Saturday, June 30, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, June 30, 2007, at least 3,577 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,934 died as a result of hostile action, according to the military's numbers.

The AP count is eight higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Attack on Estonia Puts Cyber Security on EU Agenda

Via Reuters.

The European Union will address cyber security issues after attacks on the Internet sites of Estonia, EU Information Society commissioner Viviane Reding said on Saturday.

Estonia suffered cyber attacks on private and government Internet sites, peaking in May after a decision to move a Soviet-era statue from a square in Tallinn prompted outrage from some Russian nationals in Estonia and triggered a diplomatic row with Moscow.

"Estonia was a wakeup call," Reding told a European Business Leaders Convention. "We have to wake up our governments ... If people do not understand the urgency now, they never will."

More here.

Cyber Attacks Harass Kremlin Critics

An AP newswire article by Mansur Mirovalev, via USA Today, reports that:

A political battle is raging in Russian cyberspace.

Opposition parties and independent media say murky forces have committed vast resources to hacking and crippling their websites in attacks similar to those that hit tech-savvy Estonia as the Baltic nation sparred with Russia over a Soviet war memorial.

While they offer no proof, the groups all point the finger at the Kremlin, calling the electronic siege an attempt to stifle Russia's last source of free, unfiltered information.

The victims, who range from liberal democrats to ultranationalists, allege their hacker adversaries hope to harass the opposition with the approach of parliamentary elections in December and presidential elections in next March.

More here.

Bell Canada Agrees to Buyout Offer

Ian Austen writes in The New York Times:

Bell Canada’s directors endorsed a privatization offer worth 34.8 billion Canadian dollars ($32.9 billion) from the Ontario Teachers’ Pension Plan and Providence Equity Partners early today, the company said in a statement.

If approved by shareholders, the deal would be Canada’s largest takeover to date, worth about 51.7 billion Canadian dollars after assumption of debt and other factors, and among the largest leveraged buyouts in history.

More here.

IRS Software Said to Have Problems

An AP newswire article by Jim Abrams, via The Seattle Post-Intelligencer, reports that:

An IRS program to encourage taxpayers to file electronically is providing software that's not always accurate, an inspector general said Friday.

The Treasury inspector general for tax administration also said the IRS did not agree with its recommendations that it set up a process to test the software used in the Free File Program.

More here.

Friday, June 29, 2007

Gapingvoid: I Read The News Today, Oh Boy...

Via Enjoy!

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, June 29, 2007, at least 3,576 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,934 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Woman Pleads to Stalking Linkin Park Singer

An AP newswire article, via Yahoo! News, reports that:

A former national laboratory worker has admitted that she used government computers to access the e-mail account of Linkin Park lead singer Chester Bennington and hacked into a cell phone company's Web site to obtain his phone number.

Devon Townsend, 28, appeared Friday before U.S. Magistrate Judge Robert Scott and pleaded guilty to charges including stalking and unlawful access to stored communications.

Townsend faces up to five years in prison and fines up to $250,000 for each count. A sentencing date has not been scheduled. Townsend's lawyer, Ray Twohig, did not return messages Friday.

Townsend, who worked in Sandia National Laboratories' technology and manufacturing group, used lab computers to access private information about Bennington and his wife, Talinda, from January 2006 to November 2006.

More here.

Microsoft Pays $200M for Santa Clara Data Centers

Via The Silicon Valley/San Jose Business Journal.

Savvis Inc. said on Friday it has sold assets in two adjacent data centers in Santa Clara to Microsoft Corp. for $200 million.

As part of the sale, Missouri-based Savvis said the service contract with Microsoft for the facilities terminates as of the end of June 2007.

Microsoft has been the sole customer in the data centers under the terms of a Savvis colocation contract due to expire at the end of 2010.

More here.

LANL Agrees to Disclose Security Violations

An AP newswire article by Sue Major Holmes, via The New Mexican, reports that:

The U.S. Department of Energy will report significant security breaches or compromises of classified material to Congress under a policy developed after criticism of security at Los Alamos National Laboratory.

