Saturday, November 18, 2006

Random Pictures From IETF 67 in San Diego

Yours truly, at IETF 67


I thank my friend and long-time colleague, Peter Lothberg, for these shots.

Start on Nov.6, 2006.

Enjoy!

- ferg

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Nov. 18, 2006, at least 2,863 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,291 died as a result of hostile action, according to the military's numbers.

The AP count is eight more than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Yahoo! Internal Memo Urges Major Shake-Up, Job Cuts

Eric Auchard writes for Reuters:

Yahoo Inc. needs a dramatic organizational shake-up and cuts in its work force of up to 20 percent, according to an internal memo written last month by Senior Vice President Brad Garlinghouse.

Garlinghouse, a second-tier Yahoo executive who has taken increasing powerful roles in the company since joining 3 1/2 years ago, argues that Yahoo suffers from a lack of consistent leadership, business focus and a "single cohesive strategy."

More here.

U.S. Attorney General Gonzales Blasts Surveillance Critics

U.S. Attorney General Alberto Gonzales speaks about the warrantless surveillance program during a lecture series to cadets at the Air Force Academy, in Air Force Academy, Colo., on Saturday, Nov, 18, 2006.
Image source: The Boston Globe / AP Photo / Bill Ross


Personally, I'll be glad when the 9th U.S. Circuit Court of Appeals rules that this whole warrantless surveillance thing is unconstitutional -- and when this Bush administration apparatchik is gone from office.

An AP newswire article by Chase Squires, via The Boston Globe, reports that:

Attorney General Alberto Gonzales contended Saturday that some critics of the Bush administration's warrantless surveillance program were defining freedom in a way that poses a "grave threat" to U.S. security.

Gonzales was the second administration official in two days to attack a federal judge's ruling last August that the program was unconstitutional. Vice President Dick Cheney on Friday called the ruling "an indefensible act of judicial overreaching."

Gonzales told about 400 cadets from the Air Force Academy's political science and law classes that some see the program as on the verge of stifling freedom rather that protecting the country.

"But this view is shortsighted," he said. "Its definition of freedom -- one utterly divorced from civic responsibility -- is superficial and is itself a grave threat to the liberty and security of the American people."

More here.

Gapingvoid:Misunderstanding Importance

Via gapingvoid.com. Enjoy!

Bush Approves Alcatel Lucent

Ray Le Maistre writes on Light Reading:

Alcatel and Lucent Technologies Inc. announced late Friday night that they have received final approval for their merger from U.S. President George W Bush and expect to complete their merger on November 30.

The duo say they have "received approval from the Committee on Foreign Investment in the United States (CFIUS), under provisions of the Exon-Florio amendment, to proceed with their proposed merger transaction."

More here.

New Google Service Will Manipulate Caller-ID

Lauren Weinstein:

Google has made available a new "Click-to-Call" service that will automatically connect users to business phone listings found via Google search results.

In order for this feature to function, the user must provide their telephone number so that Google can bridge the free call between the business and the user (including long distance calls).

An obvious issue with such a service is that there is no reasonable way to validate the user phone number that is provided. Google says that they have mechanisms in place to try avoid repeated prank calls, but the potential for abuse is obvious.

More here.

Hackers Plant Backdoor Trojan on Major Chinese Bankcard Website

An Shanghai Daily article, via Hack in the Box, reports that:

Anonymous hackers yesterday planted a backdoor virus program on the Website of China Unionpay (www.Chinaunionpay.com), the country's only national electronic payment network operator, that may result in customer information being leaked, Xinhua has learnt.

The backdoor program, Backdoor.BlackHole.2005.a, is capable of hijacking customer's computers when they visit the Website, said engineers at Rising Corporation, a leading Chinese computer security company.

More here.

Security Flaw in Microchips Discovered?

Via The Australian.

Researchers have discovered a fundamental flaw in microprocessor technology that could allow hackers to obtain computer users' secret information, French daily Le Monde reported.

A team led by German cryptology expert Jean-Pierre Seifert has discovered that chips are now more vulnerable because of the way they are manufactured to to process data more quickly.

"Security has been sacrificed for the benefit of performance," said Mr Seifert quoted in Le Monde.

The danger of hackers breaking into computer chips, using a technique known as Branch Prediction Analysis (PBA), previously necessitated a very large number of attempts to decipher a cryptology key.

More here.

Friday, November 17, 2006

New Jersey Coach Charged in Child Porn Case, School Not Notified

Ken Serrano and Gene Racz write on The Home News Network (Central New Jersey):

Blindsided by news that a longtime gym teacher has been arrested and charged with possession of child pornography, officials at Cardinal McCarrick High School were dealing with the fallout yesterday from a magistrate's controversial decision in the case.

James Kazanjian, 51, former football and baseball coach at the Roman Catholic high school, is accused of downloading a video of an adult raping a child and other child-sex pornography. Yet he drew a ruling from a federal magistrate that allowed him to return to school without officials at McCarrick being notified of the charges.

More here.

(Props, Flying Hamster.)

New Brain Trust Planning Microsoft's Future?

Alan Sipress writes in The Washington Post:

Never before in its 30-year history has Microsoft faced a more pressing need to turn its innovative prowess inward and remake itself. The company that became synonymous with computing for hundreds of millions of users worldwide is confronting an onslaught by rivals bent on stripping away Microsoft's customers by providing cheaper -- or free -- software over the Web.

Microsoft faces a dilemma common to many major corporations, including telephone companies, newspapers and automakers, as they wrestle with how to break loose from their traditional businesses before it's too late. Many have been unable to cannibalize their core operations, remaining intoxicated by the high profits they still provide. But the burden of maintaining the old businesses that made them titans can starve companies of the investment and initiative they need to innovate.

More here.

Long Island Priest Carged in Child Porn Case

John Moreno Gonzales writes on Newsday.com:

Federal agents arrested a Roman Catholic priest based in Roosevelt Friday on child pornography charges after authorities said he stored 1,300 sexually explicit images of children on his rectory computer and engaged in sexually laced chats with detectives posing as teenage boys.

