Fergie's Tech Blog: 01/14/2007

Hackers Attack Gorbachev's Website

An AP newswire article, via The Boston Globe, reports that:

Hackers attacked the Web site of a foundation run by former Soviet leader Mikhail Gorbachev, accusing him of brutally suppressing a pro-independence demonstration in Soviet Azerbaijan in 1990.

The perpetrators posted photographs of the suppressed rally on the Web site and published an open letter to the former leader, blaming him for the deaths of more 130 people — a tragedy known in Azerbaijan as the Black January.

The site was down by Saturday afternoon.

More here.

Credit Card Data, A Hack, And A Rush To Contain The Damage

Larry Greenemeier writes on InformationWeek:

TJX was refreshingly forthcoming about last month's computer hack, but the company's troubles may be just beginning as it works with investigators to sort out what happened. The retailer could face penalties under Visa's and MasterCard's Payment Card Industry data security standard, which stipulates that cardholder information must be protected.

Given TJX's size--its assets include 826 T.J. Maxx, 751 Marshalls, and 271 HomeGoods locations--the security breach into the portion of its computer network handling credit card, debit card, check, and merchandise return transactions is proportionately worrisome. The company knows some customer information was stolen but admitted in a statement that the extent of the theft is unknown.

More here.

Local: Wireless Silicon Valley Project Getting Closer to Roll-Out?

Sarah Jane Tribble writes in The Mercury News:

When IBM's Brent Grotz gets asked how soon Silicon Valley's much-anticipated wireless network will be built, the project leader holds up his hands as if to fend off more questions.

He doesn't want to be rushed.

"It's like building a house,'' Grotz said while speaking Friday at a national Wireless Communications Association meeting in San Jose. "You have to get the foundation down right and if you don't get that right then walls will fall down on you.''

Once completed, the network will span 40 cities in four counties and give residents free access to the Internet from their laptop computers or other portable devices. The network is being built to work outside but may work inside some homes close to the wireless access points. Internet access at higher speeds would be available for a fee.

Since Silicon Valley leaders picked IBM and Cisco Systems in September as part of a team that will build the network, few details have been released about how the nuts and bolts of the foundation will be built. Leaders from the 40 participating cities and the technology team, which also includes Azulstar and non-profit SeaKay, have been hashing out a model agreement in closed-door meetings.

More here.

Picture of the Day: The U.S. Constitution

Click for larger image.

"We the People of the United States, in Order to form a more perfect Union, establish Justice, insure domestic Tranquility, provide for the common defence, promote the general Welfare, and secure the Blessings of Liberty to ourselves and our Posterity, do ordain and establish this Constitution for the United States of America."

Full text can be found here.

It's not just a piece of paper. And that goes for you, too.

Toon: Meet the New Ma Bell

Image source: Gizmodo

University of Texas at Dallas Network Breach Worse Than First Thought

Holly K. Hacker writes on WFAA.com:

A computer attack at the University of Texas at Dallas was worse than officials first thought.

They now say Social Security numbers and other personal information may have been exposed for up to 35,000 faculty, current and former students, staff and others, putting them at risk of identify theft.

More here.

(Props, Pogo Was Right.)

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Jan. 19, 2007, at least 3,030 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,434 died as a result of hostile action, according to the military's numbers.

The AP count is 11 higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Hackers Steal $35K From Customers of Federal Savings Plan

Linda Rosencrance writes on ComputerWorld:

Hackers stole $35,000 from two dozen users of the Thrift Savings Plan (TSP), a retirement savings and investment plan for federal employees.

In late December, the computers of several TSP participants were infected with keylogging software that allowed criminals to record all keystrokes made by participants without their knowledge. The hackers also retrieved the customers' TSP personal identification number and other account information, according to a statement on the TSP Web site. However, the TSP's system was not breached, the company said.

More here.

U.S. Lawmaker Demands Answers from DoJ Over FBI Leak Probe

Josh Gerstein writes in The New York Sun:

The ranking member of a House committee is demanding answers from the Justice Department about recent reports in The New York Sun that intelligence agencies failed to cooperate with FBI investigations into leaks of classified material and that the FBI's files on some leak probes have disappeared.

The top Republican on the House Committee on Oversight and Government Reform, Rep. Thomas Davis of Virginia, said he was troubled by the Sun's report last week that FBI documents showed at least three leak investigations appeared to have been closed after case agents repeatedly complained about a lack of cooperation from the "victim agency."

More here.

NY Court: FBI May Have Coerced Filmmaker - UPDATE

Robert Loblaw writes on the Decision of the Day Blog:

This Second Circuit appeal involves a modern-day "War of the Worlds" - an online video depicting plans for a military takeover of Times Square. But Michael Zieper’s video isn’t nearly as well-known, perhaps because the government’s strong-arm tactics convinced his internet host to disable access to the video due to fears that it might incite a riot.

Zieper and his internet host sued, alleging among other things that an FBI Counter-Terrorism agent and an Assistant U.S. Attorney violated their First Amendment rights by coercing them to take down the video.

More here.

Update: 17:45 PST: More details here.

Lawsuits, Questions Follow NSA Surveillance Approval

K.C. Jones writes on InformationWeek:

If Americans were illegally spied on, the federal government's recent revelation that it has gained court approval for the National Security Agency's (NSA) terrorist surveillance program doesn't undo the harm.

Several lawsuits claiming the government broke laws by investigating people without warrants are continuing to wind their way through courts throughout the country. The details of the approval have not been released. U.S. leaders are citing security reasons for not providing information about standards for deciding whether to investigate someone -- then or now.

At least one group involved in one of the lawsuits targeting the NSA said that many questions remain.

More here.

Microsoft Case Lawyers Claim Violation

An AP newswire article by David Pitt, via The Washington Post, reports that:

The plaintiffs in Iowa's class-action antitrust lawsuit against Microsoft Corp. claim they have uncovered information that indicates the software company is violating its 2002 agreement with the U.S. Department of Justice.

The alleged misconduct surrounds Microsoft's duty to share software hooks known as application programming interfaces, or APIs, which let disparate programs work together. The Iowa plaintiffs' attorneys have alleged that Microsoft has not disclosed certain APIs to other software developers who want to make programs compatible with Microsoft software.

More here.

UK: Pipex Loses 30,000 Bulldog Customers

Richard Thurston writes on ZDNet UK:

Pipex, the ISP that bought the customer base of its troubled rival Bulldog, has revealed that it actually acquired 30,000 fewer customers than it expected.

Bulldog had a base of 110,000 users when the deal was agreed last September, but Pipex said on Tuesday that once the transfer was completed it had only gained 80,000 more customers. It appears that the remaining 30,000 left Bulldog, which has suffered a litany of technical and support problems over the last couple of years, culminating in an Ofcom inquiry.

More here.

Defense Tech: China Knows How Much America Has to Lose

Richard Spencer writes on The Telegraph.co.uk:

There is probably no better way to get China's nationalists to demand a Great Leap Forward in military spending than to tell them they are two decades behind the United States.

Yet that is what happened after Beijing's use of a ground-based missile to take out a redundant weather satellite was revealed to the world on Thursday night. The United States, experts pointed out, carried out this sort of test in the 1980s, and abandoned them because they made too much mess.

When it comes to its strategic interests, Beijing does not care much about making a mess, particularly 530 miles up in space.

More here.

Vermont State Web Site a Road Map for ID Thieves

An AP newswire article by David Gram, via The Boston Globe, reports that:

A prominent state legislator was not happy Friday when someone called him, told him his Social Security number was on a Web site maintained by the secretary of state's office and then read it to him.

"That's a little disturbing, I guess," said the lawmaker, whose name was withheld from this story to protect him from identity theft.

A Vermont law took effect last July 1 directing state and local government agencies to redact Social Security numbers from public records. The numbers are considered gold for identity thieves, who can use them to gain access to a variety of business transactions, including obtaining credit in the theft target's name.

Asked how he thought the new law was working, the lawmaker said, "It doesn't appear very well. If my Social Security number is on the World Wide Web, it seems like there must be a glitch in the system somewhere. I certainly would like to hear from the secretary of state on why this is happening."

More here.

Stephen Colbert Explains the Whole AT&T Thing!

Click to watch.

(Hat-tip, Woody.)

GPS Devices Lead to Suspects' Home

An AP newswire article, via SFGate.com, reports that:

Three thieves who allegedly stole 14 global positioning system devices didn't get away with their crime for long. The devices led police right to their home.

Town officials said the thieves didn't even know what they had: they thought the GPS devices were cell phones, which they planned to sell.

According to Suffolk County police, the GPS devices were stolen Monday night from the Town of Babylon Public Works garage in Lindenhurst. The town immediately tapped its GPS system, and it showed that one of the devices was inside a house. Police said that when they arrived there, Kurt Husfeldt, 46, had the device in his hands.

More here.

Telecom Italia Embroiled in New Espionage Scandal

Philip Willan writes on InfoWorld:

Milan magistrates have arrested four Telecom Italia employees for alleged illegal espionage activities, bringing a fresh wave of scandal crashing down onto the former national carrier.

The suspects were identified as Fabio Ghioni, the head of information security at Telecom Italia; his assistant, Rocco Lucia; and Guglielmo Sasinini, a former journalist who had been hired by the company to conduct country risk analyses for the Middle East region, according to a 230-page arrest warrant signed by Judge Giuseppe Gennari and widely cited in newspaper reports Friday.

A fourth warrant was served in prison on Giuliano Tavaroli, the former head of security at Telecom Italia, who had already been incarcerated on illegal espionage charges as a result of a separate investigation.

The four men are accused of using Telecom Italia’s resources to spy on Vittorio Colao, the former executive chief executive officer of the Rizzoli Corriere della Sera (RCS) publishing group, and on Massimo Mucchetti, the deputy director of the Corriere della Sera newspaper, as part of an elaborate intelligence operation that has all the hallmarks of a spy thriller, according to wire reports Thursday and newspaper articles Friday.

More here.

'Blogger is Borked Right Now...'

...and on the heels of the Technorati bork, the "old" Blogger went borked for about an hour this afternoon, too. (Click for larger image.)

Let's hope it stays up for a while. :-)

- ferg

'Technorati is Borked Right Now...'

Technorati having some problems, but I thought this was pretty funny. (Click on image for larger view...)

U.S. Government to Greatly Expand DNA Database

Richard Willing writes in USA Today:

The federal government could add DNA from tens of thousands of immigration violators, captives in the war on terrorism and others accused but not convicted of federal offenses to the FBI's crime-fighting database under a plan being finalized by the Justice Department.

