Saturday, March 10, 2007

RegisterFly Update: 10 March 2007

Via the ICANN Blog.

ICANN spoke yeatserday with Kevin Medina and Mark Klein of RegisterFly.

ICANN asked for greater clarity from RegisterFly about auth-info codes and draw attention to this link to the registerfly.com auth-info codes retrieval process.

RegisterFly indicated that auth-info codes are being distributed to customers via RegsiterFly.com and customer service channels and they claimed that the site is functioning as it should to allow names to be unlocked. ICANN told RegisterFly it will run a test so we can verify that these systems are indeed functioning as advised.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, March 10, 2007, at least 3,190 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,572 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

UK: Don't Like ID Cards? Hand Over Your Passport

James Slack writes on The Daily Mail:

Anybody who objects to their personal details going on the new "Big Brother" ID cards database will be banned from having a passport.

James Hall, the official in charge of the supposedly-voluntary scheme, said the Government would allow people to opt out - but in return they must "forgo the ability" to have a travel document.

With one in every eight people saying they will refuse to sign-up, up to five million adults could effectively be refused permission to leave the country.

More here.

Chief of NSA Urges 'Action'

Siobhan Gorman writes in The Baltimore Sun:

In what he described as "a call to action," the director of the National Security Agency has urged the nation's largest intelligence agency to transform the way it carries out its mission and speed the development of new spy technology, according to an internal NSA document.

A blunt memorandum by Lt. Gen. Keith B. Alexander, the NSA's director, said the agency must totally rethink its approach to spying and fix "systemic problems" identified after the Sept. 11 attacks. With the NSA expected to face more intense scrutiny from a Congress led by Democrats, Alexander has launched an internal review to chart a new course.

More here.

Friday, March 09, 2007

Experts Rebuke Amero Ruling

Greg Smith writes in The Norwich Bulletin:

The president of a Florida computer protection software company, skeptical of the conviction of a Norwich substitute teacher in a computer porn case, says computer experts are joining to aid in her defense.

Alex Eckelberry, owner of Sunbelt Software, said he and a "forensic team of A-list players across the country" are performing a forensic technical review of the computer hard drive used in the January conviction of Julie Amero.

Amero was convicted by a jury of exposing seventh-graders at Kelly Middle School to pornographic images on her classroom computer. The case has spawned a firestorm of debate and sympathy for many who see Amero as a victim of adware, or pop-up Internet advertisements. Evidence proving the claims, however, has not been presented in a court of law.

More here.

In Remembrance: Brad Delp

Image source: www.boston.org


Bradley E. Delp
June 12, 1951 – March 9, 2007

"We just lost the nicest guy in Rock'n'Roll."


Don't Look back.



An Incovenient Truth

Al Gore in An Inconvenient Truth

So, I finally got a chance to watch An Inconvenient Truth, and I must say, it is a very, very powerful statement.

A must see.

[Trailer here.]

Personal Data on U.S. Border Soldiers Stolen

An AP newswire article, via The Tuscaloosa News, reports that:

A computer hard drive containing Social Security numbers and other personal information on nearly 1,300 California National Guard troops deployed to the U.S.-Mexico border has apparently been stolen.

The hard drive was reported missing Feb. 23 from the Guard's border mission headquarters inside San Diego Naval Base, said California National Guard spokesman Lt. Col. Jon Siepmann. It contains home addresses, birth dates and other identifying information for all soldiers serving long-term assignments on the border.

The Guard notified the soldiers Feb. 28 that their information had been compromised. It advised them to begin checking credit statements and take other protective measures.

The Guard has turned the investigation over to the Navy's Criminal Investigative Division, Siepmann said.

More here.

(Props, Data Loss Mailing List.)

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, March 9, 2007, at least 3,189 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,572 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Carriers 'Mum' on DoJ Report That FBI Abused Powers

Jim Duffy writes on NetworkWorld:

Two carriers would not discuss the U.S. Department of Justice findings that the FBI overstepped its authority in accessing private phone records in investigations of terrorism or espionage suspects under the Patriot Act.

Verizon and Qwest would not comment specifically on the matter in which a Justice Department audit released Friday determined the FBI, without a court order, improperly exercised Patriot Act powers to obtain phone, credit and Internet records of suspected terrorists and spies.

More here.

Nation's First National Computer Forensics Institute to be Located in Alabama

Via Government Technology.

Alabama Governor Bob Riley officially announced today that the nation's first National Computer Forensics Institute will be located in Hoover. Riley was joined in this announcement by U.S. Department of Homeland Security Secretary Michael Chertoff, Senator Jeff Sessions, and Congressman Spencer Bachus.

U.S. Secret Service agents will teach computer forensics and digital evidence to national, state and local law enforcement at the Center. These agents are in the field and understand the curriculum from a law enforcement perspective.

The Center is being funded though a cooperative effort by the U.S. Department of Homeland Security, the U.S. Secret Service, and state, county, and local governments.

More here.

How Lucrative is Pump-and-Dump Spam?

This is an example of some fun we have been having in the office the past few months -- watching Moriarty's "fantasy" pump-and-dump stock investments.

Ryan Naraine writes on the Zero Day Blog:

Are pump-and-dump spammers really making money from hyping penny stocks in e-mails? Paul Moriarty has the answer and it's an eyebrow-raising sight.

Over the last month, Moriarty, director of product development for Internet Content Security at Trend Micro, has been running a virtual portfolio of selling short on stocks found during spam runs. After 22 transactions in a five-week period, he has earned a whopping $25,610.

Short selling (shorting) a stock is the act of profiting from a stock price going down. A short seller will typically borrow a security and sell it, expecting that it will decrease in value so that they can buy it back at a lower price and keep the difference.

