Saturday, March 03, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, March 3, 2007, at least 3,168 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,547 died as a result of hostile action, according to the military's numbers.

The AP count is eight higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

New TLD Added Yesterday: .TEL

Via ICANN.

Yesterday .TEL was added to the root zone, becoming the 15th gTLD under contract with ICANN on the Internet. Congratulations to Telnic on this achievement.

More here.

Online Search for Registry Ends in a Wrong Turn

Megan Tench writes in The Boston Globe:

When a customer tried to renew her driver's license online, and Googled the Registry of Motor Vehicles, a website appeared, asking for her name, e-mail address, and credit card number.

But instead of renewing her license, she was charged a $10 fee for simply using the site.

Registry officials issued a warning to the public yesterday that if they paid up on such a website, they had been scammed.

Officials uncovered the online ploy Thursday when the customer called the Registry, asserting that she paid $10 to be directed to the RMV website, only to find out that due to personal circumstances she could not renew her license online, said Anne L. Collins, the department's registrar.

But when that complaint surfaced, officials did not know what the customer was talking about, Collins said.

More here.

WordPress Distribution Compromised, Update Released

Via Netcraft.

A recent distribution of the popular blogging software WordPress was compromised during a server intrusion, the development team said late Friday. All WordPress users who have downloaded and installed version 2.1.1 are urged to immediately upgrade to version 2.1.2. Earlier versions of Wordpress are not affected.

"This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress," developer Matt Mullenweg wrote on the Wordpress blog. "The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened. It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. ... They modified two files in WP to include code that would allow for remote PHP execution."

The compromised code was distributed through the wordpress.org site for 3 to 4 days before the issue was detected. "Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous," said Mullenweg. "If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. ... If you are a web host or network administrator, block access to 'theme.php' and 'feed.php', and any query string with 'ix=' or 'iz=' in it."

More here.

Internet-Taught Militants are New Singapore Security Threat?

An AFP newswire article, via PhysOrg.com, reports that:

A breed of "self-radicalised individuals" who absorbed militant ideas through the Internet have emerged as a new security threat to the city-state, Singapore's interior minister said in remarks published Saturday.

Minister for Home Affairs Wong Kan Seng said the government has investigated "a few" Singaporeans who have been influenced by radical Islamic ideas they read from the Internet, local media quoted him as saying in parliament on Friday.

More here.

Friday, March 02, 2007

Police Try MySpace to Nab Bank Robber

An AP newswire article, via SFGate.com, reports that:

A brazen bank robber with nothing but a baseball cap and dark sunglasses hiding his face is one of the latest members of the social-networking Web site MySpace, and he wants to meet "more bank tellers so that I can continue my crime spree!!!"

Even though MySpace is popular with teenagers, Fort Smith police Sgt. Jarrard Copeland created the profile Friday hoping someone will recognize the man estimated to be about 60 and suspected in four bank robberies across Arkansas.

"We figure that might be one way to get this photo outside of the market," he said.

Amid a backdrop of $100 bills and a song "Citizens on Patrol" from the movie "Police Academy," the profile displays several photos from a Feb. 22 robbery at a U.S. Bank branch in Alma in which the suspect wore a blue jacket with "FBI" lettering on the left front and a blue ball cap.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, March 2, 2007, at least 3,165 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,547 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Telco Customers at Risk for Online Privacy Breach

A NetworkWorld article by Jim Duffy, via ComputerWorld, reports that:

Telcos conducting business online need to buck up customer privacy even as their ability to communicate improves.

Those are the findings of the Customer Respect Group (CRG), a research and consulting firm focused on how corporations treat their online customers. The group this week released findings from its First Quarter 2007 Online Customer Respect Study of the Telecommunications Industry.

The study found that telecommunications companies overall are slipping --- especially compared to retail and other high-tech industries -- when it comes to addressing consumers' privacy concerns.

More here.

Real ID to Actually Become Real in 2010

Image source: UnReal ID.com

Tim Conneally writes on BetaNews:

US Department of Homeland Security Secretary Michael Chertoff announced today that states will be given an additional two years past the original May 11, 2008 deadline to comply with the directives of the controversial Real ID Act.

Originally enacted into law in 2005, the Act contains many contentious directives, such as state agencies scanning of personal documents into a nationally-accessible database, giving a uniform appearance to each state's personal IDs, and implementing RFID tagging.

More here.

See also: UnReal ID.com

Gapingvoid: Cube of Destiny

Via gapingvoid.com. Enjoy!

Inside Wall Street's Computer Meltdown

Brian Braiker writes on Newsweek.com:

Were the computer glitches that exacerbated the downward trajectory of the market Tuesday illustrative of the dark side—the Achilles heel—of the markets' move toward more electronic trading? Or were they bumps along the learning curve—"growing pains," as one trader described them—that will ultimately lead to smoother trading?

"On Tuesday at around 2 p.m., the market's extraordinarily heavy trading volume caused a delay in our trading system," explains a spokesperson for Dow Jones & Co., the media company that manages the index of 30 blue-chip stocks. For 70 minutes, a slow data feed to the Dow Jones industrial average (DJIA) calculator meant that traders were working off a slightly outdated set of numbers.

When the error was caught, the system was switched to a backup server that immediately readjusted the figures—sending numbers across the board into a free-fall plunge of 178 points in a single minute.

More here.

Apple: Write Down Your Passwords

Joris Evers writes on the C|Net Security Blog:

Apple advises Mac users to write down their passwords, just in case they have forgotten them when they are needed.

On its Mac 101 Web site, Apple offers a document called the "My Mac Cheat Sheet" [.pdf]. The document has spaces for the Mac users to not just record their Mac OS X related user names and passwords, but also login credentials for e-mail accounts, Internet access accounts and routers.

Now, you might think that Apple has gone bonkers. Actually, it has not. Writing down your password on a sticky note and attaching that to your computer monitor or the bottom of a keyboard isn't smart, but jotting down the information and storing it in a safe place can be helpful.

