Saturday, January 13, 2007

Massachusetts Crime Lab Administrator Suspended

An AP newswire article by David Weber, via CBS News, reports that:

A Massachusetts State Police crime lab administrator has been suspended for failing to turn over DNA matches to a number of unsolved cases until after the statute of limitations had expired, the department said.

In other cases, state police said, the employee informed investigators of DNA matches that turned out to be inaccurate.

State Police Lt. William Powers said the discrepancies had not led to any tainted convictions, but they impeded the work of investigators. The most serious problems involved the expired statutes of limitations, he said.

Powers declined on Friday to name the crime lab employee, who was suspended with pay Thursday, or say if it is a man or woman.

More here.

Hackers Looking Forward to iPhone

I'm on the Daily Dave list, and can attest to this. :-)

Robert McMillan writes on ComputerWorld:

Technology fetishists aren't the only folks itching to get their hands on an iPhone. Hackers want to play with Apple Inc.'s new toy, too.

Within hours of Apple's iPhone unveiling on Tuesday, the iPhone was a hot topic on the Dailydave discussion list, a widely read forum on security research.

Much of the discussion centered on the processor that Apple may have chosen to power its new device and what kind of assembly language "shellcode" might work on this chip. "Is this beast running an ARM?" wrote reverse-engineering expert Havlar Flake, "I have doubts about a mobile device being based on x86, so does anyone have details about what sort of shellcode needs to be written?"

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Jan. 13, 2007, at least 3,019 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,427 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Gapingvoid: Moving With The Times

Via gapingvoid.com. Enjoy!

Off Topic: Johnny Depp to Make Film About Poisoned Ex-Spy

Actor Johnny Depp pauses during a photo session in this file photo from June 21, 2003, in Los Angeles. Depp plans to make a film about poisoned ex-spy Alexander Litvinenko, according to Variety magazine .
Image source: AP / Damian Dovarganes / Yahoo! News


An AP newswire article by D'Arcy Doran, via Yahoo! News, reports that:

Johnny Depp is planning a film about a former Russian security agent whose poisoning in London has touched off an international mystery, according to the trade magazine Variety — one of three possible Hollywood projects about the case.

One of the other projects, involving the director Michael Mann, came after Columbia Pictures agreed to pay $1.5 million for the film rights to a book about the former Russian agent, Alexander Litvinenko, being co-written by his widow and a close friend, the report said.

More here.

U.S. Military Expands Domestic Surveillance

Eric Lichtblau and Mark Mazzetti write in The New York Times:

The Pentagon has been using a little-known power to obtain banking and credit records of hundreds of Americans and others suspected of terrorism or espionage inside the United States, part of an aggressive expansion by the military into domestic intelligence gathering.

The C.I.A. has also been issuing what are known as national security letters to gain access to financial records from American companies, though it has done so only rarely, intelligence officials say.

Banks, credit card companies and other financial institutions receiving the letters usually have turned over documents voluntarily, allowing investigators to examine the financial assets and transactions of American military personnel and civilians, officials say.

The F.B.I., the lead agency on domestic counterterrorism and espionage, has issued thousands of national security letters since the attacks of Sept. 11, 2001, provoking criticism and court challenges from civil liberties advocates who see them as unjustified intrusions into Americans’ private lives.

But it was not previously known, even to some senior counterterrorism officials, that the Pentagon and the Central Intelligence Agency have been using their own “noncompulsory” versions of the letters. Congress has rejected several attempts by the two agencies since 2001 for authority to issue mandatory letters, in part because of concerns about the dangers of expanding their role in domestic spying.

More here.

Software Glitch Suspected in Silence of Mars Craft

An AP newswire article, via The Los Angeles Times, reports that:

NASA is investigating whether incorrect software commands may have doomed the Mars Global Surveyor spacecraft, which abruptly fell silent in November after a decade of meticulously mapping the Red Planet.

The space agency said that theory was one of several that might explain the failure of the probe, the oldest of six craft exploring Mars. NASA announced Wednesday that an internal review board would investigate why Surveyor lost contact with controllers during a routine adjustment of its solar array.

John McNamee, deputy director of solar system exploration at the Jet Propulsion Laboratory in La Cañada Flintridge, said a preliminary investigation pointed to incorrect software commands uploaded in June.

The software was aimed at improving the spacecraft's flight processors. Instead, bad commands may have overheated the battery and forced the spacecraft into safe mode, McNamee told scientists gathered Tuesday in Virginia to plan future Mars missions.

More here.

Laptop Theft Puts 30,000 North Carolina Residents at Risk

Mark Johnson writes in The Charlotte Observer:

A laptop computer containing files on 30,000 taxpayers was stolen from the car of an N.C. Department of Revenue employee last month, and state officials are cautioning everyone on the list to keep an eye on their finances for potential fraud.

The Revenue Department this week dispatched letters to all 30,000 people, apparently the first such episode since the enactment of an N.C. law last fall requiring government agencies to notify consumers when their data are lost or stolen.

Police have not recovered the computer, but the Jan. 10 letter from Secretary of Revenue Norris Tolson said state officials are not aware of anyone gaining access to the data.

More here.

(Props, Pogo Was Right.)

New E-Commerce Identity Tag Makes Online Debut

Image source: Security Fix / The Washington Post

Brian Krebs writes on Security Fix:

A long-promised technology for helping consumers verify the legitimacy of commercial Web sites made its debut on the Internet Friday: Visit online security company Entrust's login page with Microsoft's Internet Explorer 7 Web browser and you'll notice that the address bar has turned from white to green.

Entrust's site appears to be the first to feature what are being called "extended validation certificates," a development that is equal parts technology, process and collaboration. It comes in response to an epidemic of phishing attacks, or online scams in which bad guys erect Web sites that impersonate trusted e-commerce and banking sites in order to trick users into revealing personal and financial data.

More here.

