Fergie's Tech Blog
Saturday, September 09, 2006
U.S. Toll in Iraq
As of Saturday, Sept. 9, 2006, at least 2,666 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,119 died as a result of hostile action, according to the military's numbers.More here.
The AP count is four more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.
As always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.
Twelve Women Arrested for Prostitution Ads on Craigslist
An AP newswire article, via The Boston Globe, reports that:
Police in Bucks County have charged 12 women after an investigation into prostitutes who allegedly have been advertising on the Web site Craigslist.More here.
After police received a tip in August about alleged prostitutes advertising on the site, investigators called cell phone numbers in local listings that advertised "GFEs" -- girlfriend experiences -- asking for payment in "ro$e$" or "125 donations."
The undercover investigators agreed to meet the women at motels, and almost all 12 were arrested within two minutes, he said.
Friday, September 08, 2006
A New Social Engineering: Pretexting
Frank Ahrens writes in The Washington Post:
You get a phone call from someone who says they're taking a survey for a reputable sounding research firm. They ask you a few questions that seem relatively harmless -- what's private anymore, anyway, right? -- such as the name of your phone company or investment firm or even the name of your pet.More here.
You may have just been pretexted.
A Real Shocker: Atlanta is Most Wired City in the U.S.
A Forbes.com article by Dan Frommer, via MSNBC, reports that:
With most of the U.S. technology industry focused on the East and West coasts, you'd think the best place to get online would be San Francisco, or perhaps New York City. But Atlanta tops Forbes.com's survey of America's most wired cities.More here.
While Georgia may be best known for hot weather, college football and peaches, Atlanta is no slouch when it comes to technology and the Internet. Home to telecommunications and Internet service providers BellSouth and EarthLink, as well as Cox Communications, the third-largest U.S. cable company, Atlanta beat several cities more closely associated with the Web, like San Francisco, Seattle and New York.
FCC Asks AT&T About Hewlett-Packard Leak
An AP newswire article by John Dunbar, via SFGate.com, reports that:
The Federal Communications Commission has asked AT&T Inc. how private investigators for the Hewlett-Packard Co. managed to obtain private phone records of board members and journalists, a government official familiar with the case said Friday.More here.
The so-called letter of inquiry, the first step in an FCC investigation, was sent Thursday, said the official, who spoke on condition of anonymity because the probe is still under way.
Security Breaches are Wake-Up Calls to Phone Companies
Marguerite Reardon writes on C|Net News:
Phone companies are once again feeling the heat as another scandal erupts highlighting how easily unauthorized individuals can access personal phone records.More here.
Earlier this week, Hewlett-Packard acknowledged that it launched an investigation into a boardroom leak that resulted in the hiring of private investigator to gather information on telephone calls made and received by board members and nine journalists, including News.com's Tom Krazit, Dawn Kawamoto and Stephen Shankland.
The news has once again highlighted a growing problem plaguing the telecommunications industry called "pretexting," a scam where unauthorized individuals pretend to be someone they're not in order to obtain personal information. Private investigators and con artists have been using this technique for years not just to obtain phone records, but also to get access to bank records, credit card information, and other sensitive information.
U.S. Toll in Iraq
As of Friday, Sept. 8, 2006, at least 2,666 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,119 died as a result of hostile action, according to the military's numbers.More here.
The AP count is four more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.
As always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.
Hack of the Day: Gitmo Prisoner at Disneyland
Via Boing Boing.
A mannequin depicting a prisoner (described as a Guantanamo Bay victim, though it looks more like an Abu Ghraib reference to me) was reportedly snuck into one of the dioramas alongside of Disneyland's Big Thunder Mountain last week.More here.
The Wooster Collective site (which erroneously identifies the ride as "Rocky Mountain Railroad") says that it's the work of notorious prankster/graffiti writer Banksy, though nothing on Banksy's site confirms that.
Iraqi Government Pulls the Plug on Al-Arabiya
Dana Hughes reports on ABC News' "The Blotter":
The Arabic-language television station Al-Arabiya was yanked off the air in Iraq yesterday, banned by the government for one month.More here.
According to a statement read on-air by an anchor, the channel is "accused of portraying an unstable environment, distorting the truth and giving information that is biased, and therefore have to shut down all their operations in Iraq."
A spokesperson for Prime Minister Nouri al-Maliki told ABC News' Baghdad bureau that the channel had received warning that they were broadcasting stories that were inciting sectarian violence, but wouldn't give any specifics.
Software Pirate Gets Record Sentence
Grant Gross writes on NetworkWorld:
A judge on Friday sentenced the owner and operator of iBackups.net to 87 months in prison, the longest sentence ever given for software piracy, according to a software trade group.More here.
Nathan Peterson, of Antelope Acres, Calif., also forfeited nearly all of his assets to the U.S. District Court for the Eastern District of Virginia in Alexandria, and he agreed to pay more than $5.4 million in restitution, the Software & Information Industry Association (SIIA) said. Peterson pleaded guilty to two counts of criminal copyright infringement in December.
Quote of the Day: Owen Thomas
"So here's a modest proposal: Boycott Vista. Keep your old Windows XP PC around. Don't buy a new one. That's the only way we have to let Microsoft know Vista is an overhyped, late, and pointless update to XP - a perfectly fine operating system."
- Owen Thomas, writing in a Business 2.0 article (via CNN/Money) entitled "A reality check for Vista".
Brazilian Arrested in Orlando on Charges of Operating Obscene Websites
Danilo Simoes Croce, 42, of Sao Paulo, Brazil, was arrested in Orlando, Fla. on charges of conspiracy to distribute obscene matters, the Department of Justice and the U.S. Postal Inspection Service announced today. If convicted, Croce faces up to five years in prison and a $150,000 fine.More here.
According to documents filed in the District Court in Orlando, Croce and his corporation, Lex Multimedia, operated web sites offering obscene videos for download or delivery in the U.S. The videos depicted bukkake, fisting, and depictions of defecation, urination, and vomiting in conjunction with sex acts.