More here.

'Embarrassed' Gun Suspect Sues Microsoft After FBI Finds Sex Videos On His PC

Paul McDougall writes on InformationWeek:

A man awaiting trial for alleged gun crimes is suing Microsoft for privacy violations after FBI agents seized his home computer during a raid and found files containing sexually explicit videos of him and his girlfriend and evidence that he frequented pornographic Web sites.

Michael Alan Crooker, currently in jail in Connecticut, says security features advertised by Microsoft and its business partners should have kept federal agents from accessing the files on his PC. In court papers filed this week in Massachusetts Superior Court, Crooker says he "suffered great embarrassment" as a result of Microsoft's failure to keep the FBI's prying eyes off his computer.

He is suing the software maker for $200,000 in compensatory and punitive damages.

More here.

Analysts: Outlook Grim for Microsoft Online Business

Elizabeth Montalbano writes on InfoWorld:

Despite its CEO's claims that Microsoft eventually will trump Google to be number one in online search revenue, the company's online business is "massively underperforming" against the competition, according to a leading financial analyst.

On a conference call Friday, Heather Bellini, an analyst with UBS Investment Research, said Microsoft is actually losing ground against competitors Google and Yahoo in online search revenue and the frequency of search queries that leverage its Windows Live Search engine.

More here.

How Far Has 'Vladuz' Hacked into eBay?

Bob Sullivan writes on The Red Tape Chronicles:

There is no disputing that a hacker who goes by the name Vladuz has at the very least become a public nuisance to eBay. But some observers think the hacks Vladuz has pulled off reveal a much deeper problem at the auction giant.

Vladuz claims to have broken into eBay’s computers, imperiling the integrity of auction site’s entire system of buying and selling. And the hacker has provided some evidence, last week posting messages to eBay's Web site while posing as employees of the site.

Vladuz demonstrated the hack by posting notes on the customer service bulletin board using the same bold pink background used by actual eBay employees.

More here.

Japanese Researchers Store Data in Bacterial DNA


Ian Williams writes on vnunet.com:

Scientists at a Japanese university have developed a way of using bacterial DNA to store data almost indefinitely.

Researchers from the Keio University Institute for Advanced Biosciences and Keio University Shonan Fujisawa Campus in Tokyo have succeeded in creating an artificial DNA containing the data to be preserved.

Each artificial DNA strand can hold up to 100 bits of data and is preserved by making multiple copies of the DNA and inserting the original as well as the identical copies into the bacterial genome sequence.

It is these copies that work as back-ups of the data to counteract natural degradation.

More here.

British Porn Domain Mastermind is Fighting U.S. Government

Via OUT-LAW.com.

The British man behind the proposed .xxx internet domain believes that the US Government has intervened to thwart his plans. Stuart Lawley is fighting a court battle to retrieve the documents he says would prove his case.

Lawley made dotcom millions with web design and hosting firm Oneview.net which was floated then sold before the first internet crash, and has bank rolled the seven-year proposal to have a top level domain for pornography.

His firm ICM Registry was awarded the right to operate the domain but contractual wrangling is more about the conservative Bush administration's connections to the religious right than they are about the contract itself, Lawley told technology podcast OUT-LAW Radio.

"We were hoping to sign our contract which was a standard contract that most other registries have, until the United States Government intervened," said Lawley, who lives in Florida. "They had been lobbied very heavily by the Christian conservative groups here in the United States."

Lawley says that the US Department of Commerce's view of the proposal changed, which filtered down to ICANN. He said that he obtained some government documents under freedom of information legislation outlining parts of his case but that crucial elements were redacted, which means they were blanked out.

More here.

Picture of the Day: Paranoia




Props to Bruce Schneier (hat-tip, Valdis).

Worm Attacks Media Outlets Across the U.S.

Quote by Yours Truly in this article...

Steve Alexander writes in the Star Tribune:

At least a dozen media outlets across the country, including the Star Tribune and the St. Paul Pioneer Press, were hit this week with malicious software that tries to turn personal computers into an army of zombies to spread spam or to attack websites. Turner Broadcasting, owner of cable news channel CNN, was also affected.

However, information technology experts said the malicious software wasn't intended to disrupt the news so much as it was designed to take over PCs for illegal purposes. It also seemed to be a direct attack on antivirus firm Symantec Corp., whose software failed to stop the attack at the Star Tribune.

The malicious software, called Rinbot, disrupted Internet use and e-mail operations at most of the outlets.

More here.

Also: Another article on this in InformationWeek here.

Justice Department Takes Aim at Image-Sharing Sites

Declan McCullagh writes on C|Net News:

The Bush administration has accelerated its Internet surveillance push by proposing that Web sites must keep records of who uploads photographs or videos in case police determine the content is illegal and choose to investigate, CNET News.com has learned.

That proposal surfaced Wednesday in a private meeting during which U.S. Department of Justice officials, including Assistant Attorney General Rachel Brand, tried to convince industry representatives such as AOL and Comcast that data retention would be valuable in investigating terrorism, child pornography and other crimes. The discussions were described to News.com by several people who attended the meeting.

More here.

Thursday, March 01, 2007

Plug Pulled on Ground Zero Webcam

An AP newswire article, via Yahoo! News, reports that:

The view of ground zero just got a little smaller. The agency that oversaw the redesign of the World Trade Center site on Thursday stopped posting on its Web site hourly images from a camera pointed at ground zero.

The agency introduced the Web camera less than a year ago, saying it wanted to show progress in rebuilding more than four years after the 2001 terrorist attacks. Construction of the Sept. 11 memorial had just begun last March, but the site is much busier today.

More here.

ISPs Fear SAFETY Act Data Retention Requirements

Beth Pariseau writes for SearchStorage:

Privacy advocates aren't the only ones up in arms over a bill currently being debated in Congress that would require Internet service providers (ISP) to retain records on subscribers.

ISPs themselves are saying the bill contains no clear guidelines for records retention methods or archiving periods for data, and said they are growing nervous about the storage and data management costs that might result if the bill becomes law.

