Saturday, September 16, 2006

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Sept. 16, 2006, at least 2,681 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,131 died as a result of hostile action, according to the military's numbers.

The AP count is five more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Friday, September 15, 2006

Unisys Contractor Arrested in VA Theft

Robert McMillan writes on NetworkWorld:

Authorities have charged a 21 year-old Unisys subcontractor with stealing a desktop computer with billing information on as many as 38,000 Department of Veterans Affairs medical patients.

Khalil Abdulla-Raheem, of Washington, D.C., was charged Wednesday with theft of government property. He is the employee of an unnamed company that "provides temporary labor to Unisys," according to a statement released by the Veterans Affairs (VA) department's Office of Inspector General.

More here.

NASA Awards Thermal Protection Contract for Orion Spacecraft

Orion approaches the International Space Station.
Image source: NASA / Lockheed Martin Corp.


Via NASA.

NASA has selected The Boeing Company, Huntington Beach, Calif., to support the design and development of a lunar direct return-capable heat shield for the Orion crew exploration vehicle. The hybrid firm fixed-price and cost-plus-fixed-fee contract has a 16-month period of performance, with a maximum value of approximately $14 million, including all priced options.

The heat shield will protect the spacecraft and crew during atmospheric reentry following missions to the moon or the International Space Station. The heat shield attached at the base of the spacecraft will reject the majority of the heat generated during re-entry into Earth's atmosphere. Returning from missions to the station, Orion will re-enter at speeds similar to those experienced by the space shuttle - 16,700 miles an hour. Returning from the moon, Orion will reenter the atmosphere at speeds of about 25,000 miles an hour and experience heating about five times as extreme as missions returning from the station.

NASA's Constellation Program is developing Orion as NASA's primary vehicle for future human space exploration. Orion will carry astronauts to the station by 2014, with a goal of landing astronauts on the moon no later than 2020.

More here.

DHS Appoints WMD Intelligence Chief

Via UPI.

A new post at the Department of Homeland Security will get it up to speed with the latest intelligence about terror threats from weapons of mass destruction.

Homeland Security Secretary Michael Chertoff announced this week that Maureen McCarthy, a career government scientific advisor, had been appointed to the new post of senior advisor for weapons of mass destruction, or WMD, intelligence programs within the department's Intelligence and Analysis Directorate.

McCarthy "will be responsible for improving the department's capability to acquire timely and actionable strategic intelligence in support of homeland security operations that counter WMD threats," said Chertoff in a statement Wednesday.

More here.

Freescale to be bought by Blackstone, Texas Pacific, Carlyle Group

Via The Austin American-Statesman's "The Ticker" Blog.

Freescale Semiconductor, Inc., said today that it has entered into a definitive merger agreement to be acquired by a private equity consortium in a transaction with a total equity value of $17.6 billion.

The consortium is led by The Blackstone Group, and includes The Carlyle Group, Permira Funds and Texas Pacific Group.

More here.

Political Toon: FUBAR


Click for larger image.


California: Governor Signs Hands-Free Cell Phone Bill

Via NBC11 (San Jose/San Francisco/Oakland).

Gov. Arnold Schwarzenegger signed a bill Friday that will force drivers to use a hands-free device when driving and talking on a cell phone.

The bill, introduced by state Sen. Joe Simitian, D-Palo Alto, would prohibit the use of cell phones in a moving vehicle unless the driver is using a hands-free device.

Simitian told NBC11 News that cell phones are the No. 1 cause of distracted-driving accidents in California.

The bill will go into effect July 1, 2008.

More here.

Rumor Mill: Nortel May Acquire Force10

Phil Harvey writes on Light Reading:

After flirting with the idea of going public for several quarters, Force10 Networks Inc.'s most likely exit may be via an acquisition by Nortel Networks Ltd., according to several sources.

One analyst has put the deal as a strong possibility.

More here.

Security Breach Affects Nikon Magazine

Via BetaNews.

A security breach on the Web site of Nikon World magazine exposed the identities of 3,235 of its subscribers on Tuesday, the company said. For approximately nine hours, subscribers' addresses, contact details and credit card information were viewable by nine new subscribers to the magazine. According to the company, the issue occurred as a result of a system failure by a third-party vendor that has since been repaired.

Nikon World said it had contacted all those which had been affected by the breach, as well as the nine subscribers who were able to view the information. "The company is taking this incident very seriously as the privacy and protection of its subscribers is of utmost importance to Nikon, as is full disclosure," it said in a statement. Nikon said customers with questions on the breach should contact the company.

More here.

VSNL-FLAG Battle Escalates

Nicole Willing writes on Light Reading:

Accusations are flying fast between Indian carriers Videsh Sanchar Nigam Ltd. (VSNL) and Reliance Communications Ltd., engaged in a long-standing feud over access to a subsea cable landing station in Mumbai that’s heading back to the courts.

Here's the background: Reliance has long accused VSNL of inflating access charges, blocking its FLAG Telecom Group Ltd. subsidiary from selling capacity to other companies, and refusing to grant access to the landing station so that it can upgrade its FLAG Europe-Asia (FEA) cable system.

More here.

Irish Lobby Group Hopes to Dismantle EU Data Rentention Laws

Via OUT-LAW.com.

An Irish lobby group aims to dismantle Europe's laws forcing telecoms firms to retain phone and internet data on citizens. The group, Digital Rights Ireland, is taking a case both against the Irish Government and the European Directive on data retention.

The action will begin in the High Court but is likely to be heard in the European Court of Justice, said the chairman of DRI, TJ McIntyre. The suit argues that the Irish law breaches that country's Constitution and that the EU Directive contravenes the European Convention on Human Rights.

More here.

Spamhaus Ignores U.S. Court?

Via p2pnet.net News.

UK anti-spam outfit Spamhaus is ignoring a US District Court for the Northern District of Illinois ruling ordering it to fork out $11,715,000 in damages to e360insight and e360insight's David Linhardt.

The court also told Spamhaus, "to remove Linhardt's ROKSO record and to cease blocking Linhardt's spam," it says.