Erik Ablin, a Justice Department spokesman, confirmed the plan, which hasn't been publicly disclosed, and said details are expected to be completed soon.

Proponents of the plan, including U.S. Sen. Jon Kyl, R-Ariz., and Maricopa County, Ariz., Sheriff Joe Arpaio, say taking DNA from federal detainees would solve many crimes committed by illegal immigrants and make it easier to identify and track potential terrorists.

Opponents, such as Caroline Fredrickson, director of the American Civil Liberties Union's Washington office, say such mass seizures of DNA violate privacy and do little to improve law enforcement.

More here.

The New IED? Satellite Killer's Big Impact

Via Defense Tech.

There's been immediate fallout -- both physical and political -- from China's satellite killer test.

Debris from the orbital collision has already been spotted, the M-T Milcom blog notes. "As of this writing NORAD has officially cataloged 32 objects... that now pollute a vital area of space (sun-synchronous polar orbit)."

"There are over 125 satellites that operate in this portion of space," the M-T blog observes. Those include reconnaissance satellites, like the Lacrosse and Advanced Keyhole orbiters, as well as weather-monitors, like the Defense Meteorological Satellites Program series. In other words, this test directly affects the American military's ability look for terrorist hideouts, and survey a potential battlefield.

More here.

26 IRS Tapes Missing in Kansas City

Lynn Horsley writes in The Kansas City Star:

Twenty-six IRS computer tapes containing taxpayer information are missing after they were delivered to City Hall months ago.

Kansas City is one of hundreds of governmental entities that share taxpayer information back and forth with the Internal Revenue Service. City officials use the federal tax return information to enforce their collection of the 1 percent city earnings tax, which is paid by people who live or work in Kansas City.

City and IRS officials on Thursday either would not or could not say exactly what information is on the tapes or the number of taxpayers whose information is on the tapes.

But the information potentially could include taxpayers’ names, Social Security numbers and bank account numbers, or they could contain employer information.

More here.

(Props, Pogo Was Right.)

Massachusetts AG has Credit Card Info Stolen a Week Before Taking Office

Andrew Ryan writes in The Boston Globe:

Martha Coakley got a first-hand lesson about what it is like to be a victim the week before she took the oath as the new state attorney general.

Rushing to leave for a ski trip before taking office, Coakley got a phone message at home from Dell computers early last week to confirm a $1,200 purchase on her Visa card. The order was about to be shipped to an address in Texas.

More here.

Belgian Newspapers Target Yahoo! After Forcing Google to Bend on Linking

Eric Bangeman writes on ARS Technica:

Long known for making the best beer in the world, Belgium has also become known for applying its copyright laws to news aggregators that summarize and link to the country's newspapers. The latest tiff comes courtesy of Yahoo and Copiepresse, Belgium's copyright enforcement group.

Yahoo, like other news aggregators, publishes summaries and links to news articles all over the Internet. This isn't a problem in most places, but Belgian publishers aren't fans of the practice. Bernard Magrez, a lawyer for the Belgian copyright watchdog, has accused Yahoo of publishing articles without authorization. As a result, Copiepresse has sent a "cease and desist" letter to Yahoo, requesting that they stop linking to articles on the newspapers' websites.

More here.

Questionable Conviction of Connecticut Teacher in Pop-up Porn Case

Lindsay Beyerstein writes on AlterNet:

Julie Amero, a 40-year-old substitute teacher from Connecticut is facing up to 40 years in prison for exposing her seventh grade class to a cascade of pornographic imagery. Amero maintains that she is a victim of a malicious software infestation that caused her computer to spawn porn uncontrollably.

Adware, spyware and other infectious software are known hazards to security and privacy -- and when lax cybersecurity meets anti-porn hysteria, a mailware infection can even land you in jail. Malicious coders are getting more sophisticated all the time, but law enforcement and the criminal justice system aren't keeping up. A criminal conviction can hang on the difference between a deliberate mouse click and an involuntary redirect on an infested computer. Too often, even so-called experts can't tell the difference.

More here.

Swedish Bank Loses $1.1M to Online Fraud - UPDATE

Via The BBC.

Internet fraudsters have stolen around 8m kronor ($1.1m; £576,000) from account holders at Swedish bank Nordea.

The theft, described by Swedish media as the world's biggest online fraud, took place over three months.

The criminals siphoned money from customer's accounts after obtaining login details using a malicious program that claimed to be anti-spam software.

Nordea said it had now refunded the lost money to all 250 customers affected by the scam.

More here.

UPDATE: 12:54 PST: Russians are now being fingered for this - more details here.

'Storm Worm' Rages Across the Globe

Dawn Kawamoto writes on C|Net News:

"Storm Worm," one of the larger Trojan horse attacks in recent years, is baiting people with timely information about a deadly, real-life front, security researchers said Friday.

Over an eight-hour period Thursday, malicious e-mails were sent across the globe to hundreds of thousands of people, said Mikko Hypponen, chief research officer for F-Secure.

People who open the attachment then unknowingly become part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge.

Storm Worm carries the subject line "230 dead as storm batters Europe," Hypponen said, noting the unusual twist to the e-mail.

"The e-mail was started 15 hours ago, when the storm was peaking in Central Europe," Hypponen said. "This is unusual in that it was very timely."

More here.

Chavez Hints U.S. Using Telecom to Spy on Him

An AP newswire article, via CNN, reports that:

Venezuelan President Hugo Chavez on Friday accused his nation's main telecommunications company of spying on him and suggested it was at the bidding of the United States.

Chavez, addressing 10 South American leaders at a summit of the Mercosur trade bloc, gave no additional details.

The accusation came less than two weeks after Chavez announced he would nationalize CA Nacional Telefonos de Venezuela, known as CANTV.

More here.

Homeland Security Watch: Needs a PaPa

Wow. A good opportunity for someone to step in an keep a great blog afloat...

Via Homeland Security Watch.

When I started this blog 14 months ago, I didn’t know what to expect. I thought there was a need for a site like this to bring together different parts of the professional homeland security community. And I had just learned that my employer, IBM, allowed employees to create and develop blogs, consistent with the company’s corporate guidelines. So I dove in, figured out how to create a site (first on blogspot, then directly at hlswatch.com), and started posting.

1,238 posts and 1.3 million hits later, I need to end my active involvement with this site, effective immediately. The reason: I’ve given a notice of separation to IBM and have accepted a job offer to join the Democratic staff of the Senate Homeland Security and Governmental Affairs Committee (HSGAC), chaired by Sen. Joe Lieberman. I feel honored to have an opportunity to join the staff of this committee, which sets a very high standard for solid work and bipartisan spirit in the U.S. Congress. I’m looking forward to getting into the trenches and working on the same range of critically important homeland security issues that I’ve written about here.

As for this site, I hope that I can pass it off to people who want to carry it forward - ideally multiple contributors - and am working on this already. If anyone reading is interested in this opportunity, drop me a line to hlswatch@gmail.com. I’m also willing to consider other types of proposals regarding the site. In the meantime, the links to other homeland security blogs and sites are still there on the right-hand column.

More here.

Off Topic: Shame of Our Nation

Egads.

I deplore the fact that our government has completely lost touch with the principles that founded this nation.

An AP newswire article, via MSNBC, reports that:

The Pentagon has drafted a manual for upcoming detainee trials that would allow suspected terrorists to be convicted on hearsay evidence and coerced testimony and imprisoned or put to death.

According to a copy of the manual obtained by The Associated Press, a terror suspect's defense lawyer cannot reveal classified evidence in the person's defense until the government has a chance to review it.

The manual, sent to Capitol Hill on Thursday and scheduled to be released later by the Pentagon, is intended to track a law passed last fall by Congress restoring President Bush's plans to have special military commissions try terror-war prisoners. Those commissions had been struck down earlier in the year by the Supreme Court.

More here.

Seattle: Port Police Officers Sent Explicit e-Mails

Eric Nalder and Lewis Kamb write in The Seattle Post-Intelligencer:

Thirty-two current and former Port of Seattle police officers -- nearly a third of the department's sworn force -- have been caught exchanging or receiving racist, sexist and sexually explicit e-mails since the end of October 2004, department records obtained by the Seattle P-I show.

For 16 months, no one in the department reported the smut-laced e-mails to top-level managers or internal investigators, even though the field-level supervisors joined line officers spending hours on their shifts viewing the material. The behavior wasn't discovered until a woman accused one officer of harassment, and internal investigators looked at his computer.

Records obtained by the P-I show such behavior has been going on in the department for years, including a case in 1997 that involved a prominent sergeant who is now a lieutenant and SeaTac city councilman.

More here.

Toon: Character Witness

Click for larger image.

Feds Out for Hacker Blood

Declan McCullagh writes on C|Net News:

Adrian Lamo, the hacker best known for illegal pranks aimed at companies like Yahoo, Microsoft and The New York Times, is free once again.

But his legal battles over handing over a DNA sample to the federal government are just beginning.

After pleading guilty to breaking into the paper's internal computer network in January 2004, the terms of Lamo's probation had confined him to the eastern district of California, which includes his parents' home near Sacramento where he is living. That probation, which included mandatory "computer-monitoring software and filtering equipment," expired Monday.

What isn't over is Lamo's refusal to give federal authorities a sample of his blood, which he says violates his religious convictions. He has offered to give a cheek swab as an alternative, a practice used by a number of states including California--but not the federal system.

More here.

FBI Sends Citizens Terrorism Alerts by e-Mail

Chitra Ragavan writes on U.S. News & World Report:

The FBI has sent out 600,000 E-mail alerts to a base of 14,000 subscribers, the bureau tells U.S. News.

The E-mail alert program was launched in October to provide the public, businesses, and law enforcement agencies with timely information on everything from terrorists to fugitives, scammers, and crooks, as well as updated information on terrorist threats. John Miller, FBI chief spokesman, said the system can also be used for crisis communication during a disaster or terrorist attack.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Jan. 18, 2007, at least 3,029 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,434 died as a result of hostile action, according to the military's numbers.

The AP count is 10 higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Number of People in U.S. with Traditional Landline Phones Drops Sharply

An AP newswire article, via SiliconValley.com, reports that:

The number of Americans with traditional landline telephones has declined sharply over the past three years -- a trend with ramifications for phone surveys that inform policy and market research.