During Moriarty's research, he used data from pump-and-dump e-mails flooding into Trend Micro's spam honeypots. "As soon as I see activity on a particular stock, I'll short that and set a limit to cover after I've made 10%. In just over five weeks, I've turned a 25.6 percent profit on a $100,000 virtual portfolio. This is exactly what these spammers are doing. It's risky business but it's easy money," Moriarty said in an interview.

"I made money on every transaction," he added.

More here.

Delicious Irony of the Day: BillOReilly.com DDoS'd - UPDATE

Click for larger image.

Thanks, Alex, over at Sunbelt Software.

That made my day, in a sick & twisted kind of way.

UPDATE: 17:13 PST: Quotes from Yours Truly on this in InformationWeek.

U.S. NRO Spy Satellite May Be Total Loss

Andrea Shalal-Esa writes for Reuters:

U.S. officials are likely to declare a Lockheed Martin Corp. spy satellite a total loss after efforts to restore its ability to communicate failed repeatedly over the past three months, two defense officials told Reuters on Tuesday.

The experimental L-21 classified satellite, built for the National Reconnaissance Office (NRO) at a cost of hundreds of millions of dollars, was launched successfully on Dec. 14 but has been out of touch since reaching its low-earth orbit.

Limited data received from the satellite indicated that its on-board computer tried rebooting several times, but those efforts failed, said one official, who is knowledgeable about the program and spoke on condition of anonymity.

The satellite carried sophisticated cameras to take high-resolution pictures and test equipment intended for use on the broader Future Imagery Architecture (FIA) program, in which both Boeing Co. and Lockheed are involved.

More here.

(Props, Danger Room.)

Verizon Wins California FiOS TV Franchise

Ed Oswald writes on BetaNews:

Scoring a major victory in offering its television services to a broader segment of the population, Verizon disclosed Friday that it had been the first to gain approval for a statewide video franchise in the state of California.

The nation's largest state changed its laws last year, taking the power away from local municipalities and allowing companies to apply to the state's Public Utility Commission to offer services. It went into effect on January 1.

More here.


Will the Daylight Saving Shift Do Us Any Good?

Ned Potter writes for ABC News:

Next week, by Congressional mandate, you will probably stumble out of bed an hour early, possibly, depending on your schedule, before dawn — all in the name of saving energy.

Congress made Daylight Saving Time three weeks earlier this year, proponents arguing that the shift would reduce America's energy consumption during that period about one percent.

Will it work? Not very likely, say two young economists at the University of California at Berkeley.

More here.

Spain Smashes Paedophile Internet Ring

An AFP newswire article, via PhysOrg.com, reports that:

Spanish police said Friday they arrested 15 people after smashing a huge Internet ring of paedophiles who downloaded large quantities of child pornography.

Fourteen other people were detained and then released pending further investigation, police added in a statement. Some 100 hard discs and more than 480,000 photographs and videos were seized in the raids.

Most of those detained were described as middle class men. Police raids in nine regions followed an investigation which began in July after a tip-off by a computer user who accidentally downloaded one of the files.

Specialist investigators tracked down the group using a search tool, "Hispalis," which detects the names and addresses of people connecting to illicit child porn sites.

More here.

International Domain Names (IDNs) Succeed in Testing

David Meyer writes on C|Net News:

The Internet Corporation for Assigned Names and Numbers--the organization that administers domain names--commissioned a laboratory test of IDNs in October 2006. The test was designed to establish whether the use of encoded internationalized characters would "have any impact on the operations of the root name servers providing delegations or the iterative mode resolvers."

ICANN announced the results on Wednesday. "No impact at all could be detected," wrote tester Lars-Johan Liman. "All involved systems behaved exactly as expected."

More here.

Fewer Students Pursuing Computer Careers

An AP newswire article, via CBS News, reports that:

A life working with computers conjures up images of sitting in a cramped cubicle hunched over a computer or fiddling with wires in a dimly lit room.

In the corporate world, those people are often known as "computer monkeys."

The perception is that it's a dull life, a geeky life, a life few people want.

There is also a perception that there are few jobs available in computer-related fields, which couldn't be further from the truth, said Jeffrey Vitter, dean of the College of Science and a computer science professor at Purdue University.

More here.

UK Military Awaits Skynet Launch

Image source: BBC / Astrium


...while the rest of us await our doom.

Jonathan Amos writes for The BBC:

The British military is set to take one of its most significant steps into the digital age with the launch of the first Skynet 5 satellite.

The spacecraft will deliver secure, high-bandwidth communications for UK and "friendly" forces across the globe.

It is part of a multi-billion-pound project that will allow the Army, Royal Navy and RAF to pass much more data, faster between command centres.

The Skynet 5A platform lifts off from Kourou, French Guiana, on Saturday.

More here.

Local: Porn Presence In SF Armory A Hot Issue

Via NBC11.com.

The debate over the X-rated Web site Kink.com, now headquartered in San Francisco's historic State Armory and Arsenal building, attracted an overflow crowd Thursday.

The new owner of the armory has already started producing adult entertainment out of the massive brick structure in the Mission District.

Neighborhood opponents got their chance to express their disappointment to the city's Planning Commission, but the commissioners have previously said they're not going to lift a finger to try to force the owner to stop producing adult entertainment at the 200,000-square-foot landmark.

More here.

ICANN: .XXX TLD Issue Getting More Messy?

Milton Mueller writes on CircleID:

Just when you thought the .xxx affair couldn’t get any worse, it does. I’m beginning to think that ICANN’s approach to TLD approval was cooked up by a demented sergeant from Abu Ghraib.

