Friday, September 01, 2006

Dilbert: Executive Compensation Reviews

Click for larger image.

Activists Hijack Lockheed Martin Phones

Bob Sullivan writes on MSNBC:

Anti-war activists recently managed to hijack a limited number of phone calls headed for Lockheed Martin employees, the company told on Friday. The firm described the incident as mischief and said there was no indication that sensitive information had been stolen.

The attack was described as a simple call-forwarding trick that allowed activists to forward calls destined for employee cell phones to telephone lines controlled by the activists.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Sept. 1, 2006, at least 2,643 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,102 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

UK: Internet Pranksters Leave Government Red-Faced

An AFP newswire article, via Yahoo! News, reports that:

A British government minister may have thought he was keeping up with modern trends when he put a draft policy on the Internet, but was soon left red-faced when hundreds of pranksters defaced it.

Weblogging, techno-savvy Environment Secretary David Miliband, tipped as a bright young spark in Prime Minister Tony Blair's administration, had put a draft "environment contract" on his department's website, setting out social responsibilities for people, government and businesses.

But embarrassed administrators were forced to haul it down after more than 170 cyber-jokers trashed the document by adding in bizarre paragraphs for fun.

The page used "Wiki" editing techniques, which allow readers to alter the content.

A heading of "Who are the parties to the environmental contract?" became, "Where is the party for the environmental contract? Can I come? Will there be cake? Hooray!"

More here.

Brazilian Judge Orders Google to Disclose Users' Data

A Reuters newswire article, via eWeek, reports that:

A Brazilian judge has ordered the local office of Web search company Google to disclose the data of users of Google's social networking site Orkut accused of crimes like racism or child pornography.

Federal judge Jose Lunardelli ruled late on Aug. 31 that Google be given 15 days to disclose the information, including the Internet Protocol addresses that can uniquely identify a specific computer on a network.

The judge set a daily fine of 50,000 reais ($23,255) for each individual case if Google refuses to reveal the data.

Brazilians account for 65 percent of Orkut's nearly 27 million users and public prosecutors have recently been investigating Orkut communities set up by Brazilians and dedicated to such subjects as racism, homophobia and pedophilia.

More here.

U.S. Says Missile Defense Has Successful Intercept

Tony Capaccio writesfor Bloomberg News:

The first test of the U.S. missile defense since flight testing was put on hold 18 months ago was a success, a spokesman said.

An interceptor rocket launched from California's Vandenberg Air Force Base intercepted a target missile fired from Kodiak, Alaska, Chris Taylor, spokesman for the U.S. Missile Defense Agency in Washington, said in a telephone interview.

The result was welcome news for a program that hasn't had a successful intercept since 2002 and set a low bar for today's test. While the rocket was aimed at the mock enemy warhead, the goal was to spot and track this target, not necessarily hit it.

More here.

Local: Judge to Rule on Mom's MySpace Site

A Contra Costa Times article by Eric Louie, via The Mercury News, reports that:

An Alameda County judge is expected to decide this morning whether the mother of an accused murderer can be forced to remove her online postings from

Laura Rangel, the mother of Laura Medina of Oakland, has used the site to post police reports and court-transcript excerpts she believes show inconsistencies in victims' statements in her daughter's case. She says the prosecutor is trying to violate her free-speech rights.

More here.

Alcatel to Buy Nortel UMTS Unit for $320M

A Reuters newswire article, via The Boston Globe, reports that:

Alcatel has signed a preliminary agreement to buy Nortel's third generation UMTS cell phone network unit for $320 million, aiming to achieve greater scale amid cut-throat price competition.

The deal, unveiled on Friday, will help the French communications network provider push into tough markets such as China and widen its presence in Europe and North America.

It turns Alcatel into the world's third largest provider of UMTS networks, with a market share of around 12 to 14 percent, behind leader Ericsson and Nokia/Siemens, analysts said.

More here.

GAO Report Critical of U.S. Federal Banks' Security

Ellen Messmer writes on NetworkWorld:

The Government Accountability Office (GAO) in Washington, D.C., Thursday issued an information security report critical of the Federal Reserve banks’ computer systems and networks that are used in selling Treasury notes at auctions.

In its report addressed to Federal Reserve System chairman Ben Bernanke, the GAO said the dozen Federal Reserve banks that serve as fiscal agents for the Treasury Department’s Bureau of the Public Debt had failed to implement adequate security controls to support networks used in Treasury actions.

The GAO, the federal government’s watchdog agency, said an in-depth review of these systems done between March and May of this year revealed several shortcomings the Fed should address, in the areas of user authentication, authorized access, and protection of sensitive data through encryption.

More here.

U.S. Dept. of Education Shared Student Data With FBI

Jonathan D. Glater writes in The New York Times:

The Federal Education Department shared personal information on hundreds of student loan applicants with the Federal Bureau of Investigation across a five-year period that began after the Sept. 11 terror attacks, the agencies said yesterday.

Under the program, called Project Strikeback, the Education Department received names from the F.B.I. and checked them against its student aid database, forwarding information. Each year, the Education Department collects information from 14 million applications for federal student aid.

Neither agency would say whether any investigations resulted. The agencies said the program had been closed. The effort was reported yesterday by a graduate student, Laura McGann, at the Medill School of Journalism at Northwestern University, as part of a reporting project that focused on national security and civil liberties.

More here.

CA eTrust Antivirus Pulls a Boner

Via the SANS ISC Daily Handler's Diary.

Reader Alan writes in to tell us that apparently "an overnight signature update to the VET engine (30.3.3054) on CA eTrust Antivirus has begun to flag the LSASS.E X E service of Windows 2003 server as being infected with Win32/Lassrv.B."

"Some Win2k3 servers have been failing and unable to re-boot, since the service (exe) was removed by the virus software.

CA has released an update to VET (30.3.3056) that seems to have corrected the problem, but in some cases the damage has already been done."

It seems that CA accidentally flagged Lsass.e x e as a bad file. Reminiscent of the McAfee .xls debacle of not too long ago.


Study Analyzes 16 Months of Data Breaches

Brian Krebs writes on Security Fix:

A new report on consumer data breaches recorded over the past 16 months indicates that hacking remains the most frequent source of data theft and loss, with breaches reported by educational institutions making up 43 percent of all reported data thefts or losses.

