Saturday, September 30, 2006

Gapingvoid: Starbuck Bourgeoisie

Via Enjoy!

Foley e-Mails an Open Secret in D.C.?

Wow. This stinks to heavens...

An AP newswire article, via MSNBC, reports that:

Rep. Thomas Reynolds, head of the House Republican election effort, said Saturday he told Speaker Dennis Hastert months ago about concerns that a fellow GOP lawmaker had sent inappropriate messages to a teenage boy. Hastert’s office said aides referred the matter to the proper authorities last fall but they were only told the messages were “over-friendly.”

Reynolds, R-N.Y., was told about e-mails sent by Rep. Mark Foley and is now defending himself from Democratic accusations that he did too little. Foley, R-Fla., resigned Friday after ABC News questioned him about the e-mails to a former congressional page and about sexually suggestive instant messages to other pages.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Sept. 30, 2006, at least 2,711 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,158 died as a result of hostile action, according to the military's numbers.

The AP count is five more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

SetSlice Update

Roger Thompson writes on the SecuriTeam Blogs:

Last night our Hunting Pots found this in use in the wild at some of the St Petersburg iframers sites installing rootkits and who knows what else, and this morning, we found it in use at the CWS sites. It infects a fully patched XP SP2 quite nicely.

The CWS people have only been using WMF since december/ january, and have a very big, well-established network for drawing in victims. Imo, this represents a significant escalation.

The last time I examined it in detail, the CWS guys make money by selling their search engine to minor website operators with a pitch along the lines of “Pay us $100 per month, and we’ll guarantee 80m visitors each month”.

Then when a victim visits one of their exploit sites, they install a URL-visiting program and a list of URLs. The URL-visitor then visits each customer website in turn, forging the headers to make it look like a real visitor referred by the bogus search engine.

The minor website operator sees his 80m visitors a month, but doesn’t realize that they are just pcs…. no human eyes at all.

If they could make money with WMF, they’ll be rich from this one.

More here.

Friday, September 29, 2006

Toon: The H-P Way?

Click for larger image.

California: Schwarzenegger Signs Cable TV Deregulation Bill

An AP newswire article by Don Thompson, via The Mercury News, reports that:

Telephone companies can dive into California's $5.3 billion-a-year cable TV industry under a law signed Friday by Gov. Arnold Schwarzenegger. He said the measure, backed by millions of dollars in corporate contributions, will offer consumers better service and lower prices.

AT&T Inc. and Verizon Communications Inc. promised more viewing choices and technological advances now that they can seek statewide licenses to deliver Internet and television services to homes and businesses.

The bill frees the telecom giants and cable companies from negotiating with individual communities as they have done until now. Local governments opposed the bill, fearing they will lose money, service to poor areas, public-access programming and free Internet in schools and libraries.

More here.

U.S. Internet Gambling Bill Gets Last-Minute Push

A Reuters newswire article by Peter Kaplan, via Yahoo! News, reports that:

Most forms of Internet gambling would be banned under a tentative agreement reached on Friday by U.S. congressional negotiators.

Pending a review by other lawmakers, the measure could be brought up within hours for passage by the House of Representatives and Senate and then forwarded to President George W. Bush to sign into law.

The measure would be attached to an unrelated measure to bolster port security. Democrats had accused Republicans of pushing the bill to placate its conservative base, particularly the religious right, in advance of the November 7 elections.

More here.

Telecoms Refuse to Endorse Pretexting Bill

Roy Mark writes on

Wireless carriers today said pretexting for telephone records should be criminalized, but were silent when it came to backing a bill imposing additional requirements on carriers to protect consumer records.

Though far less publicized and attended than Thursday's hearing on Hewlett-Packard's pretexting scandal, the same House investigative panel met again Friday morning to hear testimony from the nation's six largest wireless carriers.

More here.

U.S. Government Formally Extends Agreement to Retain Control of ICANN

Via Reuters.

The U.S. Commerce Department said on Friday it would retain its oversight of the company that manages Internet domain names, renewing an agreement that was scheduled to expire this weekend.

The government said it signed a new three-year agreement with the Internet Corporation for Assigned Names and Numbers (ICANN), which controls addresses such as ".com" and country domain names such as ".cn" for China.

The new agreement aims to eventually turn over control of ICANN to the private sector, and calls for a review in 2008 of ICANN's progress toward becoming more accountable, the government said.

More here.

NTT Plans 10-Tbit/s Network

Ray Le Maistre writes on Light Reading:

Tier 1 carriers the world over, take note: Japanese incumbent NTT Group plans to build a 10-Tbit/s optical backbone network to cope with the capacity demands of a growing FTTH and high-speed DSL customer base.

The carrier's growth in high-speed broadband connections is putting its current 1-Tbit/s backbone under strain, something that might attract attention from the likes of AT&T Inc. and Verizon Communications Inc.

More here.

UT-Austin to Get Large NSF Grant for Supercomputer

Via Technology News Daily.

The University of Texas at Austin’s Texas Advanced Computing Center will host and manage one of the world’s most powerful computers with a $59 million, five-year grant from the National Science Foundation (NSF), the largest single NSF grant in the university’s history.

The computer will significantly increase the computing power and time available to academic researchers around the country who conduct research on subjects ranging from the birth of the universe to the workings of molecules inside the body.

The NSF grant will pay for the acquisition of the computer and its operation.

More here.

Warcraft Gamers Locked Out After Trojan Attack

John Leyden writes on The Register:

Keylogging scammers are once again laying siege to World of Warcraft gamers.

In latest attack, malware designed to steal user names and passwords from World of Warcraft players has been planted on maliciously constructed websites that pose as repositories for gaming advice.

Unprotected Windows users visiting these sites can get infected through malicious browser pop-ups. The malware also spreads through infectious emails, game forums, in-game chat, and other mediums. The culprit of the latest attack is a variant of PE-Looked (a strain that normally targets the popular online game Lineage), a representative from Trend Micro told The Sydney Morning Herald.

More here.

U.S. Congressman To Resign Over Sexually Explicit Messages to Minors

Brian Ross and Maddy Sauer report on ABC News' "The Blotter":

Saying he was "deeply sorry," Congressman Mark Foley (R-FL) resigned from Congress today, hours after ABC News questioned him about sexually explicit internet messages with current and former congressional pages under the age of 18.