About one in eight households did not have a landline telephone in the first half of 2006, according to data the Centers for Disease Control and Prevention collected in its National Health Interview Survey. Three years earlier, it was about one in 20.

The percentage of adults using cell phones only was increasing 1 percentage point every six months from 2003 through 2005 but jumped 2 points in the most recent study, Stephen Blumberg, a senior scientist at the CDC, said Thursday.

Among all adults, 9.6 percent had only a cell phone in the first half of 2006, compared with 7.7 percent in the preceding six months. The overall number without landlines -- 13.2 percent -- includes those who have no phone at all.

More here.

Microsoft to Build $550 Million Data Center in San Antonio

An AP newswire article, via SiliconValley.com, reports that:

Microsoft Corp. announced Thursday that will build a $550 million data center here to house its growing online services.

The 400,000-square-foot facility will be the software giant's first major data center in Texas.

The data center will house tens of thousands of computers to host Internet services like Microsoft's Windows Live offerings, which include everything from instant messaging to e-mail, said Mike Manos, Microsoft senior director of data centers.

More here.

KB Home Warns 2,700 of ID Theft Risk

Kristy Eppley Rupon writes on The State (South Carolina):

Thousands of KB Home customers are being warned of the risk of identity theft after one of the home builder’s computers was stolen from a Charleston sales office.

The company sent letters to 2,700 people Friday advising them to put a fraud alert on their credit reports and to monitor their credit for the next couple of years.

Ken Fenchel, who bought his Lexington home from KB Home in May, is irritated the company is not offering to do more to help the customers avoid identity theft.

“At a minimum they should (pay for) one year of fraud protection” for those customers, Fenchel said. “I’m not sure what else you can do.”

As a precautionary measure, KB Home officials say, they sent the letter to more people than they believe were affected.

Gee, how big of them...

More here.

(Props, Flying Hamster.)

Attorney General to Talk Data Retention with New Congress

Anne Broache writes on C|Net News:

The Bush administration plans to approach Congress again this year about the possibility of new rules requiring Internet service providers to retain information about their subscribers for a certain period of time.

Attorney General Alberto Gonzales said Thursday that he is continuing to explore such legislation, pertaining not to "data retained by government, but (to) data retained by ISPs that could be accessed with a court order."

More here.

DHS Pays for Wired News FOIA Lawsuit

Image source: 27B Stroke 6

Kevin Poulsen writes on 27B Stroke 6:

The Department of Homeland Security has been ordered to pay the Stanford Law School Cyberlaw Clinic $66,861.39 in attorneys' fees for its failure to comply with the Freedom of Information Act while stonewalling my request for records on the Zotob virus' infiltration of its computers.

Alert readers will recall my year-long battle to learn the details of an August 2005 failure of the $400 million US-VISIT system. Highlights include the DHS's Bureau of Customs and Border Protection asking me to drop the matter, then losing the paperwork, and finally denying the request in its entirety, all to avoid revealing that it made mistakes in leaving the border screening system open to attack.

More here.

TJX Intrusion Highlights Pursuit of Corporate Data

Matt Hines writes on eWeek:

The potentially massive data theft reported by discount retail conglomerate TJX Companies illustrates the continued efforts of hackers to rob businesses of their most valuable information.

On Jan. 17, the company, based in Framingham, Mass. which operates a handful of North American and European retail chains including T.J. Maxx, Marshalls, HomeGoods and A.J. Wright, reported that a computer systems intrusion may have compromised the personal data of an undetermined number of customers.

More here.

U.S. Internet Firms Repond to China Critics

Jonathan Birchall and Richard Water write in The Financial Times:

Google, Yahoo, Microsoft and Vodafone have announced an agreement with human rights groups, internet freedom activists and others to establish a set of principles covering how they deal with censorship and other restrictions that could harm human rights in China and elsewhere.

The move comes in the wake of public criticism of big US online companies last year over their activities in China. It echoes other voluntary “multi-stakeholder” initiatives that have emerged in recent years in response to public protest, covering issues such as the use of local security forces by oil and mining companies, and conditions in the clothing and footwear supply chains.

The four companies have agreed to work with non-governmental organisations to “seek solutions to the free expression and privacy challenges faced by technology and communications companies doing business internationally”, according to a statement on Thursday.

More here.

Port Scanning Precursor to Attempted SCADA Attacks?

Via The SANS Internet Storm Center's Daily Handler's Dairy.

We've been noticing a fair amount of activity on port 20000/TCP over the last month or so.

http://isc.sans.org/port.html?port=20000

UPDATE:
A number of people wrote in with information about recent alerts for activity targeting the DNP protocol or systems running DNP services. DNP is used in SCADA systems in the electric and water utilities industry for process control.

http://en.wikipedia.org/wiki/DNP3

DNP scanning activity was first reported in Oct 2006 with alerts in late Nov 2006. Significant scanning has been observed in late Dec. 2006 and is ongoing. A reader also contributed details of a system infection recently where port 1901/TCP and 20000/TCP were both used. Some reports have suggested a relationship between these DNP scans and scanning activity for port 10000/TCP (NDMP, Webmin).

Without more information on the scanning sources or full packet captures it is difficult to pinpoint/pigeonhole the current activity.

More here.

UK: ID Theft Nets £85,000 a Head, Says Study

Via OUT-LAW.com:

Identity fraud can net criminals £85,000 for each identity stolen, research has found. That is the average amount which criminals can expect to gain from impersonating a person in the UK according to anti-ID theft company Garlik.

Garlik was founded by Tom Ilube and Mike Harris, who founded internet bank Egg, and it commissioned research from consultancy 1871 Ltd which uncovered the value of a single fake identity. It also discovered that lawyers are a main target of ID fraudsters.

The research found that most people's perceptions of how identity fraud works are wrong. The fraudster commonly does not empty bank accounts but applies for new credit as another person so that that person may not discover for some time that they are being impersonated.

More here.

Phisher Empties £3000 From UK Man's Bank Account

Gordon Thomson writes on The Evening Times (UK):

A businessman's bank account was emptied after he was targeted by computer hackers.

But Bank of Scotland bosses today pledged to refund every penny to Steven Watson, who lost more than £3000.

Mr Watson, who runs Scotia Boiler Services, discovered that £3109 he'd put aside for VAT payments had been stolen from his account.

Bank chiefs say online accounts are secure and believe hackers targeted Mr Watson's home computer, then monitored his internet use to get his personal details.

He's believed to have been a victim of "phishing", where fraudsters copy a genuine business webpage - such as a bank - to fool customers into revealing their sign-in details, including user name and password.

More here.

(Props, Flying Hamster.)

Newspaper Publisher Tries to Thwart First Amendment

Via EFF Deep Links.

The Santa Barbara News-Press needs a lesson in the First Amendment. Insisting that an anonymous comment posted for a few hours on a news blog skewed a labor unionization vote, the publisher of the newspaper is demanding that Google disclose the blogger's account information.

It all started last September. Three months after several editors walked off the job amid allegations that News-Press owner and co-publisher Wendy McCaw had improperly interfered in editorial decisions, the employees that remained were struggling to form a union to negotiate with McCaw. McCaw did not take kindly to the unionization effort or even commentary about it--in fact, she has sued two newspapers based on their coverage of the labor dispute and threatened defamation suits against individual citizens who posted pro-union signs in their windows. The legal campaign has made headlines around the country.

Enter pseudonymous blogger Sara de la Guerra. Sara reports and comments on current events in Santa Barbara and has been critical of McCaw's anti-union tactics. In early September, a third party submitted a comment advocating various acts of cybersabotage against News-Press management. The comment was taken down within hours, but News-Press later issued a press release quoting and complaining about the comment.

When the employees then voted to form a union, News-Press filed objections with the National Labor Relations Board, arguing that the comment had influenced the election. Three months later, just a few days before the hearing on the objections, News-Press issued a subpoena to Google seeking information relating to Sara's account.

More here.

Quote of the Day: Noah Shachtman

"China has shown it can destroy a satellite in orbit. What could the U.S. do to stop Beijing, if it decided to attack an American orbiter next? Short answer: nothing."

- Noah Shachtman, writes over on DefenseTech.org. Background here.

Off Beat: Internet Pirate Charged in Toilet Bombings Plans to Plead Guilty

File this under "bizarre story of the day"...

An AP newswire article by John Christoffersen, via The Boston Globe, reports that:

A Weston man once called one of the Internet's most notorious pirates of music and movies plans to plead guilty to a federal charge that he blew up a portable toilet last year, according to court records filed Thursday.

Bruce Forest was charged last year with seven counts of using explosives to destroy property and seven counts of discharging a firearm in connection with a series of toilet explosions in 2005 and 2006.

No one was injured.

More here.

NIST IPv6 Profile to Detail U.S. Federal Requirements

Jason Miller writes on GCN.com:

The National Institute of Standards and Technology will release the federal government’s Internet Protocol version 6 profile by the end of the month to help agencies and vendors understand the government’s technical requirements.

Peter Tseronis, the Education Department’s director of network services and co-chairman of the IPv6 working group, yesterday said the NIST profile will be out for public comment for about a month and then NIST will issue the first version of the profile.

The profile, which will be released in the Federal Register, recommends a technology acquisition approach for common IPv6 devices, Tseronis said.

More here.

RFID Tattoos for Tracking Cows... And People

Thomas Ricker writes over on Engadget:

Did you know that Saint Louis based Somark Innovations successfully tested an "RFID tattoo" on cows and rats?

Yes indeed, tattoo, not the ol' RFID chip found in passports, dogs, and Dutch VIP clubbers. Somark's system uses an array of needles to inject a passive RFID ink which can be read through the hair on your choice of beast.

The ink can be either invisible or colored but Somark is keeping mum as to its exact contents. They only say that it doesn't contain any metals and is 100% biocompatible and chemically inert. The tattoo can be applied in 5 to 10 seconds with no shaving involved and can be read from up to 4 feet away -- the bigger the tattoo, the more information stored.

More here.

Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability

Via Cisco.com.

The Cisco Security Monitoring, Analysis and Response System (CS-MARS) and the Cisco Adaptive Security Device Manager (ASDM) do not validate the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) certificates or Secure Shell (SSH) public keys presented by devices they are configured to connect to.

Malicious users may be able to use this lack of certificate or public key validation to impersonate the devices that these affected products connect to, which could then be used to obtain sensitive information or misreport information.

More here.