These web sites are being hosted on web servers in Texas. Croce’s videos are delivered to his U.S. customers by mail and common carriers from a location in Orlando, Fla.
U.S. Court Halts Alleged Website Billing Scheme
Grant Gross writes on InfoWorld:
A U.S. district court has ordered a halt to an operation that allegedly added unauthorized charges to the phone bills of small businesses and nonprofit groups for Web sites services that, in many cases, they didn't know they had and didn't request, the U.S. Federal Trade Commission (FTC) said.More here.
Judge Kenneth Hoyt of the U.S. District Court for the Southern District of Texas has approved a temporary restraining order halting the activity and freezing the assets of a group of businesses and individuals, the FTC announced Thursday.
The New Hot YouTube Trend: Naughty Military Cadets
Caroline McCarthy writes on the C|Net Media Blog:
Fire up your YouTube searches: there are plenty of prank videos from the U.S. Military Academy making the rounds. According to the Times Herald-Record, all you have to do is type in "West Point." But don't call them practical jokes--they're a tradition known as "spirit missions," and they've been going on since General Custer's days as a cadet.More here.
Unfortunately, now that video documentation of "spirit missions" has made it to YouTube and MySpace, some West Point officials are worried that the tradition will seem less venerable and more like MTV's "Jackass." After all, many of the pranks do include streakers, water balloons, Porta Potties, or all of the above.
Given the popularity of viral videos, however, this might do wonders for West Point's application numbers, and consequently, military enlistment. Donald Rumsfeld ought to take note.
Google Carves a Middle Ground on Privacy
Andrew Downie writes on CSMonitor.com:
Google's corporate motto is "Don't be evil."More here.
But the Internet search-engine company recently found itself defending the privacy of alleged pedophiles and racists against São Paulo's attorney general.
The Brazilian government wanted the names of suspected criminals using Google's "Orkut," the most popular social networking site (think MySpace or Facebook) in Brazil.
The nasty fight pitting two powerful and implacable sides against each other climaxed last Thursday with a judge's order: Hand over the data or face a daily fine of $900,000. Google has complied. In doing so, the company moved a step closer to establishing a global legal precedent on how Internet firms cooperate - or not - with government requests for information about Web users. It's a contentious issue that involves principles of personal privacy, political and commercial free speech, and fighting crime - be it pornography, pedophilia, racism, or terrorist plots.
Hewlett-Packard Sets Emergency Board Meeting
David A. Kaplan writes on Newsweek:
Hewlett-Packard has scheduled an emergency board meeting this weekend, probably on Saturday, according to two sources close to the company.More here.
The session will focus on fallout from the news that HP chairwoman Patricia Dunn launched a probe into boardroom leaks to news organizations that included authorizing a team of independent electronic-security experts to spy on the records of phone calls made from directors’ personal accounts, including home phone records. A Hewlett-Packard spokesman declined to comment on whether a meeting had been scheduled.
Sprint-Cable Group Leads in Wireless Bids
Alan Breznick writes on Light Reading:
A coalition of four top cable operators and Sprint Nextel Corp. appears close to capturing a hefty chunk of public wireless spectrum for cellular phone, fixed and mobile broadband, and other advanced services.More here.
Known as SpectrumCo LLC, the Sprint/MSO consortium – which encompasses Comcast Corp., Time Warner Cable Inc., Cox Communications Inc., and Bright House Networks – has placed the leading bids for 137 metro market licenses through the first 97 rounds of the federal government's ongoing Advanced Wireless Spectrum (AWS) auction.
The lineup of markets includes most of the nation's biggest urban areas, including New York, Los Angeles, Chicago, Philadelphia, Washington/Baltimore, Atlanta, Detroit, Miami, Dallas/Fort Worth, and San Francisco/Oakland.
Where No Man Had Gone Before: Happy 40th Birthday, Star Trek
Via StarDate.org.
The original "Star Trek" television series debuted on September 8, 1966, with the USS Enterprise taking viewers on journeys across the galaxy.Link.
Chase Card Services Dumps Customer Records in Landfill
Chris Mellor writes on TechWorld (UK):
In an amazing display of incompetence, Chase Card Services has dumped tapes containing millions of customers' details in a landfill site.More here.
The company will now have to tell 2.6 million current and former credit card customers of Circuit City that tapes containing their details were tossed out when they were mistaken for rubbish. Chase is apparently working with both local and national authorities to find out what happened but thinks they were in a locked box which was crushed and dumped in the landfill hole.
There is no evidence that the tapes or their contents have been accessed or misused, the company said. And CEO Rich Srednicki issued a statement promising that: "The privacy of our customers' personal information is of utmost importance to us, and we take the responsibility to safeguard this information very seriously." Interpretations for what "very seriously" means are open to discussion.
Microsoft Hard-Balling EU Over Vista
Michael Hickins writes on internetnews.com:
Microsoft is spreading the word that it might not ship Vista to Europe if regulators don't cooperate.More here.
This after CEO Steve Ballmer issued that same threat to European Commissioner Neelie Kroes during a telephone conversation on Aug. 22.
Microsoft is now taking its brinksmanship to the next level by making the substance of that conversation public, through the use of emissaries.
"This is part of the negotiating strategy," a person familiar with the situation told internetnews.com. "They're in a public relations battle."
UK: Children Fear Intrusion of National Database
David Batty writes on The Guardian (UK):
Children fear that the government's national database of every child in England will expose rather than protect them from harm, according to a report published today.More here.
Young people were suspicious of the motives behind the creation of the children's index, which will allow professionals to share information about 11 million children, a study by the children's commissioner for England said.
Many of those questioned believed the system would be "incredibly intrusive" and deter them from using sexual and mental health services for fear this would be disclosed to their school or parents.
Sex Baiting Prank on Craigslist Affects Hundreds
Andy Baio writes over on Waxy.org:
Recently, a blogger named Simon Owens ran a social experiment on Craigslist. He wandered into the "Casual Encounters" section of the personal ads where countless men and women were soliticing for no-strings-attached sex and wondered, Is it really that easy? As a test, he composed several ads with different permutations of assumed identity and sexual orientation: straight/bi men/women looking for the opposite/same sex. He then posted it to New York, Chicago, and Houston, and tallied the results.More here.
