Saturday, September 23, 2006

User Friendly: RTFM? STFU


Click for larger image.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Sept. 23, 2006, at least 2,699 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,150 died as a result of hostile action, according to the military's numbers.

The AP count is four more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

HostGator: cPanel Security Hole Exploited in Mass Hack

Via Netcraft.

HostGator says hackers compromised its servers using a previously unknown security hole in cPanel, the control panel software that is widely used by hosting providers. "I can tell you with all accuracy that this is definitely due to a cPanel exploit that provides root access and all cPanel servers are affected," said HostGator system administrator Tim Greer. "This issue affects all versions of cPanel, from what I can tell, from years ago to the current releases, including Stable, Release, Current and Edge."

cPanel has just released a fix. "Running /scripts/upcp will fix the vulnerability in all builds," cPanel said in a message on its user forums. "Please note that this is a local exploit which requires access to a cPanel account. ... If you believe you have been exploited through this vulnerability, you are welcome to submit a support request for assistance."

Hackers gained access to HostGator's servers late Thursday and began redirecting customer sites to outside web pages that exploit an unpatched VML security hole in Internet Explorer to infect web surfers with trojans. The existence of the new "0-day" exploit of cPanel leaves a large number of hosting companies vulnerable to similar attacks until they install the patch. The riusk is mitigated somewhat by the fact that it is a local exploit, meaning any attack on a host must be launched from an existing account with cPanel access.

HostGator site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages. Company staff made several efforts to reconfigure servers on Friday, only to have the exploits recur. By early Saturday morning, HostGator managers were assuring users that the cause of the redirections had been isolated, and was due to a new exploit targeting cPanel.

More here.

Friday, September 22, 2006

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Sept. 22, 2006, at least 2,695 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,150 died as a result of hostile action, according to the military's numbers.

The AP count matches the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

San Francisco Journalist Josh Wolf Back Behind Bars


A San Francisco freelance journalist reported to federal prison here on Friday, a week after a federal appeals court upheld a contempt order for refusing to cooperate with a grand jury investigating an anarchists' protest he videotaped.

A San Francisco federal grand jury subpoenaed Joshua Wolf to acquire the 30 minutes of unpublished material, but he refused and was ordered jailed Aug. 1. He was released a month later as he appealed his case but surrendered after his appeal was rejected.

More here.

Cisco Details Cross-Site-Scripting, Denial-of-Service Flaws

Matt Hines writes on eWeek:

Cisco Systems has addressed three sets of software vulnerabilities in its networking and security products that could leave its customers open to outside attacks including cross-site-scripting and denial-of-service attempts.

The San Jose, Calif.-based firm said in a security bulletin posted to its Web site that a software vulnerability present in its Cisco Guard appliance, which is used to help prevent denial-of-service attacks on corporate Web sites, may allow an outsider to redirect users' browsers to a URL hosting cross-site scripting code.

Cisco reported that the flaw is exploitable when the appliance is providing its anti-spoofing services between a browser and a Web server, and that attackers could exploit the problem by sending malicious URLs to users via e-mail or instant messaging systems.

Cisco said that the threat could still be exploited on sites that have been designed to prevent cross-site-scripting, and that users must update their security devices to fix the issue.

More here.

Hacked HostGator Sites Distribute IE VML Exploit

Via Netcraft.

Hackers have hijacked a large number of sites at web hosting firm HostGator and are seeking to plant trojans on computers of unwitting visitors to customer sites. HostGator customers report that attackers are redirecting their sites to outside web pages that use the unpatched VML exploit in Internet Explorer to install trojans on computers of users. Site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages.

HostGator general manager Jason Muni told Security Fix that attackers had "reconfigured an unknown number of Web sites hosted on the company's servers to redirect visitors to a third-party Web site that tried to load the IE exploit." Muni said the company reconfigured all of its 200 servers to address the problem. But as of 5:30 pm EST Friday, some HostGator customers were continuing to report that their sites were compromised and redirecting visitors, indicating the problem had not been fully resolved.

More here.

Toon: Motorola Vending Machines

Click for larger image.

AT&T Tightens Rules on Release of Records?

The added question mark in the headline above is mine -- I still think that while AT&T may have tightened controls on providing information to some third-parties, it is still knee-deep in allegations that it has provided, and continues to provide, customer records to the NSA illegally.

But that's just me.

David Lazarus writes in The San Francisco Chronicle:

As Hewlett-Packard continues to grapple with the fallout from spying on board members and reporters, AT&T has moved quickly to ensure that customers' phone records are less vulnerable to pretexting and other investigative ploys.

Strict new guidelines for employees took effect Thursday that are intended to prevent unauthorized access to details of people's calls, according to an internal memo obtained by The Chronicle.

More here.

Cablevision Gave Stock Options to Dead Executive

An AP newswire article, via The Mercury News, reports that:

In one of the more unusual twists in the current wave of stock options irregularities, cable TV operator Cablevision Systems Corp. said it granted options to an executive after he died.

Cablevision restated its financial results Thursday because of the improper stock options practices and also said it had received a subpoena from the U.S. Attorney's Office for the Eastern District of New York, which is investigating the company.

More here.

Comcast Hits 10M Cable Modem Subscribers

Alan Breznick writes on Light Reading:

North America's largest MSO is piling up broadband subscribers again, with a big boost from the now-defunct Adelphia Communications .

Comcast Corp., which ended the second quarter with 9.34 million cable modem subscribers, proclaimed earlier this week that it has now signed up 10 million data customers. That makes it the first U.S. or Canadian broadband provider to hit this milestone, although AT&T Inc. will easily surpass the mark as well when the feds approve its pending deal to take over BellSouth Corp.

More here.

InterOp: Audience Members Assail Vendors on Bogus Claims

Sean Michael Kerner writes on

In a keynote address that I personally found to be remarkably honest and forthright, Juniper CEO Scott Kriens took direct aim at bogus vendors' claims that they ultimately only serve to muddle user expectations.