On March 13, the ICANN board is set to vote - again - on whether they can approve ICM’s Registry’s application to operate a domain reserved for adult online content: .xxx. This will be the third or fourth time this has happened. I have lost count. The same thing keeps happening again and again. ICANN tells ICM registry, the company applying for the domain, something is wrong with its application and something more needs to be done to get approval.

ICM registry dutifully goes off and does what was asked. And then ICANN thinks of something else that is wrong, something else it has to do. It’s Lucy, Charlie Brown and the football, on a global scale and costing millions of dollars in money and time.

More here.

RegisterFly Update: 9 March 2007

Paul Levin writes on the ICANN Blog:

The United States District Court in New Jersey yesterday awarded Kevin Medina control of RegisterFly.com Inc. The decision resolves a dispute over ownership of the company.

The resolution of this issue does not alter RegisterFly obligations to immediately cure the breaches of the Registrar Accreditation Agreement, as noticed by ICANN.

ICANN has been advised and has confirmed that RegisterFly is aware of the issues raised by many registrants, regarding their inability to transfer their registrations away from RegisterFly to another Registrar.

ICANN has demanded that RegisterFly immediately act to provide authorization codes and has also demanded a meeting with RegisterFly (and other relevant parties that are assisting ICANN) to resolve RegisterFly’s reported failures. We will provide an update on the outcome of this meeting.

More here.

Quote of the Day: Ed Felten

"When I started out in research, I had no idea public policy would become a focus of my work. The switch wasn’t so much a conscious decision as a gradual realization that events and curiosity had led me into a new area. This kind of thing happens all the time in research: we stumble around until we reach an interesting result and then, with the benefit of hindsight, we construct a just-so story explaining why that result was natural and inevitable. If the result is really good, then the just-so story is right, in a sense — it justifies the result and it explains how we would have gotten there if only we hadn’t been so clueless at the start."

"My just-so story has me figuring out three things. (1) Policy is deep and interesting. (2) Policy affects me directly. (3) Policy and computer security are deeply connected."

- Ed Felten, writing on Freedom to Tinker.

Zango: FTC Finalizes Landmark Adware Settlement

Via The Center for Democracy and Technology (CDT).

The Federal Trade Commission today finalized its landmark settlement requiring adware distributor Zango Inc. (formerly 180solutions) to hand over $3 million and change some of its most egregious practices. The settlement bars Zango from contacting the computers of people who installed Zango software before Jan. 1, 2006.

After the proposed settlement was announced in November 2006, CDT submitted recommendations to the FTC highlighting the challenges that will come with enforcing it. In a letter to CDT, the FTC today acknowledged that it would need to remain vigilant to ensure that Zango abides by the terms of the settlement.

The commission also urged CDT to pass along any evidence of future offenses by Zango stemming from CDT's ongoing forensics work in the adware/spyware arena.

More here.

Rinbot Brings Back Old Times to County Offices - UPDATE

William Wan writes in The Washington Post:

Typewriters were dusted off, hand-held radios were tested, and Anne Arundel County employees reported having to walk between offices rather than sending e-mails yesterday after a virus led to the shutdown of more than 2,500 computers.

The fast-spreading virus infected as many as 200 county computers Wednesday, and technicians shut down the entire network for Anne Arundel offices for more than 24 hours.

The disruption left hundreds of employees without access to databases, the Internet and printers, but 911 emergency services and financial transactions such as bill payments were not affected, officials said.

By the end of the day, parts of the network were up and running. But during the two days of network shutdown, some county employees said they were forced to resort to tools and methods abandoned long ago in the name of technological progress.

More here.

UPDATE: 10:23 PST: More detail on this here in The Baltimore Sun.

Thursday, March 08, 2007

Quote of the Day: Nevada Appeal

"We're all for giving police officers the tools they need to do their jobs within the parameters of reasonableness and fair play. However, these tools must never be used to strip citizens of their inalienable rights."

- The Nevada Appeal


XKCD: A New CAPTHCA Approach




Via xkcd.com.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, March 8, 2007, at least 3,188 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,564 died as a result of hostile action, according to the military's numbers.

The AP count is 10 higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Military Base Busy Fending Off Computer Hackers

An AP newswire article, via the Akron (Ohio) Beacon Journal, reports that:

Wright-Patterson Air Force Base is in a nonstop race to stay one step ahead of hackers and keep its military computer systems clear of viruses. An average of 1,300 intrusive attempts from around the globe are made on the base's network each month.

"We see attempts from just about every country in the world that you can name, friend or foe," said Ben Striks, chief of the base's software and security division. "The diverse nature of the mission we have here at Wright-Patterson makes us an attractive target."

The base is home to numerous research programs as well as procurement offices for Air Force aircraft and weapons systems.

More here.

NHL Union Denies e-Mail Snooping

An AP newswire article, via Wired News, reports that:

NHL union chief Ted Saskin on Thursday denied monitoring player e-mails, contending predecessor Bob Goodenow ordered such actions. Goodenow denied the allegation.

Saskin's future as executive director of the NHL Players' Association could be decided Sunday night when the NHLPA confers with its executive board. The board is composed of player representatives from all 30 NHL teams and the seven-member interim executive committee.

"I plan to address the board on Sunday night, and the board will learn that Bob Goodenow had instructed NHLPA employees to review player e-mail accounts and this occurred during the lockout and I was not aware of this until much later," Saskin told The Canadian Press.

Goodenow, in a statement though lawyer Jane Milburn, said: "I am unaware of an instance where the security of a single player's e-mail or other personal information was compromised."

More here.