The Northern New Mexico weapons lab has been blasted for years of security problems that led the DOE two years ago to put its management contract out to bid for the first time in the lab's 60-plus-year history. More security breaches have occurred since a new manager took over last summer.

More here.

Dirty Tricks? U.S. DoT Intervention with EPA was Inappropriate and Possibly Illegal

An AP newswire article, via CBS News, reports that:

As the Environmental Protection Agency deliberated on whether to allow California to implement its greenhouse gas law, another federal agency sought to mobilize state and federal lawmakers against the state's petition, documents show.

The 71 pages of Transportation Department e-mails and memos were released Friday to Rep. Henry Waxman, D-Calif., who has contended that the Transportation Department's intervention with EPA was inappropriate and possibly illegal.

The Transportation Department says it did nothing wrong and was simply disseminating information.

More here.

AT&T to Acquire Rural Telco Carrier Dobson Communications

An AP newswire article, via The New York Times, reports that:

AT&T, the wireless carrier, agreed on Friday to acquire the rural wireless provider Dobson Communications Corporation for $2.8 billion in cash.

Dobson, based in Oklahoma City, does business under the Cellular One brand in rural and suburban markets in 17 states and has provided roaming services to AT&T since 1990.

More here.

Quote of the Day [2]: Jim Dalrymple

"Three hours after getting my hands on one, I am ready to drop the thing from the 44th floor of the New York Hilton -- and I probably would if I was sure it would hit someone from AT&T."

- Jim Dalrymple, of Macworld, writing about his frustrations in trying to get his iPhone Account activated.

Quote of the Day: Bret Fausett

"ICANN's President Paul Twomey has declared that ICANN's new gTLD policy is 'on track.'

The claim reminds me of the way that Bush declared 'Mission Accomplished' in Iraq back in 2003."

- Bret Fausett, writing on his Lextext Blog.

Visiting NYC? Get a Photography License


Ray Rivera writes in The New York Times:

Some tourists, amateur photographers, even would-be filmmakers hoping to make it big on YouTube could soon be forced to obtain a city permit and $1 million in liability insurance before taking pictures or filming on city property, including sidewalks.

New rules being considered by the Mayor’s Office of Film, Theater and Broadcasting would require any group of two or more people who want to use a camera in a single public location for more than a half hour to get a city permit and insurance.

The same requirements would apply to any group of five or more people who plan to use a tripod in a public location for more than 10 minutes, including the time it takes to set up the equipment.

Julianne Cho, assistant commissioner of the film office, said the rules were not intended to apply to families on vacation or amateur filmmakers or photographers.

Nevertheless, the New York Civil Liberties Union says the proposed rules, as strictly interpreted, could have that effect. The group also warns that the rules set the stage for selective and perhaps discriminatory enforcement by police.

More here.

After Estonia Cyber Attacks, U.S. Frets Over Potential Cyber War

Karen Krebsbach writes on U.S. Banker:

The U.S. Treasury Department's decision to sponsor an industry-wide exercise this fall for the financial-services sector to test its ability to respond to a pandemic crisis, such as a bird flu outbreak, is taking on a different, and more sinister tone, in light of the cyber attack that nearly disabled Estonia-including the country's biggest bank-in late May.

The heavily wired Baltic country has been subject to massive and coordinated cyber attacks on Web sites of the government, financial institutions, telecommunications companies, Internet-service providers and news organizations.

More here.

White House Sets Single Security Configuration For Windows Computers

Sharon Gaudin writes on InformationWeek:

A White House directive is forcing federal government agencies, which currently use perhaps hundreds of different security configurations, to conform to a single one that was designed by the U.S. Air Force.

The move will likely involve a great deal of work. But it could "radically reduce" the number of security holes that have been plaguing federal agencies like the Department of Homeland Security and the Department of State, according to Alan Paller, director of research at the SANS Institute.

More here.

Nigerian School Without Power Receives 300 Laptops

An AFP newswire article, via, reports that:

A Nigerian school has received a gift of 300 laptops -- one per pupil -- but has no electricity to power them up, the official News Agency of Nigeria (NAN) reported Friday.