The study was conducted by the AARP (formerly the American Association of Retired Persons) using data from 244 breaches reported from Jan. 1, 2005, through May 26, 2006. The data was compiled from publicly disclosed security breaches involving information that collectively involved nearly 90 million people, as compiled by the Identity Theft Resource Center, a San Diego-based nonprofit organization.

More here.

Phishing Expedition at Heart of AT&T Hacking

David Lazarus writes in The San Francisco Chronicle:

When AT&T said in a press release this week that "unauthorized persons illegally hacked into a computer system and accessed personal data" from thousands of DSL customers, it wasn't telling the whole story.

Internal company documents show that the security breach was only the first step in a more elaborate scam that involved bogus e-mail being sent to AT&T customers that attempted to trick them into revealing additional info that could be used for widespread fraud or identity theft.

More here.

Virusburst, Son of VirusRescue, Daughter of Spywarequake, Third cousin (Twice Removed) of...

Image source:


..well, you get the idea.

Yet another wonderful variant of - uh - all of the above has surfaced, not long after we slamdunked VirusRescue. This one looks pretty much the same as all the others - fairly unspectacular "virus removal" application, that actually tends to end up on your system as a result of a screwball file...and then goes and detects the file that put it there in the first place.

Gotta love it.

More here.

FBI Looks To Redeem Itself With 'Sentinel'

Larry Greenmeier writes on InformationWeek:

The FBI's next crack at creating a more cohesive data-sharing application infrastructure will soon get its first big test. The bureau's IT executives will soon begin to formally scrutinize both the plans for its highly anticipated Sentinel project and the project's lead contractor, Lockheed Martin.

After October's critical design review, the FBI will know everything it needs to about Lockheed's progress on the first phase of the project, valued at more than $400 million, to modernize the bureau's applications.

Given the highly publicized failure of the FBI's last major application upgrade, the $170 million Virtual Case File system, and the overwhelming amount of oversight Sentinel is getting from Congress, the Justice Department, and the public, this is a make-or-break moment for CIO Zalmai Azmi.

More here.

California Passes Bill Easing Cable Rules

Adam Tanner writes for Reuters:

California's legislature passed a bill on Thursday night aimed at increasing competition among cable television providers and easing the ability of telephone companies to enter the market.

The state's Assembly by a vote of 64 to 5 backed an amended bill passed by the California Senate the night before. The Assembly had approved an earlier version of the legislation in May.

More here.

Thursday, August 31, 2006

Politics: It's The Enemy, Stupid

Click for larger image.

Richard Wolffe and Holly Bailey write in Newsweek:

With the Hurricane Katrina anniversary behind it, the White House is moving quickly to shift the focus to a topic it thinks will play better for the GOP this fall. Thursday is scheduled to mark the start of yet another attempt by President Bush to frame the war in Iraq, and the war against Al Qaeda, in terms that might move his poll numbers in the right direction.

But is there anything he can say about the war that he hasn’t said before? The White House speechwriters will have plenty of opportunities: Thursday’s speech to the American Legion’s national convention is the start of a series that builds up to Bush’s address to the United Nations General Assembly in two weeks.

And we've heard it all before.

More here.

Report: Intel to 'Decimate' Workforce

Ashlee Vance writes on The Register:

CNET has come out as the first organ willing to put a firm number on Intel's alleged upcoming mass layoff. The online rag reckons that up to 10,000 workers will be cleaved from Intel's payroll. Word of the layoffs should arrive next Tuesday after the stock markets close their regular trading sessions.

Rumors of large layoffs at Intel have swirled ever since CEO Paul Otellini said he would examine all possible cost cutting options. So far, Intel has relieved itself of two business units and fired 1,000 managers. According to CNET, things will get worse for the Intel regulars next week when the company decimates its 100,000 strong workforce.

The company has scheduled an internal web cast for Tuesday, which doesn't seem like an encouraging sign.

More here.

Local: Redwood City Woman Charged With Internet Scams, Credit Card Fraud

Kimra McPerson writes in The Mercury News:

A woman has been arrested in Redwood City in connection with several Internet scams and cases of credit card fraud -- and police believe she could have more victims.

Claudia Lindhorst, 23, was arraigned this week in San Mateo County court and pleaded not guilty to numerous charges of identity theft, grand theft, burglary and forgery, Deputy District Attorney Peter Lynch said. She is being held in the San Mateo County Jail.

Police describe Lindhorst -- who allegedly used the aliases Leni Campbell and Claudia Becker -- as a cunning con artist skilled at wooing her victims. Two of the people allegedly scammed in the Bay Area had rented rooms in their houses to her, Redwood City Detective Jackie Gouldson said. Others trusted her based on craigslist ads and brief conversations.

More here.

Internet2 to Support DoE’s Next Research Network

Denise Pappalardo writes on NetworkWorld:

Internet2 and the Department of Energy’s Energy Sciences Network announced they are partnering to build a next generation network to support the Department of Energy’s scientific research efforts.

The new network will be called ESnet4 and will initially operate on two dedicated 10Gbps wavelengths on the Internet2’s new next generation network. ESnet4 will “seamless scale by one wavelength per year for the next four to five years,” according the organizations.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Aug. 31, 2006, at least 2,642 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,096 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

Dutch ISP Releases Name in File-Sharing Case

An AP newswire article by Toby Sterling, vai ABC News, reports that:

The entertainment industry achieved a key victory Thursday after a Dutch Internet service provider surrendered the name and address of one of its customers suspected of illegal file-sharing.

Ronald van der Aart of UPC, the Netherlands' second-largest broadband ISP with 500,000 subscribers, said the company decided not to appeal a summary judgment by Amsterdam's District Court in a suit brought by the Brain Institute, an organization founded to fight digital copyright infringement.

Brain spokesman Okke Delfos-Visser said the agency would now contact the UPC customer and would likely sue if a settlement isn't reached first. Similar cases in the United States are usually settled for several thousand dollars.

More here.

Analysts Express Doubts About New Carrier IMS Architecture

Apparently, "analysts" are beginning to come to the same conclusions many of us already had several years ago...

