Friday, February 02, 2007

Lessons Not learned: VA Hard Drive with Personal Data Missing

An AP newswire article, via The Boston Globe, reports that:

A portable hard drive that may contain the personal information of up to 48,000 veterans may have been stolen, the Department of Veterans Affairs and a lawmaker said Friday.

An employee at the VA medical center in Birmingham, Ala. reported the external hard drive missing on Jan. 22. The drive was used to back up information on the employee's office computer. It may have contained data from research projects, the department said.

The employee also said the hard drive may have had personal information on some veterans, although portions of the data were protected. Secretary of Veterans Affairs Jim Nicholson said that the VA and the FBI are investigating.

Rep. Spencer Bachus, R-Ala., said that the personal information of up to 48,000 veterans was on the hard drive and the records of up to 20,000 of them were not encrypted.

More here.

Picture of the Day: Kitty Pirate




(Props, Evil Pundit.)

Donald Trump's SSN Appears in Web Documents

An AP newswire article, via The Boston Globe, reports that:

New York state officials on Friday froze portions of a state Web site that identity thieves could have used to access the Social Security numbers of some New Yorkers -- including billionaire developer Donald Trump.

The Department of State's Web site led to commercial loan documents where the numbers could be found with a simple name search. It took the department more than three hours to block access to the documents after The Associated Press alerted officials to the problem.

The forms are posted by the department to let lenders know the current financial status of loan recipients.

It was unclear late Friday how long the information was available on the site, and the Department of State did not immediately return calls seeking clarification.

Trump was traveling and could not immediately be reached for comment.

More here.

FTC to Release ID Theft Data at RSA

Robert McMillan writes on InfoWorld:

The U.S. Federal Trade Commission will wade into an emerging debate on the nature of identity crime when it releases its latest ID theft statistics at the RSA Conference in San Francisco next week.

The data, set to be released on Wednesday, will be based on information compiled by the FTC's Consumer Sentinel complaint database, said Claudia Bourne Farrell, an FTC spokeswoman.

The Consumer Sentinel data is based on "anecdotal ... data that has been self-reported to the FTC by consumers," Farrell said.

The FTC is preparing a more comprehensive ID fraud survey, similar to one it published in 2003, which is expected to be released in the coming months.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Feb. 2, 2007, at least 3,092 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,480 died as a result of hostile action, according to the military's numbers.

The AP count is 12 higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Hacker Hits University of Missouri Database

Terry Ganey writes on ColumbiaTribune.com:

A hacker broke into a University of Missouri system computer server last month and might have gained access to personal information, including Social Security numbers, of 1,220 researchers on four campuses.

The passwords used for the system by more than 2,500 people might have been compromised as well. The university has sent e-mails and registered letters to everyone affected.

The compromised computer is the university’s Research Board Grant Application System. Technicians have not identified the hacker, but an internal inquiry is under way to find the culprit’s "footprints."

More here.

GPS Surveillance and the Fourth Amendment

Robert Loblaw writes on The Decision of the Day Blog:

Does the Fourth Amendment allow the government to surreptitiously install a GPS tracking device on a suspect’s car and then track his movements? The circuits are split on this question, but today the Seventh Circuit joins those courts that have found no constitutional violation.

In this case, the GPS device revealed frequent visits to a rural tract of land. When police went to the location, they discovered a meth lab. The defendant was convicted and he appealed, arguing that using the GPS device to uncover the meth lab violated his Fourth Amendment rights.

More here.

Dutch Man Fined $97,000 for 9 Billion Spams

An AP newswire article, via USA Today, reports that:

A spammer whom authorities say e-mailed more than 9 billion unwanted advertisements for products like erection pills faces a hefty fine: If he needs headache medication or debt relief there's probably an unsolicited ad in his own inbox.

Dutch authorities have levied a $97,000 fine on an unidentified man for sending "unsolicited electronic messages to consumers to promote erection enhancement pills, pornographic websites, sex products and such," the country's telecommunications watchdog said Friday in a statement. It was the largest such fine levied by the watchdog, known by its Dutch acronym OPTA.

OPTA said it considered several factors, including the sheer volume of the messages, saying the 9 billion was a "minimum" estimate.

More here.

Survey: Are Domain Registrars Free-Speech Friendly?

Declan McCullagh and Anne Broache write on C|Net News:

Go Daddy's controversial decision last week to suspend the domain name of a popular computer security Web site did more than merely raise questions about the extent of free speech on today's Internet.

It also prompted owners of domain names to wonder about the reliability of their own registrars--and whether the domains they own are safe from suspension in the absence of a court order.

In response to requests from readers, CNET News.com conducted the following survey of 12 leading registrars: DirectNIC; Dotster; eNom; Gandi.net; Go Daddy; Melbourne IT; Moniker.com; NameKing; Network Solutions; OnlineNIC; Register.com; and Tucows.

We found that the French registrar Gandi.net and New Orleans-based DirectNIC offered the most extensive guarantees against unnecessary domain name suspension.

More here.

Viacom Demands YouTube Remove Videos

An AP newswire article, via MSNBC, reports that:

Media company Viacom Inc., which owns the cable networks MTV, VH1, Nickelodeon and the Paramount Pictures movie studio, asked YouTube on Friday to remove more than 100,000 unauthorized clips from its hugely popular video-sharing site.

Viacom said in a statement that after several months of talks with YouTube and its corporate parent, the online search leader Google Inc., “it has become clear that YouTube is unwilling to come to a fair market agreement that would make Viacom content available to YouTube users.”

Viacom said that YouTube and Google had failed to deliver on several “filtering tools” to control unauthorized video from appearing on the hugely popular site.

More here.

German Police Again the Target of Cybercrime

John Blau writes on InfoWorld:

Germany's Federal Criminal Police Office (BKA) is once again the target of criminal forces in the Internet.