CIBC Loses Info on 470,000 Canadians

Sinclair Stewart writes in The Globe and Mail:

The personal information of nearly half-a-million customers at a CIBC mutual fund subsidiary has gone missing, prompting fears of a potential security breach and inciting an investigation from Canada's federal privacy commissioner.

A backup computer file containing application data for 470,000 investors at Montreal-based Talvest Mutual Funds disappeared in transit on the way to Toronto recently, the bank said in a news release Thursday.

The file contained everything from client names and addresses to signatures, birth dates, bank account numbers and Social Insurance Numbers. Officials at CIBC Asset Management Inc., a division of the Canadian Imperial Bank of Commerce, said there is no evidence of fraud, nor is there any indication that any data on this hard drive has been accessed. The company did not explain how it lost the drive.

Privacy Commissioner Jennifer Stoddart, who launched a probe of CIBC following a faxing snafu two years ago, said she has determined there are grounds for another investigation in the Talvest matter, even though the bank brought the problem to her attention.

More here.

U.S. Senators Question Gonzales on Domestic Spying - UPDATE

An AP newswire article, via MSNBC, reports that:

Senators demanded details Thursday from Attorney General Alberto Gonzales about new orders putting the government's domestic spying program under court review -- and questioned why it took so long to do so.

Meanwhile, the presiding judge of the Foreign Intelligence Surveillance Court said she had no objection to disclosing legal orders and opinions about the program that targets people linked to al-Qaida, but the Bush administration would have to approve release of the information.

Gonzales and National Intelligence Director John Negroponte said it was uncertain whether the court orders and details about the program will be disclosed.

More here.

UPDATE: 11:08 PST: DefenseTech.org has some really good first-hand accounts of the congressional hearing and some astute observations - here.

UPDATE 12:14 PST: Another pragmatic observation of some of the dubious issues involved here.

UPDATE 13:03 PST: Ryan Singel has more over at 27B Stroke 6.

Four Families Suing MySpace Over Assaults

An AP newswire article, via MSNBC, reports that:

Four families have sued News Corp. and its MySpace social-networking site after their underage daughters were sexually abused by adults they met on the site, lawyers for the families said Thursday.

The law firms, Barry & Loewy LLP of Austin, Texas, and Arnold & Itkin LLP of Houston, said families from New York, Texas, Pennsylvania and South Carolina filed separate suits Wednesday in Los Angeles Superior Court, alleging negligence, recklessness, fraud and negligent misrepresentation by the companies.

“In our view, MySpace waited entirely too long to attempt to institute meaningful security measures that effectively increase the safety of their underage users,” said Jason A. Itkin, an Arnold & Itkin lawyer.

More here.

Defense Tech: China Tests Satellite Killer?

Via Defense Tech.

"U.S. intelligence agencies believe China performed a successful anti-satellite (asat) weapons test" last week, according to Aviation Week. In the trial, a ballistic missile, armed with a non-explosive warhead, "destroy[ed] an aging Chinese weather satellite target" over 500 miles above the Earth.

The news comes just a few months after reports of China testing high-powered lasers to temporarily blind American orbiters. "If the test is verified it will signify a major new Chinese military capability."

More here.

Student Sues UCLA for Taser Incident

Eric Stern writes in The Sacramento Bee:

The UCLA student who was shocked repeatedly with a Taser gun in November by campus police filed a federal lawsuit Wednesday in Los Angeles against the university.

"I suffered an unprovoked act of police brutality," said Mostafa Tabatabainejad, 24, in a statement issued by his attorney. "I hope that no one else will ever have this experience at UCLA or anywhere else again."

Tabatabainejad, who grew up in the Sacramento area, said his civil rights were violated in the Nov. 14 incident at the campus library that was captured on a cell phone camera and broadcast over the Internet. Tabatabainejad - heard screaming in pain in the video as students crowded in and jeered police - is seeking unspecified damages.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Jan. 17, 2007, at least 3,028 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,430 died as a result of hostile action, according to the military's numbers.

The AP count is 13 higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

XM and Sirius: FCC Breaks Satellite Hearts

Jack Kapica writes on The Globe and Mail:

The rumoured radio romance involving a merger of Sirius and XM appears to be over.

The competing satellite radio companies saw their shares plunge after Kevin Martin, chairman of the U.S. Federal Communications Commission, cut the flirtation short by announcing Wednesday Afternoon that "There is a prohibition on one entity owning both of these businesses. The ban was written in 1997 when the companies were licensed."

In reaction, shares tumbled by 6.99 pert cent for Sirius Satellite Radio Inc. and by 9.86 per cent for XM Satellite Radio Holdings Inc.

The stocks of both companies had plunged more than 40 per cent last year, resulting in talks between them of creating a merged entity.

More here.

UK: Patients' Details Stolen in Hospital Computer Theft

Via the Daily Mail.

Computers containing patients' details have been stolen from a disused hospital site, health officials have said.

About 30 new computers were taken from a storeroom at the now-closed Lymington Infirmary in Lymington, Hants, earlier this month.

A Hampshire Primary Care Trust spokeswoman said the equipment did not have complete patient records on them but could contains details of names and addresses of those who had visited the site.

More here.

(Props, Techdirt.)

Networks Disrupted By Taiwan Earthquake Struggle To Recover

W. David Gardner writes on InformationWeek:

An undersea earthquake struck off the coast of Taiwan on Wednesday, complicating efforts to repair six submerged cables that were severed by a stronger quake nearly four weeks ago.

The most recent temblor measured 5.0 on the Richter scale. Taiwan's Central Weather Bureau reported no immediate damage or casualties. This after a magnitude-6.7 earthquake killed two people and crippled the region's network traffic on December 26.

The events are likely to have a long-term impact as telecommunications firms gradually come to grips with the damage, one observer said.

"We're heading towards the fourth week after the earthquake and not a single cable has been repaired," said Todd Underwood of Internet and communications traffic monitoring firm Renesys in an interview Wednesday. "It's a tough situation " deep water, rough seas, and not many boats available."

More here.

Wrong Flight on Wrong Airline (Otherwise, Trip Went Well) - UPDATE

Further proof of the failures of security theater...

Kathleen McGrory writes in The Miami Herald:

As the plane rolled down the runway, one passenger was bewildered when a flight attendant welcomed travelers aboard the Milwaukee-bound flight.

Milwaukee!?

He thought he was going to New York.

Turns out, he had accidentally boarded the wrong flight -- on the wrong airline.

And in today's post-9/11 climate, that's the sort of thing that can cause airport security to break out in hives.

More here.

UPDATE: 15:54 PST: Oh, wait! Here's another one...

Quote of the Day: Ari Melber

"Just before its implosion last November, the Republican Congress passed the Military Commissions Act (MCA), one of the worst legislative setbacks to human rights policy since World War II."

"The law dilutes restrictions against torture; provides new immunity for war criminals; eliminates habeas corpus, the sacrosanct right to go to court and challenge government detention, for US residents; and authorizes rigged military trials for people captured on and off the battlefield, without any oversight by American courts."

"But the public barely noticed because Congress approved the sweeping legislation with no hearings in a seven-day rush before the midterm elections."

- Ari Melber, writing in The Nation.

U.S. Air Force Cyber Command to Create Innovation Center

Mary Mosquera writes on GCN.com:

The Air Force plans to establish a Global Cyberspace Innovation Center by summer to speed the process of turning around new technologies, said Lt. Gen. Robert Elder Jr., who heads the Cyber Command, part of the 8th Air Force, headquartered at Barksdale Air Force Base in Louisiana.

The proposed center, which is just a concept now, aims to bring in academia and industry to collaborate with Air Force and service partners on technologies critical for the cyberspace command. Air Force has added cyberspace as another domain in warfighting with air and space. Elder also is working with the Air Force Research Lab on how to accelerate its technologies.

More here.

U.S. Set to Push Ahead with Wire Transfer Database Plan

Via Finextra.com.

The US government is set to force through a proposal that would require the country's top banks to report details of their international wire transfers under initiatives to track money laundering and terrorist funding.

The news comes as US Treasury division Financial Crimes Enforcement Network (Fincen) delivers a report stating that the reporting of cross-border wire transfer data by financial institutions is "technically feasible" and may be valuable to efforts to "combat money laundering and terrorist financing".

But according to news reports the database scheme would be limited to banks that directly transmit or receive an international wire transfers. Eric Kringel, senior policy adviser at Fincen, told reporters that this would effectively limit the requirement to around a dozen large financial institutions.

Last year the American Bankers' Association (ABA) called for the US government to drop the scheme and claimed the Treasury Department didn't have the resources to administer such a programme adequately.

More here.

TJX Companies Victimized by Computer Systems Intrusion

Via Businesswire.

The TJX Companies, Inc. today announced that it has suffered an unauthorized intrusion into its computer systems that process and store information related to customer transactions.

While TJX has specifically identified some customer information that has been stolen from its systems, the full extent of the theft and affected customers is not yet known.

This intrusion involves the portion of TJX’s computer network that handles credit card, debit card, check, and merchandise return transactions for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico, and its Winners and HomeSense stores in Canada, and may involve customers of its T.K. Maxx stores in the U.K. and Ireland.

The intrusion could also extend to TJX’s Bob’s Stores in the U.S. The Company immediately alerted law enforcement authorities of the crime and is working closely with them to help identify those responsible. TJX is also cooperating with credit and debit card issuers and providing them with information on the intrusion.

More here.

(Props, RMS.)

Gapingvoid: Love and Hate

Via gapingvoid.com. Enjoy!

DHS to (Finally) Launch Traveler Redress Inquiry Program

Via DHS.gov.

The Department of Homeland Security (DHS) announced today it will launch the DHS Traveler Redress Inquiry Program (DHS TRIP), an easy to use, single point of inquiry for travel-related issues.

DHS TRIP was developed to provide a central gateway to address watch list misidentification issues, situations where individuals believe they have faced screening problems at immigration points of entry, or have been unfairly or incorrectly delayed, denied boarding or identified for additional screening at our nation’s transportation hubs.

More here.

Some background here and here.

Your ISP is the IFPI's Next Target

Grant Robertson writes on Digital Music:

According to the IFPI's "Digital Music Report 2007", your residential ISP is the their next front in the war on piracy.

The report spells out in pretty stark language exactly what the IFPI expects from the ISP who's services you pay for, "We should not be doing this job alone. With cooperation from ISPs we could make huge strides in tackling internet piracy globally. It is very unfortunate that it seems to need pressure from governments or even action in the courts to achieve this, but as an industry we are determined to see this campaign through to the end."