Overwhelmingly and instantly, the ads from the fake women looking for male partners were inundated with responses, sometimes several per minute. All the other ads received lukewarm responses, at best. These results weren't surprising, but some of the observations were... Many of these men used their real names and included personally identifiable information, including work email addresses and home phone numbers. Several admitted they were married and cheating on their spouses. Many included photos, often nude.
His first conclusion was very reasonable: "If a really malicious person wanted to get on craigslist and ruin a lot of people's lives, he easily could."
'Army of Bloggers' Helps U.S. Senate Pass Bill
Matthew Weigelt writes on FCW.com:
A bill that an “army of bloggers” helped spur passed the Senate today. The bill would create a Google-like search engine and database to track approximately $1 trillion in federal grants, contracts, earmarks and loans.More here.
“The group that deserves credit for passing this bill, however, is not Congress, but the army of bloggers and concerned citizens who told Congress that transparency is a just demand for all citizens, not a special privilege for political insiders,” said the bill’s co-sponsor, Sen. Tom Coburn (R-Okla.).
Defense Tech: Battlefield Invisibility
Via Defense Tech.
It sounds like something out of a comic book, or Lord of the Rings, I know. But there's a chance that invisibility – real-life, honest-to-God invisibility – may actually be possible, some day.More here.
The technology doesn’t come from some dubious unknown inventor, but from Professor Sir John Pendry, the legendary theoretical physicist, [who writes] in this month’s BBC Focus magazine – “the world's best science and technology monthly.” Pendry has developed the concept of metamaterials, which have properties determined by their structure rather than their composition. This can give them 'impossible' properties, such as a negative refractive index.
Initially, there was some debate about whether this could ever be achieved. But the proof came last year with the demonstration of a superlens capable of beating any lens made of normal material.
When in Rome, You Might be Tracked
Candace Lombardi writes on C|Net News:
Rome might not have been built in a day, but it was mapped in three dimensions.More here.
That is, when Romans had their cell phones turned on. Telecom Italia, Italy's main telephone operator, has partnered with the Massachusetts Institute of Technology on a real-time mapping system that tracks how people move in urban spaces.
Real Time Rome debuted on Friday at the Venice Biennale, the canal-laden city's biennial fair of fine arts and, in recent years, technology projects related to urban studies.
California: Phone Privacy Bill on Track
Sarah Jane Tribble writes in The Mercury News:
A bill that would effectively make pretexting -- the act of pretending to be someone else in order to get that person's phone records -- illegal was approved by state legislators in August and awaits Gov. Arnold Schwarzenegger's approval.More here.
While the bill's author, state Sen. Joe Simitian, D-Palo Alto, had been working on it for more than a year, its potential passage arrives at a time when gathering phone records under false pretenses is at the forefront of Silicon Valley minds.
Bush Slams Court Threat to Wiretaps
Stephen Dinan and Charles Hurt write in The Washington Times:
President Bush yesterday said the courts are threatening his wiretapping program and called on Congress to pass a law to put the program on sounder footing, but one hour later Senate Democrats blocked an effort to do just that.More here.
Mr. Bush, speaking in Atlanta as part of a series of war-on-terror speeches, said his administration has made substantial progress in correcting the mistakes that allowed the September 11 terrorist attacks to happen. Delivering a five-year anniversary report card, the president said the nation boosted domestic security and disrupted terrorist plots through better intelligence and military action abroad.
Saying It 'Messed Up,' Facebook Modifies Controversial Feature
Yuki Noguchi writes in The Washington Post:
Facebook, a popular Web-based hangout for students, revamped its site last night to let users disable or modify a new feature that had touched off protests from hundreds of thousands of members.More here.
The changes came a few days after the site launched a service that prominently displayed changes members made to their Web profiles on the pages of others in their Facebook social networks -- a move that critics said called too much attention to personal information, such as when a relationship ended.
Off Topic: Half Ton of Bomb Material Stored a Few Miles from the White House
Brian Ross and Rhonda Schwartz report on ABC News' "The Blotter":
With virtually no questions asked, an undercover ABC News team was able to purchase a half ton of one of the world's most dangerous bomb-making materials and move it into a storage shed only a few miles from the White House and the U.S. Capitol.More here.
Despite its use in the bombing of the Oklahoma City Federal Building, there are still no federal laws restricting the purchase of ammonium nitrate, a chemical fertilizer, widely sold at farm supply stores.
The ABC News undercover team made the purchases, in cash, at farm supply stores in North Carolina and Virginia and were never once asked for any valid ID.
Thursday, September 07, 2006
California AG Says Charges Likely in H-P Snooping Case
Pete Carey and Nicole C. Wong write in The Mercury News:
California Attorney General Bill Lockyer said Thursday that his office is likely to file criminal charges in the phone-record snooping scandal that has rocked Hewlett-Packard and its boardroom.More here.
The attorney general said the company's acknowledgement of hiring outside investigators who obtained personal phone records of its board members amount to an admission that someone along the line used unlawful means to obtain people's personal phone records.
U.S. Toll in Iraq
As of Thursday, Sept. 7, 2006, at least 2,664 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,119 died as a result of hostile action, according to the military's numbers.More here.
The AP count is two more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.
As always, cryptome.org keeps a very, very extensive list here.
Credit Card Companies Form Security Council
Let's all hope they are serious in their resolve....
Erica Ogg writes on C|Net News:
The five major credit card companies have teamed up in the interest of better security.More here.
American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced Thursday the creation of an organization to develop and maintain security standards for credit and debit card payments. It's the first time the five brands have agreed on a single, common framework.
The newly formed Payment Card International (PCI) Security Standards Council will manage the PCI Data Security Standard, first established in January 2005 with the intention of making its implementation more efficient for all parties involved in a payment card transaction. That includes merchants, payment processors, point-of-sale vendors, financial institutions and more than a billion card holders worldwide.