Spam e-mail allegedly sent by the police office is making the rounds in the German-speaking region of Europe. The e-mail contains an attachment with malware that has yet to be classified and is thus slipping by some antivirus programs, according to the BKA Web site.

The subject line of the e-mail reads "Ermittlungsverfahren," or investigation. Recipients are informed that they face charges and should open the attached document, fill it out and return to the police office.

Once opened, the malicious code affects some undisclosed functions of the user's PC and sends itself to the addresses listed in the user's address book.

More here.

Netcraft: February 2007 Web Server Survey

Via Netcraft.

In the February 2007 survey we received responses from 108,810,358 sites, an increase of 1.93 million from last month. Apache has a decline of 442K sites this month, and sees its share of the web server market slip by 1.47 percent to 58.7 percent. This is the first time Apache's market share has been below 60 percent since September 2002.

Microsoft-IIS gain 935K sites, continuing an advance that has seen Microsoft steadily chip away at what once seemed an insurmountable lead for Apache. In our Feb. 2006 survey, Apache held 68% market share, giving it lead of 47.5% over Windows (20.5% share). In this month's survey, Microsoft's share has improved to 31.0%, narrowing Apache's advantage to 27.7%.

More here.

Data Breach Lawsuits Pile up on T.J. Maxx

Ed Sutherland writes on internetnews.com:

Wait until earnings later this month. That's when TJX Companies, parent of retail giants T.J. Maxx, Marshalls and others, is expected to know more about the extent of damages from a recent intrusion into its computer systems containing customer data.

The Framingham, Mass.-based company said it will record a charge of one penny per share in the fourth quarter of fiscal year to cover the costs of investigating the intrusion, beefing up computer security, customer communications and legal fees.

The costs may go higher. Already, consumer groups and banks have filed suit since TJX's Jan. 18th announcement disclosing the breach. Between 2003 and mid-May through December 2006, the company said, hackers accessed customer information, including credit card and debit card, driver's licenses and customer names.

More here.

That's Entertainment: Malicious Website: Super Bowl XLI / Dolphin Stadium - UPDATE

Image source: Websense

Via the fine folks at Websense.

Websense® Security Labs™ has discovered that the official website of Dolphin Stadium has been compromised with malicious code. The Dolphin Stadium is currently experiencing a large number of visitors, as it is the home of Sunday's Super Bowl XLI. The site is linked from numerous official Super Bowl websites and various Super Bowl-related search terms return links to the site.

A link to a malicious javascript file has been inserted into the header of the front page of the site. Visitors to the site execute the script, which attempts to exploit two vulnerabilities: MS06-014 and MS07-004. Both of these exploits attempt to download and execute a malicious file.

More here.

Also, the domain which the malicious javascript redirects to for it's exploit is registered in China, and is apparently being "fast-fluxed" (periodically changing it's IP address to avoid take-down).

UPDATE: 11:25 PST: The website has now removed the malicious javascript code and is clean!

Update: 20:00 PST: The IP addresses were not fast-flux, as it first appeared. It has now pretty much been mitigated.

Thursday, February 01, 2007

San Francisco: Indian Consulate Makes Big ID Theft Boo-Boo

David Lazarus writes in The San Francisco Chronicle:

Thousands of visa applications and other sensitive documents, including paperwork submitted by top executives and political figures, sat for more than a month in the open yard of a San Francisco recycling center after they were dumped there by the city's Indian Consulate.

The documents, which security experts say represented a potential treasure trove for identity thieves or terrorists, finally were hauled away Wednesday after The Chronicle inspected the site and questioned officials at the consulate and the recycling facility.

Among the papers were visa applications submitted by Byron Pollitt, chief financial officer of San Francisco's Gap Inc., and Anne Gust, wife of California Attorney General Jerry Brown.

More here.

Off Topic: Reports of My Death, Etc.

(Click for larger, uglier me.)


Just a nice picture.

Of yours truly.

Near Davenport on the California coast last Sunday.

It was sweet.

Over and out. :-)

R.I.P: Lee Bergere

Lee Bergere (R), in character as Abe Lincoln, in the Star Trek episode "The Savage Curtain".

Via The Boston Globe (AP).

Veteran character actor Lee Bergere, who appeared in more than 200 television shows, including an original "Star Trek" episode in which he played Abraham Lincoln, has died. He was 88.

Lee Bergere
(10 April 1924 -- 31 January 2007)



Toon: Groundhog Day


Click for larger image.


Big Oil Science: Scientists Offered Cash to Dispute Climate Study

Ian Sample writes on The Guardian.co.uk:

Scientists and economists have been offered $10,000 each by a lobby group funded by one of the world's largest oil companies to undermine a major climate change report due to be published today.

Letters sent by the American Enterprise Institute (AEI), an ExxonMobil-funded thinktank with close links to the Bush administration, offered the payments for articles that emphasise the shortcomings of a report from the UN's Intergovernmental Panel on Climate Change (IPCC).

More here.

Data Privacy Bill Expected to Target Retailers, Banks

Brian Krebs writes in The Washington Post:

Data privacy is likely to be among the hottest technology issues to face Congress this year, in part due to interest from the new chairman of the House Financial Services Committee.

Panel Chairman Barney Frank (D-Mass.) said he plans to craft a bill that would exempt companies from disclosing data breaches, provided they secure the data with encryption software or other technology that would render it virtually unreadable if it fell into the wrong hands.

Frank also said he wants retailers to be held more accountable for data breaches.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Feb. 1, 2007, at least 3,084 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,480 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

False Pundits, Forbes, and Broadband

Some thought-provoking comments by Paul Kapustka, over on GigaOM:

The Wikipedia profile of Phil Kerpen, a Beltway insider and policy director for Americans for Prosperity, should be enough of a reason for us to not take him too seriously. At least not when it comes to issues pertaining to technology, network neutrality and broadband.