But the Illinois ruling, "shows U.S. courts can be bamboozled by spammers with ease," says Spamhaus, pointing out the suit went to default judgement when Spamhaus didn't accept US jurisdiction and, therefore, didn't defend it.

Link.

Gapingvoid: Give Us Your Money!

Via gapingvoid.com. Enjoy!

Survey: Data Breaches Yield Few ID Thefts

No real surprise here, either, however bear in mind that this is a survey, and the numbers reflect what people think or have experienced.

Jaikumar Vijayan writes on ComputerWorld:

Contrary to popular perception, computer data breaches are less likely to result in identity theft and other fraud than off-line causes such as lost or stolen wallets and checkbooks.

That was the finding of a year-long study of about 5,000 U.S. consumers by Pleasanton, Calif.-based analyst firm Javelin Strategy & Research. Javelin's research showed that despite recent hype, data breaches were responsible for just 6% of all known cases of identity theft, compared to 30% from incidents like losing one's wallet. The study also showed that less than 1% of all individuals whose data was lost later became victims of ID theft.

More here.

RSA Security Holders Approve EMC Takeover

An AP newswire article, via Yahoo! News, reports that:

RSA Security Inc., a provider of security software and hardware for networks, on Friday said its shareholders approved the company's $2.1 billion acquisition by data storage provider EMC Corp.

The transaction, which has cleared a regulatory review, was expected to be completed within two business days, Bedford-based RSA said.

More here.

Cyber Crime Becoming More Organized

No real surprises here...

Matthew Jones writes for Reuters:

Cyber scams are increasingly being committed by organized crime syndicates out to profit from sophisticated ruses rather than hackers keen to make an online name for themselves, according to a top U.S. official.

Christopher Painter, deputy chief of the computer crimes and intellectual property section at the Department of Justice, said there had been a distinct shift in recent years in the type of cyber criminals that online detectives now encounter.

"There has been a change in the people who attack computer networks, away from the 'bragging hacker' toward those driven by monetary motives," Painter told Reuters in an interview this week.

Although media reports often focus on stories about teenage hackers tracked down in their bedroom, the greater danger lies in the more anonymous virtual interlopers.

More here.

Thursday, September 14, 2006

Computer Containing Veterans' Data Found

An AP newswire article, via MSNBC, reports that:

The government said Thursday it had recovered a Veterans Affairs Department subcontractor's lost desktop computer containing personal data for 16,000 veterans.

The FBI and Veterans Affairs Office of Inspector General said Khalil Abdullah-Raheem was charged Wednesday on theft charges after the Unisys Corp. computer went missing in July.

The computer, which was taken from Unisys' offices in Reston, Va., contained personal data for veterans who received care at VA medical centers in Philadelphia and Pittsburgh.

More here.

FCC Chief Sees Hurdles to Satellite TV Deal

Jeremey Pelofsky writes for Reuters:

Television service being launched by telephone companies has not yet offered sufficient competition to allow consolidation in the satellite television industry, U.S. Federal Communications Commission Chairman Kevin Martin said on Thursday.

Speculation has swirled in recent weeks that DirecTV Group Inc. and EchoStar Communications Corp. might try to merge again. The two companies tried to combine in 2002 but were turned down by the FCC and have denied the latest rumors.

More here.

Honeyblog: Haxdoor Reaps 39K Victims in 9 Days (For Starters)

Thorsten Holz writes on Honeyblog:

Recently there was a malware incident within the network of my old university in Aachen: Blast-o-Mat, a custom IDS system, picked up an infected machine and redirected it to a quarantine webserver. This way, the user is instantly noticed that something went wrong and he can download patches and AV engines at that web site. A closer examination revealed that the infected machine also did some strange web requests. It tried to post data to a PHP script located at a remote server.

It turned out that this machine was infected with Haxdoor, one of the most advanced Trojans out there nowadays. Haxdoor (AKA Goldun) is - among other things - capable of collecting private data like username/password combinations entered within Internet Explorer and has also some rootkit capabilities.


During further investigation, several log files which contained all information stolen from all infected machines could be found. In total, these log files contained more than 6,6 million entries, an equivalent of 285 MB of data. This data was stolen from the compromised machines between April 19 and April 27, 2006, so within only nine days. In total, more than 39,000 different IP addresses fell victim of this particular Haxdoor infection. This shows the effectiveness of this kind of attacks.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Sept. 14, 2006, at least 2,676 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,126 died as a result of hostile action, according to the military's numbers.

The AP count is five more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Canada: Police Powerless to Find Killers Online?

A Canadian Press article, via The Global National (Canada), reports that:

Canada’s police forces employ 61,000 but only 245 officers track criminals online, which has experts wondering how police can catch murderers online before they kill.

Kimveer Gill, 25, posted several disturbing messages in an online blog, including his desire to die in a "hail of bullets," which has prompted a number of questions about how much police forces should invest in cybercrime units.

More here.

FTC Shuts Down Four Spam Rings

Elinor Mills writes on C|Net News:

The Federal Trade Commission has shut down four illegal Internet spam operations, including two that hijacked computers to send sexually explicit spam.

In the U.S. District Court for the Northern District of Illinois, Cleverlink Trading and its partners were ordered to pay $400,000 made from sending e-mail that offered the opportunity to "date lonely wives" and that violated nearly every provision of the Can-Spam Act, the FTC said in a statement on Thursday.

The Can-Spam Act requires that spam e-mail messages be labeled as ads, include the sender's postal address, provide an opt-out method, label sexually explicit material as such, and not show graphic sexual images in the initially viewable area of the message, among other things.

In another case, the FTC alleged that Zachary Kinion sent spam that advertised adult sites, mortgage rates and privacy software. It also said that Kinion paid others to send unsolicited e-mail messages and sent spam via so-called "zombie" computers without the knowledge of the PC owners.

More here.

FBI Floats Wide-Ranging Wiretap Proposal

Grant Gross writes on InfoWorld:

Foreign Internet service and applications providers would be required to base inside the country the servers they use for U.S. customers, under a proposal from the U.S. Department of Justice (DOJ).

