Saturday, October 07, 2006

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Oct. 7, 2006, at least 2,739 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,176 died as a result of hostile action, according to the military's numbers.

The AP count is 10 more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

User Friendly: A Target-Rich Environment

Via UserFriendly.org.


Click for larger image.


Pennsylvania Court Rules in Favor of Newspaper

An AP newswire article, via The Boston Globe, reports thats:

A newspaper does not have to turn over two reporters' computers to the Pennsylvania attorney general, the state Supreme Court has ruled.

In a 20-page opinion issued Friday, the justices labeled as "unduly intrusive" the government's attempt to seize the computers belonging to Lancaster Newspapers Inc. The company publishes the Intelligencer Journal, Lancaster New Era and Sunday News.

The opinion by Justice Thomas Saylor also noted the "potential chilling effect" taking reporters' computers could have on sources providing confidential information.

The dispute arises from a probe begun last fall by the attorney general into Lancaster Coroner G. Gary Kirchner's dealings with the press.

Authorities convened a grand jury to look into whether Kirchner gave Intelligencer Journal reporters his password to a part of the county's Web site restricted to law enforcement and other authorized officials. No charges have been filed.

More here.

Netcraft: Rackspace Most Reliable Hoster in September

Via Netcraft.

Rackspace is the most reliable hosting company for September 2006, followed closely by managed hosting company Datapipe and Katarre, a colocation and dedicated hosting provider based in Corvallis, Ore.

Rackspace, a managed hosting provider based in San Antonio, Texas, has been a mainstay in our reliability rankings since we began tracking hosting company performance in 2003. This is the fifth time this year that Rackspace has been the most reliable hoster, compared to six times in 2005. The home page for the Rackspace.com web site did not have a measurable outage from March 2004 through November 2005, when it experienced three minutes of downtime.

Eight of the 10 most reliable hosters run their sites on Linux with the two remaining having Unknown OS.

More here.

Netcraft: October 2006 Web Server Survey

Via Netcraft.

In the October 2006 survey we received responses from 97,932,447 sites, an increase of 1.08 million from last month. That moderate growth follows four straight months of blockbuster gains, guaranteeing that 2006 will surpass 2005 in the record books for largest single-year hostname growth. The survey has added nearly 23.9 million sites in the first 10 months of 2006, well above the previous record for annual numerical site growth of 17.1 million from last year. At its current 2006 growth rate of 2.3 million-plus sites per month, the Web Server Survey could top 100 million sites before the end of the year.

There are only small shifts in market share for web server software. Windows' share improves slightly this month, as gains at Go Daddy offset some slippage among sites hosted at Microsoft.

More here.

Microsoft Egaging With Hackers

Jonathan Kent writes for The BBC:

In a few weeks time Microsoft is expected to launch Vista, its new operating system, and in January we will all get to play with the finished version. But how safe will this brave new world be?

Given the number of attacks Windows usually attracts it is not surprising that Microsoft has been speaking to anyone they think can help.

A team from Microsoft headquarters went to Malaysia for Asia's biggest gathering of hackers - not to confront the enemy - but to throw the hackers a party.

But behind the charm offensive, said Microsoft's Security Programme Manager Sarah Blankinship, lies a serious purpose.

More here.

Friday, October 06, 2006

U.S. Marine Base Probes Missing Laptop

An AP newswire article, via Yahoo! News, reports that:

A laptop computer loaded with personal information on 2,400 residents of the Camp Pendleton Marine Corps base has been lost, authorities said Friday.

The computer was reported missing Tuesday by Lincoln B.P. Management Inc., which helps manage base housing.

The company and Camp Pendleton are investigating. As of Friday, investigators had not found evidence that the data had been accessed, the base said in a statement.

Authorities would [not] disclose what kind of information was on the computer.

More here.

Firefox Set Free in IceWeasel

Sean Michael Kerner writes on internetnews.com:

GNU, which is a recursive acronym that stands for GNU is Not Unix, first set out in 1984 to develop a Unix-like operating system as Free Software.

It is now gearing up to provide a "free" version of Mozilla's (not-so-free) Firefox browser. The GNU version is called IceWeasel and is part of the GNUzilla effort from GNU. The Free Software Foundation (FSF) is the principal sponsor of the GNU Project.

IceWeasel is essentially Firefox stripped of the Firefox name and logo. According to IceWeasel developers, the browser also includes some additional privacy protection features. One of those features is the blocking of cookies that come from zero-size images.

The IceWeasel browser is particularly significant now that Mozilla is cracking down on Linux distributions such as Debian.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Oct. 6, 2006, at least 2,738 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,176 died as a result of hostile action, according to the military's numbers.

The AP count is nine more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Political Toon: Redacted


Click for larger image.


3Com on the block?

Via NetworkWorld.

Reports yesterday said that an unnamed private equity group is targeting the network company, and is willing to pay as much as $7 per share. 3Com stock, which has traded between $3.47 and $5.70 for the past 52 weeks, closed at $5.02 after lots of trading, reports said.

The jump was triggered by a report from UBS stock analyst Long Jiang that indicated 3Com’s recent efforts to shore up majority ownership in its joint venture with Chinese equipment maker Huawei could make the network company more valuable. 3Com has a 51% joint venture stake in the Chinese company.

More here.

Two New Reports From the U.S. National Infrastructure Advisory Council (NIAC)

Christian Beckner writes on Homeland Security Watch:

Two recently-completed reports by the National Infrastructure Advisory Council (NIAC) were published on the DHS website this week:

The first report is entitled Workforce Preparation, Education and Research (7.3mb [.pdf] download). Its four key recommendations, according to the transmittal letter:

  1. The Federal government should continue to support the education of our workforce via the Scholarship for Service Program (Cyber Corps);
  2. Designate a coordinating body to oversee cyber security research efforts;
  3. Designate a privately administered, public-private Information Assurance (IA) training certification body;
  4. The Federal government should do everything in its power to assist states in implementing internationally competitive standards, curricula and teaching methods.