A spokesman for Foley, the chairman of the House Caucus on Missing and Exploited Children, said the congressman submitted his resignation in a letter late this afternoon to Speaker of the House Dennis Hastert.

More here.

In Amsterdam, Internet Freedom Reigns

Lucas van Grinsven writes for Reuters:

Amsterdam has the world's busiest Internet exchange, thanks to nuclear physicists and mathematicians who in the 1980s connected their network needs with the academic belief that knowledge needs to be free.

At a time when the neutrality of the Internet is at stake, and Internet service providers (ISPs) are moving to prioritize their premium traffic, the Amsterdam Internet Exchange is a reminder that the Internet was built on the principle of the unrestricted exchange of ideas and information.

The popularity of the AMS-IX. the official name of the exchange, is the result of a liberal foundation which has created a place where ISPs can do business any way they like.

More here.

Investigators Claim to Find Record of Karr's Lost Child Porn

An AP newswire article by Kim Curtis, via The Mercury News, reports that:

Investigators found a mirror image of lost computer data containing child pornography evidence against former JonBenet Ramsey slaying suspect John Mark Karr, a Sonoma County prosecutor said Friday.

"A late breaking development," Judge Cerena Wong said at the start of the hearing on whether five misdemeanor counts should be dismissed against Karr.

The find was announced two days after prosecutor Joann Risse said Karr's computer hard drive and a copy of the contents were missing.

More here.

Microsoft: Two New and One Updated Advisory

Via The Microsoft Security Response Center Blog.

This week we’ve seen both proof of concept code posted for a Windows Shell vulnerability. We have also seen limited exploits of a previously publicly disclosed vulnerability in DirectAnimation as well as limited exploits of a PowerPoint vulnerability.

We’ve made the Windows Shell advisory available to advise customers of this public PoC. The advisory calls out mitigating factors and workarounds and does also touch upon our plans around releasing a security update that addresses this. The advisory can be found here.

We’ve also made a small update to the DirectAnimation advisory to call out that we have seen very limited attacks occur. That advisory can be found here.

Finally, we’ve published a PowerPoint advisory as well regarding limited attacks using specially crafted PowerPoint files.

More here.

Crimeware Tech: Reselling Stolen Information

Image source: F-Secure

Mikko Hyppönen writes on the F-Secure "News from the Lab" Blog:

Haxdoor rootkit-equipped backdoors are widely used - in the "Rechnungen" and "Räkningen" spam runs in Germany and Sweden for example.

The toolkit itself is sold on the Internet by its author, known as "Corpse" or "Korpsov".

Now, people who use such backdoors quickly collect a lot of information from infected computers. Information such as passwords, credit cards, and bank logons. Some of these attackers filter the logs they collect to find juicy information and then use it themselves. Others grep the data for e-mail addresses (to sell them to spammers) and for credit card numbers and bank logins (to sell them to fraudsters).

More here.

Cyber-Spies Tracking Terror on The Web

Dana Rosenblatt writes for CNN:

There is an unconventional war being waged on the Internet. The battles here know no boundaries; and are fought from homes and offices from small Midwestern towns to Europe and the Middle East.

For the fighters in these battles weapons usually consist of no more than collected intelligence and computer programming skills.

It's no secret anymore that active terrorist cells are currently operating freely and openly on the Internet, using propaganda tactics to illicit prospective recruits.

The emergence of these terrorist groups has spawned their nemesis: groups of researchers, hackers, and maverick computer geeks who cyber-stalk terrorist networks online and take them down.

More here.

Thursday, September 28, 2006

User Friendly: Our Technological Legacy


Click for larger image.

Smoking Gun E-mail: H-P Bosses Warned In Advance

Via CBS5 and the Associated Press.

Lawmakers diving into the spying scandal at Hewlett-Packard Co. came up with a seemingly damaging e-mail: An HP investigator had warned higher-ups that the company's boardroom leak probe was possibly illegal and likely threatened the computer maker's reputation.

The whistleblower tried to stop HP's heist of personal phone records seven months before it erupted into a national scandal, according to the e-mail document released Thursday.

More here.

U.S. Toll in Iraq

Via The San Francisco Chronicle (AP).

As of Thursday, Sept. 28, 2006, at least 2,708 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,155 died as a result of hostile action, according to the military's numbers.

The AP count is two more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Is the Ballistic Missile Defense System Worth the Money?

Martin Sieff writes for UPI:

America's missile defense programs are currently surging ahead far better than their critics expected.

But at the same time, even if the programs deliver all the promise that their most ardent champions have predicted for them, they will still be able to deliver only a fraction of what the American public is being told by many pundits that they can do.

More here.

Chinese-U.S. Spy Wars in Silicon Valley

Matt Marshall writes on VetntureBeat:

FBI investigators want to charge two men for spying in Silicon Valley to benefit China, and they say it is just the tip of a massive effort by the Chinese government to set up front companies to do this sort of thing.

In the latest case, they say Lan Lee, an American citizen, and Yoefei Ge, a Chinese national, stole chip designs and software from their employers NetLogic Microsystems of Mountain View and Taiwan Semiconductor Manufacturing Co. in San Jose, and planned to go into business with the Chinese government.

More here.

Verizon Sues Pretexting Firms Linked To H-P Probe

Via (San Francisco/Oakland/San Jose)

CNBC and Reuters both reported Thursday that the phone company Verizon filed suit against unnamed pretexting companies - accusing them of using deceptive means to obtain telephone records on behalf of Hewlett-Packard Co. in its probe of leaks to journalists.

In the lawsuit, which was filed in federal district court in Trenton, N.J., Verizon said a total of 20 individuals engaged as data brokers were hired directly or indirectly by HP to investigate leaks of confidential information from the company's board of directors.

Those investigators used "fraud, trickery and deceit" to access call records from Verizon customer service centers and through online customer accounts, CNBC and Reuters said the lawsuit alleged.

No further details were immediately available. The reports of the lawsuit broke after the federal court in New Jersey had closed for the day.

More here.

Advocacy Groups to Congress: Forget H-P. What About NSA?

