Saturday, January 06, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Jan. 6, 2007, at least 3,006 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,414 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Britons' Fingerprints to be Scanned for FBI Database

Paul Harris, Jamie Doward, and Paul Gallagher write in The Observer (UK):

Millions of Britons who visit the United States are to have their fingerprints stored on the FBI database alongside those of criminals, in a move that has outraged civil rights groups.

The Observer has established that under new plans to combat terrorism, the US government will demand that visitors have all 10 fingers scanned when they enter the country. The information will be shared with intelligence agencies, including the FBI, with no restrictions on their international use.

US airport scanners now take only two fingerprints from travellers. The move to 10 allows the information to be compatible with the FBI database.

'We are going to start testing at several airports,' a Department of Homeland Security spokeswoman confirmed. 'It will begin some time this summer.'

More here.

Picture of the Day: Vista Beffudlement

Image source: Todd Bishop's Microsoft Blog


Todd Bishop writes on his Microsoft Blog in The Seattle Post-Intelligencer:

Some people were already a little befuddled by the slogan Microsoft is reportedly using to promote the upcoming Windows Vista launch: "Wow! When you see it, you'll say it." Now, to complicate things a little further, it looks like there may be variations on the slogan, related to different features of the operating system, such as fast file searching.

This is one of the ads greeting people arriving here today in preparation for the Consumer Electronics Show -- using the word "find" in place of the word "see." Should be interesting to see how people react to the campaign.

More here.

Toon; Bad News Bears


Click for larger image.


Glitch Stymies Bank of America Online Clients

Via The San Francisco Chronicle.

A hardware glitch interrupted service for some Bank of America online customers Thursday in California and some other areas around the country, a bank spokeswoman said Friday.

The interruption began about 7 a.m. and service was restored about 11 a.m. Thursday, spokeswoman Betty Riess said. Customers had difficulty signing in to online banking during that period, she said.

More here.

Attack of the Zombie Computers Is a Growing Threat

John Markhoff writes in The New York Times:

In their persistent quest to breach the Internet’s defenses, the bad guys are honing their weapons and increasing their firepower.

With growing sophistication, they are taking advantage of programs that secretly install themselves on thousands or even millions of personal computers, band these computers together into an unwitting army of zombies, and use the collective power of the dragooned network to commit Internet crimes.

These systems, called botnets, are being blamed for the huge spike in spam that bedeviled the Internet in recent months, as well as fraud and data theft.

Security researchers have been concerned about botnets for some time because they automate and amplify the effects of viruses and other malicious programs.

More here.

ICANN Revives .XXX TLD Proposal

Here we go again...

An AP newswire article by Anick Jesdanun, via The Mercury News, reports that:

The Internet's key oversight agency has revived a proposal it earlier rejected to create an online red-light district, after adding stronger provisions to prohibit child pornography and require labeling of Web sites with sexually explicit materials.

The use of the proposed ".xxx" domain name would remain voluntary, but any porn sites that choose to use it instead of the more popular ".com" would be subject to the new terms issued late Friday by the Internet Corporation for Assigned Names and Numbers.

The idea of a separate ".xxx" domain has generated significant opposition from conservative groups and even some pornography Web sites.

More here.

Props to Bret Fausett, who originally alerted us to ICANN's intention to reconsider this proposal here.

Background here, here, here, here, here, and here.

Friday, January 05, 2007

Illinois College Wants Internet Firewall, Not 'Censorship'

Corina Curry writes in The Rockford Register:

A new firewall installed to block access to sexually explicit material, video games and social networking Web sites on Rock Valley College computers has prevented some students and faculty from educational endeavors.

For example, attempts to do Internet research on sexual disorders for an abnormal psychology class have been denied. Students and staff had problems posting to blogs, too, even ones that dealt with politics. The students involved in the college’s Model United Nations organization couldn’t access U.N.-related Web sites.

It started in June when the college installed a Web filter called Barracuda. Officials from the college’s information technology department said they’d open specific sites upon request, but that made Web browsing difficult, some faculty said, as they’d have to submit requests and wait for access.

More here.

(Props, Flying Hamster.)

Two LA City Engineers Charged With Hacking Into Computers That Control Traffic Signals

Via CBS2.com.

Two Los Angeles city engineers have been charged with hacking into a computer system and sabotaging the traffic signals at four critical intersections. Prosecutors say Gabriel Murillo and Kartik Patel work as engineers with the city's Automated Traffic Surveillance Center.

On August 21st, they allegedly sent commands that disconnected the traffic signals, then sabotaged the system to prevent other managers from fixing the problem. That caused traffic jams for motorists until the situation could be resolved. District Attorney Steve Cooley says this happened just hours before a job action against the city by the Engineers and Architect's Association. It took four days to correct the problem.

Link.

Four Month Sentence for Utah College Hacker

An AP newswire article, via The Boston Globe, reports that:

A University of Utah student who admitted hacking into a university computer system to change his grades was sentenced to four months in jail or a halfway house.

You Li, 22, admitted Thursday that he changed his grades in December 2004. His official record, however, remained the same because he had accessed a backup file. Li said he used a software program to decrypt the password on the math department's computer system and then found a professor's password.

More here.

EarthLink, San Francisco Finalize Wi-Fi Contract

Elinor Mills writes on the C|Net Google Blog:

The city of San Francisco and EarthLink have finalized a contract that will enable EarthLink to build a citywide wireless network and Google to provide free Internet access.

Details of the contract, completed on Friday, can be seen here [.pdf]. The agreement must be approved by the San Francisco Board of Supervisors.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Jan. 5, 2007, at least 3,006 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,414 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Microsoft Pulls Four Planned Patches

Joris Evers writes on C|Net News:

Microsoft has pulled four bulletins from its announced list of Patch Tuesday fixes, but did not specify why it was backpedaling on the security releases.