Thomas G. Saloy, 45, an administrator at the Queen of the Most Holy Rosary Church in Roosevelt, was arrested Friday morning after a yearlong investigation, authorities said, in which he used America Online screen names to talk to minors about sex and set up exchanges of child pornography with adults and youths.

More here.

Home Entry, Burglary Recorded on YouTube

Jeff Wiehe writes on FortWayne.com:

Detective Everett D. White of the Fort Wayne Police Department’s Neighborhood Response Team was off duty and at home Oct. 19. He spent time browsing through videos on the Web site YouTube .com, and somehow came across one titled “Burglars Caught in Fort Wayne.”

The video, dated Oct. 10, showed a man walking inside an apparently vacant house from the rear and letting another man inside through the front door. One of the men, who police say was Richard K. Klaff, 36, left the home with an 8-foot piece of copper wire worth about $15. Shortly after the two men walked out the door, two Fort Wayne Police officers walked in, called by the homeowner.

More here.

(Props, Flying Hamster.)

Forensic Tool Detects 'Illegal' Images?

Kevin McLaughlin writes on TechWeb News:

Law enforcement and government agencies that investigate computer crimes now have a better way to identify illegal digital images on seized hard drives.

This week, LTU Technologies launched a software plugin that strengthens the image analysis and indexing features of Guidance Software's Encase Forensic platform, which is commonly used by law enforcement and government agencies to sift through digital evidence during the course of investigations.

More here.

NSA Case Becomes Lawyer Junket

Ryan Singel writes on Wired News:

Forty-eight lawsuits against the nation's largest telecommunications companies for alleged participation in a warrantless government surveillance program had their first day all together in court Friday, in a courtroom packed with more than two dozen lawyers for the government, the companies and civil liberties groups.

The class-action lawsuits accuse BellSouth, Cingular Wireless, Sprint, MCI, Verizon, AT&T and even cable provider Comcast of violating various privacy and fair business laws for allegedly collaborating with the government's warrantless eavesdropping on Americans' overseas phone calls, domestic phone logs and internet usage. Together, the suits seek millions in damages.

More here.

U.S. Judge Will Not Halt AT&T Wiretapping Lawsuit

Declan McCullagh writes on C|Net News:

A federal district judge on Friday rejected the Bush administration's request to halt a lawsuit that alleges AT&T unlawfully cooperated with a broad and unconstitutional government surveillance program.

U.S. District Judge Vaughn Walker said the lawsuit could continue while a portion of it was being appealed, despite the U.S. Justice Department's arguments that further hearings and other proceedings would consequently endanger national security.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Nov. 17, 2006, at least 2,863 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,291 died as a result of hostile action, according to the military's numbers.

The AP count is eight more than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

ACLU Lawsuit Against Washington State Library Over Restrictive Internet Filtering

Via The ACLU.

Represented by the American Civil Liberties Union of Washington, three library users and a nonprofit organization today brought a lawsuit to ensure that patrons of a library system in Eastern Washington have access to useful and lawful information on the Internet.

The lawsuit challenges the library system's policy of using a restrictive Internet filter to bar access by adults to information on its computers and of refusing to honor requests by adult patrons to temporarily disable the filter for sessions of uncensored reading and research.

More here.

Gadget of the Day: A Personal Helicopter

The Gen H-4


Via Defense Tech.

Feel like you've lived a wee bit too long? Looking for a spectacular way out -- one that'll keep your family crying in disgust for years on end?

Well, has Popular Mechanics got a gizmo for you: the personal helicopter. This $30,000, assemble-yourself "Gen H-4" mini-chopper relies on "two blades on the same axis and rotating them in opposite directions to counteract each other's torque, eliminating the need for a tail rotor."

The contraption meets "the FAA's rules for ultralight aircraft: a top speed of just over 60 mph and a 5-gallon gas tank, for about an hour of flying. That means you don't need a license to own or fly one."

Oh, joy!

More here.

Universal Music Sues MySpace

Via Reuters.

Universal Music Group, the world's largest music company, on Friday filed a lawsuit against popular social networking site MySpace for copyright infringement of thousands of its artists' works.

Universal, owned by French media giant Vivendi, filed the suit at the U.S District Court in the Central District of California, Western Division.

More here.

Follow-Up: Conservation Coalition Files Suit Against Bush Administration Over Global Warming Report

Via Friends of The Earth.

A coalition of conservation groups filed suit today against the Bush administration for refusing to complete a National Assessment of the impact of global warming on the environment, economy, human health and human safety of the United States. The assessment, due in November of 2004, is required by the Global Change Research Act of 1990.

Today’s action [14 Nov. 2006] comes as U.S. representatives complete their participation in the final days of the United Nation’s world climate negotiations in Nairobi, Kenya. Plaintiffs in the lawsuit are the Center for Biological Diversity, Friends of the Earth, and Greenpeace.

More here.

Second Life: The Next RIAA Target?

Eliot Van Buskirk writes on the Wired News' Listening Post Blog:

I haven't played Second Life yet, but know my old employer has built virtual headquarters there and that Dell sells real computers inside of this alternate reality.

The next aspect of real life to become part of Second Life could be the all-too-real prospect of an RIAA crackdown on unauthorized music, although labels could face difficulty in proving that Linden Labs has any culpability.

More here.

China Re-Blocks Wikipedia

An AP newswire article, via The International Herald Tribune, reports that:

The easing of a ban on the popular online encyclopedia traffic in China was short-lived.

Barely a week after Wikipedia viewers were able to access the Web site — after a yearlong ban — they reported Friday that it was blocked again in several parts of China.

Chinese Web surfers and free speech advocates had earlier welcomed the apparent lifting of a ban on the English and Chinese versions of the site that provides free information written and edited by its users, although skeptics had voiced fears the end of the ban would be temporary.

"It was great news for us," said Yuan Mingli, 33, a software engineer in Shanghai who has contributed articles on computer science and Chinese historical figures to the site. "China's Internet users are not different from other countries' users. Wikipedia is a very important source of information for us."

More here.

U.S. GAO: Infrastructure Protection Stresses Resilience, Recovery

Alice Lipowicz writes on Washington Technology:

Plans for protecting the nation’s critical information technology networks and systems are focused on developing resiliency and quick recovery rather than on safeguarding against every type of threat, according to a new report [.pdf] from the Government Accountability Office.