The DOJ and its U.S. Federal Bureau of Investigation (FBI) division are taking that message to the U.S. Congress and asking lawmakers for a broad rewrite of U.S. wiretapping rules.

However, some members of Congress have ripped into the Chinese government for a similar law requiring Internet providers to locate their servers inside its borders.

U.S. lawmakers have criticized the Chinese law because it allows the government to censor and monitor Internet traffic. The DOJ proposal, which would amend a 1994 telephone wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA), aims to allow the U.S. government easier access to servers so it, too, can monitor communications.

The proposed law, not yet introduced in Congress, would likely set off an arms race in which other countries that want to conduct online surveillance require U.S. companies such as Google Inc. and Microsoft Corp. to locate servers inside their borders, said John Morris, director of the Internet Standards, Technology and Policy Project at the Center for Democracy and Technology, a civil liberties group.

More here.

Spammers Speed Up Domain Cycling To Stay Off Blacklists

Gregg Keizer writes on TechWeb News:

Spammers are cycling through their lists of product-pitching URLs faster than ever, McAfee Inc. said Wednesday.

In August, major spam campaigns ran through 72 percent more domains per hour than the month prior, the Santa Clara, Calif. company said.

Spammers often use multiple URLs in their campaigns to avoid anti-spam blacklists, then change the embedded links as each batch of junk mail goes out. The dramatic increase in the number of different domains shows that spammers are stepping up their attempts to stay ahead of security defenses.

More here.

Politics: Lawless 'Compromises'

An editorial from the staff at The Nation.

The [Nation] Editors write that the key midyear election issue is that torture and eavesdropping are illegal.

We are a nation founded on the rule of law.

More here.

Quote of the Day: John Paczkowski

"Security Outsourcing Solutions calls its online newsletter 'Corporate Homicide,' but given its reported role in the Hewlett-Packard plumbing scandal, a better name might be Corporate Suicide."

- John Paczkowski, over on Good Morning, Silicon Valley.

MySpace Murder Plot Foiled

Via The Smoking Gun.

Meet Heather Kane. The Arizona woman, 22, is facing a murder conspiracy rap for allegedly soliciting a hit man to bump off a woman whose picture appeared on her boyfriend's MySpace page.

Kane was arrested Tuesday, shortly after Mesa police learned that she was seeking someone to kill her squeeze's "female friend," according to a probable cause statement filed in Justice Court.

According to investigators, Kane was willing to pay $1000 for the murder, and gave an undercover officer a $400 down payment during a meeting in a grocery store parking lot. During that parley, Kane gave the cop photos of the female target, noting that she "pulled them off a MySpace web site from her boyfriend." Kane allegedly asked that the target be shot in the head and that the hit man provide her with a post-murder photo of the victim. It is unclear what drove Kane to allegedly plot the other woman's murder.

More here.

UN Attacks U.S. Nuclear Report on Iran

David Fickling writes on The Guradian (UK):

The UN's nuclear watchdog has made a stinging attack on the US Congress over an "outrageous and dishonest" report on Iran's nuclear programme.

The International Atomic Energy Agency (IAEA) said that the congressional report published last month contained "erroneous, misleading and unsubstantiated information", and that it took "strong exception" to "incorrect and misleading" claims in the report that the IAEA was covering up some of its doubts about Iran's nuclear intentions.

More here.

Exploit Posted for New IE Zero-Day

Ryan Naraine writes on eWeek:

Security researchers in China have published detailed exploit code for a new zero-day vulnerability in Microsoft's dominant Internet Explorer browser.

The exploit, which was posted to XSec.org and Milw0rm.com Web sites, could be easily modified to launch code execution attacks without any user action on fully patched Windows machines.

Officials in the MSRC (Microsoft Security Response Center) could not be reached to respond to the latest warning, which adds to a list of known high-risk vulnerabilities that remain unpatched.

More here.

DHS Contract: $266K for AP Wire Services

Yes, you read that correctly.

Christian Beckner writes on Homeland Security Watch:

Fedbizopps posted a notice today about DHS’s intention to award a sole-source firm-fixed price contract, at $266,400 over two years, to the Associated Press for newswire services.

More here.

'Internet Watch List' Identifies Dangerous Legislation

Via The Center for Democracy and Technology (CDT).

As Congress mounts its final push before the midterm elections, a number of bills that threaten the bedrock of Internet privacy and civil liberties could either come up for votes or worm their way into larger legislative packages that end up being rushed into law.

Today, the Center for Democracy & Technology (CDT) issued its "Internet Watch List," which contains nine legislative efforts that should not be allowed to succeed in the so-called "silly season" at the end of the 109th Congress. In the coming weeks, CDT will urge lawmakers, journalists and the online public to keep close watch on these legislative efforts to ensure that this collection of bad ideas doesn't become a collection of bad laws.

More here.

Wednesday, September 13, 2006

GA Tech Researchers Believe Spam Should be Fought at Network Level

Ericka Chickowski writes on SC Magazine Online:

A pair of Georgia Tech researchers suggested this week that internet service providers (ISPs) might be able to fight junk email more efficiently at the network level rather than using message content filters.

"Content filters are fighting a losing battle because it's easier for spammers to simply change their content than for us to build spam filters.," said Nick Feamster, a Georgia Tech assistant professor of computing. "We need another set of properties, not based on content. So what about network-level properties? It's harder for spammers to change network-level properties."

Feamster and his Ph.D. student Anirudh Ramachandran spent 18 months studying [.pdf] Internet routing and spam data in order to understand what the best network-level properties could be used to develop a spam filter design. During this time they collected a database of more than 10 million spam e-mails to learn how these messages are being routed.

Feamster said that they were able to establish some key findings from the data. First among these is the fact that internet routes are frequently being hijacked by spammers. Feamster and Ramachandran said they were able to identify many narrow ranges within internet protocol (IP) address spaces that are generating only spam, as well as the ISPs from which the spam is coming.

"We know route hijacking is occurring," Feamster said. "It's being done by a small, but fairly persistent and sophisticated group of spammers, who cannot be traced using conventional methods."

