Saturday, April 28, 2007

The New U.S. Passport: Stars and Stripes, Wrapped in the Same Old Blue


Neil MacFarquhar writes in The New York Times:

When Americans do open their new passports, they’ll see a document strikingly different from the old booklet. By July, all applicants will get the new design, with the State Department expecting to issue a record 17 million passports this year, up from last year’s record of 12 million.

The new passport, in the works for about six years, incorporates the first complete redesign since 1993. Given new international standards for post-9/11 high-tech security features, which transform the document into an “E-passport,” the State Department decided it was time for something completely different.

More here.

Image source: Jim Wilson / The New York Times

Toon of the Day: I Want You...


Click for larger image.


Just Say No—To Bad Science

Sharon Begley writes on Newsweek.com:

When Doug Kirby sat down recently to update his 2001 analysis of sex-education programs, he had 111 studies that were scientifically sound, using rigorous methods to evaluate whether a program met its goals of reducing teen pregnancy, cutting teens' rates of sexually transmitted diseases and persuading them to practice abstinence (or, if they didn't, to use condoms). He also had a pile of studies that were too poorly designed to include. It measured three feet high.

For us civilians, it's hard to grasp how much of science is subjective, and especially how much leeway there is in choosing how to conduct a study. No one is alleging that scientists stack the deck on purpose. Let's just say that depending on how you design a study you can practically preordain the outcome. "There is an amazing array of things people do to botch a study," says Rebecca Maynard of the University of Pennsylvania.

More here.

Canada: McGill University Reviewing Computer System After Glitch

A Canadian Press article, via The Globe and Mail, reports that:

McGill University is reviewing its computer system after the academic records of some students were briefly made accessible Friday on the Montreal school's website.

However, the university is downplaying the magnitude of the problem.

It says only the information on a particular group of students from the class of 2004 was briefly accessible and that the university's records indicate fewer than a dozen people viewed the material before the computer glitch was identified and corrected.

More here.

Gapindvoid: The Echo Chamber Revisited

Via gapingvoid.com. Enjoy!

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, April 28, 2007, at least 3,346 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,720 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Email and Securities Fraud, Stock Manipulation, 5 Years In Prison

Via Technology News Daily.

A Sarasota, Fla., man has been sentenced to five years in prison and two years of supervised release for conspiring to commit both securities fraud and email fraud stemming from stock manipulation scheme involving four publicly-traded companies – Masslick Inc., eDollars Inc., Emerging Holdings Inc., and China Score Inc. – Assistant Attorney General Alice S. Fisher of the Criminal Division and U.S. Attorney Chuck Rosenberg for the Eastern District of Virginia announced today.

Stephen P. Luscko, 39, was sentenced today in federal court in Alexandria, Va. Luscko’s co-conspirators included Gregory Alphonse Neu, 30, of Boca Raton, Fla., and Brian George Brunette, 29, of Miramar, Fla., who were previously sentenced for their roles in the stock manipulation schemes. Neu was sentenced to five years in prison and three years supervised release; Brunette, who only participated in the stock manipulation scheme involving Massclick, was sentenced to one year and a day in prison and three years supervised release. The District Court will resolve outstanding restitution issues on June 8, 2007. The government has seized more than $3 million from bank accounts associated with the co-conspirators.

In a related action, the U.S. Securities and Exchange Commission has also filed civil charges against Neu, Luscko, and three of the companies for their part in the fraudulent schemes to manipulate the price and volume of the companies’ securities.

More here.

'Don't Panic, but The Grid's Going Down'

Penny Crosman writes on Wall Street Technology:

Summertime evokes the sounds of Beach Boys songs, the smell of suntan lotion - and the sudden darkness of a blackout. The dog days of August, when New Yorkers run their air conditioners full blast, mean peak demands on the city's energy grid.

Many will recall the 10-day power outage in Queens last summer. On Aug. 2, the day after the Queens incident was resolved, Con Ed pumped its all-time highest power send-out of 277,417 megawatts. According to the utility, it delivers 20 percent more power than it did 10 years ago and demand grows 1 percent to 1.5 percent each year. To keep up, Con Ed has invested $1.4 billion this year in reinforcing the electrical system in preparation for summer, says Con Ed spokesperson Chris Olert.

Still, the possibility of blackouts and brownouts this summer remains. "A summer power outage is enough of a possibility that Wall Street firms should make sure to be prepared," warns Neil Katkov, research director at Celent.

More here.

New Zealand: 'Gay' Filtered in Telecom e-Mails

Jonathan Marshall writes on The New Zealand Herald:

Telecom has apologised to a woman after the company's email filter deemed her first name Gay to be "inappropriate for business-like communication".

The cyberspace saga began when web designer Gay Hamilton emailed Telecom's helpdesk, enquiring if Xtra broadband services were available in her Nelson suburb. The automated reply was not what she was expecting. "[Your email] was identified by our content filtering processes as containing language that may be considered inappropriate for business-like communication," the email said. The offensive word was the woman's name: "The content which caused this to happen was ... 'gay' eight times, at two points each, for an expression score of 16 points."

More here.

‘Drunken Pirate’ Sues School That Nixed Degree Over MySpace Photo

An AP newswire article, via MSNBC, reports that:

A woman denied a teaching degree on the eve of graduation because of a MySpace photo has sued the university.

Millersville University instead granted Stacy Snyder a degree in English last year after learning of her Web-published picture, which bore the caption “Drunken Pirate.”

“I dreamed about being a teacher for a long time,” said Snyder, 27, who now works as a nanny.

The photo, taken at a 2005 Halloween party, shows Snyder wearing a pirate hat while drinking from a plastic “Mr. Goodbar” cup. It was posted on her own MySpace site.

More here.

Chile: Google Earth Moves a Village to Argentina

Via Reuters.

The Chilean government wants Google to fix its Earth geographical search program that places a village named after Chilean independence hero Bernardo O'Higgins in Argentina.

The satellite image shows Villa O'Higgins, a tiny hamlet 1,000 miles south of the Chilean capital, Santiago, on the Argentine side of the border.

