Saturday, April 07, 2007

Toon of the Day: The Decider

Click for larger image.


Carriers Oppose Consumers Seeking Open Networks

Grant Gross writes on PC World:

Representatives of large broadband and wireless carriers have voiced opposition to a proposal from consumer groups that would impose open access and net neutrality conditions on a spectrum auction next year.

On Thursday, a coalition of consumer groups, including Public Knowledge and Consumers Union, sent a proposal to the U.S. Federal Communications Commission, calling on the agency to place conditions on upcoming auctions of valuable spectrum in the upper 700MHz band. The groups called on the FCC to limit the bidding of large broadband providers, to allow open access on half of the spectrum being auctioned and to enforce net neutrality rules prohibiting auction winners from blocking customer access to Web content or applications.

But representatives of CTIA -- The Wireless Association, representing wireless phone providers, and the Hands Off the Internet coalition, representing AT&T Inc., Alcatel-Lucent SA and other groups, said they oppose the consumer groups' plan.

More here.

Former NSA Worker In Conflict of Interest Case Gets Probation

Via The Baltimore Sun.

A former National Security Agency employee was sentenced yesterday in U.S. District Court to two years' probation for steering more than $770,000 in government contracts to companies in which he and his wife had a financial interest, federal prosecutors said.

U.S. District Judge Catherine C. Blake ordered Wayne J. Schepens, 37, of Severna Park to serve the first six months of his sentence in home detention and on electronic monitoring, the U.S. attorney's office said. The judge also fined Schepens $100,000.

Schepens, who handled contracts involving military service academies, pleaded guilty Feb. 9 to conflict of interest charges. He could have received a maximum prison sentence of five years.

Prosecutors said Schepens worked for the NSA from 1998 until he resigned July 26. They said a part of his duties at the super-secret security agency at Fort Meade included co-creating and directing a cyber defense exercise. Teams of cadets and other students competed to protect computers from teams of hackers played by NSA employees.

More here.

RIAA, MPAA Lobbies for Permission to Deceive

Dawn C. Chmielewski and Marc Lifsher write in The Los Angeles Times:

The music and movie industries are lobbying state legislators for permission to deceive when pursuing suspected pirates.

The California Senate is considering a bill that would strengthen state privacy laws by banning the use of false statements and other misleading practices to get personal information. The tactic, known as pretexting, created a firestorm of criticism when detectives hired by Hewlett-Packard Co. used it last year to obtain phone records of board members, journalists and critics.

But the Recording Industry Assn. of America and the Motion Picture Assn. of America say they sometimes need to use subterfuge as they pursue bootleggers in flea markets and on the Internet.

More here.

(Props, Consumerist.)

Identities of 40,000 Chicago Public School Teachers at Risk

Rosalind Rossi and Lisa Donovan write in The Chicago Sun-Times:

Two laptop computers containing the names and Social Security numbers of about 40,000 Chicago Public Schools teachers and administrators were stolen Friday from the district's downtown headquarters, creating the second security scare in less than six months.

Surveillance cameras picked up the possible thief walking out of CPS headquarters, 125 S. Clark, with a stolen backpack possibly holding the laptops, school officials said.

CPS was offering a $10,000 reward for information leading to the suspect's arrest or recovery of the computers.

The laptops and backpack were taken from a 13th-floor conference room where two contractors had been reviewing the history of payments to the Chicago Teachers Pension Fund, said CPS spokesman Michael Vaughn.

More here.

Also: Some noteworthy commentary over on the Chronicles of Dissent.

NAC Attack: Today's Products Will Fail, Report Says

Brian Prince writes on eWeek:

Forrester Research analysts are urging corporations to prepare for a shift in the Network Access Control market in the years to come, as NAC vendors move toward new software-based tools that leverage endpoint technology to proactively manage risk.

In a report titled "Client Management 2.0," Forrester analysts Natalie Lambert and Robert Whiteley forecast the death of modern NAC products, which they say feature too much complexity and not enough interoperability. Operations management teams want a unified solution, Lambert said in an interview with eWEEK.

More here.

7 April 1969: Happy Birthday, RFC 1

It is what it is: RFC 1

Tony Long:

1969: The publication of the first “request for comments,” or RFC, documents paves the way for the birth of the internet.

April 7 is often cited as a symbolic birth date of the net because the RFC memoranda contain research, proposals and methodologies applicable to internet technology. RFC documents provide a way for engineers and others to kick around new ideas in a public forum; sometimes, these ideas are adopted as new standards by the Internet Engineering Task Force.

More here.

Friday, April 06, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, April 6, 2007, at least 3,267 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,634 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Mother Earth Tech: Scientists Walk Out in Protest at China's Intransigence

Stephen Castle writes in The Independent (UK):

Some of the world's best-informed climate change scientists walked out of an all-night drafting session of yesterday's report on global warming, as tempers flared.

The protest, which included a prominent US scientist, took place after Chinese diplomats sought to water down a section spelling out the degree of certainty researchers attach to the impact of climate change.

During a fractious night of negotiation, China and Saudi Arabia were identified as the countries which sought most systematically to dilute the text.

More here.

Mapping Terrorists

Global Incident Map

David E. Kaplan writes on the U.S. News & World Report "Bad Guys" Blog:

Several Bad Guys readers sent us links to the Global Incident Map, a cool computer mapping project that blends RSS news feeds, Google Earth images, and other data into a compelling look at terrorist and suspicious acts worldwide. Morgan Clements, its creator, told our pals at the Danger Room that since posting his work late last year, he's been approached "by all manner of law enforcement, military, intel, government, fed contractors, and private sector organizations."

That shouldn't come as a surprise. The intelligence community has been into this stuff for a long time, trying various tech tools to maximize its collective "take." The National Geospatial Intelligence Agency (which handles the community's satellite imagery and mapping) and the National Security Agency (which handles its electronic eavesdropping) have long had joint teams trying to fuse "signals" intelligence, or SIGINT, with imagery and other "geospatial" intelligence, or GEOINT. The agencies call it "horizontal integration"–using NGA's "eyes" and NSA's "ears."