The second report is entitled Public-Private Sector Intelligence Coordination [.pdf], and it probes questions related to public and private sector cooperation on intelligence as it pertains to critical infrastructure protection.

That report makes eight recommendations, including a suggestion that “the U.S. Attorney General should publish a best practices guide for private sector employers to avoid being in conflict with the law” as it pertains to sharing information related to infrastructure vulnerabilities; and a recommendation that DHS and other federal entities should “rationalize and standardize the use of SBU markings, especially “For Official Use Only” (FOUO), and publish standard handling instructions clearly for all intended recipients.”

More here.

(Note: I post Beckner's entire blog post here because I believe there are some very important nuances in these reports. - ferg)

Websense: Googling for Security in Source Code

Via the Websense Security Labs Threat Blog.

Google has launched a new service to search for "publicly accessible source code". The service dubbed "Google Code Search" allows programmers to query for code using a myriad of syntax options i.e. regular expressions, exact strings, file types, packages and languages. One very cool feature of this new service is that google code search automatically extracts all files from archive files (zip, rar, etc), and makes it extremely easy to navigate and search through the extracted files.

Google has also released a Google Code Search Data API, so searching for code can be further automated.

There is no denying that this will help programmers everywhere when looking for examples of code and syntax, but from a research standpoint it will be interesting to see if this new feature can be used for purposes it was never intended for.

More here.

Image of the Day: The Intertubes Will Suck You In and You WIll Never Escape


Image source: Boing Boing


Websites Remain Crippled in Wake of Vermont Restaurant Fire

An AP newswire article, via The Boston Globe, reports that:

A fire that severely damaged a restaurant last weekend was still causing headaches for dozens of Vermont businesses Friday.

The Sept. 30 fire at a neighboring building spared the offices of Sovernet Communications, a telecommunications company that provides telephone and Internet services to businesses and individuals. But water from fighting the blaze flooded the basement of Sovernet's three-story frame building next door, damaging its servers and knocking out service to about 2,000 Web sites.

The company's telephone customers weren't affected, and most e-mail customers suffered only temporary outages, but the damage to the data servers made the Web sites inaccessible -- some for almost a week, according to Peter Stolley, vice president of sales and marketing for Sovernet.

Among them: the re-election campaign of Gov. Jim Douglas, whose Web site was back up Monday.

More here.

Online Gambling Firms Plan Counterattack

Via Red Herring.

The center of the online gambling universe has shifted to tiny Antigua, which has emerged as the industry’s best option to overturn or amend a U.S. law that makes online gambling illegal.

It’s a long shot, but the industry will attempt to bring additional international pressure on the United States on the grounds that the law is protectionist and discriminatory.

The chief executive of United Kingdom-based Sportingbet, Nigel Payne, is currently on the 108-square-mile island conferring with the Antiguan government. Many of the large online gambling firms licensed in Antigua are also in touch with the government.

The Antiguan government is in the process of amending its complaint to the World Trade Organization to include the latest U.S. law, which the government believes is at odds with a 2005 ruling made by the WTO. The WTO ruled in Antigua’s favor in the trade dispute with the U.S.

More here.

NASA's Mars Rover and Orbiter Team Examines Victoria Crater

An image from NASA's Mars Reconnaissance Orbiter shows the Mars Exploration Rover Opportunity near the rim of "Victoria Crater."
Image source: NASA /JPL / UA


Via NASA.

NASA's long-lived robotic rover Opportunity is beginning to explore layered rocks in cliffs ringing the massive Victoria crater on Mars.

While Opportunity spent its first week at the crater, NASA's newest eye in the Martian sky photographed the rover and its surroundings from above. The level of detail in the photo from the high-resolution camera on the Mars Reconnaissance Orbiter will help guide the rover's exploration of Victoria.

"This is a tremendous example of how our Mars missions in orbit and on the surface are designed to reinforce each other and expand our ability to explore and discover," said Doug McCuistion, director of NASA's Mars Exploration Program in Washington. "You can only achieve this compelling level of exploration capability with the sustained exploration approach we are conducting at Mars through integrated orbiters and landers."

More here.

Avici Out of Turk Telecom

Ray Le Maistre writes on Light Reading:

Core router firm Avici Systems Inc. has been kicked out of its engagement at Turk Telekomunikasyon A.S., the vendor announced this morning.

Avici had been supplying its TSR routers to the carrier through a deal brokered by Alcatel, the lead integrator for the carrier's IP/MPLS network rollout.

Now, though, Avici says the supply agreement with Alcatel has been "terminated." The two companies will "unwind the financial arrangements and decommission the routing equipment," Avici said in a prepared statement.

More here.

ACLU Taps Former G-Man for Security Role

Via UPI.

The ACLU has appointed a whistle-blowing former FBI counter-terrorist investigator as policy counsel on national security, immigration and privacy.

A statement Thursday from the American Civil Liberties Union named Michael German, a 16-year veteran FBI special agent who has worked terrorism, bank fraud and public corruption investigations, to the post.

German "resigned in 2004 to make Congress and the public aware of the continuing deficiencies in FBI counter-terrorism operations after the implementation of the Sept. 11 Commission's reforms," says the statement.

More here.

Rumor Mill: Google in Talks to Buy YouTube

Via Reuters.

Internet search leader Google Inc is in talks to buy popular Web video site YouTube Inc. for close to $1.6 billion, the Wall Street Journal reported on Friday, citing a person familiar with the matter.

According to the report, the talks are at a sensitive stage and could break off.

Representatives for Google and YouTube were not immediately available for comment. Internet blog TechCrunch.com earlier in the day cited what it called a "completely unsubstantiated" rumor of talks between Google and YouTube.

More here.

Thursday, October 05, 2006

Anti-U.S. Attack Videos Spread on the Internet

Edward Wyatt writes in The New York Times:

Videos showing insurgent attacks against American troops in Iraq, long available in Baghdad shops and on Jihadist Web sites, have steadily migrated in recent months to popular Internet video-sharing sites, including YouTube and Google Video.