Friday, January 12, 2007

Report: Terrorists 'Use Google Maps to Hit UK Troops'

Thomas Harding writes in The Telegraph.co.uk:

Terrorists attacking British bases in Basra are using aerial footage displayed by the Google Earth internet tool to pinpoint their attacks, say Army intelligence sources.

Documents seized during raids on the homes of insurgents last week uncovered print-outs from photographs taken from Google.

The satellite photographs show in detail the buildings inside the bases and vulnerable areas such as tented accommodation, lavatory blocks and where lightly armoured Land Rovers are parked.

More here.

User Friendly: RIAA, Blood, etc.

Via UserFriendly.org.


Click for larger image.


Defense Tech: U.S. to Begin Drone Patrols on Canadian Border


An AP newswire article, via CNN, reports that:

Unmanned surveillance aircraft will start patrolling the Canadian border by this fall, a Department of Homeland Security official said.

The propeller-driven drones, called Predators, will begin patrolling U.S. airspace along the border with Canada by September and will fly day and night, said Scott Baker, chief patrol agent of Customs and Border Protection, an arm of the Department of Homeland Security.

Baker recently took over the job in Grand Forks, North Dakota, and is responsible for guarding the 850-mile (1,368-kilometer) stretch of the border between Lake Superior and Montana.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Jan. 12, 2007, at least 3,019 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,427 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Bush Signs Pretexting Bill into Law

An AP newswire article, via SiliconValley.com, reports that:

President Bush on Friday signed a bill into law that would make it a crime to lie to obtain the telephone records of private citizens.

The legislation outlaws the practice of getting confidential phone records by ``making false or fraudulent statements'' to a phone company employee, by ``obtaining false or fraudulent documents to access accounts'' or by ``accessing customer accounts through the Internet'' without authorization.

Violators face fines and imprisonment of up to 10 years. Fines are doubled and five years may be added to the prison term if the violations involve more than $100,000 or more than 50 customers.

The issue became big news late last summer following revelations that investigators working for executives at Hewlett-Packard Co. used deception to obtain phone numbers of board members and reporters in an effort to track down news leaks.

More here.

DISA Seeks Broadband Satcom Service for Air Force One

Bob Brewin writes on FCW.com:

The Defense Information Systems Agency is looking for ways to deliver broadband data service to Air Force One and as many as 26 other Special Air Mission aircraft, with a minimum data rate of 3 megabits/sec.

According to a request for information, DISA seeks commercial satellite services to replace an existing service known as Connexion, which Boeing has been providing. Boeing designed Connexion to serve commercial airlines and business jets, and the company announced in August 2006 that it would shut down the service.

Inmarsat provides additional service to the fleet with its Swift64 service, which operates at 64 kilobits/sec.

More here.

Quote of the Day: David Bernstein

"I called Comcast to set up cable installation. They sent a complete moron, who wanted to run a cable from the third floor to the first floor, by way of staircases and hallways. I called Comcast, and they offered to send a new technician two days later."

"No one showed up."

"I called Comcast, and was told the technician must be running late. He never showed. I called again, and was told that the previous two folks were wrong, that no one was coming to my house that day, that someone would call me that day to set up an appointment later in the week. Someone did. And then didn't show up for the appointment."

"I decided we can live without cable."

- David Bernstein, lamenting the sad state of customer service in the U.S.

Dirty Tricks: U.S. Justice Dept. Concealing Leak Report

An AP newswire article by Lara Jakes Jordan and Matt Apuzzo, via The Washington Post, reports that:

The Justice Department is fighting in court to keep secret a government report concluding that it leaked confidential and damaging information against a former prosecutor accused of bungling a high-profile terror trial.

Justice attorneys say they can't disclose all the contents of the December 2004 report by the department's inspector general without violating employees' privacy.

However, ex-Assistant U.S. Attorney Richard G. Convertino of Detroit said the Justice Department violated his own privacy rights by revealing to the media that he was the subject of an internal ethics inquiry after he criticized the Bush administration's counterterrorism strategy.

Two people who have seen the full report confirmed it rules out Convertino as a suspect in the leak case. Those people described the report's findings to The Associated Press on condition of anonymity because it is sealed under a Justice Department protective order.

More here.

Scientists Prepare to Move Doomsday Clock Forward

The "Doomsday Clock" in a file photo. The keepers of the symbolic clock plan to move its hands forward next Wednesday to reflect what they call worsening nuclear and climate threats to the world.
Image source: Reuters

Via Reuters.

The keepers of the "Doomsday Clock" plan to move its hands forward next Wednesday to reflect what they call worsening nuclear and climate threats to the world.

The symbolic clock, maintained by the Bulletin of Atomic Scientists, currently is set at seven minutes to midnight, with midnight marking global catastrophe.

The group did not say in which direction the hands would move. But in a news release previewing an event next Wednesday, they said the change was based on "worsening nuclear, climate threats" to the world.

More here.

The Snoop Next Door

Jennifer Saranow writes in The Wall Street Journal:

Last month, Eva Burgess was eating breakfast at the Rose Cafe in Venice, Calif., when she remembered she needed to make an appointment with her eye doctor. So the New York theater director got on her cellphone and booked a date.

Almost immediately, she started receiving "weird and creepy" calls directing her to a blog. There, under the posting "Eva Burgess Is Getting Glasses!" her name, cellphone number and other details mentioned in her call to the doctor's office were posted, along with the admonition, "next time, you might take your business outside." The offended blogger had been sitting next to Ms. Burgess in the cafe.

More here.

(Props, Flying Hamster.)

Hacker Cracks Macworld Website to Get VIP Passes

Joris Evers writes on C|Net News:

Alongside the VIPs and people who paid top dollar, a hacker claims he also got priority access to Steve Jobs' speech at the Macworld Conference and Expo this week.