Anne Broache writes on the C|Net Politics Blog:

The spying scandal that rocked Hewlett-Packard's boardroom may be disconcerting to many onlookers, but Congress would be better served if it devoted the same sort of scrutiny to the Bush Administration's warrantless terrorist surveillance program, advocacy groups and some politicians said Thursday.

The remarks by politicos came at a daylong hearing convened by a U.S. House of Representatives oversight and investigations subcommittee to inquire about the legally questionable tactics, including fraudulent obtaining of phone records, used by the leading Silicon Valley firm to investigate media leaks.

Rep. Anna Eshoo, a California Democrat whose constituency covers HP's Palo Alto headquarters, said she found it ironic that the House was at the same time preparing to consider a controversial bill that she said would overthrow a 1978 law governing electronic surveillance. If that measure--scheduled for a vote later on Thursday night--succeeds, then the American people should "get set for surveillance," she suggested.

More here.

Robo-Soldier to Patrol South Korean Border

A person in charge of the development of the Aegis Robot, an unmanned surveillance system, explains its functions in this Dec. 18, 2004 file photo.
Image source: The Korean Times / Yonhap

I, for one, welcome our heavily-armed robotic overlords. :-)

An AP newswire article by Joohee Cho, via ABC News, reports that:

South Korea unveiled Thursday an armed robot that it says could detect and repel intruders along its heavily armed border with North Korea.

The so-called "Intelligent Surveillance and Guard Robot" uses visual and infra-red detection to distinguish between humans, trees, and vehicles, and can do so from 2.5 miles away during the day and about half that at night.

Once the target is within 10 meters, it will demand a pre-programmed military secret code. If this code is not provided, it could give three possible responses: sound an alarm, fire rubber bullets or open fire with a K-3 machine gun.

More here.

Feds Really Do Fear Hippy Cyber Terror

Kevin Poulsen writes on 27B Stroke 6:

If you were curious, as I was, why the notional evildoers in DHS's anti-cyber terror wargame Cyber Storm were anti-globalization lefties instead of home grown right wing extremists or al Qaida, it turns out the threat model was completely in keeping with the Bush administration's assessment of where terrorists are festering.

From the very end of the government's newly-and-partially-declassified National Intelligence Estimate [.pdf] summary:

"Anti-U.S. and anti-globalization sentiment is on the rise and fueling other radical ideologies. This could prompt some leftist, nationalist, or separatist groups to adopt terrorist methods to attack US interests. The radicalization process is occurring more quickly, more widely, and more anonymously in the Internet age, raising the likelihood of surprise attacks by unknown groups whose members and supporters may be difficult to pinpoint.

"We judge that groups of all stripes will increasingly use the Internet to communicate, propagandize, recruit, train, and obtain logistical and financial support."

More here.

California Web Firm Bilked Backers, SEC Says

A Dow Jones/Associated Press article, via The Los Angeles Times, reports that:

Children's Internet Inc., a company that promises to protect children from inappropriate Internet content, bilked more than $5 million from investors and used the money to pay gambling debts, according to a lawsuit filed Wednesday by the Securities and Exchange Commission.

The SEC sued the Pleasanton, Calif., company's 39-year-old chief executive, Sholeh Hamedani, and her father, Nasser Hamedani, 68, both of Danville, Calif.

The Hamedanis treated the company "like their own piggy bank and then tried to cover up the scheme," said Helane Morrison, head of the SEC's San Francisco office.

More here.

U.S. Judge Allows NSA Wiretaps for Another Week

A Reuters newswire article, via The Boston Globe, reports that:

The federal judge who ordered a halt to the Bush administration's program of domestic wiretapping on Thursday allowed the surveillance to continue for a week to allow an appeals court to weigh in on an issue expected to end up with the U.S. Supreme Court.

U.S. District Judge Anna Diggs Taylor in Detroit denied the Justice Department's request for a lengthy stay pending an appeal of her August ruling that the National Security Agency's five-year-old surveillance program violates the civil rights of Americans, the lawyer who brought the lawsuit said.

Instead, Taylor gave the government a seven-day window to get a stay from a federal appeals court before that court hears arguments on the legality of the wiretap program.

The American Civil Liberties Union filed the suit in March on behalf of scholars, attorneys, journalists and non-profit groups that regularly communicate with people in the Middle East.

More here.

Politics: Infamous Quotes

Click for larger image.

Lawmakers Blast H-P Tactics, Witnesses Refuse to Testify

Bill Brubaker and Ellen Nakashima write in The Washington Post:

The ousted chairwoman of Hewlett-Packard Co. told a House subcommittee today that some of the tactics used by the computer giant in its surveillance scandal are employed by other American companies.

"I believe that these methods may, in fact, be quite common, not just at Hewlett-Packard but at companies around the country," said Patricia Dunn, who was fired by the company on Friday. "Every company has a security department. Every company of consequences has people who do detective-type work in order to ferret out the forces of nefarious activities."

House lawmakers used the day-long hearing on Capitol Hill to strongly denounce -- and further investigate -- tactics that Hewlett-Packard used to secretly probe leaks about the company to the media. Measures used in the HB probe, which began in early 2005, included rooting through the trash of company board members and using false pretenses to gain private phone records.

More here.

Cuban: Only a 'Moron' Would Buy YouTube

A Reuters newswire article by Paul Thomasch, via Yahoo! News, reports that:

Billionaire investor and dot-com veteran Mark Cuban had harsh words on Thursday for YouTube, the online site that lets people share video clips, saying only a "moron" would purchase the wildly popular start-up.

Cuban, co-founder of HDNet and owner of the NBA's Dallas Mavericks, also said YouTube would eventually be "sued into oblivion" because of copyright violations.

"They are just breaking the law," Cuban told a group of advertisers in New York. "The only reason it hasn't been sued yet is because there is nobody with big money to sue."

More here.

H-1B Visa Plan Hits a Wall

Michael Cooney writes on NetworkWorld:

Despite all the hullabaloo early this year, it appears that the move to increase the number of H-1B visas is dead in the water -- for now anyway.

Congress will recess tomorrow so its members can go home and campaign to their constituents -- in some cases, to try to get reelected -- without having addressed the issue.