There was no shortage of bogus claims being made on the show floor and in various sessions. Though Kriens himself didn't go booth to booth or session to session to out the bogusness, others took up the challenge.

In a session about MPLS, panel moderator Johna Till Johnson, president of Nemertes Research, responded to a bogus comment made by a panelist asking him to instead provide a real answer.

More here.

Quote of the Day: Ed Felten

"One of Diebold’s responses to our paper and video about their products’ security is that election workers are honest and would never do anything to corrupt an election. Like many of Diebold’s arguments, this one is mostly true but almost entirely irrelevant."

- Ed Felten, on Freedom to Tinker.

FTC Hasn't Paid Victims of Breach at ChoicePoint

An AP newswire article, via The Boston Globe, reports that:

Nearly eight months after regulators trumpeted a settlement with ChoicePoint Inc. over a data breach, the government has not paid any money to victims from a $5 million fund that was to be set up as part of the agreement.

The Federal Trade Commission also has not yet implemented procedures for how the 800 fraud victims it has identified so far can be compensated from the fund, nor has it hired anyone to administer it , said FTC spokeswoman Claudia Bourne Farrell.

More here.

Dunn Resigns From H-P, Effective Immediately

An AP newswire article, via MSNBC, reports that:

Hewlett-Packard Co. Chairwoman Patricia Dunn resigned Friday, effective immediately, in the wake of the company’s ill-fated investigation of media leaks.

In his first public comments on the boardroom spying scandal, HP Chief Executive Mark Hurd called the tactics used by the company’s outside investigators "very disturbing," and apologized to journalists and others who were targeted by the probe.

More here.

Autumn Arrives Tonight in Northern Hemisphere

Illumination of Earth by Sun on the day of equinox (vernal and autumnal).
Image source: Przemyslaw "Blueshade" Idzkiewicz / Wikipedia


Autumn arrives in the northern hemisphere tonight, as the Sun crosses the equator on its journey southward. Autumn officially begins at [9:03 p.m. Pacific Daylight Time] -- the moment of the September equinox.

The equinoxes and solstices represent the start of the seasons as measured astronomically. At the solstices, the Sun is farthest north or south in the sky for the year. And at the equinoxes, it's half-way between. The Sun rises due east and sets due west on the equinoxes across the entire globe -- the only times of year for which that's true. And day and night are of roughly equal length on the equinoxes.

More here.

Western Union Says Smuggling Probe Curbs Transfers

Will Edwards writes for Bloomberg News:

Western Union Co. said the state of Arizona, trying to track down smugglers of drugs and illegal immigrants, plans to seize most money transfers of $500 or more sent from 29 states to Sonora, Mexico.

A warrant obtained by state Attorney General Terry Goddard blocks the money-transfer company from sending funds directly to 26 locations in the Mexican state, Western Union said in a regulatory filing today with the U.S. Securities and Exchange Commission. Instead, the Englewood, Colorado-based company must put the funds in a "detention account," even if the senders were outside Arizona.

More here.

User Friendly: LOLOL


Click for larger image.

Botnets: Click Fraud's Next Frontier

Ben Elgin writes on BusinessWeek Online:

If you place an advertisement on Google or Yahoo!, and you're paying the search giants each time somebody clicks, it would be nice to know that the clicker is a human being who might actually purchase your product. Unfortunately, there are no such assurances.

The search engines routinely maximize their profits by recycling ads to millions of other Web sites, whose owners get a percentage from each click. And some of those secondary sites are run by scam artists who enlist people to click repeatedly on the ads. So you end up paying Google or Yahoo for those clicks, the fraudsters get a cut, and there's no positive impact on the sales of your product.

The search engines are trying to crack down on this phenomenon, known as click fraud. But the basic scam is already migrating to a higher technological plane. Search engines, marketers, and law-enforcement agencies are increasingly worried about networks of automated miscreants called "botnets." These are groups of computers that have been infected by malicious software that allows the fraudsters to seize control.

More here.

The Pretexting Way: 'H-P Spied on Me and My Family'

Elizabeth Corcoran writes on

Hewlett-Packard has my number. Not only my work and cell phone number, but probably also the numbers of my father, the nanny of my son’s best friend and a host of others.

My husband, George Anders, works for The Wall Street Journal. He was one of the nine journalists targeted by private investigators hired by HP to figure out who was leaking corporate information to the press.

For us, the story has gone from weirdly funny to downright creepy as more details have emerged. Ultimately, there are going to be quite a few casualties from this hit-and-run demolition of HP’s ethical standards.

Much more here.

FCC to Approve AT&T-BellSouth Merger

Nate Mook writes on BetaNews:

The Federal Communications Commission is slated to approve the $67 billion purchase of BellSouth by telecom giant AT&T, formerly known as SBC. Shareholders approved the merger in July and expected government regulators to demand the combined company shed some assets.

According to a memo distributed late Thursday, however, the FCC is set to give the green light to the deal without any conditions, press reports indicated. The official vote will take place on October 12. The U.S. Department of Justice has yet to give its blessing, due to the agency being sidetracked by court challenges of the mega-mergers between SBC and AT&T, as well as Verizon and MCI.

More here.

Jailed Chinese Journalist to File U.S. Suit Against Yahoo!

Dan Nystedt writes on InfoWorld:

A Chinese journalist jailed in part due to e-mail evidence provided by a Yahoo subsidiary plans to file a lawsuit in the U.S. against the Internet company within the next few months.

"We're also trying to line up other victims for a class-action. We've been in touch with a few others, but we haven't signed anyone up yet. It's a very sensitive issue because there could be reprisals against their families," said Albert Ho, a legislator in Hong Kong and lawyer in the case, in a telephone interview.

A Yahoo spokeswoman in Hong Kong could not be reached for comment.

More here.

Zero-Day Response Team (ZERT) Launches with Emergency IE Patch

Ryan Naraine writes on eWeek:

A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks.

The group, known as ZERT (Zero Day Emergency Response Team), was formed in the aftermath of the WMF (Windows Metafile) attacks of December 2005 and is now emerging from stealth mode with an unofficial patch that offers temporary respite from a spate of drive-by malware downloads aimed at users of Microsoft's Internet Explorer browser.