It's unclear exactly what the IFPI wants ISPs to do but, it is pretty clear that they want it done now.

More here.

DHS Report: TSA Needs to Secure Financial Systems

Alice Lipowicz writes on GCN.com:

The Transportation Security Administration has inadequate computer security controls on its financial systems, according to a new report released today by Homeland Security Department Inspector General Richard L. Skinner.

The special report is a letter from KPMG LLP accounting firm on IT matters related to TSA’s fiscal 2005 financial statements. KPMG was hired to audit the TSA’s finances; however, it did not complete its audit because it did not receive final financial statements from the agency. The letter was released in a redacted form with sensitive portions blacked out.

The accounting firm examined both TSA and Coast Guard systems because the Coast Guard’s IT systems host key financial applications for the TSA.

More here.

To Credibility: FISA Court to Govern Wiretapping Plan

So, I guess this akin to saying "Okay, we won't break the law anymore..."

Dan Eggen writes in The Washington Post:

The Justice Department announced today that the National Security Agency's controversial warrantless surveillance program has been placed under the authority of a secret surveillance court, marking an abrupt change in approach by the Bush administration after more than a year of heated debate.

In a letter to the Senate Judiciary Committee, Attorney General Alberto R. Gonzales said that orders issued on Jan. 10 by an unidentified judge puts the NSA program under the authority of the Foreign Intelligence Surveillance Court, a secret panel that oversees most intelligence surveillance in the United States.

Gonzales also wrote that the current NSA program will effectively be abandoned after its current authorization expires in favor of the new approach.

More here.

Note: The Bush administration, and specifically Attorney General Alberto Gonzales, is sending mixed messages. As mentioned in this MSNBC/Associated Press article, Gonzales also says that "...federal judges are unqualified to make rulings affecting national security policy."

Checks and balances? What checks and balances...

Defense Tech: Northrop Opens First U.S. Laser Weapons Plant

A Reuters newswire article, via InformationWeek, reports that:

Northrop Grumman Corp. Tuesday opened the first U.S. production facility for high-energy laser weapons, saying it hoped to benefit from rapid growth in the new class of weapons that are cheaper to operate than traditional missiles.

"We see this capability emerging very quickly. The government is moving in this direction," Mike McVey, president of Northrop's directed energy systems business, told a teleconference. "We're positioning ourselves to be ready when they want more capability."

McVey declined to say how much the new facility in Redondo Beach, Calif., cost but said it could be used to build three 100-kilowatt lasers at the same time, and could also do classified work for the military. He gave no further details.

More here.

DARPA Satellite Research Deal to be Headed by BAE

Doug Beizer writes on GCN.com:

The next phases of the Defense Advanced Research Projects Agency’s Novel Satellite Communications program will be headed by BAE Systems, which will lead a team of companies in a $10.3 million contract.

The deal could be worth as much as $14.3 million, if all options are exercised, the company said.

Novel Satellite Communications will protect uplink signals to satellites against hostile jamming using advanced signal processing techniques to enable uninterrupted communications.

More here.

Defense Tech: Homeland Security 2.0?

Via Businessweek.com.

Few if any of the 68,000 rabid Philadelphia Eagles fans arriving for last Sunday's National Football League playoff game against the New York Giants knew that they had been scanned by one of the latest high-tech anti-terrorism tools.

Pennsylvania security officials deployed radiation probes at the gates of Lincoln Financial Field to stop terrorists from sneaking in a homemade nuclear device that could kill thousands. Personnel on the grounds carried even more-sensitive equipment.

More here.

Hawking: Climate Change Worse Than Terror

An AP newswire snippet, via CBS News, reports that:

Scientist Stephen Hawking described climate change Wednesday as a greater threat to the planet than terrorism.

Hawking made the remarks as other prominent scientists prepared to push the giant hand of its Doomsday Clock _ a symbol of the risk of atomic cataclysm _ closer to midnight. The move will mark the fourth time since the end of the Cold War that the clock has ticked forward and Hawking warned that "as citizens of the world, we have a duty to alert the public to the unnecessary risks that we live with every day."

More here.

Off Topic: Whacked Out NorCal Weather

Here's something you don't see every day in San Jose: snow-capped mountains with palm trees in the foreground.

I took this picture from the window of my office this morning in San Jose...

Enjoy. :-)

- ferg

Keeping ID Theft Victims in the Dark

Annys Shin writes on The Checkout:

In the midst of the big headlines, however, one tidbit about pretexting seems to have gone unnoticed. The eagle-eyed folks at HearUsNow.org have come across a letter [.pdf] from the Justice Department to the Federal Communications Commission, which is working on regulations regarding pretexting.

The letter makes a pitch for, of all things, a way to delay notifying consumers when they have been victims of pretexting.

More here.

ACLU Throws Support Behind Shareholder Challenge to AT&T on Illegal NSA Spying

Via The ACLU.

The American Civil Liberties Union today announced its support for an effort by AT&T shareholders to force the company to disclose more about its role in the recent National Security Agency (NSA) illegal spying scandal and to tighten its policies to better protect customer privacy.

The shareholder effort consists of a proposed resolution to be considered at AT&T's April stockholder meeting, which would require management to take the relatively modest step of issuing a report on the issues surrounding cooperation with the NSA, what steps the company could take to "further ensure" customer privacy, and the company's expenditures related to the program. It is being spearheaded by the As You Sow Foundation, an investor activist group.

More here.

ACLU Report Shows Widespread Pentagon Surveillance of Peace Activists

Via The ACLU.

The American Civil Liberties Union today released a new report revealing that the Pentagon monitored at least 186 anti-military protests in the United States and collected more than 2,800 reports involving Americans in an anti-terrorist threat database.

The ACLU report reviews hundreds of pages of Defense Department documents obtained through a Freedom of Information Act lawsuit filed last year. The documents revealed that the surveillance of peace groups and anti-war activists was more widespread than previously known.

More here.

Computer Privacy in Distress

Jennifer Granick writes on Wired News:

My laptop computer was purchased by Stanford, but my whole life is stored on it. I have e-mail dating back several years, my address book with the names of everyone I know, notes and musings for various work and personal projects, financial records, passwords to my blog, my web mail, project and information management data for various organizations I belong to, photos of my niece and nephew and my pets.

In short, my computer is my most private possession. I have other things that are more dear, but no one item could tell you more about me than this machine.

Yet, a rash of recent court decisions says the Constitution may not be enough to protect my laptop from arbitrary, suspicionless and warrantless examination by the police.

More here.

UK Police Maintain Uneasy Relations With Cyber-Vigilantes

Tom Espiner writes on C|Net News:

The London-area Metropolitan Police Service has turned to some unlikely allies in the fight against Internet crime: cyberactivists who are taking action against online fraudsters.

The police are working with certain cybervigilante groups, using them as a source of information in the fight against fraud, according to sources within the Metropolitan Police fraud alert unit. This includes Artists Against 419, whose activities include consuming the bandwidth of fraudulent banking and lottery sites in an attempt to force them off the Internet.

More here.

California Man Convicted Under Antispam Law

A Bloomberg News article, via The New York Times, reports that:

A California man who defrauded users of AOL by sending e-mail messages requesting credit data became the first defendant found guilty by a jury under a 2003 federal law barring Internet ”spam.”

The defendant, Jeffrey B. Goodin, 45, of Azusa, Calif., was convicted under the 2003 Can-Spam Act, the United States attorney’s office said yesterday in a statement. The statute prohibits sending unsolicited e-mail messages with falsified header, or return address, information.

Prosecutors said that Mr. Goodin operated a so-called phishing scheme that duped AOL subscribers into providing personal and credit information in the belief they were dealing with the company’s billing department. He used the credit card information to make unauthorized purchases.

Mr. Goodin is to be sentenced June 11 in Los Angeles.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Jan. 16, 2007, at least 3,026 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,428 died as a result of hostile action, according to the military's numbers.

The AP count is 13 higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Botnet Herders Face Jailtime

Tom Sanders writes on vnunet.com:

Authorities are seeking jailterms of up to 3 years against two botnet operators who alleged to have commanded a network of 1.5m computers.

The 20 and 29 year old Dutch male suspects are accused of to have constructing two viruses that were set free on the internet. The Toxbot worm was used to recruit a worldwide network of zombie PCs on which they installed adware software. They deployed the Wayphisher worm to steal credit card information and account information for online banks.

The operation netted an estimated total of €60,000 over a period of 6 months.

The Dutch public attorney is seeking a three years jail term for the 20-year-old. His accomplice is facing a maximum jail term of two years.

More here.

Oracle Releases 51 Patches

Dan Kaplan writes on SC Magazine Online:

Oracle today released 51 unique fixes as part of its latest quarterly security update.

Some of the fixes correspond to vulnerabilities across products.

The most severe vulnerabilities affect Oracle Database and E-Business Suite and are rated seven out of 10, according to Oracle's Common Vulnerability Scoring System (CVSS).

More here.

Google, British Military Discuss Google Earth Use in Attacks

Elinor Mills writes on the C|Net Search Blog:

Google is talking with military agencies in Iraq after learning that terrorists attacking British bases in Basra appear to have been using aerial footage from Google Earth to pinpoint strikes, according to the United Kingdom's Daily Telegraph.

Among documents seized in raids on insurgents' homes were printouts from photos taken from Google Earth that show the location of buildings, tents, latrines and lightly armored vehicles, the news site reported. On the back of one set of photos, someone had written the precise longitude and latitude of the Shatt Al Arab Hotel, where 1,000 Staffordshire Regiment soldiers are headquartered, the report said.

More here.

U.S.: No Internet Governance Changes Expected

Anne Broache writes on C|Net News:

Are tensions related to the United States' historic influence over key Internet management functions a thing of the past?

Two senior Bush administration officials involved in setting Net policy say that's the case.

At a meeting here organized by the Federal Communications Bar Association, U.S. Ambassador David Gross and Assistant Secretary of Commerce John Kneuer said they view the question as settled: no United Nations body will be exercising additional control over tasks like handing out numeric Internet addresses or operating the root servers that power the Internet anytime soon.

More here.

Chertoff Wants 'Insider' Threats Studied

Dan Caterinicchia writes on Businessweek.com:

Homeland Security Secretary Michael Chertoff on Tuesday asked business leaders to assess the potential conflict between national security demands and employee privacy laws regarding risks to the nation's critical infrastructure, such as water, energy and other utilities.