A security weakness in the event's Web site allowed enterprising hackers to get free "platinum passes" to the event, a $1,695 value, a security professional claims. These passes--the most expensive sold for Macworld--included much-coveted priority seating for the Jobs keynote address on Tuesday. In that packed speech, Jobs unveiled Apple's new iPhone.

The hack was possible because special discount codes were available on the Macworld site without proper security, Kurt Grutzmacher, a Berkeley, Calif.-based security professional, wrote on his blog late Thursday. It was relatively easy to uncover the code that would make a platinum pass free, he wrote.

More here.

Gapingvoid: Still Hungry

Via gapingvoid.com. Enjoy!

Terrorists Using Publicly Accessible Webcams to Assess Vulnerabilities?

A Canadian Press article by Jim Bronskill, via Yahoo! News, reports that:

Key U.S. security agencies warn that terrorists might exploit pictures of sensitive facilities such as airports that can be routinely viewed by the public through Internet feeds.

A confidential assessment jointly prepared by the FBI and the U.S. Homeland Security Department says online webcams could be a valuable tool for extremists determined to attack critical targets.

More here.

New ITU Chief: Internet Should be Run by Key Players

Via Reuters.

The Internet should continue to be overseen by major agencies including ICANN and the ITU, rather than any new "superstructure", the new head of the International Telecommunications Union said on Friday.

Hamadoun Toure, who took up the reins of the United Nations agency this month, said the ITU would focus on tackling cyber-security and in narrowing the "digital divide" between rich and poor countries.

The Internet Corporation for Assigned Names and Numbers (ICANN), a California-based non-profit company, manages the Internet's domain-name addressing system. It reports to the U.S. Commerce Department, which last September said it would retain oversight for three more years.

More here.

MoneyGram Says Privacy Info of 79k Consumers Illegally Accessed

Via Businessweek.com.

MoneyGram International Inc., a global payment services provider, announced Friday that a company server with consumer information for about 79,000 bill payment customers was unlawfully accessed over the Internet last month.

The company said that it had not been able to determine if any information was actually stolen, but the company was notifying customers that someone may have viewed their personal data.

The information involved did not include Social Security or driver's license numbers. It did include the names, addresses, phone numbers -- and in some cases -- the bank account numbers of MoneyGram customers.

State and federal regulations required that customers be notified, the company said.

More here.

MI5 e-Mail Alert Subscription Service 'Not Secure'

Tom Espiner writes on ZDNet UK:

The terror alert email service being offered by the British secret service is not secure, according to a Spy Blog, a libertarian organisation that monitors security and surveillance developments.

MI5 launched an email alert service on Tuesday which informs subscribers of any changes to the national security threat levels. However, a Spy Blog investigation claims to have found that subscriber details will be sent out of the country, unencrypted, to a server based in the US.

In a process Spy Blog describes as "a shambles", subscriber names, addresses and email addresses are collected on an SSL-encrypted web form. However, the information collected is then sent unencrypted to a UK-based digital marketing company called Mailtrack, via America.

More here.

U.S. Using New Computerized System for Arms Reporting

Via UPI.

The United States has filed its annual information exchange under a pair of arms treaties using a new computer software application called ACES.

The ACES (Arms Control Enterprise System) was used earlier this month to update the state of U.S. conventional weapons under the terms of the Treaty on Conventional Forces in Europe and the Vienna document on Confidence and Security Building Measures.

The reports list numbers and locations of tanks, helicopters, artillery, combat aircraft and other assets as well as any changes in quantities or organization that have occurred in a particular year.

The new system is designed as a centralized Web-based architecture that is accessible via the Defense Department Secret Internet Protocol Router network, a secure network used for classified traffic.

More here.

U.S.: Enhanced Whistleblower Protections Proposed

Steven Aftergood writes on Secrecy News:

A bill to amend and strengthen the Whistleblower Protection Act was introduced yesterday by Senator Daniel Akaka (D-HI) and several bipartisan Senate colleagues.

"Our legislation ensures that Federal whistleblowers are protected from retaliatory action when notifying the public and government leaders of waste, fraud, and abuse," Senator Akaka said.

"If we fail to protect whistleblowers, then our efforts to improve government management, protect the public, and secure the nation will also fail."

More here.

UK: Government Looks at Data Shake-Up

Via The BBC.

The way the government makes its vast amounts of data available to the public could be about to change.

It has decided to make access to a database of UK laws completely free for the public to access and re-use.

It marks a "sea-change" in the way government information becomes available to the public, a senior civil servant has told the BBC News website.

It is a victory for campaigners who think public sector information should be free for the public to use.

More here.

Homeland Security Tech: Big Box Retailers Fight Cargo Screening; White House Opposes Bill

Rhonda Schwartz reports on ABC News' "The Blotter":

Washington DC lobbying groups representing Walmart and other big retail chains, blanketed capital hill with letters this week in a futile last ditch attempt to stop passage of a House bill calling for 100% screening of air and sea cargo which they said would "impose costly mandates on American business."

"They say the price is too high, for them. But the price the passengers on that plane will pay is their lives, because that's the way al-Qaeda could place a bomb on a plane." said Representative Ed Markey (D)sponsor of the amendment which was passed by the new Democratic majority in Congress this week including one third of the Republic members.

But while the business interests lost this round, it appears the Bush White house will join the lobbyists in a fight to prevent the bill from moving forward in the Senate.

More here.

Toon: Back to the Future Tech


Click for larger image.


AT&T Prepares to ‘De-Brand’ the Cingular Name

Stuart Elliot writes in The New York Times:

One of the biggest “de-brandings” in advertising history is to begin Monday when AT&T, now the sole owner of Cingular Wireless, starts changing all Cingular marketing to adopt the AT&T name.

AT&T will not disclose the budget for the campaign, which will continue for five or six months — leading to the partnership with Apple on the new iPhone, scheduled for midyear.

