentary that could be deemed critical or unfair by powerful interests.
The Doctrine was enforced throughout the entire history of the FCC (and its precursor, the Federal Radio Commission) until 1987, when the FCC repealed it in its Syracuse Peace Council decision which was upheld. The Republican-controlled commission claimed the doctrine had grown to inhibit rather than enhance debate and suggested that, due to the many media voices in the marketplace at the time, the doctrine was probably unconstitutional. Others, noting the subsequent rise of right-wing radio hosts like Rush Limbaugh, suggest the repeal was more likely motivated by a desire to get partisans on the air.
Paul Blustein writes in The Washington Post:
Locked in a federal prison in the Nevada desert, tortured by the distant lights of the Las Vegas strip, Jay Cohen couldn't stop thinking about getting even with the government that had put him away -- and his revenge fantasy had a unique twist.More here.
U.S. prosecutors put Cohen behind bars in 2002 for running an Internet gambling site in the Caribbean country of Antigua and Barbuda. Not long before the prison gates clanged shut, he had learned that the federal crackdown on online betting might violate global trade rules.
The Convention on Cybercrime is a sweeping treaty that has been waiting in the wings of the Senate for nearly three years. Now the administration is putting pressure on the Senate to ratify it in the next two days. If it does, it would mean the U.S. would enforce not just our own, but the rest of the world's bad Net laws. Call your Senator now, and ask them to hold its ratification.More here.
The treaty requires that the U.S. government help enforce other countries' "cybercrime" laws - even if the act being prosecuted is not illegal in the United States. That means that countries that have laws limiting free speech on the Net could oblige the F.B.I. to uncover the identities of anonymous U.S. critics, or monitor their communications on behalf of foreign governments. American ISPs would be obliged to obey other jurisdiction's requests to log their users’ behavior without due process, or compensation.
As of Thursday, Aug. 3, 2006, at least 2,584 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,049 died as a result of hostile action, according to the military's numbers.More here.
The AP count is the same as the Defense Department's tally, last updated Thursday at 10 a.m. EDT.
An AP newswire article by Mark Jewell, via Yahoo! News, reports that:
International Business Machines Corp. on Thursday agreed to buy MRO Software Inc. for $740 million, giving IBM a niche provider of software and services to help customers including nuclear power plants and oil companies make the most efficient use of industrial assets.More here.
The acquisition is expected to close in the fourth quarter, subject to approval of MRO's shareholders and regulatory reviews.
IBM, which has been a business partner of MRO in recent years, plans to fold MRO into IBM's Tivoli software unit.
Sean Michael Kerner writes on internetnews.com:
RSS is a great technology for delivering content; it's also a potentially destructive tool for hackers to use as an attack-delivery system.More here.
In a Black Hat presentation here, SPI Dynamics Security Engineer Robert Auger laid bare the plain facts on RSS and ATOM feed exploitation.
Auger tested both Web-based and local RSS readers and found both types to be ripe platforms for malicious users to exploit with code injection that could steal users' credentials, cookies, keystrokes and other information.
Wade-Hahn Chan writes on FCW.com:
The Department of Homeland Security needs to address some basic security problems before fully deploying its system for issuing biometric-based identification cards to transportation workers nationwide, according to a report from the department's inspector general.More here.
A redacted version of the report, released Aug. 2, states that the Transportation Worker Identification Credential (TWIC) program has significant security vulnerabilities in its systems, documentation and program management.
“The security-related issues identified may threaten the confidentiality, integrity and availability of sensitive TWIC data,” the report states. “Until remedied, the significant security weaknesses jeopardize the certification and accreditation of the systems prior to full implementation of the TWIC program.”
Specifics on the number and types of vulnerabilities were censored in the edited report. However, the problems are related to default security settings and accounts as well as patch management, the report indicates.
Brian Krebs writes on Security Fix:
Just sat through a rather disturbing presentation here at Black Hat on how bad guys can use Javascript to circumvent hardware and software firewalls and wreak havoc on a target's internal network.More here.
Jeremiah Grossman and T.C. Niedzialkowski, both of Santa Clara, Calif.-based WhiteHat Security, showed Javascript tricks that could allow attackers to monitor which sites users have visited, change the configuration of their firewalls, and even record victims' keyboard strokes.
Using a Web server he and Niedzialkowski had seeded with invisible code, Grossman demonstrated how he could view which sites a test browser had recently visited. The code also divulged the user's internal network address -- information that is supposed to be hidden by the firewall. Later in the demo, he showed a Javascript attack that altered the test victim's firewall settings to allow attackers to punch through directly into the internal network.
Desperate to get his massive and controversial telecom bill through Congress this year, U.S. Sen. Ted Stevens of Alaska has gone, well, postal: a glossy direct-mail-style brochure trumpeting the legislation.More here.
But the two-sided tri-panel pamphlet put out by the Senate Commerce Committee that Stevens, 82, heads is anything but slick. Presumably aimed at fellow senators, it features kitschy shots of the wonders of modern technology--iPods, laptops and flat-screen TVs. It also lists groups supporting "major pieces" of the bill, from the telecom and cable-TV lobbies down to the Christian Musician Publishers Association and the Veterans of Foreign Wars.
"I've never seen anything like this," said Art Brodsky, a spokesman for Public Knowledge, a communications think tank that opposes the bill. "It's just amazing."
Though the bill aims primarily to shore up the massive fund that pays for telephone service in rural areas and speed the entrance of telephone companies into the subscription-TV business, it has run up against the vexing issue of "net neutrality."