Many of the videos, showing sniper attacks against Americans and roadside bombs exploding under American military vehicles, have been posted not by insurgents or their official supporters but apparently by Internet users in the United States and other countries, who have passed along videos found elsewhere.

More here.

U.S. Government Computer Systems Under Attack

Alan Sipress writes in The Washinton Post:

Hackers operating through Chinese Internet servers have launched a debilitating attack on the computer system of a sensitive Commerce Department bureau, forcing it to replace hundreds of workstations and block employees from regular use of the Internet for more than a month, Commerce officials said yesterday.

The attack targeted the computers of the Bureau of Industry and Security, which is responsible for controlling U.S. exports of commodities, software and technology having both commercial and military uses. The bureau has stepped up its activity in regulating trade with China in recent years as the United States increased its exports of such dual-use items to the growing Chinese market.

This marked the second time in recent months that U.S. officials confirmed that a major attack traced to China had succeeded in penetrating government computers.

More here.

California: H-P May Face Civil Charges

David A. Kaplan writes on Newsweek:

The attorney general of California may file civil charges as early as next week against Hewlett-Packard, NEWSWEEK has learned. Those civil charges would likely demand damages of at least several million dollars, says a law-enforcement official with knowledge of the office’s plans; the official requested anonymity because of the ongoing nature of the investigations. It is possible as well that HP could settle any possible civil claims before the A.G. goes to court.

The civil charges would be on top of the criminal charges the state filed Wednesday against HP’s former chairman, Patricia Dunn, and four others formerly associated with the company. All the charges stem from HP’s hacking of the personal phone records of HP directors, HP employees, journalists and others in an effort to discover who was leaking information to the press.

More here.

Watchdog Group Disputes FBI's Claims on E-Mails

Dan Eggen writes in The Washington Post:

The watchdog group that first provided the FBI with suspicious e-mails from then-Rep. Mark Foley (R-Fla.) said yesterday that FBI and Justice Department officials are attempting to cover up their inaction in the case by making false claims about the group.

Law enforcement officials said the allegations by Citizens for Responsibility and Ethics in Washington (CREW) are without merit, and they stood by allegations that the group had refused to provide some information to the FBI.

More here.

Medical Records Catch-22

Via The Zone Labs "Internet Security Zone" Blog.

This is a tough situation: While attempting to protect medical records, laws have actually made it harder to investigate medical fraud.

The LA Times reports on a recent incident in which a retired school teacher is billed for the alleged amputation of her right foot -- actually having to send notarized photos of that foot to prove the doctors didn't actually remove it!

How did all this happen? An ID thief actually assumed her identity to receive medical treatment, presumably having a foot removed and in the process rang up the bill the school teacher received. While attempting to investigate this case of ID Theft, the victim found that the very laws made to protect her medical privacy were interfering with her ability to investigate her own medical records.

More here.

60 Minutes: Unlikely Terrorists On No-Fly List

Via CBS News.

Steve Kroft's investigation, in which an ex-FBI agent who worked on its al Qaeda task force says the list of 44,000 names is ineffective, will be broadcast this Sunday, Oct. 8, at 7 p.m. ET/PT.

The former FBI agent, Jack Cloonan, knew the list that was hastily assembled after 9/11, would be bungled. "When we heard the name list or no-fly list … the eyes rolled back in my head, because we knew what was going to happen," he says. "They basically did a massive data dump and said, 'Okay, anybody that's got a nexus to terrorism, let's make sure they get on the list,'" he tells Kroft.

The "data dump" of names from the files of several government agencies, including the CIA, fed into the computer compiling the list contained many unlikely terrorists. These include Saddam Hussein, who is under arrest, Nabih Berri, Lebanon's parliamentary speaker, and Evo Morales, the president of Bolivia. It also includes the names of 14 of the 19 dead 9/11 hijackers.

But the names of some of the most dangerous living terrorists or suspects are kept off the list.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Oct. 5, 2006, at least 2,736 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,176 died as a result of hostile action, according to the military's numbers.

The AP count is seven more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Browser History Hack Compromises User Privacy

Tom Sanders writes on vnunet.com:

Security researchers with Spi Dynamics have demonstrated a techniques that exposes the past search queries as well as websites that a user visited to online publishers..

Websites could use the technique to check if a user has researched its products through search engines. An insurance provider for instance could deploy the method to verify if an client applying for life insurance has ordered cigarettes online. It could also allow Amazon to check if users have been shopping with competing stores.

More here.

AllofMP3.com Hurting Russia's WTO Entry

Via Red Herring.

Russia’s refusal to crack down on music pirates operating inside the nuclear power’s borders is throwing a wrench in the country’s bid to enter the World Trade Organization.

The sticking point is a website, AllofMP3.com, which allows anyone to download entire albums for less than $1. The U.S. administration said it refuses to approve Russia’s membership into the international trade organization until the site is shut down.

More here.

Another Great Quote: Dennis Hoffman

"The day before a breach, the ROI is zero. The day after, it is infinite."

- Dennis Hoffman, RSA vice president of enterprise solutions, speaking at the IT Security Training Conference in Washington, D.C, regarding the issues surrounding how to put a Return-on-Investment (ROI) value on security.

Bush Says He Can Edit Security Reports

An AP newswire article by Leslie Miller, via The Boston Globe, reports that:

President Bush, again defying Congress, says he has the power to edit the Homeland Security Department's reports about whether it obeys privacy rules while handling background checks, ID cards and watchlists.

In the law Bush signed Wednesday, Congress stated no one but the privacy officer could alter, delay or prohibit the mandatory annual report on Homeland Security department activities that affect privacy, including complaints.

But Bush, in a signing statement attached to the agency's 2007 spending bill, said he will interpret that section "in a manner consistent with the President's constitutional authority to supervise the unitary executive branch."

More here.