His politics notwithstanding, his column over on Forbes.com, Internet Super Traffic Jam, blaming network neutrality for what he thinks is a coming traffic jam is just asinine piece of drivel, which doesn’t take into account how networks are built and how technology has evolved.

More here.

Sign of Trouble for SMS Spammers

Howard Wolinsky writes in The Chicago Sun-Times:

A year ago, a Washington, D.C., marketer tried to sell Lei Shen a daily horoscope service in an unsolicited text message that popped up on her cell phone. On Wednesday, Shen shot a message back to text spammers in a federal court here, telling marketers to back off and pony up.

Shen, an information technology attorney at Mayer, Brown, Rowe & Maw in Chicago, said the calls cost only 5 cents each, but it was the principle of the thing. "I subscribed to the cellular service. I wondered how they got my phone number. It didn't seem fair. I was being charged for each message," she said.

Now Shen and about 1,000 other cellular customers are expected to collect $150 each from Distributive Networks Inc., a Washington, D.C., marketing company that sells Astromobo horoscopes, Daily Pop Gossip, Mad Love Tips and Rinstar Mobile services for cell phones. Distributive, which could not be reached for comment, agreed to pay a maximum of $150,000 in the settlement, but did not admit guilt.

More here.

U.S. DoD Issues Electronic-Warfare Doctrine

Patience Wait writes on GCN.com:

The Federation of American Scientists has posted a new publication issued by the Joint Chiefs of Staff covering joint-forces doctrine for electronic warfare.

The report [.pdf], “Joint Publication 3-13.1, Electronic Warfare,” released Jan. 25, establishes the rules for electronic-warfare planning, preparation, execution and assessment in support of joint operations across U.S. military services, and the basis for involvement in multinational operations.

As the electromagnetic spectrum gets more crowded with broadcasts from devices of every kind, from sensors to video feeds on unmanned aerial vehicles, computers to radios to wireless devices, all in support of network-centric operations, the risks to military forces from EM disruption grow significantly. This publication lays out the scope of electronic warfare and addresses the organizational responsibilities for protecting spectrum use and disrupting enemy forces’ spectrum use.

There are three main elements of electronic warfare: electronic attack, electronic protection and electronic-warfare support.

More here.

MySpace 'Superworm' Creator Sentenced to Probation, Community Service

Dan Kaplan writes on SC Magazine Online:

The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking.

Samy Kamkar, who was 19 when he unleashed the attack on MySpace.com in October 2005, was sentenced to three years of probation and ordered to perform 90 days of community service, according to a MySpace statement released Wednesday.

Kamkar also must pay an undisclosed amount of restitution to MySpace, and he is banned from accessing the internet for personal reasons for an unknown amount of time, according to the statement.

Kamkar, using a programming technique known as Asynchronous JavaScript and XML (AJAX) that permitted browsers to execute malicious code, was able to circumvent MySpace’s strong JavaScript filters. The infection spread like wildfire, adding one million "friends" to Kamkar’s profile within several hours, in addition to placing the string "but most of all, Samy is my hero" on each of his victims’ profiles.

More here.

BT Buys Mountain View's INS

Via The Silicon Valley/San Jose Business Journal.

British Telecommunications PLC agreed to acquire International Network Services Inc., a provider of IT consulting and software products.

Financial terms of the deal were not announced. Reuters quoted unnamed sources who placed the value of the agreement between London-based BT and Mountain View-based INS at about $193 million.

More here.

Acronym of the Day: Scott Adams

SHAAHs: Self-important, Humorless, Autofellating, Ass Hats.

Scott Adams, we love you.

U.S. Senators Press FCC Chairman on Telecom Merger Conditions

An AP newswire article, via SiliconValley.com, reports that:

The nation's chief communications regulator on Thursday defended a public statement in which he said he wouldn't enforce some conditions imposed on AT&T Corp. as a condition of approving its buyout of BellSouth Corp.

FCC Chairman Kevin Martin was challenged on his statement during a hearing before the Senate Commerce Committee. Chairman Daniel Inouye, D-Hawaii, characterized Martin's Dec. 29 statement as meaning he "did not intend to stand by the deal that was reached.'' If Martin disagreed with the settlement, Inouye asked, "do you think you had an obligation to withhold your vote?''

The $86 billion AT&T-BellSouth Deal was approved that day on a 4-0 vote that was the result of extensive negotiations among the two companies and the commission's Republican and Democratic members.

Martin's statement, which was also signed by Commissioner Deborah Taylor Tate, stated that some of the negotiated conditions were "discriminatory and run contrary to commission policy and precedent.''

More here.

Massachusetts Workers Comp Data Stolen

Via The Boston Globe.

A former state contractor allegedly accessed a workers' compensation database to steal personal information and fraudulently obtain credit, the Department of Industrial Accidents announced today.

The agency said up to 1,200 people who had submitted workers' compensation claims to the state -- and their Social Security numbers -- may have been compromised, although officials have evidence that only three people had their personal information used improperly.

The worker, who was not immediately identified, was fired, arrested and charged with identity fraud. Law enforcement officials notified the agency of the alleged breach.

More here.

(Props, Pogo Was Right.)

Homeland Stupidity: Mooninite Attack on Boston Fails

Image source: LiveJournal.com


Michale Hampton writes on Homeland Stupidity:

On Wednesday, an Earth crybaby whose brain is messed up spotted Ignignokt and Err in Boston — and called the police.

Over the past several weeks Cartoon Network, to promote their television show Aqua Teen Hunger Force, placed boards with LED renditions of the mooninites across ten cities. This would have been fine, except for the person who saw one of them attached to a girder above a busway near the Sullivan Square T station.

That subway station and Interstate 93 above it were closed for over two hours as police moved in to “neutralize the threat.”