Encrypted Malware Scrambles to Evade Defenses
Robert Lemos writes over on SecurityFocus:
A Trojan horse program designed to compromise systems uses the Microsoft Windows' Encrypted File System to scramble its payload and evade detection, warned a researcher at security firm McAfee this week.More here.
The attack tool consists of two main components, a dialer known as Qdial-45 and an encrypted downloader known as Spy-Agent.bf. The dialer disconnects the current modem connection and then dials a premium service for displaying adult content. The downloader uses the Encrypted File System (EFS) to obfuscate itself and retrieves updated content from a list of sites on the Internet.
Another Court Refuses to Dismiss NSA Spying Case
A federal judge in Oregon today rejected [.pdf] the government's attempt to block a lawsuit against the NSA's massive and illegal spying program. This is a huge victory -- like Judge Walker in our case against AT&T and Judge Diggs Taylor in the ACLU's case in Michigan, Judge King rejected the government's motion to dismiss on the basis of the "state secrets" privilege.More here.
But some Congressmen are still trying to squash this vigorous judicial oversight. Fortunately, Specter's surveillance bill was once again stalled before it could reach a vote today.
Verizon Asks FCC to Undo Unbundling
Mark Sullivan writes on Light Reading:
Verizon Communications Inc. late Wednesday asked the Federal Communications Commission (FCC) to excuse it from sharing its DS1 and DS3 loop and transport facilities with competing voice providers, especially cable companies.More here.
Verizon wants relief from its "dominant carrier" responsibilities in city six major metro areas in six states. These include Boston, New York, Philadelphia, Virginia Beach, and Providence, R.I.
More: H-P Investigators Also Hacked Reporters' Phone Records
Bob Sullivan writes for MSNBC:
In an effort to track down the source of information leaks by Hewlett Packard insiders, private investigators hired by the company obtained reporters' telephone records without permission, the company told MSNBC.com on Thursday.More here.
The reporters' records were accessed as part of an investigation into news leaks that was initiated by company Chairwoman Patricia Dunn.
HP spokesman Michael Moeller confirmed that the personal phone records of reporters from CNET.com and the Wall Street Journal had been accessed by investigators working for the company. He said that "there are other journalists" whose records were improperly accessed, but would not say how many others were involved.
Background here and here.
FTC Fines Xanga for Violating Kids' Privacy
Bob Sullivan write for MSNBC:
Social networking Web site Xanga.com will pay $1 million — the largest penalty ever issued for violations of the Children's Online Privacy Protection Act — for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent, the Federal Trade Commission announced Thursday.More here.
In its complaint, the FTC alleged that Xanga, a rival to the popular MySpace.com, allegedly permitted creation of 1.7 million accounts by users who submitted birthdays indicating they were under 13. Collecting personal information from anyone under 13 without parental consent is a violation of the children's protection act, or COPPA, which was passed by Congress in 1998.
Quickest Patch Ever
Bruce Schneier writes on Wired News:
If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines.More here.
Just crack Redmond's DRM.
Patch Tuesday: Microsoft to Patch 3 Vulnerabilities
Next Tuesday, on September 12, 2006 at approximately 10:00 am PT we are slated to release three new security bulletins:More here.
- Two Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Important.
- One Microsoft Security Bulletin affecting Microsoft Office. The highest Maximum Severity rating for these is Critical.
All of these updates will be detectable using the Microsoft Baseline Security Analyzer and some of these updates will require a restart.
We will also be making our regular monthly update to the Microsoft Windows Malicious Software Removal Tool.
Homeland Security Using a Dozen Data-Mining Programs
Audrey Hudson writes in The Washington Times:
The Homeland Security Department is using a dozen different data-mining systems to track terrorist and criminal activity, according to a study released yesterday by the agency's inspector general.More here.
The technology is also being used to screen airplane cargo, but not to pre-screen passengers -- an experiment that was abandoned after strong opposition from the public and members of Congress.
The survey shows that 12 systems are used by Customs and Border Protection (CBP), Immigration and Customs Enforcement (ICE), Office of Intelligence and Analysis (OIA), Secret Service and Transportation Security Administration (TSA).
OpenSSL Vulnerable to Forged Signatures
Security researchers have demonstrated a way to forge digital signatures that can fool the OpenSSL software used in many secure web servers and virtual private networks (VPN). The OpenSSL Project has issued patches to address the weakness, and is urging users to upgrade or install the patches.More here.
The signature forgery technique was first demonstrated by Daniel Bleichenbacher, a cryptographer at Bell Labs, at the CRYPTO 2006 conference last month. While the forgery only works on specific keys (known as PKCS #1 v1.), these keys are used by some certificate authorities in SSL server certificates.
Secunia Defends its Word Worm Rating
Scott M. Fulton III writes on BetaNews:
The chief technology officer of security firm Secunia, which issued an "extremely critical" rating for a worm exploiting a previously undiscovered Word 2000 vulnerability, is defending his company's policies in the face of competitors who have rated the severity of the worm as "very low." He told BetaNews the warning was indicative of how severe the worm could be if it infected a user's system.More here.
Secunia's Thomas Kristensen said the risk rating of a worm should not be confused with the critical rating of its vulnerability. Since a worm is not a virus, by design, it cannot propagate itself widely. As a result, he said, when one examines the world's networking environments as a whole, damage assessments from any worm become more limited, "in turn causing anti-virus companies to give it a fairly low rating."
RFID Plane Tickets to Track Travellers
James Brown writes on Computing (UK):
Scientists at University College London (UCL) are developing a system that combines radio frequency identification (RFID) tags and high-definition CCTV cameras to track passenger movements in busy airports.More here.
The EU-funded project, known as Optag, is intended to help airlines keep track of passengers and help them reach departure gates on time, reducing the risk of missing valuable take-off slots.