More here.

Former Morgan Stanley Employee Arrested On Data Theft Charges

Martin H. Bosworth writes on

A former Morgan Stanley client service representative was arrested and charged with stealing proprietary information relating to the brokerage firm's hedge fund clients. Ronald Peteka surrendered yesterday and was charged with conspiracy, according to the U.S. Attorney's office in New York.

Peteka is alleged to have accessed information on Morgan Stanley's hedge fund clients and the rates they pay while he worked for another company, and sending the information to his personal e-mail account several times between December 2005 and February 2006.

More here.

(Props, Flying Hamster.)

ASUStek Computer's Webpage Contributed to ANI Mayhem

Robert McMillan writes on ComputerWorld:

The Web site for computer parts manufacturer ASUStek Computer Inc. has been hacked and has been serving up attack code that exploited a critical Windows vulnerability, patched earlier this week.

The exploit is hidden in an HTML element on the front page of ASUStek's Taiwanese Web site, which then attempts to download the code from another server, according to Roger Thompson, chief technology officer with Exploit Prevention Labs Inc.

As of Friday afternoon, the server that downloaded the attack code was not operational, mitigating the risk of this attack, although attackers could easily redirect their attacks to a live server, he said.

More here.

Phishing: Peeling The Covers Off of Rock

Jose Nazario writes on the Arbor Networks Security Blog:

For the past couple of years, at least, we have been watching a sophisticated, disciplined phishing scheme targeting dozens of banks around the world. By some estimates, “Rock” is responsible for about half of all phishing in the world. Rock phishes have a pretty simple set of characteristics to them:

  • They are advertised in image spam, using junk text and a link in the image to the phishing site.
  • Each phishing site has a number of unique URLs pointing to it, each URL with minor hostname variants to confound blacklists. Each URL is spammed in limited quantities to make blocking and URL sharing harder without a lot of visibility.
  • Each phishing host just silently proxies the attack to a central phishing server to ease data collection.
  • DNS resolution of those URLs changes several times an hour.
  • Rock phish events target dozens of brands at once.
  • Rock phish URLs have a characteristics structure to them (too complex to described here).

The Rock phish kit is not publicly available, does not appear to be in use by anyone else (although some basic copycats are emerging), and has a scale far beyond any other phishing schemes. It’s not to say that people haven’t been investigating, the data is just limited and peeling back the layers is tough.

Very nice write-up, Jose!

More here.

Groklaw's Jones Confident Amid SCO Deposition Summons

Scott M. Fulton, III writes on BetaNews:

Calling her the "self-proclaimed operator of an internet website known as 'Groklaw,"' attorneys for UNIX vendor SCO Group filed a motion on Monday stating it is seeking to serve blogger Pamela Jones with a subpoena to be deposed in its intellectual property case against Linux vendor Novell. SCO also seeks to use the deposition content in its seemingly interminable case against IBM.

In its memorandum, SCO does not actually lay out a case for how Jones may have damaged the company directly, though it cites a multitude of press reports as "evidence" that the company hopes to prove is relevant, including some that allege a financial or material connection between Jones and IBM - albeit several steps removed.

More here.

Record Store Owners Blame RIAA For Destroying The Music Industry

Tony Sachs and Sal Nunziato write in a New York Times opinion piece:

The major labels wanted to kill the single. Instead they killed the album. The association wanted to kill Napster. Instead it killed the compact disc. And today it’s not just record stores that are in trouble, but the labels themselves, now belatedly embracing the Internet revolution without having quite figured out how to make it pay.

At this point, it may be too late to win back disgruntled music lovers no matter what they do. As one music industry lawyer, Ken Hertz, said recently, “The consumer’s conscience, which is all we had left, that’s gone, too.”

More here.


Pennsylvania Principal Sues Youths Over MySpace Fakes

An AP newswire article, via The Boston Globe, reports that:

A school principal sued four former students who he claims posted parody profiles saying he smoked pot, kept beer at school and liked having sex with students.

In the lawsuit, Eric W. Trosch alleged that the three profiles created in December 2005 on the social networking Web site damaged his reputation, humiliated him and hurt his earning capacity.

The profiles "went far and beyond what you would see on a bathroom wall in a school," said Trosch's attorney, John E. Quinn.

More here.

Quote of the Day: Scott Adams

"I’m so jealous of countries that have governments. How cool would that be?"

- Scott Adams, ruminating over on The Dilbert Blog.

Vigilante Hackers Threaten Cyber War on Iran?

Via Silicon Valley Sleuth.

An anonymous group of hackers -- or some sad attention seekers -- are threatening to launch a cyber attack on Iran. Hostilities are scheduled to commence at "dawn of April 06, 2007" and aim to cripple the nation's internet infrastructure.

The pending action was announced on the Full Disclosure security email list on Wednesday. There is a fairly large chance that this is a hoax or empty threats. If the group seeks to do damage, they should prefer to have the element of surprise.

More here.

(Props, Zone-H News.)

U.S. Judge Puts Halt on New Vonage Customers - UPDATE

Anne Broache writes on C|Net News:

A federal judge on Friday ordered Vonage not to accept any new customers while it continues to infringe on Verizon Communications patents covering some aspects of Internet phone calls.

In at least a temporary setback for the leading voice over Internet Protocol provider and its some 2.2 million subscribers, U.S. District Judge Claude Hilton said it was the only fair option that would minimize harm to both companies for now.

Hilton did not offer either side a chance to make additional arguments during Friday's hearing, which lasted about an hour. "You have every right to go to the court of appeals," he told Vonage's attorneys. "They might have something different to say."

More here.