It now plans to issue four security bulletins on Tuesday, rather than the eight originally announced, the software giant said Friday in an updated notice on its Web site.

More here.

Senator Feinstein Calls for Federal Probe in Kim Family Tragedy

An AP newswire article by Joseph B. Frazier, via The Mercury News, reports that:

U.S. Sen. Dianne Feinstein said today an unlocked gate in the mountains of Southern Oregon contributed to the death of a San Francisco man whose family car got stuck in snow, and she called for an Interior Department investigation.

The California Democrat commended Interior Secretary Dirk Kempthorne for the search efforts by the Bureau of Land Management for James Kim, 35, whose body was found Dec. 6 after he left his family in their snowbound car to find help.

More here.

San Francisco ISP Shuts Down Website After Disney Complaint

Via ContactMusic.com.

An Internet service provider in San Francisco has shut down a website that posted recorded excerpts by right-wing talk-show hosts on ABC affiliate KSFO in which they endorsed torture of Iraqi prisoners, called for the hanging of New York Times editor Bill Keller and other journalists, and urged callers to mock Islam, according to MediaPost's online website, OnlineMediaDaily.com.

The trade publication said that the ISP, 1&1 Internet, acted after receiving complaints from ABC Radio that the posted material violated the Walt Disney Company's copyright. However, the operator of the site, who goes by the online name "Spocko," insisted that the audio postings represented "fair use" and maintained that Disney had acted because KSFO advertisers whom he had contacted, including Netflix, MasterCard, Bank of America, and Visa, have already withdrawn advertising from the station. ABC and Disney declined to comment.

More here.

Venezuelan Teen Detained in Hacking Case

An AP newswire article by Natalie Obiko Pearson, via MSNBC, reports that:

A 17-year-old has been detained by Venezuelan authorities after hacking into multiple government Web sites and posting playful photos of President Hugo Chavez and his close ally, Cuba's Fidel Castro.

The boy modified 23 Web sites — including those of the vice president's office, the National Guard and the investigative police — in late December, said Oswaldo Guevara, the investigative police's head of computer-related crimes.

He appended his hacker name — "J41ber" — and home telephone number on the photo postings and other cosmetic changes made to the home pages, and the modifications included photomontages of Chavez and Castro, Guevara said.

More here.

Hacker Cleans Out 401(K) Account

Bob Sullivan writes on The Red Tape Chronicles:

One moment Dave DeSmidt had $179,000 in his 401(k) retirement account, the next he had nothing. In an instant, 25 years of savings had disappeared.

With a few clicks, someone raided DeSmidt’s retirement account with J.P. Morgan & Co and ordered a full disbursement to a private checking account.

Then came the really bad news. While credit card and online banking accounts are legally protected in the event of fraud, DeSmidt’s brokerage account came with no such insurance. Two months after the theft, his balance still read $0.

With hacking of brokerage accounts increasing, the legal gap facing DeSmidt and other victims has regulators and critics debating the need for new consumer protections.

More here.

Google Joins Telescope Project

Design of LSST Telescope dome and local facilities, current as of January 2007. Google Inc. has joined with nineteen other organizations to build the Large Synoptic Survey Telescope, scheduled to see first light atop Cerro Pachón in Chile in 2013.
Image source: Michael Mullen Design / LSST Corporation)


Via Technology News Daily.

Google has joined a group of 19 universities, national labs and private foundations that are building the Large Synoptic Survey Telescope (LSST).

Scheduled to begin operations in 2013, the 8.4-meter LSST will be able to survey the entire visible sky deeply in multiple colors every week with its three-billion pixel digital camera. The telescope will probe the mysteries of dark matter and dark energy, and it will open a movie-like window on objects that change or move rapidly: exploding supernovae, potentially hazardous near-Earth asteroids as small as 100 meters, and distant Kuiper Belt Objects.

More here.

Surveillance Technology Helps Catch Serial Killer

K.C. Jones writes on InformationWeek:

Old-fashioned detective work would have solved a murder that led to the arrest of a serial killer in Philadelphia, but technology left the perpetrator without a defense, police said.

"We would have been able to solve the case without technology," said Homicide Unit Det. Charles Boyle. "It was a tip that did it, but the technology made it a slam-dunk."

Boyle, who investigated the shooting of 48-year-old Patricia McDermott in May 2005, said a tipster identified Juan Covington as a suspect, but video collected from more than 50 private and public cameras brought the tipster forward and strengthened the case. It was not the first time authorities have used technology in a criminal investigation, but it was the first time detectives in Philadelphia used so many surveillance systems to solve a crime, Boyle said.

More here.

ITAA Sides With Capitol Hill bill on Internet Tax Ban

David Hubler writes on FCW.com:

The Information Technology Association of America expressed support today for a bipartisan congressional proposal to codify the existing tax ban on Internet access and online sales.

Proposed by Sens. Ron Wyden (D-Ore.), John McCain (R-Ariz.) and John Sununu (R-N.H.), the bill would make permanent the current Internet tax ban, which went into effect in 1998 and is set to expire Nov. 1.

The law prevents state and local governments from assessing taxes on Internet access, taxing transactions already taxed by another jurisdiction and levying discriminatory taxes that treat Internet purchases differently from other types of sales.

More here.

Cingular Raises Text-Messaging Fees

Combine this will other fee increases AT&T is enacting, and they look to be in a position to reap huge revenue increases.

An AP newswire article by Bruce Meyerson, via the NewsFactor Network, reports that:

Cingular Wireless is raising the text messaging rate for customers without a monthly texting plan to 15 cents per message sent or received, an increase of 5 cents.

The increase comes two months after an identical move by Sprint Nextel Corp., which also raised the rate for pay-as-you-go texting from 10 cents to 15 cents per message.

Verizon Wireless and T-Mobile USA each charge 10 cents per message sent or received without a texting plan.

More here.