More here.

California Teens In Custody After Alleged MySpace Video Beating

Via NBC11 (San Jose/San Francisco/Oakland).

Five Bakersfield teenagers are in custody after a video posted to the Web site MySpace.com allegedly shows them beating a girl.

The group of teens, which includes boys and girls ages 15 and 16 years old, were arraigned Tuesday.

They were charged with torture, assault with a deadly weapon, battery and other charges.

More here.

Universal Music Pressuring YouTube, MySpace

Yinka Adegoke writes for Reuters:

Universal Music Group, the world's biggest record company, is stepping up pressure against popular online sites YouTube and MySpace, accusing them of infringing the copyrights of its artists' music videos.

Universal chief executive Doug Morris described video site YouTube and News Corp.'s social networking site MySpace as "copyright infringers" during a Merrill Lynch investors' conference speech on Tuesday that was closed to the press.

"The poster child for (user-generated media) sites are MySpace and YouTube," said Morris, according to a transcript obtained by Reuters. "We believe these new businesses are copyright infringers and owe us tens of millions of dollars."

More here.

Online Gambling to Become Part of Defense Bill?

An AP newswire article, via MSNBC, reports that:

Senate Majority Leader Bill Frist is trying use a bill authorizing U.S. military operations, including in Iraq and Afghanistan, to prohibit people from using credit cards to settle Internet gambling debts.

Frist, R-Tenn., and his aides have been meeting with other lawmakers and officials in both the House and Senate to get the measure attached to a compromise Defense Department authorization bill, according to a Senate GOP leadership aide.

More here.

U.S. Likely to Keep Control of Internet Name System

Joel Rothstein writes for Reuters:

A U.S. State Department official on Wednesday said that the United States should retain control of the Internet domain naming system and not relinquish it at the end of September when the current agreement ends.

"It won't happen on my watch," said Ambassador David Gross of the State Department's Bureau of Economic Affairs.

Gross, who has been U.S. coordinator of international communications and information policy since 2001, spoke at a Washington event along with other advocates of continued U.S. Internet authority.

More here.

Ed Felten Raises Alarm Over Electronic Voting, Hacks Test Machine

Go, Ed!

An AP newswire article, via USA Today, reports that:

A Princeton University computer science professor added new fuel Wednesday to claims that electronic voting machines used across much of the country are vulnerable to hacking that could alter vote totals or disable machines.

In a paper posted on the university's website, Edward Felten and two graduate students described how they had tested a Diebold AccuVote-TS machine they obtained, found ways to quickly upload malicious programs and even developed a computer virus able to spread such programs between machines.

The marketing director for the machine's maker — Diebold Inc.'s Diebold Election Systems of Allen, Texas — blasted the report, saying Felten ignored newer software and security measures that prevent such hacking.

More here.

Deutsche Telekom Could Open Network

A Reuters newswire article, via The International Herald Tribune, reports that:

Deutsche Telekom must open its new €3 billion, or $3.8 billion, super-fast broadband network to rivals unless it proves it is offering new products, the German telecommunications regulator said Wednesday.

The move comes as Berlin and Deutsche Telekom, the biggest telecoms group in Europe by sales, are battling with the European Union's top regulator over whether the new network should be regulated.

More here.

David Ulevitch: Why Do We Pay Internet Bad Guys?

Via Venture Beat.

David Ulevitch, who runs OpenDNS, has written a notable post below about the scams being run on Web users, and how big companies like Google and Yahoo aren’t doing much about it.

Why is Google accepting money from “fraudulent” advertisers, as David calls them? Great question, and we’ll take it to Google!

More here.

Virginia Beach Man Reprograms ATM To Disperse More Cash

An AP newswire article, via The Boston Globe, reports that:

Police were looking for a man who reprogrammed a gas station ATM to give out four times as much money as it should.

Surveillance footage shows a man walking into the gas station at 6:17 p.m. on Aug. 19, swiping an ATM card and punching in a series of numbers, breaking the machine's security code. The automated teller machine was reprogrammed to disburse $20 bills but record it was a $5 debit to his account, Virginia Beach Police spokeswoman Rene Ball said.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Sept. 13, 2006, at least 2,671 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,124 died as a result of hostile action, according to the military's numbers.

The AP count is two more than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Air Force Awards Deal for Air and Space Operations Centers to Lockheed Martin

Glenn W. Goodman Jr. writes on GCN.com:

Following a lengthy source-selection process, the Air Force yesterday selected Lockheed Martin Corp. to be the weapon systems integrator for its worldwide Air and Space Operations Centers.

The initial three-year contract, awarded by the Electronic Systems Center at Hanscom Air Force Base, Mass., is for $589 million, with priced options for seven more years that would bring the total contract value up to about $2 billion.

More here.

India Wires Africa to Beat China

Nicole Willing writes on Light Reading:

The government of India is awarding millions of dollars in grants to African countries for a cross-continental communications network, in the hopes of selling some telecom gear -- and sticking it to China in the process.

The Indian government is investing $1 billion on a massive joint initiative with the African Union to build a Pan-African e-Network (PAN), which will hook up 53 countries with integrated satellite, fiber, and wireless connectivity.

The project, first outlined in a memorandum of understanding between the two parties in October 2005, is moving ahead with Ethiopia, South Africa, Ghana, and Mauritius as the first beneficiaries and Senegal hosting the network hub.

More here.

Plame Sues Armitage Over CIA Leak

Former Ambassador Joseph Wilson, and wife Valerie Plame Wilson.


An AP newswire article by Matt Apuzzo, via SFGate.com, reports that:

One-time covert CIA officer Valerie Plame sued the former No. 2 official at the State Department on Wednesday, accusing him of violating her privacy rights.

However, the lawsuit did not accuse Richard Armitage, who was deputy secretary of state in the Bush administration, of participating in an administration conspiracy to blow her cover.

More here.

Hymn Removes iTunes 7 DRM

Via Wired News Listening Post.