More here.

(Props, Flying Hamster.)

FCC Rules That Rural Carriers Must Connect Internet Calls

A Bloomberg News article by Molly Peterson, via The Washington Post, reports that:

Rural telephone companies must allow carriers such as Verizon Communications to use local lines to connect Internet-based calls, U.S. regulators said yesterday [Thursday, 1 March 2007].

The Federal Communications Commission ruling, in granting a petition filed by Time Warner Cable, "will enhance consumers' choice for phone service by making clear that cable and other [Internet phone] providers must be . . . allowed to put calls through to other phone networks," FCC Chairman Kevin J. Martin said in an e-mailed statement.

AT&T and Verizon, the two biggest U.S. phone companies, supported Time Warner Cable's petition.

The FCC order overrides rulings by state regulators in South Carolina and Nebraska that barred certain carriers from connecting calls using voice-over-Internet protocol, or VOIP, to traditional local phone lines. The South Carolina regulators said Verizon had no right to route Internet-based phone calls through lines owned by rural-phone companies as part of a wholesale service it sells to Time Warner Cable, a unit of Time Warner Inc.

More here.

Bizarre Virus Threatens to Kill File-Sharers


Via TorrentFreak.

A strange virus which taunts file-sharers and threatens to report them to the police and even kill them, is being distributed on the Winny network.

The virus has two variants Troj/Pirlames-A and Troj/Pirlames-B, masquerades as a screensaver and attacks files with these popular extensions - EXE, BAT, CMD, INI, ASP, HTM, HTML, PHP, CLASS, JAVA, DBX, EML, MBX, TBB, WAB, HLP, TXT, MP3, XLS, LOG, BMP - overwriting them with images of comic book character Ayu Tsukimiya.

It’s reported that one of the images, which includes a song about fish-shaped pancakes stuffed with jam, has a telephone number included although it’s unclear to whom the number belongs.

Another exclaims “This is a visit from the prevalent Piro virus! Stop P2P! If you don’t i’ll tell the police!” while another threatens “Ah, I see you are using P2P again……if you don’t stop within 0.5 seconds, i’m going to kill you!”

More here.

Hack Attack Forces Texas A&M To Change 96,000 Passwords

Sharon Gaudin writes on InformationWeek:

Texas A&M University is forcing 96,000 students, faculty, and staff to change their passwords after a hacker attempted a network break-in.

The university, which is in College Station, Texas, issued an advisory on Wednesday alerting the campus that a hacker tried to break into electronic files containing encrypted passwords to some university accounts. The attack did not affect financial, payroll, or student administrative systems, the school said.

However, to mitigate the risk, university officials are issuing a mandate that all of the users of the school's computer system change their NetID passwords. NetID is a login credential used in many school systems.

More here.

Wednesday, February 28, 2007

In Passing: Arthur M. Schlesinger Jr.

Arthur Meier Schlesinger, Jr.
October 15, 1917 - February 27, 2007

Vendors Object to DISA's $12B Encore II Award

Florence Olsen writes on Washington Technology:

Three losing bidders have protested the Defense Information Systems Agency’s 10-year, $12.2 billion Encore II large-business contract, which it awarded late last month. All three vendors — Computer Sciences Corp., Unisys and Northrop Grumman — were on DISA’s Encore I contract, but they failed to win a place on the follow-on contract.

The companies filed their protests Feb. 20 with the Government Accountability Office. Public versions of the CSC and Unisys protests state that DISA failed to evaluate the bids properly. Northrop Grumman has not made public a version of its protest claims.

More here.

XO Communications: Late to MPLS Party

Jim Duffy writes on NetworkWorld:

XO Communications this week launched a network-based Layer 3 MPLS IP VPN service for enterprises looking to connect offices, customers and partners, and converge voice, video and data applications over a single IP infrastructure.

The service is available in 75 metropolitan markets across the United States and supports a range of access options – from T-1 through OC-X and Ethernet – as well as four classes of service. XO is offering CoS at a flat rate, company officials say, meaning customers can have any class of service utilize up to the full available bandwidth without incurring additional charges.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Feb. 28, 2007, at least 3,162 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,545 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Not Blocked by The Great Firewall of China -- Yet


A pretty cool little test to see if your URL is visible (or blocked) from inside the Red Curtain.

(Props, Dissent.)

Lawmakers Chide VA Over Data Security

An AP newswire article by Ben Evans, via The Boston Globe, reports that:

Veterans Affairs officials faced a fresh round of bipartisan criticism over data security Wednesday after auditors told a congressional committee that gaping holes persist and agency officials said they still don't know how a recent breach happened.

The department's inspector general's office told the House Veterans Affairs oversight subcommittee that even after a series of lapses in the past year, most VA data remains unencrypted and the department still doesn't know how many portable computers and hard drives are in use or what information is stored on them.

More here.

DHS Confirms Real ID Act Regulations Coming; States Rebel

Image source: UnReal ID


Renee Boucher Ferguson writes on eWeek:

Events at the state and federal level are converging around the Real ID Act, as a spokesperson from the Department of Homeland Security confirmed Feb. 28 that regulations outlining technology mandates could be handed down as early as March 1.

At the same time, as many as 38 states, under a coalition formed by Missouri Representative Jim Guest, have confirmed that they will rebel against the act through legislation in their own states.

More here.

Massachusetts Man Accused of Defrauding Cisco of Millions

Via The Silicon Valley/San Jose Business Journal.

A Massachusetts man is charged with defrauding Cisco Systems Inc. of millions of dollars worth of computer networking equipment.

Michael A. Daly, 53, was arrested Tuesday during a search at his business, Data Resources Group, in Salisbury, Mass., where officers seized computer equipment, documents, and other evidence.

According to the U.S. Attorney's Office, from about July 2003 to the present, Daly used "numerous false identities" and fraudulently arranged for San Jose-based Cisco to send him replacement parts.