Denise Pappalardo writes on NetworkWorld:

IP Multimedia Systems is not a slam-dunk according to a group of industry analysts that gathered at the FierceMarkets IMS executive Summit conference in Washington D.C. on Wednesday to discuss the future of IMS.

The timing of when usable products hit the market and the complexity that IMS introduces to a carrier’s network are two things [cited] as troublesome. "A lot... as to happen on the road to IMS’ success."

In fact, all five analysts on the panel agree the IMS standard, as it is today, is not complete, ready for the market or ready to support interoperability. The analysts were asked to grade IMS on all three areas and the technology received, on average, a solid D.

More here.

Lockheed Martin Wins NASA Moon Contract

An AP newswire article, via ABC News, reports that:

NASA on Thursday awarded a multibillion dollar contract to build a manned lunar spaceship to Lockheed Martin Corp., which usually builds rockets without people.

The last time NASA awarded a manned spaceship contract to Lockheed Martin of Bethesda, Md., was in 1996 for a spaceplane that was supposed to replace the space shuttle. NASA spent $912 million and the ship, called X-33, never got built because of technical problems.

More here.

Hubble Captures a Rare Eclipse on Uranus

Ariel casts eclpise shadow on Uranus.
Image source: NASA, ESA, L. Sromovsky (University of Wisconsin, Madison), H. Hammel (Space Science Institute), and K. Rages (SETI).


This NASA Hubble Space Telescope image is a never-before-seen astronomical alignment of a moon traversing the face of Uranus, and its accompanying shadow. The white dot near the center of Uranus’ blue-green disk is the icy moon Ariel. The 700-mile-diameter satellite is casting a shadow onto the cloud tops of Uranus.

To an observer on Uranus, this would appear as a solar eclipse, where the moon briefly blocks out the Sun as its shadow races across Uranus’s cloud tops. Though such "transits" by moons across the disks of their parents are commonplace for some other gas giant planets, such as Jupiter, the satellites of Uranus orbit the planet in such a way that they rarely cast shadows on the planet's surface. Uranus is tilted so that its spin axis lies nearly in its orbital plane. The planet is essentially tipped over on its side. The moons of Uranus orbit the planet above the equator, so their paths align edge-on to the Sun only every 42 years.

This color composite image was created from images at three wavelengths in near infrared light obtained with Hubble’s Advanced Camera for Surveys on July 26, 2006.

More here.

Vista Upgrade a Tough Pill to Swallow for Business

Mary Jo Foley writes on Microsoft Watch:

With Windows Vista, Microsoft needs to please at least two constituencies with very different sets of requirements.

The Redmondians need to pack the next version of Windows with lots of bells and whistles that will appeal to consumers whom it is hoping to convince to upgrade. And it must do the same for business customers. I think Microsoft may have a tougher time making the business upgrade case than the home one for Vista. Here's why.

More here.

Space Data Awarded $49M Air Force Contract

Space Data’s SkySite Network
Image source: Space Data Corp.

Joni Morse writes on RCR Wireless News:

Space Data Corp. landed a $49 million contract to supply the U.S. Air Force with its communication system that sends radio-equipped industrial balloons filled with hydrogen or helium to between 12 miles and 62 miles above sea level. Space Data claims the balloons float above where airplanes fly, but below where satellites are stationed.

Gerald Knoblach, chairman and chief executive officer of Space Data, said the contract award comes after two years of extensive testing with the Air Force’s Space Battlelab, using the same tactical radios carried by troops in Iraq and Afghanistan. Tests showed that ground-to-ground voice and data communications could be extended from 10 miles to more than 400 miles using Space Data’s balloon-borne payloads, providing improved communications between troops on the ground and pilots flying air support, the company said.

More here.

U.S. Government Looks to Extend Microsoft Oversight

Ed Oswald writes on BetaNews:

The U.S. government asked a federal judge Wednesday to extend its oversight of Microsoft by an additional two years, with the option to further extend it through 2012 if necessary. Both parties have come to an agreement that progress on portions of the deal has come too slowly, and government representatives have already expressed their desire to continue the deal.

U.S. District Judge Colleen Kollar-Kotelly has said that she would agree to the changes. Under the new terms, set to expire in November 2009, oversight of the program that gives third-party developers access to Windows protocols would be extended, as well that covering technical documentation relating to those protocols.

More here.

UK: Privacy Group says eBay Breaches Data Protection Act


A complaint against online auction site eBay is being investigated by the Information Commissioner's Office over suspicions it is in breach of the Data Protection Act. The claims are made by pressure group Privacy International.

Privacy International has claimed that the difficulty in closing accounts with eBay puts the company in breach of the Act. It concedes that deleting an account is possible, but very difficult. Under the terms of the Data Protection Act, companies must allow people to delete or request that their personal information be deleted.

More here.

UK: Child Database Attacked Over Celebrity Exclusions

David Batty writes in The Guardian (UK):

Government plans to exclude details of celebrities' children from a new national child database were today seized on as evidence that the system may pose a safety risk to those it is supposed to protect.

The Department for Education and Skills (DfES) today confirmed that the telephone numbers and addresses of children with famous parents would not be added to the £224m child index.

More here.

Defense Tech: Air Force Wants Software Spies

Via Defense Tech.

What if you could send a computer program to do the job of a spy, or a bomber, or drone? It sounds like science fiction -- and it'll probably stay that way, for a long, long time. But Air Force researchers think there's enough to the idea to start funding a trio of companies for initial work into these attacking, snooping "Cyber Craft."

"Using the Cyber Domain to conduct military operations... has significant potential," an Air Force paper announces. Examples include long-term intelligence activities, like "being to monitor a military barracks, accumulate financial information on a potentially hostile nation, or provide status on the political climate of a South American country."

More here.

Off Topic: Two Stolen Edvard Munch Works Recovered

"The Scream" by Norwegian painter and printmaker Edvard Munch
Image source:

As a big Edvard Munch fan, this is great news.

An AP newswire article by Doug Mellgren, via The Boston Globe, reports that:

Police recovered two paintings they believe are the Edvard Munch masterpieces "The Scream" and "Madonna," two years after masked gunmen seized the priceless artworks from an Oslo museum in a bold, daylight raid, authorities announced Thursday.