More here.

Case of Police Videotaping Is Back in the Public Eye

Alan Feuer writes in The New York Times:

The judge asked the lawyer for New York City a hypothetical question: If a police officer used a video camera to record a political group that he had no reason to believe was breaking the law, was it a violation of Police Department rules? Yes or no?

The lawyer thought a moment, then replied, “Can I say that’s a trick question?”

The short exchange yesterday at a hearing in Federal District Court in Manhattan captured the flavor of the legal issues and broad moral questions that co-exist at the heart of what has come to be known as the Handschu case. First filed 36 years ago as a class-action lawsuit by a lawyer named Barbara Handschu, the case is one of the most important — and certainly longest-lived — federal disputes that have sought to balance the citizenry’s right to political expression with the police’s interest in keeping public order.

More here.

Rape Victim Sues Over MySpace Post

Maxine Bernstein writes on The Oregonian:

The victim of a sexual assault in Southeast Portland has filed a lawsuit against a local ambulance paramedic who posted details about the crime on his MySpace Internet page.

The victim argues the paramedic invaded her privacy by posting the approximate location where the assault occurred, what she said about her knife-wielding assailant and the suspect's description.

The posting led TV reporters to knock on the woman's door, prompted neighborhood reconnaissance and may have impeded the police investigation into the assault, the lawsuit contends.

More here.

(Props, Pogo Was Right.)

Large-Scale Website Attacks Due to Unrest in Estonia

Mikko Hyppönen writes on the F-Secure "News from the Lab" Blog:

Quoting CNN:

"Police arrested 600 people and 96 were injured in a second night of clashes in Estonia's capital over the removal of a disputed World War Two Red Army monument ... Russia has reacted furiously to the moving of the monument ... Estonia has said the monument had become a public order menace as a focus for Estonian and Russian nationalists."

We're now seeing large attacks against websites run by Estonian goverment. Some of the sites are unreachable. Others are up, but do not allow any traffic from foreign IP addresses.

Here's the status as we saw it on Saturday at 15:00 GMT.

More here.

Man-Made Tech: 60th Anniversary of the Launch of the Kon-Tiki


Thor Heyerdahl, who died in 2002, rocked.

This man had a vision, and achieved it.

I had the privilege of visiting the Norwegian Maritime Museum in Oslo during the 45th IETF (1999) meeting.

What an amazing accomplishment.

Via Wikipedia.

Kon-Tiki was the raft used by Norwegian explorer and writer Thor Heyerdahl in his 1947 expedition. It was named after the Inca sun god, Viracocha, for whom "Kon-Tiki" was said to be an old name. Kon-Tiki is also the name of the popular book that Heyerdahl wrote about his adventures.

Heyerdahl believed that people from South America could have settled Polynesia in the south Pacific in Pre-Columbian times. His aim in mounting the Kon-Tiki expedition was to show, by using only the materials and technologies available to them at the time, that there were no technical reasons to prevent them from having done so.

Heyerdahl and a small team went to Peru, where they constucted a balsa wood raft out of balsa logs and other native materials in an indigenous style (as recorded in illustrations by Spanish conquistadores). This trip began on April 28, 1947. Accompanied by five companions, Heyerdahl sailed it for 101 days over 4,300 miles across the Pacific Ocean before smashing into the reef at Raroia in the Tuamotu Islands on August 7, 1947. The only modern equipment they had was a radio.

The book Kon-Tiki was a best-seller, and a documentary motion picture of the expedition won an Academy Award in 1951.

The original Kon-Tiki is now on display in the Kon-Tiki Museum in Oslo.

More here.

Kon-Tiki Museum here.

Friday, April 27, 2007

Court Decision Allows Imminent Termination of RegisterFly

Via ICANN.

Under a preliminary injunction issued yesterday by US Federal Court Judge, Manuel J. Real, ICANN now has the right to terminate RegisterFly’s accreditation as soon as possible. The provision to ICANN of current and accurate data for all of RegisterFly’s domain names has also been ordered by the Court as RegisterFly failed to meet the conditions of a temporary restraining order (TRO) which the Court issued on April 16, 2007.

Following the injunction, ICANN is immediately inviting statements of interest from accredited registrars starting Monday, 30 April 2007, to act as a transfer provider, so domain name registrants can gain full access to their domains. The registrar handling the transfers will temporarily hold the names and help registrants transfer to any ICANN accredited registrar of their choice.

More here.

Mother Earth Tech: Happy Arbor Day


Plant a tree.

Happy Arbor Day.


U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, April 27, 2007, at least 3,337 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,720 died as a result of hostile action, according to the military's numbers.

The AP count is two lower than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

WSJ Censoring Vonage’s Ads?

Image source: GigaOm.com

Paul Kapustka writes on GigaOm:

When we looked at the back page of Friday’s Marketplace section of the Wall Street Journal, it looked like the delivery person had perhaps taken offense with the Vonage ad campaign about its patent case with Verizon, with what looked like some black-pen editing, the kind you might see in edited government documents:

A closer look showed that indeed, some text had been blacked out, but why?

More here.

Google Pulls Malicious Sponsored Links

Joris Evers writes on C|Net News:

Google has removed paid links that advertised seemingly legitimate Web sites but actually tried to install nefarious programs on PCs.

The links were displayed as "sponsored links" after visitors entered specific queries into Google's search service. Clicking the links would ultimately go to a legitimate site, but by way of another site that attempted a "drive-by installation" of password-stealing software. Miscreants placed the links using Google's AdWords service for advertisers.

More here.

Quote of the Day [3]: John Diaz

"This is not the American way."

- John Diaz, Editorial Page Editor at The San Francisco Chronicle.

Caterpillar Employee Data Stolen

An AP newswire article, via SFGate.com, reports that:

Caterpillar Inc. said late Friday that a laptop computer containing personal data on employees was stolen from a benefits consultant that works with the company.

Caterpillar spokesman Rusty Dunn declined to provide many details Friday.

"This is an open investigation and we're not prepared to get into any specifics," Dunn said.