California: Judge Dismisses Child Porn Charges Against Karr

An AP newswire article, via MSNBC, reports that:

A judge dismissed child pornography charges Thursday against former JonBenet Ramsey murder suspect John Mark Karr after prosecutors said they didn’t have enough evidence.

More here.

Quote of the Day: Eric Cartman

Image source: Boing Boing / Comedy Central


"You can just hang around outside all day tossing a ball around, or you can sit at your computer and do something that matters."

- Eric Cartman, in South Park's tenth season premiere episode last night, "Make Love Not Warcraft", when talking about playing World of Warcraft.

One Boob == 963,000 FCC Complaints

Nate Anderson writes on ARS Technica:

How many indecency complaints does the FCC actually receive? It's a hot-button topic—television broadcasters have already begun to censor themselves out of uncertainty about what is considered indecent and obscene. Because of the intense media coverage of the issue, readers might get the impression that indecency complaints are legion, that millions of Americans are up in arms about what's on television.

That's not the case. Ars has compiled a surprising set of statistics on the practice, drawn from the FCC's own quarterly reports.

More here.

AT&T, BellSouth Argue Against Spectrum Divestiture

Jeffrey Silva writes on RCR Wireless News:

AT&T Inc. and BellSouth Corp. urged the Federal Communications Commission not to give in to congressional pressure by requiring them to divest their 2.3 GHz and 2.5 GHz wireless broadband assets as a condition of approving AT&T’s proposed $67 billion acquisition of BellSouth.

AT&T and BellSouth said a merger would not prompt them to “warehouse” wireless broadband spectrum, as some parties have warned. The firms said there is virtually no overlap in AT&T’s and BellSouth’s 2.3 GHz and 2.5 GHz holdings. Moreover, they argued, Sprint Nextel Corp. holds far more wireless broadband spectrum in markets across the country.

More here.

Patch Tuesday: Microsoft to Patch 11 Vulnerabilities

Via the Microsoft Security Response Center (MSRC) Blog.

Next Tuesday, on October 10, 2006 at approximately 10:00 am PT we are slated to release eleven new security bulletins:

Six Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.

Four Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

One Microsoft Security Bulletin affecting Microsoft .NET Framework. The highest Maximum Severity rating for this is Moderate. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.

We will also be making our regular monthly update to the Microsoft Windows Malicious Software Removal Tool.

More here.

China Jamming Test Sparks U.S. Satellite Concerns

A Reuters newswire article, via USA Today, reports that:

China has beamed a ground-based laser at U.S. spy satellites over its territory, a U.S. agency said, in an action that exposed the potential vulnerability of space systems that provide crucial data to American troops and consumers around the world.

The Defense Department remains tight-lipped about details, including which satellite was involved or when it occurred.

The Pentagon's National Reconnaissance Office Director Donald Kerr last week acknowledged the incident, first reported by Defense News, but said it did not materially damage the U.S. satellite's ability to collect information.

More here.

Google's Vint Cerf to Advise NSF on Internet Designs

Aliya Sternstein writes on FCW.com:

The Computing Research Association (CRA), at the request of the federal government, has formed an advisory board to help guide the design of a next-generation Internet.

The nonprofit group's involvement is part of a new National Science Foundation initiative, called the Global Environment for Networking Innovations. GENI will be an experimental facility that tests possible architectures for a new and improved World Wide Web.

More here.

User Friendly: E-Mail is for Old People

Via UserFriendly.org.


Click for larger image.


Seller of Telephone Records Settles FTC Charges

Grant Gross writes on InfoWorld:

An Internet business that sold people's telephone and credit-card records has agreed to settle charges that it violated U.S. law, the U.S. Federal Trade Commission (FTC) said Thursday.

Integrity Security & Investigation Services and its owner, Edmund Edmister, will give up $2,700, the entire amount the company earned from selling phone records and credit card transaction reports, the FTC said. The settlement also bars the company from obtaining and selling confidential phone and credit account records unless authorized by law or court order.

More here.

EU Privacy Chief Slams Central Bank Over SWIFT Claims

Via OUT-LAW.com.

The European Data Protection Supervisor has criticised the European Central Bank for failing to take action to stop a Belgian banking company from sending European transaction details to US authorities.

The ECB lacked initiative and moral leadership in its actions after finding out that data was being transferred, said the Supervisor. His office said that the ECB had known about the transfers since February 2002.

More here.

FBI Conducted Unauthorized Investigations in Canada

Via UPI.

An internal 2004 Federal Bureau of Investigation audit reports that FBI agents carry out investigations in Canada.

The investigations are frequently conducted without the knowledge or approval of the Canadian government.

The Federal Bureau of Investigation's inspector general's audit details the increase in Federal Bureau of Investigation since the September 11, 2001, terrorist attacks in Washington and New York.

The Canadian Broadcasting Corporation reported on Oct. 5 that the audit reports that the FBI has given agents in its Buffalo, N.Y., field office the authority to conduct "routine investigations" up to 50 miles into Canadian territory.

More here.

Wednesday, October 04, 2006

California: Governor Vetoes Cell Phone Protection Law

Jeanette Pavini writes on CBS5.com:

Marty Varon is not happy with Governor Schwarzenegger vetoing SB440, a law that would have clarified and enforced current law protecting consumers from fraudulent charges made from stolen cell phones.

"This should have been a no brainer for him to sign. I can't think of a good reason for him not to sign this bill," Varon said. "If I was in this position again, or if someone else is in this position, what recourse do they have now."

Consumer advocates feel wireless carriers have found a loophole, and can still hold consumers responsible for fraudlent charges.

More here.

U.S. Federal Judge Refuses to Dismiss PATRIOT Act Case

Via EFF Deep Links.

After a wait of nearly three years, Judge Hood in the Eastern District of Michigan finally ruled yesterday on the government's request that the court dismiss a lawsuit brought by a group of Muslim and Arab-American associations challenging the constitutionality of PATRIOT Act Section 215.