A campaign last year to promote AT&T as the new brand name of SBC Communications cost an estimated $1 billion.

That campaign followed the acquisition of AT&T by SBC, whose chairman and chief executive, Edward E. Whitacre Jr., has long believed in the power of the AT&T brand to attract attention in the crowded telecommunications market.

More here.

Thursday, January 11, 2007

EU Satisfied with Sharing Traveler Data?

Ellen Nakashima writes in The Washington Post:

European Union officials said yesterday that the U.S. government had allayed their concerns about a homeland security program that creates and retains risk assessments on millions of air travelers to the United States.

But privacy advocates here and in Europe this week sent a letter to E.U. privacy commissioners charging that the Department of Homeland Security's Automated Targeting System "directly contravenes" a European-U.S. agreement on air-passenger data sharing.

More here.

Cisco Takes First Step in Revamping IOS Distribution


Phil Hochmuth writes on NetworkWorld:

Cisco next week is expected to announce what it calls a simplified software distribution model for its routers and switches, and a new software tool to help users more easily manage large-scale networks.

The company plans to simplify how it delivers IOS software by shipping all of its gear with full-blown versions of IOS, in which users would activate feature packages via software licensing keys.

More here.

Report: VA Bridled at Security Requests

Via UPI.

The Department of Veterans Affairs in Washington didn't take seriously congressional requests to safeguard veterans' information, The Hill reported.

The Capitol Hill newspaper said a tape recording of a meeting between lawmakers and VA officials shows a veterans affairs official accusing Congress of engaging in a power play over the handling of veterans' personal data stored on computers.

More here.

Info Thieves Take Aim at the Enterprise

Matt Hines writes on eWeek:

While few virus examples have been publicly identified that exhibit this growing focus on stealing valuable business data, versus the many that have been unearthed that target consumers' personally identifiable information, analysts say there is plenty of evidence that the trend is picking up momentum.

"There's no doubt that this type of activity is becoming more popular; we've seen a lot more samples and kits, and real code, that is clearly designed to do things like grab files from local systems, to look for specific types of files used in business operations, and the valuable information in those files," said Dan Hubbard, vice president of security research at malware filtering specialists Websense, San Diego.

More here.

The Pellicano Wiretap Files Revisted: Kerkorian

An AP newswire article, via SFGate.com, reports that:

While Kirk Kerkorian was embroiled in a bitter child-support battle, his lawyer was receiving information gained during suspected illegal wiretaps of the billionaire's ex-wife, a newspaper reported Thursday.

The revelation came from secret recordings that Hollywood private eye Anthony Pellicano, indicted last year on unlawful wiretapping charges, made of his own telephone conversations with Kerkorian attorney Terry Christensen, The New York Times reported.

More here.

Background here, here, here, and here.

World’s Smallest GPS Receiver Developement

The Original Hammerhead A-GPS Chip
Image source: infineon.com

Via Technology News Daily.

The successful development of the industry’s smallest Global Positioning System (GPS) receiver chip for mobile telephones, smart phones and personal navigation devices, has been announced by Infineon Technologies AG and Global Locate, Inc.

Based on the successful Hammerhead™ chip, the new Hammerhead II chip is optimized for cellular handsets and mobile devices requiring high performance, low power and an extremely small footprint. The diminutive single-die chip measures only 3.74 mm x 3.59 mm x 0.6 mm, for a total footprint of less than 14 mm², resulting in the world’s smallest GPS receiver.

More here.

But wait: New Zealand-based Rakon is coming out with an even smaller GPS receiver...

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Jan. 11, 2007, at least 3,019 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,425 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Weasel Watch: MPAA Caught Uploading Fake Torrents

Via TorrentFreak.

It is no secret that the MPAA and other anti-piracy organizations track down alleged pirates by uploading fake torrents. Up until now it was always unclear where those files came from, and how to identify them.

The MPAA and other anti-piracy watchdogs try to trap people into downloading fake torrents, so they can collect IP addresses, and send copyright infringement letters to ISPs. They hire a company to put up fake copies of popular movies, music albums, and TV series. They even use pirate like filenames such as “Battlestar Galactica S03E07 REPACK DSR XviD-ORENJi” and “Miami Vice[2006]DvDrip[Eng]-aXXo“.

One of the btjunkie admins has found a unique way to identify trackers that host these fake files, which makes it easy to efficiently remove them.

More here.

Stolen University of Idaho Computers Likely Has Personal Data of 70k

Via KTVB.com.

Three desktop computers have disappeared from the University of Idaho’s Advancement Services office – and now school officials say the personal data of alumni, donors, employees and students may be in danger.

UI says someone stole the computers – and an internal investigation shows that as many as 70,000 social security numbers, names and addresses were stored on the hard drives six months before the theft.

School officials tell NewsChannel 7 that it is unclear if the data was still on the computers at the time of the theft.

More here.

(Props, Pogo Was Right.)

California Senator Revives Data Leak Proposals

Anne Broache writes on C|Net News:

A pile of legislative proposals aimed at stiffening regulations on stewards of personal data died in Congress last year, but Sen. Dianne Feinstein has announced plans to try again.

Feinstein (D-Calif.) reintroduced on Wednesday a pair of bills that would attempt to set national requirements for consumer notification in the event of data security breaches, and to restrict the sale, purchase and display of Social Security Numbers.

More here.

FCC Chairman Talks Around Net Neutrality

Elizabeth Montalbano writes on InfoWorld:

U.S. Federal Communications Commission Chairman Kevin Martin Wednesday waffled on the hotly debated issue of net neutrality, saying it "means different things to different people" during his talk at CES in Las Vegas.

In an on-stage interview with Consumer Electronics Association President and CEO Gary Shapiro at the annual conference, Martin said he agreed that consumers should continue to have access to "everything that's available for free on the Internet" without having that access blocked from network operators and service providers.