Investigators said Daly received and sold the parts, spending at least some of the illegal proceeds on classic automobiles.

More here.

Quote of the Day: Joe@techdirt

"This is Boston after all, and this type of reaction is becoming very common. And if it turns out that the box was just for monitoring traffic, will transportation officials face fines and possible jail time for placing a hoax device in public?"

- Joe, writing on techdirt.com that the Boston Police have blown up yet another non-threat -- a traffic metering box.

Online Dating in Pyongyang? Surely Not

Via The Economist.

Kim Jong Il, North Korea's dictator, has interests in modern technology beyond his dabbling in nuclear weaponry. In 2000 he famously asked Madeleine Albright, then America's secretary of state, for her e-mail address. Mr Kim believes there are three kinds of fool in the 21st century: smokers, the tone-deaf and the computer-illiterate.

One of his young compatriots is certainly no fool. “Officially, our computers are mainly for educational and scientific purposes,” he says, before claiming: “Chatting on our web, I also met my girlfriend.”

More here.

L.A. Men Arrested, Accused of Scheme to Steal Card Data

An AP newswire article, via The Mercury News, reports that:

Four California men were arrested in what police said was a scheme to switch checkout-lane credit card readers at Stop & Shop supermarkets to steal customers' numbers and passwords.

The men are accused of removing or trying to remove PIN pads from at least six stores in Rhode Island and Massachusetts and replacing them with alternate machines that would be used to record shoppers' debit or credit card information, authorities said Tuesday. Later, the men would come back and replace the original keypads, police said.

The men were arrested Monday night, when police said they were attempting to switch keypads at a store in Coventry (Rhode Island). A store security officer called police after employees noticed one suspect trying to remove a keypad while two others were trying to distract store workers.

More here.

RIAA Sends Colleges a P2P Heads Up

Roy Mark writes on internetnews.com:

In a new legal campaign launched today against illegal peer-to-peer (P2P) file sharing, the Recording Industry Association of America (RIAA) is offering college and university students a chance to settle before they get sued.

On behalf of the major music labels, the RIAA sent 400 "pre-litigation" settlement letters to 13 different colleges and universities. Each letter informs the school of a forthcoming copyright infringement lawsuit against one of its students or personnel.

The RIAA wants the schools to forward the letters to their students. Each letter offers a student a "discounted rate" to settle copyright infringement charges. The RIAA wouldn't disclose what the discount is, but the group is effectively giving students a chance to settle before it sues them.

More here.

Japan, Russia to Link Telecommunications Networks

Martyn Williams writes on CIO.com:

Japan and Russia plan to link their telecommunications networks via a new undersea fiber optic cable, they said late Tuesday. The cable, which is expected to be in place by the end of this year, avoids the area south of Taiwan in which many cables suffered damage after a powerful earthquake last year.

The Hokkaido-Sakhalin Cable System (HSCS) will, as its name suggests, connect Ishikari on Hokkaido, which is the northernmost of Japan’s main islands, to Nevelsk, in Russia’s Sakhalin.

A memorandum of understanding to build the cable was signed on Tuesday in Tokyo by Japan’s NTT Communications and Russia’s TransTeleCom.

More here.

UK: Police Limit e-Crime Probes

Tom Young writes on Computing (UK):

Local police are imposing a threshold value below which e-crimes are not investigated, according to UK businesses who regularly report offences.

Lack of technical knowledge and investigation tools means police are setting informal financial limits, it emerged last week.

Garreth Griffith, head of trust and safety at eBay UK, told a House of Lords Science and Technology Committee on Personal Internet Security that many crimes go unreported as a result.

More here.

Disturbing Picture of the Day: Cyborg Rats

Image source: Danger Room


Via Danger Room:

The cyborg flying rats are nasty, sure. But China isn't the only country looking to bend animals to their will. And pigeons aren't the only critters being controlled.

More here.

Black Hat: Cybercops Drowning in Data - UPDATE

Joris Evers writes on C|Net News:

Cyberinvestigators are nearly drowning in the massive amounts of digital data seized from criminal suspects, a government official said Wednesday.

As digital evidence increases in importance, authorities seize anything that can hold data. This includes computers, CDs, USB keys, MP3 players, cell phones and game consoles, Jim Christy, a director of the U.S. Department of Defense Cyber Crime Center, said in a presentation at the Black Hat DC Briefings & Training event here.

More here.

UPDATE: 12:47 PST: William Jackson has some additional details on this same topic over on GCN.com. Basically, the field of digital forensics is rapidly evolving, and law enforcement is simultaneously being swamped in data in an effort to collaborate criminal and civil proceedings. It's a fascinating issue.

Tuesday, February 27, 2007

AT&T Prepares to Fail Again

An AP newswire article by Bruce Meyerson, via Yahoo! News, reports that:

AT&T Inc.'s push into cable TV is ramping back up after a pause prompted by glitches that the company says have been resolved with key network software upgrades.

Over the past two weeks, AT&T resumed direct mailings and distribution of promotional "door hangers" for the new U-verse television service, the first marketing activities since those efforts were suspended starting in October.

AT&T also plans to announce on Wednesday it is introducing U-verse in parts of Milwaukee and Racine, Wis., immediately, followed by the Dallas-Fort Worth market in early March and then Kansas City later that month. Those four launches, bringing the total to 15 markets, are the first since nine cities were added at the end of December.

U-verse, delivered over a high-speed Internet connection, is crucial to AT&T's strategy to fend off cable companies now selling telephone service. The San Antonio-based company aims to keep and win customers with next-generation features melding TV sets, cell phones and computers.

More here.

Bot Infection Crashes Michigan County Computers

Eric Hjerstedt Sharp writes in The Ironwood (Michigan) Daily Globe:

A computer virus which was spread to the county's server by the State of Michigan's system is most likely the cause of the downed server, according to emergency management coordinator Jim Loeper.

Computers at the Gogebic County Sheriff's Department and at the county offices at the courthouse next door -- with the exception of the circuit court computer system -- have been down since Wednesday night due to problems with the servers caused by the virus, Loeper said.