More here.

See also: this.

NIST Sends IPv6 Profile Out for Comment

Jason Miller writes on GCN.com:

The IP Version 6 standards for testing and profiling that exist in the Defense Department and in industry fall short of the needs of the civilian federal agencies, the National Institute of Standards and Technology found in a draft special publication sent to the CIO Council yesterday for comment.

In SP 500-267 [.pdf], "A Profile for IPv6 in the U.S. Government – Version 1.0", NIST said the current standards “are not well suited in content, nor governance, for the perceived requirements of the [U.S. Government] as a whole.”

Agencies, in the short term, should look to a distinct profile and testing program, while in the long term, NIST recommends that government and industry agree on technical and process requirements.

More here.

SWIFT: European Bank Urges U.S. to Clarify Snooping Activity

Helena Spongenberg and Renata Goldirova write on EUobserver:

The European Central Bank (ECB) has called on the EU and the US to urgently clarify the line between data protection and fighting terrorism, saying there is currently no alternative to the SWIFT money transfer system where the US has received personal information on EU citizens since 2001.

In a letter to MEPs on Wednesday (31 January), the ECB president Jean-Claude Trichet said "the ECB has investigated possible alternatives to using SWIFT services and has had to conclude that at this stage no feasible alternatives are available."

More here.

Windows Vista Upgrade Decison Flowchart


Enjoy.

(Kudos, Brian Briggs.)

Cisco-Apple iPhone Lawsuit On Hold

Antone Gonsalves writes on InformationWeek:

Apple and Cisco Systems are back at the bargaining table to try to settle differences over the use of the name iPhone.

The networking equipment market leader filed suit against the iPod/Mac maker last month, claiming Apple infringed on Cisco's iPhone trademark. The suit was filed in federal court in Northern California one day after Apple unveiled its iPhone, a combination cellular phone-music player, at the Macworld conference in San Francisco.

In a joint statement released late Wednesday, the two companies said they had agreed to extend the time Apple has to respond to the suit "to allow for discussions between the companies with the aim of reaching agreement on trademark rights and interoperability."

More here.

California Police Arrest 'Mid-Level' Software Pirate

Jeremy Kirk writes on InfoWorld:

California police arrested a man on Tuesday who allegedly sold illegally copied Microsoft and Adobe Systems software on the Internet for seven years, netting him an estimated $750,000.

Gad Zamir, 64, of Menifee, California, was arrested after an eight-month investigation, said the Computer and Technology Crime High-Tech Response Team of the Riverside County Sheriff's Department.

More here.

Dictatorships Get to Grips With Web 2.0

Via Reporters sans Frontières.

A decade ago, regime opponents in Vietnam or Tunisia were still printing leaflets in their basements and handing them out to fellow militants at clandestine meetings. Independent newspapers were no more than a few hastily-stapled photocopies distributed secretly.

These days,“subversive” or “counter-revolutionary” material goes on the Internet and political dissidents and journalists have become “cyber-dissidents” and “online journalists.” Most of them know how to create a blog, organise a chat group, make phone calls through a computer and use a proxy to get round censorship.

More here.

Quote of the Day: Mike Masnick

"If there's real demand for more capacity, there will be business models to support it, whether or not network neutrality is in place."

- Mike Masnick, writing over on techdirt.com.

In Memoriam: The Crew of The Space Shuttle Columbia (STS-107)

The crew of STS-107.
Image source: Wikipedia.



You are not forgotten.


Wednesday, January 31, 2007

New Technorati Borked Message?



Maybe. Maybe not.

Big Shocker: Survey: U.S. Workplace Not Family-Oriented

An AP newswire article, via MSNBC, reports that:

The United States lags far behind virtually all wealthy countries with regard to family-oriented workplace policies such as maternity leave, paid sick days and support for breast-feeding, a new study by Harvard and McGill University researchers says.

The new data comes as politicians and lobbyists wrangle over whether to scale back the existing federal law providing unpaid family leaves or to push new legislation allowing paid leaves.

The study, officially being issued Thursday, says workplace policies for families in the United States are weaker than those of all high-income countries and many middle- and low-income countries. Notably, it says the U.S. is one of only five countries out of 173 in the survey that does not guarantee some form of paid maternity leave; the others are Lesotho, Liberia, Swaziland and Papua New Guinea.

More here.

Picture of the Day: Retarded Photoshop of the Shocking Finger

Image source: FanTent.com


Christ. Is this what things have really come to? :-)

Via FanTent.com.

Did you spot the difference? Both images came from The Boston Channel, but other sources are either carrying the edited version or creating their own. It looks like the media was so embarrassed by the Mooninite’s middle finger that they went through the trouble of making their own version.

More here.

(Props, Boing Boing.)

Change to Daylight Savings Time May Require a Leap of Faith This Year

Charles Babington writes in The Washington Post:

It seemed so simple and familiar: Spring forward, fall back. For 20 years, that's what Americans -- and their technology -- have done with their clocks on the first Sunday in April and the last Sunday in October.

No longer. When few people were paying attention in August 2005, Congress lengthened daylight saving time by four weeks in the name of energy efficiency.

The change takes effect this year -- on March 11 -- and it has angered airlines, delighted candy makers and sent thousands of technicians scrambling to make sure countless automated systems switch their clocks at the right moment. Unless changed by one method or another, many systems will remain programmed to read the calendar and start daylight saving time on its old date in April, not its new one in March.

More here.

Dutch Botnet Hackers Sentenced to Time Served

Joris Evers writes on C|Net News:

A Dutch court on Tuesday sentenced two hackers to prison for breaking into millions of computers worldwide and using the hijacked systems in online crimes.

The lead perpetrator was sentenced to two years in prison and the accomplice to 18 months, the Dutch public prosecution service said in a statement. Part of each sentence is probationary. In both cases the sentences equal the time the two young men have already served, meaning they don't have to spend any more time in prison.