However, he also agreed with the idea that operators should be able to charge consumers for premium bandwidth and services provided over pipes the operators own, and that this activity does not mean they are "blocking" consumers' access to the Web.

More here.

Exploit Released for Critical VML Hijack Flaw

Ryan Naraine writes on eWeek:

A fully working exploit for a worm hole fixed by Microsoft two days ago has been put into limited release, prompting new "patch now" warnings from computer security experts.

The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity's partners program, which offers up-to-the minute information on new vulnerabilities and exploits to IDS (intrusion detection companies) and larger penetrating testing firms.

More here.

Is Google Falsely Flagging Harmless Sites?

Jeremy Kirk writes on PC World:

Some Web site operators are complaining that Google is flagging their sites as containing malicious software when they believe their sites are harmless.

At issue is an interstitial page that Google presents when a user clicks on a search result link to a site that Google believes contains malware. The page cautions users with the words "Warning - visiting this web site may harm your computer!" Google does not block access to the site, but a user must manually type in the Web site address to continue.

Now some organizations with sites that get the warning are complaining that their sites do not contain malicious software, and that the warning is embarrassing.

More here.

Serious Mac Flaw Puts Safari Surfers at Risk

Dawn Kawamoto writes on C|Net News:

A serious security flaw in Mac OS X opens machines with Apple's Safari Web browser to hijack by outsiders, Secunia has warned.

The vulnerability and "proof of concept" code to exploit it were released on Wednesday as part of the Month of Apple Bugs project. It affects Mac OS X 10.4.8, the most recent version of Apple's operating system and, possibly, previous versions, security researcher LMH said in the posting on MOAB's Web site.

More here.

'The Architecture' Reaches Out To Arrest Activist

I don't normally do this (re-post articles in their entirety) , but I know Ryan Singel and Kevin Poulsen won't mind me reproducing this 27B Stroke 6 article here in its entirety, given the enormous importance of the underlying issues -- which should disturb you.

Via 27B Stroke 6.

In Hartford, Connecticut at the inauguration parade of new Republican governor Gov. M. Jodi Rell an activist/journalist was arrested by police as he stepped onto the roadway to take photos of the governor,, according to the AP's account. The activist, Ken Krayeske, was on a list of threats compiled by police and the Connecticut Intelligence Center, a multi-agency homeland security group. He was arrested for breaching the peace. Officers recognized him prior to the arrest thanks to the list and photograph of the Green Party activist, who was the campaign manager for Cliff Thornton, the Green Party's candidate for governor. To her credit, Governor Rell has asked for an investigation.

This is the exact scenario I envisioned the other day when I asked what it was that state and local "fusion centers" actually fused? Given that there seems to be no real Al Qaeda cells inside the United States, the laws of bureaucracies dictate that other threats will need to be invented or elevated. Of course now that the Dems are in charge, they'll take a look at these centers and wonder if they are really useful, right?

Wrong.

In fact, H.R. 1, the bill passed by Congress Tuesday night to implement more of the 9/11 recommendations, actually increases the number and funding of these so-called fusion centers. Expect to see more fusion of legitimate political groups with terrorist groups in the future. These are the kinds of bureaucratic mechanisms that lead police to label Quakers as "criminal extremists," to infiltrate anti-war groups, peaceful protests and Critical Mass bike rides, and to file reports on anti-war protesters in Pentagon databases.

It's the architectural imperative.

Link.

VMWare is Finally Free

Via ha.ckers.org.

I’m not a huge fan of virtualization in production environments (feels an awful lot like putting all your eggs in one basket and slowing everything down in the process) but you cannot beat it for testing.

Today I found out that VMWare server is now free for download. Their major upsell is service contracts and add-ons, but if you don’t tend to use that or need it for testing and you run Windows but want to run other operating systems or perform potentially dangerous tests, this is the software for you.

More here.

Milestone in Test Hours Reached for Hardened U.S. Semiconducter Chip

Via UPI.

A rugged new semiconductor has passed the 8,000-hour mark in operational testing for future U.S. military applications.

The gallium nitride (GaN) chip circuits developed by Raytheon completed a testing regime that approximates 80,000 hours of normal operation, which translates to more than nine years.

The development of GaN chips would help pave the way for an array of smaller and still-robust military hardware applications, including communications, radar, electronic warfare and missiles systems.

More here.

Porn Makers Tap into Internet Social Networking Trend

A porn star performs for attendees visiting a pr0n website booth at the AVN Adult Entertainment Expo in Las Vegas, Nevada.
Image source: AFP


An AFP newswire article, via Yahoo! News, reports that:

Porn makers at the world's largest sex trade show in Las Vegas on Wednesday were taking a page from Internet superstars such as YouTube by tapping into the power of social networking.

Fresh young start-ups at the AVN Adult Entertainment Expo weren't just saucy women in scanty outfits; they were fledgling Internet companies putting erotic spins on YouTube, MySpace and reality television show websites.

More here.

Gapingvoid: Look Good...

Via gapingvoid.com. Enjoy!

Bloggers Gain Access to 'Scooter' Libby Trial

Andy Sullivan writes for Reuters:

Internet bloggers will be allowed to cover the criminal trial of former White House staffer Lewis "Scooter" Libby alongside reporters from traditional media outlets, a court spokesman said on Thursday.

Members of a bloggers' association will share at least two seats during the high-profile trial in which Libby's former boss, Vice President Dick Cheney, is expected to testify, said Sheldon Snook, a spokesman for the U.S. District Court in Washington.

The arrangement is believed to be a first for a high-profile court case, although trade shows and political conventions have issued media passes to bloggers in the past several years.

More here.

Arrest Made in Stolen Altria-Towers Perrin Laptop Case

Chip Jones writes in The Richmond (Virginia) Times-Dispatch:

New York police have arrested a security officer in the theft of five laptops containing the names of about 18,000 past and present employees of Altria, the parent company of Philip Morris USA in Richmond.