As you may recall, Section 215 authorizes the government to obtain a secret order from the FISA court demanding business records or any other information that investigators think is relevant to a terrorism investigation. The court's decision? Motion denied!

More here.

Report: Internet Abuse At U.S. Interior Department

An AP newswire article, via CBS News, reports that:

Interior Department employees aren't just using their computers to oversee parks and wildlife, an investigation found. They're spending thousands of hours a week visiting shopping, sex and gambling Web sites.

A report made public Wednesday on an internal investigation examining a week of computer use found more than more than 1 million log entries in which 7,700 employees visited game and auction sites.

More than 4,700 log entries were to sexually explicit and gambling Web sites.

More here.

Another Court Says 'National Security' Isn't Blank Check for Illegal Spying

Via EFF Deep Links.

Today, a federal court shot down yet another attempt by the government to use "national security" as a blank check for illegal surveillance. Refusing a claim that the government could not even confirm or deny whether it had listened in on calls between attorneys at the Center for Constitutional Rights and their clients, the court ordered the government to provide that information to the court in secret first, then set up a process to possibly provide that information to the attorneys involved.

The court confirmed: "It is a cardinal rule of litigation that one side may not eavesdrop on the other's privileged attorney-client communications."

More here.

The Daily Show is as Substantive as The 'Real' News

Jon Stewart, of Comedy Central's The Daily Show.


Eric Bangeman writes on ARS Technica:

The Daily Show is much funnier than traditional newscasts, but a new study from Indiana University says it has the same amount of meat on its bones when it comes to coverage of the news. The brand of news coverage Jon Stewart and the rest of The Daily Show's staff brings to the airwaves is just as substantive as traditional news programs like World News Tonight and the CBS Evening News, according to the study conducted by IU assistant professor of telecommunications Julia R. Fox and a couple of graduate students.

The researchers looked at coverage of the 2004 Democratic and Republican national conventions and the first presidential debate of the fall campaign, all of which were covered by the mainstream broadcast news outlets and The Daily Show. Individual broadcasts of the nightly news and corresponding episodes of The Daily Show were analyzed by the researchers, who found that the "average amounts of video and audio substance in the broadcast network news stories" were no different from The Daily Show. Perhaps more telling, The Daily Show delivered longer stories on the topic.

More here.

Georgia Teens Identified As Online Sex Gossips

An AP newswire article, via SFGate.com, reports that:

A list that appeared on MySpace.com with the names of about two dozen students and their alleged sexual exploits was posted by two 15-year-old girls, authorities said Wednesday.

The girls could be charged with distributing sexually explicit materials to minors, authorities said.

The compendium of sexual gossip caused arguments to break out among students and disrupted classes after it appeared online in early September.

The two students at North Oconee High School were identified after investigators subpoenaed records from MySpace, Yahoo and BellSouth, sheriff's Lt. David Kilpatrick said.

More here.

DOE Partially Yields on Mandatory Polygraphs for Employees

Aliya Sternstein writes on FCW.com:

After years of controversy, the Department of Energy has decided to decrease reliance on polygraph testing in screening prospective counterintelligence employees.

A final rule published in the Federal Register will end across-the-board testing of applicants effective Oct. 30.

The move marks a compromise in the wake of criticism that DOE had been ignoring studies showing that polygraph testing is not reliable. DOE screens employees with a computerized polygraph system to prevent insiders from leaking classified information to enemies of the United States.

More here.

Pic of the Day: I Can't Believe It's Not Torture! (tm)




Via Boing Boing.

Enjoy.

U.S. Appeals Court Grants Stay on Warrantless Spying

An AP newswire article, via MSNBC, reports that:

The Bush administration can continue its warrantless surveillance program while it appeals a judge's ruling that the program is unconstitutional, a federal appeals court ruled Wednesday.

The president has said the program is needed in the war on terrorism; opponents say it oversteps constitutional boundaries on free speech, privacy and executive powers.

U.S. Judge Anna Diggs Taylor in Detroit ruled Aug. 17 that the surveillance, which targets communications between people in this country and people overseas when a terrorist link is suspected, violates the rights to free speech and privacy, as well as the separation of powers enshrined in the Constitution.

More here.

StopBadware.org: New Website, Same Old Scam

Via StopBadware.org.

In this week’s in-depth report, we highlight an old badware application with a shiny new site: Popcorn.net. Popcorn.net advertises itself as “an Internet-based multi-channel entertainment browser” that functions as a “one-stop source for thousands of downloads.” In truth, its Download Manager software is essentially a repackaging of Movieland’s MediaPipe application, which we reviewed back in March 2006 (see our Mediapipe report here). It deceives users into downloading the application, installs a Trojan horse and adware, and cannot be uninstalled. See our full report for details.

We’ve also included a “Background” section in this report. Popcorn.net has quite a history, and we wanted to make sure users understood this history and the deceptive business practices that Popcorn.net continues to engage in. In fact, the FTC is currently pursuing a court case against the companies behind both Popcorn.net and Movieland.

More here.

Mindset: Immunizing the Internet

Ed Felten writes on Freedon to Tinker:

Can computer crime be beneficial? That’s the question asked by a provocative note, “Immunizing the Internet, or: How I Learned to Stop Worrying and Love the Worm,” by an anonymous author in June’s Harvard Law Review. The note argues that some network attacks, though illegal, can be beneficial in the long run by bringing attention to network vulnerabilities and motivating organizations to address problems.

I don’t buy the note’s argument, but there is a grain of truth behind it. Vendors and independent analysts often disagree about whether a vulnerability is real or could ever be exploited in practice. One thing I’ve learned over the years is that the best (and often the only) way to resolve that debate is to demonstrate an exploit. If you can do something, people will accept that it is possible.

More here.

Quantum Entanglement: Spooky Steps to Quantum Networking

Zeeya Merali writes on NewScientistTech:

Even if quantum computers can be made to work, there will still be two big obstacles preventing quantum networks becoming a reality. First, quantum bits, or qubits, stored in matter will have to be transferred to photons to be transmitted over long distances. Secondly, errors that creep in during transmission have to be corrected. Two unrelated studies have now shown how to clear these hurdles.