The patch, which was created and tested by a roster of reverse engineering gurus and virus research experts, is available from the ZERT Web site for Windows 2000 SP4, Windows XP (SP1 and SP2), Windows Server 2003 (SP1 and R2 inclusive).

More here.

Thursday, September 21, 2006

Advertising Assignment Goes Shockingly Awry on MySpace

An AP newswire article, via Yahoo! News, reports that:

A university student appears to be responsible for an advertising class assignment that went awry when the teacher's pug was threatened to be killed online, the school said.

Virginia Commonwealth University had previously said it did not suspect a student was behind the posting on networking site in which someone identifying himself as Jason threatened to kill the pug, Oscar, online this week.

The school later traced the postings to a school computer. It refused to identify the suspect because of federal privacy laws regarding students.

Mike Lear, an adjunct professor at VCU's Adcenter, last week gave his class an assignment to make his 6-year-old pug famous. While most students posted fliers around campus with the pooch's picture on them, the MySpace user opted for a more shocking approach.

More here.

Man Sexually Assaulted After Answering Craigslist Ad

Miguel Liscano writes in The Austin American-Statesman:

The 23-year-old man showed up at the Southwest Austin [Texas] apartment at 4 a.m. Tuesday after answering a Craigslist post advertising a good time.

When he walked in, the man who answered the door promised that his female roommate, who he said had left, would soon return, according to an arrest warrant affidavit. That's when Ernest Ray Lamey, 35, offered the 23-year-old a drink laced with Ambien, a sleeping pill, and waited until it kicked in before sexually attacking him, the affidavit said.

More here.

U.S. Data Retention Bill Expected Next Week

Anne Broache and Declan McCullagh write on C|Net News:

A Democratic member of the U.S. House of Representatives said Thursday that she plans to introduce legislation next week that would force Internet providers to record customer information for one year.

Rep. Diana DeGette of Colorado said that she is working with Republicans Reps. Ed Whitfield, chairman of the House Energy and Commerce oversight and investigations subcommittee, and Joe Barton, chairman of the full committee, to finalize language mandating a controversial practice known as data retention.

More here.

H-P Probed Third C|Net Reporter, Family

Ina Fried writes on C|Net News:

Hewlett-Packard thoroughly investigated a third CNET reporter and his family as part of its controversial probe into unauthorized media leaks, has learned.

According to a government investigator, the company pursued the home and cellular telephone records of reporter Stephen Shankland as well as those of his father and his wife, a former reporter and current Associated Press correspondent. The company also obtained a yearbook photograph of Shankland's mother, a high school teacher, and attempted to find ties between board member George Keyworth and Shankland's father, a semi-retired geophysicist. Shankland's father, Thomas Shankland, and George Keyworth both worked for some years at New Mexico's Los Alamos National Laboratory.

Although HP has said that investigators targeted the records of Stephen Shankland, the latest revelations indicate the aggressive tactics and the lengths to which investigators went in their effort to tie Keyworth to media reports. Keyworth, who stepped down from the board last week, said in a press release that he was a source for a January story.

More here.

U.S. Commerce Dept. Lost 1,100 Laptops in Five Years

An AP newswire article by Douglass K. Daniel, via MSNBC, reports that:

The Commerce Department has lost more than 1,100 laptop computers since 2001, most of them assigned to the Census Bureau, officials said Thursday night.

The Census Bureau, the main collector of information about Americans, lost 672 computers. Of those, 246 contained some personal data, the department said in a statement. However, no data from any missing computer has been known to have been improperly used, the department said.

“All of the equipment that was lost or stolen contained protections to prevent a breach of personal information,” said Commerce Secretary Carlos M. Gutierrez.

More here.

Stevens: Senate Telecom Bill Still Short of Votes

Jeremey Pelofsky writes for Reuters:

U.S. Senate Commerce Committee Chairman Ted Stevens said on Thursday he was still unable to muster enough votes for his telecommunications bill, which could die if Republicans lose power in the November elections.

The bill would make it easier for telephone companies like AT&T Inc. and Verizon Communications to get licenses to offer television service to compete with cable companies. It also would address a myriad of other issues but consumer groups oppose it because it does not guarantee "Net neutrality."

More here.

California: San Jose State Weighs Skype Ban

Elise Ackerman writes in The Mercury News:

An effort by San Jose State University to ban the Skype phone service has been put on hold in the face of fierce objections from students and staff.

Administrators said they would meet with eBay, the owner of Skype, next Tuesday in order to give the San Jose-based company an opportunity to address the university's concerns about network security.

San Jose State is the third California university to impose restrictions on Skype.

In January, the University of California, Santa Barbara announced it was prohibiting Skype because the license agreement it presented to users gave third parties access to the university's network. UC-Santa Barbara said it would allow other computer-calling services.

More here.

U.K. Attorney General Wants to Follow U.S. Wiretapping Model

Willem Marx reports on ABC News' "The Blotter":

Britain's attorney general is now urging that his own country follow the lead of the United States and permit the use of wiretaps as evidence in criminal trials.

Following a recent visit to the U.S. and meeting with Attorney General Alberto Gonzales and senior prosecutors, British Attorney General Lord Peter Goldsmith is proposing that the U.K. follow the lead of the U.S. and allow prosecutors to use evidence obtained through wiretaps to make their cases.

Currently, evidence obtained through wiretaps is not admissible in U.K. courts. This is the first time a British official has spoken out in favor of wiretapping despite objections to such a change by Tony Blair and others.

More here.

Photo of the Day: The Sun, the Shuttle, and the Space Station

This spectacular image shows the transit of the International Space Station (ISS) and Space Shuttle Atlantis in front of the Sun on 17 September 2006, taken by amateur photographer Thierry Legault. It is taken from Mamers, in Normandy (FR).

Via The European Space Agency (ESA).