In addition to the prison sentences, the court ordered the main hacker to pay a 9,000 euro ($11,700) fine, while the second hacker was ordered to pay 4,000 euros ($5,200). In keeping with Dutch court custom, the hackers were not identified.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Jan. 31, 2007, at least 3,083 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,476 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Off Topic, But Damned Funny: Jon Stewart Explains the Scooter Libby Trial

Image source: crooksandliars.com / Comedy Central

Via Crooks and Liars.

Given the complex set of facts (and obfuscations) surrounding the Valerie Plame leak case, Jon Stewart and The Daily Show team break it down in an easy to understand manner.

Watch here. Enjoy!

Frames Trip Up IE7 Phishing Filter

Nate Mook writes on BetaNews:

A feature dating back to the Internet's HTML 3.0 era is causing problems for Internet Explorer 7, forcing Microsoft to issue an update for Windows Vista just one day after its public launch.

Web sites using frames causes IE7's phishing filter to evaluate the page multiple times simultaneously, leading to high CPU usage.

More here.

DHS Rated Worst of Federal Agencies by Employees

Annie Jacobsen writes on The Aviation Nation:

It’s official. According to 10,400 Department of Homeland Security (DHS) employees, the agency tasked with protecting The Homeland offers the least amount of job satisfaction of any federal agency. The survey, conducted by the government’s Office of Personnel Management (OPM), asked federal employees various questions about measures of job satisfaction and agency performance. The results were released yesterday. In an email to all DHS employees, Chief Operating Officer Michael Jackson said of his agency’s failing marks, “What you said shows that DHS is not where any of us wants to be.”

Where DHS is — measured alongside 36 federal agencies surveyed — is at the bottom of the federal barrel. Low morale hardly breeds stellar performance and the only thing more appalling than these results is Jackson’s observation that, “on the whole, it is not significantly changed since OPM’s 2004 employee survey.” Also in his email, Jackson wrote, “Secretary Chertoff and I discussed these results with concern.” A better word choice might have been “alarm.”

More here.

Kenyan Police 'Hack al Qaeda Laptop'

A UPI newswire article, via The Middle East Times, reports that:

Kenyan authorities say they have cracked the password on a laptop computer belonging to one of the most wanted Al Qaeda suspects in Africa.

A report by the Kenyan newspaper, The Daily Nation, on its Web site Monday quoted anonymous "senior police sources" as saying that the computer "contained vital information on terrorism training and intelligence collection, including spying."

The report gave no further details, but said the computer was seized from the wife of Faisal Abdullah Mohammed - indicted by federal prosecutors for his role in the Al Qaeda truck bombings of two US embassies in East Africa in August, 1998.

More here.

(Props, Counter-Terrorism Blog.)

Josh Wolf: Longest Jailed Journalist In U.S. History

Blogger & Photo Journalist Josh Wolf.

Via NBC11.com.

A freelance journalist who has been in prison for more than five months for refusing to give a videotape to a grand jury lost a renewed bid for release Tuesday.

Josh Wolf, 24, will have been jailed for civil contempt of court longer than any other journalist in U.S. history as of Feb. 6.

In a motion filed in San Francisco last week, Wolf asked U.S. District Judge William Alsup to release him from the Federal Correctional Institution in Dublin on the grounds that he will never comply with the grand jury's request, no matter how long he is confined.

More here.

Background here, here, here, here, here, and here.

In-Q-Tel Signs Agreement for Massive Storage Arrays

Michael Hardy writes on FCW.com:

In-Q-Tel, an investment firm that works in conjunction with the CIA, has signed a business development agreement with Copan Systems, a company that develops data storage technology.

Copan uses a technology called massive array of idle disks (MAID) to store what is known as persistent data, or data that must be stored but is not needed frequently. MAID systems activate only when the data is needed rather than being available at all times, reducing the power and cooling needs for a data center.

More here.

Fight Brewing Over 'Fast-Tracking' Real ID

Image source: UnRealID.com

Alice Lipowicz writes on GCN.com:

As Maine and other states dig in their heels against the Real ID Act of 2005, Rep. Tom Davis, R-Va., called on the Homeland Security Department to move forward quickly to show how the program should be implemented.

“The department's leadership in the coming weeks is crucial to the success or failure of the Real ID program,” Davis said in a Jan. 31 statement to the press.

Davis was responding to the Maine State Legislature’s approval last week of a resolution asking Congress to repeal the Real ID Act. Maine lawmakers called it an unfunded mandate that will cost the state millions.

Several other states, including Montana, are expected to approve similar bills rejecting the Real ID Act due to concerns about the expense and possible loss of privacy.

More here.

AT&T Says it Double-Billed Several Thousand Customers

Matt Hamblen writes on ComputerWorld:

AT&T Inc. double-billed a few thousand cellular customers for two days in mid-January because of a computer problem related to customers paying their bills directly from their checking accounts, a spokesman said yesterday.

The computer problem was repaired after the glitch was discovered; it should not recur, according to a spokesman for AT&T. No details about the nature of the problem would be revealed, he said.

"It was an isolated problem and was remedied," the spokesman said. The double billing occurred on Jan. 16 and 17, and customers' accounts are being refunded the amount they were overcharged.

More here.

Google Can't Use 'Gmail' Name in Europe

Nate Anderson writes on ARS Technica:

Google's Gmail trademark just suffered a severe blow in Europe as the Office for Harmonization in the Internal Market has ruled against the search giant's use of the Gmail name there, according to the man who opposed the mark.

Daniel Giersch, a German-born 32-year old entrepreneur, has just announced that his company received a positive ruling last week from the Harmonization Office supporting his claim that "Gmail" and his own "G-mail" are confusingly similar. G-mail is a German service that provides a "gmail.de" email address, but also allows for a sort of "hybrid mail" system in which documents can be sent electronically, printed out by the company, and delivered in paper format to local addresses.