Both studies use quantum entanglement, a spooky property that links particles however far apart they are. Measuring a quantum property on one particle immediately affects the other, and this effect can be used to “teleport” information between pairs of entangled particles.

More here.

Vote! For the Most Majestic Weasels of 2006

Via The Dilbert Blog.

The polls are open. Vote for the most majestic weasels of 2006. Just go to www.dilbert.com and follow the link.

A weasel is defined as anyone who is getting away with something. So the poll excludes people who are actually in jail, since those people got caught. Remember, it’s not a poll about who you hate the most. Try to limit your bile to weasels; do not simply vote for who you think is the biggest asshat, buttmunch, crap-for-brains, pervert. Maybe someday they will have their own unscientific poll.

The 2006 Weasel Awards will be announced on November 2, 2006.

Vote here for the 2006 Weasel Awards.

Customer Data Stolen at Indian Call Centers

Fiona Raisbeck writes on SC Magazine Online:

Employees in outsourced call centres are stealing sensitive customer data and selling it on the black market, an investigation has found.

Staff in call and other data processing centres in India are taking customer information - such as credit card data, passport and driving licence numbers and personal banking details - and selling it "to the highest bidder" leaving corporations open to legal liability.

The Payment Card Industry Data Security Standard (PCI DSS) - adopted by the major credit card brands - requires organisations to monitor outsourcing service providers and states they are liable for fines if that provider compromises their data.

More here.

Hawking to Write Book on Why We Have a Universe

Stephen Hawking


A Reuters newswire article, via The Boston Globe, reports that:

Stephen Hawking, the Cambridge University physicist who wrote the best-selling "A Brief History of Time," is to start work on a new book that will examine how and why the universe was created.

"The Grand Design," which is expected to be released in the fall of 2008, will be co-authored by Leonard Mlodinow, a physicist and author who collaborated with Hawking on "A Briefer History of Time" which was published last year.

More here.

UK: Two Men Arrested in Internet Weapons Raid

Via the Telegraph.co.uk.

Police investigating the sale of military weapons on the internet have arrested two men after raids on two properties in the south of England.

More than 40 officers from Kent Police targeted properties in Sittingbourne and Gillingham this morning.

More here.

Former H-P Chairwoman To Be Charged In Spy Scandal

Via NBC11.com.

California attorney general Bill Lockyer will file criminal indictments Wednesday against former Hewlett-Packard Co. Chairwoman Patricia Dunn and four others involved in the corporate spying scandal, according to news reports.

Citing people familiar with the case, The New York Times and BusinessWeek reported that Kevin Hunsaker, HP's ousted chief ethics officer, and Ronald DeLia, a Boston-area private investigator, would each face criminal charges. Two other outside investigators -- Joseph DePante of Melbourne, Fla. and Bryan Wagner of Littleton, Colo. -- were also being charged, the Times said.

They each will face four felony charges: use of false or fraudulent pretenses to obtain confidential information from a public utility; unauthorized access to computer data; identity theft; and conspiracy to commit each of those crimes.

More here.

Secunia Warns of 'Highly Critical' Skype Vulnerability

Dan Kaplan writes on SC Magazine Online:

Updating to the latest version of Skype for Mac OS X solves a "highly critical" vulnerability that could lead to the remote execution of arbitrary code, vulnerability monitoring firm Secunia said Monday in an advisory.

The flaw, reported by security researcher Tom Ferris, is caused by a malformed URL in the free voice over IP (VoIP) service that, if followed, could lead to a user's system being compromised.

According to a Skype bulletin, "this behavior is due to incorrect handling of arguments passed to a function in the Skype URI (uniform resource identifier) handler than initializes an alert panel."

More here.

Three Hackers Jailed in Russia: 8 Years Each

Konstantin Kornakov writes on viruslist.com:

A court in the Saratov region of Russia has sentenced three cybercriminals to eight years in jail each for a spree of extortion attacks in 2003. The three hackers managed to steal up to $4 million from UK companies by means of blackmail. All three men pleaded guilty and faced up to fifteen years jail time for extortion and the use of malicious computer programs.

The criminal group consisted of a number of individuals from several Russian cities, including Saratov, St. Petersburg, Astrakhan and Pyatigorsk. In 2003 they decided to carry out attacks on websites of online bookmakers in the UK and demand a ransom. One prominent attack took place on the website of Canbet, a British-Australian betting venture. The gang carried out a distributed denial of service attack on Canbet’s website during an important sporting event, demanding a payment of $10,000. When Canbet refused to pay up, their site was blocked and the company lost up to $200,000 in business for each day the server was down.

After that Canbet decided to pay the ransom into a Latvian bank, but the attacks did not stop, so the company contacted the British National High-Tech Crime Unit. British officers then turned to their Russian colleagues, who carried out their own investigation and arrested two suspects in 2004, with two supposed masterminds of the gang still on the run. In 2005 a third man was arrested and the three men held faced charges in court. It is thought they managed to extort as much as $4 million from their victims, having carried out 54 attacks in 30 countries over six months. Now the three men, including 20-year old Ivan Maksakov from Saratov, who created the spyware module used in the attacks, will have to spend eight years in jail each following a joint effort by British and Russian agencies as well as Interpol.

More here.

Toon: How's This For An Instant Message?


Click for larger image.


Software Being Developed to Monitor Opinions of U.S.

Eric Lipton writes in The News York Times:

A consortium of major universities, using Homeland Security Department money, is developing software that would let the government monitor negative opinions of the United States or its leaders in newspapers and other publications overseas.

Such a “sentiment analysis” is intended to identify potential threats to the nation, security officials said.

Researchers at institutions including Cornell, the University of Pittsburgh and the University of Utah intend to test the system on hundreds of articles published in 2001 and 2002 on topics like President Bush’s use of the term “axis of evil,” the handling of detainees at Guantánamo Bay, the debate over global warming and the coup attempt against President Hugo Chávez of Venezuela.