Ndidi Nnoli-Edozien, coordinator of the One-Laptop-Per-Child programme (OLPC) that donated the computer, said the two-block Galadima Primary School in the centre of the federal capital Abuja had no electricity.

More here.

True or False: U.S.'s Broadband Penetration Is Lower Than Even Estonia's

Steven Levy writes on Newsweek:

Maybe our proud nation is going through some rough spots, but at least we have one shining and perpetual triumph: the Internet. People may refer to it as the World Wide Web, but its capital is Silicon Valley and the United States is the big dog tapping the global keyboard.

At least that's what we thought, until the news broke in April of a report by the international Organization for Economic Cooperation and Development that ranked the high-speed broadband adoption of 30 countries in the developed world. The United States was not first. Or second, or third. It ranked 15th.

More here.

Thursday, June 28, 2007

Ben Edelman: ComScore Doesn't Always Get Consent

Ben Edelman:

This past Wednesday, ComScore raised $82 million in an IPO that jumped 42% in its first day of trading. Some investors clearly like ComScore's business, but I wonder whether they fully undersatnd ComScore's business model, privacy implications, and poor track record of nonconsensual installations.

ComScore's tracking software is remarkably invasive. The privacy policy for ComScore's RelevantKnowledge tracking program purports to grant ComScore the right to track users' name and address, browsing, shopping, and even "online accounts ... includ[ing] personal financial [and] health information." Based on these privacy concerns, well-respected security researchers have long warned about ComScore's software. For example, in 2004 Cornell University began blocking all communications with ComScore's MarketScore tracking servers. Multiple other universities (including Columbia University and Indiana University) followed up with special warnings to their users.

At least as serious are ComScore's installation practices. ComScore pays independent distributors to install ComScore software onto users' computers. Predictably, some of these distributors install ComScore software without getting user consent.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, June 28, 2007, at least 3,571 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,931 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Romanian NASA Hacker Appears in Court

Frank Washkuch Jr. writes on SC Magazine Online:

A Romanian hacker accused of breaking into the networks of NASA and other federal agencies appeared in a Romanian court on Tuesday.

Victor Faur, 26, a native of the western Romanian town of Arad, faces trial there after arrest by state prosecutors in his home country. He faces a dozen years in prison, according to numerous published reports.

More here.

Homeland Security to Host Closed-Door Security Forum

Robert McMillan writes on PC World:

The U.S. Department of Homeland security will host a invite-only conference two months from now that will bring together security experts from law enforcement, Internet service providers, and the technology industry.

The Internet Security Operations and Intelligence (ISOI) workshop will be held on August 27 and 28 at the Academy for Educational Development in Washington D.C. It is expected to draw about 240 participants who will engage in a frank discussion of the latest trends in cybercrime, said Gadi Evron, a security evangelist with Beyond Security who is one of the event's planners.

More here.

Wikipedia Entry About Benoit Was Updated to Mention Wife's Death Before Bodies Were Found

Chris Benoit

An AP newswire article by Harry R. Weber, via The Boston Globe, reports that:

Investigators are looking into who altered pro wrestler Chris Benoit's Wikipedia entry to mention his wife's death hours before authorities discovered the bodies of the couple and their 7-year-old son.

Benoit's Wikipedia entry was altered early Monday to say that the wrestler had missed a match two days earlier because of his wife's death.

A Wikipedia official, Cary Bass, said Thursday that the entry was made by someone using an Internet protocol address registered in Stamford, Conn., where World Wrestling Entertainment is based.

More here.

Image source: The BBC

Jupiter Changes Its Stripes

Image source: NASA / ESA / A Sanchez-Lavega / A Simon-Miller

David Shiga writes on New Scientist Space:

Jupiter's cloud patterns are undergoing dramatic changes, reveal new images by the Hubble Space Telescope. Similar transformations of the giant planet's clouds have been witnessed before, but never in such detail – and they have never been explained.

Hubble has been keeping an eye on Jupiter to provide context for close-up observations made by NASA's New Horizons spacecraft, which flew by the solar system's largest planet in February on its way to Pluto.

More here.

Malware Finds a New Home

Paul Henry writes on ZDNet Security News:

Conventional wisdom says e-mail systems are the pipeline of choice for malware distribution. But times have changed, and so too have Internet attack patterns.