"It's something businesses must reflect upon and strike the right balance between security with respect to their work force and the privacy workers expect," Chertoff told The Associated Press following remarks to the National Infrastructure Advisory Council. The council is a group of private sector executives and state and local government leaders who meet four times a year to provide the White House with advice about keeping important networks secure.

The private sector controls about 85 percent of the nation's water, energy, transportation and other critical facilities.

More here.

Founders of Payment Processing Company Charged in Online Gambling Case

An AP newswire article, via SiliconValley.com, reports that:

Two founders of a company which processes Internet gambling transactions were arrested and charged with laundering billions of dollars in gambling proceeds, federal prosecutors announced Tuesday.

The charges against the former Neteller PLC directors, John David Lefebvre, 55, and Stephen Eric Lawrence, 46, both Canadian citizens, were contained in two criminal complaints unsealed in U.S. District Court in Manhattan on Monday, U.S. Attorney Michael Garcia said in a statement.

The prosecutor said the men knew when they took their company public that its activities were illegal.

More here.

Battles Over Online Videos Underscore Difficulties Controlling Digital Information

An AP newswire article, via SiliconValley.com, reports that:

For evidence that digital information, once set free, cannot be controlled, consider the steamy video of Brazilian supermodel Daniela Cicarelli making out with her boyfriend on a Spanish beach and in the water just off shore.

The couple persuaded a Brazilian court last fall to force the video-sharing site YouTube to remove copies, but other users simply resubmitted the video through their free accounts.

More here.

CIA Emphasizes Flexibility in New Strategy

Richard Willing writes in USA Today:

The CIA plans to increase its use of "open sources" such as newspapers and blogs and to outsource more software development to commercial contractors under a 22-point strategy being put in place.

The CIA's "Strategic Intent," distributed to agency employees in December and posted on its public website this month, stresses improved flexibility and fewer barriers between departments. It contains several corporate-style flourishes, including ongoing employee input, an advisory board drawn from business and academia and "action teams" assigned to implement the plan.

More here.

Passport Requirement for Air Travel Begins January 23

Via DHS.gov.

The U.S. Department of Homeland Security (DHS) and U.S. Department of State are issuing a reminder today that beginning Jan. 23, 2007, citizens of the United States, Canada, Mexico, and Bermuda are required to present a passport to enter the United States when arriving by air from any part of the Western Hemisphere. Since announcing this requirement last November, the departments have been encouraging all travelers to obtain passports before they travel.

The public awareness of the air travel requirement continues to grow and current data shows that 88 percent of affected passengers are already traveling to the United States with passports. Since the week of Thanksgiving 2006, 83 percent of U.S. citizens, 94 percent of Canadians, 88 percent of Mexicans, and 99 percent of Bermudans have arrived at U.S. airports with passports.

More here.

The Planet Completes Integration, Retires EV1Servers Brand

Via Netcraft.

The Planet has completed its merger with EV1Servers and relaunched with a new web site, upgraded infrastructure and an emphasis on managed hosting. The integration of the two dedicated server providers, which were both acquired last May by private equity firm GI Partners, results in the retirement of the EV1Servers brand.

The Planet is now the world's sixth-largest hosting company, according to Netcraft's Hosting Provider Switching Analysis, with 1.89 million hostnames on its network, trailing only Go Daddy, 1&1 Internet, Microsoft, Google and Germany's Intergenia AG. The Planet says it now has more than 22,000 customers housed in six data centers, and combined revenue of approximately $110 million. It has also upgraded its network with high-speed 10 gigabit ethernet links with Level 3, Savvis, Global Crossing and Verio Networks.

More here.

UK: Pipex Starts Clock Ticking for Possible Sale

Elizabeth Judge writes in The TimesOnline.co.uk:

The countdown to a £400 million sale of Pipex, Britain’s fifth biggest internet service provider, kicked off yesterday when its chairman launched a review of the business.

Peter Dubens, the internet millionaire, told The Times that he was “reviewing the best way forward” for the business.

Pipex, one of Britain’s first internet service providers, is thought to have held talks with BT last year.

It is also regarded as a likely target for players including BSkyB and Carphone Warehouse, Europe’s biggest mobile phone retailer, as they seek to scale up their broadband customer bases.

More here.

Verizon Spins Off Northeast Landline Business

Via BetaNews.

Telecommunications company Verizon said Tuesday that it will spin off its landline business in Maine, New Hampshire, and Vermont, merging it with Fairpoint, a Charlotte, N.C. telecommunications company specializing in rural and small urban markets.

The deal would generate some $2.7 billion for both Verizon and its shareholders. The company will be the majority shareholder of the combined entity, although it will be headed by Fairpoint's current management team.

More here.

U.S. Navy Wants Encryption, Better Monitoring on WLANs

Patience Waite writes on GCN.com:

The Navy, addressing concerns over the security of wireless networks and communications devices, has issued a servicewide policy setting standards for the use of commercial wireless hardware and services.

The policy, issued Nov. 30 by acting CIO John Lussier, applies to all unclassified commercial WLAN devices, services and technologies.

More here.

EU Backing Down on Terror List Secrecy

Andrew Rettman writes on EU Observer:

EU states are planning to lift the veil of secrecy surrounding how names appear on their list of terrorist entities "in the near future" - but in the meantime member states are breaking their own laws, some lawyers say.

The list - which numbers 54 individuals and 50 groups - sees EU states vote every six months on which names should go in or out on the basis of secret evidence submitted by "competent national authorities" with "guilty" parties facing stigma and frozen bank accounts.

But following a December 2006 ruling by the EU court in Luxembourg, suspects will now be sent "statements of motivation" setting out the evidence against them and instructions on how to mount a legal challenge in a potential watershed for EU security work.

More here.

The Trouble With Customers and Their Data

A Wall Street & Technology article, via Dark Reading, reports that:

The financial services industry certainly is aware of threats to customer data privacy. Firms are well informed about previous data breaches at nonprofit and for-profit entities alike. These events are grabbing headlines globally and are foremost on the minds of existing and potential clients, so financial institutions must be attentive to consumers' concerns, mustn't they?

Yet, time and again, reports surface of hackers, dishonest insiders, careless data handling and lost laptops leading to the exposure of customer information.

More here.

Spam: Trench Warfare in the Age of The Laser-Guided Missile

In an excellent article, Neil Schwartzman writes on CircleID:

The historical development of spam fighting is allowing computer-aware criminals to take the upper hand in the fight against what has now evolved into a completely technologically and organizationally merged threat to public safety.

If we do not change our strategic approach immediately, the battle, indeed even the war may be all but lost.

Much more here.

Vista's UAC Security is Hopeless, says Symantec

Matthew Broersma writes on TechWorld (UK):

A key security feature of Windows Vista, User Account Control (UAC) is still nearly unusable, Symantec has said.

At a press presentation last week, Symantec vice president of engineering Rowan Trollope said Symantec's customers had found the feature so "chatty", that it was a burden on users, potentially creating new help-desk calls.

He said that personally he had found the feature so distracting he had finally turned it off - not a good sign for companies intending to use UAC to protect systems.

More here.

Germany Wants EU Police to Share Personal Data

John Blau writes on InfoWorld:

European Union justice ministers are meeting this week in Dresden, Germany, to discuss a package of measures that could give police and other security forces in the region unprecedented access to a range of individuals' personal data.

The measures, known as the Treaty of Plum after the German town where the accord was signed by several E.U. member states in 2005, would allow police and other security agencies in different countries to search each other's databases for DNA records, fingerprints, vehicle registrations and other personal information.

During its E.U. presidency, which began this month, Germany hopes to muster enough support to turn the private Treaty of Plum into E.U. law.

More here.

Annoying TiVo Fast Forward Popup Ads Return

Ed Oswald writes on BetaNews:

Customers of the DVR service TiVo began reporting over the weekend that the fast forward ads which appear during commercial breaks have reappeared. The ads appeared last in March 2005, when the company was testing new ways to generate money from the service.

However, TiVo has made changes in response to the initial customer backlash. The ads only appear when a user fast-forwards through a commercial that matches the pop-up ad's content. Additionally, when the commercial is played at regular speed, a flashing green "thumbs up" key is placed on the screen.

More here.

Yet Another Quake Rattles Taipei - UPDATE

A Reuters newswire article, via The Boston Globe, reports that:

A moderate earthquake shook Taipei on Tuesday, but it was not immediately clear where the quake was centered. There were no immediate reports of damage.

The earthquake occurred around 11:10 a.m. local time (0310 GMT), but it was unclear where the epicenter was or how strong it was.

Earthquakes occur frequently in Taiwan, which lies on a seismically active stretch of the Pacific basin.

One of Taiwan's worst-recorded quakes occurred in September 1999. Measuring 7.6 on the Richter scale, it killed more than 2,400 people and destroyed or damaged 50,000 buildings.

It is unclear whether this latest quake had contributed to ongoing connectivity issues in the region still being felt by the last series of earthquakes last month.

More here.

UPDATE: 21:40 PST: Actually, everything looks okay...

Venice Project Launch Name: Joost

Michael Arrington writes on TechCrunch:

The Venice Project, the new online television startup led by Skype founders Niklas Zennstrom and Janus Friis, has always been a working name for the company. Until today, no one outside the company knew name the company would eventually launch as.

A tip from reader Joost Schreve led us to the domain name Joost.com: if you click the “cancel” button multiple times an unformatted web page pops up with information about the Venice Project. We have subsequently confirmed that this is the actual launch name of the company.

More here.

Defense Tech: Real Iraq Surge: Electronic Attack?

Via Defense Tech.

"Any U.S. military surge in Iraq will be far more than a troop increase," Aviation Week says, in a fascinating new article. "A key element in the deployment will be an accelerated effort to bring more and newer technologies to bear on the foe, in part by targeting insurgent commanders, often through their communication networks."

A third squadron of Prowler electronic attack planes is being equipped with a new, Northrop system "designed to identify and locate enemy emitters and jam signals that can be used to remotely detonate explosive devices. The U.S. Air Force's EC-130 Compass Call electronic attack aircraft are [also] being used in Iraq to detonate explosive devices along convoy routes."

But perhaps the most intriguing family of systems being "readied for operations" is BAE Systems' Suter network exploitation programs, designed to "break into enemy networks to hear communications, see what enemy sensors are seeing and, in some circumstances, become the systems manager with the ability to manipulate enemy sensors."

More here.

The Legal Tangles Of Data Collection

Ellen Nakashima writes in The Washington Post:

When it comes to data collection, federal laws often have been outpaced by technology, critics say. And sometimes, the executive branch carves out its own exception.