More here.

Quote of the Day: Michael Hampton

"You still think your personal information is safe in the hands of the government? Think again. Every time they come up with a way to keep your information secure, they also come up with a more creative — or more stupid — way to lose it. And now, the government can lose your personal information even if you never gave it to them."

- Michael Hampton, writing on his blog "Homeland Stupidity".

U.S. Government Earns a 'D' in Cybersecurity

Grant Gross writes on InfoWorld:

The Cyber Security Industry Alliance has given the U.S. government D grades on its cybersecurity efforts in 2006, and renewed its call for the U.S. Congress to pass a comprehensive data protection law in 2007.

The CSIA, a trade group representing cybersecurity vendors, gave the U.S. government D grades in three areas: security of sensitive information, security and reliability of critical infrastructure, and federal government information assurance.

"Government needs to take these issues very seriously," said Liz Gasster, the CSIA's acting executive director and general counsel.

More here.

Viruses Hit Minnesota State Court Network

Shannon Prather and Leslie Brooks Suzukamo write on TwinCities.com:

A pair of computer viruses — designed to allow unauthorized access for hackers — attacked the Minnesota judicial system's computer network, shutting down one of its case-management systems over the weekend.

Court officials say the viruses failed to open up a "back door" for hackers because they immediately crashed the case-management system they infected.

"No one took control of the network. No personal information was accessed," said state court spokesman Kyle Christopherson. "It ended up being an inconvenience more than anything else."

But the viruses did temporarily knock out the case-management system for 13 counties, including Ramsey, Anoka, Dakota and Washington. The case-management system stores a registry of actions for criminal and civil cases filed in Minnesota.

More here.

(Props, Flying Hamster.)

Sowing the Seeds of Surveillance

Jennifer Granick writes on Wired News:

Technology has an almost irresistible lure. When we build systems for surveillance, experience teaches that we will inevitably use them for purposes other than those for which they were originally designed.

Last weekend, the Stanford Technology Law Review held a symposium on the Fourth Amendment, at which participants asked whether traditional conceptions of constitutional privacy are adequate when modern technology tracks personal information in entirely new ways.

One of the major issues discussed at the symposium was, of course, terrorism. The threat of terrorism brings new urgency to debates over surveillance, and makes increased surveillance and control seem justified. There are many reasons why this choice between security and privacy is a false one, but I want to explore how law and technology, once adopted for counterterrorism purposes, morph into other uses.

More here.

Tracking the Russian Scammers

Kim Zetter writes on Wired News:

Dmitry Ivanovich Golubov, a 22-year-old Ukrainian who went by the nickname "Script," was considered one of the godfathers of Eastern European carding rings. As one of the leaders of CarderPlanet, authorities say Golubov facilitated the theft and international trading of millions of credit and debit card numbers that resulted in multimillion-dollar losses to banks and merchants over several years.

So when Ukrainian police finally nabbed Golubov in the summer of 2005 it was a coup, representing the culmination of dogged investigative work by U.S. Postal Inspector Greg Crabb and other law enforcement officials in the United States.

"Golubov was such a high-profile target," Crabb told Wired News. "The Secret Service, FBI and myself were working Golubov in different districts over the United States trying to get some inroads into where he was coming from."

But achieving the arrest wasn't easy. While U.S. authorities collared numerous small-time crooks in the United States who used the stolen card numbers that Golubov's ring distributed, efforts to nab Golubov himself proved futile for three years, due to indifference from Ukrainian authorities.

More here.

31 January 1606: Happy Death Day, Guy Fawkes

Image from "V For Vendetta" in which the central character wears a Guy Fawkes mask.


Via Wikipedia.

Guy Fawkes (13 April 1570 – 31 January 1606), also known as Guido Fawkes, was an English soldier and member of a group of Roman Catholics who attempted to carry out the Gunpowder Plot on 5 November 1605.

The Gunpowder Plot was a plan to assassinate the Protestant King James I (James VI of Scotland) and the members of both houses of the Parliament of England, by blowing up Westminster Palace during the formal opening session of the 1605 Parliament, in which the king addressed a joint assembly of both the House of Lords and the House of Commons.

Guy Fawkes was in large part responsible for the later stages of the plan's execution. His activities were detected before the plan's completion, and following a severe interrogation involving the use of torture and a trial in Westminster Hall by Judge John Popham, he and his co-conspirators were executed for treason and attempted murder. Guy Fawkes' failure (or the attempt) is remembered by Guy Fawkes Night (also known as Bonfire Night or Fireworks Night) on 5 November.

More here.

Toon: SOTU Rapture


Click for larger image.


Tuesday, January 30, 2007

SES New Skies Satellite Destroyed as Rocket Explodes on Liftoff

An AP newswire article, via MSNBC, reports that:

A rocket carrying a commercial communications satellite exploded Tuesday during launch from an oceangoing platform in the equatorial Pacific.

“There was an explosion as we were lifting off,” said Paula Korn, a spokeswoman for Sea Launch Co., which was launching The Boeing Co.-built NSS-8 satellite for Netherlands-based SES New Skies.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Jan. 30, 2007, at least 3,080 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,475 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Comcast Files Appeal Over FCC Ruling on Set-Top Boxes

A Dow Jones/AP newswire article, via SiliconValley.com, reports that:

Comcast Corp. on Tuesday filed an appeal with the Federal Communications Commission over its decision to force the cable company to abide by new regulations regarding set-top boxes.

The industry regulator rejected Comcast's request for a waiver from the rules in January. At the time, the company immediately announced its intention to appeal the decision. Now, Philadelphia-based Comcast is asking the five politically appointed commissioners at the FCC to vote on the issue rather than for it to be decided by agency staff.