The Nepenthes Platform: An Efficient Approach to Collect Malware

Thorsten Holz writes on Honeyblog:

Up to now, there is little empirically backed quantitative and qualitative knowledge about self-replicating malware publicly available. This hampers research in these topics because many counter-strategies against malware, e.g., network- and host-based intrusion detection systems, need hard empirical data to take full effect.

We present the nepenthes platform [.pdf], a framework for large-scale collection of information on self-replicating malware in the wild. The basic principle of nepenthes is to emulate only the vulnerable parts of a service. This leads to an efficient and effective solution that offers many advantages compared to other honeypot-based solutions. Furthermore, nepenthes offers a flexible deployment solution, leading to even better scalability.

Using the nepenthes platform we and several other organizations were able to greatly broaden the empirical basis of data available about self-replicating malware and provide thousands of samples of previously unknown malware to vendors of host-based IDS/anti-virus systems. This greatly improves the detection rate of this kind of threat.

More here.

Maine Asks Court to Dismiss Suit Over Phone Company Records

An AP newswire article by Glenn Adams, via The Boston Globe, reports that:

Maine's attorney general asked a federal court Thursday to throw out the government's lawsuit against Maine officials over whether a phone company should release information about its handling of confidential records.

Attorney General G. Steven Rowe said the state's request, filed on behalf of the Public Utilities Commission, asserts the federal government has no jurisdiction in the case. The state also contends that the government is wrong to invoke "state secrets" arguments.

"There are no state secrets at issue here," Rowe said at a news briefing after the motion to dismiss was filed in U.S. District Court in Bangor.

The litigation stems from a press release issued by Verizon and information it provided to the PUC, in which the telecommunications company claims it did not provide phone records to the government for its domestic surveillance program. The company also said in a May news release that it would not discuss any relationship with the National Security Agency program.

More here.

From Interop: Survey Shows 40% of Organizations Experienced a Breach Last Year

Ericka Chickowski writes on SC Magazine Online:

A survey conducted today at Interop New York 2006 found that 40 percent of those polled worked for organizations that experienced at least one security breach within the past 12 months.

Commissioned by Symantec, the survey questioned 350 IT managers and administrators attending the conference about their endpoint security strategies surrounding teleworkers. The results showed that 70 percent of the respondents had security policies for teleworking, and 65 percent said they are capable of enforcing security settings on laptops and other devices outside the corporate environment.

However, only 40 percent have a network access control product that can detect a new device connecting to the network and determine whether it complies with a defined security policy.

More here.

User Friendly: The Other Pink Meat


Click for larger image.

Yahoo! Offers Refunds After NFL Streaming Fails

A Reuters newswire article, via MSNBC, reports that:

Yahoo Inc. is offering refunds to customers of its new Internet streaming package of National Football League games after a technological problem caused access problems on Sunday.

"We have identified and fixed the issue that affected a portion of the subscribers during Week 2," the company said in an emailed statement to customers on Thursday.

The new service, available only outside North America, is the league's first effort to deliver a full slate of live games online, following similar Web offerings from Major League Baseball and the National Basketball Association.

More here.

Time Warner to Sell AOL France to Neuf Cegetel

An AP newswire article, via The International Herald Tribune, reports that:

Time Warner said Thursday that it had agreed to sell AOL France's Internet access business to Neuf Cegetel, a French telecommunications network operator, for about $365 million in cash.

Under the agreement, Neuf Cegetel will acquire AOL's Internet access business in France, including its 500,000 broadband customers. The French company will also acquire its ASME operation, which manages AOL France's customer service operations.

More here.

Cyber Security at DOE Still Lacking

Patience Wait writes on

The Energy Department continues to struggle with information security and many of its weaknesses are the same as in past years, according to a new report by the department’s inspector general.

Even though DOE has undertaken several actions to improve its cybersecurity posture, “we continued to observe deficiencies that exposed its critical systems to an increased risk of compromise,” according to Gregory Friedman, the inspector general. “In several respects, these findings parallel those reported in 2005.”

More here.

Pentagon Report to Refute 'Able Danger' Claim

An AP newswire article, via MSNBC, reports that:

A new Pentagon report knocks down the idea that a secret military unit had garnered intelligence a year before the Sept. 11 attacks that might have stopped the hijackers, a senior defense official said Thursday.

Lawmakers were supposed to be briefed Thursday on the Defense Department inspector general’s report, and officials hoped to post a redacted version of the report on the Pentagon’s Web site as early as Thursday afternoon, two officials said. The officials, who spoke on condition of anonymity because the report had not yet been released, declined to provide further details about the study’s conclusions.

The report was ordered following the assertion that four of the 19 hijackers were identified in 2000 by a classified military intelligence unit known as "Able Danger."

More here.

Quote of the Day: Paul Stamp

"Our biggest threats are CEOs, not rootkits."

- Forrester Research Security Analyst Paul Stamp, quoted in an article, wherein Stamp discusses the current Internet security threat barometer facing organizations.

Toon: The New H-P Laptop

Click for larger image.

Report: H-P Chief Approved 'Sting' on Journalist

A Reuters newswire article by Duncan Martell, via eWeek, reports that:

Hewlett-Packard Co.'s Chief Executive Mark Hurd had approved a "sting" operation on a reporter to investigate boardroom media leaks, The Washington Post reported, and embattled Chairman Patricia Dunn said she looked forward to "setting the record straight" soon.

The Post said in its Thursday edition that an e-mail by a company lawyer to Dunn was the first document linking Hurd to the internal investigation which is now the subject of criminal probes. Private investigators impersonated people to gain the phone records of directors, HP employees and reporters, the company has acknowledged.

"I spoke to Mark (Hurd) a few minutes ago and he fine with both the concept and the content," of the sting, senior counsel Kevin Hunsaker told Dunn in a February 23 e-mail, according to the Post.

More here.

Effort to Combat Child Pornography Would Close Web Sites

Kurt Eichenwald writes in The New York Times:

As part of the battle against the spread of child pornography on the Internet, an initiative has begun allowing for the shutdown or blocking of sites offering illicit images of minors, even in cases where no criminal investigation is being conducted.