Two spacewalking astronauts did so well at their international space station repairs that they finished up 90 minutes early and got extra jobs from NASA's massive orbital honey-do list.More here.
German astronaut Thomas Reiter even had a moment to marvel at the weakening Tropical Storm Chris below.
"Incredible. It's not as bad out there," he said, noting the same changes as meteorologists on the ground.
The primary chore of Reiter and his American partner Jeff Williams during their six-hour adventure was to repair a new cooling system so it could be put into operation by December.
An AP newswire article, via MSNBC, reports that:
The Federal Communications Commission Wednesday ordered Time Warner Cable to reinstate the NFL Network on systems the company acquired from Adelphia Communications Inc.More here.
The commission issued an emergency order to reinstate the network on a temporary basis after NFL Enterprises LLC complained the network was booted without giving subscribers the required 30-day notice. The cable network, a division of Time Warner Inc., is scheduled to show 54 NFL preseason games and eight NFL regular-season primetime games this season. Preseason play begins Aug. 11.
An AP newswire article by Dan Goodin, via SFGate.com, reports that:
After suffering embarrassing security exploits over the past several years, Microsoft Corp. is trying a new tactic: inviting some of the world's best-known computer experts to try to poke holes in Vista, the next generation of its Windows operating system.More here.
Microsoft made a test version of Vista available to about 3,000 security professionals Thursday as it detailed the steps it has taken to fortify the product against attacks that can compromise bank account numbers and other sensitive information.
"You need to touch it, feel it," Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. "We're here to show our work."
Via The Microsoft Security Bulletin Advance Notification.
On 8 August 2006 Microsoft is planning to release:More here.
Security Updates
Ten Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Ryan Naraine writes on eWeek:
Michael Lynn, the security researcher who provoked a firestorm of controversy at the 2005 Black Hat conference, just wants to fly under the radar this year.More here.
Lynn, who quit his job at Atlanta-based Internet Security Systems to discuss a serious flaw in Cisco IOS (Internetwork Operating System), was spotted attending sessions and gabbing with his peers, a Black Hat conference bag slung over his shoulder.
"I'm here as an attendee. Nothing to say, man," Lynn said, politely declining a request for an interview.
Wayne Rash writes on eWeek:
The Federal Communications Commission decided Aug. 3 to reaffirm its stance on the deployment of broadband-over-power-line technology. In a Memorandum Opinion and Order adopted by the FCC today, the commissioners affirmed that BPL providers have the right to provide data access using power transmission lines, provided they don't interfere with existing radio services.More here.
By adpting this order, the FCC rejected requests by several groups, including the amateur radio community, the aviation industry and broadcasters, to either limit the service or to disallow it completely. However, the FCC did adopt provisions to protect some aeronautical stations and to protect radio astronomy sites from interference.
Ellen Messmer writes on NetworkWorld:
The invite-only party last night that Cisco held at a nightclub for Black Hat conference attendees was crashed by security researcher Michael Lynn, who last year was sued by Cisco for revealing a serious flaw in Cisco routers.More here.
Along with some friends, Michael Lynn, who now works for Cisco rival Juniper Networks, evaded the security checks Cisco had put in place for the party, which included a name check and legal identification. Lynn and his friends, declaring "Cisco owes us a drink," gleefully posed in front of a Cisco sign inside the Pure Nightclub. Once aware the Lynn entourage had crashed the party, Cisco employees took it in stride.
“We’re here to let security researchers know we want to work with them,” said Jeff Platon, Cisco’s Vice President of Security Solutions Marketing, with some diplomacy.
Sean Michael Kerner writes on internetnews.com:
It wasn't that long ago that phishing was an e-mail-only issue. But that has recently changed with the introduction of terms such as vishing into the security lexicon.More here.
In a presentation here at the Black Hat conference, Security Researcher Jay Shulman explained how to execute a phishing scam with the help of Digium's Asterisk PBX.
The Asterisk VoIP PBX project is perhaps the most well known and popular open source VoIP project in the world today.
It is lowering the barrier to telephony entry for millions, including hackers out to steal your money and personal information.
A Reuters newswire article, via CNN/Money, reports that:
Time Warner Inc.'s AOL online division said Thursday about 5,000, or about 26 percent of its 19,000 employees, will not be employed by the company within six months as a result of its restructuring.More here.
"At a company meeting this morning, Jon Miller (AOL CEO) told AOL's worldwide work force of 19,000 people that within six months, it was likely that around 5,000 employees would no longer be with the company," the company said in a statement.
AOL, which is in the process of selling its European Internet access business, employs about 3,000 employees in its access business in Europe, one source said.
Via KXAN.com (Austin, Texas).
An Austin company is caught in the crossfire of the Mid-East war as Hezbollah's terror reaches Central Texas.More here.
Broadwing Communications essentially threw Hezbollah off of the Internet this week. It came after the discovery that terror propaganda was linking to the company's network.
It wasn't Hezbollah bombs or rockets that hit Austin-based Broadwing Communications this week.
"It is alarming," Donovan Dillon with Broadwing Communications said.
It was cyber-terrorism.
"We certainly do understand that these threats do exist," Dillon said.
In an exclusive interview, Broadwing executives told us how Al Manar TV, the propaganda arm of the Lebanese terror organization was able to get on the Internet. It was done by hijacking the Web service of one of Broadwing's customers linking Al Manar to a Broadwing Internet address.