UPDATE: 15:56 PDT: Declan McCullagh writes over on the C|Net VoIP Blog that "...Vonage said late Friday that a federal appeals court has temporarily lifted an injunction granted earlier in the day that prohibited the Internet phone company from adding new customers." More here.

Thursday, April 05, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, April 5, 2007, at least 3,266 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,633 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Recently Published: DoJ Computer Crime Manual

Orin Kerr writes on The Volokh Conspiracy:

The Justice Department's Computer Crime and Intellectual Property Section recently published a new manual, "Prosecuting Computer Crimes," that explains most of the federal computer crime statutes and analyzes sentencing and jurisdictional issues as well. I disagree with some of the positions adopted in the manual, but it's a very useful resource for those wanting to get started in the field.

It's also essential reading if you're a defense attorney in a federal computer crime case and you want to know what positions the government is likely to adopt.

More here.

FCC Wants More Accuracy in Cell Phone Locating

An AP newswire article by John Dunbar, via MSNBC, reports that:

People make more 911 calls from cellular telephones than landlines these days, and police and firefighters increasingly worry about finding those callers in distress.

Contrary to what is portrayed on television crime shows, the accuracy of the technology that guides rescuers to cell phone callers can range from a few yards to several miles, even though federal law requires providers to guarantee that their callers can be located in emergencies.

Aiming to improve accuracy, Federal Communications Commission Chairman Kevin Martin told The Associated Press this week that he will propose significant changes in the 911 system.

More here.

VeriSign to Increase .com, .net Domain Fees

Jeremy Kirk writes on InfoWorld:

VeriSign is planning to raise the wholesale cost of registering a .com or .net domain name in October to generate more money for infrastructure improvements, the company announced on Thursday.

The increases are the first of several VeriSign is allowed impose through 2012 under an agreement with ICANN (Internet Corporation for Assigned Names and Numbers), the overseer of the Internet's addressing system. VeriSign is the official registry for domain names ending in .com, .net, .cc, and .tv.

On Oct. 15, the wholesale price of a .com domain will go from $6 to $6.42, a 7 percent hike and the maximum annual percentage increase allowed under the March 2006 agreement with ICANN. A .net domain name will increase 10 percent, from 3.50 to $3.85.

VeriSign can't raise the price of the .com domain registrations more than 7 percent annually in four years of the six-year agreement with ICANN, which runs through 2012. However, VeriSign is allowed to raise prices for security reasons or in respect to new ICANN policies if there hasn't been a formal price increase that year.

More here.

Washington State Home Emptied After Craigslist Hoax

An AP newswire article, via The Boston Globe, reports that:

Everything including the kitchen sink was stripped from a rental home after an Internet classified ad invited people to take whatever they wanted for free.

But the landlord says the ad, posted last weekend on the craigslist Web site, was fake.

"In the ad, it said come and take what you want. Everything is free," Laurie Raye told Seattle's KING-TV.

Raye had cleaned out the rental after evicting a tenant. After the ad appeared, the property was stripped of the sink, light fixtures and the hot water heater. Even the front door and a vinyl window were pilfered, Raye said.

Neighbors said they saw strangers hauling items away, apparently looking for salvage material.

More here.

Patch Tuesday: Microsoft to Release Five Patches

Via Microsoft.

On 10 April 2007 Microsoft is planning to release:

Security Updates

  • Four Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates will require a restart.
  • One Microsoft Security Bulletin affecting Microsoft Content Management Server. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.

More here.

Fired Wal-Mart Spy Tells All

An Asia Pulse article by Marcus Kabel, via Tech News World, reports that:

Wal-Mart's normally low-profile security efforts were thrust into the limelight Wednesday when a fired technician alleged he had been part of a large surveillance operation that spied on company workers, critics, vendors and consultants. The company defended its security practices.

The world's largest retailer declined to comment on specific allegations made by 19-year veteran Bruce Gabbard to the Wall Street Journal in a report published Wednesday. Wal-Mart reiterated that it had fired Gabbard, 44, and his supervisor last month for violating company policy by recording phone calls and intercepting pager messages.

More here.

Google's Board Objects to Anti-Censorship Proposal

Ben Charny writes on MarketWatch:

Google Inc.'s board of directors recommended Wednesday that the company's shareholders vote against a proposal to bar the company from any "proactive" censorship efforts.

The board's opinion came to light in materials Google filed with securities regulators concerning its May 10 annual shareholders meeting.

Google did not explain why its board recommends shareholders vote down the anticensorship proposal from the Office of the Comptroller of New York City, which is a trustee of pension funds that have invested in 486,000 Google shares.

A representative for Google did not respond to an e-mail seeking comment for this article.

More here.

Japan: Porn Swap Sparks Defense Leak Furore

Via Reuters.

Three Japanese naval officers who swapped pornography on their computers triggered a scandal over a possible leak of sensitive data linked to Japan's missile defense system, a newspaper said Thursday.

Police launched a probe last week after a navy officer married to a Chinese woman was found to have taken home a computer disk containing information about the high-tech Aegis radar system, domestic media said.

Aegis is used on Japanese destroyers that are to be fitted with SM-3 missile interceptors from this year as part of the missile defense program.

The officer told police he accidentally copied the confidential data onto his computer's hard disk when copying porn from a computer belonging to a crew member from another destroyer, the Yomiuri newspaper reported.

More here.

Wednesday, April 04, 2007

Security Matters: Vigilantism Is a Poor Response to Cyber Attack

Bruce Schneier writes for Wired News:

Last month Marine General James Cartwright told the House Armed Services Committee that the best cyber defense is a good offense.

As reported in Federal Computer Week, Cartwright said: "History teaches us that a purely defensive posture poses significant risks," and that if "we apply the principle of warfare to the cyberdomain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests."

The general isn't alone. In 2003, the entertainment industry tried to get a law passed giving them the right to attack any computer suspected of distributing copyrighted material. And there probably isn't a sys-admin in the world who doesn't want to strike back at computers that are blindly and repeatedly attacking their networks.