India Will Train Police To Catch Cybercriminals

Paul McDougall writes on InformationWeek:

In an effort to better protect the millions of outsourced consumer and business records that find their way to its shores each year, India has begun training law enforcement personnel to identify and catch cybercriminals.

The state of Karnataka, home to tech hot spot Bangalore, on Thursday announced the opening of a lab where it expects to train more than 1,000 police officers and other law enforcement personnel annually in cybercrime investigation techniques. The center, located in Bangalore, will be the third such facility opened by Indian authorities. Cybersecurity centers already operate in the cities of Mumbai and Thane.

More here.

Netcraft: January 2007 Web Server Survey

Via Netcraft.

In the January 2007 survey we received responses from 106,875,138 sites, an increase of 1.63 million from last month's survey. Leading the growth is Microsoft, which adds more than 650K hostnames on its Windows Live Spaces blog service, while Go Daddy (+165K) and Google (+105K) also had growth of more than 100,000 sites this month.

Windows improve its share of the market for web server software, gaining 0.1 percent while Apache slips by 0.5 percent this month. Windows added 620K hostnames, while Apache had growth of 492K sites. Microsoft's gains were more pronounced in active sites (hostnames that contain content and likely to represent developed web sites), where its share is 0.88 percent higher and now approaching 35 percent, compared to 59 percent for Apache.

More here.

Chinese Web Users 'Lose' 10,000 Domain Registrations in Quakes

Via Reuters.

Chinese Web users lost around 10,000 Internet domain names due to disruption caused by last month's earthquakes off Taiwan, state media said on Friday.

The domain names -- or Web site addresses -- vanished after Chinese users were unable to update them or failed to re-register them on their expiry, the official Xinhua news service said, citing China International Network Information Center.

Domain name servers were not responsible for lost domain names if holders did not re-register in time, Xinhua quoted a center insider as saying, since the loss was an "act of God".

More here.

Thursday, January 04, 2007

Computer at University of Northern Iowa Hacked

Erin Jordan writes in The Des Moines Register:

The University of Northern Iowa is contacting students, faculty and staff who use the Wellness/Recreation Center about a security breach in a computer server that stored users’ names, addresses and phone numbers.

The breach, discovered Dec. 26, occurred when someone outside UNI stored large files of music in a hidden folder on the server so that the music could be accessed from the Internet, said Steve Moon, acting associate vice president for information technology.

The computer, used for checking users into the recreation center, contained the names, addresses and phone numbers of students, faculty and staff who use the facility.

More here.

(Props, Flying Hamster.)

Secure Chip-and-PIN Terminal Hacked to Play Tetris

Image source: Boing Boing

Sweet hack...

Via Boing Boing.

Security researchers Steven Murdoch and Saar Drimer hacked one of Britain's much-vaunted "tamper-resistant" chip-and-PIN credit-card processing terminals so that it plays Tetris.

See the video here at Light Blue Touchpaper.

ICANN Reconsidering .XXX TLD Issue?

Props to Bret Fausett for reporting this.

"The ICANN Board considered the [.XXX] agreement at its meeting on 10 May 2006 and voted not to approve the agreement as proposed, but did not reject the application. The applicant has continued to work to modify the agreement in order to address public policy issues raised by the GAC."

"ICM and ICANN Staff have been renegotiating a revised agreement in preparation for community review and board consideration. ICANN will post that agreement upon completion of the present round of discussions for public comment."

More here.

AT&T Planning Big Price Hike for Call Waiting

David Lazarus writes in The San Francisco Chronicle:

Just as AT&T was trumpeting the benefits to consumers of its $86 billion takeover of BellSouth last week, the company was mailing notices to California phone customers saying that prices for a variety of popular services are about to go up -- in some cases by between 24 and 57 percent.

Gordon Diamond, an AT&T spokesman, said it's just a coincidence that millions of California customers received word of price increases around the same time that the company's acquisition of BellSouth was approved by federal authorities.

More here.

Negroponte's Likely Replacement Makes Civil Libertarians Nervous

Rear Admiral John McConnell, 1990
Image source: Wikipedia

Michael Hirsh and Mark Hosenball write on Newsweek.com:

...some of [retired Vice Admiral John Michael McConnell]'s longtime associations may cause him headaches during Senate confirmation hearings, especially with the Democrats taking over Congress. One such tie is with another former Navy admiral John Poindexter, the former Iran-contra figure who started the controversial "Total Information Awareness" program at the Pentagon in 2002.

The international consultancy that McConnell has worked at for a decade as a senior vice president, Booz Allen Hamilton, won contracts worth $63 million on the TIA "data-mining" program, which was later cancelled after congressional Democrats raised questions about invasion of privacy.

McConnell will be named by week's end to replace John Negroponte, who will move on to become Condoleezza Rice's deputy secretary of State, according to a White House official who requested anonymity because of the sensitivity of the matter.

Much more here.

Acrobat Reader Security Risk Greater Than Originally Thought

Joris Evers writes on C|Net News:

A recently discovered security weakness in the widely used Acrobat Reader software could put Net users at more risk than previously thought, experts warned Thursday.

Initially, security professionals thought that the problem was restricted and exposed only Web-related data or could support phishing scams. Now it has been discovered that miscreants could exploit the problem to access all information on a victim's hard disk drive, said Web security specialists at WhiteHat Security and SPI Dynamics.

Key to increased access is where hostile links point. When the issue was first discovered, experts warned of links with malicious JavaScript to PDF files hosted on Web sites. While risky, this actually limits the attacker's access to a PC. It has now been discovered that those limits can be removed by directing a malicious link to a PDF file on a victim's PC.

More here.

Mr. Fish: Bipartisanship in the New Congress


Via TruthDig.