Sportingbet Chairman Arrested in New York
A Reuters newswire article, via Yahoo! News, reports that:
The chairman of online bookmaker Sportingbet.com Plc, Peter Dicks, was arrested on a warrant from Louisiana at John F. Kennedy International Airport late on Wednesday, a spokesman for the Port Authority of New York and New Jersey said on Thursday.More here.
"He was picked up at 11:30 p.m. (EDT) at JFK Airport on an active out-of-state warrant," Pasquale DiFulco, a spokesman for the agency, said. "He's being held by Port Authority police awaiting extradition."
DiFulco would not reveal the nature of the charges and a call to the Louisiana State Police was not immediately returned.
Wednesday, September 06, 2006
Facebook Users Revolt At New Changes
Susan Kinzie and Yuki Noguchi write in The Washington Post:
Denizens of one of the Web's most popular student hangouts are in an uproar over changes to the site that they say make their online musings much too public, turning their personal lives into a flashing billboard.More here.
Facebook.com, a site used by more than 9 million students and some professionals, is an Internet lounge where people share photos, read one another's postings and make connections -- a kind of digital yearbook through which people find out about goings-on with their friends and on campus.
But this week the site's immense popularity backfired after it started a feature that culls fresh information users post about themselves -- Tim is now single -- and delivers it in headline-news format to their network of buddies. Facebook, of Palo Alto, Calif., unveiled the feature at midnight Monday, saying it would make new information easier to find. Within hours, online protest groups were formed and thousands of people had joined.
California Wants to Know if H-P Chairman Went Too Far
The state of California wants to know if Hewlett-Packard's board chairman went a little too far investigating new[s] media leaks.More here.
Attorney General Bill Lockyer confirmed Wednesday that his office has issued subpoenas to determine whether HP broke any laws by hiring an investigator who used "pretexting" techniques that are illegal in California. HP admitted Wednesday that it investigated its own board of directors at the bequest of HP Chairman Patricia Dunn in hopes of learning who leaked information to CNET News.com in January about the company's future strategic plans.
U.S. Toll in Iraq
As of Wednesday, Sept. 6, 2006, at least 2,658 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,116 died as a result of hostile action, according to the military's numbers.More here.
The AP count is one lower than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.
As always, cryptome.org keeps a very, very extensive list here.
Ex-Microsoft Security Strategist Joins Mozilla
Ryan Naraine writes on eWeek:
Former Microsoft security strategist Window Snyder is joining Mozilla to lead the company's effort to protect its range of desktop applications from malicious hacker attacks.More here.
Snyder, who was responsible for security sign-off for Microsoft's Windows XP Service Pack 2 and Windows Server 2003, will spearhead Mozilla's security strategy, eWEEK has learned.
Lucent Faces Corruption Charge
Ray Le Maistre writes on Light Reading:
Is this an omen? On the eve of its all-important shareholder meeting, where investors will vote on the merger with Alcatel, Lucent Technologies Inc. says it is expecting to face action by the Securities and Exchange Commission (SEC) over its operations in China.More here.
In a SEC filing made late Wednesday, Lucent said it was expecting a "Wells" notice relating to an investigation of its Chinese operations under the Foreign Corrupt Practices Act (FCPA).
LinkScanner: Scan URL Links for Exploits
Brian Krebs writes in Security Fix:
In an era when simply clicking on a link sent to you via e-mail or instant message can spell speedy doom for Microsoft Windows users, it's nice to have yet another resource for checking the validity and security of Web links.More here.
I spent a couple of days playing around with a free Web-based tool from Exploit Prevention Labs that lets users copy and paste a Web link to see whether it appears to try any malware mischief. Using this service should by no means be considered an "all-clear" sign to click on a link sent to you in an unsolicited e-mail or instant message, but rather an extra layer of security to help you make a decision about whether a given Web link may be malicious or not.
FTC Closes Door on Spyware Operation
An operation that placed spyware on consumers’ computers in violation of federal laws will give up more than $2 million to settle Federal Trade Commission charges.More here.
Under a stipulated final judgment and order, the defendants are permanently prohibited from interfering with a consumer’s computer use, including but not limited to distributing software code that tracks consumers’ Internet activity or collects other personal information, changes their preferred homepage or other browser settings, inserts new advertising toolbars or other frames onto their browsers, installs dialer programs, inserts advertising hyperlinks into third-party Web pages, or installs other advertising software code, file, or content on consumers’ computers.
The defendants also are permanently prohibited from making misleading representations regarding the performance, benefits, features, cost, or nature or effect of any type of software code, file, or content, including misrepresenting that the code is an Internet browser upgrade or other computer security software, music, song, lyric, or cell phone ring tone.
The order names Enternet Media Inc., Conspy & Co. Inc., Lida Rohbani, Nima Hakimi, and Baback (Babak) Hakimi, all based in California, whose software codes were “Search Miracle,” “Miracle Search,” “EM Toolbar,” “EliteBar,” and “Elite Toolbar.”
UK: BT Reveals Plans for All-IP Network
Matthew Broersma writes on TechWorld:
BT has revealed the first details of how it plans to roll out its 21st Century Network (21CN), the ambitious all-IP network announced in 2004, designed to replace BT's traditional switched public network.More here.
At the same time however, the UK's incumbent telco has been criticised by the telecom adjudicator for its unbundling efforts, where competitors are allowed to introduce equipment into its exchanges in order to open up the market.
Websense: Samsung Telecom Site Hosting Crimeware
Via Websense Security Labs Alerts.
Websense® Security Labs™ has received reports that the Samsung Telecom website is hosting malicious code. The site, which is hosted in the United States, has been hosting a number of directories and files which, when downloaded and run, install malicious code on end-users' machines.More here.
The server appears to have been compromised and has been hosting a variety of files for some time (the owners have been contacted).
The most current code, which is still available for download, is a Trojan Horse that attempts to disable anti-virus programs, modify registry keys, download additional files, and log keystrokes when connecting to banking websites.
Currently there is no exploit code on the website that attempts to trigger a download of the file without user interaction. The site is hosting and most likely distributing files to users who are lured through Instant Messaging or email links.