Both paintings, stolen from the Munch Museum in August 2004, were in better-than-expected condition, police said at a news conference.

More here.

Outrage in Zimbabwe Over Eavesdropping Plans

Via The BBC.

Zimbabwe's opposition and civil society groups have expressed anger at a proposed law to monitor communications.

The bill proposes a monitoring centre, apparently with Chinese technology, that would eavesdrop on telephone, internet and other communications.

The government says the bill is similar to anti-terror laws elsewhere to protect people from organised crime.

Parliament began public hearings on the Interception of Communications Bill on Wednesday amid heated exchanges.

More here.

California Lawmakers Pass Safeguards for RFID Chips

Via The EFF.

The California State Senate passed tough new privacy safeguards late yesterday for use of "tag and track" devices known as Radio Frequency Identification (RFID) chips embedded in state identification cards. The bill helps ensure that Californians can control the personal information contained on their drivers' licenses, library cards and other important ID documents.

The State Assembly passed the Identity Information Protection Act (Senate Bill 768), authored by Senator Joe Simitian (D-Palo Alto), earlier this month. Governor Schwarzenegger has until September 30 to sign the bill into law. The legislation is sponsored by the Electronic Frontier Foundation (EFF), the ACLU, and the Privacy Rights Clearinghouse, and it is supported by groups ranging from the AARP to the California Alliance Against Domestic Violence to the Gun Owners of California.

More here.

Jazz Album Draws on Cryptography and Number Theory

Rudresh Mahanthappa
Image source:

Alexander Gelfand writes on Wired News:

To the uninitiated, modern jazz can sound like a secret language, full of unpredictable melodies and unexpected rhythms. For alto saxophonist Rudresh Mahanthappa, however, the idea of jazz as code is more than just a metaphor. Mahanthappa is best known for combining avant-garde jazz with Indian classical music.

But for his latest release, Codebook, from Pi Recordings, the artist looked instead to cryptography and number theory for inspiration. (The album's title pays homage to The Code Book, a history of cryptography by the British science writer Simon Singh.)

More here.

Wednesday, August 30, 2006

Juniper Invests in Trapeze Networks

Om Malik:

It was over a year ago Juniper Networks and enterprise wireless LAN maker Trapeze Networks were linked together. But it was all talk. Fast forward to today - Telephony magazine reports that the company raised $30 million in Series D funding from Accel, Redpoint, Oak, and a bunch of previous investors. But the biggest surprise of this funding round was an investment from Juniper Networks. That brings the total funding to $102.5 million.

So the company has raised money from Nortel, Motorola Ventures (Series C) and now Juniper. It has partnerships with 3Com, D-Link and a bunch of others. Still, the deal could eventually spell bad news for Meru Networks, which had announced a deal with Juniper last year. Of course, this is not such good news for Aruba Networks as well.

More here.

Busted? Encrypted BitTorrent Pirates Marooned

Via Wired News.

Allot Communications, a company specializing in "intelligent IP service optimization solutions" has unveiled the newest feature built into its NetEnforcer device. The device is now capable of detecting encrypted BitTorrent traffic. ISPs using the NetEnforcer will now be able to throttle BitTorrent traffic more efficiently.

As P2PNet observes, many ISPs recently began shaping their network traffic to keep BitTorrent users from sucking up all of the available bandwidth -- in some cases, BitTorrent accounts for half of an ISP's traffic. However, BT users were quick to work around the ISP's detection schemes by using RC4 encryption. All of the major BitTorrent clients recently added the option to encode transfer files using RC4 encryption.

More here.

Critics: RIAA Copyright Education is Contradictory

Greg Sandoval writes on C|Net News:

The music industry's educational video about copyright law is full of baloney, according to several trade and public interest groups.

The Consumer Electronics Association and Public Knowledge are among the groups to issue a joint statement condemning some statements on the Recording Industry Association of America's video, which the RIAA has plans to distribute to the nation's universities.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Aug. 30, 2006, at least 2,639 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,095 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

Ted Stevens Fingered as Senator Who Put a Hold on Taxpayer Transparency Bill

Asa Eslocker reports on ABC News' "The Blotter":

A spokesman for Sen. Ted Stevens (R-AK) came forward today and admitted Stevens was the senator who has placed a hold on a bill that would allow U.S. taxpayers to see where their tax money is going.

With several reports of Congressional scandals in the news, two senators proposed a bill that could create a user-friendly, public search engine that would disclose all federal contracts, grants, loans and other forms of government financial assistance.

Operated by the Office of Management and Budget, the free internet database could be used for such searches as "Halliburton," "FEMA no-bid contracts" and "Alaskan Bridges." Results would yield the name, entity, geography, amounts of spending, program sources, services being performed and who in Congress supported which appropriations.

Before summer recess, the bill, called the Federal Funding Accountability and Transparency Act, was passed unanimously by the Senate Homeland Security Committee and "hotlined," which means the bill was put on the fast track to passage by the Senate. But Sen. Stevens stalled that process by putting a hold on the bill.

More here.

AT&T, Global Crossing Looking to Aid U.S. Government IPv6 Transition

Michael Hardy writes on

AT&T and Global Crossing have created a peering arrangement, establishing interconnections between their networks with an eye toward capitalizing on federal mandates regarding the next-generation Internet protocol.

Agencies have until June 2008 to upgrade their network backbones to IP Version 6, which will support a vast increase in the number of unique IP addresses available and bring other advances over the current IPv4 as well.

More here.

NOAA Employee Sentenced to 15 Years on Child Porn Charges

Grant Gross writes on InfoWorld:

A U.S. government employee who used his work computer to download child pornography for about 10 years was sentenced Wednesday to 15 years in prison, the U.S. Department of Justice (DOJ) said.

Robert M. Carey, 52, had more than 1 million images of child pornography on his home and office computers, in photo albums, or on DVDs and CD-ROMs when law enforcement authorities searched his home and office in August 2005, the DOJ said.

More here.

Culver City Muni WiFi Terms of Service Agreement Destined for its Day in Court?