The circuit court computer system is an independent system with a separate server, Loeper added.

Loeper was at the courthouse Sunday night with county computer technicians assessing the problem, and was not available for comment. However, Loeper did contact the Daily Globe Monday afternoon with details of the server glitch.

According to Loeper, a trojan horse virus named "w32.Rinbot.b" is the suspected virus which had infected the system, most likely from the United Kingdom.

More here.

Toon of the Day: Graffiti




Via xkcd.com.

New DHS Profiling Program Raises Privacy Concerns

Ellen Nakashima and Alec Klein write in The Washington Post:

The Department of Homeland Security is testing a data-mining program that would attempt to spot terrorists by combing vast amounts of information about average Americans, such as flight and hotel reservations. Similar to a Pentagon program killed by Congress in 2003 over concerns about civil liberties, the new program could take effect as soon as next year.

But researchers testing the system are likely to already have violated privacy laws by reviewing real information, instead of fake data, according to a source familiar with a congressional investigation into the $42.5 million program.

Bearing the unwieldy name Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE), the program is on the cutting edge of analytical technology that applies mathematical algorithms to uncover hidden relationships in data. The idea is to troll a vast sea of information, including audio and visual, and extract suspicious people, places and other elements based on their links and behavioral patterns.

The privacy violation, described in a Government Accountability Office report that is due out soon, was one of three by separate government data mining programs, according to the GAO. "Undoubtedly there are likely to be more," GAO Comptroller David M. Walker said in a recent congressional hearing.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Feb. 27, 2007, at least 3,161 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,543 died as a result of hostile action, according to the military's numbers.

The AP count is six higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Computer Glitch Contributed to Dow's Rapid Fall Today

An AP newswire article, via MSNBC, reports that:

When the Dow Jones industrial average plunged to its low of the session Tuesday, it happened with incredible swiftness — a matter of seconds — because of a computer glitch that kept some trades from being immediately reflected in the index of 30 blue chip stocks.

Dow Jones & Co., the media company which manages the flagship index, said around 2 p.m — just two hours before the New York Stock Exchange was to close — it was discovered computers were not properly calculating trades. The company blamed the problem on the record volume at the NYSE, and switched to a backup computer.

The result was a massive swoon in the index that happened in the seconds it took Dow Jones to switch to its secondary computers.

More here.

FTPWelt Operators Receive Suspended Prison Terms

Via heise Security News.

Yesterday, on only the second day of the eight days originally scheduled for it, the FTPWelt criminal trial at the District Court in Mühlhausen came to an end. The brothers Daniel and Thomas R. were found guilty by the 6th Major Economic Crime Division of the court as principals of having founded and operated the illegale Warez download platform. According to the court's opinion the lawyer Bernhard S. had merely aided and abetted the running of the platform. Mr. S. has consistently denied knowing about the content offered on the website.

Daniel R., who is now 22 years of age, was given a suspended prison sentence of 23 months. In addition he has been ordered by the court to perform 120 hours of unpaid charitable work and pay a fine of 6,000 euros. In fixing his sentence the court decided to apply the provisions of the German criminal law relating to young offenders. Not so in the case of the now 32-year-old Thomas R.: He was given a suspended prison sentence of 16 months, but on top of that was ordered to pay a fine of 70,000 euros. With a suspended prison sentence of 10 months Bernhard S., the lawyer who had been an adviser to the brothers, can be thought to have got off lightly. The fine imposed on him by the court is 90,000 euros, which like the other fines will as ordered by the court end up in the coffers of charitable organizations. The court specified the offenses committed as violations of copyright on a commercial scale. The charge of distribution of pornographic material was apparently dropped.

More here.

Hack of the Day: Prankster Tricks Swiss Newspaper Into Running Fake Gucci Ad

Image source: AdFreak.com


Via Boing Boing.

This guy created a fake ad for Gucci using a photo of himself, and asked the Swiss weekly SonntagsZeitung to run it, which it did. He also told the paper to send the $50,000 bill to Gucci, which it did.

Now the paper is trying to find the guy, which it can't.

More here.

Security Flap Over Support ActiveX Controls Bug

John Leyden writes on The Register:

Flaws in an ActiveX component incorporated in many technical support support packages create a risk of hacking attacks, security watchers warn.

SupportSoft's ActiveX controls are subject to multiple buffer overflow vulnerabilities, which create a means for hackers to inject malware onto vulnerable systems. The controls are used by internet service providers (ISPs) and PC manufacturers for remote assistance and other technical support functions, creating a large pool of potentially vulnerable users. Exploitation would involve tricking users into visiting maliciously constructed websites featuring ActiveX controls that take advantage of SupportSoft's vulnerabilities.

More here.

Comcast Challenges FCC's Ownership Limits

Eric Bangeman writes on ARS Technica:

Comcast has decided to challenge the Federal Communications Commission's "unofficial" cap on cable system ownership. In a filing earlier this month, Comcast criticized the FCC's 30 percent horizontal ownership cap, saying that limits on how many subscribers a given cable operator can service are no longer necessary.

In 1992, the FCC tweaked its cable-ownership regulations in response to a law passed by Congress. Concerned that cable networks would have too few distribution outlets if there was insufficient competition among cable providers, the FCC ruled that a cable company could serve no more than 30 percent of homes passed by cable companies in the US. Later that decade, the FCC changed its measurement metric, deciding to drop the homes-passed measurement and decreeing that no single cable operator could serve over 30 percent of all cable subscribers in the US.

The FCC's limit was challenged in court, and in 2001, a federal court overturned the limit and directed the FCC to come up with a new set of metrics. Instead of coming up with new criteria, however, the FCC has continued to enforce the 30 percent limit for mergers.

Comcast is hit hardest by the FCC's rules, as its 26.2 million subscribers account for just over 28 percent of the 96.8 million US residents with cable or satellite TV service.

More here.