Of course, the general is correct. But his reasoning illustrates perfectly why peacetime and wartime are different, and why generals don't make good police chiefs.

More here.

IRS Found Lax in Protecting Taxpayer Data

Kathleen Day writes in The Washington Post:

Thousands of taxpayers could be at risk of identity theft or other financial fraud because the Internal Revenue Service has failed to adequately protect information on its 52,000 laptop computers and other storage systems, a new government report concludes.

The IRS did not begin to adequately correct the security problems until the second half of 2006, despite being warned about them in 2003 and again in February 2006, according to a report by the inspector general of the IRS, J. Russell George.

"If taxpayers don't feel their personal information is protected, that could make them less likely to voluntarily file their taxes," said assistant inspector general Margaret E. Begg, whose auditing office studied IRS security policies and practices in place from January 2003 through mid-June 2006.

Nearly 500 IRS laptops were lost or stolen during that 3 1/2 -year period, many from the homes or cars of IRS workers but a significant number -- 111 -- from IRS offices, the report found. The IRS says one laptop typically contains information on 10 to 25 tax cases.

More here.

In Passing: Bob Clark

Benjamin "Bob" Clark
August 5, 1941 – April 4, 2007

Details here.
(Image source: AP)

Nature Tech: Pollen is a Pest for Real-World 'CSI'

An AP newswire article by Errin Haines, via USA Today, reports that:

All the pollen-covered cars in the South may be an eyesore to drivers, but the yellow dust might be a bandit's best friend. Pollen can make it difficult for crime scene investigators to lift fingerprints from outdoor surfaces, since the dust absorbs the moisture people normally leave behind.

In the spring when the pollen is at its worst in the region, police sometimes have to get creative to coax evidence from underneath the sticky covering left by oaks, elms, maples and especially pines — the most popular tree in Georgia.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, April 3, 2007, at least 3,259 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,630 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Lumberton, New Jersey Named eBay Capital of America

Via ABC News.

A small New Jersey town has become the biggest online auctioneer.

According to eBay, half of the 12,000 residents of Lumberton, N.J., belong to the online auction site, and this is its most active community, with more buyers and sellers than any other town in the country.

In one three-week period, 46,000 items were auctioned from Lumberton. One of the sellers, Lee Yeosh, a mother of four, has sold clothes, cameras and a rocket powered by vinegar and baking soda.

More here.

Russian Satellite Failure Revives Space Weapons Flap

A NBC News article by James Oberg, via MSNBC, reports that:

Russian space experts are wondering whether the United States used an anti-satellite weapon last month to kill a small Russian research satellite, the Novosti news agency reported Wednesday.

The claim that the Pentagon intentionally crippled the satellite brought an almost immediate denial from U.S. military officials.

More here.

Russia: Duma Anxious to Wiretap Every Home in Russia

Via Kommersant.

State Duma deputies are to consider a bill that would give police broader powers in wiretapping homes in Russia, the Novye Izvestia newspaper reports.

The bill sanctions wiretapping homes of people suspected or accused of crimes as well as of those “who may possess information on crimes in question”, says the bill.

The list includes family and business partners of the suspects or convicts as well as their former cellmates, according to Viktor Ilykhin, a drafter of the bill. These people tend to refuse to cooperate with investigators, which makes it hard to get the information by any other way, lawmakers note.

Russian law currently permits only court-sanctioned wiretapping of homes of the people who are preparing, committing or have committed crimes.

More here.

(Props, Pogo Was Right.)

U.S. National Archives Intern Sold Stolen Civil War Papers on eBay

An AP newswire article, via MSNBC, reports that:

A 40-year-old intern with the National Archives pleaded guilty Wednesday to stealing 164 Civil War documents, including an official announcement of President Lincoln’s death, and putting most of them up for sale on eBay.

Prosecutors said Denning McTague, who has master’s degrees in history and library science, put about 150 of the documents online and had sold about half of them.

All but three of the items, worth an estimated $30,000 in all, have since been recovered.

More here.

Study: There Is No Shortage of U.S. Engineers

Deborah Perelman writes on eWeek:

A commonly heard defense in the arguments that surround U.S. companies that offshore high-tech and engineering jobs is that the U.S. math and science education system is not producing a sufficient number of engineers to fill a corporation's needs.

However, a new study from Duke University calls this argument bunk, stating that there is no shortage of engineers in the United States, and that offshoring is all about cost savings.

More here.

Quote of the Day: Kevin Poulsen

"...McKinnon was nuts to turn down that sweet six month deal, and he'll be reflecting on that often over the next few years."

- Kevin Poulsen, reflecting over on 27B Stroke 6 on Gary McKinnon's impending extradition to the U.S. over hacking charges.

Toon of the Day: Fewer Smoker Joys

Click for larger image.

Verizon Bans P2P, Streaming Services, and Online Gaming

Via TorrentFreak.

Verizon customers on the EVDO Wireless Data Service are in for a surprise if they read the Terms of Service (TOS)

The Unlimited Data Plan is - yes, thats right limited to 5gigs of transfers each month but don’t worry, you won’t need anywhere near that amount because your internet multimedia experience is about to be ruined by the banning of your favourite activities;

There is to be no continuous uploading nor downloading, no streaming (that means no YouTube for you to enjoy and no internet radio) and no playing games either, they’re banned too. No P2P is allowed whatsoever.

If you get caught going over your ‘Unlimited’ service’s cap of 5gig in one month, Verizon say that you will be “presumed to be using the service in a manner prohibited above, and we reserve the right to immediately terminate the service of any such person without notice”

So what is allowed then? Well Verizon says that you may still check your email and browse the Internet.

More here.

Massachusetts State Website Contains Data for ID Thieves

An AP newswire article by Ken Maguire, via The Boston Globe, reports that:

An array of personal information that can be used by identity thieves is freely available on the Web site of Secretary of State William Galvin, who recently criticized Gov. Deval Patrick for failing to protect information about voters on his campaign's site.