The inaction on this topic is a far cry from the frenzy of activity that took place around the H-1B issue earlier this year. In June the Senate approved a motion that would increase the number of H-1B visa workers allowed in the United States at any one time from 65,000 to 115,000 and would let that number grow higher if the threshold was met.

More here.

PayPal in Settlement Deal with 28 U.S. States

Eric Auchard writes for Reuters:

PayPal, the online payments unit of EBay Inc. has agreed with attorneys general from 28 U.S. states to improve how it notifies users of their consumer rights, the company said on Thursday.

Under the deal, PayPal will also pay $1.7 million to the states.

In addition, PayPal said it reached a settlement in a proposed class action lawsuit by PayPal customers in a U.S. federal court in Brooklyn. PayPal agreed to set up a settlement fund of $3.5 million, less court costs and attorneys fees.

PayPal said it will, among other things, shorten and streamline its user agreement and communicate more information relating to its protection programs. The company said it has already complied with many of the voluntary deal's terms.

More here.

Attempt to Sneak Anti- Online Gambling Bill into Law Fails


An attempt to sneak a US bill banning online gambling into law has run into trouble. Supporters of the bill had attempted to attach the bill to a defence bill being passed this week, but the move has been blocked by the Armed Services Committee.

The Bush administration and the Department of Justice are keen to pass a new law making internet gambling illegal to clear up uncertainty surrounding the 1961 Wire Act currently used in prosecutions. The bill has passed through the House of Representatives but has not yet passed the Senate. Other attempts in recent years to pass an anti-online gambling act have fallen at the Senate.

More here.

UK's Worst Spammer Loses Appeal

John Leyden writes on The Register:

The UK's biggest spammer, convicted on a variety of charges ranging from fraud and blackmail to making threats to kill and sentenced to six years imprisonment, has failed in an appeal court bid to quash two of his convictions.

Peter Francis-Macrae, 24, of St Neots, Cambs, argued that two of his convictions - involving concealing criminal property and fraud - were unsafe.

But appeal court judges rejected arguments that the jury in the case had been misdirected by the trial judge's summing up of the case and dismissed the appeal, the BBC reports.

More here.

Former U.S. AG May Have to Testify in Computer Terrorism Lawsuit

An AP newswire article, via The Sydney Morning Herald, reports that:

Former U.S. Attorney General John Ashcroft could be called to testify in a lawsuit that claims a student was wrongly imprisoned in a computer terrorism case, a federal judge ruled Wednesday.

U.S. District Judge Edward Lodge rejected Ashcroft's argument that he was entitled to absolute immunity because his position at the Department of Justice was prosecutorial.

More here.

Gapingvoid: I Feel... Your Pain

Via Enjoy!

Australia: Army Expects 'Suicide Hacker' Attacks

Munir Kotadia writes for ZDNet Australia:

Australia is preparing for cyber-terrorism attacks from "suicide hackers", who will aim to bring down critical infrastructure for a "cause" and not worry about facing 30 years in jail for their actions.

So far there have been no major acts of cyber-terrorism -- where hackers take down parts of the critical infrastructure by breaking into power, water, transport or even air traffic control systems -- but the subject has been discussed a great deal.

On Tuesday, Colonel Paul Straughair, the director of network centric warfare at the Australian Army and part of the Australian Department of Defence, said he saw "no logical reason" why suicide hackers would not strike in the future.

More here.

New Website Defacement Messages Threatening The Pope

Roberto Preatoni writes on Zone-H News:

Today on Zone-H the "in-progress" list of defacements that have been set up after Pope Ratzinger's declarations at Regensburg University.

Between September 12th and [S]eptember 27th, Zone-H database recorded a hike in the number of defacements for religious or political reasons and we highlighted that about 4939 websites have been attacked with the aim of focus on the Islamic protest.

More here.

Final Bell for Mobile ESPN

Via Red Herring.

After spending $80 million to acquire only 30,000 subscribers, the Walt Disney Co. announced Thursday it is pulling the plug on Mobile ESPN, a high-profile sports-oriented mobile phone service.

Disney, ESPN’s parent, ended its sports MVNO experiment and will offer its branded content through mobile carriers, according to a report in Thursday’s Wall Street Journal. That means it will no longer offer mobile phone service along with its sports updates and news.

Mobile ESPN’s content will instead be sold through Sprint or Verizon Wireless as a part of various bundles. Customers who purchased Mobile ESPN phones will receive a full refund of their purchase price upon settlement of their final Mobile ESPN bill, the company said.

More here.

Security Scruples: IT Pros Wrestle With Ethics

Via Dark Reading.

When it comes to IT security, the concepts of "right" and "wrong" aren't universal.

That's the preliminary conclusion we're reaching as Dark Reading collects the initial results of its "Security Scruples" survey, which began last week. The survey is still open for responses.

So far, we've received more than 400 responses to the survey, and the results show some significant differences in the way IT and security professionals view their "scruples" -- their ethical responsibilities in their jobs.

More here.

Why Did Avaya Survive Where Lucent Stumbled?

Justin Fox writes for Fortune's "The Curious Capitalist" (via CNN/Money):

Avaya was the dowdy stepchild of Lucent, spun off in Oct. 2000 so the glamorous parent could concentrate on "next-generation communications networks." The Internet was changing everything, so Lucent stuck Avaya with pre-Internet businesses like telephones and voice mail.

What's happened since? Lucent imploded. Avaya, while it has certainly had some troubles of its own, has done an awful lot better.

This sounds a little bit like what's been going on lately with Viacom and CBS, where the supposedly slow-growth half of the company has outperformed its glamorous former spouse since the two broke up at the beginning of this year. That makes two examples of the duller party prevailing in a spinoff, which is tantalizingly close to three, the magic number at which journalists are officially allowed to declare the existence of a trend. It's better to be dowdy! It's better to be dowdy!

But D'Ambrosio, who was head of global sales and marketing for Avaya before taking over as CEO in July, steered me in a different direction. It wasn't dowdiness that saved Avaya, but VOIP. Four years ago, he said, 20 percent of new business phone lines used voice-over-internet-protocol. Now it's 60 percent.

More here.

H-P Lawyer Resigns, Will Not Testify

Via BetaNews.