Google Calls On Gmail Users To Report Spam

Thomas Claburn writes on InformationWeek:

The SEC on Thursday suspended stock trading for 35 companies touted in alleged spam scams. Applauding the move, Google is urging its users to strike their own blow against spammers.

In a blog post today, Google anti-spam engineer Brad Taylor calls upon Gmail users to use the service's "Report Spam" button "early and often."

"That isn't just there to get the spammy message into the spam folder," says Taylor. "It sends valuable information back to the spam team that helps us flag messages and senders so we can keep future messages out of your and millions of other inboxes."

More here.

Report Says FBI Violated Patriot Act Guidelines - UPDATE

Brian Ross and Vic Walter report on ABC News' "The Blotter":

The FBI repeatedly failed to follow the strict guidelines of the Patriot Act when its agents took advantage of a new provision allowing the FBI to obtain phone and financial records without a court order, according to a report to be made public Friday by the Justice Department's Inspector General.

The report, in classified and unclassified versions, remains closely held, but Washington officials who have seen it tell ABC News it documents "numerous lapses" and describe it as "scathing" and "not a pretty picture for the FBI."

FBI Director Robert Mueller is scheduled to brief Congress on the report at noon.

The officials say the inspector general found the FBI underreported by at least 20 percent the use of the controversial provision, known as National Security Letters, NSLs, in required disclosures to Congress.


More here.

UPDATE: 21:07 PST: The Washington Post picks up this story in more detail here.

Hacker Taunts Americans For Letting Him Steal Their Identities

Image source: Consumerist


Ben Popkin writes on Consumerist:

A Romanian hacker posted this and 15 other people's profiles in the eBay Trust and Safety forum, taunting Americans with his identity thieving prowess. He said:

...what make the american and canadian boys at 14-15 years old ????? Eaet burgers at Mc Dolnalds and watched naked girls on internet porno webspages.... Romanian guys at 14-15 years old scam people...Is so easy to stolen your eBay account and your Paypal.....is just a funny game for us...


We have to agree with the fellow. Stop eating your cheeseburgers and watching your porno and protect your identities, fools.

More here.

'The RIAA Fights a Hopeless War'

Via p2pnet News.

In one of their worst blunders yet, the members of the Big 4 music cartel, Warner Music, EMI, Vivendi Universal and Sony BMG, have started a raging backlash in schools across America it'll be impossible to stop.

Their RIAA (Recording Industry Association of America) has lifted a page from George W. Bush's War on Terror, says an editorial in Oklahoma State University's The Daily O'Collegian.

More here.

Schneier: On Criminal Innovation and Copycats

Bruce Schneier:

The internet is filled with copycats. Green-card lawyers invented spam; now everyone does it. Other people invented phishing, pharming, spear phishing. The virus, the worm, the Trojan: It's hard to believe that these ubiquitous internet attack tactics were, until comparatively recently, tactics that no one had thought of.

Most attackers are copycats. They aren't clever enough to invent a new way to rob a convenience store, use the web to steal money, or hijack an airplane. They try the same attacks again and again, or read about a new attack in the newspaper and decide they can try it, too.

In combating threats, it makes sense to focus on copycats when there is a population of people already willing to commit the crime, who will migrate to a new tactic once it has been demonstrated to be successful. In instances where there aren't many attacks or attackers, and they're smarter -- al-Qaida-style terrorism comes to mind -- focusing on copycats is less effective because the bad guys will respond by modifying their attacks accordingly.

More here.

Toon of the Day: More Sunshine


Click for larger image.


ICANN Releases Factsheet on Root DNS Attack

Kieren McCarthy writes on the ICANN Blog:

Today ICANN posted the first [.pdf] in what we hope will be a series of factsheets that will help explain various elements of ICANN’s mission as well as wider, technical aspects of the Internet.

The aim and intention is very clear: many of the issues that affect the Internet are quite technical and as a result are not well understood. Since the Internet is of such importance, and since ICANN believes that the best decisions over the Net’s future path will derive from wide and open discussion by all interested parties, the hope is that a series of factsheets written in plain English will improve that discussion and encourage involvement.

This factsheet hopes to serve several different ends: provide some timely information on the 6 February 2007 attack on the root server system; correct some misunderstandings about the root servers; act as an information resource for future referral; explain how the Internet is protected and by whom; outline what the attack was and how and why it happened; and lastly, look forward to what can be done to help tackle such attacks in future.

More here.

Vonage Ordered to Pay Verizon $58M

An AP newswire article by Matthew Barakat, via SFGate.com, reports that:

Internet phone company Vonage must pay Verizon Communications $58 million for infringing on three patents that enable the upstart's low-cost telephone service, a jury ruled Thursday.

The judgment is far less than the $197 million that Verizon had requested, and it was more in line with what Vonage had suggested — if the Holmdel, N.J.-based company was found liable.

Still undetermined is whether Vonage will be barred from using Verizon's technology. Following the verdict, attorneys for New York-based Verizon requested a permanent injunction barring Vonage from further use of the patented technology.

A hearing on the request was scheduled for March 23 in U.S. District Court in Alexandria.

More here.

Microsoft Takes a 'Patch Tuesday' Break

Joris Evers writes on C|Net News:

Microsoft has no new security updates planned for Tuesday, despite at least five zero-day vulnerabilities that are waiting to be fixed.

In a note on its Web site Thursday, Microsoft said it won't release any security bulletins, yet it will release several updates that are not related to security. The second Tuesday of the month is Microsoft's scheduled patch release day.

More here.

eBay: More Cooperation Needed on Cybersecurity

Grant Gross writes on InfoWorld:

Banks, online merchants, and technology vendors must work together to prevent security problems like phishing attacks and data breaches, eBay President and CEO Meg Whitman said Thursday.