Altria spokeswoman Lisa Gonzalez said Philip Morris has sent e-mails and letters to many of its 6,300 area employees whose names, social security numbers and other pension-related information were found on the stolen computers.

The theft occurred in late November in the New York City offices of Towers Perrin, which handles pension and benefit consulting for Altria. Employees at other branches of the company, including Kraft Foods and Philip Morris International, also have been notified.

More here.

(Props, Pogo Was Right.)

FCC to Comcast: Get Moving on CableCARD

Ed Oswald writes on BetaNews:

The FCC has told cable companies to get moving in supporting CableCARD technology, rejecting a bid Wednesday by Comcast to receive more time to implement the platform in set-top boxes it provides by July.

Speaking at CES in Las Vegas, chairman Kevin Martin chastised the cable industry for dragging its feet in offering the technology, and said its advent would lead to new options for consumers in viewing cable television.

More here.

Force10 Awarded 100GbE Patent

Sean Michael Kerner writes on internetnews.com:

High-speed 100 Gigabit Ethernet (GbE) is not yet a standard, but at least one vendor is already looking for patents. And getting them.

Networking vendor Force10 said that the U.S. Patent and Trademark Office has awarded it U.S. patent number 7,124,502 titled, "Method of fabricating a high-layer-count backplane." The invention described in the patent is a key part of Force10's TeraScale E-Series networking gear, which already supports 10GbE.

Currently the fastest Ethernet standard is 10GbE, though Force10 has been helping to lead an effort to develop a standard for 100 GbE.

More here.

British Agency Tells Schools to Avoid Vista

Richard Thurston writes on C|Net News:

The British government's schools computer agency has warned that deploying Vista carries too much risk and that its benefits are unclear.

The British Educational Communications and Technology Agency said Wednesday that it "strongly recommends" schools do not deploy Microsoft's latest operating system within the next 12 months.

In a further dig at Microsoft, the agency asserts that there are no "must-have" features in Vista and that "technical, financial and organizational challenges associated with early deployment currently make this (Vista) a high-risk strategy."

More here.

Wednesday, January 10, 2007

Techdirt: Verizon's Most Dubious Math Skills

This is priceless. And idiotic. And scary.

Karl writes over on techdirt.com:

A Verizon Wireless customer on their "unlimited" EVDO data plan (aka their limited data plan) recently took a trip to Canada. Before leaving, he confirmed with Verizon Wireless that their advertised ".002 cents per kilobyte" out of country data charge was correct, since it seemed ridiculously inexpensive.

When he returned to the States, he was greeted with a bill for $71, and discovered that he had been billed $.002/KB, or "point zero zero 2 dollars per kilobyte," a hundred times more than the price he was originally quoted.

When he called Verizon Wireless to straighten out their incorrectly advertised price, he found that both support reps and management couldn't tell the difference.

More here.

Local: PC World Editor Killed In Home Invasion

Via CBS5.com.

A senior editor for PC World Magazine was shot to death in his Pittsburg home in what police described as a drug-related attack, authorities said Wednesday.

Rex Farrance, 59, the San Francisco-based magazine's senior technical editor, was shot in the chest after four masked men broke into his home in the 100 block of Argosy Court at around 9 p.m. Tuesday.

"When [Farrance] was trying to comply with their demands, he was shot and fatally wounded," Pittsburg police Inspector John Conaty said.

The assailants also pistol-whipped Farrance's wife, Lenore Vantosh-Farrance, 56, a registered nurse. She called 911, but the attackers fled before officers arrived.

The motive for the attack appears to have been robbery, Conaty said, but investigators found evidence at the home that leads them to believe the couple wasn't targeted randomly.

More here.

Investigator Faces Fed Charges In H-P Spy Probe

An AP newswire article, via CBS5.com, reports that:

A private investigator who allegedly posed as a journalist to access the reporter's private phone records as part of the boardroom spying scandal at Hewlett-Packard Co. was charged Wednesday with identity theft and conspiracy, federal prosecutors said.

Bryan Wagner is accused of using the Social Security Number of the unidentified journalist to illegally gain access to the phone logs, according to the criminal charges filed in San Jose federal court by U.S. Attorney Kevin V. Ryan's office.

Wagner is also accused of conspiring to illegally obtain and transmit personal information on HP directors, journalists and employees as part of the computer and printer maker's crusade to ferret out the source of boardroom leaks to the media.

More here.

BREAKING: Cisco to Sue Apple over iPhone Trademark

Just yesterday, Cisco representatives were quoted as saying that they were in negotiations to license the iPhone trademark to Apple, so apparently, those negotiations broke down.

An AP newswire article, via MSNBC, reports that:

Cisco Systems Inc. said Wednesday it is suing Apple Inc. in federal court over Apple’s use of Cisco’s registered iPhone trademark for its new handheld device.

Cisco has owned the trademark on the name “iPhone” since 2000, when it acquired InfoGear Technology Corp., which originally registered the name.

And three weeks ago, Cisco’s Linksys division put the trademark to use, releasing an Internet-enabled phone called “iPhone” that uses the increasingly popular Voice over Internet Protocol, or VoIP.

More here.

'Craplets' Could Spell Disaster for Vista Launch

Via CBC News.

A senior Microsoft Corp. executive says the company is concerned that uncertified third-party software loaded onto new computers by manufacturers could hurt the launch of consumer versions of its Windows Vista operating system later this month.

In a private discussion Tuesday night at the Consumer Electronics Show in Las Vegas, the Microsoft official told CBC News Online, on condition of anonymity, that the world's largest software maker is frustrated by legal shackles that prevent the company from restricting what kinds of software major computer makers install on new PCs.

"We can't do anything about it because it would be illegal," the executive said in reference to restrictions placed on the company following a U.S. federal anti-trust lawsuit against the company.

More here.