Vanessa Washington and Andrew Katz report on ABC News' "The Blotter":
Members of Congress who are leading the crusade against identity theft may have unwittingly exposed themselves to the very crime they seek to eradicate.More here.
Co-sponsors for the "Financial Data Protection Act of 2006" revealed personal information in their public financial disclosure forms, according to the Center for Responsive Politics. These disclosures are published annually by Congressional watchdog groups. The Center, out of consideration for the privacy of Representatives Pryce and Scott, redacted their sensitive information before posting the forms on their website.
Co-sponsors Rep. Deborah Pryce (R-OH) and Rep. David Scott (D-GA) both opted to provide personal brokerage statements in lieu of filing the standard federal form.
In doing so, Rep. Pryce's office did not redact account numbers and other personally identifiable data, thus exposing her to possible identity theft.
A group of US record labels agreed to drop a music piracy case in the US after the alleged file-sharer argued that it could not be proved that she downloaded any illegal music. The case may set a precedent that undermines scores of other music piracy cases.More here.
Tammie Marson of Palm Desert, California refused to pay the initial $3,500 demanded by a group of record labels and opted to fight the case in court. Marson and her lawyer Seyamack Kouretchian of Coast Law Group argued that the fact that Marson's computer contained illegal music files downloaded over her internet connection was not proof that she had committed a crime.
The record companies – Virgin, Sony BMG, Arista, Universal and Warner Brothers – agreed to dismiss the case and pay their own legal costs.
Matt Hines writes on eWeek:
The Federal Trade Commission is asking corporations to report incidents when they are victimized by spyware attacks, but some experts say the process of doing so puts businesses in a tricky position, where they must weigh the benefits of pursuing malware code distributors against the potential for legal recrimination.More here.
Speaking at a roundtable discussion on the topic of spyware at the Black Hat Briefings security conference being held here July 31 through Aug. 3, Eileen Harrington, a deputy director in the Bureau of Consumer Protection at the FTC, said that companies will need to be more forthcoming if they are to help the agency track down malware writers and take those individuals to court.
Kim Zetter writes on Wired News:
A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.More here.
The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy.
"The whole passport design is totally brain damaged," Grunwald says. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."
Grunwald plans to demonstrate the cloning technique Thursday at the Black Hat security conference in Las Vegas.
Apple Computer Inc. on Thursday said it had reached agreements with Ford Motor Co., General Motors and Mazda Motor Corp to make it easier to connect its popular iPod music player to car stereos.More here.
More than 70 percent of 2007-model cars in the United States will offer a way to link up the iPod with car stereos under the agreements, Apple said.
GM will offer iPod connections on all 56 of its models, representing millions of cars and trucks, Apple said. Mazda's global 2007 lineup of cars and sports utility vehicles will offer an iPod feature as well.
Project MKULTRA (also known as MK-ULTRA) was the code name for a CIA mind-control research program that began in the 1950s, and continued until the late 1960s.More here.
There is much published evidence that the project involved not only the use of drugs to manipulate persons, but also the use of electronic signals to alter brain functioning.
It was first brought to wide public attention by the U.S. Congress (in the form of the Church Committee) and a presidential commission (known as the Rockefeller Commission) and also to the U.S. Senate.
Headed by Dr. Sidney Gottlieb, MKULTRA was started on the order of CIA director Allen Dulles on April 13, 1953, largely in response to alleged Soviet, Chinese, and North Korean use of mind-control techniques on U.S. prisoners of war in Korea. The CIA wanted to use similar methods on their own captives. The CIA was also interested in being able to manipulate foreign leaders with such techniques, and would later invent several schemes to drug Fidel Castro.
In 1964, the project was renamed MKSEARCH. The project attempted to produce a perfect truth drug for use in interrogating suspected Soviet spies during the Cold War, and generally to explore any other possibilities of mind control.
Because most of the MKULTRA records were deliberately destroyed in 1972 by order of the Director at that time, Richard Helms, it is impossible to have a complete understanding of the more than 150 individually funded research projects sponsored by MKULTRA and related CIA programs.
Experiments were often conducted without the subjects' knowledge or consent.
This is very disturbing, if for no other reason than simply because of the administration's desire to do an end-around the legal process when things don't quite go their way.
R. Jeffrey Smith writes in The Washington Post:
A draft Bush administration plan for special military courts seeks to expand the reach and authority of such "commissions" to include trials, for the first time, of people who are not members of al-Qaeda or the Taliban and are not directly involved in acts of international terrorism, according to officials familiar with the proposal.More here.
The plan, which would replace a military trial system ruled illegal by the Supreme Court in June, would also allow the secretary of defense to add crimes at will to those under the military court's jurisdiction. The two provisions would be likely to put more individuals than previously expected before military juries, officials and independent experts said.
The draft proposed legislation, set to be discussed at two Senate hearings today, is controversial inside and outside the administration because defendants would be denied many protections guaranteed by the civilian and traditional military criminal justice systems.
Under the proposed procedures, defendants would lack rights to confront accusers, exclude hearsay accusations, or bar evidence obtained through rough or coercive interrogations. They would not be guaranteed a public or speedy trial and would lack the right to choose their military counsel, who in turn would not be guaranteed equal access to evidence held by prosecutors.
An AP newswire article by MaryClaire Dale, via SFGate.com, reports that:
Two doctors helped peddle millions of dollars' worth of diet drugs through an online pharmacy, approving thousands of prescriptions without seeing anyone in person, according to charges filed Wednesday.More here.