The GAO report provides an update on activities of the nation’s 17 critical infrastructure sectors, including IT, energy, food, water, transportation and health care, which are developing plans due in December to protect their sectors from terrorist attack. The goal is to coordinate with the National Infrastructure Protection Plan, which became final in June 2006.

More here.

IG to Probe DHS Data-Mining Program

Shaun Waterman writes for UPI:

The U.S. Department of Homeland Security's inspector general will probe a new data-mining program the agency is developing.

The probe into the department's $40 million Analysis, Dissemination, Visualization, Insight and Semantic Enhancement, or ADVISE, program was one of the investigations the inspector general promised in his annual plan this week.

ADVISE, the brain child of the department's science and technology division, is "designed to extract relationships and correlations from large amounts of data to produce actionable intelligence on terrorists," says the inspector general's report. "A prototype is currently available to analysts in (homeland security's) Intelligence and Analysis (division) using departmental and other data, including some on U.S. citizens," it adds.

More here.

Prolexic Says it was Wrongly Charged

Via Web Hosting Industry Review (WHIR) News.

Distributed denial of service protection solutions provider Prolexic Technologies says it was wrongly accused of hosting gambling Web sites when New York authorities broke up an online betting ring on Thursday, according to reports.

Police issued a 33-count indictment regarding an illegal Internet gambling ring and Prolexic was identified by a traceroute as the Web hosting provider for an Internet sports book. However, Prolexic says it is being wrongly accused, and was not involved in hosting the gambling operation.

The company says its proxy service makes it appear, through a traceroute, as though Prolexic is the host of the site.

More here.

LimeWire Files Amended Counterclaims in RIAA Lawsuit

Ray Beckerman writes on The Recording Industry vs. The People:

LimeWire has filed amended and expanded counterclaims in its lawsuit with the RIAA, Arista v. Lime Wire:

The counterclaims allege that the record companies and their co-conspirators "conspired to delay and disrupt the entry and emergence of [P2P], and to extend their oligopoly in the distribution of recorded music over the new market for the electronic distibution of music via the Internet." (Paragraph 28).

They further allege that the RIAA "sought to preserve the market power they possessed by conspiring to refuse to license their catalogs for competitive digital distribution, and instead acting together to delay and inhibit digital distribution both of the recorded music they controlled and what little recorded music they did not control." (Paragraph 30).


More here.

VoIP is Dead! Film at 11:00...

Just kidding, but Om Malik pulls some interesting statistics:

Any VoIP company that is trying to be a voice replacement, is living on borrowed time (and money.) Folks over at My VoIP Provider1 did a historical study from August 2005 through October 2006, and found that 85 VoIP providers were kicked to the curb.

This is global data, but the issues facing these companies are pretty much the same… how to stay in business when all you can do is fight on price, and have no distinguishing features! Even AOL had to shutter its Total Talk. Vonage is no where close to being profitable, and Skype has to give away its money making services (in North America) to get some traction. And the incumbents are flexing their muscle, and taking market share by the month.

More here.

Warrantless Eavesdropping Returns to Court Today

Ryan Singel writes on 27B Stroke 6:

AT&T, the U.S. government and the Electronic Frontier Foundation face off again in federal court this morning to argue over how the case against the telecom for allegedly collaborating with the NSA's warrantless wiretapping of Americans' overseas communications will proceed and to figure out how to integrate some 40 other lawsuits against other telecoms.

Currently a ruling by chief district court judge Judge Vaughn Walker that allows the case to proceed despite the government's protestations that the case will reveal state secrets is under appeal to the Ninth Circuit. Despite that, EFF wants its, and the other cases to proceed, by allowing it to force AT&T to answer its complaints and turn over documents.

More here.

UK: British RFID Passports Cracked

Via The Guardian.co.uk.

Today, some three million such passports have been issued, and they don't look so secure. I am sitting with my scary computer man and we have just sucked out all the supposedly secure data and biometric information from three new passports and displayed it all on a laptop computer.

The UK Identity and Passport Service website says the new documents are protected by "an advanced digital encryption technique". So how come we have the information? What could criminals or terrorists do with it? And what could it mean for the passports and the ID cards that are meant to follow?

More here.

Man Shot While Waiting in Line to Buy Playstation 3

Via Reuters.

A man was shot early on Friday morning outside a Wal-Mart store in Connecticut while waiting to buy a new Sony Playstation 3, Connecticut State police said.

He was one of 15 to 20 people lined up outside the store when confronted by two armed men who demanded money at around 3:15 a.m., Lt. J. Paul Vance said in a press release.

Police said the victim had confronted the armed suspects and was shot. He was treated at the scene and transported to the University of Massachusetts Medical Center across the state line.

Police were searching for the two suspects.

More here.

UK: Man Jailed for Britain's First 'Web-Rage' Attack

Via Reuters.

A British man convicted of what has been described as the country's first "web-rage" attack, was jailed for 2-1/2 years on Friday for assaulting a man he had exchanged insults with over the Internet.

Paul Gibbons, 47, from south London, admitted he had attacked John Jones in December 2005 after months of exchanging abuse with him via an Internet chatroom dedicated to discussing Islam.

The Old Bailey heard that Gibbons had "taken exception" to Jones, 43, after he had made the claim that Gibbons had been "interfering with children".

After several more verbal and written exchanges -- with Jones threatening to track him down and give him a severe beating -- Gibbons and a friend went to his victim's house in Essex, armed with a pickaxe and machete.

More here.

Kevin Martin Confirmed as FCC Chairman for Second Term

Anne Broache writes on C|Net News:

The U.S. Senate late on Thursday voted unanimously to confirm Republican Kevin Martin for a second five-year term as chairman of the Federal Communications Commission. Martin, 39, has served as a commissioner since 2001 and has held the top leadership spot since 2005.

"I will continue to work to provide a regulatory environment that promotes competition and drives investment and innovation while protecting consumers and promoting public safety," Martin said in a statement Friday. A number of key decisions lie ahead, such as whether to approve and place conditions on an $80 billion merger between AT&T and BellSouth.