A $2.4 million grant will finance the research over three years.

More here.

Tuesday, October 03, 2006

Microsoft Not in Possession of Key Zune Domains

Via Red Herring.

Microsoft’s ambitious multimillion-dollar Zune digital music recipe oddly lacks a key online marketing ingredient: dot-com domains.

The Redmond-based software behemoth last week announced a $249.99 price tag and November 14 as the date the device and its accompanying Zune Marketplace online music site will become available.

Zunemarketplace.com or maybe even Zune.com would seem to be a logical online home for Microsoft’s upcoming music site, which, in turn, would direct users to download desktop software or to a store where they could buy the music player. For instance, Apple Computer has iTunes.com, which directs to the computer maker’s site.

Yet Zunemarketplace.com is currently listed for sale on domain broker Sedo.com. Representatives from Sedo.com confirmed that Zunemarketplace.com was in fact listed by a seller. Price: $1,499.

More here.

EchoStar Wins Reprieve in TiVo Suit

Ed Oswald writes on BetaNews:

EchoStar scored a victory in court Tuesday, as a federal appeals court stayed the injunction that would have prevented it from selling digital video recorders to its customers. A jury had found the company guilty of infringing on TiVo's patents in April, and awarded TiVo $73 million.

The court had issued a permanent injunction that would have prevented EchoStar from manufacturing or selling digital video recorders. However, in mid-August the company won a temporary stay of the injunction pending a decision on whether the stay should be permanent.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Oct. 3, 2006, at least 2,729 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,163 died as a result of hostile action, according to the military's numbers.

The AP count is 13 more than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Instant Messaging Clickfraud? Hackers use Botnet Tactics in IM Land...

paperghost writes on vitalsecurity.org:

For quite some time, I've seen certain Botnets perform the following trick: install some garbage, and hijack the end user's homepage. The hijacked page usually contains nothing more than a bunch of adverts - and, should the curious end-user click them (which they inevitably will) the bad guys rake in the dough from whoever runs the Ad Network and the advertisers or whoever.

Now, automated drones are great, but eventually you will be caught out. Even the best auto-clickers aren't particularly brilliant. But what if you could organise a network of drones that weren't machines but actual people? What if you could do away with all that awful technical IRC jibber-jabber and run what is effectively a Bot-less Botnet? What if...you could take some code from last month, rejiggify it a little and launch IM infections from simply visiting a webpage in IE, as opposed to all the HEY LOL CLICK THIS nonsense you usually have to do?

Well, today's your lucky day, kids!

More here.

VoIP and AJAX: Dangerously Insecure

Quinn Norton writes on Wired News:

Some of the slickest new technologies online -- VoIP and AJAX -- are dangerously insecure, and likely to only get worse as they become more prevalent, according to security researchers presenting their findings at the ToorCon security conference here [San Diego].

More here.

SCOTUS Refuses to Hear Medical Privacy Case

An AP newswire article, via The Seattle Post-Intelligencer, reports that:

The Supreme Court on Monday rejected a lawsuit by privacy advocates who say the Bush administration's rules for disclosing medical records are too lax.

Ten groups representing 750,000 consumers, medical practitioners and their patients challenged a federal rule that encourages development of an information system for electronic transfer of health data.

More here.

NIST Report Highlights RFID Security Risks

Wade-Hahn Chan writes on FCW.com:

A draft publication [.pdf] from the National Institute for Standards and Technology highlights some of the security and privacy risks associated with radio frequency identification technology.

Some of the risks involved can be serious. The threat can extend from the RFID tags to central databases on an agency's network, according to the report.

More here.

Spammers Plead Guilty After EarthLink Probe

Dawn Kawamoto writes on C|Net News:

Two spammers could go to jail after an investigation by EarthLink found they were sending thousands of unsolicited messages from PeoplePC accounts.

Jared Cosgrave and Mohammed Haque pleaded guilty last week in a U.S. District Court in Southern Florida to charges of fraud and violation of the Can-Spam Act. Sentencing is scheduled for Nov. 16, and the two could be sentenced to up to three years in jail and given a fine of up to $250,000.

More here.

Websense: Hacker Kit Use Surges

Gregg Keizer writes on TechWeb News:

About 1 in every 6 sites set up by criminals to steal information is created with hacking-for-dummies-style "toolkits," a security researcher said Tuesday.

"About 15 percent of malicious sites designed to steal information have kit code or a derivation of kit code," said Dan Hubbard, the vice president of security research at San Diego-based Websense.

Although Websense only began counting sites that use code from a toolkit late last year, the ratio is a major uptick, added Hubbard. Near the end of 2005, only 5 percent of the sites in a smaller sampling were using kit code.

More here.

EFF Sues for Information on Electronic Surveillance Systems

Via The EFF.

The FLAG Project at the Electronic Frontier Foundation (EFF) filed its first lawsuit against the Department of Justice Tuesday after the FBI failed to respond to a Freedom of Information Act (FOIA) request for records concerning DCS-3000 and Red Hook -- tools the FBI has spent millions of dollars developing for electronic surveillance.

DCS-3000 is an interception system that apparently evolved out of "Carnivore," a controversial surveillance system the FBI used several years ago to monitor online traffic through Internet service providers. One Department of Justice report said DCS-3000 was developed to "intercept personal communication services delivered via emerging digital technologies" and that it was used "as carriers continue to introduce new features and services." According to the same report, Red Hook is a system to "collect voice and data calls and then process and display the intercepted information."

The FLAG Project first filed its FOIA request for information about the surveillance systems on August 11, 2006. The FBI acknowledged receipt of the request, but the agency has not responded within the time limit required by law.

More here.

Google Watch: Eric Schmidt Warns Politicians

Jean Eaglesham writes in The Financial Times:


Politicians have yet to wake up to the impact of the internet, which will expose them to online “truth predictor” tests and affect the outcome of general elections, the head of Google said on Tuesday.