By signing off on the orders, Doctors Ranvir Ahlawat and Steven Klinman helped RxMedicalOne.com take in $33.6 million in nine months, according to the indictment.
Most of the orders were for highly addictive, controlled drugs, they said.
"This is high-tech drug dealing," said U.S. Attorney Patrick Meehan.
Colin Clark writes on Space.com:
NASA project managers are meeting daily to figure out how to avoid losing mission data from the Mars Reconnaissance Orbiter (MRO) and the Cassini spacecraft as a result of a longer than planned shutdown of one of the three antennas that comprise Deep Space Network (DSN), agency officials said today.More here.
The problem is that two giant bearings that allow the DSN's antenna in Madrid, Spain to rotate have failed, forcing NASA to take it offline for three months longer than originally planned.
The antenna was going to be down from the end of June until the beginning of October for routine maintenance. Replacing the bearings and testing the equipment means it will be out of commission until the beginning of January, Michael Rodrigues, program manager for the Deep Space Mission System at NASA's Jet Propulsion Laboratory in Pasadena, Calif., said Aug. 2.
Paul F. Roberts writes on InfoWorld:
Network access control technology has been promoted as the savior of beleaguered enterprise networks, but enterprise IT managers who are hanging their hat on client health screening should think again, according to security expert Ofir Arkin of Insightix.More here.
In a presentation at this year's Black Hat Briefings conference in Las Vegas, Arkin raised questions about the efficacy of NAC technologies from vendors such as Cisco, Microsoft, and Symantec, saying the current generation of NAC solutions are riddled with holes that make it easy for hackers to circumvent their protections.
A Cisco executive acknowledged that the technology has a way to go before it provides comprehensive protection.
Ryan Singel writes on 27B Stroke 6:
The Electronic Frontier Foundation's lawsuit against AT&T for its alleged complicity in the government's warrantless wiretapping program came to a sharp, though possibly temporary halt Wednesday.More here.
Judge Vaughn Walker, who allowed the suit to go forward despite the government's claim that the lawsuit would endanger national security, called a temporary halt to the proceedings.
AT&T, which had until Thursday to answer the allegations in the EFF's original complaint, told the judge it could not do so without revealing state secrets -- so the company wants not to have to answer until an appeals court hears the government's appeal (and possibly its own as well).
Walker granted the stay, at least until the planned August 8 hearing, when the government and AT&T can argue to have the whole case stayed while both attempt to get the Ninth Circuit to hear their appeal of Walker's decision not to toss the case.
An AP newswire article by John Hanna, via ABC News, reports that:
Conservative Republicans who pushed anti-evolution standards back into Kansas schools last year have lost control of the state Board of Education once again.More here.
The most closely watched race was in western Kansas, where incumbent conservative Connie Morris lost her GOP primary Tuesday. The former teacher had described evolution as "an age-old fairy tale" and "a nice bedtime story" unsupported by science.
As a result of Tuesday's vote, board members and candidates who believe evolution is well-supported by evidence will have a 6-4 majority. Evolution skeptics had entered the election with a 6-4 majority.
More than 30 groups from across the political spectrum today sent a letter urging Senate Judiciary Committee Chairman Arlen Specter (R-Pa.) to abandon a proposal that would authorize unchecked, warrantless surveillance of Americans in the United States.More here.
Ostensibly intended to bring the White House's warrantless surveillance programs under some sort of judicial review, the proposed legislative "compromise" does not bind the administration to make any changes to its programs if they are deemed by a court to be overreaching.
The bill also provides broad new surveillance powers to this and future administrations. The groups made it clear that even maintaining the status quo would be preferable to passing the Specter-Cheney compromise.
Joris Evers writes on C|Net News:
The FBI needs help from hackers to fight cybercrime, an agency official said Wednesday.More here.
"We need your expertise and input as we develop strategies to battle cybercrime in the 21st century," Daniel Larkin, a unit chief in the FBI's cybercrime division, said in his opening address at the annual Black Hat security confab here.
As cybercrime has continued to become more sophisticated and organized, federal agencies have increasingly sought to partner with the private sector. Earlier this year, FBI Director Robert Mueller used the RSA Conference to send out a similar message.
XO Communications this week said it is upgrading the capacity of its intercity links to 100Gbps. XO said the upgrade will allow it to more than double network capacity and offer 10Gbps services for content providers, enterprises and service providers in the 37 U.S. cities it serves.More here.
Previously, XO services topped out at 2.5Gbps. XO’s upgrade will initially deliver 10 x OC-192 of capacity between any two cities on the XO nationwide network. XO said it will also be able to provision or upgrade customer circuits in a matter of hours vs. days using digital optical networking systems from Infinera.
An AP newswire article by Justin Pope, via ABC News, reports that:
Incoming college students are hearing the usual warnings this summer about the dangers of everything from alcohol to credit card debt. But many are also getting lectured on a new topic the risks of Internet postings, particularly on popular social networking sites such as Facebook.More here.
From large public schools such as Western Kentucky to smaller private ones like Birmingham-Southern and Smith, colleges around the country have revamped their orientation talks to students and parents to include online behavior. Others, Susquehanna University and Washington University in St. Louis among them, have new role-playing skits on the topic that students will watch and then break into smaller groups to discuss.
An AP newswire article by Katie Fretland, via The Boston Globe, reports that:
"Star Trek" memorabilia spanning four decades -- including Vulcan jewelry and Starfleet mini-dresses -- went on display Wednesday in London in preparation for the first official auction of studio items from the sci-fi phenomenon.More here.