He said one laptop computer was stolen earlier this month, but didn't say where the theft took place or identify the consultant.

Dunn declined to say how many employees were affected. He said the majority are based in the U.S. and letters have been sent to notify them. Dunn said a call center is being established to take their inquiries.

More here.

(Props, Attrition.org.)

UK Government 'Loses' $1.7B in Data Transfer Fiasco

Tash Shifrin writes on ComputerWorld:

Around $1.7 billion of unpaid VAT did not appear on a U.K. Revenue and Customs debt case management system because of a failure to transfer data from the main VAT computer system, legislators have been told.

Edward Leigh, chair of the powerful Commons public accounts committee, highlighted a series of problems with major government IT projects in a parliamentary debate on the committee's inquiries

He told MPs: "We found that not all information on VAT debt recorded on the main VAT computer system had been transferred to the so-called trader register."

"That may appear to be an obscure point, but it meant that some $1.7 billion of debt failed to appear on the debt case management system. That is hardly a first-rate example of financial management by a department that should be at the forefront of such matters."

More here.

AOL: Hacker 'Unlikely to Have Stolen Customer Data'

Juan Carlos Perez writes on InfoWorld:

AOL is investigating the recent hacking of its systems by a New York teen to determine if he managed to obtain customer data. However, the Time Warner subsidiary thinks it's unlikely that customer data was compromised.

"This long-term hacker has repeatedly sought to access AOL systems," a spokeswoman said on Friday. "Our investigation continues, but we believe that at no point was [he] able to access customer billing data."

For now, AOL isn't notifying any individual customers about the situation. "While [he] did seek to access accounts, we don't believe there was any data compromised that would require customer outreach," the spokeswoman wrote.

This is the first time AOL has issued an official comment about the arrest of 17-year old Mike Nieves, who faces four felony charges and a misdemeanor charge for allegedly breaking into AOL networks and databases at different points between late December and early April. On Thursday, a spokesman for the Manhattan District Attorney's office said it's too early to tell whether any data was compromised during the system intrusions.

More here.

Note: This is why we need a Mandatory Breach Disclosure law -- AOL should be forced to notify customers whose records or accounts may have been accessed by this kid. - ferg

NOAA: Next Solar Storm Cycle to Begin in March

Bryan Gardiner writes on Extreme Tech:

According to the latest forecast by the National Oceanic & Atmospheric Administration's (NOAA) Space Environment Center, the next 11-year cycle of solar storms is set to begin earlier than expected, starting next March and peaking sometime in late 2011 or mid-2012, researchers said.

The prediction came during a NASA-sponsored panel at the annual Space Weather Workshop in Boulder, Colo., this week, and although panelists were split on whether a weak or strong period of solar storms lies ahead, neither group expects it to be a record-breaker.

More here.

Quote of the Day [2]: Kevin Poulsen

"Let's hope the unnamed English teacher doesn't discover the public library, or the Chicago cops will be looking to arrest nearly every important author in the last century for disturbing the peace."

- Kevin Poulsen on Threat Level.

So What's Up with MacLockPick?


Jason Chen writes on Engadget:


Imagine if you had a tool that when plugged into a Mac, can extract passwords for logins, disk images, Wi-Fi passwords, iTunes, iChat, Remote Desktop, email, all your banking info, peer to peer information, and arranges it neatly into a database format. That's the MacLockPick. It's pretty neat if you're the one doing the extracting, but very scary if you're the one being extracted from.

However, it's only available to federal and state law enforcement officials as well as licensed investigators, and starts at $499 (discounts apply if you're a po po). So unless your uncle's a professional snooper, you won't be able to get your hands on one of these.

More here.

Image source: Engadget

Anatomy of a Great Hack: 1980's Porn Slipped into 1950's Time Capsule

An AP newswire article, via The Boston Globe, reports that:

There were a few surprises for the University of Washington's Class of 1957 when they opened a time capsule sealed 50 years ago.

Among audiotapes and copies of the yearbook and school newspaper were 1980s-era porn, a condom and some dirty underwear.

Alumni opened the capsule earlier this week in preparation for a public unveiling Saturday during a celebration of the 50th anniversary of the university's communications program. The capsule had been placed in an interior wall of the then-new Communications Building in 1957.

More here.

AT&T’s New Boss Wants Your World Delivered to Him

Via Save The Internet.

Soon after AT&T chief Ed Whitacre announced his plans to accept his company’s $161 million retirement offer, the phone collossus announced Big Ed’s replacement.

Randall Stephenson, onetime SBC Chief Operating Officer, will attempt to fill the shoes of the man who once called all of us “nuts” for thinking the Internet should remain free from phone company discrimination.

But this apple clearly hasn’t fallen far from the tree. Echoing his predecessor, Stephenson was quoted in an industry newsletter saying, “We’re going to control the video on our network. The content guys will have to make a deal with us.”

Stephenson’s statement makes it clear that he intends to carry forward Whitacre’s plan to block or degrade high-speed content of anyone who has not struck a special deal with AT&T.

More here.

Getting Worse Every Year: The War on Journalism

David E. Kaplan writes on U.S. News & World Report's "Bad Guys" Blog:

A hundred dead journalists. Attacks on newspaper reporters, camera operators, and bloggers. Legal sanctions, criminal libel, intimidation, and censorship. Congratulations, world: Last year was "the most savage and brutal year in the history of the modern media," according to the just released annual report by the Vienna-based International Press Institute.

Nearly half of the dead journalists–46 in all–came from Iraq, most of them local reporters targeted by insurgents and death squads. "The murder and kidnapping of local journalists," notes the reports, "made reporting in Iraq possibly the most dangerous assignment ever given to the media."

Also high on the list of deadly sites: Afghanistan, Pakistan, the Philippines, Sri Lanka, and Mexico, which, for the second year in a row, topped the list as the most dangerous place in the Americas. A Bad Guys salute goes to the government of Cuba, which, with 25 journalists imprisoned, is the biggest jailer of reporters in the hemisphere.