Take eavesdropping.

U.S. law requires that law enforcement officials obtain a warrant to tap someone's phone or intercept e-mail. But President Bush, drawing on decades-old precedent, asserts that he has "inherent authority" to authorize agents to intercept electronic communications without a warrant in the interest of national security.

That is the rationale underpinning the National Security Agency's warrantless-wiretapping program. The new Democratic-run Congress has vowed to renew scrutiny of this program and others that involve collection and analysis of Americans' personal data.

More here.

PayPal Acknowledges Account Glitches

Elise Ackerman writes in The Mercury News:

eBay's PayPal unit said a number of users had problems transferring money from their PayPal accounts to their bank accounts on Sunday and Monday.

Amanda Pires, a PayPal spokeswoman, said a dedicated team was still trying to solve the problem on Monday afternoon. Pires said eBay was not sure what caused the glitch. "We are focused on fixing it, not diagnosing it," she said.

More here.

Outstanding: Henry Rollins Pummels Bush, Pushes Net Neutrality

Henry Rollins
Image source: IFC.com

Freekin' outstanding. Henry, you rock!

Via TruthDig.

The former rocker delivers an R-rated Olbermann-type diatribe against the “enemies of democracy” who would like to lock up the Internet in a dank Gitmo jail cell.

Watch the video here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Jan. 15, 2007, at least 3,022 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,427 died as a result of hostile action, according to the military's numbers.

The AP count is 10 higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Missing Boy Left Clues On The Internet

Via CBS News.

During the four years he was missing, both Shawn Hornbeck and his family were all over the Internet — he, on a variety of social networking sites, posting photos and messages, while they were with a website seeking clues and assistance in their desperate search for him.

In a chilling twist, CBS News correspondent Daniel Sieberg reports, Shawn and his parents may have crossed paths online more than a year ago. Someone going by "Shawn Devlin" - the last name of the accused kidnapper - visited his parents' online message board and wrote "how long are you planning to look for your son?"

Could he have been using the Internet to drop digital breadcrumbs?

More here.

Israel: Population Registry Info Leak Sparks Call for Investigations

Joshua Brannon writes in The Jerusalem Post:

Vital Population Registry information was leaked and posted on the Internet, prompting the Interior Ministry to demand an investigation into the incident.

The data files, compiled by the Interior Ministry on all Israeli citizens, contain personal information that could potentially be used without authorization by Internet marketers, and of course cyber-criminals.

According to an Army Radio report Monday morning, besides the potential financial harm poised to everyday citizens as a result of the leak, the downloadable data included particularly sensitive information, such as the addresses of senior government and security officials.

The Interior Ministry, which is entrusted to protect the information, issued a statement Monday saying that it had passed the data on to the political parties running for the Knesset in the last election, in accordance with the law, and only then did the information show up in file sharing sites on-line.

More here.

(Props, Pogo Was Right.)

Microsoft: Chasing Google

Elise Ackerman writes in The Mercury News:

Microsoft may have been willing to spend years developing Vista, the long-delayed upgrade of its Windows operating system, but when Bill Gates was presented with a plan for finally beating Google in Internet search technology, he gave the engineers just 100 days.

"Full-speed ahead," Gates told Stephen Lawler, the leader of the just-formed Virtual Earth team. The team met Gates' first deadline, as well as other equally punishing milestones in the two years that followed.

But the effort has yet to pay off. Indeed, the harder the coders from Redmond race after the crew from Mountain View, the more Google seems to pull ahead.

More here.

Off Topic: A Fascinating Contradiction: Islam & Jinn

Image source: The Economist

This is completely out of character for me to blog about topics of this nature, but I recently read an article in The Economist entitled "Jinn: Born of fire" with fascination.

You can find the article here.

And with equal fascination, I recently stumbled across this article, which states that:

Government officers in Malaysia tore pages from international weekly newspaper "The Economist" and blacked out a paragraph because the content contravened Islamic teachings, according to the Centre for Independent Journalism (CIJ), SEAPA's partner in Malaysia.

Missing in the locally circulated 23 December 2006 edition of "The Economist", published by the Economist Newspaper Limited in Britain, is the article, "Born of fire", about Muslims in Afghanistan and Somalia believing in the existence of jinns (genies).

I have no idea why this topic fascinates me -- but it does.

Some additional background can be found here.

Cheers.

- ferg

Picture of the Day: Scotland Marks 300 Years with England

Image source: AP / Martin Cleaver

Above: A single damaged English flag "The Cross of St. George" flies amongst a row of Scottish "Saltire" flags during a gale at Stracathro in eastern Scotland, Saturday Jan. 13, 2007.

With barely the raising of a glass, Scotland is preparing to mark 300 years since accepting the Treaty of Union with England - which bound two countries together and gave the world Great Britain.

The anniversary Tuesday of the Scottish parliament's voting to accept the treaty is focusing attention on growing discord, with advocates of Scottish independence gaining strength in their campaign for a referendum on breaking the union.

Via The Boston Globe (AP).

e-Mail Poses Unique Problem for Science Historians

Via CBC News.

The increasing use of e-mails — which don't often leave a trail — will make it more difficult to chronicle the history of scientific discoveries, a U.S. academic says.

Historians have often used informal letters and telegrams between scientists to flesh out science stories, but e-mails often only survive if reproduced in another format, said Robert Crease, a historian who is also head of the philosophy department at Stony Brook University in New York.

More here.

User Friendly: Big Hearts

Via UserFriendly.org.

Click for larger image.

Belgian Defense Ministry Website Remains Offline After Weekend Hack

An AP newswire article, via Digital Post Production, reports that:

The Web site of Belgium's Defense Ministry remained off line on Monday after it was hacked over the weekend by a group defending Turkish nationalist views.

"In terms of image, this is not very good," said Defense Minister Andre Flahaut. The ministry was beefing up its web firewall and testing its resistance to hackers on Monday before opening up the site again to the public.

The ministry lodged a complaint with the prosecutor's office, after a group calling itself the "Turk Forcers" posted a text in English on the site defending World War I-era actions against Armenians in Turkey and against Kurds afterward, said defense spokeswoman Ingrid Baeck.

More here.

Anti-Terrorism Program Mines IRS' Records

Dalia Naamani-Goldman writes in The Los Angeles Times:

Federal intelligence and law enforcement agencies increasingly rely on the Internal Revenue Service and other government repositories of personal financial information as an important source for leads in terrorism investigations.

The masses of detailed data give investigators broad power to sift through the finances of people, charities and businesses suspected of illegal activities. But they also worry privacy advocates who fear that tax and other financial records may be used improperly.

In 2002, in the wake of the Sept. 11 terrorist attacks, the IRS and the Social Security Administration made 12,236 emergency disclosures of personal tax information to intelligence and law enforcement agencies, according to a count obtained through a Freedom of Information Act request.

These emergency requests are granted only when investigators cite imminent danger or death — and after 2002 became much less common. Since then, the IRS has made only 180 emergency disclosures to the Federal Bureau of Investigation and other agencies, but thousands more to intelligence and law enforcement agencies using new powers written into the U.S. Tax Code after 9/11.

More here.

Asia to Get New Submarine Cable Links to U.S.

Stuart Comer writes on ITWire.com.au:

Asia Netcom has announced plans to built two new submarine cable links between Asia and the USA, expanding its regional submarine cable system, East Asia Crossing (EAC).

The new 23,500 km link - EAC Pacific expected to be completed by July 2008 - will extend the existing infrastructure with a new trans-Pacific ring. It will consist of a northern route connecting Japan to the US, and a southern route linking the Philippines to the US via Guam and Hawaii. EAC Pacific will also include a subsea link between the Philippines and Japan, which will close the ring design and integrate the trans-Pacific infrastructure with the current system.

The move follows the announcement yesterday by Asia Netcom's parent company, Connect Holdings, of a takeover bid for regional Internet service provider - Singapore based Pacific Internet.

More here.

EU Ministers Agree to Share DNA and Fingerprint Data

Mark Beunderman writes on EUobserver.com:

European interior ministers have informally agreed to share personal data such as DNA as part of the fight against crime and terrorism, representing an important move in the sensitive policy area.

At an informal gathering in Dresden, Germany together with the European Commission succeeded in rallying all 27 member states behind a plan to grant mutual access to vehicle registration data, DNA files and stored fingerprints.

More here.

Asia Netcom Aims to Buy Pacific Internet

Stuart Comer writes on ITWire.com.au:

The parent company of one of the largest operators of submarine cable networks in Asia has launched a takeover bid for the one of the region's largest ISPs: a move that, if successful would create a unique combination of a massive regional cable network and an ISP with a presence in several major regional nations.

The bid has been launched by Connect Holdings Ltd, a company owned by a global investor group which includes Ashmore Investment Management Limited, Spinnaker Capital Limited and Clearwater Capital Partners and which bought submarine cable operator Asia Netcom from China Netcom in August 2006. Connect also owns another Asian regional submarine cable network, C2C Pte Ltd, originally a Singapore Telecom subsidiary.

More here.

First Cracked HD-DVD Movies Leak Onto BitTorrent

Via TorrentFreak.

The HD-DVD has been cracked, and high definition content is now being distributed freely over BitTorrent. We all knew this would happen sooner or later, looks it was “sooner”. The first HD-DVD to be uploaded to BitTorrent is Serenity, the Firefly movie.

It hasn’t even been a month since the HD-DVD ripper, BackupHDDVD was released and we’re already seeing high definition feature films pop up on torrent sites. Other than Serenity, it is rumoured that HD-DVDs of the movies Batman Begins, Chronicles of Riddick, 12 Monkeys and King Kong have been decrypted and consequently shown up on torrent sites. Yesterday, a handful of hackers figured out how to extract the unique volume key from HD-DVDs.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Sunday, Jan. 14, 2007, at least 3,021 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,427 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Dinosaurs, Humans Coexist in U.S. Creationist Museum

Andrea Hopkins writes for Reuters:

Ken Ham's sprawling creation museum isn't even open yet, but an expansion is already underway in the state-of-the art lobby, where grunting dinosaurs and animatronic humans coexist in a Biblical paradise.

A crush of media attention and packed preview sessions have convinced Ham that nearly half a million people a year will come to Kentucky to see his Biblically correct version of history.

"I think we'll be surprised at how many people come," Ham said as he dodged dozens of designers working to finish exhibits in time for the May 28 opening.