Hewlett-Packard said Thursday that its general counsel had resigned immediately from the company, the fourth to do so behind former chairwoman Patricia Dunn and two other HP execs. Ann Baskins, who had been with the company for 24 years, advised Dunn to go forward with the HP press leak investigation. Her lawyers also said she will invoke her fifth amendment rights and refuse to testify in front of Congress.

Fifth amendment rights can be used when there is a fear of incrimination from testimony made. However, her lawyers maintain her innocence, although say the current environment could unfairly implicate her. "Given the current environment, however, Ms. Baskins simply has no choice," they said in a letter to the House Energy and Commerce Committee.

More here.

Wednesday, September 27, 2006

The Land Rush for .MOBI Domains

Getting a bit ridiculous...

Catherine Holahan gets it right, when she writes on BusinessWeek Online:

In the first two days, dotMobi registered more than 88,000 new domains. That's not many compared with the 105 million addresses registered worldwide since 1985—more than half of which end in ".com." But the speed at which names are getting taken has made the new extension a wild success by dotMobi's estimate. "People are taking the names and they are putting them into production," says dotMobi CEO Neil Edwards. "It took dot-com years to do 100,000 names."

But it's who's rushing to register some of those names that's causing concern. Some companies are complaining that the new extension is luring criminals and cybersquatters who either want to trick Web surfers into visiting wrong sites or charge companies a premium to buy back names associated with their brands.

More here.

Google to File Motion in Orkut Case

An AP newswire article by Elizabeth Dwoskin, via Yahoo! News, reports that:

Google Inc. will file a motion in response to a Brazilian judges' deadline to turn over information on users of the company's social networking service Orkut, a spokeswoman said Wednesday.

On Aug. 22, Federal Judge Jose Marcos Lunardelli gave Google's Brazilian affiliate until Sept. 28 to release information needed to identify individuals accused of using Orkut to spread child pornography and engage in hate speech against blacks, Jews and homosexuals or face daily fines of $23,000.

Google spokeswoman Debbie Frost said the company would instead file a brief in court explaining why it can not comply with the judge's order.

More here.

H-P Used Phishing-Style e-Mail, Tracing Software to Track Leaks

Jon Swartz writes on USA Today:

In snooping on a reporter to pinpoint internal news leaks, Hewlett-Packard used high-tech tools common to spammers, phishers, retailers, suspicious employers and investigators.

Those tools, including phishing-style e-mail and tracing software, underscore the growing use of electronic surveillance to monitor consumers' every digital move, computer-security experts say.

Misleading e-mails from HP investigators to CNet reporter Dawn Kawamoto "smacked of phishing tactics" to trick her into divulging information, says Dave Jevans, chairman of the Anti-Phishing Working Group.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Sept. 27, 2006, at least 2,706 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,155 died as a result of hostile action, according to the military's numbers.

The AP count is three more than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Good Cybercitizens Keep Watch Over ID-Theft Victims

Jon Swartz writes on USA Today:

For a few hours a day, Steven Peisner calls strangers across the USA — sometimes at night — and reads to them their Social Security numbers and credit card data.

Though many recipients immediately suspect he is an ID thief, Peisner's intent is just the opposite: He is a digital whistle-blower.

"My motivation is to be a good citizen and put a dent in (fraudulent e-mail) phishing scams," says Peisner, president of, which provides anti-phishing services for online merchants. He works closely with law enforcement and computer-security experts. Peisner, 43, is one of several avenging angels nationwide looking out for the well-being of ID-theft victims. They share a fervent desire to publicize the widespread availability of stolen personal data on the Internet.

More here.

6 indicted in Internet scam

An AP newswire article, via The Boston Globe, reports that:

A federal grand jury on Wednesday indicted six men on charges they obtained financial information in an e-mail scam over two years and used the information to obtain money, goods and services.

Michael Dolan of West Haven and North Miami Beach, Fla.; Charlie Blount Jr. of Branford; Richard D'Andrea, Thomas Taylor Jr. and Daniel Mascia, all of West Haven; and Keith Riedel of Winter Haven, Fla., are accused of sending e-mails since 2004 purporting to be from America Online and seeking credit card information, U.S. Attorney Kevin O'Connor said in a statement.

The indictment also accuses the six men of participating in a scheme that installed "malicious software" when an AOL subscriber clicked on a link in the e-mail.

More here.

Must Read: What It Feels Like Living With a Gag Order

Ryan Singel writes on 27B Stroke 6:

An illuminating affidavit from a lawsuit brought by the president of ISP challenging the constitutionality of a key Patriot Act has been set free on the internet, casting light on what it feels like to receive a subpoena covering one of your friend's and not being able to talk to anyone other than a lawyer about it.

The lawsuit, brought by the ACLU on behalf of a small ISP and web hosting company that seems to specialize in working with political groups, challenges the legality of National Security Letters, one of the most widely used powers in the Patriot Act. These NSLs allow the government to compel companies to turn over records, including communication records, by simply asserting that the records are germane to an anti-terrorism investigation. No judge need be consulted.

More here.

Fake Police Prank Hits Internet

An AP newswire article, via CBS News, reports that:

Three men posing as plainclothes police officers stopped a teenage boy on his way home and peppered him with questions about a fictitious robbery while recording their prank in a video that ended up on the Internet, prosecutors said.

The video of the men making the shirtless 16-year-old boy put his hands in the air and explain where he was going appeared on YouTube, a popular site where amateurs can post and view homemade movies, prosecutors said.

More here.

Laptop with Personal Info of 55,000 GE Workers Stolen

Frank Washkuch Jr. writes on SC Magazine Online:

A laptop containing the names and Social Security numbers of about 50,000 General Electric (GE) employees was stolen from a locked hotel room earlier this month.

The Fairfield, Conn. company said the employee handling the laptop was authorized to have the data, according to press reports from Reuters and other news organizations.

GE officials said the thief appeared to be after only the laptop and not the data on it, according to press reports.

GE began mailing letters earlier this week to affected employees, offering them a free year of credit monitoring service.

More here.