Social Security numbers, bank account numbers, home addresses and phone numbers can be viewed with a few clicks, and Galvin said Wednesday he doesn't plan to immediately remove the information because he's launching a software program to start the process within weeks.

"It's totally unacceptable that they are contemplating leaving it up," said Betty Ostergren, a Virginia-based privacy advocate. "Once they realize it's a veritable treasure trove, identity thieves will flock to it. They need to shut the links down."

Galvin refused to do so.

"This is standard practice in the business world," he said. "It's necessary for commerce. There are people who are reliant upon this system."

"This is standard practice in the business world"?

One has to wonder if the Mr. Galvin has been smoking crack...

More here.

(Props, Pogo Was Right.)

While Granting An Extension, Creditors Seek Audit Of BearingPoint

Paul McDougall writes on InformationWeek:

Government and commercial systems integrator BearingPoint said its creditors have temporarily agreed to extend a deadline for the company to file its 2006 annual report while requesting that it hire an auditor to review its accounts receivables.

In a document filed Monday with the Securities and Exchange Commission, BearingPoint said its lenders have moved the deadline by which it must either file the report on default on loan agreements to April 11.

Until then, BearingPoint -- which holds a contract to help rebuild financial systems in Iraq -- said it would continue negotiations with creditors with the aim of ultimately moving the deadline for the filing of its 2006 form 10-K to June.

More here.

Hackers Now Offer Subscription Services, Support for Malware

Jaikumar Vijayan writes on ComputerWorld:

Like many just-launched e-commerce sites in the world, this unnamed Web site has a fairly functional, if somewhat rudimentary, home page. A list of options at top of the home page allows visitors to transact business in Russian or in English, offers an FAQ section, spells out the terms and conditions for software use and provides details on payment forms that are supported.

But contact details are, shall we say, sparse. That's because the merchandise being hawked on the site -- no we're not going to say what it is -- aren't exactly legitimate. The site offers malicious code that webmasters with criminal intent can use to infect visitors to their sites with a spyware Trojan.

More here.

Solar Flares May Threaten GPS

An AP newswire article by Randolph E. Schmid, via, reports that:

The Global Positioning System, relied on for everything from navigating cars and airplanes to transferring money between banks, may be threatened by powerful solar flares, a panel of scientists warned Wednesday.

"Our increasingly technologically dependent society is becoming increasingly vulnerable to space weather," David L. Johnson, director of the National Weather Service, said at a briefing.

GPS receivers have become widely used in recent years, using satellite signals in navigating airplanes, ships and automobiles, and in using cell phones, mining, surveying and many other commercial uses.

Indeed, banks use the system to synchronize money transfers, "so space weather can affect all of us, right down to our wallet," said Anthea J. Coster, an atmospheric scientist at the Haystack Observatory of the Massachusetts Institute of Technology.

More here.

Former U.S. Sailor Pleads Not Guilty to Terrorism

An AP newswire article, via, reports that:

A former Navy sailor pleaded not guilty Wednesday to federal charges alleging he supported terrorism by disclosing secret information about the locations of Navy ships and ways to attack them.

Hassan Abujihaad, 31, has been held without bail since his arrest last month in Phoenix.

He is charged with providing material support to terrorists with intent to kill U.S. citizens and disclosing classified information relating to the national defense. Prosecutors say the case started with an Internet service provider in Connecticut and followed a suspected terrorist network across the country and into Europe and the Middle East.

A British computer specialist arrested in 2004, Babar Ahmad, is also charged, accused of running Web sites to raise money for terrorism.

More here.

UCSF Reports Possible Compromise in Computer Security

Via The University of California, San Francisco.

UCSF is notifying students, faculty, and staff that their personal information may have been accessed by an unauthorized party due to a possible compromise in security of a computer server. The server did not contain any patient names or patient information.

There is no evidence at this time that any specific information was accessed, according to Randy Lopez, co-chief information officer for the Office of Academic and Administration Information Systems.

As a precautionary measure, the University is contacting about 46,000 individuals to alert them to look for signs of identity theft and advise them of steps to protect personal information. The contact list is comprised of students, faculty, and staff associated with UCSF or UCSF Medical Center over the past two years.

Data on the server included names, social security numbers, and bank account numbers used for electronic payroll and reimbursement deposits. The server resides in the UC System-wide data center. The incident was identified in late March, and the server was immediately taken off-line.

More here.

(Props, the Data Loss Mailing List.)

U.S. Government Justifications Ruled Inadequate in '.xxx' TLD FOIA Case

Scott Hodes writes on the FOIA Blog:

Plaintiff ICM Registry, LLC has repelled the government's effort to get summary judgment on most of its processing of documents in relation to plaintiff's request concerning government actions concerning the .XXX internet domain.

Plaintiff had sought to create and maintain the .xxx internet domain for various adult entertainment industry. The Internet Corporation For Assigned Names and Numbers ("ICANN") however turned down plaintiff's request--reportedly with pressure from the U.S. Government. The subsequent FOIA requests turned into litigation. The government (State and Commerce Departments) withheld a number of documents from plaintiff pursuant to Exemptions 4 and 5 (deliberative process privilege).

After a round of briefing, Judge James Robertson of the United States District Court for the District of Columbia found that the government's justifications for many of its withholdings were conclusory and did not establish that the exemptions were properly used in many instances. Judge Robertson has ordered the government to submit additional Vaughn indexes that specifically justify these withholdings.

More here.

Identity Tech: Confusing Osama bin Laden with Johnny Rotten

John Joseph Lydon, a.k.a. Johnny Rotten
Image source:

Mark Williams writes on Technology Review:

At the end of last February, the U.S. Department of Homeland Security (DHS) launched its Traveler Redress Inquiry Program for the 30,000-plus individuals who in the years since September 11 have been misidentified as possible terrorists by the Transportation Security Administration's (TSA) infamous "no fly" and "selectee" lists. These people may now ask for investigative reviews via an official website, in the hope that the TSA will eventually remove their names.