Quote of the Day: Bruce Schneier

"This trend should greatly concern citizens. Law enforcement should be a government function, and privatizing it puts us all at risk."

- Bruce Schneier, writing on the trend of more private companies becoming involved in law enforcement in the U.S.

No Jail Time For Online Dating Hacker

A Newsday article, via The Los Angeles Times, reports that:

By promising to join the military, a former Long Island police officer avoided jail time and probation Monday for hacking into his ex-girlfriend's online dating account and setting up dates for her with men she didn't know.

Michael Valentine, 29, was charged in April with 197 counts, including stalking, computer tampering and harassment. He pleaded guilty in June to two misdemeanor charges of unauthorized use of a computer.

Prosecutors said Valentine sought revenge against a former girlfriend by logging into her Match.com account, assuming her identity and contacting 70 men. Some of the men showed up at the woman's house for dates arranged by Valentine.

More here.

Man Believed to be Using Laptop Killed in Crash

An AP newswire article, via The Los Angeles Times, reports that:

A man who authorities say appeared to be driving while using his laptop computer died Monday when his car crossed into oncoming traffic and collided with a Hummer.

California Highway Patrol officers found the victim's computer still running and plugged into the cigarette lighter of his 1991 Honda Accord.

The 28-year-old victim was a computer tutor in Chico, Calif. The Sutter County coroner's office was withholding his identity until his family could be notified.

More here.

EFF Lawsuit Seeks Release of Secret Court Orders on Electronic Surveillance

Via The EFF.

The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice today, demanding records about secret new court orders that supposedly authorize the government's highly controversial electronic surveillance program that intercepts and analyzes millions of Americans' communications.

When press reports forced the White House to acknowledge the program in December of 2005, the administration claimed that the massive program could be conducted without warrants or judicial authorization of any kind. However, in January of this year, Attorney General Alberto Gonzales announced that the Foreign Intelligence Surveillance Court (FISC) had authorized collection of some communications and that the surveillance program would now operate under its approval. EFF's suit comes after the Department of Justice failed to respond to a Freedom of Information Act (FOIA) request for records concerning the purported changes in the program.

More here.

Defense Tech: U.S. Army Building Paralysis Beam

Via Technovelgy.com.

A paralysis beam based on a 7.5 million candlepower strobe light from Peak Beam Systems is under development by the US Army.

Although details are sketchy, it appears that US government acquisition records call for Peak Systems to:

"...design and fabricate a light-based immobilisation system/deterrent device and integrate it with an unmanned aerial system. This will include any necessary medical research on frequency and amplitude modulation of high-intensity light that will cause immobilisation to all those within the beam."

The Peak Beam Systems device can apparently be pulsed with a strobe effect that has some effect on the human nervous system. The Maxa Beam shown above has quite a range, too. It can illuminate targets as far as 1.5 miles away.

More here.

Washington State Considers RFID Restrictions

K.C. Jones writes on InformationWeek:

Washington state lawmakers are considering restrictions on RFID technology.

Rep. Jeff Morris, D-Olympia, has introduced an Electronic Bill of Rights that would outlaw collection, storage, and disclosure of information gathered through radio frequency identification technology without notifying consumers. The bill states that all companies using active and passive RFID devices would have to either disable the devices or gain consumer consent. It would prohibit companies from requiring RFID tags for service or refunds. It would also prohibit people and companies from scanning or reading the devices to identify consumers without first obtaining consent.

More here.

Nixed: Black Hat Talk on RFID Access Badge Risks

What a crock...

Joris Evers writes on C|Net News:

Security researchers have canceled a talk on the flaws of RFID-equipped building access badges after receiving legal threats from a major manufacturer.

Researchers from security services firm IOActive planned to demonstrate that the commonly used identification cards can easily be duplicated, posing a serious risk to those who rely on such systems for security.

The talk, slated for Wednesday at the Black Hat DC Briefings & Training event in Arlington, Va., was canceled Tuesday after IOActive said it received legal threats from HID Global, a major seller of access control systems.

"We can't go forward with the threat of litigation hanging over our small company," Joshua Pennell, IOActive's chief executive, said in a conference call with reporters Tuesday.

An HID representative could not immediately be reached for comment.

More here.

Security Fix: Status of LexisNexis-Paris HIlton Phone Hackers

Brain Krebs writes on Security Fix:

The young men who reached notoriety for illegally accessing the cell phone of socialite Paris Hilton are now either in federal prison or headed there shortly.

Security Fix has learned the whereabouts of the hackers who pleaded guilty last fall to digitally breaking into consumer data giant LexisNexis and to stealing racy photos from Hilton's cell.

Upon their arrest last summer, each member of the hacker group faced charges of conspiracy and aggravated identity theft. The latter charge carries a minimum sentence of two years. A Florida judge waived the count of aggravated identity theft and sentenced all but one of the men to between eight and 10 months in federal prison. Additionally, he ordered them to pay more than $100,000 total to LexisNexis. All of the men will receive three years of supervised release after serving their jail terms.

More here.

Egyptian Blogger Appeals Prison Sentence

An AP newswire article by Nadia Abou El-Magd, via The Washington Post, reports that:

Lawyers filed an appeal Monday on behalf of a blogger who was sentenced to four years in prison for insulting Islam and Egypt's president.

Abdel Kareem Nabil, a former law student at the Al-Azhar University in Cairo, used his blog to advocate secularism and criticize conservative Muslims.

He accused Al-Azhar, Egypt's foremost Islamic institute, of encouraging extremism, calling it "the university of terrorism."

One of Nabil's lawyers, Rawda Ahmed, said an appeal was filed Monday and a court hearing was set for March 12.

More here.

Monday, February 26, 2007

Chinese Scientists Command Pigeons Via Remote Control


A Reuters newswire article, via CNN, reports that:

Scientists in eastern China say they have succeeded in controlling the flight of pigeons with micro electrodes planted in their brains, state media reported on Tuesday.