The initiative, expected to be announced today at a Congressional hearing, is part of an effort among a group of Internet service providers and the National Center for Missing and Exploited Children.

Until now, the decisions to close child pornography sites were ad hoc, based on thousands of referrals to the service providers and the Cybertipline of the center.

More here.

Wiretap Case: 'Drop It,' Say Feds

An AP newswire article, via Wired News, reports that:

The Bush administration asked an appeals court Thursday to step in immediately and dismiss a lawsuit over the government's warrantless eavesdropping program, calling a lower judge's ruling dangerous and wrong.

The Justice Department asked the 9th U.S. Circuit Court of Appeals to overturn the decision earlier this month by U.S. District Judge Garr King in Portland, Ore., that kept the suit alive. Government attorneys argued that continuing the case would risk the disclosure of "highly sensitive foreign intelligence information."

More here.

FCC Seen Backing Airline's WiFi at Logan Airport

A Reuters newswire article by Jeremey Pelofsky, via Yahoo! News, reports that:

Boston airport authorities cannot stop Continental Airlines from offering wireless Internet service in its frequent flier lounge under a proposed Federal Communications Commission ruling, sources familiar with the matter told Reuters on Wednesday.

The Massachusetts Port Authority, or Massport, instructed airlines in 2005 to unplug their wireless and wireline high-speed Internet access in frequent flier lounges at Boston-Logan International Airport and use the fee-based system the airport was launching.

Continental petitioned the FCC to keep its free service running and was later supported by wireless service providers, other airlines and package delivery service United Parcel Service.

More here.

Facebook in Talks to Seel Itself to Yahoo!

Via Reuters.

Social-networking Web site is in serious talks to sell itself to Internet media company Yahoo Inc. for an amount that could approach $1 billion, The Wall Street Journal reported on Thursday.

Facebook, which has been at the center of takeover rumors for months, also held separate discussions with Microsoft Corp., the world's largest software maker, and media conglomerate Viacom over the past year, the Journal reported, citing people familiar with the matter.

More here.

Computer in Karr Child Porn Case Lost

An AP newswire article, via MSNBC, reports that:

Efforts to prosecute one-time JonBenet Ramsey murder suspect John Mark Karr on child pornography charges should not be jeopardized even though his computer that allegedly contained the images was lost, Sonoma County authorities said Wednesday.

Authorities seized the computer from Karr’s home in 2001 and copied the entire hard drive onto paper, including the five illicit images, said Sheriff’s Department Lt. Dave Edmonds. He said authorities looked for the computer for the past two weeks, but have had no luck.

More here.

Wednesday, September 20, 2006

Italian Police Arrest 20 in Telecom Italia Inquiry

Eric Sylvers writes in The Internatioanl Herald Tribune:

Italian police arrested 20 people in seven cities on Wednesday in a sweep tied to a scandal involving a senior Telecom Italia executive, a police official said. Although the investigation is not connected with the recently announced break-up of the company, which resulted in the resignation of its chairman amid a dispute with the prime minister, it is another blow to one of Italy's biggest companies.

Those arrested include the former head of security at Telecom Italia; the current head of security of Pirelli, which controls Telecom Italia; the owner of a private investigation agency, and members of the finance police and other police forces, according to the official who requested anonymity because he was not authorized to speak while the investigation was in progress.

Those arrested are accused of corruption and illegally obtaining bank and phone records. It is not clear why the accused were accumulating this information.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Sept. 20, 2006, at least 2,690 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,140 died as a result of hostile action, according to the military's numbers.

The AP count is five more than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

House Committees Approve Spy Bills

Ryan Singel writes on 27B Stroke 6:

The House Judiciary Committee and the House Permanent Select Committee on Intelligence both approved versions of a wiretapping bill that radically expands presidential snooping power and legalizes the current the National Security Agency's warrantless surveillance program.

The committees passed differing versions of H.R. 5825, the "Electronic Surveillance Modernization Act," authored by Representative Heather Wilson (R-NM), while a companion bill in the Senate has been resubmitted to the Senate Intelligence Committee.

More here.

Gapingvoid: The Future Belongs to The Geeks

Via Enjoy!

U.S. Government Accused of Censorship Over Global Warming

Clayton Sandell writes on ABC News:

Commerce Department officials may have tried to stop a government scientist from speaking to reporters because of his views on global warming, a California congressman says.

The officials "tried to suppress a federal scientist from discussing the link between global warming and hurricanes," according to a letter sent Tuesday from Rep. Henry Waxman to Commerce Secretary Carlos Gutierrez.

More here.

Related story: "California Sues Carmakers over Global Warming"

Cops Also Using Information Thieves to Get Phone Records

Avni Patel reports on ABC News' "The Blotter":

Federal and local law enforcement agencies have bought mobile phone and other personal records from controversial Internet "data brokers," according to congressional investigators now looking into whether questionable practices were used by the Hewlitt-Packard company.

HP's chairman has resigned, and the California attorney general has opened a criminal investigation in the wake of revelations that the company obtained phone records of board members suspected of leaking information to reporters.

In response to a congressional subpoena, PDJ Services, a data broker in Texas, produced documents showing the U.S. Immigration and Customs Enforcement (ICE) and the U.S. Marshals Service had used their services. Another seller, Advanced Research, Inc., included the FBI on its list of clients.

More here.

Josh Wolf Sent Back to Prison in Case of 'Judicial Persecution'

Via Reporters sans Frontières.

Reporters Without Borders today accused the US justice system of “persecuting” freelance video journalist and blogger Josh Wolf after three appeal court judges decided on 18 September to revoke his bail and send him back to prison for refusing to hand over his unedited video footage of a demonstration to a grand jury.

Wolf had until 1 p.m. today to report to the federal prison in Dublin, California, where he was already held from 1 August to 1 September.

More here.

SecureWorks and LURHQ Merge

Via SecureWorks.

SecureWorks and LURHQ, both leaders in the Managed Information Security Services market, have merged to form the new SecureWorks, the industry’s leading, pure-play Managed Security Services Provider (MSSP).