More here.

UK Considers Deploying X-Ray Scanners on Street to Search Pedestrians

Via The BBC.

X-ray cameras that would "undress" passers-by in a bid to thwart terrorists concealing weapons, could be coming to a street near you, according to reports. Aside from the obvious privacy issues, would such a plan work?

Leaked documents said to have been drawn up by the Home Office and seen by the Sun newspaper say cameras which can see through clothes could be built into lamp posts to "trap terror suspects".

While Home Secretary John Reid has denied knowledge of the plans, the technology is not dissimilar to that already found in some UK airports. Currently, air security officials pick out individuals to stand in a booth while three pictures are taken of the person in slightly different positions.

Within seconds, an X-ray scanner produces an image of the body, minus the clothes. What shows up is the naked human form and anything that may be concealed on the person, such as coins, a gun or drugs.

More here.

Toon: The New Surveillance, Same as The Old Surveillance


Click for larger image.


Bush Administration in Hot Seat Over Warming

Via MSNBC.

The Democratic-controlled Congress on Tuesday stepped up its pressure on President Bush’s global warming strategy, hearing allegations of new political pressure on government scientists to downplay the threat of global warming.

Lawmakers received survey results of federal scientists that showed 46 percent felt pressure to eliminate the words “climate change,” “global warming” or similar terms from communications about their work.

The scientists also reported 435 instances of political interference in their work over the past five years.

More here.

Note: Pointers to two recent articles regarding this issue can be here and here.

Upgrade to Vista, Lose Your XP Key?

Via Gizmodo.

Microsoft has set a lot of restrictions on Vista, but if this latest one holds true, it could mean the difference between upgrading or not for some people.

Apparently if you buy an upgrade version of Windows Vista for your XP machine, Windows Vista will invalidate your XP key (so you won't be able to set up a dual-boot option nor will you be able to use that version of XP on another machine).

Not only that, but if you ever uninstall Vista, you won't be able to fall back on your copy of XP anymore.

More here.

Vonage's E911 Bill: $500,000

Paul Kapustka writes on GigaOm:

In an arrangement that does not admit guilt of any kind, VoIP provider Vonage1 nevertheless has agreed to pay Texas2 and five other states3 a total of $500,000 to settle deceptive trade-practices lawsuits brought against the company in 2005. The lawsuits were spurred by highly publicized incidents4 where Vonage users who dialed 911 didn’t get directly connected to emergency operators.

To its credit, Vonage turned the situation (which included follow-on action from the FCC requiring VoIP operators5 to beef up 911 services) into a positive, using the controversy to get better access6 to 911 infrastructure. The company also spent extensively to improve its own emergency operations, claiming Monday that 94 percent of its lines7 now have E911 service.

More here.

ACLU Fights Back in Wiretap Court Case

Via UPI.

The American Civil Liberties Union says it will present arguments this week in a lawsuit against U.S. warrantless wiretapping.

A federal appeals court in Cincinnati Wednesday will listen to arguments presented in the ACLU's lawsuit against the National Security Agency on the warrantless wiretapping issue, the ACLU said in a statement.

More here.

California: Romania Link Seen in ID Theft Arrests

Art Campos writes in The Sacramento Bee:

A Sacramento man accused of running an Internet-based credit-card fraud ring with more than 1,000 victims has been linked with two kingpins of an international fraud operation based in Romania, Placer County sheriff's detectives said Monday.

Tien Trong Nguyen, 29, who was arrested Friday, allegedly bought the victims' personal information from the unidentified Romanian scam artists and used the data to print phony credit and gift cards, detectives said.

Nguyen then sold the cards to a local gang of thieves that ran up fraudulent purchases of at least $400,000 from local stores, mostly Wal-Marts, said Placer Detective Jim Hudson.

More here.

Bush Directive Increases Sway on Regulation

Robert Pear writes in The New York Times:

President Bush has signed a directive that gives the White House much greater control over the rules and policy statements that the government develops to protect public health, safety, the environment, civil rights and privacy.

In an executive order published last week in the Federal Register, Mr. Bush said that each agency must have a regulatory policy office run by a political appointee, to supervise the development of rules and documents providing guidance to regulated industries. The White House will thus have a gatekeeper in each agency to analyze the costs and the benefits of new rules and to make sure the agencies carry out the president’s priorities.

This strengthens the hand of the White House in shaping rules that have, in the past, often been generated by civil servants and scientific experts. It suggests that the administration still has ways to exert its power after the takeover of Congress by the Democrats.

More here.

Off Topic: Ohio Poll Workers Convicted of Rigging 2004 Recount

Michael Hampton writes on Homeland Stupidity:

Two Ohio election officials were convicted last week of rigging a recount of the 2004 presidential election results.

Cuyahoga County election officials Jacqueline Maiden and Kathleen Dreamer were each convicted of one count of negligent misconduct of an elections employee, a felony, and one count of failure of elections employees to perform their duty, a misdemeanor. The two still work for the county elections board.

Election procedure for a recount in Ohio called for counting three percent of the county’s ballots by hand and by machine, and if they matched, to recount all of the rest of the ballots by machine. But if they did not match, then the entire county’s ballots must be hand-counted.

Maiden and Dreamer decided to take an illegal shortcut, however, to avoid a recount of all the ballots.

That’s right, instead of picking the ballots at random as they were supposed to, they picked specific ballots they knew wouldn’t cause any trouble and trigger a hand recount of every ballot.

More here.

This exact event was covered in the HBO Documentary, "Hacking Democracy".

Sony Finally Settles with FTC on Rootkit Fracas

Paul F. Roberts writes on InfoWorld:

More than two years after a security researcher first called attention to Sony BMG's use of a stealth program to enforce digital rights management on its music CDs, the company reached a deal with the U.S. Federal Trade Commission over the incident, the FTC announced on Tuesday.