Cisco to Rebrand Itself
Marguerite Reardon writes on the C|Net Cisco Blog:
Technology giant Cisco Systems is planning a new rebranding campaign complete with a new logo and new advertisements targeted at consumers.More here.
The company unveiled the new logo and brand to employees at a Las Vegas event earlier this summer. And executives are expected to show off the new look to investors and analysts in New York City this week before the new campaign kicks off later this fall.
The idea behind the new marketing push is to "make Cisco more relevant to everyday people", said Tony Bates, Cisco's senior vice president and general manager of its Service Provider Routing Technology Group, during a recent meeting in New York City.
Quote of the Day: Paul Mockapetris
"If you adopt Vista, your DNS traffic is going to double."
"You're going to see brownouts. All of a sudden, it is going to be mud season on the Internet, where things will just be kind of slow and gooey."
- Paul Mockapetris, quoted in a C|Net News article, with regards to a Ipv4/v6 dual-stack Microsoft Vista.
Summary Judgment Denied in a Case of Creative Typosquatting
Evan D. Brown writes on CircleID:
In the case of Lands’ End, Inc. v. Remy, the defendant website owners were accused of crafting a clever scheme to get some extra commissions from their affiliate relationship with landsend.com.More here.
It looks like the scheme has backfired, however, as Lands’ End’s claim against the defendants under the Anticybersquatting Consumer Protection Act, [15 U.S.C. §1125(d)] ("ACPA") has survived a summary judgment motion and the case is heading for trial.
CDT Testifies Against Dangerous 'Update' of Surveillance Law
Via The Center for Democracy and Technology (CDT).
An effort gathering momentum in Congress to "update" the major law governing domestic surveillance could radically undermine the privacy of innocent Americans -- not just by legitimizing the administration's warantless surveillance programs -- but by granting this and future administrations unfettered authority to spy on Americans in the United States.More here.
Testifying today before the House Judiciary Committee's Subcommittee on Crime, Terrorism and Homeland Security, CDT Policy Director Jim Dempsey again urged lawmakers to seek a better understanding of the administration's shadowy surveillance programs before drastically rewriting the laws intended to govern them.
CDT has argued that it would be better to do nothing than to rush out an ill-considered bill. Last month, a judge ordered the Administration to halt its surveillance programs, finding that they violated the First and Fourth Amendments of the Constitution and the Foreign Intelligence Surveillance Act (FISA) -- the law that some in Congress are attempting to "update."
Man Admits Hacking into California University Application System
An AP newswire article, via The International Herald Tribune, reports that:
A San Diego man was so upset that the University of Southern California did not admit him as a student that he hacked into the school's application system and stole other would-be students' personal information, he admitted in court.More here.
Eric McCarty, 24, pleaded guilty Tuesday to a felony count of accessing a protected computer without authorization and was scheduled to be sentenced Dec. 4. Under terms of a plea bargain with prosecutors, he is expected to receive six months of home detention and pay nearly $37,000 (€28,884) in restitution.
In June 2005, McCarty accessed identification numbers, names, addresses, dates of birth and applicants' passwords to the USC site, according to the government. Federal investigators found information on seven different people on McCarty's home computer, which they seized.
Tuesday, September 05, 2006
Cisco, Juniper Snipe Over Korea Telecom?
Craig Matsumoto writes on Light Reading:
Cisco Systems Inc. now claims to be treading on Juniper Networks Inc.'s turf, with Monday's announcement that the CRS-1 core router has won business with KT Corp.More here.
What should Juniper's reaction be? One big shrug, some analysts say.
Juniper has bigger troubles elsewhere, they say.
Former TSA Worker's Personal Data Exposed
Thomas Frank writes in USA Today:
The Transportation Security Administration is warning 1,195 of its former employees that a contractor may have mailed their Social Security numbers and birth dates to the wrong addresses and left them open to identity fraud.More here.
The error, acknowledged in letters the TSA mailed in late August to each of the former employees, is the latest in a series of data breaches that may have exposed workers in both private and government jobs to identity thieves.
Intrigue: Phone Records Scandal at HP -- Update[2]
David A. Kaplan writes in Newsweek:
The confrontation at Hewlett-Packard started innocently enough.More here.
Last January, the online technology site CNET published an article about the long-term strategy at HP, the company ranked No. 11 in the Fortune 500. While the piece was upbeat, it quoted an anonymous HP source and contained information that only could have come from a director.
HP’s chairwoman, Patricia Dunn, told another director she wanted to know who it was; she was fed up with ongoing leaks to the media going back to CEO Carly Fiorina’s tumultuous tenure that ended in early 2005.
According to an internal HP e-mail, Dunn then took the extraordinary step of authorizing a team of independent electronic-security experts to spy on the January 2006 communications of the other 10 directors-not the records of calls (or e-mails) from HP itself, but the records of phone calls made from personal accounts. That meant calls from the directors’ home and their private cell phones.
Update: More here via The Smoking Gun.
Update[2]: Yet more here, via The Mercury News.
U.S. Government Lawyer Defends Wiretapping Program
An AP newswire article by Larry Neumeister, via The Boston Globe, reports that:
A government lawyer used a dramatic scenario of a nuclear attack on Washington to illustrate his arguments Tuesday in defense of President Bush's warrantless wiretapping program.More here.
Anthony Coppolino, a special litigation counsel based in Washington, said the Constitution gives Bush the right as commander in chief to do what is necessary to surveil terrorists and stop them from attacking the United States, including interrogating someone who might have information about an imminent attack.
AlterNet: Weaponized Data
One of my favorit AlterNet columnists, Annalee Newitz, writes on AlterNet:
Something changed the Internet forever during the surreal years after the attack on the World Trade Center, when we went to war with a country whose citizens and leaders had nothing to do with what happened on September 11, 2001. Data mining was weaponized.More here.