More here.

Thursday, November 16, 2006

Josh Wolf Update: Journalist Loses Request for Rehearing

Josh Wolf


Completely bogus. Free Josh Wolf.

Jesse McKinley writes in The New York Times:

A federal appeals court has denied a request for a rehearing from a freelance video journalist and blogger who has been jailed for three months for refusing to cooperate with a grand jury investigation of a violent anticapitalist protest.

The decision Wednesday by a three-judge panel of the Ninth Circuit Court of Appeals means that the blogger, Josh Wolf, could be kept in jail until July, when the term of the grand jury expires, said his lawyer, Martin Garbus.

If that happens, Mr. Wolf, who has served 88 days, will be the longest-incarcerated journalist in recent American history, according to the Reporters Committee for Freedom of the Press. Vanessa Leggett, a freelance journalist from Houston, served 168 days in 2001 and 2002 for refusing to surrender information about a murder case.

More here.

Offbeat: The Funniest Damned Thing I've Seen in a While...

Courtesy of Good Morning, Silicon Valley.

I laughed until beer came out of my nose. Really.

- ferg

CSIRO Wins Landmark WLAN Lawsuit Against Buffalo, More to Come?

Darren Murph writes on Engadget:

The same folks who brought us fire-proof plastic, air guitar clothing, and wireless air hockey apparently delivered a lot more of the WiFi technology we all utilize daily than was previously recognized.

Australia's Commonwealth Scientific and Industrial Research Organization has won a landmark case against Buffalo Technology, "under which it could receive royalties from every producer of WLAN products worldwide." US patent 5487069 -- which "encompasses elements of the 802.11a/g wireless technology that is now an industry standard" -- was granted to the body back in 1996, and has subsequently been utilized in seemingly every piece of wireless kit ever since.

Considering their recent victory, CSIRO's pending cases against Intel, Dell, Microsoft, HP, and Netgear definitely have roots now, and if judges continue to rule in the Aussies' favor, the big boys could be shelling out "hundreds of millions of dollars" in back pay to cover their wrongs. Ruh roh.

More here.

Toon: Psssst...


Click for larger image.


Laptop Containing 43k T-Mobile Employees' ID Data Vanishes

Via The Seattle Post-Intelligencer.

Bellevue's T-Mobile USA Inc. on Wednesday confirmed reports that a laptop computer containing the Social Security number, salary, birth date and home address for as many as 43,000 current and former employees disappeared from an employee's checked luggage.

A company spokesman couldn't say Wednesday when the presumed theft occurred, but he speculated it took place sometime after Aug. 23.

He based his speculation on the fact that the laptop contained data on people employed at T-Mobile between May 25 and that date.

More here.

Alabama Student Records Found in Trash

Patricia C. McCarter writes in The Huntsville Times:

The pile of construction debris between Hazel Green's elementary and high schools had more than wallboard and outdated wiring in it.

Two students who went through the heap Tuesday afternoon found boxes of student records, which included photographs, addresses, grades and Social Security numbers of sixth-graders from 2003 through 2005.

More here.

(Props, Flying Hamster.)

Movie Studios Sue to Stop Loading of DVDs onto iPods

Via EFF Deep Links.

The MPAA studios are at it again, snatching away our fair use rights, so they can sell them back to us for an "additional fee."

In a lawsuit filed in federal court in New York, Paramount Pictures v. Load 'N Go Video, the MPAA member companies have sued a small business for loading DVDs onto personal media players (e.g., iPod Video) on behalf of customers.

According to the suit, Load 'N Go sells both DVDs and iPods and loads the former onto the latter for customers who purchase both. The company then sends the iPod and the original DVDs to the customer. So the customer has purchased every DVD, and Load 'N Go just saves them the trouble of ripping the DVD. The movie studios' suit claims that this is illegal, because ripping a DVD (i.e., decrypting it and making a copy) is illegal under the DMCA. The suit also claims that this constitutes copyright infringement.

More here.

Privacy Czar Has Private Lunch, Not Privacy Lunch

From the "You Should Be Ashamed of Yourself" Department...

Ryan Singel points out (on 27B Stroke 6) an EPIC Alert snippet which shows just how much the U.S Department of Commerce's Privacy Czar really cares about privacy:

Mr. Cresanti [Robert C. Cresanti, the Commerce Department's new privacy chief] attended more than 25 meetings with business lobbyists and corporate representatives across the country, including business lunches and dinners with DaimlerChrysler, Pitney Bowes and the Council on Competitiveness, whose members include executives from Wal-Mart and IBM. He also attended day-long business meetings in Detroit, Michigan; Elyria, Ohio, and Chicago, Illinois.

However, the top privacy official at the Commerce Department did not attend one pre-scheduled meeting with privacy advocates in Washington, DC.

Cresanti had agreed to speak with the Privacy Coalition on September 8 at 1:15 p.m., after another meeting at the National Institute of Standards and Technology. But his appointment at NIST, scheduled to end at noon, was completed earlier than anticipated and he went back to his office. When Cresanti did not arrive at the privacy meeting, the coalition was informed that he had made an impromptu decision to have lunch instead. Cresanti has not rescheduled.

More here.

Global Crossing Exec Blasts Wiretapping Rules

Anne Broache writes on C|Net News:

An executive from a company that manages a large portion of the Internet's infrastructure on Thursday slammed federal wiretapping rules expected to take effect next spring.

Paul Kouroupas, vice president of regulatory affairs for Global Crossing, strongly criticized the Federal Communications Commission's broadening of a 1994 law--originally intended to cover telephone providers--as disproportionately costly, complex, and riddled with privacy concerns. His company is one of the world's largest Internet backbone providers.

"Our customers are large Fortune 500 companies--not too many of those companies are conducting drug deals or terrorist activities out of Merrill Lynch's offices or using their phones in that way," Kouroupas said at an event here sponsored by the DC Bar Association. "By and large we don't get wiretap requests, yet we're faced with the costs to come into compliance," which he estimated at $1 million.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Nov. 16, 2006, at least 2,862 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,289 died as a result of hostile action, according to the military's numbers.