Carlo writes over on

Last week, we learned that Culver City, California was installing filters on its muni-WiFi network, in an attempt to block content it (or the MPAA) didn't like.

Ignoring the facts that filters don't really work and they weren't aware of any real problem until a vendor pointed it out to them with a sales pitch, a local government deciding to put roadblocks up to undesirable, though not illegal, activities (surfing porn or using P2P, in this instance) is more than a little sketchy.

But it gets a little more interesting: when logging on to the service, the city's terms of service says users must agree to "waive any First Amendment claims" stemming from the service. That seems like a slightly less nasty way to tell people their First Amendment rights simply don't apply -- but since users are "voluntarily" waiving them, it's somehow okay.

More here.

Putting Wireless Networks to the Terrorism Test

Via NetworkWorld.

University of California, San Diego researchers last week got a chance to test out a host of network technologies on something they hope they will never really have to be used for: a terrorist attack.

The Operation College Freedom drill involved a coordinated effort by the school and local emergency and law-enforcement officials to respond to a simulated terrorist attack.

More here.

IT Pros Say They Can't Stop Data Breaches

Deborah Rothberg writes on eWeek:

In the wake of widely publicized security compromises at AOL and AT&T, a study released Aug. 28 by the Elk Rapids, Mich.-based privacy management research company Ponemon Institute finds that only 37 percent of IT professionals believe their company is effective at detecting data breaches.

Citing a lack of resources and high product costs as barriers to preventing data leakage, respondents were uncertain about their company's ability to discover breaches of confidential information. Only 43 percent believed that their company would detect a large breach (involving more than 10,000 customer records) more than 80 percent of the time. 17 percent of respondents felt their company would correctly detect a small data breach (involving less than 100 customer records) more than 80 percent of the time.

More here.

Verizon to Drop 'Supplier Surcharge'

An AP newswire article by John Dunbar, via ABC News, reports that:

Verizon Communications Inc. said Wednesday that it was dropping a "supplier surcharge" on its high-speed Internet service for retail customers.

The decision comes less than a week after the Federal Communications Commission mailed a letter to the company asking that it explain the reasoning for the charge.

The FCC also had sent a letter to BellSouth Corp., which said Friday that it will stop charging a $2.97 per month fee on a similar service.

More here.

Toon: Modern Geek Chic

Click for larger image.

Israel Wants to Jam Satellites?

Via Defense Tech.

Back in 2004, the U.S. Air Force suggested that they might be willing to mess with commercial satellites, if they were aiding an American foe. The idea drew howls from outside observers. And, for a while, it seemed destined for an extremely quiet corner of flyboy doctrine.

But now, the Israelis are picking up where their American counterparts left off, Defense News' Barbara Opall-Rome reports. Fed up with Hezbollah's Al-Manar TV broadcasts -- which stayed on the air, despite repeated aerial and electronic attacks -- the Sabras are now talking publicly about "disrupt[ing] transmissions of enemy programming carried by commercial satellites."

More here.

Bank To Pay $50 Million For Buying Personal Data

K.C. Jones writes on TechWeb News:

A bank has been ordered to pay a $50 million settlement for buying more than 650,000 names and addresses from the Florida Department of Highway Safety and Motor Vehicles.

The Electronic Privacy Information Center, which filed an amicus brief in favor of the plaintiffs, announced the decision this week. EPIC said Fidelity Federal Bank & Trust bought 656,600 names and addresses for use in direct marketing and the purchase violated the Drivers Privacy Protection Act.

More here.

Comcast Blacklists e-Mail from The WELL

Elise Ackerman writes in The Mercury News:

A decade before Microsoft released the first version of its Internet Explorer browser and nearly a generation before MySpace, The Whole Earth 'Lectronic Link, otherwise known as The WELL, was the place to be on the Internet.

It was "the Park Place of e-mail addresses," according to John Perry Barlow, former lyricist for the Grateful Dead and a WELL user.

But to Comcast, e-mails forwarded from The WELL, now owned by, are spam. The country's largest provider of cable and high-speed Internet added The WELL to its e-mail blacklist Sunday afternoon, blocking e-mails from the renowned online community of about 4,000 members.

More here.

Thousands of Spanish Web Sites Knocked Offline by Software Error

Via Netcraft.

A botched software update at Spain's central domain registry knocked as many as 400,000 sites offline for several hours Tuesday, according to the Esnic registry. The error left Internet users unable to access domains using .es, the country code top-level domain for Spain.

The outage lasted from 3 pm to 5 pm Tuesday afternoon (local time) when the DNS database that connects domain names to IP addresses was "affected by an error" during a software update, according to an advisory posted at Esnic, which manages the .es database.

More here.

NASA, NOAA Data Indicate Ozone Layer is Recovering


A new study using NASA and National Oceanic and Atmospheric Administration (NOAA) data finds consistent evidence that Earth's ozone layer is on the mend.

A team led by Eun-Su Yang of the Georgia Institute of Technology, Atlanta, analyzed 25 years of independent ozone observations at different altitudes in Earth's stratosphere, which lies between six and 31 miles above the surface. The observations were gathered from balloons, ground-based instruments, NASA and NOAA satellites.

More here.

Internet Governance: GNSO String Theory

Bret Fausett writes on his LexText blog:

Here at the Amsterdam meetings of the GNSO, the key issue for the first hours has been how to evaluate proposed strings. Everyone agrees that the acceptability of the applicant's proposed string should be performed up front. You wouldn't want to get all the way to the end of a costly and time-consuming process only to find that the string you proposed wasn't acceptable for some reason (can you say ".iii"?).

The harder question is against what criteria you judge the proposed strings. You have social issues, such as .GOD or .XXX. You have trademark issues, such as .ATT or .APPLE. You have geopolitical issues, such as .ASIA or .TIBET. You have technical issues, such as .EXE. And you have issues of potential user confusion, such as .COMM or .INFORM. We're having a difficult time formulating any rules that would take into account all of these potential challenges...and that's before we've added the complexities of IDNs at the TLD level.

Some formulations of a rule are so broad that they would make every possible string subject to challenge. Others are so narrow that they leave legitimate complaints on the sidelines. We're trying to find a balance, and it's not easy.