Whitman called on large e-mail service providers, such as Yahoo and Microsoft, to reject e-mails supposedly coming from eBay or subsidiary PayPal that do not include domain key signing authentications on them. EBay now puts the digital signatures on all the e-mail it sends, amounting to "billions" of pieces of e-mail a year, Whitman said at a Visa USA security summit in Washington, D.C.

More here.

ABC Exclusive: Confessions of an Internet 419 Scammer

Brian Ross and Joseph Rhee report on ABC News' "The Blotter":

The U.S. operative for a Nigerian Internet scam ring has turned on his one-time colleagues, providing new details of who they are and how they work, for a report to broadcast on 20/20 this Friday.

Eric Amoako, a native of Ghana, made the decision to "come clean" and end his days of crime after being caught on 20/20 undercover cameras attempting to scam a California heart surgeon.

In a remarkably frank interview, Amoako described feeling little guilt about taking more than $100,000 from Americans who fell for the Internet scams, which often depend on the gullibility and the greed of the victims.

"The greedier the person, the easier it becomes for me," Amoako said.

The scams involve a variety of instant riches: helping a famous person move illegal money, collecting inheritance money from a previously unknown relatives, setting up bank accounts or cashing checks for suspects money transfers.

More here.

'Winfixer' Mystery Slowly Unravels

Jeremy Kirk writes on InfoWorld:

A California attorney claims he has unraveled part of the mystery behind a questionable software program and is prepared to go to court.

Attorney Joseph M. Bochner filed a class-action civil suit last September in California Superior Court in Santa Clara County against two men the suit alleges are behind Winfixer, a purported security software. The lawsuit names Marc J. Cohen of Florida, and was amended last week to add James Reno of Ohio as an additional defendant, Bochner said. It seeks compensation and a halt to the distribution of Winfixer, among other remedies.

The suit was filed on behalf of Beatrice Ochoa, a mother of two who paid US$39.95 for Winfixer after it badgered her with repeated pop-up warnings that her computer had security threats. The program eventually rendered her computer's hard drive unusable, Bochner said. The suit counts another 100 anonymous victims.

More here.

Microsoft Customers Melting Down Over DST Patches

Mary Jo Foley writes on All About Microsoft:

Thousands of Microsoft customers are running into problems understanding and applying the myriad Microsoft Daylight Saving Time (DST) patches required in order to keep their Windows, Exchange Server and other systems up-to-date when DST takes effect on March 11.

Microsoft's online DST chat room — which Microsoft is currently keeping open from 6 a.m. PST to 9 p.m. PST to handle customers' questions — is full of customers who can't get their DST patches to work. Microsoft support phone lines are jammed with users with DST problems.

More here.

SEC Cracks Down on Spam-Driven Small Stocks

Karey Wutkowski writes for Reuters:

The Securities and Exchange Commission suspended trading on Thursday in the stocks of 35 small companies linked to spam e-mail campaigns urging small investors to buy shares.

The SEC said it launched an enforcement effort to protect investors from potentially fraudulent spam e-mail promoting small company stocks with phrases like, "Ready to Explode," "Ride the Bull" and "Fast Money."

"Today's action will disrupt the operations of these boiler rooms and make it harder for the spammers and promoters to dump their stock on an unsuspecting public," SEC enforcement director Linda Thomsen said at a press conference on Thursday.

The commission said in a statement that an estimated 100 million of these spam messages are sent every week, triggering dramatic spikes in share price and trading volume before the spamming stops and investors lose their money.

More here.

Fish & Wildlife Memo Seeks to Control Climate Change Discussions

Luke O'Brien writes on 27B Stroke 6:

Last week, the NYT got its hands on internal documents from the Alaskan branch of the federal Fish and Wildlife Service that appear to be orders from on high to keep a tight lid on the disclosure of any information related to global warming.

According to the documents, distributed last week, government scientists and other employees in the Arctic region should not discuss climate change, polar bears or thinning sea ice unless authorized.

More here.

Sweden Plan Would Monitor All International Communications

An AP newswire article by Matthias Karen, via The Boston Globe, reports that:

Sweden's government presented a contentious plan Thursday to allow a defense intelligence agency to monitor — without a court order — e-mail traffic and phone calls crossing the nation's borders.

The government insists only a fraction of the electronic communications will be affected, but critics worry the program, designed to combat terrorism and other threats to national security, is too far-reaching.

Their concerns resemble criticism of a U.S. surveillance program launched in 2001 that monitors international phone calls and e-mails to or from the United States involving people suspected by the government of having terrorist links.

More here.

Wife of Chinese Cyber Dissident to Sue Yahoo!

A VOA News article, via Chosun News, reports that:

The wife of a Chinese dissident jailed for publishing articles on the Internet says she plans to sue U.S.-based Internet company Yahoo for allegedly helping to put her husband in jail in China.

Speaking with VOA's Mandarin Service Wednesday after arriving in Washington, Yu Ling said Chinese police arrested her husband, Wang Xiaoning, partly because Yahoo's Hong Kong office gave Chinese authorities information about his e-mail accounts.

Yu Ling said she has come to the United States to sue the company for damages and to demand an apology.

In 2003, Wang was sentenced to 10 years in prison for publishing what China's government called "subversive" articles on the Internet.

More here.

(Props, techdirt.com.)

U.S. Hacker Sentenced to One Year's Imprisonment

Fiona Raisbeck writes on SC Magazine Online:

A US citizen who pleaded guilty to conspiring to commit computer fraud and identity theft has been sentenced to one year's imprisonment by a Florida court.