Naive 'Hacker' Escapes Punishment

John Leyden writes on The Register:

Here's a cautionary tale for would-be penetration testers: get permission from a bank before you try to bill them for helping to identify and fix the security short-comings of their services. New Zealander Gerasimos Macridis, 39, learnt that lesson the hard way after his attempts to help the country's Reserve Bank in improving its telephone banking systems resulted in a court appearance.

Macridis told Wellington District Court that he was surprised that his attempts to bill the bank for unsolicited services ended up with the police, and not a cheque, arriving on his doorstep. Macridis was more guilty of naivety then mendacity, the court heard.

More here.

Report: Computer in H-P Case Smashed to Bits

Via CNN/Money.

A Colorado man suspected of surreptitiously obtaining telephone numbers on behalf of Hewlett-Packard told an investigator last week that he had destroyed his computer, according to a published report.

The Wall Street Journal reports that if that is true, the destruction of the computer could be a setback for California authorities who are looking into whether HP's probe of leaks from its boardroom violated any laws.

The newspaper reported that the man, identified as Bryan Wagner, 29, of Denver, told the investigator from the California Attorney General's office he had demolished his computer with a hammer and disposed of it after receiving a tip from a relative that he might be caught up in a criminal probe.

"Not erased the hard drive," a source familiar with the investigation told the Journal. "Destroyed it."

More here.

WiFi-Sharing Service Breaches UK ISP Conditions


A router designed to share broadband internet connections with third parties appears to break the terms and conditions of seven of the top 10 UK internet service providers. offers Wi-Fi routers for as little as €5 and encourages connection sharing in a bid to build a Wi-Fi community, but its policies could put users at odds with their providers.

OUT-LAW has examined the terms and conditions of the 10 biggest UK ISPs as rated by research firm Point Topic. Only two of the ISPs, Blueyonder from Telewest and Orange Broadband, do not ban the sharing of a connection with third parties.

More here.

User Friendly: Engineering Life-Blood


Click for larger image.

Cisco Online Order Management Systems Go Down for 2nd Time in 9 Days

Craig Matsumoto writes on Light Reading:

For all its efforts to network the world, Cisco is having trouble keeping its online ordering systems going.

Yesterday, for the second time in nine days, Cisco's online order management systems went down, blocking customers from logging new orders or checking the status of older ones.

Cisco confirms that one outage occurred on Monday, Sept. 18; a customer tells Light Reading it lasted 20 hours. Yesterday's incident was relatively short, and the systems came back online before the end of the working day, Pacific time, according to a Cisco spokesman.

More here.

Comcast Server Failure Makes Google, Others Unavailable

Grant Gross and Juan Carlos Perez write on MacWorld:

The failure of a DNS (domain name system) server at Comcast caused problems for some Web surfers in the northeast section of the U.S. Tuesday, making several Web sites, including Google, inaccessible.

The server failure caused connectivity problems for a “few hours,” said Jeanne Russo, a Comcast spokeswoman. By late Tuesday, the broadband provider had rerouted traffic to other servers, she said.

An undetermined number of Google users who subscribe to Comcast’s broadband service “experienced problems accessing Google and other services for a short period of time,” a Google Inc. spokesman said via e-mail.

More here.

Microsoft Files Lawsuit Against DRM Hackers

Jeremy Kirk writes on InfoWorld:

Microsoft is suing a group of hackers who apparently gained access to the company's proprietary source code, creating a program that wipes media files clean of file-sharing restrictions.

The suit, which Microsoft filed last Friday in a district court in Seattle, Washington, gives only a nickname for the ringleader, "viodentia," who is one of 10 "John Does" whom Microsoft believes are responsible for breaking its Windows Media Digital Rights Management (DRM) software.

More here.

U.S. Army Data Communications Deal Goes to Raytheon

Roseanne Gerin writes on

The Army has chosen Raytheon Co. as the winner of a five-year, $48 million contract to standardize and integrate its communications systems.

Raytheon of Waltham, Mass., will furnish 15 Multiplexer Integration and Digital Communication Satellite Subsystem Automation Systems, known as MIDAS.

The systems offer more efficient and less expensive data communications switching and routing functions and give geographically dispersed users immediate and automated access to voice, video and data communications. They also maintain interoperability with the existing communications infrastructure.

More here.

Google: Happy 8th Birthday

Tuesday, September 26, 2006

Deal Is Likely on Detainees but Not on Eavesdropping

Carl Hulse and Kate Zernike write in The New York Times:

Congress on Tuesday was headed toward a split decision on President Bush’s pre-election national security agenda, moving closer to passage of legislation on the handling of terrorism suspects while all but giving up hope of agreeing on a final bill to authorize the administration’s eavesdropping program.

Lawmakers in both the House and Senate said it now appeared doubtful that bills covering the National Security Agency’s eavesdropping program could pass both houses and be reconciled before Congress adjourns this weekend, an outcome that would deny Republicans one of the main achievements they hoped to take into the election.

More here.

Gapingvoid: Crap Blog 101

Via Enjoy!

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Sept. 26, 2006, at least 2,703 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,152 died as a result of hostile action, according to the military's numbers.

The AP count is three more than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Top Aide to New Hampshire Congressman Resigns Over Fake Blog Posts

An AP newswire article by Anne Saunders, via The Washington Post, reports that:

A top aide to U.S. Rep. Charles Bass resigned Tuesday after disclosures that he posed as a supporter of the Republican's opponent in blog messages intended to convince people that the race was not competitive.

Operators of two liberal blogs traced the postings to the House of Representatives' computer server. Bass' office traced the messages to his policy director, Tad Furtado, and issued a statement announcing Furtado's resignation Tuesday.

More here.

Judge Orders DHS to Come Clean on Border Cyber Attack

Kevin Poulsen writes on 27B Stroke 6:

A federal judge in San Francisco has ordered the Department of Homeland Security's Bureau of Customs and Border Protection (CBP) to give me additional documents on a cyber attack that shut down portions of the national border screening system last year.

The government had argued that releasing more than six partially-blacked-out pages on the August 2005 incident would make the sensitive US-VISIT system vulnerable to computer intruders. After reviewing the 672 pages of documents the government has in its possession, U.S. District Court Judge Susan Illston is unconvinced.

More here.