More here.

N.Y. AG Gets First Settlement Under Security Breach Notification Law

Sharon Gaudin writes on InformationWeek:

The New York Attorney General has obtained the first settlement under the state's new security breach notification law.

Attorney General Andrew Cuomo announced Thursday that it has reached an agreement with CS Stars LLC, a Chicago-based claims management company, to implement precautionary procedures, comply with New York's notification law in the event of another security breach, and pay $60,000 to the AG's office for investigation costs.

More here.

Quote of the Day: Bruce Schneier

"Monopolies eventually overreach themselves and die. Maybe it's finally Microsoft's time to die. That would decrease the risk to the rest of us."

- Bruce Schneier

DRM: Criminalizing The Consumer

Via The Economist.

Is it legal to make a copy of that DVD you’ve just bought so the family can watch it around the home or in the car? In one of the most watched copyright cases in recent years, a judge in northern California ruled last month that copying DVDs for personal use was legal, given the terms of the industry’s licence and the way the copies were made.

The wider implication of the ruling remains clouded—not least because the DVD Copy Control Association, the loser in the case, has 60 days to appeal. But whatever the video industry may like to think, the writing is on the wall for copy protection.

More here.

Defense Tech: U.S. Navy Missile Intercept

Christain Lowe writes on Defense Tech:

The Pentagon’s Missile Defense Agency tested a key leg in its missile shield triad yesterday, shooting down both a sub-sonic cruise missile in the atmosphere and a ballistic missile in space with a ship-based interceptor.

To say the least, missile defense has been extremely controversial over the years, and it is a subject of heated debate over whether the hundreds of billions of dollars spent on systems over the years have been worth the cost.

But it is worth chalking up this test in the win column for the embattled agency.

More here.

Germany Halts Online Computer Spying by Intelligence Agents

Via Deutsche Welle.

German intelligence agencies have stopped secret Internet monitoring of suspects' computers. Germany's Interior Minister Wolfgang Schäuble remains in favor of the controversial practice, but will wait for a legal ruling.

German Interior Minister Wolfgang Schäuble faced massive criticism this week after it was revealed that German intelligence agencies were secretly snooping on terrorism suspects via the Internet. Schäuble has ordered a temporary halt to the practice.

"There is a moratorium," a spokeswoman for the Interior Ministry confirmed in the Financial Times Deutschland newspaper on Friday.

Intelligence agencies have monitored suspects' computers via the Internet for two years, according to members of the Bundestag's interior affairs committee.

More here.

(Props, Pogo Was Right.)

...And Don't Forget: Laughter


Companies Can't Break Ties to Adware

Tom Spring writes on PC World:

Earlier this year, AT&T's Cingular division and Travelocity both pledged not to advertise anymore via adware--programs that slip onto PCs and inject ads into a user's browser. Verizon took a stance against computer invaders when it became a sponsor of an antispyware initiative. Yet, in March, ads from all three companies were being distributed through adware.

These businesses, along with Comcast and Vonage, acknowledge that their ads have surfaced in adware, but say they never intended for that to happen. The incidents raise a troubling question: Have advertising networks grown so complicated that sponsoring firms can't control where their ads appear, or are the companies simply not being vigilant enough?

More here.

Happy Birthday, Ace Frehley


Ace Frehley

Thursday, April 26, 2007

Google Experiencing Several Problems...

Among the latest Google tools to be borked lately appears to be Google Reader...


Click for larger image.


...and Google Reader has not been alone.

Google seems to be experiencing increasing problems with many of their web-based apps, including GMail, content home-pages, etc.

What gives? Is Google paying attention to the quality-value issue?

Telcos Plan 'Quake-Free' Asia-U.S. Cable Route

Clarence Fernandez and Syed Azman write for Reuters:

Asian phone companies unveiled plans to build a $500 million undersea cable between Southeast Asia and the United States to speed up connections in the region and avoid earthquake zones.

Existing telecoms cables connecting Asia and North America are nearing full capacity, while some of the oldest will need to be retired soon, Malaysia's communications minister said on Friday in announcing the project, to be led by Telekom Malaysia

The 20,000-kilometre (12,400-mile), fiber-optic cable system would also take a different route from many existing cables to avoid quake-prone areas and a repeat of the disruption to Asian Web access caused by a tremor off Taiwan four months ago.

More here.

Toon of the Day: So Accomplished


Click for larger image.


Spam Profile: Affiliated Computer Services

Support Intelligence:

We started our tracking project for Affiliated Computer Services on March 10th. It took about a week to catch our first spam from this company which does BPO for numerous corporate clients. On the 18th we received an offer soliciting Russian Lovers from 63.87.170.71 better known as pat.acs-inc.com. This single machine sent us 96 additional spams over the next few weeks.

The flow began as image spam touting various pharmaceuticals and masculine enlargement techniques. Eventually the content changed to Hooudia diet supplements and OEM Software. It wasn't until the 23rd of March that 63.87.170.71 really started to spew however.

More here.

Note: Is this the same company that is responsible for several large-scale data breaches? Yes, I do believe it is.

Note [2]: Generally, the "pat" in "pat.acs-inc.com" above would generally stand for "port address translation", meaning that if that is indeed what the DNS FQDN name stands for, this individual host name is a basically a network address translation (NAT) gateway, and there could actually be several machines behind this gateway responsible for generating the spam.

Local: Fremont Police Looking For Internet Scam Victims

Via NBC11.com.

Fremont police said they were looking for victims of a suspected scam artist who was now in jail.

Detectives told NBC 11 News that even they were impressed with his scheme. Detectives said the thief advertised his merchandise on the Web site craigslist.org. The suspect would set up a meeting with his unsuspecting clients and exchange cash for the goods.

"Once the transaction was completed, the customer would take the TV, laptop, PlayStation, and he would flee," said Fremont Detective Fred Bobbit. "And the customer would eventually find out it was nothing more than a piece of wood or bricks."

More here.