SecureWorks is now managing 1,500 clients and 5,000 security devices worldwide.

More here.

Tuesday, September 19, 2006

Sirius Denies Reports of Howard Stern Returning to 'Mainstream'

A Reuters newswire article, via C|Net News, reports that:

Sirius Satellite Radio said Tuesday that reports suggesting that shock jock Howard Stern was planning a return to mainstream radio was "wrong."

"There has never been any discussion of Howard Stern in any way, shape, or form being anything but exclusive to Sirius. Published reports suggesting otherwise are wrong," said Sirius spokesman Patrick Reilly. Stern's agent was not immediately available for comment.

The New York Post, citing Inside Radio editor Tom Taylor, reported Tuesday that there were rumors among radio insiders that Howard Stern may be planning a return to free airwaves.

Reilly said there had also been an earlier report in Inside Radio newsletter.

More here.

H-P Purported to Have Studied Infiltrating Newsrooms

Damon Darlin and Kurt Eichenwald write in The New York Times:

Hewlett-Packard conducted feasibility studies on planting spies in news bureaus of two major publications as part of an investigation of leaks from its board, an individual briefed on the company’s review of the operation said yesterday.

The studies, referred to in a Feb. 2 draft report for a briefing of senior management, are said to have included the possibility of placing investigators acting as clerical employees or cleaning crews in the San Francisco offices of CNET and The Wall Street Journal.

It is not clear whether the plan described in the documents, which were read to a reporter, was ever acted upon.

More here.

H-P Scandal Shines Light on a Simple, Treacherous Act

Ellen Nakashima writes in The Washington Post:

When Adam Yuzuk had a question about his cellphone bill, a Cingular Wireless agent told him to check his online account.

The only problem: He hadn't established one.

That day in June 2005, Yuzuk, a former president of a New York leather accessories firm, discovered someone had used his Social Security number and a fake e-mail address to set up his online account and view his calling records.

More here.

Toon: I Just Want to Listen...

Click for larger image.

Off Topic & Bad News: U.S. General Says U.S. May Increase Troops in Iraq

An AP newswire article, via MSNBC, reports that:

The U.S. military is likely to maintain and may even increase its force of more than 140,000 troops in Iraq through next spring, the top American commander in the region said Tuesday in one of the gloomiest assessments yet of when troops may come home.

Gen. John Abizaid, commander of the U.S. Central Command, said military leaders would consider adding troops or extending the Iraq deployments of other units if needed. Until sectarian violence spiked early this year, Bush administration officials had voiced hopes that this election year would see significant U.S. troop reductions in what has become a widely unpopular war.

"If it's necessary to do that because the military situation on the ground requires that, we'll do it," Abizaid said of longer deployments. "If we have to call in more forces because it's our military judgment that we need more forces, we'll do it."

More here.

The Nation: Replaced by a Chimp -- Life After Net Neutrality

Jeffrey Chester writes on The Nation:

Despite growing opposition, Alaska Republican Senator Ted Stevens appears determined to pass his telecom giveaway bill this year.

If Stevens and his pals in the telecom and cable industries prevail, expect the free flow of online content to be replaced by corporate infotainment like Anheuser-Busch's lowbrow broadband Bud-TV.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Sept. 19, 2006, at least 2,687 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,136 died as a result of hostile action, according to the military's numbers.

The AP count is six more than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

California: San Jose Computer Firm Fined For Selling To Iran


A San Jose computer firm pleaded guilty and was fined $150,000 Monday for selling computer parts to Iran in 2001 and 2002 outside of lawful export controls, the U.S. Department of Justice announced Tuesday.

Super Micro Computer admitted that between Dec. 28, 2001 and Jan. 29, 2002, it received $27,600 for 300 of its P4SBA+ motherboards, which were shipped to an intermediary in the United Emirates, which then transferred the items into Iran. A motherboard is the central circuit board making up complex electronic systems such as computers.

More here.

Source: H-P Obtained Fiorina’s Phone Records

An AP newswire article, via MSNBC, reports that:

Hewlett-Packard Co.’s early efforts to plug a boardroom leak targeted the phone records of then-Chief Executive Carly Fiorina, according to a person familiar with one of the investigations looming over the computer maker.

Fiorina’s quest to identify media sources triggered a chain of events that has ensnarled the company in criminal and congressional probes.

The Palo Alto, Calif.-based company obtained Fiorina’s phone records in 2005 after she initiated HP’s first attempt to identify the director leaking information to the media, according to the source, who spoke on condition of anonymity because the investigation is continuing.

More here.

DHS Official Makes Plea Deal in Online Sex Sting

Vic Walter and Krista Kjellman report on ABC News' "The Blotter":

Brian Doyle, the Deputy Press Secretary for the U.S. Department of Homeland Security, agreed to a plea deal this morning after being charged with sexually seducing a minor over the internet.

Doyle was arrested last April after allegedly having sexually explicit conversations with whom he thought was a 14-year-old girl but was actually an undercover Polk County, Fla., sheriff's detective posing as a teenage girl.

According to the plea deal, Doyle pled "nolo contendere," or no contest, to seven counts of using a computer to seduce a child and 16 counts of transmitting harmful material to a minor, which together would have delivered a maximum prison sentence of 115 years.

Now Doyle faces a maximum of five years in prison and 10 years of probation. He will have to register as a sex offender once he is released. He has also agreed to pay all fines, mandatory and discretionary, as a condition of the agreement.

More here.

User Friendly: Spamhaus and Rum, Arrrr...


Click for larger image.

Senate Panel Confirms FCC Chief for New Term

A Reuters newswire article, via The Boston Globe, reports that:

The U.S. Senate Commerce Committee on Tuesday approved another five-year term for Republican Kevin Martin to serve on the Federal Communications Commission, which regulates the communications, television and radio industries.

Martin, 39, has been chairman of the agency since March 2005 and an FCC commissioner since 2001. His nomination must now be voted on by the full Senate.

The FCC faces numerous major issues in the months and years ahead, including whether to approve No. 1 U.S. telephone carrier AT&T Inc.'s planned purchase of No. 3 local phone company BellSouth Corp.