The $27 million project, which also includes a planetarium, a special-effects theater, nature trails and a small lake, is privately funded by people who believe the Bible's first book, Genesis, is literally true.

More here.

Toon: Going Up

Click for large image.

Deletions in Army Manual Raise Wiretapping Concerns

Eric Lichtblau and Mark Mazzetti write in The New York Times:

Deep into an updated Army manual, the deletion of 10 words has left some national security experts wondering whether government lawyers are again asserting the executive branch’s right to wiretap Americans without a court warrant.

The manual, described by the Army as a “major revision” to intelligence-gathering guidelines, addresses policies and procedures for wiretapping Americans, among other issues.

The original guidelines, from 1984, said the Army could seek to wiretap people inside the United States on an emergency basis by going to the secret court set up by the Foreign Intelligence Surveillance Act, known as FISA, or by obtaining certification from the attorney general “issued under the authority of section 102(a) of the Act.”

That last phrase is missing from the latest manual, which says simply that the Army can seek emergency wiretapping authority pursuant to an order issued by the FISA court “or upon attorney general authorization.” It makes no mention of the attorney general doing so under FISA.

More here.

Prison Time For Viewing Porn?

Via ABC News 20/20.

It has been two years since police officers stood at the doorstep of the Bandy home with a search warrant bearing a devastating charge — possession of child pornography.

Police officers stormed into the house with guns pointed. "The first thing I thought was, someone's trying to break in our house," Matthew said. "And then there [were] police officers with guns pointed at me, telling me to get downstairs."

Greg Bandy was handed the search warrant and informed that the central suspect was Matthew. According to the warrant, nine images of young girls in suggestive poses were found on the Bandy family computer. Yahoo monitors chat rooms for suspicious content and reported that child porn was uploaded from the computer at the Bandys' home address.

More here.

(Props, ha.ckers.org.)

Cell Phone Subsidies Enrich Telecoms

An AP newswire article by Bob Porterfield, via Yahoo! News, reports that:

Cellular subscribers are paying hundreds of millions of dollars each year to subsidize landline telephone service, enriching big telecommunications companies while providing little or no benefit to cell phone users.

The subsidies are intended to reimburse the companies for providing traditional phone service in rough terrain and rural areas where stringing lines can be costly. But rampant development has transformed some of these backwaters into booming subdivisions, with no real adjustment to the distribution formula; others, like the oceanfront celebrity playground of Malibu, are receiving subsidies simply because of their difficult topography.

Outdated formulas for tabulating the surcharges — coupled with feeble government oversight — have meant a windfall for phone companies, which are fighting to preserve them.

More here.

DHS to Outsource REAL ID

Via UnRealID.com.

The Department of Homeland Security plans to outsource REAL ID implementation to third-party data aggregators, according to official DHS documents. The Department of Homeland Security has finished their proposed regulations for implementing the Real ID Act and has sent them to the Office of Management and Budget for approval. The publication of DHS's REAL ID regulations will follow shortly.

The compliance guidelines are almost one year overdue. According to a still-secret several hundred-page dossier sent last week by DHS to the Office of Management and Budget, DHS considered three ways to implement the REAL ID Act:
Plan A: Order the individual states to find a way of communicating data to one another. This idea was given short shrift by DHS, who dismissed it out of hand.
Plan B: Have DHS build a centralized database for the states to query before issuing REAL ID-compliant drivers licenses. This idea was also rejected.
Plan C: Have a private data aggregator act as the central database. This is the plan advocated by DHS. The plan calls for the outsourcing of all drivers license and ID card checks to a private corporation, who would then charge the states for each check performed. DHS head Michael Chertoff personally ordered this option to be chosen, according to a senior administration source.
What does this all mean? Quite simply, this is the outsourcing of our Constitutional rights. It means that all privacy protections on our drivers licence data will be removed once the DMV sends your data to the private corporation.

More here.

UK: Whitehall Moves to Create 'Super-Database'

Why does this strike me as an incredibly bad idea? :-)

Bonnie Malkin writes in The Telegraph.co.uk:

A huge Whitehall 'super-database' of people's personal details could be created in what the government says is a bid to improve public services.

The move would mean relaxing regulations that restrict different parts of government from sharing information.

Tony Blair is expected to unveil plans for the database in Downing Street on Monday, the BBC reports.

More here.

Quote of the Day: Shakespeare's Sister

"There is no other way to construe this significant deletion in light of the administration's history aside from the obvious—the groundwork is being laid for enabling the Army to gather intelligence on American citizens, but the administration wants us to trust them that the possibility won't be abused."

- Shakespeare's Sister

U.S. Retracts Spy Coins Claim

A Canadian Press article by Jim Bronskill, via The Toronto Star, reports that:

It seems there's no danger of your spare change spying on you after all.

A U.S. government defence agency has suddenly retracted its claim that Canadian coins containing tiny transmitters were planted on at least three American contractors who visited Canada.

It's the latest twist in an intriguing cash caper.

Canadians began carefully scrutinizing their loonies following the Virginia-based Defense Security Service's claim that specially doctored coins were a new tool of the trade for shadowy figures out to steal sensitive U.S. military technology.

More here.

Cheney: Credit Checks Aren't Illegal

Darth Cheney

An AP newswire article, via WTOP News, reports that:

Vice President Dick Cheney said Sunday the Pentagon and CIA are not violating people's rights by examining the banking and credit records of hundreds of Americans and others suspected of terrorism or espionage in the United States.

National security letters permit the executive branch to seek records about people in terrorism and spy investigations without a judge's approval or grand jury subpoena.

More here.

(Props, Pogo Was Right.)

MI5 Terror Alert Blunder Sends Private Data to U.S. Marketing Firm

Via ThisIsLondon.co.uk.

Confidential details sent to MI5 by thousands of individuals and businesses have ended up with an American company specialising in supermarket mailshots.

The security service's new email early warning system was designed to reassure the public in the wake of the July 7 bombings and the disclosure of a string of failed terror plots.

It was launched by the Home Office last week. The Government said it was part of a long-planned programme to keep the public better informed about the terrorist threat.

People signing up for the alerts were asked to type their name and email details into the MI5 website alongside an assurance their personal information would be protected by the Data Protection Act and the Security Services Act.

More here.

(Props, Flying Hamster.)

Fergie's Tech Blog

Saturday, January 20, 2007

Hackers Attack Gorbachev's Website

Friday, January 19, 2007

Credit Card Data, A Hack, And A Rush To Contain The Damage

Local: Wireless Silicon Valley Project Getting Closer to Roll-Out?

Picture of the Day: The U.S. Constitution

Toon: Meet the New Ma Bell

University of Texas at Dallas Network Breach Worse Than First Thought

U.S. Toll in Iraq

Hackers Steal $35K From Customers of Federal Savings Plan

U.S. Lawmaker Demands Answers from DoJ Over FBI Leak Probe

NY Court: FBI May Have Coerced Filmmaker - UPDATE

Lawsuits, Questions Follow NSA Surveillance Approval

Microsoft Case Lawyers Claim Violation

UK: Pipex Loses 30,000 Bulldog Customers

Defense Tech: China Knows How Much America Has to Lose

Vermont State Web Site a Road Map for ID Thieves

Stephen Colbert Explains the Whole AT&T Thing!

GPS Devices Lead to Suspects' Home

Telecom Italia Embroiled in New Espionage Scandal

'Blogger is Borked Right Now...'

'Technorati is Borked Right Now...'

U.S. Government to Greatly Expand DNA Database

The New IED? Satellite Killer's Big Impact

26 IRS Tapes Missing in Kansas City

Massachusetts AG has Credit Card Info Stolen a Week Before Taking Office

Belgian Newspapers Target Yahoo! After Forcing Google to Bend on Linking

Questionable Conviction of Connecticut Teacher in Pop-up Porn Case

Swedish Bank Loses $1.1M to Online Fraud - UPDATE

'Storm Worm' Rages Across the Globe

Chavez Hints U.S. Using Telecom to Spy on Him

Thursday, January 18, 2007

Homeland Security Watch: Needs a PaPa

Off Topic: Shame of Our Nation

Seattle: Port Police Officers Sent Explicit e-Mails

Toon: Character Witness

Feds Out for Hacker Blood

FBI Sends Citizens Terrorism Alerts by e-Mail

U.S. Toll in Iraq

Number of People in U.S. with Traditional Landline Phones Drops Sharply

Microsoft to Build $550 Million Data Center in San Antonio

KB Home Warns 2,700 of ID Theft Risk

Attorney General to Talk Data Retention with New Congress

DHS Pays for Wired News FOIA Lawsuit

TJX Intrusion Highlights Pursuit of Corporate Data

U.S. Internet Firms Repond to China Critics

Port Scanning Precursor to Attempted SCADA Attacks?

UK: ID Theft Nets £85,000 a Head, Says Study

Phisher Empties £3000 From UK Man's Bank Account

Newspaper Publisher Tries to Thwart First Amendment

Quote of the Day: Noah Shachtman

Off Beat: Internet Pirate Charged in Toilet Bombings Plans to Plead Guilty

NIST IPv6 Profile to Detail U.S. Federal Requirements

RFID Tattoos for Tracking Cows... And People

Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability

CIBC Loses Info on 470,000 Canadians

U.S. Senators Question Gonzales on Domestic Spying - UPDATE

Four Families Suing MySpace Over Assaults

Wednesday, January 17, 2007

Defense Tech: China Tests Satellite Killer?

Student Sues UCLA for Taser Incident

U.S. Toll in Iraq

XM and Sirius: FCC Breaks Satellite Hearts

UK: Patients' Details Stolen in Hospital Computer Theft

Networks Disrupted By Taiwan Earthquake Struggle To Recover

Wrong Flight on Wrong Airline (Otherwise, Trip Went Well) - UPDATE

Quote of the Day: Ari Melber

U.S. Air Force Cyber Command to Create Innovation Center

U.S. Set to Push Ahead with Wire Transfer Database Plan

TJX Companies Victimized by Computer Systems Intrusion

Gapingvoid: Love and Hate

DHS to (Finally) Launch Traveler Redress Inquiry Program

Your ISP is the IFPI's Next Target

DHS Report: TSA Needs to Secure Financial Systems

To Credibility: FISA Court to Govern Wiretapping Plan

Defense Tech: Northrop Opens First U.S. Laser Weapons Plant

DARPA Satellite Research Deal to be Headed by BAE

Defense Tech: Homeland Security 2.0?

Hawking: Climate Change Worse Than Terror