In a deal that was approved by a 5-0 vote by the FTC, Sony agreed to clearly disclose limitations on consumers' use of its music CDs and promised not to collect information for marketing or install software without consumers consent, the FTC said. The company also agreed to reimburse consumers up to $150 for computers damaged by the program, the FTC said.

The settlement marks an end to a long and embarrassing incident for the company, which began when Mark Russinovich, an expert on Windows security of WinTernals Software, now part of Microsoft, published the results of his investigation into a rootkit that had infiltrated his Windows machine.

More here.

'How Notre Dame put my SSN on the Internet'

Simson Garfinkel writes on Technology Review:

Last week I got a letter in the mail from the Mendoza College of Business at the University of Notre Dame. Apparently, the school had put information about me, including my social-security number (SSN) and demographic information, on the Internet. "We have no evidence to date that this information was used inappropriately," the school wrote, but I might want to take "prudent ... precautions" by periodically checking my credit report with the three major bureaus.

What's so infuriating about this is that I never had anything to do with the University of Notre Dame.

More here.

(Props, Flying Hamster.)

'I Was a Cybercrook for the FBI'

In Part One of a Three-Part series, Kim Zetter writes over on Wired News:

By the time David Thomas eased his Cadillac into the parking lot of an office complex in Issaquah, Washington, he already suspected the police were on to him.

An empty Crown Victoria in one of the parking spaces confirmed it. "That's heat right there," he told his two passengers -- 29-year-old girlfriend Bridget Trevino, and his crime partner Kim Marvin Taylor, a balding, middle-aged master of fake identities he'd met on the internet.

It was November 2002, and Thomas, then a 44-year-old Texan, was in Washington to collect more than $30,000 in merchandise that a Ukrainian known as "Big Buyer" ordered from Outpost.com with stolen credit card numbers. His job was to collect the goods from a mail drop, fence them on eBay and wire the money to Russia, pocketing 40 percent of the take before moving to another city to repeat the scam.

But things didn't go as planned.

More here.

Psychic WHOIS


Bret Fausett:

You've got to try the latest tool from the Domain Tools folks.

It's called Psychic WHOIS. I could play with it all day.

Props, Bret.

FBI Turns to Broad New Wiretap Method - UPDATE

Declan McCullagh writes on C|Net News:

The FBI appears to have adopted an invasive Internet surveillance technique that collects far more data on innocent Americans than previously has been disclosed.

Instead of recording only what a particular suspect is doing, agents conducting investigations appear to be assembling the activities of thousands of Internet users at a time into massive databases, according to current and former officials. That database can subsequently be queried for names, e-mail addresses or keywords.

Such a technique is broader and potentially more intrusive than the FBI's Carnivore surveillance system, later renamed DCS1000. It raises concerns similar to those stirred by widespread Internet monitoring that the National Security Agency is said to have done, according to documents that have surfaced in one federal lawsuit, and may stretch the bounds of what's legally permissible.

Call it the vacuum-cleaner approach.

More here.

UPDATE: 22:26 PST: Declan says that the Department of Justice has taken issue with their earlier report. See more here.

South Korean Programmers Arrested for Spam Blast

A Reuters newswire article, via C|Net News, reports that:

Two South Korean computer programmers have been arrested on suspicion of sending out 1.6 billion spam e-mail messages in violation of the country's commerce laws, police said on Tuesday.

The two men, one aged 20 and the other 26, are suspected of sending out the unsolicited e-mail messages between September and December last year in what police describe as one of the biggest spam blasts in the country's history.

The two are suspected of obtaining personal and financial data from 12,000 South Koreans who responded to their spam messages. The pair then sold information on those people to lending services firms in return for 100 million won ($106,400), police said.

More here.

Virtual Goods Face an eBay Embargo

Margaret Kane writes on C|Net Blogma:

Just scored an awesome sword on World of Warcraft? Forget about selling it for a quick buck on eBay.

That's because the online auction site has decided to remove listings for most virtual goods and real estate. The ban affects auctions for characters, currency, weapons, and attire from games including Warcraft and City of Heroes. The one striking exception: The ban specifically exempts sales tied to Second Life, a virtual world that revolves around a functioning economy.

More here.

Mr. Washington, Dude Extraordinaire

Portrait of General George Washington in the Scottish Parliament Portrait Archives.
Image source: www.scottish.parliament.uk


Quinn Norton writes on 27B Stroke 6:

Randall Munroe, of the excellent web comic xkcd, has re-written President Washington's farewell address, published in 1796 in contemporary language. The themes still seem highly relevant, especially in Munroe's accessible language. These days, bumping into the writings of founding fathers often seems powerfully prescient; they were strikingly smart guys.

As Munroe says in his post: "Wow. That was fun, depressing, inspiring, and a little bit spooky."

Mr. Washington, take it away.

More here.

Monday, January 29, 2007

Vermont State Computer Hacked, Thousands at Risk

Via WCAX.com.

A state computer containing the names, Social Security Numbers and bank account information for 70,000 Vermonters has been hacked into in an automated computer attack that puts their personal information at risk for misuse, the state said Monday.

Human Services Secretary Cynthia LaWare said there is no indication the information has been used illicitly, but she said it was possible.

The state is planning to send letters to the affected individuals Tuesday and Wednesday urging them to monitor their bank accounts. It is also offering to pay for credit monitoring.

The Human Services computer was used as a tool to track noncustodial parents who owe back child support. The state and a number of banks exchanged financial information on the computer, which was taken out of service in early December after technicians discovered what they thought was a computer virus.

It remains off-line, officials said.

More here.

(Props, Pogo Was Right.)

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Jan. 29, 2007, at least 3,084 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,466 died as a result of hostile action, according to the military's numbers.

The AP count is 19 higher than the Defense Department's tally, last updated Monday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.