Alas, the realization of their hopes may be long postponed. Officially, the TSA's much delayed Secure Flight computerized passenger prescreening system will roll out by fall 2008 at the earliest. But TSA administrators have told Congress that full implementation of the system--costing $140 million already and requiring at least $80 million more--may not happen before 2010. Translation: nobody at the DHS and TSA will be taking responsibility for removing any names from the watch lists, and individuals on the lists will continue to undergo extra screening of their persons and carry-ons.

More here.

Defense Tech: CIA Blocks Book on Chinese Nuclear Weapons

Steven Aftergood writes on Secrecy News:

An eagerly awaited book on the history of the Chinese nuclear weapons program will not be published due to objections from the Central Intelligence Agency, which said it contains classified information.

A federal court last week ruled [.pdf] that the CIA was within its rights to block disclosure of 23 sections of a manuscript by former Los Alamos intelligence specialist Danny B. Stillman, who had brought a lawsuit asserting his First Amendment right to publish the volume.

During the 1990s, Mr. Stillman traveled to China nine times, including six trips that took place after his retirement in 1993. He visited nuclear weapons facilities and "engaged in extensive discussions with Chinese scientists, government officials, and nuclear weapons designers," resulting in a 506-page manuscript entitled "Inside China's Nuclear Weapons Program."

More here.

Thai Web Crackdown Blocks YouTube

Thomas Fuller writes in The International Herald Tribune:

Thailand's military-appointed government has blocked access to YouTube and several other Internet sites in a crackdown on material that denigrates the country's monarch, officials said Wednesday.

"We have blocked YouTube because it contains a video insulting to our king," said Winai Yoosabai, head of the censorship unit at the Ministry of Communication and Information Technology.

Thailand's ban of the popular video-sharing Web site came after YouTube's owner, Google, refused to remove the video clip, the communications minister, Sitthichai Pookaiyaudom, said.

The clip, crude and amateurish and lasting less than a minute, depicts the king with a pair of feet being placed over his head, a highly insulting gesture in Thailand.

More here.

UK: Banks Role in Reporting e-Crime Raises Concerns

Tom Young writes in Computing (UK):

Industry experts have criticised new procedures that make banks the first point of contact for reporting online fraud.

From this week, businesses and consumers in England, Wales and Northern Ireland have to report instances of online, cheque and card fraud to their bank or building society instead of the police.

Jim Norton, senior policy adviser at the Institute of Directors, says the reporting function should always lie with the police.

More here.

Travel Tech: TSA Issues Airport Tracking System RFI

Alice Lipowicz writes on Washington Technology:

The next-generation security system for U.S. airports may include seamless, continuous tracking of passengers and their baggage from the time of reservation to arrival at their destination, according to a new notice posted by the Transportation Security Administration.

TSA published a request for information on Tuesday to invite vendor ideas for such a system and its IT architecture. The system will include credential verification, identity management and tracking of passengers and their baggage. It must be able to integrate with existing systems, including sensors and threat detection and command and control systems.

Vendors are expected to discuss biometrics, scanning, smart cards, portals and kiosks, radio frequency identification, video surveillance and passenger identification and credentialing systems in their solicitations, the TSA notice stated.

More here.

FCC Tackling Backlog of Pending Matters After Democrats Complain

Charles Babington writes in The Washington Post:

Rep. John D. Dingell (D-Mich.) scolded the five members of the Federal Communications Commission when he finally got them before a powerful subcommittee last month.

The FCC botched handling of cable television franchising, racked up a backlog of unanswered consumer complaints, and dallied on various disputes between industry rivals with little oversight from the previous Republican-controlled Congress in recent years, the chairman of the House Energy and Commerce Committee said in the March 14 hearing.

More here.

Russia Challenges the U.S. Monopoly on Satellite Navigation

Image source:

Andrew E. Kramer writes in The New York Times:

The days of their cold war may have passed, but Russia and the United States are in the midst of another battle — this one a technological fight over the United States monopoly on satellite navigation.

By the end of the year, the authorities here say, the Russian space agency plans to launch eight navigation satellites that would nearly complete the country’s own system, called Glonass, for Global Navigation Satellite System.

The system is expected to begin operating over Russian territory and parts of adjacent Europe and Asia, and then go global in 2009 to compete with the Global Positioning System of the United States.

More here.

Tuesday, April 03, 2007

Alcatel-Lucent to Acquire Tropic Networks

Loring Wirbel writes on EE Times:

Alcatel-Lucent has agreed to buy all assets and intellectual property of Tropic Networks Inc., a Canadian startup specializing in reconfigurable optical add-drop multiplexer systems.

Tropic had merged with two Canadian oil companies, Chamaelo Exploration Ltd. and Tournament Energy Ltd., as a means of raising close to $10 million in operating capital.

Alcatel-Lucent first approached Tropic when Alcatel joined a $33 million round of financing for Tropic in 2004. That round was followed by a $48 million venture-led round, bringing total funding close to $200 million. The difficulty of raising more capital after five rounds prompted Tropic's deal with the oil companies.

WaveTracker WDM and Roadm capabilities now will be integrated into Alcatel-Lucent optical transport products. In January, Tropic claimed the use of WaveTracker along with tunable transponders would help carriers solve chromatic dispersion problems.

More here.

U.S. Toll in Iraq -- And a Bonus Commentary

Via The Boston Globe (AP).

As of Tuesday, April 3, 2007, at least 3,257 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,624 died as a result of hostile action, according to the military's numbers.

The AP count is eight higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

BONUS: We love Jack Cafferty.

Via Crooks and Liars: Jack wonders how productive it is for members of Congress to visit Iraq and laughs at McCain's safe stroll through Baghdad with an army of 100 soldiers, blackhawk helicopters and apache gunships protecting him overhead.