The collection of more than 1,000 items is being sold CBS Paramount Television to celebrate the 40th anniversary of the first "Star Trek" TV episode, said Helen Bailey, head of entertainment collections at Christie's auction house. The show ran from 1966 to 1969, but spawned five spinoff series and 10 films.
Weapons and models of the Starship Enterprise from the original series to the 2002 movie "Star Trek: Nemesis" remain on display at Christie's in central London until Tuesday, before going to four U.S. cities en route to Christie's in New York City for the three-day sale beginning Oct. 5.
Construction has started on a new U.S. research center dedicated to high-powered military lasers.More here.
The first order of business for the Directed Energy Production Facility at Northrop Grumman's Space Park campus in Southern California will be Phase 3 of the Joint High-Power Solid-State Laser (JHPSSL) program.
The JHPSSL is being developed as a defense against incoming cruise missiles. Engineers are in the process of ratcheting up the weapon's power to 100 kilowatts (kW), a level at which lasers could be used against a variety of rockets and artillery shells. Current power levels in the project are running around 25 kW.
Christian Beckner writes on Homeland Security Watch:
Vanity Fair has a new story online today that provide a detailed chronology of the morning of 9/11 from the perspective of the Northeast Air Defense Sector (NEADS), the East Coast regional HQ for NORAD.Much more here.
The author of the story received 30 hours of audio files from the operations floor at NEADS, which serve as the basis for the piece. The tapes tell a story of mass confusion on the day of 9/11, with multiple contradictory pieces of evidence about hijackings lasting all day. And while F-15 fighters were finally in place over DC after AA 77 hit the Pentagon, they were not authorized to shoot down UA 93 until after it had already crashed in Shanksville, PA, in large part because the FAA did not notify NORAD about UA 93 for 35 minutes.
This belies the commonly-accepted wisdom about this decision...
A series of hidden texts written by the ancient Greek mathematician Archimedes are being revealed by US scientists.More here.
Until now, the pages have remained obscured by paintings and texts laid down on top of the original writings.
Using a non-destructive technique known as X-ray fluorescence, the researchers are able to peer through these later additions to read the underlying text.
The goatskin parchment records key details of Archimedes work, considered the foundation of modern mathematics.
An AFP newswire article, via PhysOrg.com, reports that:
Outer space is emerging as a possible theater of operations for China's armed forces, an analysis published in the mass-circulation People's Daily said.More here.
The analysis, authored by a group of unnamed researchers at the National Defense University, listed space as an area where the People's Liberation Army must be equipped and prepared to defend the nation's interests.
The city of Cork will have to take a Dutch company to arbitration if it wants to continue to fight for the cork.eu domain name. The City Council of Ireland's second largest city lost its arbitration case against .eu domain registry EURid.More here.
Cork.eu was registered by Traffic Web Holding (TWH), a company with a Benelux trade mark on the term 'cork'. TWH applied for the domain on 5th January of this year. Cork City Council filed its application on 11th January but argued that it should be awarded the domain because it filed supporting documentation before TWH did. The arbitration panel rejected that argument.
Robert McMillan writes on InfoWorld:
A Seattle-based security researcher has devised a way to test for net neutrality. Dan Kaminsky will share details of this technique, which will eventually be rolled into a free software tool, on Wednesday at the Black Hat USA security conference in Las Vegas. The software can tell if computers are treating some types of TCP/IP traffic better than others -- dropping data that is being used in VOIP (voiceover Internet Protocol) calls, or treating encrypted data as second class, for example.More here.
Kaminsky calls his technique "TCP-based Active Probing for Faults." He says that the software he's developing will be similar to the Traceroute Internet utility that is used to track what path Internet traffic takes as it hops between two machines on different ends of the network.
But unlike Traceroute, Kaminsky's software will be able to make traffic appear as if it is coming from a particular carrier, or being used for a certain type of application, like VOIP. It will also be able to identify where the traffic is being dropped, and could ultimately be used to finger service providers who are treating some network traffic as second-class.
Juha-Matti writes over on the SecuriTeam blogs:
The main site http://www.feb.gov is not accessible and probably disconnected from the Internet.More here.
This entry is not starting my daily defacement report about interesting targets, but Google’s cache lists more than twenty feb.gov sites in different states and all of these have been defaced.
Lucia Kubosova writes on EUobserver.com:
France has recorded the highest number of counterfeit euro banknotes, originating mostly from eastern Europe, Italy and Colombia.More here.
In the first half of 2006, 30 percent of the total number of 300,000 fake euro notes withdrawn from circulation were discovered in France, UK daily The Independent reports.
French police say European counterfeiters seem to have cracked the sophisticated security code used for euro bank notes.
As banks face an end-of-year deadline to strengthen online authentication, one company believes it holds the right card to customer security--a one-time-password.More here.
Los Angeles-based Innovative Card Technologies, or InCard, has found a way to build a display, battery and password-generating chip into a card, such as a credit card. The technology competes with tokens, such as those sold by RSA Security, Vasco and VeriSign.
In the August 2006 survey we received responses from 92,615,362 sites, an increase of 4.4 million sites (4.8%) from the July survey. This is the largest numerical gain yet for the survey, surpassing the 3.96 million site increase in June. The biggest one-month percentage growth remains the 8.5% jump in March 2003.More here.
This month's data spotlights the fierce rivalry between Microsoft and Google, as the free blog services operated by the two Internet titans are seeing enormous growth. Microsoft's Windows Live Spaces (formerly MSN Spaces) grew by 858K sites, while Google's Blogger service added 568K sites.