A Rough Day at Cogent: The Effects of De-Peering

Todd Underwood writes on the Renesys Blog:

These are the signs of the apocalypse: A worldwide earthquake, the sun ceasing to emit visible light, cats and dogs living together in harmony, and Cogent (AS174) depeering another AS. At least one of these happened yesterday.

At about 10:00 UTC on Wednesday (6am EDT), Cogent depeered a number of smaller, UK-based ISPs without notice. This was apparently intentional and due to a review of existing peers and whether they meet peering policies. Does this mean that Cogent is becoming more like its larger competitors that it so enjoys taunting? I'll take a look at who was depeered and speculate on why.

More here.

The Great Firewall of Utah (and Banning Open Wi-Fi)

Peter Eckersley writes on EFF Deeplinks:

The Utah legislature has been considering a proposal that would require the state's ISPs to ensure that minors are unable to access explicit material on the Internet [1] [2]. The scheme would also make open wireless networks illegal (!) unless they are restricted to only allow connections on certain, censored, "community ports".

Giving ISPs the responsibility and incentives to censor a paricular subset of the web is precisely the same architecture that the Chinese Communist Party uses for their "Great Fireall of China". The communists use it to filter news and political information as well as porn — but in neither case is it particularly effective. Users who are either knowledgeable or motivated quickly learn that there are easy ways around these filters.

More here.

Student Evades Cisco NAC - Gets Suspended

Tim Greene writes on NetworkWorld:

A default setting in Cisco NAC gear allowed a University of Portland student to dodge a security scan by Cisco’s NAC software agent and get on the school network.

The exploit was the work of a sophomore who was suspended for doing it, and further use of the weakness has been blocked by changing a setting on the Cisco Clean Access box involved, according to Cisco.

More here.

'More Phish Out There Than We Thought'

Via ComputerWorld.

Phishers might be getting takers on as much as 14% of their trick messages -- a much higher percentage than previous estimates by network security watchers, according to a University of Indiana study.

The university's School of Informatics simulated phishing attacks on eBay customers because they are a popular target of online scams. The simulated attacks were conducted as part of research summarized in "Designing Ethical Phishing Experiments: A study of (ROT13) rOnl query features" [.pdf].

The researchers contextualized their findings about a surprisingly high number of phishing victims by noting that other research, such as a Gartner Inc. report that says about 3% of American adults are successfully targeted, might not take into sufficient account the number of people who won't admit to being duped.

More here.

China: Undersea Cable Construction Initiated In Shanghai

Via China Tech News.

Shanghai Telecom has announced the construction of a trans-pacific undersea cable will soon be started as scheduled and the project is expected to be completed and put into operation in 2008.

The first phase will greatly increase Shanghai's international communications export capacity upon completion. Currently, Shanghai has nine international undersea cables connected it, which makes it use 70% of the total international communication capacity of China. Yet that still can't meet the increasing market demand.

The Trans-Pacific Express, which involves a total of US$500 million in investment, is jointly built by China Telecom, China Netcom, China Unicom, Chunghwa Telecom, Korea Telecom, and US-based Verizon. Shanghai is one of the debarkation points for the cable.

More here.

Websense to Acquire SurfControl for $400M

Via Websense.

Websense, Inc. today announced that its subsidiary, Websense SC Operations Limited, has made a pre-conditional cash offer to acquire all of the issued and to-be-issued ordinary shares, excluding treasury shares, of SurfControl PLC, a provider of on-demand and software-based Web and email security solutions.

Under the terms of the proposal, SurfControl shareholders will receive 700 pence in cash for each SurfControl share. The proposal values SurfControl’s existing issued share capital at approximately £201 million (approximately US$400 million).

More here.

NY Teen Hacks AOL, Infects Systems

Juan Carlos Perez writes on InfoWorld:

A New York teenager broke into AOL networks and databases containing customer information and infected servers with a malicious program to transfer confidential data to his computer, AOL and the Manhattan District Attorney's Office allege.

In a complaint filed in Criminal Court of the City of New York, the District Attorney's office alleges that, between December 24, 2006 and April 7, 2007, 17-year-old Mike Nieves committed offenses such as computer tampering, computer trespass, and criminal possession of computer material.

Among his alleged exploits:

  • Accessing systems containing customer billing records, addresses, and credit card information
  • Infecting machines at an AOL customer support call center in New Delhi, India, with a program to funnel information back to his PC
  • Logging in without permission into 49 AIM accounts of AOL customer support employees
  • Attempting to break into an AOL customer support system containing sensitive customer information
  • Engaging in a phishing attack against AOL staffers, through which he gained access to more than 60 accounts from AOL employees and subcontractors

Nieves faces four felony charges and one misdemeanor charge. He was arraigned on Monday and remains detained, a District Attorney's office spokesman said. His next court date is Friday for a procedural hearing to determine the next step in the case, the spokesman said. Nieves' attorney didn't immediately return a call seeking comment.

More here.

Quote of the Day: Tom Spring

"I'm still wondering what the true cost of that shirt is."

- Tom Spring, voicing his thoughts on the fact that he bought a shirt at Marshalls in 2006 with a credit card.

U.S. Bill Aims to Repeal Internet Gambling Ban

A Reuters newswire article by Peter Kaplan, via The Globe and Mail, reports that:

Legislation that would lift an online gambling ban imposed by Congress last year was introduced Thursday by the chairman of U.S. House Financial Services Committee.

Calling the Internet gambling prohibition “imprudently adopted,” Democratic Rep. Barney Frank of Massachusetts outlined a bill to make it legal again for banks and credit card companies to make payments to online gambling sites.

“The fundamental issue here is a matter of individual freedom,” Frank told a news conference, adding his committee would hold a hearing on the matter in June.

The bill includes provisions for licensing and regulating online gambling companies to protect against underage gambling, compulsive gambling, money-laundering and fraud.

More here.

GOP Hires Data Experts to Save White House E-mails

Justin Rood reports on ABC News' "The Blotter":

Stung by the revelation that White House aides for years have sent -- and deleted -- e-mails about official government business using accounts controlled by the Republican National Committee (RNC), the organization has hired a top-flight data recovery firm to preserve what correspondence has not already been lost.