U.S. Nuclear Agency Head Dismissed for Security Lapses

H. Josef Hebert writes on The Times and Democrat:

Energy Secretary Samuel Bodman on Thursday dismissed the chief of the country's nuclear weapons program because of security breakdowns at the Los Alamos, N.M., laboratory and other facilities.

Linton Brooks said he would leave in two weeks to three weeks as head of the National Nuclear Security Administration, a post he held since May 2003.

Brooks was reprimanded in June for failing to report to Bodman a security breach of computers at an agency facility in Albuquerque, N.M., that resulted in the theft of files containing Social Security numbers and other personal data for 1,500 workers.

The theft did not become generally known, nor was Bodman made aware of it, for eight months.

More here.

(Props, Pogo Was Right.)

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Jan. 4, 2007, at least 3,006 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,413 died as a result of hostile action, according to the military's numbers.

The AP count is eight higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Computer Theft Exposes Patient Data Across Five States

Jaikumar Vijayan writes on ComputerWorld:

The theft of a computer from the office of an Ohio-based health care contractor on Nov. 23 has exposed sensitive data belonging to tens of thousands of patients in five health care firms across five states.

The compromised data includes the names, addresses, medical record numbers, diagnoses, treatment information and Social Security numbers of the patients. Among those affected are patients at Atlanta-based Emory Healthcare, Danville, Pa.-based Geisinger Health System and Franklin, Tenn.-based Williamson Medical Center. The names of two other health care providers affected by the burglary at Cincinnati-based Electronic Registry Systems Inc. (ERS) have not yet been released.

More here.

Cisco Warns of Vulnerabilities in NAC Product

Paul F. Roberts writes on InfoWorld:

Networking equipment vendor Cisco Systems Inc. issued an advisory to customers Wednesday about two serious vulnerabilities in its Cisco Clean Access software, a network access control product.

The two issues could allow remote attackers to gain control of the devices, or glean sensitive data from Clean Access customers that could be used to compromise the Clean Access Manager (CAM) product, the company said.

More here.

Internet Explorer Unsafe for 284 Days in 2006

Brian Krebs writes on Security Fix:

Security Fix spent the past several weeks compiling statistics on how long it took some of the major software vendors to issue patches for security flaws in their products.

Since Windows is the most-used operating system in the world, it makes sense to lead off with data on Microsoft's security updates in 2006.

More here.

Broadband Tax Plan Revived in U.S. Senate

Anne Broache writes on C|Net News:

Scarcely a half day into the 110th Congress's inaugural session, a proposal has resurfaced to collect fees from all communications service providers--including broadband and voice over Internet protocol--in order to subsidize telephone and Internet services in rural and other "high cost" areas, schools and libraries.

Sen. Ted Stevens on Thursday introduced the Universal Service for Americans Act. The name comes from the multibillion-dollar Universal Service Fund, which supporters say has dwindled over the past few years because it depends on contributions from long-distance revenues, which no longer compose as significant a portion of Americans' telephone bills.

More here.

Patch Tuesday: Windows, Office to Get 'Critical' Fixes

Joris Evers writes on C|Net News:

As part of its monthly patch cycle, Microsoft plans to release on Tuesday eight security bulletins to plug holes in its software products.

The most serious problems are in the Windows operating system and Office productivity suite, Microsoft said in a heads-up on its Web site Thursday. Each of those two product families will get three security bulletins, some of which will be tagged as "critical," Microsoft's highest risk rating.

In addition, Microsoft in its advance notification separates out two more security bulletins, one for Windows and Visual Studio and one for Windows and Office. These will be rated "important," a notch lower on the the company's risk ranking.

More here.

Brazilian Court Orders YouTube Shut Down Celeb Sex Video

Via Reuters.

A Brazilian court ordered the popular video sharing service YouTube, a unit of Internet search provider Google Inc., to be shut down until it removes a celebrity sex video from its site, a judicial clerk said on Thursday.

Daniela Cicarelli, a model and ex-wife of soccer great Ronaldo, sued YouTube after a video of her apparently having sex in shallow water on a beach with her boyfriend was posted to the site.

For days it was the most viewed video in Brazil.

More here.

Google Buys Stake in China's Xunlei

Via Reuters.

Google Inc., the world's largest search engine, has bought a stake in China's Xunlei Network Technology Co, which provides file-sharing and other services, a Google spokesman said on Thursday.

Terms of the deal were not disclosed by Google, although the China Daily earlier reported that Xunlei planned to announce the details soon.

More here.

Bush Quietly Claims Sweeping Powers to Open Americans' Mail Without a Warrant

James Gordon Meek writes in The New York Daily News:

President Bush has quietly claimed sweeping new powers to open Americans' mail without a judge's warrant, the Daily News has learned.

The President asserted his new authority when he signed a postal reform bill into law on Dec. 20. Bush then issued a "signing statement" that declared his right to open people's mail under emergency conditions.

That claim is contrary to existing law and contradicted the bill he had just signed, say experts who have reviewed it.

Bush's move came during the winter congressional recess and a year after his secret domestic electronic eavesdropping program was first revealed. It caught Capitol Hill by surprise.

More here.

U.S. Bars Lab From Testing Electronic Voting

Christopher Drew writes in The New York Times:

A laboratory that has tested most of the nation’s electronic voting systems has been temporarily barred from approving new machines after federal officials found that it was not following its quality-control procedures and could not document that it was conducting all the required tests.
Skip to next paragraph

The company, Ciber Inc. of Greenwood Village, Colo., has also come under fire from analysts hired by New York State over its plans to test new voting machines for the state. New York could eventually spend $200 million to replace its aging lever devices.

Experts on voting systems say the Ciber problems underscore longstanding worries about lax inspections in the secretive world of voting-machine testing. The action by the federal Election Assistance Commission seems certain to fan growing concerns about the reliability and security of the devices.

The commission acted last summer, but the problem was not disclosed then. Officials at the commission and Ciber confirmed the action in recent interviews.

More here.