Those huge gains helped Microsoft and Google's blogging services outpace Go Daddy and 1&1 Internet, the world's two largest web hosting companies. But Go Daddy and 1&1 also continue to grow at a rapid pace, having slashed prices and super-sized their account specs to compete with the free offerings from the Internet's best-known brands. Go Daddy added 368K hostnames this month, while 1&1 Internet added 264K.
Jessie McKinley writes in The New York Times:
A freelance journalist and blogger was jailed on Tuesday after refusing to turn over video he took at an anticapitalist protest here last summer and after refusing to testify before a grand jury looking into accusations that crimes were committed at the protest.More here.
The freelancer, Josh Wolf, 24, was taken into custody just before noon after a hearing in front of Judge William Alsup of Federal District Court. Found in contempt, Mr. Wolf was later moved to a federal prison in Dublin, Calif., and could be imprisoned until next summer, when the grand jury term expires, said his lawyer, Jose Luis Fuentes.
Earlier this year, federal prosecutors subpoenaed Mr. Wolf to testify before a grand jury and turn over video from the demonstration, held in the Mission District on July 8, 2005. The protest, tied to a Group of 8 meeting of world economic leaders in Scotland, ended in a clash between demonstrators and the San Francisco police, with one officer sustaining a fractured skull.
A Reuters newswire article, via Yahoo! News, reports that:
Google Inc. on Wednesday said it struck a deal with XM Satellite Radio Holdings Inc. to help the search engine's advertisers automatically insert ads on XM's nonmusic radio channels.More here.
The deal would give Google advertisers a way to reach XM's subscriber base of more than 7 million people as they tune in to talk-based offerings such as Major League Baseball and an Oprah Winfrey channel.
Dozens of Chinese writers and dissidents have decried the closing of a Web site they said was one of the few refuges for relatively unfettered views in their censorship-bound country.More here.
In recent days, the Century China Web site has disappeared from computer screens. Over the past six years, the site was a popular forum for liberal critics of the ruling Communist Party, often relaying discussions of social and political ills and calls for political relaxation.
On Wednesday, more than a hundred intellectuals and critics of the Chinese government issued a petition that blamed the closure on the state's tightening control of the media and opinion.
The Tower Subway is a tunnel beneath the River Thames in central London, close — as the name suggests — to the Tower of London. Its alignment runs between Tower Hill on the north side of the river and Vine Lane (off Tooley Street) to the south. It was the world's first underground tube railway, though not the first underground railway.More here.
The tunnel is called a subway not due to the American English definition, equivalent to underground rapid transit, but due to the British usage, describing a tunnel in general.
It was designed and built by James Henry Greathead in 1869–1870 using a cylindrical wrought-iron tunnelling shield he designed with Peter W. Barlow. The entrance shaft at Tower Hill is 60′ deep, while that in Vine Lane is 50′ deep. The minimum distance between the top of the tunnel and the river bed is 22′.
It was originally intended to provide a railway service beneath the river. It was the world's first underground tube railway, officially opened on 2 August 1870. A small cable car (dubbed an omnibus by the tunnel's operators) carrying 12 people shuttled passengers from end to end through a single bore, 450 yards long and 7′ in diameter, on 2′ 6″ gauge track. The journey, powered by a 4hp stationary steam engine on the south side of the tunnel, took about 70 seconds.
However, the cramped, low-capacity subway proved uneconomical and lasted just three months. The tunnel was subsequently converted to a pedestrian route with the cables ripped out and gas lights installed. This became a very popular way to cross the river, averaging 20,000 people a week (a million a year) at a cost of a half-penny each way.
In September 1888 the Subway briefly achieved a certain notoriety after a man brandishing a knife was seen in the tunnel at the time when Jack the Ripper was committing murders in nearby Whitechapel.
It was eventually superseded by Tower Bridge, which was constructed a few hundred yards downriver and opened in 1894. The Subway closed shortly afterwards for lack of customers.
Via The Courier Mail (news.com.au).
ISRAEL today hacked into the television station of Hezbollah, emblazoning images on the screen showing pictures of corpses and claiming the Shiite militant group's leader Hassan Nasrallah was a liar.More here.
One of the images shown on Al-Manar television portrayed the body of a fighter lying face-down, wearing khaki trousers with a text beneath in Arabic reading: "This is the photograph of a body of a member of Hezbollah's special forces".
"Nasrallah lies: it is not us that is hiding our losses," continued the text, which appeared during the evening news and stayed on the screen for several minutes.
A photograph of Nasrallah himself also appeared with the legend: "member of Hezbollah: watch out".
Another photograph of corpses was framed by the words: "there are a large number of corpses like this on the ground and Nasrallah is hiding this truth".
Israel also hacked into FM radio stations and instead of normal programs a two-minute recording was repeatedly broadcast.
As of Tuesday, Aug. 1, 2006, at least 2,579 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,043 died as a result of hostile action, according to the military's numbers.More here.
The AP count is one more than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.
Via The SANS ISC Dialy Handler's Diary.
Intel has released driver security updates for Centrino device drivers for Windows and for the PROSet management software.More here.
http://support.intel.com/support/wireless/wlan/sb/CS-023068.htm
There are three issues identified:
Intel® Centrino Wireless Driver Malformed Frame Remote Code Execution
http://support.intel.com/support/wireless/wlan/sb/CS-023065.htm
Intel® PROSet/Wireless Software Local Information Disclosure
http://support.intel.com/support/wireless/wlan/sb/CS-023066.htm
Intel® Centrino Wireless Driver Malformed Frame Privilege Escalation
http://support.intel.com/support/wireless/wlan/pro2100/sb/CS-023067.htm
The first and the third seem to be most severe. At this point we don't know of any public exploits for these vulnerabilities. The second one (PROSet info disclosure) has been around for a while and is known but local only.