The RNC "has...been working diligently to identify and preserve all potentially relevant data that may exist," a lawyer for the group wrote Rep. Henry Waxman, D-Calif., the chair of a powerful committee who has demanded access to the e-mails. "These efforts include retaining a leading, nationally known computer forensics firm, Stroz Friedberg, LLC," states the letter, written by Robert K. Kelner of the Covington and Burling law firm.

More here.

Alleged Bomb Threats Aimed at Pumping Up 3Com Stock

Via NetworkWorld.

An Iowa man was arrested this week for sending unarmed explosives and menacing letters to investment firms, with threats of actual violence if the firms did not act to raise 3Com's stock price.

Using the signature "The Bishop," John P. Tomkins, a 42-year-old machinist from Dubuque, is accused of sending threats and the unarmed explosives to investment firms, including American Century Investment Management in Kansas City and Chicago-based Perkins, Wolf, McDonnell and Co., which advises Denver-based Janus Capital. One letter stated: "I need for you to start buying stock in 3Com Corporation (COMS). You have until October 31 to get the price to 6.66. … it MUST be done by then. NO EXCUSES."

More here.

Google 'Frantic' About Personalized Home Page Glitch

Juan Carlos Perez writes on PC World:

Google's Personalized Home Page service, which lets users turn Google.com into a customized portal, is suffering from an apparently significant technical problem that is reverting some of the home pages to old versions or to their original default settings.

Angry users have lit up discussion boards on Thursday, complaining about the problem and expressing frustration at the possibility that they have lost the time they spent customizing their pages, while lamenting the hit on productivity the issue has caused them.

More here.

Gapingvoid: Your Techie's Are Smoking Crack

Via gapingvoid.com. Enjoy!

Ed Felten: Washington Botnet Briefing

Ed Felten writes on Freedom to Tinker:

Yesterday I spoke at a Washington briefing on botnets. The event was hosted by the Senate Science and Technology Caucus, and sponsored by ACM and Microsoft.

Along with opening remarks by Senators Pryor and Bennett, there were short briefings by me, Phil Reitinger of Microsoft, and Scott O’Neal of the FBI.

More here.

Congressional Hearing Set On USDA Data Breach

Sharon Gaudin writes on InformationWeek:

The U.S. House Agriculture Committee will hold a hearing next week about the data leak at the U.S. Department of Agriculture that put the identifying information on up to 150,000 people at risk.

The hearing is scheduled for Wednesday, May 2.

Ohio Congressman Zack Space openly criticized the USDA's actions, and said next week's hearing will explore how the breach happened, proposed remedies, and recommendations on how to keep this from happening again.

More here.

Wednesday, April 25, 2007

Major Anti-Spam Lawsuit to Be Filed in Virginia - UPDATE

Brian Krebs writes in The Washington Post:

A company representing Internet users in more than 100 countries is expected to file a lawsuit in Virginia on Thursday seeking the identity of individuals responsible for harvesting millions of e-mail addresses on behalf of spammers.

The suit will be filed in U.S. District Court in Alexandria on behalf of Project Honey Pot, a service of Unspam Technologies LLC, a Utah-based anti-spam company that consults with private companies and government agencies.

The lead attorney on the case, Jon Praed of the Arlington, Va.-based Internet Law Group, has represented America Online and Verizon Online in successful cases against junk e-mailers. Praed said the group hopes to follow the trail from the people doing the harvesting of e-mail addresses to the actual spammers.

More here.

UPDATE: 12:36 PDT, 26 April 2007: Details announced by Project Honeypot today here.

Off Beat: Spinal Tap Reunited for Live Earth-London

Harry Shearer, left, Christopher Guest, center, and Michael McKean as members of the spoof British band Spinal Tap.
Image source: The Sydney Morning Herald


A Reuters newswire article, via The Sydney Morning Herald, reports that:

The spoof heavy-metal band immortalized by the mock documentary 'This is Spinal Tap' has reunited to join a campaign to save the world from global warming.

Director Rob Reiner, whose 1984 film set the bar for the "mockumentary" genre, has made a new short film called Spinal Tap as part of a campaign dubbed SOS/Live Earth. The band will also play in London at one of 7 Live Earth concerts on July 7.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, April 25, 2007, at least 3,334 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,706 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Solar Forecast: Sunny With Chances for Moderate Coronal Ejections


David Biello writes on American Scientific:

When it comes to predicting the weather, no two forecasters agree. The same apparently holds true in space weather. Nevertheless, a panel of 12 international experts, ranging from solar physicists to modelers, has managed to forge a consensus around the next solar cycle.

The prediction: solar minimum—the period of the fewest average number of sunspots and solar storms but the maximum for cosmic rays—will come within six months of March of next year. Cycle 24 will peak in either October of 2011 with roughly 140 sunspots that year or in August of 2012 with roughly 90 sunspots in that year, either slightly above or below the average of 114 sunspots in a year. And this solar cycle will likely last nearly as long as the current one.

More here.

U.S. Chamber of Commerce: Companies Should Be Allowed To Break Law if Helping Government

Ryan Singel writes on Threat Level:

The U.S. Chamber of Commerce is arguing to a federal appeals court that laws shouldn't apply to companies that help the government in the name of homeland security and that the court should dismiss a suit against AT&T for allegedly violating federal privacy laws in helping the government spy on Americans without warrants.

The group contends that companies can't defend themselves from such suits since doing so would require disclosing classified information -- which is banned by federal law -- and that allowing such suits would dissuade companies from helping the government.

More here.

Credit Card Fraud at One-in-Five Airlines

Stephen Rogers writes on the Irish Examiner:

Airline staff have stolen passengers’ identity and ripped-off their credit card details up to 20% of international airlines have admitted in a survey.

According to the ‘Airline Fraud Survey 2006’ by the Deloitte and the International Association of Airline Internal Auditors, the annual cost of fraud to the airline industry every year is $600 million (€440m) with an average of 446 cases per airline. Of those surveyed, 79% of carriers admitting they had experienced fraud in the last 12 months.