More here.

Hezbollah Hacked Israeli Radios?

Via Defense Tech.

This is downright shocking, if true. "Hezbollah guerrillas were able to hack into Israeli radio communications during last month's battles in south Lebanon, an intelligence breakthrough that helped them thwart Israeli tank assaults," Newsday reports.

Using technology most likely supplied by Iran, special Hezbollah teams monitored the constantly changing radio frequencies of Israeli troops on the ground. That gave guerrillas a picture of Israeli movements, casualty reports and supply routes. It also allowed Hezbollah anti-tank units to more effectively target advancing Israeli armor, according to the officials...

More here.

EU Competition Commissioner Accuses Microsoft of Smear Campaign

Via The BBC.

European Union Competition Commissioner Neelie Kroes has accused Microsoft of orchestrating a "co-ordinated campaign" to discredit her.

Ms Kroes' comments have come as her department and the US software giant continue to clash over Microsoft's forthcoming Vista operating system.

In an open letter to the Financial Times, Ms Kroes insisted she was not running a "vendetta" against the firm.

Microsoft said it looked forward to constructive talks with the Commission.

More here.

U.S Attorney General Gonzales Pushes for ISP Data Retention

An AP newswire article by Hope Yen, via MSNBC, reports that:

Attorney General Alberto Gonzales said Tuesday that Congress should require Internet service providers to preserve customer records, asserting that prosecutors need them to fight child pornography.

Testifying to a Senate panel, Gonzales acknowledged the concerns of some company executives who say legislation might be overly intrusive and encroach on customers' privacy rights. But he said the growing threat of child pornography over the Internet was too great.

"This is a problem that requires federal legislation," Gonzales told the Senate Banking Committee. "We need information. Information helps us makes cases."

More here.

Newly Detected IE Exploit Spells Massive Spyware Trouble

Brian Krebs writes on Security Fix:

A previously undocumented flaw in Microsoft's Internet Explorer Web browser is reportedly being exploited by online criminals to install an entire kitchen sink of malicious software on any computer that visits any of a handful of sites currently exploiting the vulnerability.

Researchers at Sunbelt Software discovered the exploit last week while conducting some routine online surveillance of known crimeware gangs. According to Sunbelt researcher Eric Sites, the exploits at the moment appear to be hosted mainly on hardcore porn sites. But if past experience with new IE exploits holds true, we may soon see this exploit being sewn into the fabric of legitimate, but poorly programmed, business Web sites that hackers can manipulate to their advantage.

According to Sites, among the nasty pieces of software an IE user can expect to be whacked with upon visiting one of the sites is the BigBlue keystroke logger, which monitors and captures data from computers including screenshots, keystrokes, web cam and microphone data; it also records instant messaging chat sessions, e-mail information and the Web sites visited by the user.

More here.

EU Regulator: Terrorism No Excuse for Privacy Breaches


Terrorism and organised crime should not be used as excuses for passing laws which undermine people's privacy and data protection rights, according to the European Data Protection Supervisor (EDPS). Existing laws do not need changed, he said.

In an update on data protection in Europe, EDPS Peter Hustinx said that security concerns were not an adequate reason to undermine data protection principles.

"It is a misconception that protection of privacy and personal data holds back the fight against terrorism and organised crime," said Hustinx. "Current legislation does allow, for instance, law enforcement to check suspicious phone numbers found in a computer."

More here.

Japan's Foreign Ministry Website Slowed

An AP newswire article, via Yahoo! News, reports that:

The Japanese Foreign Ministry's Web site was slowed Tuesday, apparently by a massive number of attempts to access it, an official said.

The Web site was not shut down, but it remained still "very slow" nearly 15 hours after the problem began early Tuesday morning, said Kenichi Kasahara of the Foreign Ministry's information technology office.

Officials were investigating the cause of the problem, which may have been caused by a massive number of access attempts from outside the ministry, Kasahara said.

He said that no damage was done to information posted on the site.

Kasahara refused to speculate on whether the site had suffered a denial-of-service attack, in which individuals or groups deliberately cause a slowdown by making a large number of coordinated access attempts.

More here.

U.S. Senator Flew on Corporate Plane After Pushing Telecom Bill

An AP newswire article, via CNN, reports that:

Montana Sen. Conrad Burns, a Republican in a tight re-election race, flew on a private plane chartered by Vonage Holdings Corp. just days after he pushed legislation that the company has advocated for more than a year.

Burns accompanied Vonage lobbyist Frank Cavaliere on the company's chartered plane to and from the "13th Annual Burns Classic Golf Weekend" in Bigfork, Montana, on Saturday. Cavaliere and a Burns spokesman both confirmed the plane trip to The Associated Press on Monday.

Campaign finance rules allow members of Congress to fly on corporate aircraft as long as they reimburse the company for the equivalent of first-class airfare. Jason Klindt, a spokesman for Burns, said the flight was arranged in August and the senator will reimburse the company.

More here.

Monday, September 18, 2006

U.S. Justice Dept. Defends Mandatory Website Labeling Bill

Anne Broache writes on C|Net News:

The U.S. Department of Justice has stepped up its defense of a proposal to imprison Web site operators who don't label pages containing sexually explicit material.

The idea, outlined in an April speech by Attorney General Alberto Gonzales, is approaching a vote in Congress. Even though there have been no hearings, the legislation has been attached to two separate measures--a massive communications bill and a bill to fund large portions of the federal government including the State Department--that are likely to be considered by the full Senate this fall.

The proposed restrictions are no different from requiring multipurpose stores like 7-Eleven to shield pornographic magazines with so-called blinder racks, Larry Rothenberg, an attorney in the Justice Department's Office of Legal Policy, said at a panel discussion here hosted by the Internet Caucus Advisory Committee on Friday.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Sept. 18, 2006, at least 2,682 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,133 died as a result of hostile action, according to the military's numbers.

The AP count is four more than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Swedish Voters Reject Pirate Party

Quinn Norton writes on Wired News:

The Swedish national elections on Sunday ushered in a huge shift in the political landscape of that country -- but failed to bring the copyright reform movement its first political victory.