The announcements contain details on which drivers are vulnerable as well as links to patches and a tool to determine which version you have:
http://support.intel.com/support/wireless/wlan/sb/cs-005905.htm
Below are the summaries of the affected platforms
Intel® Centrino Wireless Driver Malformed Frame Remote Code Execution
* Intel® PRO/Wireless 2200BG Network Connection
* Intel® PRO/Wireless 2915ABG Network Connection
Intel® PROSet/Wireless Software Local Information Disclosure
* Intel® PRO/Wireless 2100 Network Connection
* Intel® PRO/Wireless 2200BG Network Connection
* Intel® PRO/Wireless 2915ABG Network Connection
* Intel® PRO/Wireless 3945ABG Network Connection
Intel® Centrino Wireless Driver Malformed Frame Privilege Escalation
* Intel® PRO/Wireless 2100 Network Connection
The details of which drivers are listed on the pages and we recommend you look there.
As far as we know, these will not be delivered via the Microsoft Update tool. You will need to download and install them manually unless your system vendor (the folk who make your laptop) provides an automated tool for you. Before you download and install these, we strongly suggest you talk to your system vendors and see if they are coming out with custom versions of the patches.
On a related note- there will be a talk on exploiting device drivers on Wednesday 8/2/06 at Blackhat Vegas. Anyone who can make it should go.
The University of California, Berkeley's Stardust@home project - a needle-in-a-haystack search for interstellar dust that's open to anyone with a computer - gets off the ground [today] (Tuesday, August 1) at 11 a.m. PDT.More here.
The project was announced in January as NASA's Stardust spacecraft was prepared to deliver to Earth its payload of cometary and interstellar dust grains embedded in a relative ocean of aerogel detector. Almost immediately, Stardust@home drew nearly 115,000 volunteers eager to search for these interstellar motes within the millions of scans of the Stardust Interstellar Dust Collector that eventually will be put on the Internet.
Using a Web-based virtual microscope developed at UC Berkeley, volunteers will vie to find the fewer than 50 grains of submicroscopic interstellar dust expected to be there.
Katie Fehrenbacher writes on Om Malik's GigaOm blog:
Ed Whitacre, AT&T’s Chairman and CEO, stopped by a conference for the National Association of Regulatory Utility Commissioners in downtown San Francisco this morning, and gave a speech with some harsh words about the Net Neutrality issue.More here.
There are reports that a vote on a Net Neutrality in the Senate will come much sooner than expected. King Ed during his speech said, “Some companies want us to be a big dumb pipe that gets bigger and bigger. . . .No one gets a free ride. The American economy doesn’t work that way. . . We are not going to build this with no chance for a return. Those that want to use this will pay.”
The remarks re-emphasized his position on the controversial issue, at a conference for state regulators of public utilites. AT&T needs friends in the NARUC given it’s rolling out new services like IPTV that need help from local regulators. The company is also trialling new services like WiMAX in an attempt to offer alternative wireless broadband in addition to high speed cellular.
An AP newswire article by John Hanna, via MSNBC, reports that:
Kansas Board of Education members who approved new classroom standards that call evolution into question faced a counterattack at the polls Tuesday from Darwin’s defenders.More here.
Five of the 10 seats on the board were up for election in the primary, the latest skirmish in a seesawing battle between faith and science that has opened Kansas up to international ridicule.
Brad Wong writes in The Seattle Post-Intelligencer:
Alaska Airlines today is trying to figure out what caused a baggage system problem that caused flight delays Sunday and led to about 5,000 pieces of luggage needing hand sorting.More here.
The computer glitch contributed to the Seattle-based carrier's on-time performance of 50 percent for Sunday, as flights were delayed for the arrival of late baggage, according to a posting at alaskasworld.com.
Eric Bangeman writes on ARS Technica:
As broadband becomes commonplace in most homes across America, television networks have boosted their online video offerings and made paid content available for free in many cases. ESPN is taking a different approach to ESPN360, its online video offering, charging Internet service providers for the right to carry the service.More here.
ESPN's attempt to get ISPs to foot the bill is commonplace in the cable and satellite TV world, where the likes of Comcast and DIRECTV pay a per-subscriber fee to ESPN for its programming. On the Internet, it's a different story. End-users are expected to foot the bill for such premium services, either via a subscription or pay-per-view model.
Declan McCullagh writes on the C|Net Politics Blog:
A Senate vote on Net neutrality may happen sooner than expected.More here.
Reports are circulating that Sen. Ted Stevens, the Republican champion of a bill to rewrite telecommunications laws, is trying to hold a vote on it this week.
For two reasons, that requires some pretty aggressive arm-twisting. First, the Senate is scheduled to recess from August 7 to September 4, so there's not much time left. Second, to force a "cloture" vote -- needed to overcome any filibuster -- Stevens needs to round up 60 votes.
Amy H. Trang writes in The [Louisville, Kentucky] Courier-Journal:
Kathy Hartness is a 47-year-old grandmother, churchgoer and gardener who had never been in trouble with the law -- until she was served with papers in June for something she did more than a year ago.More here.