More here.

(Props, Pogo Was Right.)

'Terrorist 007' Was Internet Propagandist for al-Qaeda

Sean O’Neill writes on The Times Online (UK):

A London computer expert acquired worldwide notoriety on the internet as an al-Qaeda propagandist called “Irhabi 007”, a court was told yesterday.

Younis Tsouli allegedly used his web identity – which translates from Arabic as “Terrorist 007” – to spread extremist material around the world.

One of the many websites he set up, irhabi.007.ca, received 14,244 hits in August 2005 from users in Saudi Arabia, France, Belgium, Sweden, Israel, Canada, Britain, Mexico and other countries.

More here.

U.S. Army Gives Stanford $105M for Supercomputing Center at NASA Ames

Via The Silicon Valley/San Jose Business Journal.

The U.S. Army has given Stanford University a $105 million, five-year grant to build a computing research center at NASA Ames Research Center.

Stanford said the Mountain View-based facility will be used for advanced simulations to help develop new materials for military vehicles and equipment, improve communication on the battlefield, and aid detection of biological or chemical attacks.

The multidisciplinary research center will be directed by Charbel Farhat, a professor of mechanical engineering and expert on supercomputer simulation and a member of the Stanford School of Engineering`s Institute for Computational and Mathematical Engineering.

More here.

U.S. Shoots Down AsiaSat $295M Deal

Tom Mitchell writes on FT.com:

The US state department has shot down a proposed $295m deal to take private the Hong Kong-based satellite operator Asia Satellite Telecommunications, invoking export approval powers dating back to the cold war.

GE Capital Equity Investments of the US and Beijing-controlled Citic Group together control 68 per cent of AsiaSat, and had offered to buy out the company’s minority shareholders.

However, the deal was subject to approvals from several governments. AsiaSat says the state department “has in correspondence with [the company] said it will not grant the approval necessary to implement the proposed privatisation”.

More here.

Gapingvoid: Business is Change

Via gapingvoid.com. Enjoy!

U.S. Government Argues Verizon Spy Suit Must Dismissed

Ryan Singel writes on Threat Level:

The government told a federal judge on Friday that he must dismiss another set of lawsuits against a telecom -- this time Verizon -- for allegedly illegally helping the government spy on Americans because the lawsuits involve secrets that could put the nation at risk.

The suit is one of five main anti-spying suits against telecoms now in front of a San Francisco judge, who last summer bucked similiar government arguments and allowed a case against AT&T's alleged spying to continue. The ruling in that case, known as Hepting vs. AT&T, is currently on appeal to the Ninth Circuit, and the government asked the judge to put a hold on the suits against the other telecoms until that appeal has been finished.

More here.

White House Task Force Proposes Criminalizing Harmless Hacks

Kevin Poulsen writes on Threat Level:

The Identity Theft Task Force appointed by President Bush and headed by embattled attorney general Alberto Gonzales wants to close a loophole in a federal computer crime law that's letting slick computer intruders escape federal prosecution merely by doing no harm.

One of the recommendations in the 120-page task force report [.pdf] released Monday would eliminate the $5,000 minimum damage threshold for prosecuting a computer crime at the federal level. Ostensibly, this is because botnet-wielding identity thieves aren't causing enough financial harm to qualify for federal attention under those standards.

More here.

Experts: U.S. Vulnerable to Major Cyber Attacks

Grant Gross writes on InfoWorld:

The U.S. government needs to take action now to avoid crippling cyberattacks that could shut down major communications systems nationwide, a group of cybersecurity experts told U.S. lawmakers Wednesday.

"We are a nation unprepared to properly defend ourselves and recover from a strategic cyberattack," said O. Sami Saydjari, president of Professionals for Cyber Defense and CEO of Cyber Defense Agency, speaking before the U.S. House of Representatives Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. "Inaction isn't an option."

More here.

NSA Plans San Antonio Data Center

John Rendleman writes on GCN.com:


The National Security Agency/Central Security Service said it has picked a facility in San Antonio as the site of a new data center.

Before picking the San Antonio facility, NSA analyzed plans of commercial data centers and evaluated sites around the country with input from other government agencies, including the Army Corps of Engineers.

With input from other government entities, the spy agency is also looking into suggestions that it could share space in data centers with other intelligence agencies, NSA said in a statement.

More here.

Note: I'm sure it's just a coincidence, but San Antonio is also the HQ of AT&T...

Julie Amero Sentencing Pushed Back to Mid-May

Dan Kaplan writes on SC Magazine Online:

The scheduled sentencing for Julie Amero, the former Connecticut middle school teacher found guilty of exposing her students to internet pornography pop-ups, was pushed back again today - this time to May 18.

The 40-year-old woman faces up to 40 years in prison, a decade for each count of risk of injury to a minor for which she was convicted. Her sentencing had been scheduled for Thursday, following another postponement.

Officials at the Norwich Superior Court did not immediately say why the sentencing was postponed or who requested the delay, according to a report today in the Norwich Bulletin.

The information security community is keeping a close eye on the Amero proceedings after many have claimed the woman was a victim of spyware and an undereducated judicial system.

More here.

UK: ISPs to 'Strengthen Ties' With Government

Chris Williams writes on The Register:

ISPA, the internet service providers' trade association, is calling on its members to provide law enforcement agencies with a 24-hour contact point.

A new "best practice" document says ISPs should make information available for current investigations as quickly as possible, and ideally be on call at any time. ISPA says the industry needs to strengthen ties with police and other government agencies tracking spammers and peer-to-peer networking.

Providers should hand over customer details more readily, ISPA reckons. The non-mandatory policy states: "ISPA members should make available contact details of a named individual or other contact point (e.g. general phone/fax number or email address) for these purposes."

More here.

Virus Writers Taint Google Ad Links

Brian Krebs writes on Security Fix:

Virus writers have been gaming Google's "sponsored links" -- the paid ads shown alongside search engine results. They are aiming to get their malicious software installed on computers whose users click onto ad links after searching for legitimate sites such as BBBonline.org, the official Web site of the Better Business Bureau.