Scientists at the Robot Engineering Technology Research Centre at Shandong University of Science and Technology said their electrodes could command them to fly right or left or up or down, Xinhua news agency said.

More here.

Toon of the Day: Welcome to the Friendly Skies


Click for larger image.


Verizon Wireless Wins Case Against Wireless Spammer

Via Telecommunications Magazine.

Verizon Wireless today announced that it has obtained a permanent injunction and default judgment in one of its lawsuits against wireless spam, bringing the case to its conclusion.

The default judgment prohibits Specialized Programming and Marketing LLC and its owner, Charles Henderson, from sending further spam to Verizon Wireless customers and requires them to pay damages in excess of $200,000. Specialized and Henderson sent nearly 100,000 unsolicited text messages to Verizon Wireless customers offering them a prize vacation.

More here.

(Props, Flying Hamster.)

Food Safety Tech: Risks of Tainted Food Rise as Inspections Drop

An AP newswire article, via MSNBC, reports that:

The federal agency that’s been front and center in warning the public about tainted spinach and contaminated peanut butter is conducting just half the food safety inspections it did three years ago.

The cuts by the Food and Drug Administration come despite a barrage of high-profile food recalls.

“We have a food safety crisis on the horizon,” said Michael Doyle, director of the Center for Food Safety at the University of Georgia.

More here.

China's Lenovo Rumoured to be Cutting 1,000 Jobs

Via The New Zealand Herald:

Lenovo Group Ltd, the world's No 3 personal computer maker, has approved a preliminary plan to slash more than 1000 jobs to cut costs as price competition remains intense, a source close to the company said today.

The job cuts would come mostly in the United States, and while most would be layoffs, some workers would be redeployed.

The move would cost between US$50 million and US$75 million in a one-off writeoff, the source said.

More here.

Men Make Plea Deal in MySpace Extortion Case

An AP newswire article by Linda Deutsch, via The Globe and Mail, reports that:

Two young Long Island men accused of trying to extort MySpace.com by developing code to track users pleaded no contest Monday to illegal computer access in a bargain with the prosecution.

Two counts of attempted extortion and another illegal computer access count were dropped in the deal, which gave the defendants three-year probationary terms. Each had faced up to nearly four years in prison.

Shaun Harrison, 19, and Saverio Mondelli, 20, of Suffolk County, were accused of demanding $150,000 (U.S.) as a consulting fee from MySpace. The pair were offering the code as a service on their own website for $29.95 and claimed to be developing an unbreakable version.

The popular MySpace social networking site is supposed to offer anonymity, but Mr. Harrison and Mr. Mondelli were offering a means to acquire e-mail addresses and Internet protocol addresses of users, the prosecution said.

More here.

Sex.com Hijacker Pleads Poverty After Fleeing U.S.

An AP newswire article, via CBS5.com, reports that:

A man who siphoned millions of dollars from a pornography Web site and fled to Mexico cried poor Monday and asked a federal judge in San Jose to erase the $65 million he owes the rightful owner of Sex.com.

Stephen Michael Cohen was released from prison in December so he could surrender assets to Gary Kremen, the online entrepreneur who registered the domain name in 1994. But Cohen told U.S. District Court Judge James Ware that he's jobless and broke.

Cohen also claimed the court deliberately lost important documents he filed detailing his financial plight. Cohen said he's called the FBI in hopes of recovering the records.

"We're far from ending this case," the mustachioed 59-year-old said as he appeared dressed in faded jeans, a shabby sweat shirt and a ski jacket.

Ware ordered the defendant to cooperate with plaintiff's attorneys, who plan to question Cohen this week in hopes of discovering a hidden bank account, stash of jewelry or other valuable investment.

More here.

FBI Unsure if Missing Notebook PCs Contain Sensitive Data

Jana Cranmer writes on GCN.com:

The FBI has reduced notebook PC losses by 312 percent since 2002, but the bureau has failed to adequately report whether stolen computers contain classified or sensitive data, the Justice Department Office of the Inspector General said in an audit report last week.

“When losses occur, the FBI must timely report the loss, be able to identify the contents of lost laptops and determine whether the laptop is encrypted,” the bureau’s IG said in a follow-up report to a 2002 analysis. “In addition, the FBI “must investigate these losses and thefts, enter required data into the National Crime Information Center and report the losses to the DOJ as required.”

The IG’s “most troubling” discovery was “the FBI could not determine in many cases whether the lost or stolen laptop computers contained sensitive or classified information.”

More here.

SEC Sues Firm for Hacking Company News Releases

Paritosh Bansal writes for Reuters:

U.S. regulators sued an overseas company and its owner on Monday, alleging they hacked into computer systems to get corporate news releases early and traded on that information, making a profit of $2.7 million.

The Securities and Exchange Commission, in the lawsuit, accused Blue Bottle Ltd. of using the information it received to trade in securities of at least 12 U.S. companies, including AllianceBernstein Holding LP and Symantec Corp.

More here.

Cyberspace as a Combat Zone: The Phenomenon of Electronic Jihad

E. Alshech writes om MEMRI.org:

Alongside military jihad, which has been gaining momentum and extracting an ever growing price from many countries around the globe, Islamists have been developing a new form of warfare, termed "electronic jihad," which is waged on the Internet. This new form of jihad was launched in recent years and is still in its early stages of development. However, as this paper will show, Islamists are fully aware of its destructive potential, and persistently strive to realize this potential.

Electronic jihad is a phenomenon whereby mujahideen use the Internet to wage economic and ideological warfare against their enemies. Unlike other hackers, those engaged in electronic jihad are united by a common strategy and ideology which are still in a process of formation. This paper aims to present the phenomenon of electronic jihad and to characterize some of its more recent developments. It lays out the basic ideology and motivations of its perpetrators, describes, as far as possible, its various operational strategies, and assesses the short- and long-term dangers posed by this relatively new phenomenon. The paper focuses on electronic jihad waged by organized Islamist groups that mobilize large numbers of hackers around the world to attack servers and websites owned by those whom they regard as their enemies.