She is one of three Kentuckians sued so far this year by national recording companies for violating copyrights by illegally downloading and sharing songs and music videos off the Internet.
Hartness, a Louisville resident, and her teenage daughter downloaded music -- such as Bonnie Raitt's "I Can't Make You Love Me" and Alabama's "Dixieland" -- after a friend told them about KaZaA. It's a peer-to-peer -- or P2P -- Internet sharing network that lets people download music and other material from another member's computer for free.
Peter Clarke writes on EE Times:
The U.S. Defense Advanced Research Projects Agency (DARPA) has awarded Lockheed Martin a $1.7-million, 10-month contract to design a remotely controlled nano air vehicle (NAV) that is capable of collecting military intelligence both indoors and in urban outdoor environments.More here.
Although described as a Nano the NAV is not nanometer in scale, instead it is likely to be about 1.5-inches long and similar in size and shape to a maple tree seed, according to Lockheed Martin Advanced Technology Laboratories (ATL), which has been contracted to lead the design team.
The team includes Lockheed Martin Advanced Development Programs, Lockheed Martin Advanced Technology Center, Sandia National Laboratories, AeroCraft, ATK Thiokol and the University of Pennsylvania.
Late-night TV personality Stephen Colbert claims he has no qualms with Wikipedia. "I love Wikipedia," he said during the July 31st episode of his Comedy Central show, "The Colbert Report," adding that "any site that's got a longer entry on 'truthiness' than on Lutherans has its priorities straight." Colbert, a comedian who masks as a Bill O'Reilly-esque blowhard on TV, found the free-for-all encyclopedia to be a perfect fit for his fact-despising, spin-loving character. "You see, any user can change any entry, and if enough other users agree with them, it becomes true," he explained, proceeding to eradicate all references to George Washington owning slaves.More here.
Nevertheless, Wikipedia might not return Colbert's affection after he suggested to his viewers in the same episode that they replace "reality" (frequently maligned on the "Report") with a user-created "wikiality" where something is true if enough people believe it. Consequently, he recommended that his viewers begin by changing the article for "elephant" to say that the population of African elephants has tripled in the past six months. It was, of course, intended to shut up the endangered-species advocacy crowd, a sworn enemy of Colbert's TV persona.
Despite the fact that (I hope) the audience of "The Colbert Report" watches the show because it's funny rather than inspiring, that didn't stop rabid Colbert fans from crashing Wikipedia's servers.
An AP newswire article by Dan Goodin, via The Washington Post, reports that:
Consumer versions of McAfee Inc.'s leading software for securing PCs is susceptible to a flaw that can expose passwords and other sensitive information stored on personal computers, researchers said Monday.More here.
The vulnerability affects many of McAfee's most popular consumer products, including its Internet Security Suite, SpamKiller, Privacy Service and Virus Scan Plus titles, said Marc Maiffret, chief hacking officer at eEye Digital Security Inc., a competing maker of security products.
Ryan Singel writes on 27B Stroke 6:
The federal government asked an appeals court Monday to immediately hold a hearing on a lower court decision that allows an anti-eavesdropping lawsuit against AT&T to proceed, despite the government's arguments that the lawsuit would harm the national defense.More here.
In the request filed with the Ninth Circuit Court of Appeals, government lawyers argued that last week's landmark decision by Federal District Court Judge Vaughn Walker --a Republican appointee --usurped the executive branch's powers to wage war and keep the country safe.
Walker refused to toss the Electronic Frontier Foundation lawsuit, saying that the existence of the program was no longer a secret since the Administration confirmed news reports that it was spying on some Americans' overseas communications without a warrant.
That decision was one of the few times that a judge has not bowed down to the invocation of the state secrets privilege by the executive branch.
MTV was created in 1977, when Warner-Amex Cable (a joint venture between Warner Communications and American Express) launched the first two-way interactive cable TV system, Qube, in Columbus, Ohio. The Qube system offered many specialized channels, including a children's channel called Pinwheel which would later become Nickelodeon.More here.
One of these specialized channels was Sight On Sound, a music channel that featured concert footage and music oriented TV programs; with the interactive Qube service, viewers could vote for their favorite songs and artists.
On August 1, 1981, MTV: Music Television launched with a programming format created by the visionary music producer, Bob Pittman (who later became president and chief executive officer, of MTV Networks). A previous venture, a TV series under the name PopClips, was created by Pittman and former Monkee-turned solo artist Michael Nesmith, the latter of whom by the late 1970's was turning his attention to the music video format. A disagreement between Nesmith and Pittman over the show's direction led Nesmith to relinquish control to Pittman soon after.
It went to air with the words (by original COO John Lack) "Ladies and gentlemen, rock and roll!" Appropriately, the first music video shown on MTV was "Video Killed the Radio Star" by The Buggles.
Juniper Networks has a new way to test its gear before shipping it to customers - a vulnerability analyzer from Mu Security.More here.
Introduced last spring, the device throws a barrage of attacks against network equipment and servers in an attempt to crash them. It does so with a variety of known attacks and mutations of known attacks in an attempt to discover unexpected salvoes that bring hardware and software down.
An AP newswire article by Mark Jewell, via Yahoo! News, reports that:
The city is considering an unusual approach to creating a citywide, low-cost wireless Internet network: putting a nonprofit organization, rather than a private service provider, in charge of building and running the system.More here.
A task force on Monday recommended that Mayor Thomas Menino assign an as-yet unidentified nonprofit to raise the $16 million to $20 million in private money that the city estimates it will need to build and begin running the Wi-Fi network.