The AP count is nine more than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Phishers Land Bigger Fish and Banks Pay Up -- But for How Long?

Mary Kirwan writes on The Globe and Mail:

The latest security surveys show that attackers are indeed getting smarter, and concentrating their efforts on softer, high-yield targets, predominantly home users and financial institutions — namely consumers banking online.

Despite huge publicity around the issues, U.S. consumers are still taking the bait in droves. According to research firm, Gartner Inc., in 2006, as many as 3.5 million Americans will provide confidential data to phishers, and their naiveté will cost the U.S. economy an estimated $2.8-billion (U.S.). Individual losses are also increasing exponentially. U.S. victims lost five times more in 2006 to individual phishing attacks than in 2005. Clearly attackers want to maximize the return from these more targeted attacks.

More here.

Former Source Media Exec Charged With Hacking

An AP newswire article, via FoxNews.com, reports that:

A former Source Media Inc. executive was charged with hacking into the company's computer system three years after he was dismissed, and tipping off employees whose jobs were in jeopardy, prosecutors said Wednesday.

In a press release, the U.S. Attorney's office in Manhattan said Stevan Hoffacker, the company's one-time director of information technology and later vice president of technology, was charged with one count of unauthorized access to a protected computer network.

Source Media is the New York publisher of American Banker, the Bond Buyer and other financial publications. It is a unit of Bahrain's Investcorp.

Hoffacker, 53, faces up to five years in prison on the charge. He was arrested Wednesday in Queens, where he lives.

More here.

Quote of the Day: TruthDig

"The U.S. Department of Agriculture has decided to remove the word 'hunger' from its annual report assessing Americans' access to food. Those among us who sometimes go without food, a group that has grown consistently over the last five years, will now suffer from 'very low food security.'"

- TruthDig

Siemens Involved in Giant Global Fraud Scandal?

Via UPI.

German mega-company Siemens may have run a secret global financial network to hide potential bribe payments worth tens of millions of dollars, a newspaper said.

Investigators are probing whether the money, which was channeled across Swiss bank accounts, was used to bribe "high-ranking Russian officials" to get Siemens more business there, Germany's Sueddeutsche Zeitung newspaper said Thursday.

The report comes after some 200 police and justice agents Wednesday raided the offices of Siemens, Europe's largest engineering company, which may be involved in a massive fraud scandal.

More here.

'Pump-and-Dump' Spam Surge Linked to Russian Bot Herders

Ryan Naraine writes on eWeek:

The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers.

Internet security researchers and law enforcement authorities have traced the operation to a well-organized hacking gang controlling a 70,000-strong peer-to-peer botnet seeded with the SpamThru Trojan.

According to Joe Stewart, senior security researcher at SecureWorks, in Atlanta, the gang functions with a level of sophistication rarely seen in the hacking underworld.

More here.

GooTube Video Shows UCLA Police Using Stun Gun On Student - UPDATED

I watched this video when I was alerted to this incident earlier this morning, and I must say -- this appears to be highly questionable behavior by UCLA Police officers.

And personally, I'm not satisfied with the UCLA Chancellor's reply to the situation. I'm getting really sick of the entire "Papers, Please!" attitude by people abuse the power of the position in which they are employed.

Via NBC4.tv (Los Angeles).

An administrative review was under way after a 23-year-old student was administered multiple stun gun shocks by UCLA Police Department officers in the Powell Library computer lab.

Video shot from another student's camera phone shows the man screaming while on the floor of the computer lab as officers used the stun gun on him at 11:30 p.m. Tuesday, according to the Daily Bruin.

He had been working at a computer in the back of the lab and had failed to produce a student ID during a random check performed by community service officers, the newspaper reported.

According to a UCLA police sergeant, the student was identified as Mostafa Tabatabainejad of Los Angeles.

He was given a citation for obstruction/delay of a peace officer in the performance of duty and then released from custody, the sergeant said.

More here.

Update 11/17: Mostafa Tabatabainejad plans to sue. Good.

UK: Legal Dispute Cuts Off Customers

Ben Camm-Jones writes on Web User:

Users of V21's broadband service got a nasty shock when they tried to connect to the internet yesterday.

Several Web User readers reported that they were greeted with a message informing them that due to a legal dispute V21, which has recently been acquired by Biscit, would no longer be supplying their broadband service.

Instead, customers had the option of moving their account to a company called ezeeDSL, or waiting until 24 November to have their service terminated so they could get broadband from a different provider, or move to V21's superfast broadband service.

More here.

Image Spam Getting Very Creative


My freind and colleague, Alex Eckelberry, writes over on The Sunbelt Software Blog:

Image spam, a plague on email right now, continues to get more and more creative.

For the most part, the images are embedded in the email, although sometimes they’re sent as a hyplink (an email client like Outlook can show images in the email when formatted in HTML, either through a hyperlink or as an embedded image, a technique that also works with RTF through OLE embedding).

Some people may wonder why the images are getting all odd looking, with slashes and odd text and the like. That’s largely to bypass OCR filters (for example, SpamAssassin uses an OCR plug-in to detect image spam). It’s also to continually change the checksum on the image.

More here.

Gapingvoid: Products, Conversations...

Via gapingvoid.com. Enjoy!

Guidance Software Makes Deal with Feds Over Data Leak

Anne Broache writes on C|Net News:

A leading seller of software for investigating computer crimes has reached a settlement with federal regulators, after a hacking incident exposed data on thousands of its customers.

Under a settlement with the Federal Trade Commission announced on Thursday, Pasadena, Calif.-headquartered Guidance Software must put into place a "comprehensive information-security program" and undergo audits by independent, third-party security professionals once every two years for the next decade.

The intrusion into Guidance's servers, discovered last December, unmasked the names, addresses and credit card details of about 3,800 customers, the company said at the time. Guidance executives said they had notified all of its approximately 9,500 customers about the attack and called on the U.S. Secret Service to conduct an investigation. The company, one of the world's top providers of forensic software, counts government and law enforcement personnel and security researchers among its clientele. A handful of these reported suspicious credit card charges after the breach.

More here.