More here.

Is eBay Postage Stamp Racket the Net's Stickiest Scam?

This is one of the first U.S. stamps, produced in 1851 without perforations and again in 1857 with perforations. The 1851 stamp, at left, was purchased on eBay by Detocakes9 in August 2005. It was perforated to simulate a rarer 1857 stamp and marked with additional ink to hide a scrape before being resold by 8834David in February 2006 for a tidy profit.
Image source: MSNBC / George Kopecky


Mike Brunker writes on MSNBC:

It may be the stickiest scam on the Internet — a nine-year saga of deceit that has seen thousands of altered postage stamps sold to unwitting collectors on eBay and other Internet auction sites. More striking than its longevity, though, is that the mastermind has never been charged with a crime, even though his identity apparently is known to eBay security, law enforcement officials and some of the nation’s leading stamp experts.

The man believed to be behind the scheme is a longtime stamp dealer living in upstate New York. He has been investigated by law enforcement, suspended by eBay and exposed in Internet forums devoted to stamp collecting. Yet the massive operation continues to churn out philatelic fakes, burning collectors and, some say, undermining the very foundations of the hobby.

More here.

Critical JavaScript Flaw Hits Firefox

Shaun Nichols writes on vnunet.com:

Mozilla has confirmed a potentially serious flaw in its open source Firefox browser.

Developer Michal Zalewski, who uncovered the flaw, described it as " seemingly pretty nasty, and apparently easily exploitable".

The vulnerability affects current versions of Firefox for all major PC platforms, according to Zalewski's report.

The use of a certain JavaScript instruction can cause Firefox to crash, allowing an attacker complete access to a system and the ability to run malware remotely.

More here.

Note: Once again, I recommend the NoScript plug-in for Firefox.

EU Sues Germany Over Broadband Limits

An AP newswire article, via PhysOrg.com, reports that:

The European Commission said Monday it was suing Germany over a law allowing Deutsche Telekom AG to keep rivals off its high-speed Internet networks.

EU spokesman Martin Selmayr told reporters that a letter "of formal notice" was sent to Berlin after it ignored repeated warnings not to adopt legislation that could grant Deutsche Telekom a de-facto monopoly on a new broadband network.

The German parliament on Friday passed the telecommunications law, exempting Deutsche Telekom's high-speed network from regulation and demands to open up its network to competitors, at least for now.

Under legal procedures, the German government has been given 15 days to answer the legal notice issued by the commission.

More here.

Google Fights for Gmail Domain

A Reuters newswire article, via CNN/Money, reports that:

Google Inc., fighting to consolidate its trademark globally, faces an obstacle in the world's second largest Web market - China's www.Gmail.cn, which is refusing to sell its Internet address to the U.S. giant.

A legal source told Reuters on Monday that Google was trying to buy the Internet domain name www.gmail.cn, which is run by Beijing-based ISM Technologies.

More here.

Sunday, February 25, 2007

Off Topic: Mmmm, Tasty Chemicals

Image source: Damien Donck for Newsweek


Anne Underwood writes on Newsweek.com:

As Steve Ettlinger dropped down a Wyoming mine shaft, plummeting 1,600 feet in an open-mesh cage, he wondered how many other food writers had ever donned hard hats and emergency breathing equipment in pursuit of a story. But it was too late to turn back. He'd promised his editor a book tracing the ingredients in a Hostess Twinkie to their origins—and one of them was down this shaft.

At the bottom, he and his hosts climbed into an open Jeep and hurtled for 30 terrifying minutes through pitch-black tunnels. Their destination: the site where a mineral called trona—the raw ingredient of baking soda—was being clawed out of a rock face by giant machines.

More here.

Stoner Hero Lends Support to 'Guru of Ganja'

Tommy Chong


Via The Mercury News.

Comedian Tommy Chong will help raise money to defend the self-proclaimed "Guru of Ganja," who is charged with growing hundreds of marijuana plants for a dispensary.

Chong, who starred with Cheech Marin in stoner movie classics "Up in Smoke" and "Nice Dreams," will appear at a $125-per-person event for Ed Rosenthal.

Rosenthal, 62, famed for his marijuana cultivation books and the "Ask Ed" column he wrote for High Times magazine, will host the event at his Piedmont home on March 4.

"The party will celebrate how far we've come in legalizing medical marijuana as well as provide me with the money I need to fund my current trial that is defending all of our rights," Rosenthal said.

Rosenthal, who's scheduled to appear in federal court March 19, estimates his trial and related expenses could cost more than $300,000.

More here.

Windows-Based ATM Machine Hacked, Gets 'Painted'

Image source: Melissa's Adventures


Darren Murph writes on Engadget:

Although we wouldn't expect to find the latest release of Photoshop on your neighborhood ATM, it's not so far fetched to think that Paint would be left on a Windows-based ATM. We've seen a recent boost in cash machine hacking of late, and while this latest attempt doesn't siphon illegal coinage out of the slot, it does make for quite a laugh.

Joining the pitiful array of other Windows-powered mishaps, a sharp cameraphone-toting individual spotted a local ATM that had a beautifully hand-crafted Paint message on the front screen in place of the typical "Insert your card to begin transaction," and while we've already said too much about a picture that speaks a million words, be sure to click on through to see how accessing an ATM's start menu can lead to all sorts of mischievous mayhem.

More here.

Alcatel-Lucent to Cut Another 1,700 Jobs in Europe

An AP newswire article, via SiliconValley.com, reports that:

Alcatel-Lucent SA told staff representatives Friday it will eliminate more than 1,700 European jobs in addition to cuts already announced in France, a union official said.

The telecom equipment maker plans to cut a total of 12,500 jobs over three years -- or about 16 percent of the global work force -- as it seeks 1.7 billion euro ($2.2 billion) annual savings from the acquisition of New Jersey-based Lucent Technologies by France's Alcatel, completed last November.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Sunday, Feb. 25, 2007, at least 3,154 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,537 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.