More here.

Alcatel Lucent Merger Under Fire

Ray Le Maistre writes on Light Reading:

As Alcatel and Lucent Technologies Inc. prepare to merger, any hopes of a quiet wedding ceremony have been dashed by opposition from both sides of the Atlantic.

The two firms have moved fast since they formally announced their engagement in early April this year, appointing (and re-appointing) senior management, getting the green light from regulators, and deciding on a name for the combined company.

Now just three hurdles remain. Next Thursday, September 7, sees the shareholders' meetings. Alcatel's is due to take place at the Palais Omnisports of Paris-Bercy at 2 p.m. Paris time (8 a.m. Eastern time); Lucent's at the DuPont Theatre in Wilmington, Del., at 11 a.m. Eastern. Then, some time in the next three months, the companies hope to get approval for their merger from the Committee on Foreign Investment in the United States (CFIUS) -- more on that later.

More here.

FBI Shows Off Counterterrorism Database

Ellen Nakashima writes in The Washington Post:

The FBI has built a database with more than 659 million records -- including terrorist watch lists, intelligence cables and financial transactions -- culled from more than 50 FBI and other government agency sources. The system is one of the most powerful data analysis tools available to law enforcement and counterterrorism agents, FBI officials said yesterday.

The FBI demonstrated the database to reporters yesterday in part to address criticism that its technology was failing and outdated as the fifth anniversary of the Sept. 11, 2001, terrorist attacks nears.

Privacy advocates said the Investigative Data Warehouse, launched in January 2004, raises concerns about how long the government stores such information and about the right of citizens to know what records are kept and correct information that is wrong.

More here.

Tuesday, August 29, 2006

California State Wi-Fi Security Bill Sent to Governor

Sarah Jane Tribble writes in The Mercury News:

The days of easily stealing wireless Internet access from your neighbor may soon be over.

The state Assembly on Tuesday approved rules requiring wireless manufacturers, such as laptop makers, to instruct consumers on how to step up security measures and stop would-be piggybackers from accessing their personal networks. The bill, which the governor is expected to sign, would take effect in January.

If piggybackers or hackers gained access to your network, they could post and distribute illegal information, such as child pornography. More sophisticated hackers could use the access to scan all your personal files and programs, said Ken Baylor, director of market development and strategic alliances at McAfee, the Santa Clara-based anti-virus software maker.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Aug. 29, 2006, at least 2,637 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,087 died as a result of hostile action, according to the military's numbers.

The AP count is eleven higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here. Hit By Outages as Ernesto Approaches

Via Netcraft., the web site for The Weather Channel, has experienced outages and sluggish performance this evening amid heavy traffic from web surfers seeking the latest information on Tropical Storm Ernesto. Ernesto is approaching the Florida coast and is expected to make landfall late Tuesday or early Wednesday as a strong tropical storm. It will be the ninth hurricane or tropical storm in the past three years to strike Florida, where thousands of homeowners are still repairing homes damaged by previous storms.

The National Hurricane Center web site, which provides the latest advisories on the strength and projected path of major storms, has remained available throughout the storm's approach. The NHC has beefed up its infrastructure in recent years, and uses the Akamai network to help manage its web traffic.

More here.

Washington State Healthcare Provider Issues Security Advisory on Stolen Laptop

Brad Wong writes in The Seattle Post-Intelligencer:

Everett-based Compass Health has issued a security advisory to clients that one of its laptop computers was stolen in late June - but there is no indication that the personal data and social security numbers contained in the computer were used for identity theft.

The advisory affects a limited number of people, including those served by Catholic Community Services and SeaMar. Both groups have Seattle offices.

People affected by this theft should have received letters from Compass Health, an agency that helps people who suffer from mental illness.

More here.

AT&T: Hackers Accessed Credit Card Data

A Reuters newswire article, via MSNBC, reports that:

AT&T Inc. said Tuesday that computer hackers illegally accessed credit card data and other personal information from several thousand customers who bought DSL equipment from AT&T’s online store.

The phone company said it is notifying "fewer than 19,000" customers whose data was accessed over the past weekend.

The company said it noticed the hacking "within hours," immediately shut down the online store, notified credit card companies and is working with law enforcement agencies to investigate the incident and find the hackers.

More here.

Gapingvoid: Kissing Corporate Butt

Via Enjoy!

Journalists Give $30,000 to Defend Jailed Video Blogger

Michelle Meyers writes on the C|Net Media Blog:

The Society of Professional Journalists board of directors voted 23-0 at a conference last week to award a record $30,000 grant to jailed independent journalist Josh Wolf's defense fund.

One of the Internet's earliest video bloggers, Wolf, 24, refused to testify before a U.S. grand jury and also refused to hand over unpublished video footage he shot during a clash between San Francisco police and anti-G8 protesters in July 2005. He was found in civil contempt and sent to a federal prison in Dublin, Calif., on Aug. 1. He could remain there until the grand jury term expires next July.

Wolf might normally be protected by California's shield law. But federal prosecutors, who among other things want to see if Wolf's footage shows a San Francisco police car being set on fire at the protest, say they have jurisdiction over the case because the car was paid for in part by federal dollars.

More here.

NASA Presses Ahead With Launch Plans

Atlantis heads back to Launch Pad 39B where it will ride out Tropical Storm Ernesto.
Image source: NASA

An AP newswire article by Mike Schneider, via ABC News, reports that:

Five hours after starting space shuttle Atlantis on a slow crawl toward its hangar, NASA changed course Tuesday and sent it back to the launch pad, saying the forecast for Tropical Storm Ernesto had improved.

The change could give NASA a small window about a day to attempt a launch next week. The space agency is trying to keep to a tight schedule of flights to complete construction of the international space station.

Atlantis was almost halfway into the 12-hour journey back to the Vehicle Assembly Building aboard a giant, caterpillar-track platform when NASA reversed course Tuesday afternoon.

More here.

Rise in Ernesto-Related Domains Could be a Sign of Scams

Dan Kaplan writes on SC Magazine Online:

A spike in the number of registered Tropical Storm Ernesto-related domain names, as the system churns toward the Florida coast, has some information security experts thinking fraud could be on the way, too.