It's only been a day since Apple updated iTunes to version 7, but the folks over at the Hymn project already have a new version of the program that can be used to remove the DRM from songs purchased from it. It's an updated version of the recent release that could remove DRM from music purchased from iTunes 6.

More here.

Political Toon: America, The Fractured


Click for larger image.


CDT: NSA Bill 'Major Disaster'

Ryan Singel writes on 27B Stroke 6:

The Center for Democracy and Technology's policy director Jim Dempsey, a longtime expert on national security law who testified to the Judiciary Committee on Senator Arlen Specter's NSA bill, described the bill's passage out of committee a "major disaster."

Specter's bill was drafted in concert with the Vice President's office, and Specter has championed the bill because the administration promised him that it would submit its warrantless wiretapping program to a secret court for review, though the bill makes that optional, and arguably makes the program legal, due to changes to the law governing surveillance.

More here.

House GOP Leaders Fight Wiretapping Limits

Jonathan Weisman writes in The Washington Post:

House leaders moved yesterday to temper many of the controls that a bill headed toward rapid passage would have imposed on the Bush administration's program for wiretapping terrorism suspects without court approval.

The bill, set for Judiciary Committee consideration today, would have forced the administration to seek a warrant for surveillance within 60 days and bolstered consultations with Congress on the program. But last-minute changes pushed by senior Republicans may allow warrantless surveillance to largely continue without those controls. Instead, House Republican leaders brought their bill in line with legislation agreed to by the White House and the Senate, which would allow but not require the administration to submit the program to a secret court for a constitutional review.

Republican leaders, in the midst of an increasingly angry attack on Democrats over defense matters, made it clear that they will not challenge President Bush's authority in matters of national security as they challenge their opponents' commitment to fighting terrorism.

More here.

NSA Writes Own Recommendation Letter

Ryan Singel writes on 27B Stroke 6:

The National Security Agency advised Senators who wanted to know what they could publicly say about the NSA's warrantless spying on American's international communications that they should say that the "country owes [the NSA] an enormous debt of gratitude] and that "the program must continue," according to AP and Washington Post stories.

More here.

Bank, Customers Spar Over Phishing Losses

Via Netcraft.

Who should bear the cost of phishing losses: the bank or the customer? That question is at the heart of a recent dispute between the Bank of Ireland and a group of customers that fell victim to a phising scam that drained 160,000 Euros ($202,000) from their accounts. The bank initially refused to cover the losses, but has since changed its mind and credited the accounts of nine victims, who had threatened to sue to recover their funds.

The Bank of Ireland incident is one of the first public cases of a bank seeking to force phishing victims to accept financial responsibility for their losses, but it likely won't be the last. Phishing scams continue to profilerate, as Netcraft has blocked more than 100,000 URLs already in 2006, up from 41,000 in all of 2005. Financial institutions continue to cover most customer losses from unauthorized withdrawals. But after several years of intensive customer education efforts, the details of phishing cases are coming under closer scrutiny, and the effectiveness of anti-phishing efforts taken by both the customer and the bank are likely to become an issue in a larger number of cases.

The issue of responsibility has been most prominent in the UK. In late 2004, the UK trade association for banks, known as APACs, began warning that financial institutions may stop covering losses from customers who have ignored safety warnings. That stance is reflected in the group's statement on customer protection.

More here.

User Friendly: Addiction as an Inalienable Right

Via UserFriendly.org.


Click for larger image.


Some Vonage Investors Threatened With Legal Action

Via Red Herring.

Apparently buyer’s remorse is not a good enough reason to back out of a deal, so Vonage Holdings investors who have not paid for the company’s disappointing stock are being threatened with legal action unless they come up with payment.

Some of Vonage’s customers who signed up to buy shares of the company when it went public in May have refused to pay for more than a million shares.

The letters, sent by participating brokerages, were worded sternly, which was appropriate, according to a statement from Citigroup, one of the underwriters, since the prospective buyers were fully informed of their obligations.

More here.

Google Taps Fiber with Manhattan Move

Steve Bryant writes on Google Watch:

Google's new Manhattan office sites atop one of the biggest fiberoptic facilities in North America.

I've been doing research for a separate project on Google's new offices in Manhattan, which I first reported about here. I can't reveal everything just yet, but I do have more details to report. Turns out 111 8th Avenue is one of the premier "carrier hotels" in the country, a 2.8-million-square-foot behemoth of a fiber gateway.

What's a carrier hotel? It's a very secure, very expensive location for firms that traffic in large amounts of data. 111 8th Avenue, it turns out, sits right on top of the Hudson Street-Ninth Avenue fiber highway. By moving into its new building, Google is gaining access to a nearly unlimited amount of bandwidth. The only other building in New York that has this kind of power is 60 Hudson Street. Suffice to say, the two are closely connected.

More here.

U.S. Senate Panel Clears Terror Surveillance Legislation

James Rowley writes for Bloomberg News:

A Senate panel approved legislation on a party-line vote authorizing President George W. Bush's domestic eavesdropping program with court review.

The measure, approved by a 10-8 vote in the Republican- controlled Senate Judiciary Committee, now goes to the full Senate, where Republican leaders plan to seek a vote before lawmakers leave next month to campaign for November's election.

The measure would authorize a secret court to rule on the legality of the National Security Agency's program to listen to the international calls between al-Qaeda operatives overseas and their suspected confederates in the U.S. without court warrants.

More here.