White House Bars Report Blaming Global Warming for Increased Hurricane Activity

Randolp P. Shmid writes for the Associated Press:

The Bush administration has blocked release of a report that suggests global warming is contributing to the frequency and strength of hurricanes, the journal Nature reported Tuesday.

The possibility that warming conditions may cause storms to become stronger has generated debate among climate and weather experts, particularly in the wake of the Hurricane Katrina disaster.

More here.

Researcher Takes TRUSTe to Task

Robert Lemos writes on SecurityFocus:

A controversial survey of more than a half million Web sites released on Monday found that sites are twice as likely to be rated as bad actors if they have been certified by the TRUSTe non-profit industry group.

The research--conducted by Benjamin Edelman, an economics graduate student at Harvard University and spyware expert--used McAfee's SiteAdvisor Internet rating service to grade the top 515,309 Web sites. The researcher found that while 13,148 of those Web sites, or 2.5 percent, were deemed untrustworthy, the proportion of untrustworthy sites doubled to 5.4 percent, if only the 874 TRUSTe-certified sites were considered.

"It's no great surprise that bad actors seek to free-ride on sites users rightly trust," Edelman said in a statement on his Web site. "But certification issuers don't have to let this happen. They could develop and enforce tough rules, so that every site showing a seal is a site users aren't likely to regret visiting. Unfortunately, certification don't always live up to this ideal."

More here.

ACLU Slams Booz Allen in SWIFT Audit Report

Via UPI.

The ACLU is questioning the credibility of Booz Allen Hamilton to audit the U.S. SWIFT surveillance program.

Booz Allen Hamilton, Inc is a huge U.S. consulting and engineering corporation that is providing oversight for the SWIFT surveillance program. However, the American Civil Liberties Union and Privacy International, called its independence and credibility into question Tuesday when they published a memorandum prepared at the request of European regulators that documented Booz Allen's close ties to the U.S. government.

"It is bad enough that the administration is trying to hold out a private company as a substitute for genuine checks and balances on its surveillance activities," said Barry Steinhardt, director of the ACLU's Technology and Liberty Project. "But of all companies to perform audits on a secret surveillance program, it would be difficult to find one less objective and more intertwined with the U.S. government security establishment."

More here.

BT Rethinks 21CN Core Strategy

Ray Le Maistre writes on Light Reading:

BT Group plc is reconsidering its 21st Century Network (21CN) core network technology deployment plans, and may add a controversial new Ethernet approach to its IP/MPLS strategy, an executive from the British operator revealed today.

Speaking at the Carrier Ethernet World Congress in Madrid, Tim Hubbard, head of 21CN solutions strategy at BT, said the carrier is planning to use Provider Backbone Transport (PBT), a new flavor of Ethernet being heavily promoted by BT in league with Nortel Networks Ltd., as a backhaul transport technology between its access nodes and metro nodes.

More here.

Apple and Security: Abuse and Ignorance?

Kieren McCarthy writes:

Here we go again. Security experts warn that there is a hole in one of Apple’s products; Apple says there isn’t a problem; and a month later it releases a fix for it. I write a story pointing this out and am faced with mindless abuse from the Apple faithful.

Exactly the same thing has happened several times in the past and it’s not just me, it’s anyone that points out the startingly obvious: that OS X, Safari, MacBooks, whatever, do not exist within some holy forcefield of invulnerability - they are just electronic products.

More here.

U.S. Pressured EU to Go Easy on Microsoft

Ed Oswald writes on BetaNews:

The European Commission's Competition Commissioner Neelie Kroes told a Dutch newspaper this week that she was pressured by the United States government to go easy on Microsoft. In the article, she criticized government officials for interfering in an EU matter.

Microsoft first asked the U.S. government for help in November, and also attempted to bring the U.S. court system into the battle, however they declined. In all cases, the courts ruled the case was between the EU and Microsoft, and the United States had no jurisdiction.

Kroes said government representatives asked her to be "nicer" before she handed down a decision to fine the Redmond company an additional 280.5 million euros ($357 million) back in July. However, she ignored the requests and the fines went forward.

More here.

Google Investigating Access Difficulties for Users of Some ISPs

An AP newswire article, via The Mercury News, reports that:

Google services were slow or inaccessible to some users Tuesday.

The cause of the glitch was not immediately known, nor were any details available on how widespread it was.

"We've received reports that a small portion of certain Internet service providers' users are having difficulty accessing Google services," Google Inc. said in a statement. "We are currently working with the ISPs to investigate."

More here.

Bush Signs Spending Tracker Bill

An AP newswire article, via CBS News, reports that:

President Bush said Tuesday that Americans will now be able to "Google their tax dollars," as he signed a law to create an online database for tracking about $1 trillion in government spending on grants and contracts.

The law is aimed at preventing wasteful spending by opening the federal budget to greater scrutiny. The information is already available, but the Web site would make it easier for those who aren't experts on the process to see how taxpayer dollars are being spent.

More here.

Oops: 3-Year-Old Buys Car on eBay

Via The

A three-year-old boy used his mother's computer to buy a £9,000 car on the internet auction site eBay.

Jack Neal's parents only discovered their son's successful bid when they received a congratulations message from the website about the Barbie pink Nissan Figaro.

Rachel, 36, said: "We couldn't understand what was happening. Neither of us had bought anything."

"So we checked and saw it was a Barbie pink car which we'd bought for £8,999. We flew into a panic."

The next morning Jack woke and told his parents: "I've bought a car."

Mrs Neal, of Sleaford, Lincs, said she thought she had left her eBay password in her computer.

She said: "Jack's a whizz on the PC and just pressed all the right buttons."

More here.

(Props: John Paczkowski)

Microsoft Release Early Patch for VML Exploit

Via the F-Secure "News from the Lab" Blog:

Microsoft has released a patch against the VML vulnerability outside of their normal update cycle. Which is great.

The patch is available right now via

Get it here. Now.

RSS: Security Deadline Looming

Jim Rapoza writes on eWeek:

[...] during the last year or so, many people have been asking an important question: Is RSS secure?

It's vital that this question be answered in the next few months—before Microsoft releases its Internet Explorer 7 browser, which makes it much easier for novices to subscribe to RSS feeds, and before it releases Vista, which has RSS support built in. Both releases will have malware purveyors looking for ways to exploit the products' RSS integration.