Watch the video snippet here.


ANI Exploits Made Easy

Pedro Bueno writes on the McAfee AVERT Labs Blog:

Do you ever ask yourself why we talk so much about “another” vulnerability?

For starters, up until a few hours ago, this vulnerability was not covered by an official patch. Another good reason is the fact that we are seeing exploits in the wild.

And if that was not enough, now kits have been released that allow basically anyone to create his or her own exploits, making it a really simple task.

The video below shows exactly that–how easy is to create such exploits, so you can understand why you should worry and protect yourself.

More here.

Medical ID Theft, On The Rise, Threaten Lives and Wallets

An NBC News article by Anne Thompson and Alex Johnson, via MSNBC, reports that:

In a report last year, the World Privacy Forum found that the number of Americans identifying themselves in government documents as victims of medical identity theft had nearly tripled in just four years, to more than a quarter-million in 2005.

Motives for medical identity theft can vary. Some thieves, as in these cases, are seeking controlled medications. Others are seeking federal money. A case that wrapped up in January in Southern California illustrates just how sophisticated such operations can be.

Five health care providers pleaded guilty to stealing more than $900,000 in 2003 by luring hundreds of elderly Vietnamese patients to a fake medical clinic in Milpitas, where they would offer free checkups. According to prosecutors, they would copy the patients’ Medicare records and then use the information to bill the government for phantom services.

More here.

FBI Checks Gambling in Second Life Virtual World

Adam Pasick writes for Reuters:

FBI investigators have visited Second Life's Internet casinos at the invitation of the virtual world's creator Linden Lab, but the U.S. government has not decided on the legality of virtual gambling.

"We have invited the FBI several times to take a look around in Second Life and raise any concerns they would like, and we know of at least one instance that federal agents did look around in a virtual casino," said Ginsu Yoon, until recently Linden Lab's general counsel and currently vice president for business affairs.

Yoon said the company was seeking guidance on virtual gaming activity in Second Life but had not yet received clear rules from U.S. authorities.

The FBI and the U.S. Attorney's Office for Northern California declined comment.

More here.

Deutsche Telekom Ordered to Grant Rivals Access to Its Network Cables

Via The International Herald Tribune.

The German telecommunications regulator has decided to order Deutsche Telekom to grant rivals access to its network cables, according to a decision set to be published Wednesday.

The decision by the Bundesnetzagentur, viewed by Reuters, will enable rivals to lay their own cables to reach customers using Deutsche Telekom infrastructure as the former state monopoly rolls out its new superfast broadband network. In areas where they cannot lay cables, rivals will be granted access to Deutsche Telekom's fiber-optic network.

Currently, Deutsche Telekom charges rivals a monthly fee to use its copper wires from phone exchanges into homes and businesses.

More here.

FTC Approves Final Guidance Settlement

Roy Mark writes on

Guidance Software's settlement with the Federal Trade Commission (FTC) became official today, almost five months after the Pasadena, Calif.-based computer forensics specialist admitted it did not adequately protect customer data.

Victimized by a December 2005 data breach and theft of 4,000 credit card numbers, Guidance agreed to implement a comprehensive information security program, including independent, third-party audits every other year for the next ten years.

The company also will be subject to standard record keeping and reporting provisions to allow FTC monitoring.

The breach of its customer data was particularly embarrassing for Guidance, which provides software that tracks down and collects information on data breaches.

More here.

FCC: 'No' to Cell Phones on Planes

An AP newswire article, via, reports that:

The Federal Communications Commission has officially grounded the idea of allowing airline passengers to use cellular telephones while in flight.

Existing rules require cellular phones to be turned off once an aircraft leaves the ground in order to avoid interfering with cellular network systems on the ground. The agency began examining the issue in December 2004.

Thank goodness.

More here.

Surveillance Tech: Computerized Facial Recognition is Improving

Wilson P. Dizard III writes on

Technology for computerized facial recognition is ten times more accurate now than it was four years ago, and the best of the systems outperform humans, the National Institute of Standards said.

The federal government has pressed the private sector to improve facial and iris recognition technology dramatically so as to pave the way for improved biometric systems, and NIST has overseen the process in tests called the Face Recognition Vendor Test (FRVT) 2006 and the Iris Challenge Evaluation (ICE) 2006.

The facial-recognition test has compared vendor systems on in their ability to recognize high-resolution still images and three-dimensional facial images, under both controlled and uncontrolled illumination. The ICE 2006 test reported iris recognition performance from left and right irises. The study compared the facial recognition test results with an earlier evaluation called the FRVT 2002. ICE 2006 reported iris recognition performance from left and right irises.

According to a NIST report issued in late March, the facial recognition systems it tested in the FRVT 2006 trials showed an “order of magnitude,” or tenfold, improvement over comparable tests conducted four years ago.

More here.

Whacked Out Headline of the Day: Keith Richards: 'I Snorted My Father'

Now that's entertainment!

An AP newswire article, via, reports that:

Keith Richards has acknowledged consuming a raft of illegal substances in his time, but this may top them all.

In comments published Tuesday, the 63-year-old Rolling Stones guitarist said he had snorted his father's ashes mixed with cocaine.

"The strangest thing I've tried to snort? My father. I snorted my father," Richards was quoted as saying by British music magazine NME.

"He was cremated and I couldn't resist grinding him up with a little bit of blow. My dad wouldn't have cared," he said. "... It went down pretty well, and I'm still alive."

More here.

Lawyer: Jailed Freelance Journalist Josh Wolf To Be Freed

Josh Wolf in September 2006


Federal prosecutors asked a U.S. district judge in San Francisco Tuesday to release Josh Wolf, a freelance journalist who has been jailed for more than seven months for contempt of court for refusing to give information to a federal grand jury.

Assistant U.S. Attorney Jeffrey Finigan filed a brief request with U.S. District Judge William Alsup Tuesday morning saying that Wolf had produced materials "responsive to the grand jury subpoena."