Clear Channel Agrees to $27B Buyout

Frank Ahrens writes in The Washington Post:

Clear Channel Communications Inc., the nation's largest radio chain with more than 1,200 stations, said today it has agreed to sell the company to a consortium of private-equity firms for nearly $27 billion.

The buyers, led by Bain Capital Partners and Thomas H. Lee Partners, also are bidding for Tribune Co., which owns several newspapers and television stations. That process is ongoing.

More here.

Spanish Webcam Spies, Online Fraudsters Apprehended

Via Help Net Security News.

According to Spanish newspaper reports, two seventeen year-olds were arrested yesterday in Alicante, charged with creating a Trojan horse which allowed them to remotely take control of webcams within local educational institutions. This enabled the duo to spy on students and record compromising images, which they then used to blackmail the victims into giving them money.

Later in the same day, two adults were arrested in Madrid, in connection with the original inquiry. It is claimed that the adults used the teenage malware authors to obtain confidential data in order to commit credit card fraud. Using fake credit card details, the two adults allegedly made purchases amounting to more than 60,000 EUR.

More here.

Wednesday, November 15, 2006

Report: S.F. Airport Screeners Alerted to Undercover Testers

I'm still trying to figure out why this hasn't been carried by American mainstream media outlets...

An AP newswire article, via CNews (Canada), reports that:

Security checkpoint managers at San Francisco International Airport were warned when undercover inspectors came to test how well screeners detected fake bombs and weapons, a government report said Tuesday.

The report, obtained by The Associated Press, confirms allegations brought in February 2005 by a whistleblower who formerly worked for Covenant Aviation Security.

Covenant provides security at the San Francisco airport, one of a handful of airports that uses private companies under a program established by Congress.

More here.

(Props, Flying Hamster.)

Tech Boondoggle: Half-Billion Dollar Pentagon Travel System Hardly Used

Via The Associated Press.

The Defense Department's computerized travel reservation system has turned into a half-billion-dollar fiasco, so flawed that only 17 percent of the travelers are using it as intended, Senate investigators say.

The system was designed as the Pentagon's version of an Internet travel site, where flights, hotels and rental cars can be booked without the need for fee-based travel agents.

More here.

Republicans Propose Last-Minute Spy Bill

Anne Broache writes on C|Net News:

The outgoing Republican chairman of a key U.S. Senate committee has made a last-minute attempt at giving the Bush administration what he calls the necessary "resources" for carrying out its phone call and Internet surveillance within the law, but critics remain unconvinced.

In remarks on the Senate floor on Tuesday afternoon, Judiciary Committee Chairman Arlen Specter marketed his new 11-page proposal as "a significant advance in protecting civil liberties." Once one of the few Republicans to question openly the legality of the National Security Agency's warrantless terrorist surveillance program, the veteran Pennsylvanian politician drew criticism this summer for endorsing a bill that would allow--but not require--the Bush administration to submit the operations for court review.

The Senate Judiciary Committee chairman's latest effort drew near-immediate skepticism from the American Civil Liberties Union and from California Democratic Sen. Dianne Feinstein, who co-sponsored what civil liberties groups viewed as a more stringent bill with Specter earlier this year. That bill narrowly cleared a committee vote in July but has since stalled.

More here.

Off Topic: Found Not Guilty and Still Doing The Time

Michael Hampton writes on Homeland Stupidity:

In the United States, you can be sentenced to prison for crimes you didn’t commit.

Under current federal sentencing guidelines, the government can demand that the court sentence a defendant found guilty of some charges but innocent of other charges as if he had been found guilty of all of the charges.

This, of course, is why they throw any charge they can think of at everyone who crosses paths with the injustice system. Invariably, they’ll manage to convict even the most innocent person of something, even if it’s a jaywalking charge, and get a sentence far in excess of what would be reasonable for such a charge.

A federal district court recently condemned the practice, which it said occurs “routinely.”

More here.

Chile Court Releases Two Accused Hackers

An AP newswire article, via PhysOrg.com, reports that:

Two Chileans accused of hacking into thousands of government Web sites were freed from jail Wednesday but ordered to stay away from computers while the case is investigated, their lawyer said.

Police accuse Carlos Amigo, 37, known online as SSH-2, and Leonardo Hernandez, 23, nicknamed Nettoxic, of belonging to a team of hackers responsible for breaking into more than 8,000 Web sites around the world, including that of the U.S. space agency.

They were arrested Nov. 7 along with two underage friends. The twin brothers, who were not identified or jailed due to their age, acted under the names Codiux and Phnx, police said.

The arrests resulted from eight months of investigation with the help of authorities in the United States, Israel and several South American countries, police said.

More here.

Google to Hire 500 for European Hub in Ireland

A New York Times article by Eamon Quinn, via The International Herald Tribune, reports that:

Google, the leading Internet search company, said Wednesday that it would hire 500 more employees in Dublin as it makes its Irish facility the largest outside the United States.

The central Dublin offices, which first opened with five employees in 2003, could have more than 1,400 people by the end of next year if Google can attract technical personnel and graduates in language studies from around the world, said John Herlihy, director of online sales and operations in Europe.

Google has 10,000 employees worldwide, including 3,000 at its headquarters in Mountain View, California.

More here.

Florida AG Investigates FreeCreditReport.com

Well, it's about time someone did...

Bob Sullivan writes on The Red Tape Chronicles:

The Florida state attorney general's office has opened an investigation into potentially misleading advertising by FreeCreditReport.com.

The Web site, owned by credit bureau Experian Group Ltd, offers consumers a chance to obtain their credit reports and credit score by signing up for a paid subscription service.

In response to a public record inquiry by MSNBC.com, the office of Florida Attorney General Charlie Crist issued a statement indicating it had opened an investigation to determine whether Experian has violated Florida's Deceptive and Unfair Trade Practices Act.

The investigation will cover several entities owned by Experian, including Consumerinfo.com, Inc., Experian Consumer Direct; Qspace, Inc.; Iplace, Inc.; and the Web sites Consumerinfo.com; Creditexpert.com; and Creditmatters.com.

More here.