Sponsored links allow customers to buy advertisements attached to a particular search term. When a Google user enters a term into the firm's search engine, the ad belonging to the advertiser that bid the highest price for that search term appears at the top of the list of search results.

More here.

UK: Banking Heir 'Hired Hackers to Spy on Wife'

Via The BBC.

American banking heir Matthew Mellon paid private detectives to hack into the e-mails of his estranged wife prior to their divorce, a court was told.

He asked the "Hackers Are Us" branch of Active Investigation Services (AIS) to snoop on spouse Tamara, head of the Jimmy Choo shoe empire, jurors heard.

The prosecution claimed Mr Mellon, 43, was looking for information "he was not getting through the court process".

Mr Mellon and four others on trial at Southwark Crown Court deny all charges.

More here.

Tuesday, April 24, 2007

Off Beat: Shakespeare's Grave Cursed


A Reuters newswire article, via TheAge.com.au, reports that:

A curse engraved on the tomb of English playwright William Shakespeare may have saved his remains from being exhumed, an academic says.

Digging up the bones of the dead was common in Shakespeare's time, either for religious or research purposes. Often remains were removed to make way for more graves, and dumped in landfill sites or even used as fertiliser.

The playwright was so fearful of this happening to his own remains that he had the curse engraved on his tomb at Holy Trinity Church, Stratford-on-Avon, as a warning to gravediggers after his death in 1616.

More here.

Image source: www.gutenberg.org

Intel Details e-Mail Lapses

Ryan Blitstein writes in The Mercury News:

An Intel lawyer "lost track" of the fact that she was supposed to tell 378 staffers to save relevant e-mails. Company employees remained unaware for months that they were supposed to back up their e-mail. And miscommunication between Intel workers in Germany and England led to the loss of data for hundreds of employees.

Intel acknowledged such lapses in a court filing late Monday in an antitrust case brought against it by rival Advanced Micro Devices. AMD sued Santa Clara-based Intel in June 2005 for allegedly coercing computer makers, retailers and distributors to buy its chips instead of AMD's.

The filing in U.S. District Court in Delaware, which detailed mistakes during 2005 and 2006, was meant to explain how Intel lost relevant documents and suggest to the judge a way to remedy the situation.

More here.

China Replaces Top Censor

An AP newswire article, via The Seattle Post-Intelligencer, reports that:

China's chief censor has been been removed from his post, state media reported Tuesday, following an outcry this year over a reported decision to ban eight books.

In January, the Chinese author Zhang Yihe issued a public statement criticizing China's General Administration of Press and Publications for banning one of her books about the Peking Opera as well as seven titles by other writers. The ban was never formally announced, but other Chinese authors and intellectuals posted angry open letters to the administration on Web forums and blogs.

The official Xinhua News Agency said Long Xinmin was removed from his post at the administration and named a deputy director of the Communist Party's Central Party History Research Center. Xinhua gave no reason for the shift.

More here.

Groups Raise Concerns About Cybersecurity Standards

Grant Gross writes on PC World:

Legislation that would authorize the U.S. Department of Homeland Security to create emergency preparedness standards for private industry takes the wrong approach toward cybersecurity, some experts said Tuesday.

Sections of the Improving America's Security Act, which passed the U.S. Senate March 13, and the Implementing the 9/11 Commission Recommendations Act, which passed the House of Representatives Jan. 9, would authorize DHS to create voluntary cybersecurity and other preparedness standards. The Senate version would also authorize DHS to create certification and accreditation programs associated with the standards.

One audience member at an event hosted by the Center for Strategic and International Studies suggested the standards would be less than voluntary. Companies that don't institute the DHS standards could be sued for negligence after something goes wrong, he said.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, April 24, 2007, at least 3,333 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,706 died as a result of hostile action, according to the military's numbers.

The AP count is eight higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

E-Mail Scammers to Victims: Pay Up or Die

Jaikumar Vijayan writes on NetworkWorld:

A new wave of extortion e-mails that threaten recipients with bodily harm and death if they do not pay thousands of dollars to the sender is circulating on the Internet, according to security vendor SecureWorks.

The e-mails are sent directly to the victims from valid e-mail accounts instead of the usual spam relays and bot proxies -- an apparent attempt to make them seem authentic. The accounts are set up by scammers purporting to be assassins hired by third parties to harm the recipients. The sender offers to spare the recipient from harm in return for thousands of dollars.

More here.

Gapingvoid: Intertwined

Via gapingvoid.com. Enjoy!

Massachusetts Bankers Association Files Suit Against TJX

An AP newswire article, via Businessweek.com, reports that:

The Massachusetts Bankers Association said Tuesday it is filing a class action lawsuit against TJX Companies Inc. after thieves stole data from at least 45.7 million credit and debit cards used at the retailer's stores over 17 months.

The association said it will seek to recover damages in the tens of million of dollars.

The Connecticut Bankers Association, the Maine Association of Community Banks and individual banks will be co-plaintiffs, the association said.

The Massachusetts Bankers Association said it is filing the lawsuit to "protect customer privacy and data security for customer accounts."

More here.

(Props, Pogo Was Right.)

Pentagon Intel Chief Seeks End to TALON Database

A Reuters newswire article, via ABC News, reports that:

The Pentagon's new intelligence chief has asked U.S. Defense Secretary Robert Gates to terminate the controversial military database known as TALON that tracks suspicious activity around U.S. bases, according to a memo obtained by Reuters on Tuesday.

James Clapper, U.S. undersecretary of defense for intelligence, said in an April 18 memo the program should end due in part to its image in Congress and the media.

"I have assessed results of the TALON program during the last year and I do not believe they merit continuing the program as currently constituted particularly in light of its image in the Congress and the media," Clapper said in a memo to Gates.

TALON is a database of raw reports of possible threats to U.S. military bases. It contains thousands of records of suspicious activities around bases that could involve terrorist threats, including information about some U.S. citizens.

More here.