Johannes Ullrich of the SANS Internet Storm Center reported today on the group's website that 19 new domains containing the word Ernesto have been registered since the storm gained notoriety. Of those, 18 are related to the tropical storm, and 17 have been registered by one person.

While many of the sites are parked, experts fear the pages could be used for fraudulent practices, in the same way the Hurricane Katrina name was exploited on various websites following last year's devastating Gulf Coast storm.

More here.

UK: Home Office Admits to Five Database Breaches


Security at the British Home Office's Identity and Passport Service database has been compromised four times, with individuals' data used inappropriately by Home Office employees and contractors. A fifth breach has hit a Prison Service database.

In three of the cases workers were able to access data they had no authority to use and in the fourth a worker who did have authority to access data used it inappropriately. The fifth case involves a worker accessing the Prison Service sentencing database, said a Home Office spokesman.

More here.

FBI Plans Major Database Upgrade

Wilson P. Dizard III writes on

The FBI’s Criminal Justice Information Service Division is laying detailed plans for a comprehensive revamping of its massive fingerprint database that will enhance interoperability with the Homeland Security Department’s biometric records and clear the path for adding additional types of biometrics.

To mark the major changes, the bureau plans to change the name of its Integrated Automated Fingerprint Identification System to Next Generation Identification. The systems upgrade will involve a procurement in the range of “hundreds of millions of dollars” with a proposal request phase beginning next January, officials said.

More here.

Injunction Issued Against Utah Internet Censorship Law

Via The Center for Democracy and Technology (CDT).

A federal court in Utah has blocked enforcement of an Internet censorship bill that CDT, the American Civil Liberties Union, and a broad coalition of bookstores, independent artists and ISPs challenged as unconstitutional in 2005. The court entered a stipulated preliminary injunction that prevents the enforcement of statutory provisions amended by Utah House Bill 260 (including a vague "harmful-to-minors" provision as it might apply to Internet communications).

The lawsuit argues that H.B. 260 is unconstitutional under the First Amendment and the Commerce Clause. The law would force web sites to remove lawful content from the Internet or face prosecution. It would also require ISPs to block access to adult sites in such a way that many innocent sites would likely also be blocked.

More here.

New York Times Withholds Web Article in Britain

Tom Zetter Jr. writes in The New York Times:

If Web readers in Britain were intrigued by the headline “Details Emerge in British Terror Case,” which sat on top of The New York Times’s home page much of yesterday, they would have been disappointed with a click.

“On advice of legal counsel, this article is unavailable to readers of in Britain,” is the message they would have seen. “This arises from the requirement in British law that prohibits publication of prejudicial information about the defendants prior to trial.”

In adapting technology intended for targeted advertising to keep the article out of Britain, The Times addressed one of the concerns of news organizations publishing online: how to avoid running afoul of local publishing laws.

More here.

Wired: Science Projects That Scare the #%@! Out of Us

Via Wired News.

Remote-control sharks, pain guns, radioactive scorpion venom ... Bond-like technology is unnervingly real in some labs. By Greta Lorge from Wired magazine.

See their list of scary, but eerily fun, science projects here.

Ahmadinejad's Blog Hacked, Defaced

Snapshot of Ahmadinejad's defaced blog.
Image source:

Roberto Preatoni writes on

Iranian President Mahmoud Ahmadinejad's Blog we dealt with last week has been hacked and defaced today. The defacement was notified to Zone-H by a group of crackers known as "Y Underground" that put down the website (based on Windows 2000 + IIS 5.0) using an attack reportedly based on a web application loophole (uhm... yes, another one).

The interesting thing is that the Y Underground group is from Iran, and apparently they chose their own president's personal blog to post messages in support of Iranian nuclear campaign . At first they posted a deface page reporting only phrases in Farsi (our mirror is related to this) , then they "updated" it some time later, posting also an English slogan in support of Iran's wishes of nuclear glory.

More here.

Monday, August 28, 2006

Ex-FBI Agent to Get Probation for Leak

An AP newswire article, via The Boston Globe, reports that:

A former FBI agent who disclosed confidential information in connection with a Chinese spying investigation will be sentenced to a year of probation and ordered to pay a $1,000 fine, a judge said Monday.

U.S. District Judge Gary Klausner said he would accept a plea bargain for Denise K. Woo, 47, who pleaded guilty to a misdemeanor count in June as part of the agreement. Sentencing was set for Oct. 23.

In the plea agreement, Woo acknowledged she had passed on information in 1999 about an informant's identity to a man only identified as J.W. Her lawyers argued that she acted out of concern that the man, a family friend, was being wrongly investigated.

More here.

Ex-Lockheed Worker Takes Concerns Over Coast Guard Ships to YouTube

Griff Witte writes in The Washington Post:

Michael De Kort was frustrated.

The 41-year-old Lockheed Martin engineer had complained to his bosses. He had told his story to government investigators. He had called congressmen.

But when no one seemed to be stepping up to correct what he saw as critical security flaws in a fleet of refurbished Coast Guard patrol boats, De Kort did just about the only thing left he could think of to get action: He made a video and posted it on

More here.

Cyber Security Specialist Named to Lead In-Q-Tel

David S. Hilzenrath writes in The Washington Post:

In-Q-Tel, the venture capital arm of the CIA and other intelligence agencies, has hired an Intel Corp. manager with a background in cyber security as its new chief executive.

Christopher A.R. Darby, 47, has led and sold three technology companies and has "demonstrated leadership as a successful entrepreneur," said Lee A. Ault III, chairman of the In-Q-Tel board.

Darby replaces Amit Yoran, who resigned in April after less than four months on the job. Yoran was also a businessman with a background in cyber security.

More here.

T-Mobile Hacker Gets Home Detention

An AP newswire article, via ABC News, reports that:

A hacker who infiltrated the network of T-Mobile USA Inc. and accessed personal information of hundreds of customers, including a Secret Service agent, was sentenced Monday to one year of home detention.

Nicholas Lee Jacobsen, 23, must also pay $10,000 in restitution to T-Mobile to cover losses caused by his acts, which took place in 2004.