Justin A Perras was one of five co-defendants who admitted hacking into computers at information management provider LexisNexis.

He was sentenced to one year in prison, followed by three years supervised release and 100 hours of community service.

The fraudsters infected and hijacked the organisation’s computers and employed social engineering techniques to access information, including login usernames and passwords, stored in the company’s Accurint database, prosecutors said.

More here.

Beijing Launches Online Ticketing for 2008 Olympic Games


Via Reuters.

Chinese nationals and foreigners residing in China can now register to book advance tickets for the 2008 Games online after organizers launched the official ticketing Web site on Thursday.

The site (www.tickets.beijing2008.cn) announced tickets would be issued in three phases and that tickets to oversubscribed events would be allocated by random draw.

Overseas residents would be able to buy Olympic tickets from their national Olympic Committee or from designated outlets at the same price as Chinese residents, an organizing official said.

More here.

Note: Given the astounding amount of malware and website compromises that originate from China, I'd personally be very, very hesitant to use any website in China for a financial transaction. But that's just me...

Wednesday, March 07, 2007

'This Pale Blue Dot'



Via Truthdig.

This Carl Sagan tribute video really puts things in perspective.

Just remember that all war, tragedy and hatred take place on a tiny blue speck in the middle of nowhere, and we have the power to do something about it.

I really thanks the folks over at Truthdig for pointing this out.

Indeed, it truly does help put things in perspective.

Off Topic: Historians Fight Bush on Access to Papers

Patricia Cohen writes in The New York Times:

In December 1989, one month after the fall of the Berlin Wall, President George H. W. Bush and Mikhail Gorbachev met in Malta and, in the words of a Soviet spokesman, “buried the cold war at the bottom of the Mediterranean.”

The Russian transcript of that momentous summit was published in Moscow in 1993. Fourteen years later American historians are still waiting for their own government to release a transcript.

Now lawmakers and scholars are hoping to pry open the gateway to such archival documents by lifting what they say has been a major obstacle to historical research: a directive issued by the current Bush White House in 2001 that has severely slowed or prevented the release of important presidential papers.

More here.

Josh Wolf: A Videographer and a Blogger but is He a Journalist?

Josh Wolf

Howard Kurtz writes in The Washington Post:

He is being cast by some journalists as a young champion of the First Amendment, jailed for taking a lonely stand against heavy-handed federal prosecutors.

Josh Wolf, a 24-year-old blogger, has spent more than six months behind bars in California -- the longest contempt-of-court term ever served by someone in the media -- for refusing to turn over a videotape he shot of a violent San Francisco demonstration against a Group of Eight summit meeting. Unless a mediation session today can break the impasse, he will likely remain imprisoned at least until the current grand jury's term expires in July.

More here.

Microsoft Confirms OneCare Zaps Outlook, Outlook Express e-Mail

Gregg Keizer writes on ComputerWorld:

Microsoft Corp. has acknowledged that a bug in its Windows Live OneCare security suite has been causing users' e-mail to vanish from Outlook and Outlook Express.

A fix, the company said, is in the works and will be pushed to OneCare users next week.

The OneCare bug, first reported by users writing on a OneCare support message thread six weeks ago, seemed to be deleting Outlook and Outlook Express data files -- .pst and .dbx files, respectively -- after a malware scan.

More here.

Former U.S. Navy Sailor Arrested on Terror Charges

Via CNN.

A former member of the U.S. Navy was arrested Wednesday in Phoenix, Arizona, on charges of providing material support to terrorists and espionage, the Department of Justice said.

Hassan Abujihaad, formerly known as Paul R. Hall, 31, was arrested on a federal criminal complaint. He is alleged to have provided classified information to a London-based group called Azzam Publications about a U.S. Navy battle group as it traveled from California to the Persian Gulf region in 2001.

The charges were brought in Connecticut because, for a time, the Azzam Publications Web sites were hosted on servers located in Connecticut.

Two members of that group, Babar Ahmad and Syed Talha Ahsan, also face terrorism charges in the United States. Federal prosecutors have said that from 1998 to 2002, the two operated Web sites encouraging the donation of money or equipment to terrorists.

More here.

Off Topic: San Jose Gas Prices


With gas prices on the rise again, you might find this resource useful: San Jose Gas Prices.

Enjoy. Or not.

- ferg

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, March 7, 2007, at least 3,188 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,574 died as a result of hostile action, according to the military's numbers.

The AP count matches the Defense Department's tally, last updated Wednesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

ID Sniper Rifle Fires GPS Tracking Chip Into Unwitting Humans

Image source: Empire North

Wow.

Paul Miller writes over on Engadget:

It sounds too good to be true, and our source link thinks that very well might be the case, but screw physics: we want one of these. The ID Sniper Rifle from Empire North of Denmark apparently fires a GPS-microchip into an unsuspecting human target "without causing any internal damage."

Supposedly the target won't even know they've been tagged, since the shot stings about as much as a mosquito bite. It's unclear how a GPS transmitting module can be large enough to be tracked from a distance from inside a human body while failing to even hurt enough to notice, but we want to believe. In addition to firing such a gentle projectile, the rifle also zooms in on and captures a picture of the fired-upon target.

Empire North is currently courting law enforcement agencies with the gun.

More here.

Vint Cerf: YouTube Bans Don't Work

Vint Cerf, one of the founders of the intenet and now Google's Chief Internet Evangelist, pictured in Brisbane, Australia.
Image source: Tony Phillips / The Age


Stephen Hutcheon writes in TheAge.com.au:

Vint Cerf, one of the founders of the internet and now a senior executive with Google, has cast doubt on the efficacy of recent attempts to curb cyber bullying by blocking student access to video-sharing sites such as YouTube.