U.S. House Votes To Strengthen Authority of DHS Privacy Officer

Via The Center for Democracy and Technology (CDT).

Included in the 9/11 Commission recommendations approved by the House of Representatives Tuesday night was a provision that would clarify the investigative authorities and provide independence to the privacy officer of the Department of Homeland Security.

Originally introduced in 2005 by Rep. Bennie Thompson (D-Miss.), the POWER Act aimed to give the DHS privacy officer the authority necessary to ensure that DHS agencies are protecting privacy and following current law and policy.

The legislation also contains a provision that requires privacy officers be employed by many major entities within the intelligence community, including the Attorney General, Secretary of Defense and Director of the CIA.

More here.

In Passing: Yvonne De Carlo

Yvonne De Carlo
September 1, 1922 - January 8, 2007
Above: Yvonne De Carlo as "Lily Munster".


An AP newswire article by Bob Thomas, via SFGAte.com, reports that:

Yvonne De Carlo, the beautiful star who played Moses' wife in "The Ten Commandments" but achieved her greatest popularity on TV's slapstick comedy "The Munsters," has died. She was 84.

De Carlo died of natural causes Monday at the Motion Picture & Television facility in suburban Woodland Hills, longtime friend and television producer Kevin Burns said Wednesday.

More here.

Canadian Coins Bugged, U.S. Security Agency Says


A Canadian Press article, via CBC News, reports that:

They say money talks, and a new report suggests Canadian currency is indeed chatting, at least electronically, on behalf of shadowy spies.

Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defence.

Security experts believe the miniature devices could be used to track the movements of defence industry personnel dealing in sensitive military technology.

More here.

(Props, Dr. Neal.)

Quote of the Day: Om Malik

"Pssst.. hey Verizon, guys at HK Broadband are selling these kind of speeds for like $20 bucks a month. Come on, how about cutting us all a deal here?"

- Om Malik, commenting on Verizon's FiOS upgraded broadband service offerings.

Gapingvoid: The Next Google

Via gapingvoid.com. Enjoy!


Sea-Tac Radar 'Ghosts' Prompt Warnings

Dominic Gates writes in The Seattle Times:

After repeated safety warnings from air-traffic controllers, Federal Aviation Administration officials said Tuesday they will upgrade software to combat "ghost" radar images that can confuse the people guiding airplanes to and from Sea-Tac International Airport.

Controllers complain that recurring "false targets" on the radar system sometimes force them to redirect planes to avoid what looks like an impending collision with one of these ghost aircraft.

In one of many reports filed with the FAA since November, National Air Traffic Controllers Association union representative Dan Olsen wrote that the malfunctions were "extremely dangerous and stressful on the controllers. ... Fix the radar before someone is killed."

The FAA, while acknowledging the need for improved software that's scheduled to be installed at month's end, denies there's a safety issue.

More here.

New Mirror Reverses Magnetic Field of Light Waves

A scanning electron microscope image of some of the magnetic mirror's "fish scale"-shaped aluminum nanowires.
Image source: Alexander Schwanecke / PhysOrg.com

Laura Mgrdichian writes on PhysOrg.com:

A research group has devised a new type of mirror that reverses the magnetic field of a light wave upon reflection, rather than its electric field, as regular mirrors do. Seems like a minor difference? It's not.

“Our mirror's ability to reverse the magnetic field of a light wave but not its electric field is extremely unusual,” physicist Alexander Schwanecke, the study's corresponding scientist, said to PhysOrg.com. Schwanecke is a researcher at the NanoPhotonics Portfolio Centre at the University of Southampton in the United Kingdom. “It is the first demonstration of an entirely new type of optical tool.”

The mirror’s potential to work with near-infrared light (light close to the visible range but still in the infrared) could make it advantageous to the telecommunications industry, in which near-infrared light is commonly used.

More here.

Off Topic: Dracula's Castle Is for Sale for $78M

Bran Castle, situated near Bran and in the immediate vicinity of Braşov, Romania, is famous because of persistent myths that it was once the home of Vlad the Impaler, a famous or infamous medieval warlord; however, there is no evidence that he ever lived there.

Sweet.

An AP newswire article by Alison Mutler, via SFGate.com, reports that:

The Habsburg family said Wednesday that it wanted to sell a Transylvanian castle famous for its connections to the 15th century medieval ruler who inspired "Dracula" for 60 million euros, or $78 million, to the local authorities, an attorney said.

The local council says it is interested in buying Bran Castle, but a government minister criticized the price tag, calling it too expensive.

Dominic Habsburg, the owner, insisted the family had honorable intentions.

The castle was returned to Habsburg, a New York architect, on May 26, decades after it was confiscated by the communists from Habsburg's mother, Princess Ileana, in 1948, the year the royals were forced to leave the country.

More here.

EU Data Retention Laws 'Too Costly' for Telcos

John Leyden writes on The Register:

EU laws that mean service providers will need to retain communications data for the purposes of possible criminal investigation will place a huge burden on carriers, market watchers warn.

The controversial measures, enacted to aid the fight against terrorism, would compel telecom firms to keep customer email logs, details of internet usage and phone call records for up to two years.

The content of messages isn't covered by the directive, which is designed to harmonise European laws. EU member states have until September 2007 to apply the directive into national laws.

More here.

Pentagon to Restrict Data Used in Teen Recruiting

An AP newswire article, via The Los Angeles Times, reports that:

The Department of Defense has agreed to change the database it uses for military recruitment efforts to better protect the privacy of millions of high school students nationwide, a civil liberties group announced Tuesday.

In settling a lawsuit brought last year by the New York Civil Liberties Union on behalf of six students, the government agreed it will no longer disseminate student information to law enforcement, intelligence and other agencies and will stop collecting student Social Security numbers, the group said in a statement.

It said it would also limit to three years the time it retains student information and will clarify procedures by which students can block the military from entering information about them in its database.

More here.