The former Santa Ana resident who now lives in Oregon said he lacked "comprehension and maturity" when he targeted the network of Bellevue, Wash.-based T-Mobile USA, uncovering the names and Social Security numbers of 400 customers.

More here.

VSNL Plans US$200 Million in Intra-Asia Cable

Via ChinaTechNews.

VSNL International is planning to build a new multi-terabit submarine cable system linking Singapore, Hong Kong and Japan.

This new intra-Asia cable will enable VSNL International to better serve its global customers doing business in and with the burgeoning Asia-Pacific markets.

This investment follows the recent announcement by VSNL to build a new system from India to Europe that will provide connectivity to the Gulf region and the African continent. The intra-Asia cable, when combined with the Tata Indicom Cable System (TIC) and the TGN-Pacific cable system (both of which are built with 8 fibre pairs capable of supporting 7+ Tbit/s of traffic), will complete VSNL International's multi-Terabit capability from India to Asia and onward to the US.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Aug. 28, 2006, at least 2,629 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,082 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

More here.

27B Stroke 6: If a Cloned Legislator Passes a Law, Does Anyone Obey It?

Sweet. Getting an important point across through hackery.

I guess this also a good time to mention that RFID kills -- or at least if implemented recklessly, can certainly lend itself to the possibility.

Ryan Singel writes over on 27B Stroke 6:

California lawmakers beware, some clever hacker might clone the card used to gain entrance to Legislature and write the laws -- and they may not be as nice as professional art troublemaker Jonathon Keats's attempt to get Berkeley to pass the unbreakable Aristotle's Law, decreeing that everything must be itself.

Link to the video clip here.

TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws

Ryan Naraine writes on eWeek:

A security company that pays hackers for information on software exploits and flaws plans to release a list of 29 unpatched flaws in products sold by a host of big-name vendors, including Microsoft, IBM, Apple Computer and Novell.

The Aug. 28 disclosure from TippingPoint's ZDI (Zero Day Initiative) flaw bounty program is a significant change to the way the 3Com-owned company has handled the disclosure of vulnerability data it buys from external researchers.

Instead of waiting for software makers to issue patches, TippingPoint will announce the flaw purchase in bare-bones advisories at the time the issue is reported to the vendor.

More here.

Wells Fargo Enhances Online Security

This is interersting, for a number of reasons.

Without reviewing the "enhancements" Wells Fargo has made, it is hard to say how effective they will be.

Having said that, however, one would be curious to know how their determination of where & how users log in from (e.g. home, work, on the road) might also become a stumbling block which could erroneously lock legitimate users out of their ability to do routine online banking functions.

Via The Silicon Valley/San Jose Business Journal.

Wells Fargo & Co. said Monday that it upgraded its online security features to fight fraud.

The San Francisco bank is conducting real-time risk analysis that determines whether customers are signing on from their usual locations or whether someone is trying to fraudulently log on from a different PC or place.

Another risk management system has been put in place to detect fraud by analyzing transaction and session behavior.

More here.

Missile Radar M.I.A.

The proposed Sea-Based X-Band Radar platfrom.
Image source:

Noah Shachtman writes on Defense Tech:

When you're a kid in Little League, the first lesson your coach drills into you is to keep your eye on the ball. And what works on the sandlot goes double for missile defense: the better you can see the target, the higher your chances are of hitting it.

That's why the Missile Defense Agency has been so hyped about its Sea-Based X-Band Radar, or SBX. The $815 million, 28-story, orb-like contraption has the ability, in theory, to tell which way a baseball is spinning -- from 3,000 miles away. That's the kind of vision any hitter would kill for. No wonder the SBX quickly became one of the centerpieces of the Bush Administration's revamped anti-missile strategy, after it took office.

But there's catch. In order to spot the most incoming ICBMs, the radar's converted oil rig platform has to be positioned near Alaska's Aleutian Islands -- an "unforgiving [stretch] of the Bering Sea where winter weather can be so violent that the islands have been nicknamed 'the birthplace of winds,'" the Chicago Tribune tells us.

More here.

U.S. Biometrics Boom on the Horizon

Griff White writes in The Washington Post:

In the coming months, a wave of government initiatives could start making such high-tech methods of identification commonplace -- beginning with the replacement this fall of federal employee IDs. Similar cards are planned for transportation workers, first responders and visitors to the United States.

Packed with biometric data such as fingerprints and containing a computer chip with room to expand the amount of information stored, the new IDs represent a potential boon to technology companies eyeing an estimated $8 billion in identity-related contracts. Firms such as BearingPoint Inc. and Lockheed Martin Corp. have set up showcase identity labs, pulling technology from different companies into turnkey operations. Hundreds of smaller companies, down to manufacturers of plastic cards, are vying for part of the market.

More here.

EchoStar Settles with Network Affiliates

Nate Mook writes on BetaNews:

In response to a U.S. Supreme Court decision to reject an emergency stay of an injunction that would prevent it from rebroadcasting local TV channels to rural areas, EchoStar has agreed to pay $100 million to a group of network affiliates.

Fox, however, has refused to accept the deal.

More here.

Australian: Second Government Agency Fires Employees for Spying on Client Records

Ben Woodhead writes on Australian IT:

A second government agency has been forced to sack staff for spying on client records, with the Australian Taxation Office taking action against 27 workers for breaches of privacy.

The tax office took action against 24 employees over inappropriate access to taxpayer files last financial year, with another three cases detected this year.

The revelations come a week after multi-millionaire former actor and producer John Cornell - who is facing allegations that he and Paul Hogan held $40 million in Swiss-administered trusts and offshore companies without declaring it to the ATO - accused the tax office of a campaign of media leaks.

More here.

New York Times Buys Film Database

Via Red Herring.

The New York Times Company acquired Baseline StudioSystems from Hollywood Media for $35 million in cash Monday, adding the company’s online film and TV database to diversify the newspaper publisher’s revenue base from digital offerings.

The deal also gives the publisher’s web site increased exposure in Hollywood. Many studios and television production companies subscribe to Baseline’s research and database. The service also licenses and syndicates its content to several consumer-oriented web sites.

The Times sees the deal as part of its plan to increase revenues from its digital operation as the newspaper ad business continues to show erosion in favor of online ads.

More here.