DHS Releasing Report on Cyber Storm Exercise

Christian Beckner writes on Homeland Security Watch:

The Department of Homeland Security released a report [.pdf] today on the Cyber Storm exercise held several months ago to test cybersecurity response capabilities. The DHS announcement of the report indicates eight major findings in it:

  1. Interagency Coordination: Interagency and cross-sector information sharing enhanced overall coordination, communication and response.
  2. Contingency Planning, Risk Assessment and Roles and Responsibilities: Clearly defined processes and procedures increased overall ability to plan for and assess situations.
  3. Correlation of Multiple Incidents between Public and Private Sectors: The cyber community was effective in addressing individual threats and attacks, but faced challenges in cross-sector situational awareness during a coordinated cyber attack campaign.
  4. Exercise Program: Ongoing exercises will strengthen awareness of cyber incident response, roles, policies, and procedures.
  5. Coordination between Entities of Cyber Incidents: Establishing expectations, roles, processes and communications in advance will dramatically improve coordination and response.
  6. Common Framework for Response to Information Access: Early and ongoing information sharing across governments and sectors created a common framework for response and strengthened relationships between domestic and international response partners.
  7. Strategic Communications and Public Relations: Public messaging is an important aspect of incident response and empowers individuals and industry to take appropriate action to protect themselves and the nation’s critical infrastructure.
  8. Improvement of Process, Tools and Technology: Improved processes, tools and technology focused on the physical, economic and national security affects of a cyber incident will benefit the quality, speed and coordination of a response.

More here.

U.S. Military Investigates Leaked Photo


An AP newswire article by Paul Garwood, via SFGate.com, reports that:

The U.S. military said Wednesday it is looking into the unauthorized release of a photo purportedly taken by an American drone aircraft showing scores of Taliban militants at a funeral in Afghanistan.

NBC-TV claimed U.S. Army officers wanted to attack the ceremony with missiles carried by the Predator drone, but were prevented under rules of battlefield engagement that bar attacks on cemeteries.

Lt. Tamara Lawrence, a spokeswoman with the U.S. military in Kabul, said the photograph was released to the network by someone who did not have the clearance to hand it out.

"It is an operational security issue and the photo was released at an inappropriate level," Lawrence told The Associated Press. "Inquiries are being made into how it was released."

Lawrence declined to provide further details. It was not clear when the photo was taken nor where the gathering took place.

More here.

Vyatta Back in the News: Raises $7.5M in First Round




Via The Silicon Valley/San Jose Business Journal.

Vyatta Inc., an open source network company, said Wednesday it raised $7.5 million in its first round of venture funding.

Giving money in the round were J.P. Morgan Partners, Palo Alto-based ComVentures and ArrowPath Venture Partners, which has an office in Redwood City. Vyatta will spend the money on advertising and selling its products.

Vyatta offers open source products on its Web site, then charges customers for upgrades and technical assistance. In August, the company released an open source router and said it would charge customers an annual fee starting at $497 for upgrades and help.

The San Mateo company's name comes from the Sanskrit word meaning "open."

More here.

Report Says CompUSA is For Sale

An AP newswire article, via USA Today, reports that:

The owner of electronics retailer CompUSA has reportedly asked financial advisers to find buyers for the chain.

The Dallas Morning News, citing unnamed sources familiar with the offer, reported Wednesday that Grupo Carso of Mexico asked Credit Suisse to quietly approach investors who might be interested in the 230-store chain.

A CompUSA spokesman declined to comment to The Associated Press, and officials at Credit Suisse did not immediately return calls.

More here.

UK: Police Laptop Bought at Car-Boot Sale

Chris Mellor writes on TechWorld (UK):

Scottish police have been embarrassed by the appearance at a confidential laptop bought at a car-boot sale.

The laptop contained road accident crash victim pictures, according to the BBC. The Lothian and Borders Police had disposed of the unwanted device through a third-party "specialist" firm, it said. It was bought at a Glasgow car boot sale by a computer engineer. The computer's hard-drive also held data on 200 police officers and yet the system was not password-protected.

More here.

UK: BT Threatens Satellite Dishes

Only one of Goonhilly's dishes, Arthur, will remain after 2008.
Image source: The BBC


Via The BBC.

Three-quarters of staff at the largest satellite communications station in the world could lose their jobs after BT said it planned to scale down the site.

Ninety of the 120 workers at Goonhilly, in Cornwall, could lose their jobs or be redeployed, as satellite operations are moved to Madley, in Herefordshire.

An internal BT report says the move would help the firm centralise and remain competitive, the BBC can reveal.

More here.

Tuesday, September 12, 2006

Ben Edelman: Which Anti-Spyware Programs Delete Which Cookies?

The Guru of All Things Spyware & Adware, Ben Edelman has conducted an exhaustive comparison of Anti-Spyware products:

Earlier this summer, Vinny Lingham and Clicks2Customers asked me to test the current state of cookie detections by major anti-spyware programs. They had noticed that for those anti-spyware programs that detect cookies, not all cookies are equally affected. Which cookies are most affected? By which anti-spyware programs? I ran tests to see -- forming a suite of cookies, then scanning them with the leading anti-spyware programs.

Vinny is generously letting me share my results with others who are interested.

Much, much more here.

Aussie Accused of Sending Two Billion Viagra Spam e-Mails

Simon Hayes writes on Australian IT:

An Australian man who allegedly sent two billion spam emails promoting Viagra could face prosecution.

The Australian Communications and Media Authority yesterday confirmed that it had raided a home in connection with the spam investigation.

ACMA officers executed a search warrant at the home, the location of which was not revealed, following a tip-off from authorities in The Netherlands that there was an Australian link in a spam campaign flooding Dutch email addresses.

"Preliminary analysis of the email messages contained in the spam campaign has identified that over two billion emails were sent in one spam campaign," said acting ACMA chair Lyn Maddock, adding the emails primarily promoted Viagra.

More here.

RCN Considering Putting Itself Up For Sale

Dana Cimilluca and Brett Cole write for Bloomberg News:

RCN Corp., a U.S. provider of cable- television, Internet and phone services in cities including New York and Boston, may put itself up for sale, two people with knowledge of the plans said.

The company hired Blackstone Group LP to help it evaluate options, said the people, who asked to remain anonymous since the review hasn't been made public. Possible bidders for RCN, which has a market value of $965 million, include private-equity firms and communications companies, they said.

More here.

Burning Man Web Site Hacked, Taken Down

Daniel Terdiman writes on the C|Net Media Blog:

Eight days after Burning Man, the annual countercultural arts festival held in Nevada's Black Rock desert, and attendees are still working to reintegrate with reality.

But for a community integrally linked with technology, and especially the Internet, it may have come as a shock Tuesday to find that the Burning Man Web site has been hacked and has been temporarily taken down.