Programming Note

I'm wrapped up in meetings most of the morning and afternoon, so posting will be light until later today.

Having said that, here is the big story of the morning:

Cisco Announces Agreement to Acquire IronPort

- ferg

Wednesday, January 03, 2007

Off Topic: Bush Set to Announce 20K Troop Surge in Iraq

Jim Miklaszewski reports on MSNBC:

Although nothing is final until President Bush puts his stamp on it, administration officials tell NBC News the president has all but decided on a temporary surge of additional American forces into Iraq in an effort to bring sectarian violence in Baghdad under control.

While no one is talking specific numbers, military officials believe it would involve some 20,000 additional soldiers and Marines.

More here.

This is, in my opinion, an outrage.

And I agree with Keith Olbermann...

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Jan. 3, 2007, at least 3,005 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,407 died as a result of hostile action, according to the military's numbers.

The AP count is 12 higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Immigrants Behind 25% of High-Tech Startups in U.S.

An AP newswire article by Rachel Konrad, via The Boston Globe, reports that:

Foreign-born entrepreneurs were behind one in four U.S. technology startups over the past decade, according to a study to be published Thursday.

A team of researchers at Duke University estimated that 25 percent of technology and engineering companies started from 1995 to 2005 had at least one senior executive -- a founder, chief executive, president or chief technology officer -- born outside the United States.

Immigrant entrepreneurs' companies employed 450,000 workers and generated $52 billion in sales in 2005, according to the survey.

Their contributions to corporate coffers, employment and U.S. competitiveness in the global technology sector offer a counterpoint to the recent political debate over immigration and the economy, which largely centers on unskilled, illegal workers in low-wage jobs.

More here.

Canadian Sex-Abuse Victim Traced, Rescued After Online Plea to Australia

A Canadian Press article, via CANOE.ca, reports that:

A young victim has been removed from a sexually abusive situation after the RCMP teamed with an Internet provider to trace an anonymous plea for help the Canadian child made online to Australia.

The RCMP say the child sent an e-mail to a kids' help line in Australia, which was forwarded to the Queensland police Internet child exploitation unit.

An FBI task force in Washington determined that the Internet service provider was Bell Aliant in Canada.

More here.

Personal Info On Ohio Bank Customers Stolen

Craig Simpson writes on Akron News Now:

KeyCorp has notified customers in Ohio and other states that private information about them was taken when a laptop computer was stolen from an outside vendor.

Officials say the information on 9,300 customers may include Social Security Numbers. Corporate communications for the Cleveland-based bank say affected customers were notified by mail.

Key hired the unnamed vendor to scan paper documents into a computer format for storage. Officials say the vendor violated its contract by putting the data on a laptop computer that was taken outside of its offices and failing to encrypt sensitive information. They say that vendor has since been fired.

More here.

(Props, Pogo Was Right.)

Blue Origin: Development Flight, and We are Hiring!

Blue Origin's "Goddard" test vehicle.
Image source: Blue Origin

Alan Boyle writes on MSNBC's Cosmic Log:

After years of working behind closed doors and locked gates, Amazon.com founder Jeff Bezos has finally lifted the curtain that shrouded Blue Origin, his space tourism venture. Among the goodies now displayed on Blue Origin's Web site are photos and videos from the venture's maiden test flight, as seen from the ground as well as a rocket-cam ... pictures from the West Texas launch range as well as Blue Origin's production facility in a Seattle suburb ... and even the Blue Origin coat of arms, emblazoned with the motto "Gradatim Ferociter" (Step by Step, Fiercely).

Bezos founded Blue Origin in 2000, with the aim of developing a new type of vertical-takeoff, vertical-landing rocket ship capable of taking passengers to the edge of space.

More here.

South Carolina Proposes to Gather DNA From All Arrestees

Yvonne M. Wenger writes in The (Charleston, S.C.) Post and Courier:

Police would have the power to seize DNA samples from anyone arrested for a crime - from shoplifting to murder - under legislation proposed by state lawmakers.

The measure would provide South Carolina with the most aggressive DNA sampling program in the nation, allowing authorities to collect a person's genetic profile for even petty offenses before he or she is tried for the crime.

Senate Pro Tem Glenn McConnell said the proposed legislation is part of a package of bills aimed at cracking down on increasing violence. Maintaining a bank of DNA samples will help police solve cases quicker and aid in the investigations of cold cases while also ensuring the falsely accused aren't prosecuted for crimes they didn't commit, he said.

Some civil rights advocates are afraid the legislation on DNA sampling goes too far, although McConnell said it has safeguards built in to ensure constitutional rights are protected.

More here.

(Props, Privacy.org.)

7th Circuit Ruling Expands Use of FISA Wiretaps

Pamela A. MacLean writes on LAW.com.

Federal prosecutors may use wiretap evidence obtained under the Foreign Intelligence Surveillance Act in spy cases for criminal prosecutions unrelated to the original espionage purpose of the wiretap, the 7th U.S. Circuit Court of Appeals has held.

The ruling is the first outside the special FISA court itself to interpret the law as expanding the ability of prosecutors to use the act in a variety of criminal contexts, according to defense attorney James Geis, a Chicago solo practitioner representing Ning Wen, who was convicted of violating export-control laws.

"Unless there is a constitutional problem in domestic use of evidence seized as part of an international investigation, there is no basis for suppression," wrote Chief Judge Frank Easterbrook in U.S. v. Wen, No. 06-1385.

"I think this holding makes it virtually impossible to challenge a FISA search," said Geis. "This pretty much makes it bulletproof."

More here.

(Props, Pogo Was Right.)

Public Microsoft Vista 0-day Exploit

Via eEye Research.

A new exploit has been posted to Full Disclosure which describes an attack which allows a logged in user to elevate their privileges to SYSTEM. eEye Research has verified that this public exploit does work as advertised.