ATMs Hacked Using MP3 Player

Joris Evers writes on the C|Net Security Blog:

A criminal gang in the U.K. was able to steal confidential banking data by bugging ATMs with an MP3 player, The Times of London reported in its online edition Thursday.

The gang targeted freestanding cash dispensers and would tap the phone line between the ATM and a wall socket by placing a two-way adaptor on it and connecting an MP3 player, according to the newspaper.

The digital music device would record the data traffic, which sounds like the noise a traditional computer modem makes when connecting. The noise would be interpreted using a modem line tap or passed through a special computer software program.

The gang was then able to create copies of credit cards and make purchases worth 200,000 pounds, nearly $380,000, according to The Times.

More here.

3Com to Bid for Huawei Assets

R. Scott Raynovich writes on Light Reading:

This morning 3Com Corp. filed a statement with the SEC saying it is bidding for 100 percent ownership of Huawei-3Com (H3C), the joint venture it formed with Huawei Technologies Co. Ltd.

According to the filing, 3Com, which currently owns 51 percent of H3C, intends to bid for the 49 percent stake it doesn't own, essentially buying out the unit from Huawei.

More here.

ICE Removes Detention and Removal Strategy From Website

Christian Beckner writes on Homeland Security Watch:

The kooky website Cryptogon had a post a few days ago where they linked to an Immigration and Customs Enforcement strategic plan for detention and removal from 2004 codenamed Endgame. That report had previously been available online at ice.gov, but shortly after the Cryptogon post revealed its existence, it was removed from the website. The proprietors of this Cryptogon site therefore put it up on their own server, and you can download it here:

ENDGAME: Detention and Removal Strategic Plan, 2003 - 2012

The document is unclassified and fairly banal, so I have a hard time believing that this was removed for security reasons. A likelier explanation is that it was removed because it was outdated, a lot of the content in it having been superceded by strategic work under the auspices of the Secure Border Initiative over the last 1+ years.

More here.

Political Website Hacked to Run Spam Script

Via Free Market News Network.

On Sunday, a human being registered to use our website [www.DownsizeDC.org], sent a message to Congress, and then "ran a script" on our system to generate nearly 50,000 pieces of spam through our server.

As a result, America Online has temporarily blacklisted us. AOL users probably won't get this message.

We discovered the problem this morning. The offending registration has been deleted and the problem has been patched so the script will not work again. Our database was never compromised or at risk of being compromised.

More here.

Want a Zune? Uninstall Windows Vista

Ed Oswald writes on BetaNews:

Those early adopters who bought a Microsoft Zune on Tuesday were greeted with an embarrassing incompatibility when they tried to install it on to their computers running Windows Vista: it doesn't work with Redmond's latest operating system.

[Unsurprisingly] Apple enthusiast sites immediately latched onto the peculiar issue as yet another reason why the Zune was not ready for prime time.

More here.

Faux Pas of the Day: As Bush Goes To Vietnam, White House Website Displays The Wrong Flag

Via ThinkProgress.

Today, President Bush visits Vietnam for the Asia-Pacific Economic Cooperation summit, “looking to burnish his foreign-policy credentials.” He’s off to a miserable start.

Yesterday, the White House website featured a graphic with the flags of the three countries he’s visiting on his trip — Singapore, Vietnam, and Indonesia. One problem: instead of displaying the Vietnamese flag, the White House graphic featured the old flag of South Vietnam. That flag hasn’t been the official flag of Vietnam since South Vietnam surrendered to North Vietnam in 1975.

More here.

YouTube Sends TechCrunch A Cease & Desist

Michael Arrington writes on TechCrunch:

Buried in my email this evening I found a cease and desist letter from an attorney at Wilson Sonsini Goodrich & Rosati, representing their client YouTube. We’ve been accused of a number of things: violating YouTube’s Terms of Use, of “tortious interference of a business relationship, and in fact, many business relationships,” of committing an “unfair business practice,” and “false advertising.” The attorney goes on to demand that we cease and desist in from engaging in these various actions or face legal remedies.

Well, crap.

The offense we committed was creating a small tool that lets people download YouTube videos to their hard drives. We referenced the tool in a recent post that walked people through the process of moving YouTube Videos to their iPod.

More here.

DHS IG Scrutinizing Data Mining Prototype

Alice Lipowicz writes on GCN.com:

The Homeland Security Department’s Science & Technology Directorate’s data mining prototype is receiving in-depth scrutiny from the department’s inspector general.

The DHS IG plans to review the Analysis, Dissemination, Visualization, Insight and Semantic Enhancement, or Advise, program, over the next several months to determine how well it is meeting its goals in identifying potential threats, according to the IG’s just-released fiscal 2007 Annual Performance Plan.

The $40 million program is designed to extract terrorist threat information from large amounts of data. It and other data mining programs are criticized by privacy advocates because they sift through large amounts of personal information.

More here.

U.S. Authorities Bring Online Gambling Charges Against Dozens

An AP newswire article, via The Globe and Mail, reports that:

Criminal charges have been brought against more than two dozen individuals and corporations in four states in connection with a billion-dollar-a-year gambling Web site, authorities said Wednesday.

Authorities declined to name any of those charged. One of the corporations is an offshore Internet company with an American counterpart, said Kevin Ryan, a spokesman for Queens District Attorney Richard Brown.

Ryan said the case is “one of the first times that a Web designer corporation and the companies that maintain the Web sites have been charged.”

Police said the arrests were made in New York, New Jersey, Florida and Nevada. The scheme involved placing sports bets through bookies via a secure Internet site.

More here.

WiMax's New Target: Seattle Homes

Tricia Duryee writes in The Seattle Times:

At Seattle's 1962 World's Fair, the Space Needle stood as a symbol for what the future would bring.

Today, the landmark is signifying something no one would have ever imagined 44 years ago.

Clearwire, wireless pioneer Craig McCaw's latest venture, is officially launching a new service in Seattle that provides Internet service to the home wirelessly. The service, a form of an emerging technology called WiMax, operates through a system of towers that transmit and receive signals allowing users to be online.

More here.

EU: Microsoft Still Hasn't Supplied Data

An AP newswire article, via MSNBC, reports that:

EU regulators said Wednesday that Microsoft Corp. has still not supplied "complete and accurate interface documentation" to comply with a March 2004 antitrust order and risks further fines unless it takes action by Nov. 23.