Interviewed in Brisbane where is he due to make his only public appearance in Australia later today, Dr Cerf said it was clear that many schoolchildren had the wherewithal to circumvent the ban.

"I believe that many young people have those skills that may be well beyond those of their parents and their teachers and will find ways of accessing information," he said in a telephone interview.

Instead, he said, students should be taught about social responsibility.

More here.

Rinbot Just Won't Go Away

Gregg Kiezer writes on ComputerWorld:

The Rinbot worm continues to pester and plague enterprises, several security organizations said, even as Symantec Corp. declared that its honeypot network had captured traffic showing that a botnet was spreading the malware.

Rinbot is an on-again, off-again threat that exploits a pair of long-patched vulnerabilities -- one in Microsoft Windows' Server Service fixed in August 2006, the other in Symantec's own Client Security and Symantec AntiVirus software, which were patched in June. Rinbot was last in the news a week ago when systems at Turner Broadcasting System, part of Time Warner and the parent of cable news channel CNN, were reportedly attacked by Rinbot. The worm is also known as Delbot.

Shirley Powell, a spokeswoman for Turner, declined to identify the exploit that hit the company's network. But she confirmed in an e-mail that "we have been hit by a virus." The impact was minimal, but "repairs are ongoing," she said.

More here.

Also: My friend & colleague, Jose Nazario over at Arbor Networks, has done an excellent write-up on Rinbot here.

Italy Tops Global Wiretap League

John Leyden writes on The Register:

Britain may have more CCTV cameras per head than anywhere else in the world but when it comes to electronic surveillance the country is way behind Italy, the Netherlands and even Sweden.

Official figures have revealed UK law enforcement agencies and other government bodies made 439,000 requests to monitor telephones and email addresses in a 15 month period between 2005 and 2006, leading to comments that Britain led the world in spying on its citizens.

More here.

Census Bureau Admits Privacy Breach

An AP newswire article by Stephen Ohlemacher, via The Seattle Post Intelligencer, reports that:

The Census Bureau inadvertently posted personal information from 302 households on a public Internet site multiple times over a five-month period, the bureau said Wednesday.

The information included names, addresses, phone numbers, birth dates and family income ranges, said Ruth Cymber, the agency's director of communications. No Social Security numbers were posted, and there is no evidence that the data was misused, Cymber said.

But, she added, posting the information violated bureau policies and federal law.

The bureau is in the process of contacting the households, located in nine states and the District of Columbia, to offer free credit-monitoring services.

More here.

(Props, Dataloss Mailing List.)

In Remembrance: Captain America

Image source: Marvel Comics

Captain America
1941 - 2007


Holy crap. They've killed off Captain America.

So much for Truth, Justice, and The American Way.

An AP newswire article, via MSNBC, reports that:

Captain America has undertaken his last mission — at least for now. The venerable superhero is killed in the issue of his namesake comic that hit stands Wednesday, the Daily News reported.

On the new edition's pages, a sniper shoots down the shield-wielding hero as he leaves a courthouse, according to the newspaper.

It ends a long run for the stars-and-stripes-wearing character, created in 1941 to incarnate patriotic feeling during World War II. Over the years, an estimated 210 million copies of "Captain America" comic books, published by New York-based Marvel Entertainment Inc., have been sold in a total of 75 countries.

More here.

Turkish Court Bans GooTube Access

Via The BBC.

Access to the popular video-sharing website YouTube has been suspended in Turkey following a court order.

The ban was imposed after prosecutors told the court that clips insulting former Turkish leader Mustafa Kemal Ataturk had appeared on the site.

According to Turkish media, there has been a "virtual war" between Greek and Turkish users of the site, with both sides posting insulting videos.

The clip prompting the ban reportedly dubbed Ataturk and Turks homosexuals.

More here.

Feds Move Against Online Trading Criminals

Asa Eslocker and Justin Rood report on ABC News' "The Blotter":

Customers of Merrill Lynch, E*Trade and other major online brokerage firms are being targeted by a ring of Eastern European cybercriminals, federal law enforcement officials tell ABC News.

The Securities and Exchange Commission said today it has moved against the ring which they believe illegally accessed trading accounts at seven top firms from computers in Russia, Latvia, Lithuania and the British Virgin Islands.

Authorities say the ring took control of customers' investments and switched them to penny stocks they controlled in order to temporarily drive up their prices, ultimately leaving the investors with portfolios that were worthless.

A federal judge yesterday evening agreed to an SEC request to freeze $3 million in an account at a U.S. branch of an Eastern European bank, which investigators say belongs to the criminals.

More here.

Tuesday, March 06, 2007

Digital Child Porn Watchdog: Too Big a Bite?

Bryan Zandberg writes on The Tyee.ca:

Last month's bust of a worldwide child porn ring was a troubling victory for child advocates and enforcement.

Although it's a major breakthrough in the fight against sexual exploitation of children, Lianne McDonald says the problem is still far more widespread than people think. She points to a study done in the United States by The National Centre for Missing and Exploited Children, which found that a single graphic sexual image of a five-year-old girl was posted to over 800,000 separate pages on the Internet in the short span of six months.

McDonald is the executive director of Project Cleanfeed Canada, a private program that aims to stamp out online child exploitation through a firewall set up in co-operation with major Canadian Internet service providers (ISPs). Following in the footsteps of Britain, this past January, Project Cleanfeed began compiling a list, which isn't released to the public, of foreign websites that host the illegal content. The filter, says McDonald, will curb both accidental and intentional viewings of child sexual exploitation.

More here.