On Tuesday, the site sported the following message, "The Burning Man website is currently down due to the activities of nefarious hackers. Our system administrators are working on rebuilding the server, and the site will be back up and running as soon as possible. We appreciate your patience."

No further information was immediately available.

More here.

FCC Sets Roadmap for Using Vacant TV Airwaves

Jeremey Pelofsky writes for Reuters:

The U.S. Federal Communications Commission on Tuesday set a road map for making vacant television airwaves available for other services by early 2009, when broadcasters are due to switch to digital signals.

Companies such as computer chipmaker Intel Corp. have been pressing the FCC to make those airwaves available to be used without a license, while broadcasters have expressed concerns about potential interference with their signals.

More here.

No Fix Yet for Microsoft Word 2000 Flaw

Joris Evers writes on C|Net News:

Microsoft on Tuesday provided patches for three security flaws, but it does not have a fix yet for a Word 2000 vulnerability being exploited in cyberattacks.

As part of its monthly patch cycle, Microsoft released updates for Office and Windows users to repair a trio of security flaws, a tally that is notably fewer than in previous months. The software maker deems the Office problem "critical"--its most serious rating. The Windows problems have a lower severity rating.

"What's not there is more news than what is there, from what we can see," said Amol Sarwate, research manager at vulnerability management company Qualys."The first thing we noticed is a lack of a patch for the Microsoft Word vulnerability at large; they did not have enough time to produce a patch."

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Sept. 12, 2006, at least 2,670 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,124 died as a result of hostile action, according to the military's numbers.

The AP count is one more than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

As always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Spanish Police Embarrassed by Trojan Horse, Porno Film

Suuuurrreee. Blame it on a "computer virus."

An AP newswire article, via The Boston Globe, reports that:

Spanish police officers settling in for a video presentation on how to get promoted to sergeant were instead shown footage from a hard-core pornographic film, officials said Tuesday.

Howling laughter rippled through the auditorium where 120 Madrid city police officers had gathered Monday to see the video on operations at an academy where they are to study, the Madrid regional justice and interior ministry said.

A ministry official said computer technicians have blamed the glitch on a Trojan Horse computer virus that activated when the computer containing the video was turned on.

More here.

In-Q-Tel Invests in Infobionics

Bob Brewin writes on FCW.com:

Infobionics, a company that has patented a method to organize, store, and search structured and unstructured data and discover previously unknown patterns, said it has received an investment from In-Q-Tel, the CIA-backed venture capital firm.

Infobionics said its Cellular Database Management System provides agility and flexibility for query-intensive applications and helps perform quick and easy data analysis. Carl Bonta, the company’s president and chief operating officer, said the technology allows users to search for unusual, unforeseen patterns and identify what's missing.

More here.

Morocco Jails Two Men Disrupting U.S. Computer Systems with Botnet

Via Reuters.

A Moroccan court on Tuesday jailed two men for one and two years for unleashing computer worms that disrupted networks across the United States, court officials and lawyers said.

The court in Sale, twin city to the Moroccan capital Rabat, convicted 19-year old science student Farid Essebar and his friend Achraf Bahloul, 22, for their role in creating and spreading the Zotob worm last year.

Moroccan authorities said the two men had one accomplice in Turkey who was named earlier by the FBI as Atilla Ekici.

Zotob caused computer outages at more than 100 U.S. companies, including major media outlets like CNN and the New York Times.

More here.

California: Angelides Campaign Staffer Downloaded Governor's Comments

Tom Chorneau and Lynda Gledhill write in The San Francisco Chronicle:

The manager of Democrat Phil Angelides' gubernatorial campaign acknowledged Tuesday that two staff members downloaded a controversial audio file containing private comments of Gov. Arnold Schwarzenegger and leaked it to the media.

Cathy Calfo, Angeldies' campaign manager, said however, that the campaign did nothing improper and insisted that the file was left available on a public Web site.

"There was no hacking, no password, no expertise required," she told a news conference.

The California Highway Patrol has opened an investigation into whether the file was obtained illegally. Calfo said no one at the campaign had been contacted by the CHP.

More here.

U.S. Government Study: Gulf War Syndrome Doesn't Exist

Iraq oil field fires during the Fist Gulf War.
Image source: www.desert-storm.com


Speechless.

An AP newswire article, via MSNBC, reports that:

There is no such thing as Gulf War syndrome, even though U.S. and foreign veterans of the war report more symptoms of illness than do soldiers who didn't serve there, a federally funded study concludes.

U.S. and foreign veterans of the Gulf War do suffer from an array of very real problems, according to the Veterans Administration-sponsored report released Tuesday.

Yet there is no one complex of symptoms to suggest those veterans — nearly 30 percent of all those who served — suffered or still suffer from a single identifiable syndrome.

More here.

eDonkey Firm to Pay RIAA $30 Million

Nate Mook writes on BetaNews:

MetaMachine, the company behind the popular file sharing software eDonkey, has agreed to pay the Recording Industry Association of America $30 million to settle claims it facilitated mass copyright infringement.

"With this new settlement, another domino falls, and we have further strengthened the footing of the legal marketplace," said RIAA chairman and CEO Mitch Bainwol. The RIAA previously settled with the operators of BearShare, i2Hub, WinMX, and Grokster.

As part of the settlement, MetaMachine has agreed to cease distributing eDonkey, eDonkey 2000, Overnet and other variants of the peer-to-peer software. However, the company previously announced its intention to throw in the towel last year, after the Supreme Court ruled file sharing networks could be liable for the actions of their users.

More here.

Survey: DoS Attacks, Bots are Worst Security Threats

Denise Pappalardo writes on NetworkWorld:

Arbor Networks plans to release a report Tuesday confirming what many in IT security already know: DDoS is still a very popular means to disrupt networks.

In its second annual Worldwide Infrastructure Security Report, Arbor surveyed 55 network operators, including ISPs, network providers at universities and even some large enterprise networks. DDoS attacks at 46% and bots at 31% pose the most significant operational threats, according to survey respondents. Worms, compromised infrastructure, DNS and Border Gateway Protocol route hijacking were also mentioned, but only 4% to 7% said these posed significant threats.