Finigan wrote, "Accordingly, the government respectfully requests that this court release Mr. Wolf from custody."

Wolf is the longest-jailed journalist in U.S. history in a civil contempt of court case.

One of Wolf's lawyers, Martin Garbus, said that if Alsup signs a proposed order, Wolf could be freed from a federal prison in Dublin as early as Tuesday.

More here.

Cisco Creates Russian Investment Fund

Ray Le Maistre writes on Light Reading:

Cisco Systems Inc. has set up a "venture capital initiative" to invest in startups and local investment funds in Russia, and has already pumped some cash into a Russian e-commerce Website, the company announced Tuesday.

The vendor, which has already hired a Moscow-based investment manager, is looking for "direct investment opportunities into technology-related startups as well as investments into local venture capital teams targeting the technology industry."

More here.

H-1B Visa Cap Reached in Record Time

Patrick Thibodeau writes on ComputerWorld:

The federal government ran out of H-1B visas yesterday when the 65,000-visa cap was reached -- on the very first day that the U.S. Citizenship and Immigration Services (USCIS) began accepting visa applications.

The agency received a huge number of applications for the guest worker visa, about 150,000 by yesterday afternoon, the federal agency announced today.

That number is a record; never before has the USCIS received so many applications so quickly for its allotments of H-1B visas. Immigration attorneys late last week were warning that companies were worried about the expected demand for the visas, and were moving quickly to apply for them. Many attorneys representing those firms predicted that the visas would disappear quickly -- and their forecasts proved right.

More here.

The Netherlands: ABN Amro Compensates Customers for Phishing Loss

Fiona Raisbeck writes on SC Magazine Online:

Dutch bank ABN Amro has paid compensation to four of its customers following a phishing attack that stole money from their accounts.

The phishers sent an email to the bank’s clients along with a malicious attachment, which once opened installed malware on to the user’s computer, according to reports.

The malicious software modified the customer’s browser settings and directed them to a spoofed website whenever they tried to access their accounts online.

Once installed, the hackers used the spyware to collate banking login details and passwords, which they then used on the legitimate banking website to access the accounts and steal the money.

More here.

Putting Some Circuit Breakers Into DNS to Protect The Net

Karl Auerbach writes on CircleID:

There are a lot of bad, but smart, people out there on the net.

They are quick to find and capitalize on vulnerabilities, particularly those vulnerabilities in mass market software.

These bad folks are quite creative when it comes to making it hard to locate and shutdown the computers involved.

For example, a virus that takes over a victim’s computer might communicate with its control point, or send its captured/stolen information, by looking up a domain name. Normally domain names are somewhat static - the addresses they map to don’t change very frequently - typically changes occur over periods measured in months or longer.

What the bad folks are doing is to change the meaning of those domain names very rapidly, from minute to minute, thus shifting the control point. They rapidly change the contents of DNS records in the authoritative servers for that domain. They couple this with low TTL (time-to-live) values on DNS information, thus preventing cached information from surviving very long and thus erasing one source of audit trails and covering their tracks.

More here.

ICANN May Be Looking for Immunity From U.S. Law

Declan McCullagh writes on the C|Net Politics Blog:

The closest thing the Internet has to a governing body seems to want the same kind of immunity from national laws that the International Red Cross and the International Olympic Committee have enjoyed for decades.

A recent report [.pdf] prepared for the board of ICANN (the Internet Corporation for Assigned Names and Numbers) says the organization should "explore the private international organization model" and it should "operationalize whatever outcomes result."

Dejargonized, that means ICANN could become largely immune from civil lawsuits, police searches and taxes, and its employees would have quasi-diplomatic privileges (such as importing items into the U.S. without paying customs duties).

More here.

Botnet Rivals: Warfare Spills Onto The Net

Bob Sullivan writes on The Red Tape Chronicles:

The bot network industry has become so profitable, and hijacked computers so valuable, that rival gangs are now fighting over them. This digital gang warfare is not physically violent, but it certainly is no game. Bot herders steal each other's infected computers, fight off such raids, and often try to knock each other’s computers off-line.

"They are cutthroat and competitive. They are in it to make a lot of money.... These guys are ruthless to begin with and don’t care who they hurt, as long as they get their dollars," said Jose Nazario, a security researcher at Arbor Networks.

More here.

Gary McKinnon Loses U.S. Extradition Appeal

Gary McKinnon

Via Reuters.

A British computer expert accused by Washington of the "biggest military hack of all time" lost an appeal on Tuesday against plans to extradite him to the United States to stand trial.

Gary McKinnon was arrested in 2002 following charges by U.S. prosecutors that he illegally accessed 97 government computers -- including Pentagon, U.S. army, navy and NASA systems -- causing $700,000 worth of damage.

Two of Britain's leading judges rejected a High Court challenge by McKinnon to an earlier court order backed by Britain's Home Secretary that he should be extradited.

More here.

Monday, April 02, 2007

U.S. Stance in Spy Case Sparks Concern in Academia

Josh Gerstein writes in The New York Sun:

Concern about the government's aggressive legal stance in a Chinese espionage case is spreading from industry to academia, where some fear that the prosecution's position undermines a long-standing consensus about unfettered access to scientific research.

"This is just shocking," an attorney at Stanford University's Office of General Counsel, Rachel Claus, said.

The sharp reaction is to the Justice Department's arguments against a Chinese-born electrical engineer, Chi Mak, who is accused of conspiring to send data on submarine propulsion and other subjects to the Chinese government. Prosecutors have asserted that Mr. Mak cannot defend himself against the export control charges by arguing that the information was in the public domain.

"If you take their line of argument, you can't have Chinese students at a university studying and learning information in a textbook," a compliance officer at Stanford, Steve Eisner, said. He noted that giving information to a foreign national in America can be considered the equivalent of exporting that data abroad.

More here.