This exploit represents the first public exploit for the Vista platform, which is attacking the first public zero-day for Vista as well. The technical nitty-gritty for this vulnerability can be found on the eEye Research ZDT.

More here.

Also posted at milw0rm.com.

Report: Exxon-Mobil Cultivates Global Warming Doubt

Deborah Zabarenko writes for Reuters:

Energy giant ExxonMobil borrowed tactics from the tobacco industry to raise doubt about climate change, spending $16 million on groups that question global warming, a science watchdog group said on Wednesday.

"ExxonMobil has manufactured uncertainty about the human causes of global warming just as tobacco companies denied their product caused lung cancer," Alden Meyer of the Union of Concerned Scientists said at a telephone news conference releasing the report.

An ExxonMobil spokesman did not respond immediately to calls for comment.

The union, a nonprofit group based in Cambridge, Massachusetts, said ExxonMobil, the world's biggest publicly traded corporation, had succeeded in parlaying a relatively modest investment into unwarranted public doubt on findings that have been overwhelmingly endorsed by mainstream science.

More here.

Quote of the Day: Ryan Singel

Image source: Unfairlybalanced.com

"Homeland Security should pay him to lay his hands on the databases processing visa requests and airline passenger data so he can figure out who is going to bomb us next. Or better yet, perhaps all Robertson's true believers can send in $100 and join the Pat Robertson Blessed Traveler program, so they won't have to undergo any pat-down screening when the Rapture comes."

- Ryan Singel, writing on 27B Stroke 6, regarding the prophecies of Pat Robertson.

Hackers' Handiwork Slithers Onto Websites

Elise Ackerman writes in The Mercury News:

It was the year when cybercriminals targeted everything from MySpace to Wikipedia, and even a Web site maintained by a Kentucky Boy Scout troop wasn't safe for casual browsing.

Computer security experts said 2006 was also the year that hacking stopped being a hobby and became a lucrative profession practiced by an underground of computer developers and software sellers.

More here.

Chunghwa Telecom to Upgrade Networks

An AP newswire article, via PhysOrg.com, reports that:

Taiwan's Chunghwa Telecom Co. plans to spend nearly $4 billion over the next five years to upgrade its telecommunications networks and build a new undersea cable system, Chairman Ho Chen Tan said Wednesday.

The spending plans were in place before an earthquake off Taiwan's southern coast last week damaged data transmission cables, disrupting telephone and Internet links across Asia.

More here.

Foreign Spy Activity Surges to Fill Technology Gap

Bill Gertz writes in The Washington Times:

Foreign spies are stepping up efforts to obtain secret U.S. technology through methods ranging from sexual entrapment to Internet hacking, with China and other Asian countries leading the targeting of U.S. defense contractors.

The report [.pdf] provides details of the methods used by foreign technology spies, from simple verbal requests for information to purchases of controlled technology and -- in at least one case -- the use of a woman who seduced a contractor into providing his computer password.

Other methods included offering marketing services to contractors, spying during visits to U.S. companies and the use of "cultural commonality" to obtain technology.

More here.

(Props, Secrecy News.)

Airlines Give Passenger Personal Details of Aussies to The U.S.

Dan Box writes on The Australian:

Every Australian flying to the US has their personal details provided to the US Government under a secretive deal with private airlines.

The details passed on may include names, addresses and telephone numbers, as well as email addresses and even dietary requirements that can be used as evidence of a person's religion.

A spokeswoman for the Customs Service said the provision of the information was a mandatory requirement imposed by the US Department of Homeland Security.

A spokeswoman for Qantas said the company had provided the US with such information since June 2004. Qantas's conditions of carriage state the airline does compile personal information, including health details, and may disclose this to foreign governments for security purposes.

More here.

Venice Project Would Break Many Users' ISP Conditions

Via OUT-LAW.com.

Internet television system The Venice Project could break users' monthly internet bandwith limits in hours, according to the team behind it.

It downloads 320 megabytes (MB) per hour from users' computers, meaning that users could reach their monthly download limits in hours and that it could be unusable for bandwidth-capped users.

The Venice Project is the new system being developed by Janus Friis and Niklas Zennström, the Scandinavian entrepreneurs behind the revolutionary services Kazaa and Skype. It is currently being used by 6,000 beta testers and is due to be launched next year.

More here.

Unclassified: Open–Source Intelligence From the Airwaves, 1941- 45

First FBIS headquarters in Washington, D.C. at 316 F Street, NE.
Image source: CIA.gov

A fascinating read.

Via CIA.gov.

In comparison with London, Washington was slow off the mark in establishing an official monitoring service. By 1941, much of the world was already engulfed in war and the Axis partners were flooding the airwaves. Apart from amateur radio operators and such corporate ventures as the CBS Listening Post in San Francisco, Americans were largely in the dark. One of the few sources of light was the Princeton Listening Center. Launched in November 1939 at Princeton University with funding from the Rockefeller Foundation, the Center was the US pioneer in the systematic monitoring, translation, and analysis of broadcasts from Berlin, London, Paris, Rome, and, to a lesser extent, Moscow.

Assistant Secretary of State Breckinridge Long became increasingly worried about the possible loss of diplomatic reporting and other information if the war caused American embassies to close. He looked to radio as a supplemental source of intelligence and turned to FCC Commissioner James L. Fly for action. In charge of regulating domestic radio, the FCC was given the expanded task of monitoring foreign broadcasts. The concept, according to a later article, was to launch “an official U.S. monitoring service, to give greater coverage and more detailed service than was possible through private radio chains or the newspapers.”

On 26 February 1941, the FCC received funding to launch the “Foreign Broadcast Monitoring Service,” the first name for FBIS. The service began its monitoring duties at 316 F Street, NE. On 1 October, FBIS opened its first bureau outside Washington—in a farmhouse at 13005 NE Glissan Street in Portland, Oregon—to monitor Japanese broadcasts. On 1 December, a bureau in Kingsville, Texas, went into operation to track broadcasts from Latin America. Other bureaus followed in the course of the war.