More here.

Security Row Upsets Second Lifers

Via The BBC.

The creators of the Second Life online world have been criticised by members over a security breach that exposed confidential information.

On 11 September all Second Life users were asked to change their password following a successful attack on one of the virtual world's core databases.

Second Lifers contacted the BBC saying they had not been given enough detail about what was exposed to hackers.

But Second Life's bosses said they had done everything to keep users informed.

More here.

Monday, September 25, 2006

More False 'Compromises' on Wiretapping

Dave McGuire writes on the PolicyBeta Blog:

We wish we could offer you some good news on the warrantless wiretapping front, but everything we hear seems to get grimmer. Below is the text of a press release we sent out today regarding the latest developments in support of the dangerous Cheney-Specter proposal.

Three Senators today indicated that they would support Senator Arlen Specter’s (R-Pa.) warrantless wiretapping bill in response to changes made to the legislation since it was first introduced.

The announcement represents the latest of many attempts by bill supporters to paint wiretapping legislation as some sort of compromise. This is simply not the case. The changes to the Specter Bill cited by Senators Larry Craig (R-Idaho), John Sununu (R-N.H.) and Lisa Murkowski (R-Alaska) are meaningless. The version of the bill introduced by Majority Leader Bill Frist (R-Tenn.) would be just as disastrous — from both a national security and a privacy standpoint — as previous iterations, Center for Democracy & Technology Policy Director Jim Dempsey said today.

More here.

Lime Wire Sues RIAA for Antitrust Violations

Ray Beckerman writes on The Recording Industry vs. The People:

In Arista v. Lime Wire, in Manhattan federal court, Lime Wire has filed its answer and interposed counterclaims against the RIAA for antitrust violations, consumer fraud, and other misconduct. Lime Wire alleged that the RIAA's:

"...goal was simple: to destroy any online music distribution service they did not own or control, or force such services to do business with them on exclusive and/or other anticompetitive terms so as to limit and ultimately control the distribution and pricing of digital music, all to the detriment of consumers."

More here.

Banks Rated for ID Theft

Joris Evers writes on C|Net News:

Looking for a bank that protects well against identity theft? Bank of America, JP Morgan Chase and Washington Mutual are your best bets, according to a new report.

Out of 24 of the top financial institutions in the U.S., these three banks scored best in a test of their ability to prevent, detect and resolve ID theft, Javelin Strategy & Research said in its annual Banking Identity Safety Scorecard, which is slated to be released Tuesday. KeyBank and Marshall & Ilsley Bank also receive honorable mentions in the report.

More here.

User Friendly: Flavored Coffee


Click for larger image.

Tag-Team Attack Exploits IE VML Flaw

Robert Lemos writes on SecurityFocus:

Friday's a good day for most companies. For hosting provider HostGator, however, the day kicked off a nightmare that lasted more than 24 hours.

A trickle of complaints that started the day before turned into a flood by Friday. Companies and clients complained that visitors to their Web sites were being infected with a virus. To those visitors, the Web sites appeared to be corrupted when viewed with Internet Explorer and caused antivirus software to warn of Trojan horse attacks, affected people told SecurityFocus.

For HostGator, the issue seemed to defy defensive measures. The company found rogue code on its servers and remove the programs, only to have the attack code resurface.

More here.

Networking Diebold Voting Machines

Ed Felten writes on Freedom to Tinker:

Reacting to our report about their AccuVote-TS e-voting product, Diebold spokesmen are claiming that the machines are never networked. For example, Diebold’s official written response to our report says that the AccuVote-TS “is never attached to a network” and again that “These touch screen voting stations are standalone units that are never networked together.”

This is false — AccuVote-TS systems are designed to be networked.

More here.

U.S. House Panel Wants Answers from Wireless Firms on Pretexting

Jeremey Pelofsky writes for Reuters:

Top executives of Verizon Communications, Sprint Nextel Corp., Cingular and T-Mobile USA have been invited to testify Friday at a U.S. House Energy and Commerce Committee hearing into the use of deceptive measures to obtain personal information, known as pretexting, the panel said on Monday.

The same panel will hear on Thursday from Hewlett-Packard Co. chief executive Mark Hurd, former chairman Patricia Dunn, general counsel Ann Baskins and other company officials about HP's use of pretexting to investigate boardroom leaks.

The heads of the Federal Communications Commission, Kevin Martin, and Federal Trade Commission, Deborah Majoras, have also been invited to testify at the Friday hearing, which is on the broader issue of pretexting.

More here.

Defense Tech: Chinese Laser vs. U.S. Satellites?

Via Defense Tech.

"China has fired high-power lasers at U.S. spy satellites flying over its territory in... a test of Chinese ability to blind the spacecraft," Defense News is reporting. And, at least in theory, those lasers might be able temporarily take offline America's most powerful orbiting spies, like the giant electro-optical Keyhole spacecraft or radar-based satellites like the Lacrosse.

Now, the article is a little short on details. "It remains unclear how many times the ground-based laser was tested against U.S. spacecraft or whether it was successful," the story says.

More here.

AOL Sued Over Search Data Release

Ed Oswald writes on BetaNews:

AOL is facing a possible class action lawsuit over the release of search result data of 650,000 users in July. While the identities of those involved were scrambled, some of the data included within provided evidence of possible crimes.

The suit was filed in federal court for the Northern District of California by the law firm of Berman, DeValiero, Pease, Tabacco, Burt & Pucillo of San Francisco. It accuses AOL of violating the Electronic Communications Privacy Act, plus several California consumer and advertising laws.

More here.

FTC Sues in Online Check Scam Action

Bob Sullivan writes for MSNBC:

A federal court in California has ordered a Web site to stop e-mailing personal checks without verifying the identity of the check-writers in response to a Federal Trade Commission lawsuit alleging that the practice has resulted in widespread fraud. The action came after brazen crooks used the Qchex Web site to try to steal from federal agencies, including the FTC itself.

U.S. District Judge William Q. Hayes last week issued a temporary restraining order barring Qchex from e-mailing the checks while the FTC pursues a lawsuit against the San Diego-based company.

More here.