The Pirate Party not only failed to score the 4 percent required for a seat in Sweden's Parliament, but appears to have missed the 1 percent that would have afforded the party state assistance with printing ballots and funding staff in the next election.

More here.

U.S. Uploads Anti-Drug Videos to YouTube

An AP newswire article by Ted Bridis, via Yahoo! News, reports that:

The Bush administration is taking its fight against illegal drugs to YouTube, the trendy Internet video service that already features clips of wacky, drug-induced behavior and step-by-step instructions for growing marijuana plants.

The decision to distribute anti-drug, public service announcements and other videos over YouTube represents the first concerted effort by the U.S. government to influence customers of the popular service, which shows more than 100 million videos per day.

The administration was expected to announce the decision formally on Tuesday. It said it was not paying any money to load its previously produced videos onto YouTube's service, so the program is effectively free.

More here.

Botnet Operator Taps into Google Analytics

Tom Sanders writes on

A botnet operator is using Google Analytics to collect additional details about his network of zombie computers.

Google Analytics offers free site visitor statistics, tracking the number individuals that visit a website and their geographic location. The service uses special html-code that is embedded onto a web site that alerts the Google server every with every visitor.

In this case however, a botnet operator embedded the code into a variant of the Opanki virus, McAfee reported on its blog. Similar to the website statistics, this provides the malware's author with feedback on the number of infections and their geographic location.

More here.

DHS Names ITAA Exec as Cyber Security Chief

Christopher J. Dorobek writes on

The Homeland Security Department announced today that Gregory Garcia has been appointed as the assistant secretary for cybersecurity and telecommunications.

Garcia has been serving as a vice president for information security policy and programs at the Information Technology Association of America, an Arlington, Va., industry group.

At ITAA, Garcia led the public debate on cybersecurity policy and national cyber readiness, DHS officials said. He worked closely with the department in the past few years in his role on the IT Sector Coordinating Council and working with industry to found the National Cyber Security Partnership.

More here.

Napster Hires UBS, Eyes Possible Sale

A Reuters newswire article, via CNN/Money, reports that:

Online music service Napster Inc. said Monday that it hired UBS Investment Bank to help it look at strategic alternatives, which could include the sale of the company.

The company said the move was in response to what it said was "recent third-party interest."

Napster, originally an online song-swapping service, was forced to close in July 2001 after a series of legal battles over copyright infringement.

It relaunched as a legal download site in 2003, having been bought by software company Roxio.

More here.

Bogus Records Raise More Fears in Tissue Trade

Alistair Cooke, the longtime host of "Masterpiece Theatre" on U.S. television and known around the world for his "Letter from America" shows on the BBC, died from cancer in 2004 at age 95 in New York.
Image source: The BBC / AP

An AP newswire article, via MSNBC, reports that:

The medical records that accompanied the body of “Masterpiece Theatre” host Alistair Cooke were wrong in just about every possible way.

His name was misspelled. His birthdate was off by 10 years. His Social Security number wasn’t even close. Also wrong were the name of his doctor and the time and cause of his death.

There was even a bogus name and phone number for a family member who supposedly agreed to donate the 95-year-old celebrity’s body parts for tissue transplants.

More here.

FCC Spectrum Auction Ends on $13.7B High Note

Kelly Hill writes on RCR Wireless News:

The advanced wireless services spectrum auction, also known as Auction 66, closed up shop this afternoon, with bidders putting up a total of nearly $14 billion.

The 28-day-long auction ended after 161 rounds, with 104 of the 168 registered bidders winning at least one license. All but 35 of the total 1,122 licenses up for grabs received bids.

More here.

VeriSign, Critics Gear Up for ICANN Hearing

Grant Gross writes on InfoWorld:

A VeriSign Inc. official defended its contract to operate the .com domain Monday, after Network Solutions accused the Internet Corporation for Assigned Names and Numbers (ICANN) of not requiring adequate security safeguards in its registry agreements.

Network Solutions, a domain-name registrar, released a report last week saying ICANN has "failed" to address security in its latest proposals for the .com, .biz, .info and .org top-level domains. Network Solutions officials also criticized a provision in the proposed contract renewal for the .com domain that would allow VeriSign to raise prices by 7 percent in four of the contract's six years. The current .com contract expires in late 2007.

VeriSign shouldn't get near-automatic renewals of the .com contract without more security requirements, said Jonathan Nevett, Network Solutions' vice president and chief policy counsel. "We're facing a contract that provides for ... permanent monopoly, for fee increases without justification and now without adequate security protections," he said. "It's mind-boggling that the contract has gotten this far."

More here.

State AGs Speak Out Against Federal Preemption in Telecom Reform Bill

Jeffrey Silva writes on RCR Wireless News:

Forty one state attorneys general asked Congress to strip from telecom-reform legislation provisions that would pre-empt state regulation of wireless and Voice over Internet Protocol services, pointing to mounting complaints and lack of enforcement muscle at the Federal Communications Commission.

"This unwarranted action pre-empts states from taking proactive action to prevent industry practices which have caused substantial harm to our citizens, and with no effective federal protection to fill the void that will be created via this pre-emption," stated officials who signed onto a Sept. 14 National Association of Attorneys General letter to Congress.

More here.

Gapingvoid: You Haven't Done Your Marketing

Via Enjoy!

'Hotel Minibar' Keys Open Diebold Voting Machines

Ed Felten writes on Freedom to Tinker:

Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this.

Here is an example that anybody, expert or not, can appreciate:

The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

More here.

Security Probes Hold Up Diplomats

Nicholas Kralev writes in The Washington Times:

Dozens of Foreign Service officers say their careers are in ruins because their security clearances were suspended based on suspicions or unsubstantiated accusations.

Several have accused the State Department's Diplomatic Security Service (DSS) in interviews of "abusing the security clearance process" by punishing "whistleblowing, dissenting viewpoints or minor acts of possible misfeasance unrelated to national security."

More here.