The European Commission fined Microsoft $357 million in July for not supplying technical information that aims to help rivals make server software that works smoothly with Microsoft's desktop operating system Windows.

More here.

2006 Annual Update: SANS Top-20 Internet Security Attack Targets

Johannes Ullrich writes on the SANS Internet Storm Center Daily Handlers Diary:

Today, the SANS Institute released an updated Top 20 Internet Security Attack Targets list.

This update reorganizes the list recognizing the new reality of operating system independent issues. Sections for cross-platform applications, network devices, policy and the overall issue of 0-day attacks where added.

The list has been released for the last 7 years. From the start, organizations like the FBI assisted in putting the list together. It is in particular useful if you have to set and defend priorities.

See the entire SANS 2006 Update to the Top 20 List here.

FOIA Documents Reveal 478 IRS Laptops Lost or Stolen

Mark Segraves writes for WTOP Radio:

The Internal Revenue Service is the latest federal agency to acknowledge a security breach involving missing laptop computers. The breach once again puts Americans at risk of identity theft.

According to documents obtained by WTOP through the Freedom of Information Act, between 2002 and 2006 year-to-date, the agency charged with collecting taxes and protecting taxpayers' personal information had 478 laptops either lost or stolen.

Of those missing computers, 112 contained sensitive data including the Personal Identifiable Information, such as Social Security numbers, for some U.S. taxpayers.

The IRS was unable to disclose how many people could be at risk of identity theft, but said they are working to make that determination.

More here.

(Props, Privacy.org.)

Tuesday, November 14, 2006

Analysts: Terrorists Plugged in to Internet, West Must Catch Up

An AP newswire article, via The International Herald Tribune, reports that:

Terrorists have long embraced the Internet as a tool for propaganda and planning, and some even post comedy and Top 10 lists to draw in young recruits, experts said Tuesday.

But while the militant organizers and recruiters are staying plugged-in, Western governments have been slow to recognize the Internet's role in fostering terrorism, analysts said at a Digital Terrorism conference.

More here.

Tesla Lives! Physics Promises Wireless Power

Jonathan Fildes writes for The BBC:

The tangle of cables and plugs needed to recharge today's electronic gadgets could soon be a thing of the past.

US researchers have outlined a relatively simple system that could deliver power to devices such as laptop computers or MP3 players wirelessly.

The concept exploits century-old physics and could work over distances of many metres, the researchers said.

Although the team had not built and tested a system, computer models and mathematics suggest it would work.

More here.

UK: Crackdown on Firms Stealing Personal Data

David Leigh writes on The Guardian.co.uk:

The information commissioner signalled a crackdown last night on companies that steal and sell sensitive details of people's private lives after a prosecution exposed the growth in data theft.

Richard Thomas, the official privacy watchdog, said he was investigating a number of organisations that have bought personal data such as details of bank accounts, tax returns and mortgage payments. He warned of raids and prosecutions after the conviction yesterday of a husband and wife who made £140,000 a year selling private financial information obtained by deception.

More here.

U.S. Military Health System Loses Nearly 5,000 Records

Bob Brewin writes on Government Health IT:

The Military Health System (MHS) lost records of almost 5,000 patient encounters because of hardware and software problems with portions of the Defense Department’s Armed Forces Health Longitudinal Technology Application (AHLTA) electronic health record system, a top MHS official told Federal Computer Week.

The system is also experiencing backup problems with data stored locally at military treatment facilities (MTFs), which a Defense Information Systems Agency official described as anomalies but not systemic. DISA maintains the MHS network and provides mainframe storage at one of its data centers and local storage at MTFs.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Nov. 14, 2006, at least 2,852 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,285 died as a result of hostile action, according to the military's numbers.

The AP count is three more than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casuality Count website here.

Alcatel Seals Cable & Wireless Deal

Craig Matsumoto writes on Light Reading:

At long last, Alcatel gets to announce it's included in the Cable & Wireless plc next-generation network (NGN) buildout.

Alcatel announced today that it's deploying 200 to 250 nodes for C&W during the next two to three years. C&W's NGN is comparable to the BT Group plc 21CN rollout, not just for the preponderance of capital letters, but because they both involve building a new, unified network for handling traffic.

More here.

Former HP Chair Patricia Dunn To Be Arraigned Wednesday

K.C. Jones writes on InformationWeek:

Former Hewlett-Packard Board Chairwoman Patricia Dunn is scheduled for arraignment Wednesday in Santa Clara County Superior Court on felony charges related to the HP boardroom spy scandal.

California Attorney General Bill Lockyer's office announced the arraignment Tuesday. Dunn's case was originally scheduled for Friday. California prosecutors and the defendants' attorneys still plan to discuss case management and scheduling during an appearance in court Friday, the same day HP's quarterly results are due.

All defendants are also expected to file a waiver of appearance by Friday, Lockyer's spokesperson Tom Dresslar said in a prepared statement. That means the defendants will not have to appear in court until trial, preliminary hearings, or sentencing.

More here.

Meet the World's Most Prolific Spammers

John Leyden writes on The Register:

Spamhaus has published a revised list of the world's 10 worst spammers. According to the anti-spam organisation, 200 professional spam gangs are responsible for 80 per of the high volume of junk mail pumped onto the internet every day.

Public enemy number one is a Ukrainian known variously as Alex or Alexey, a prolific user of botnets, networks of PCs compromised with malware, to send out junk mail in association with a Russian spam gang called Pavka/Artofit. Alexey is involved in distributing child porn spam, among the many types of unsolicited junk he spew onto the net every day.

More here.

Amanda Congdon Watch: Former Rocketboom Host Going to Work For ABC

Amanda Congdon


Greg Sandoval writes on the C|Net Media Blog:

Amanda Congdon, who rose to become the Katie Couric of the Internet while host of video blog Rocketboom.com, has accepted a job with ABC News Digital Entertainment.

Congdon will be part of a weekly video blog at ABCNEWS.com and also appear on the network's broadband channel, ABC News Now.

More here.