Now Suing Yahoo! China: IFPI Continuing Its Reign of Intimidation

Via Reuters.

Music industry giants including Warner Music Group Corp. are suing Yahoo! China for alleged copyright infringement by providing links to unlicensed music, trade organization IFPI said on Wednesday.

Beijing's no. 2 Intermediate Court has accepted the case, which was filed in early January by 11 companies and seeks damages of 5.5 million yuan ($710,686), said Leong May-seey, the International Federation of the Phonographic Industry's (IFPI) Hong Kong-based regional director for Asia.

More here.

Google 'Breach' Gives California Community College a Cyberspace Lesson

Dorothy Korber and Eric Stern write in The Sacramento Bee:

A database containing sensitive information belonging to about 2,000 Los Rios community college students - such as grades and Social Security numbers - was inadvertently uploaded by Google last fall - a breach discovered last month by a student "Googling" himself.

The file has since been removed from the Internet, and Los Rios sent letters to students alerting them of the breach. But the incident shows how Internet search engines are aggressively digging into every nook and cranny of cyberspace. Computer security experts say lessons about privacy can be learned from those operating Web sites and those searching them.

More here.

The Much Needed Beer Calculator


(Hat-tip, TechCrunch.)

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, March 6, 2007, at least 3,184 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,562 died as a result of hostile action, according to the military's numbers.

The AP count is eight higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure

Thorsten Holz writes on Honeyblog:

The recent ACM Conference on Computer and Communications Security (CCS'06) had some interesting papers. One of them deals with so called Puppetnets. A puppetnet is created by malicious web sites which exploit a visiting web browser and take control of it. Similar to a botnet, these puppetnets can be used to mount DDoS attacks, reconnaissance probes, or other nefarious purposes.

Presumably the threat posed by these networks is way lower than botnets, but nevertheless they could pose a problem in the future due to the prevalance of client-side exploits.

More here.

Forrester Report Claims R&D Studies Are Biased

Thomas Claburn writes on InformationWeek:

National investments in innovation are largely wasted and technology studies confirm the political and social biases of their sponsors instead of presenting the truth.

That's the conclusion of a recent report from Forrester Research about the impact of national spending in support of innovation.

More here.

Copyright Ruling Worries Webcasters

An AP newswire article by Seth Sutel, via SFGate.com, reports that:

Internet music broadcasters worry that a new ruling could put many of them out of business by drastically increasing the royalty payments they have to make to record labels and artists.

The new rates, which are retroactive to last year, were decided on Friday by the Copyright Royalty Board, a panel of three copyright judges, and made public Tuesday on the board's Web site.

The ruling could have the greatest impact on startup companies that make their living from broadcasting music online and selling advertising to pay for it. For large radio companies like Clear Channel Communications Inc. and CBS Corp., online broadcasting still makes up a relatively small portion of their overall business.

More here.

Humor: Sometimes, The Most Obvious is Overlooked


Tim Wilson writes on Dark Reading:

Brian Contos, CTO of ArcSight Inc. and author of Enemy at the Water Cooler showed us this video during a presentation he gave last week on the convergence of physical and logical security. I laughed so hard I just had to share it with you.

In this three-minute video, a couple of Australian TV personalities show how they built an actual, Iliad-sized Trojan horse and filled it with several Greek soldiers. They then put it on a trailer and tried to get it through the gates of several "secure" locations, with hilarious results.

If you can stop laughing long enough, you may take a lesson from this: Sometimes, the most obvious attack vectors are the most likely to be overlooked.

More here.

Adobe Flaws Can Expose Data Via PDF Files

Via CBC.ca.

A flaw in Adobe Inc.'s Reader and Acrobat software could give an attacker access to information on a targeted computer, a Danish security company says.

The vulnerability in the software used to read and create Portable Document Format (PDF) files stems from a problem in the way it handles hypertext links to files from within a PDF document, Secunia ApS said in an advisory on Tuesday.

More here.

Security Expert Hacks RFID in UK Passport

Jeremy Kirk writes on ComputerWorld:

A security expert has cracked one of the U.K.'s new biometric passports, which the British government hopes will cut down on cross-border crime and illegal immigration.

The attack, which uses a common RFID (radio frequency identification) reader and customized code, siphoned data off an RFID chip from a passport in a sealed envelope, said Adam Laurie, a security consultant who has worked with RFID and Bluetooth technology. The attack would be invisible to victims, he said.

"That's the really scary thing," said Laurie, whose work was detailed in the Sunday edition of the Daily Mail newspaper. "There's no evidence of tampering. They're not going to report something has happened because they don't know."

More here.

Computer Glitch Hits Canadian Taxpayers

A Canadian Press article, via The Globe and Mail, reports that:

Many Canadians are having their patience, as well as their income, taxed by the federal government this week.

A computer glitch at the Canada Revenue Agency shut down the system that accepts online tax returns sometime Sunday night or Monday morning.

Technicians were still scrambling to fix the problem Tuesday afternoon.

More here.

ROLLING STONE's Top 25 Moments From 'South Park'


Via Rolling Stone.

South Park is perhaps the only show in TV history that gets funnier and funnier every single season. Sure, you get the occasional clunker (are we the only ones who hated that Al Gore manbearpig episode?), but the overall quality continues to be astounding. Last season alone the show managed to skewer topics as diverse as Family Guy, smug Hollywood celebrities, Richard Dawkins and Warcraft.

What makes all this especially unbelievable is that they throw together an episode in about one week. We're sure this list will generate controversy (looking through it, we admit that the first few seasons aren't very well represented), but here are our picks of the Top 25 funniest moments in South Park history.

Check'em out here.