In an interview with the Financial Times, Eric Schmidt, the chairman and chief executive of the most popular internet search engine, said his speech to the conference of the UK’s Conservative Party on Tuesday was part of a global mission to educate political leaders.

More here.

Toon: Foley Foibles


Click for larger image.


The Truth About a Claimed Firefox Exploit

Brian Krebs writes on Security Fix:

A colorful duo of young hackers at the Toorcon security conference presented evidence Saturday that suggested a previously undocumented flaw in Mozilla's Firefox Web browser is actively being exploited to compromise machines of users cruising the Web with the browser. This story has been pretty widely reported over the past few days, but a few key facts have been absent from most of the coverage I've seen, and I wanted to try to help set the record straight on this.

The Toorcon talk was given by Mischa Spiegelmock a software engineer for Six Apart's LiveJournal blogging service, and a guy speaking under the pseudonym "Andrew Wbeelsoi." They prefaced their presentation by calling on security researchers everywhere to stop publicizing and fixing software security vulnerabilities.

"We do have exploits for all the stuff we're going to show you," the 21-year-old calling himself Wbeelsoi said. "We'll give them away to anyone who proves their actions are going to be politically motivated. We don't care what side you're on as long as you commit yourself to destruction."

Both speakers lectured at length about ways to cloak your identity online to engage in criminal activities, ranging from creating botnets to installing spyware on users' machines. They ardently urged those in attendance to use their knowledge to "ruin things" as much as possible for Internet users.

More here.

SWIFT Broke Privacy Rules, Says Belgian Commissioner

Via OUT-LAW.com.

A European banking organisation broke privacy rules by allowing the transfer of citizens' transaction details to US authorities, the Belgian privacy protection commissioner has ruled. EU officials may appoint an independent auditor to investigate.

The Society for Worldwide Interbank Financial Telecommunications (SWIFT) co-ordinates payments between financial institutions and has its headquarters in Brussels and offices in the US. The New York Times revealed in June that it had been passing details of European banking transactions involving the US to the US Government since the terrorist attacks in the US of 11th September 2001.

SWIFT has maintained that it acted legally but the Belgian Data Privacy Commission has said that privacy rules were broken.

More here.

Who Killed TiVoToGo?

Via EFF Deep Links.

It's the latest digital media murder mystery: TiVo Series2's TiVoToGo enabled limited portability of recorded content to PCs and other devices, but the TiVo Series3 HD did not include this feature when recently released. In other words, if you want to upgrade to HD, you have to downgrade your TiVo's features.

You don't need to be Sherlock Holmes to guess that this story somehow involves Hollywood, the FCC, and "digital rights management" (DRM) restrictions. EFF has opposed these restrictions every step of the way, and, in a white paper released today, we'll explain digital cable DRM's sordid history, how digital cable and satellite DRM may affect you, and what you can do to fight back.

More here.

McAfee to Acquire Citadel Security for $60 Million

Dawn Kawamoto writes on C|Net News:

McAfee announced on Tuesday a $60 million deal to acquire Citadel Security Software, as the former seeks to expand its efforts in the regulatory-compliance market.

With its Citadel acquisition, McAfee aims to bolster its regulatory compliance, remediation and vulnerability assessment suite--a goal it has been working toward with acquisitions of companies such as Preventsys.

Citadel develops software designed to automate the process of complying with regulatory requirements such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act, or HIPAA. The company's products range from patch management to security policy to vulnerability remediation technologies.

More here.

Tele2 Sells French Business to Vivendi

An AP newswire article, via The Boston Globe, reports that:

Swedish telecoms company Tele2 AB said Tuesday it sold its French fixed-line telephone and broadband unit to Vivendi SA's SFR wireless division for $450 million.

The company will incur a one-time loss of $136 million from the sale, Tele2 said in a statement. Stockholm-based Tele2 said it valued its remaining goodwill after the sale and will write down between $409 million and $478 million in the third quarter.

More here.

Monday, October 02, 2006

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Oct. 2, 2006, at least 2,718 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,164 died as a result of hostile action, according to the military's numbers.

The AP count is five more than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Political Toon: Rule of Law


Click for larger image.


Author Who Sued CIA to Publish Memoir

Via UPI.

The memoirs of a former CIA official, who sued the agency for the right to publish about its first training class after Sept. 11, will be out this month.

Thomas Waters is one of the 150,000 people who applied to join the agency in the immediate aftermath of the Sept. 11 suicide hijackings, and one of the 100 or so of them who were admitted to the CIA Directorate of Operations training program in what he says was the largest, most diverse class in its history.

He left the CIA after two years for what his lawyer later said were "unrelated family reasons," and is now an intelligence contractor with the Department of Defense.

More here.

Banks Await Regulations on U.S. Internet Betting Ban

Peter Kaplan writes for Reuters:

The costs of policing a new U.S. Internet gambling ban for banks and credit card companies will be determined by regulators in the coming months, industry officials said on Monday.

Government officials are expected to propose a "coding-and-blocking" system that will identify and stop payment to online gambling sites, experts said. Many banks and credit card companies already voluntarily block Internet gambling transactions using such a system.

The Treasury Department and Federal Reserve Board have nine months to draft regulations after the new law, included in a package of port security measures passed by Congress on Friday and expected to be signed into law by President George W. Bush.

U.S. banks and credit card companies are optimistic that officials will prepare a workable system.

More here.

Rivals Say Microsoft Putting Them in a Tough Spot

A Reuters newswire article, via CNN/Money, reports that:

Microsoft is working to hamstring software companies trying to overcome "inherent weaknesses" in Windows security, rival McAfee Inc. charged in a full-page ad in Monday's Financial Times.

McAfee, Symantec and other security software companies argue Microsoft's new Vista operating system will make it more difficult to protect customers because for the first time, they have been denied access to the core of the operating system.

Neither company has filed a formal complaint and so far the European Commission has taken no formal action on the matter.

More here.