Much, much more here.

(Props, Defense Tech.)

New Molecules are Most Light-Sensitive Ever

Tom Simonite writes on NewScientistTech:

A new generation of super-light-sensitive compounds could make the internet and other optical networks faster, say researchers. The new class of carbon-based molecules interact with light more strongly than any tested before.

"They can beat a barrier that people have been trying to break for 20 years," says chemist Koen Clays, from the Catholic University of Leuven, Belgium. "Some people were afraid we would never do so."

The barrier – known as the "Kuzyk gap" – is the distance between the theoretical maximum light/matter interaction and that observed in reality. For the last two decades or so, the best performing molecules have achieved just one-thirtieth of the sensitivity of the theoretical maximum interaction.

More here.

How to Locate New Phishing Sites

Image source: F-Secure


Mikko Hyponnen writes on the F-Secure "News from the Lab" Blog:

Phishing sites are easy to locate once the bad boys start spamming out thousands of mails linking to their site. But how can such sites be found before that?

Here's an example.

You can subscribe to alert services that will let you know when a new domain with certain keywords has been registered. Domaintools is one such service.

More here.

Tuesday, January 02, 2007

Electronics Groups Sued Over Bluetooth

Richard Waters writes in the Financial Times:

A research foundation backed by the state of Washington has sued three of the world’s biggest consumer electronics makers over claims that they have infringed a series of patents surrounding the Bluetooth short-range wireless technology.

The suit, filed in Federal court in Seattle, claims that Matsushita, Samsung and Nokia should have sought a licence before using the technology in cellphones, headsets and other electronic equipment.

The Washington Research Foundation, which said it was acting on behalf of the University of Washington, owner of the patents in dispute, said it had already secured a licence over the technology from Broadcom, one of the biggest makers of communications chips, that would cover any consumer electronics that employ Bluetooth chipsets made by Broadcom.

However, it said that the three companies had all sold devices based on chipsets made by British-based CSR, which had not been licensed.

More here.

U.S. Cities Fall Short on Disaster Communications

An AP newswire article, via MSNBC, reports that:

Only six of 75 U.S. metropolitan areas won the highest grades for their emergency agencies' ability to communicate during a disaster, five years after the Sept. 11 terrorist attacks, according to a federal report obtained Tuesday by The Associated Press.

A draft portion of the report, to be released Wednesday, gives the best ratings to Washington, D.C.; San Diego; Minneapolis-St. Paul; Columbus, Ohio; Sioux Falls, S.D.; and Laramie County, Wyo.

The lowest scores went to Chicago; Cleveland; Baton Rouge, La.; Mandan, N.D.; and American Samoa. The report included large and small cities and their suburbs, along with U.S. territories.

More here.

James Kim Benefit Auction Starts Wednesday

Neha Tiwari writes on the C|Net Missing Links Blog:


A variety of eclectic art will be up for auction online starting Wednesday, with 100 percent of the proceeds going to the James Kim Memorial Fund.

Arts and crafts by dozens of artists will be available on the 5-day auction--among them, Jill Bliss, a featured artist at Doe, the Kims' boutique located in the Lower Haight district of San Francisco. Along with Bliss, 43 other artists have contributed their work in efforts to raise money for the Kims.

In addition to painted goods, there will be prints, pottery, soft toys, stationery, clothing, jewelry, home accessories and more. All of the items on the auction's Typepad site will be up for sale on eBay, where prospective buyers will be able to bid.

Click here for a preview of items available, and more information about the auction.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Jan. 2, 2007, at least 3,004 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,397 died as a result of hostile action, according to the military's numbers.

The AP count is 21 higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

$60 Gets You A New Medical Record And Free Foot Amputation

Karl writes over on techdirt.com:

We've talked at length about how hard it is to straighten out your record after you've had your identity stolen, assuming you know you're a victim in the first place. While it's one thing to debate a purchase with your credit card company, it's an entirely different animal trying to convince your medical provider you still retain possession of both of your feet.

One 57-year-old Florida woman found that after her identity was stolen, the information was used to pay for a costly foot amputation. Worse, after heading in for a hysterectomy, she found that the scammer's medical history was now intertwined with her own -- the records suggesting she had magically acquired some of the scammer's medical conditions (like diabetes).

Original article here at Businessweek.com.

Cancer Patients Face Risk of ID Theft, Emory Warns

Bill Hendrick writes in The Atlanta Journal-Constitution:

Officials at Emory University said Tuesday they have sent letters to more than 38,000 patients who have been treated for cancer at Emory Hospital, Emory Crawford Long Hospital and Grady Memorial Hospital, warning them that a computer containing their personal information had been stolen from a business contractor in Cincinnati.

The patients were advised to put a fraud alert on their credit reports because of the identity theft.

The patient records included names, addresses, medical data, treatment information and Social Security numbers, Emory said in a statement. The information was in a computer stolen from an office of Electronic Registry Systems, one of Emory Healthcare's business contractors.

More here.

GAO: DoD Programs Plagued by Immature Technology

Josh Rogin writes on FCW.com:

The Army has moved major programs forward despite a lack of critical technologies, a problem that causes delays and cost overruns and sometimes makes it impossible to provide service members with capabilities they need, according to David Walker, comptroller general at the Government Accountability Office.

The programs were based on unrealistic expectations and suffer from a lack of accountability and oversight, Walker said.

More here.

Five Hackers Who Left a Mark on 2006

Ryan Naraine writes on eWeek:

In the security year that was 2006, zero-day attacks and exploits dominated the headlines.

However, the year will be best remembered for the work of members of the hacking—er, security research—community who discovered and disclosed serious vulnerabilities in the technologies we take for granted, forced software vendors to react faster to flaw warnings and pushed the vulnerability research boat into new, uncharted waters.