The ability to track hidden information patterns in vast piles of unsifted data, once the purview of obscure academic articles and some start-ups with weird names like Inktomi and Google, became the touchstone of government efforts to track down terrorists. If a lack of intel is what allowed the terrorists to get us, then by gum, the spooks were going to get as much intel as they possibly could.
Universal Reported to Buy BMG for $2 Billion
An AP newswire article by Alex Veiga, via SFGate.com, reports that:
Vivendi SA's Universal Music Group has reached a tentative agreement with German media company Bertelsmann AG to acquire BMG Music Publishing for $2.05 billion, a person familiar with the deal said Tuesday.More here.
The agreement was expected to be signed as early as Wednesday, according to the person, who spoke on condition of anonymity, citing the confidential nature of the negotiations.
Silicon Valley Metro Connect Chosen for Valley Wireless Network
Sarah Jane Tribble writes in The Mercury News:
Silicon Valley leaders today chose a team that includes Cisco Systems and IBM to build, own, and operate free and affordable wireless connections for up to 2.4 million people in the South Bay.More here.
Silicon Valley Metro Connect, which also includes Azulstar and the non-profit SeaKay, hopes to begin building the network this fall with the first cities being able to use wireless Internet next year, said Diana Hage, director of wireless services at IBM.
Texas Men Cleared in Pre-Paid Cellphone DMCA 'Terror' Case
Kevin Poulsen writes on 27B Stroke 6:
A federal magistrate today dismissed with prejudice a disgraceful DMCA prosecution against three young Texas men who bought a lot of cell phones while looking Arab.More here.
Adham Othman, 21, his brother Louai Othman, 23, and their cousin Maruan Muhareb, 18, were cleared of money laundering and conspiracy charges after a day-long preliminary hearing.
The three were rousted by local law enforcement in Michigan last month after they were spotted driving from Wal-Mart to Wal-Mart buying as many low-cost pre-paid cell phones as they could get their hands on.
Tuscola County authorities arrested them as suspected terrorists and made a lot of noise. Then when the case didn't pan out the feds stepped in with face-savings charges that the men conspired to violate the DMCA.
Few Tech Security Innovations Since Sept. 11
An AP newswire article by Brian Bergstein, via MSNBC, reports that:
Contrary to the promises from technologists that began almost immediately after the attacks, these five years have seen few dramatic security improvements. But the market remains a source of riches — real for some companies, still largely dreamed-of for others — primed with billions of dollars from the U.S. and international governments.More here.
Spending on domestic security across all U.S. federal agencies is expected to reach $58 billion in fiscal 2007 — up from $16.8 billion in 2001, according to the Office of Management and Budget. States and cities are annually contributing $20 billion to $30 billion more, Gartner Inc. Vice President T. Jeff Vining estimates.
U.S. Toll in Iraq
As of Tuesday, Sept. 5, 2006, at least 2,654 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,113 died as a result of hostile action, according to the military's numbers.More here.
The AP count is two higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.
As always, cryptome.org keeps a very, very extensive list here.
First U.S. Felony Spammer Loses Appeal
Roy Mark writes on internetnews.com:
America's first convicted felony spammer may finally be on his way to prison.More here.
The Virginia Court of Appeals Tuesday upheld the November 2004 conviction of Jeremy Jaynes, who was charged with three counts of using deceptive routing information in sending bulk commercial e-mail.
Although prosecutors sought a 15-year jail term for Jaynes, a Loudon County, Va., jury sentenced him to nine years in prison. Virginia Circuit Court Judge Thomas Horne allowed Jaynes to remain free on a $1 million bond until his appeal could be heard.
According to the evidence presented at the trial, Jaynes, 32, grossed more than $24 million in various e-mail scams.
U.S. DOJ Seeks to Expand Scope of Fingerprint Record System
Wade-Hahn Chan writes on FCW.com:
The Justice Department is seeking to amend regulations that would broaden the scope of offenses that warrant fingerprint entry into the Fingerprint Identification Records System.More here.
Published in today's Federal Register, the proposed amendment would add nonserious offenses and serious adult and juvenile offenses. Currently, these exclusions are documented only at the state and local levels.
The proposal also states that existing rules for collecting criminal record data applied to administrative purposes when the FBI collected fingerprint data manually. Digital fingerprint readers made the data more mobile and faster to gather.
Apple to Hold Another 'Big Event' Next Tuesday
Ed Oswald writes on BetaNews:
Apple has confirmed that it will be holding an event at 10 AM PT (1 PM ET) on September 12, however in true Apple style, the Cupertino company is mum on details of the actual event. Invites to the event feature the logo surrounded by four spotlights with the text "It's Showtime."More here.
The company has used its invitations in the past to give subtle clues as to what may be unveiled at that event. Rumors have surfaced over the past several months that Apple is planning to offer full-length feature films through the iTunes Music Store.
Redback Loses Verizon Edge Router Deal?
Jim Duffy writes on NetworkWorld:
UBS Warburg has downgraded the stock of Redback Networks, citing "industry contacts" indicating that Redback has lost an edge router deal at Verizon.More here.
UBS lowered the stock from Buy 2 to Neutral 2, according to a research report issued this week by the investment firm.
That report states that Redback is unlikely to win an edge router contract at Verizon even though the vendor has "the best technical solution." The business will instead go to Cisco as the second source supplier behind Juniper, the report states.
UBS says product portfolio breadth helped seal the deal for Juniper and Cisco.
Intel to Lay Off 10,500 in Major Restructuring
A Reuters newswire article, via MSNBC, reports that:
Chip-maker Intel Corp. says it is laying off 10,500 employees as part of a massive restructuring as it seeks to reverse sinking profits and regain market share.More here.
With profits plummeting and rival Advanced Micro Devices Inc. steadily gaining market share, analysts have said Intel needs to make the massive cuts from its 100,000-strong global payroll.
This marks the largest reduction in Silicon Valley since Sun Microsystems, a maker of server computers, said in May it would sack up to 5,000 workers.