CDT Director Testifies on U.S. Government Data Mining

Via The Center for Democracy and Technology (CDT).

CDT Executive Director Leslie Harris today told lawmakers that any government "data mining" program must be built on a policy framework that includes meaningful safeguards for privacy and security.

Testifying before the Senate Judiciary Committee, Harris urged lawmakers also to demand that no data-mining program be implemented until its efficacy as an anti-terrorism tool can be demonstrated. Harris also noted that the existing legal framework protecting Americans' privacy has been rendered ineffective by the march of technology, and suggested that core laws like the Privacy Act have become inadequate.

More here.

Film at Eleven: End-Time for the Internet?

Via Wired.

Spam, spyware, and viruses can already get in the way of good, clean computing fun. But what happens when malicious code becomes apocalyptic? According to Jonathan Zittrain, professor of Internet governance and regulation at Oxford University, these software saboteurs will drive smart users to dumber appliances like BlackBerrys, iPods, and Xboxes.

In his upcoming book, Zittrain writes that the migration to closed systems will end innovation on the Internet. We asked the veteran info-freedom fighter why he’s wearing such gloom-colored glasses.

More here.

Symantec Wants to Lend a Hand with Vista Security

Somehow this strikes me as a phenomenally bad idea.

Joris Evers writes on C|Net News:

Symantec is thinking up ways to take the pain out of a security feature in Windows Vista.

The Cupertino, Calif., company has plans to create a technology that makes security decisions for Vista owners dealing with User Account Control. This feature in the operating system asks for permission to lift security barriers to the inner workings of a PC whenever software tries to access these. But it makes too many requests to be effective, according to Symantec.

"I have been running Vista for a while, and UAC bugged the heck out of me--to the point where I tuned it out and, eventually, turned it off," Rowan Trollope, vice president of consumer products at Symantec, said in an interview. "If a company could do better, it would be one of us security companies."

While Trollope's comments may seem self-serving, Natalie Lambert, an analyst with Forrester Research, said the company has a valid point.

More here.

Tuesday, January 09, 2007

Off Topic: Santa Clara OK's Study Of 49ers Stadium Plan

Wow. I'm pretty excited about all of this, given the fact that the new stadium would almost be in my backyard -- even if it is 6 years away from reality (assuming everything goes smoothly).

In any event, the City of Santa Clara and the 49'ers are one step closer.

Via CBS5.com.

The San Francisco 49ers Tuesday night took the first small step on a journey that could take them 38 miles south to a new home when the Santa Clara City Council unanimously approved beginning a feasibility study on building a new stadium for the team in the parking lot of the Great America amusement park.

The council spent two hours hearing public comments from local business leaders and residents, who overwhelmingly supported the stadium proposal. Santa Clara Mayor Patricia Mahan counted herself as an enthusiastic supporter of the idea of the 49ers playing in Santa Clara.

More here.

CBS5.com Web Extra: Images Of New 49ers Stadium Plan [.pdf]

Adobe 7.0.9 Released to Address XSS Vulnerability

Via The SANS Internet Storm Center.

As promised by Adobe, Acrobat 7.0.9 has been released to address a cross site scripting vulnerability. If you are running version prior to 7.0.8, you should seriously consider to upgrade.

Although there are reports that certain combinations of browsers and Acrobat versions are not vulnerable, upgrading might be the easiest path to ensure vulnerability is gone.

More here.

Gapingvoid: Apple Lovefest

Via gapingvoid.com. Enjoy!

Online Fetish Company Buys SF Armory Building

Via CBS5.com.

Internet fetish company Kink.com announced it has purchased the State Armory and Arsenal and plans to revive it as a production studio.

The deal was closed on Dec. 29 at the cost of $14.5 million and was bought from Bak K Mortgage.

The 200,000 square foot reproduction of a Moorish castle was completed in 1914 and served the National Guard until 1976, Kink.com reported.

In 1978 the armory, located at 1800 Mission St., was listed on the National Register of Historic Places and has been out of use since then.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Jan. 9, 2007, at least 3,014 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,420 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

'Data Mining' May Implicate Innocent People in Search for Terrorists

Greg Gordon writes for McClatchy Newspapers:

In his first hearing Wednesday as the chairman of the Senate Judiciary Committee, Democratic Sen. Patrick Leahy of Vermont plans to examine federal "data-mining" programs, the computerized hunt for terrorists that can implicate innocent people.

Consider the case of American Airlines pilot Kieran O'Dwyer of Pittsboro, N.C.

O'Dwyer said Tuesday that U.S. Customs agents detained him for 90 minutes in 2003 when he got off an international flight in New York, telling him his name matched one on a government terrorist watch list.

Over the next 22 months or so, O'Dwyer said, he was temporarily detained 70 to 80 times by authorities who apparently were worried that he was a fugitive member of the Irish Republican Army.

More here.

(Props, Pogo Was Right.)

iDefense Offering Bounty on Vista and IE7 Vulnerabilities

Via heise Security News.

Security services provider iDefense is offering a reward of 8,000 dollars for vulnerabilities in Windows Vista or Internet Explorer 7 that can be exploited via the internet. There is an additional award of up to 4,000 dollars for functioning demo code.

This is significantly less than the price currently being offered for such exploits in underground auctions - Trend Micro recently reported that Vista exploits were going under the hammer for up to 50,000 US dollars.

More here.

DISA to Develop Satellite Communications Architecture

Bob Brewin writes on FCW.com:

The Defense Information Systems Agency is asking industry for help in developing a communications architecture for satellite systems that serve the Defense Department, the intelligence community and NASA.

The Transformational Communications Architecture will address the potential for an expanded role for commercial satellite communications to meet the requirements of DOD, NASA and the intelligence community through the year 2020, according to the request for information released Jan. 9.

The Communications Functional Integration Office (FIO) of the National Security Space Office (NSSO) is overseeing the project.

More here.