In no particular order, here's my list of five hackers who left a significant mark on 2006 and set the stage for more important discoveries in 2007.

More here.

Islamic Encryption Software: 'Mujahideen Secret'

Via The Middle East Media Research Institute.

On January 1, 2007 the Global Islamic Media Front (GIMF) announced the imminent release of new computer software called "Mujahideen Secret."

According to the advertisement for the software (see below), it is "the first Islamic computer program for secure exchange [of information] on the Internet," and it provides users with "the five best encryption algorithms, and with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression [tools]."

More here.

(Props, Pajamas Media.)

DHS Plans IT Employee Records Database

Alice Lipowicz writes in Washington Technology:

The Homeland Security Department is setting up a new records system to keep track of the names, passwords, citizenship information and other data on thousands of IT workers with access to the department’s systems.

In a notice posted Dec. 29, DHS announced it is creating a new sensitive, but unclassified, database as part of its General Information Technology Access Account Records System. The department made the notice to comply with the Privacy Act of 1974, which regulates how the government collects and uses personal information.

The new database will collect personal information from IT employees, contractors, grantees and others, including people who serve on DHS advisory committees or are listed as points of contact for facilities.

The system will include names, user names, citizenship, business affiliation, contact information and passwords. It also will include home addresses, e-mail addresses and names and phone numbers of people listed as contacts.

More here.

Savvis Data Center Suffers Outage

Via Web Hosting Industry Review (WHIR).

Web hosts residing in the Boston area facility belonging to data center operator SAVVIS said their sites, or their customers' sites, were offline as a result of an outage at the data center that lasted more than five hours Tuesday.

According to customers, the outage was noticed as early as 8:30 a.m. Eastern Time on Tuesday. Official word on the outage came shortly thereafter. A message posted on Web hosting support provider SureSupport's (suresupport.com) Web site at 10:14 a.m. said the site could not be reached due to an uplink problem.

"Please be advised," said the message, "that the SAVVIS data center facility team has reported that the Boston data center is isolated due to a circuit related issue. At this time equipment is not reachable. SAVVIS is working with the local Telco vendor to restore connectivity. An estimated time of resolution is unknown at this time."

The outage continued into the afternoon. Messages posted at 12:30 p.m. and 2:07 p.m. said the SAVVIS team was working with local telco providers to resolve the problem, negotiating new backup lines.

A message posted at 3:04 p.m. said service has been partly restored to the Boston area facility, but warned that packet loss and slower access were likely as the problem was being fully resolved.

More here.

Most Consumers Don't Trust Their Security Software

Gregg Keizer writes on TechWeb News:

A poll of Internet users shows that a majority are "not confident" that their security software is protecting them, anti-virus vendor Trend Micro reported Tuesday.

Fifty-one percent of the 1,500 French, German, Japanese, British, and American consumers surveyed in the fall of 2006 said they had doubts about their security software. Trend Micro pinned part of the problem on vendors who fail to communicate to users such information as where the threat originates and how well the system is protected.

Most Americans polled by Trend said they thought the Internet was "very safe" (51%), but that number slumped to just 32% when asked if they thought the Web would be less or more safe in six months.

Cupertino, Calif.-based Trend Micro said it would repeat the survey every six months.

More here.

(Full Disclosure: Trend Micro, Inc. is my employer... and although our North American HQ is in Cupertino, our company is based in Tokyo, Japan.)

Users Irked By Windows Defender Beta 2 Expiration

Me, too -- Count me as "irked".

For some odd reason, I cannot manually removed (via Windows Add/Remove Programs) the old version, and therefore, cannot install the new version.

If anyone has any idea, leave a comment.

Gregg Keizer writes on InformationWeek:

The beta version of Microsoft's free anti-spyware software expired Sunday, leaving Windows 2000 users out in the cold and some Windows XP owners confused by cryptic error messages.

Windows Defender, the Redmond, Wash., developer's free-of-charge anti-spyware program for Windows XP and Windows Server 2003, went final in late October. However, the last beta -- dubbed Beta 2 -- continued to work on systems, including PCs running Windows 2000, until Dec. 31, 2006.

More here.

Italy Enacts Law to Forcing ISPs tp Block Child Porn Websites

Via Reuters.

Italy has introduced a new law requiring Internet service providers to block child pornography Web sites within six hours of being told to do so, the communications ministry said on Tuesday.

The decree, which comes into force almost immediately, requires Internet providers to set up a system that blocks child pornography Web sites from being viewed soon after the providers are notified of their existence.

More here.

Feds Push for Internet Records

John Reinan writes in The (Minneapolis-St. Paul) Star Tribune:

The federal government wants your Internet provider to keep track of every website you visit.

For more than a year, the U.S. Justice Department has been in discussions with Internet companies and privacy rights advocates, trying to come up with a plan that would make it easier for investigators to check records of Web traffic.

The idea is to help law enforcement track down child pornographers. But some see it as another step toward total surveillance of citizens, joining warrantless wiretapping, secret scrutiny of library records and unfettered access to e-mail as another power that could be abused.

More here.

ALA Criticizes DoJ's Stance on Libraries and Privacy

Via LibraryJournal.com.

The American Library Association (ALA) is criticizing the Department of Justice (DoJ) for "fail[ing] to comprehend the role of libraries and the importance of privacy in the United States." ALA President Leslie Burger pointed to a written response to the U.S. Senate from Federal Bureau of Investigation (FBI) Director Robert S. Mueller regarding whether libraries should be subject to National Security Letters (NSLs).

The issue is essentially a dispute about interpretation; read literally, as the FBI does, the reauthorization of the USA PATRIOT Act encompasses libraries as "electronic communication services." However, the intention of leading Senators voting for the reauthorization was to exempt libraries.

More here.

(Props, Pogo Was Right.)