While DDoS isn’t new, the size of the attacks are, says Danny McPherson, chief research officer at Arbor.

More here.

Jimmy Wales to Beijing: Wikipedia Won't Censor

Via Boing Boing.

Wikipedia founder Jimmy Wales has refused to censor the content on the Chinese version of Wikipedia, resulting in its being blocked by the Chinese government. Google, Yahoo and others have folded to demands from Beijing's totalitarian bureaucrats, but Wikipedia has stood firm.

Predictably, Beijing has come to Wikipedia to ask them for some kind of peace-treaty, because China can ill-afford to block critical information resources if it is to remain economically strong.

More here.

Former Florida Resident and al Qaeda Operative Eludes FBI's Net

Vic Walter reports on ABC News' "The Blotter":

A one-time Florida chemistry student has the FBI worried and working overtime.

When he attended Broward Community College in Fort Lauderdale, Adnan El' Shukrijumah excelled in chemistry and computer classes.

But authorities say in 1999 he switched schools, joining al Qaeda and learning to excel in the handling of explosives and firearms at training camps in Afghanistan.

More here.

User Friendly: Free Milk and Money

Via UserFriendly.org.


Click for larger image.


EFF Project to Uncover Government Surveillance and Privacy Invasions

Via The EFF.

The Electronic Frontier Foundation (EFF) today launched a project to shed light on government surveillance activities. The FLAG Project, based at EFF's new Washington, D.C. office, will use Freedom of Information Act (FOIA) requests and litigation to expose the government's expanding use of technologies that invade Americans' privacy.

The Freedom of Information Act is a statute that compels the government to disclose details about its activities. EFF's FOIA requests will zero in on collection and use of information about Americans, the increasing cooperation between the government and the private sector, and federal agencies' development and use of new information technologies. The FLAG Project -- for FOIA Litigation for Accountable Government -- is spearheaded by two experienced Freedom of Information specialists: Senior Counsel David Sobel and Staff Attorney Marcia Hofmann.

More here.

Europe May Require Data Breach Notification

Via OUT-LAW.com.

The European Commission has published proposals for a law change that would force telecoms firms to notify regulators and customers of all breaches of their data security. A similar law in California has resulted in a stream of data breaches being made public.

In a consultation on changes to the EU framework on telecoms regulation the EC proposes that all providers of "electronic communications networks or services" be forced to notify customers and regulators of any breaches of security that would result in their personal data being made available to others.

The current EU Directive only instructs network providers to notify customers of security risks. It does not cover security breaches.

More here.

AT&T Acquires USinternetworking for $300M

Via WHIR News.

Telecommunications carrier AT&T announced on Tuesday that its subsidiary, AT&T Corp., has agreed to acquire privately held applications service provider USinternetworking for approximately $300 million in cash and assumed debt. The transaction, which is expected to close in the fourth quarter, is designed to enhance AT&T's enterprise service offerings.

The acquisition strategically aligns USi's software and e-business management services and consulting expertise with AT&T's existing portfolio of enterprise hosting and managed services.

More here.

Tighter Chinese Censorship Laws Criticised

Via The Telegraph.co.uk.

New Chinese curbs on the dissemination of foreign news have been denounced as a backwards step as the country gears up for the 2008 Olympics.

The official Xinhua news agency announced rules two days ago requiring foreign media to seek its approval with immediate effect to distribute news, pictures and graphics within China.

The new rules empower Xinhua to censor reports distributed in China by foriegn media and to delete forbidden content.

More here.

HP Leak Scandal Costs Dunn Her Chairman's Job

Scott Ard and Ina Fried write on C|Net News:

Hewlett-Packard Chairman Patricia Dunn, who launched an investigation into media leaks that resulted in a firestorm of controversy, has agreed to resign her post following a meeting of the company's board of directors.

The board has appointed CEO and President Mark Hurd to take over for Dunn, who will continue to serve as chairman through the company's Jan. 18, 2007, scheduled meeting, the company announced early Tuesday. After that point, Dunn will remain on the board as a director.

More here.

Monday, September 11, 2006

Airline Passenger Conversations to be Recorded to Foil Hijackers?

I had to read this article a couple of times just to be sure that this wasn't a joke.

I think these people are out of their minds -- how much will airline passengers take before they just stop flying?

David Millward writes in The Telegraph (UK):

Air passengers could have their conversations and movements monitored as work intensifies to design the terrorist-proof aeroplane.

Researchers in Britain and Europe are looking at technology that would see a comprehensive network of microphones and cameras installed throughout the aircraft, including the lavatory, which would be linked to a computer.

More here.

MIT Students Place Fire Truck on Dome to Honor Sept. 11


MIT's Latest "Hack" for 11 September, 2006.


An AP newswire article, via The Boston Globe, reports that:

Students at the Massachusetts Institute of Technology looked to a long-standing tradition to commemorate the fifth anniversary of the Sept. 11 terrorists attacks Monday.

They put a fire truck on top of the school's 150-foot high Great Dome, a central feature on the campus that has been a stage for student and alumni pranks -- known as "hacks" -- since at least the 1920s.

A student Web site referenced by the MIT Museum describes Monday's tribute as a 25-foot-long fire truck with the phrase "memininum," Latin for "we remember," painted on the truck's side.

More here.

Also, the MIT Hack Gallery.

U.S. Appeals Court Declines To Hear Campus Wiretapping Challenge

Ryan Singel writes over on 27B Stroke 6:

The D.C. Circuit Court of Appeals has declined to hear an appeal of a June decision holding that broadband service providers and college networks must re-configure their networks to make them easily tappable by law enforcement.

The FCC rules in question re-interpreted a 1994 law known as CALEA, which distinguished between telecom networks, such as the traditional phone system and Internet providers.

Under that law, telecoms were forced to make it easier for law enforcement to listen in on phone calls.

More here.

Toon: 9/11 and The State of Security


Click for larger image.