Forensics Tech: Austrian Teen's Captor Used Old Computer, Complicates Investigation
An AP newswire article by William J. Kole, via SFGate.com, reports that:
Police combing through the house where Natascha Kampusch was held captive for 8 1/2 years said Tuesday they made an unusual discovery: Her captor, a communications technician, used an obsolete computer — and his odd choice now threatens to complicate their investigation.More here.
Maj. Gen. Gerhard Lang of the Federal Criminal Investigations Bureau said kidnapper Wolfgang Priklopil, who killed himself by jumping in front of a train within hours of Kampusch's escape on Aug. 23, relied exclusively on a Commodore 64 computer — a model popular in the 1980s but now considered an antique.
Lang told reporters the outmoded computer would complicate investigators' efforts to transfer files for closer examination later, saying it would be difficult "to transmit the data to a modern computer without loss."
Coalition Outline Concerns with Proposed WIPO Broadcast Treaty
Via The Center for Democracy and Technology (CDT).
CDT and a diverse group of companies, trade associations and public interest organizations issued a joint statement raising serious concerns with a proposed World Intellectual Property Organization (WIPO) broadcast treaty.More here.
The coalition outlined key problems posed by the treaty, which would grant broad, intellectual-property-like rights to broadcasters and cable-casters. Members of the coalition delivered the statement to the U.S. Government officials involved in the treaty negotiations, as well as to delegations from other WIPO countries.
U.S. Government to Review Rules Allowing Human Testing Without Consent
Joseph Rhee reports on ABC News' "The Blotter":
The federal government said it will now reconsider a controversial loophole that allows human medical experiments without the subjects' consent.More here.
The decision comes in the wake of a highly-criticized experiment involving a blood substitute product, Polyheme, which was given to trauma patients in 27 U.S. cities without their knowledge.
US Internet Awarded Minneapolis Wi-Fi Contract
Joni Morse writes on RCR Wireless News:
Internet Service Provider US Internet won a contract to build and operate a 54-square-mile, citywide Wi-Fi network in Minneapolis using equipment from BelAir Networks.More here.
The agreement spells out that the city will pay US Internet $2.2 million up front and $1.25 million a year so that the city’s facilities, as well as police and fire emergency services can become anchor tenants on the Wi-Fi network.
Seattle: Local Cingular Service Troubles Require a Reboot
Brad Wong writes in The Seattle Post-Intelligencer:
Cingular Wireless customers having trouble connecting a signal should "reboot" their mobile phones by turning it off for 15 minutes, then back on again, the company said Tuesday.More here.
Customers in parts of Seattle and the state suffered intermittent service Monday because of a switching facility problem, said Anne Marshall, a company spokeswoman based in Redmond.
More Employers Using Credit Checks to Screen Applicants
Diane E. Lewis writes in The Boston Globe:
In the past, only banks and financial service companies routinely ran credit checks on potential employees. But employers in other sectors increasingly are including them in the screening process to assess applicants' honesty and integrity, traits not readily gleaned from a résumé.More here.
US employers' use of credit checks increased 55 percent over the last five years, according to Spherion , a recruitment and staffing firm with offices around the country, including Massachusetts.
Netcraft September 2006 Web Server Survey
In the September 2006 survey we received responses from 96,854,877 sites, and increase of 4.2 million (4.3%) from last month's survey. This continues the accelerated pace of Internet growth in recent months, as the survey has gained 15.5 million sites since June.More here.
Growth is being driven by two trends: the popularity of blogging services, and the heated battle between Microsoft and Google for new users for their web platforms. Huge growth continues at Windows Live Spaces, Microsoft's free blogging/networking service, which added 1.3 million hostnames last month. Google had a gain of 459K hostnames, primarily at Blogger, its free blogging service.
Significantly, the free hosting offerings appear to be attracting new users. In the first five months of the year, the Internet added an average of 2.75 million new hostnames per month. Since June, that average has more than doubled, to 5.4 million sites per month. The number of new sites created will always exceed the net monthly gain, as some sites are discontinued or see their domain names expire.
U.S. Army Names Six Vendors for Satellite Contract
Dawn S. Onley writes on GCN.com:
The Army has awarded its five-year, $5 billion Worldwide Satellite Systems contract to six vendors.More here.
The award winners include two large businesses—Boeing Co. and General Dynamics Corp.—and four small businesses: DataPath of Duluth, Ga.; D&SCI of Eatontown, N.J.; Globecomm Systems of Hauppauge, N.Y.; and TeleCommunications Systems of Annapolis, Md.
Under the indefinite-delivery/indefinite-quantity contract, each vendor is required to bring turnkey commercial satellite systems and associated support services for satellite terminals, including all hardware, software, services and data to operate the terminals.
Defense Tech: Robotic Frisbees of Death
Via Defense Tech.
It ain't easy, picking out evil-doers in the urban canyons of the Middle East; there are so many places to hide. Taking 'em out can be even harder, what with all those noncombatants hanging nearby. But the Air Force thinks it might have an answer to this most vexing problem in counter-insurgency: frisbees.More here.
Not just any frisbees, mind you. Robotic frisbees. Heavily armed robotic frisbees.
The Air Force recently tapped Triton Systems, out of Chelmsford, Mass, to develop such a "Modular Disc-Wing Urban Cruise Munition."
Steve Irwin's Death Clogs Websites, Stuns Fans
Paul Tait writes for Reuters:
In death as in life, iconic TV naturalist Steve Irwin captivated millions worldwide and clogged the Internet as fans from Guam to Glasgow reacted with disbelief to news "The Crocodile Hunter" was dead.More here.
Some Web sites groaned to a halt within hours of the first reports on Monday that Irwin had been killed by a stingray's barb through his chest in a freak diving accident off Australia's northeast coast.
Web measurement company Hitwise said Irwin's death was the biggest news event read by Australians on the Internet since two Australian miners were trapped by a mine collapse in southern Tasmania state in late April.
Monday, September 04, 2006
U.S. Toll in Iraq
As of Monday, Sept. 4, 2006, at least 2,651 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,102 died as a result of hostile action, according to the military's numbers.More here.
The AP count is 10 higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.