In many cases, mass-mailing malware is now inefficient due to the noise it generates as it traverses the Internet. Similar to a sonic boom, the noisy e-mail attacks send echoes across the Web, giving administrators ample time to alert users, lock down networks and mitigate new threats.

Sure, targeted e-mail attacks will continue. But compromised Web pages are now rapidly emerging as the replacement vehicle of choice for mass malware distribution.

I couldn't have said it better myself...

More here.

4,000 iPhone Domains Registered, Expected to Double Before Year’s End

Via CircleID.

The Associated Press is reporting today that although the ‘’ domain name was grabbed long before January 9th, when Apple announced its new gadget, speculators have been registering thousands of iPhone-related domain names such as ‘’ and ‘’.

According to Name Intelligence Inc., which analyzes domain name patterns, roughly 450 domain names including the word “iPhone” were registered on Jan. 11 and about 375 on Jan. 12—just a few days after Steve Jobs unveiled the iPhone at the Macworld conference in San Francisco. Although the registrations dropped to 25 per day for a while, they have picked up rapidly and more than 350 iPhone related domain names were registered in a day last week.

More here.

Gonzales: It's Time to Punish 'Attempted' Piracy

Anne Broache writes on the C|Net News Blog:

Attorney General Alberto Gonzales created quite a stir last month when he called for an aggressive rewrite of criminal copyright laws, including prison time for "attempted" copyright infringement, life behind bars for pirated software use, and more expansive wiretap authority in piracy investigations.

If anyone doubted his seriousness about that dramatic plan, look no further than the text of a speech the official delivered in Seattle on Wednesday.

More here.

ACLU Sues for Patriot Act Documents from CIA and Pentagon

Ryan Singel writes on Threat Level:

The ACLU filed a government sunshine suit Thursday against the Department of Defense and the Central Intelligence Agency, seeking to force the agencies to disclose documents about their use of a powerful and secretive Patriot Act power known as a National Security Letter.

The ACLU requested information via the Freedom of Information Act on whether and how these agencies are using the letters, which let the government get communication and financial records without getting a judge's approval, following a New York Times story that uncovered the practice. Additionally, the letters prohibit the recipients from ever disclosing they got one and it's not clear that either of these agencies, which are largely forbidden by law from operating inside the United States, can actually use the tool legally.

More here.

Wilderness Almost Non-Existent on Planet Earth: Study

An AFP newswire article, via, reports that:

Earth is so tamed that conservationism should shift focus from protecting nature from humans to better understanding and managing a domesticated world, the authors said.

"There is no such thing as nature untainted by people," writes Peter Kareiva, chief scientist at the Nature Conservancy, a US-based non-profit group. "Facing this reality should change the scientific focus of environmental science.''

As of 1995, only 17 percent of the world's land area remained truly wild -- with no human populations, crops, road access or night-time light detectable by satellite, the authors reported.

Half of the world's surface area is used for crops or grazing; more than half of all forests have been lost to land conversion; the largest land mammals on several continents have been eliminated; shipping lanes crisscross the oceans, according to the paper [.pdf].

More here.

California Bill Would Put Data Breach Responsibility On Retailers

K.C. Jones writes on InformationWeek:

California's legislature has moved a data protection bill that would shift the burden of consumer notification regarding data breaches away from financial institutions and onto retailers.

"We are encouraged that the momentum created by the bipartisan passage of the bill in the Assembly has continued to this point in the Senate," California Credit Union League president and CEO Bill Cheney said in a prepared statement. "This is a vital measure for California consumers and the credit unions that serve them. Data thefts are on the rise in the retail sector, and consumers increasingly find that information stolen at the retail level is used to commit identity theft and plastic card fraud. We must act quickly to close the loopholes in existing law that have allowed retailers to have a pass on this issue for far too long."

The California Senate Judiciary Committee passed AB 779 by a 3-1 vote on Tuesday. The California Assembly overwhelmingly approved a matching bill, authored by Assemblyman Dave Jones, D-Sacramento, in early June, but there's no guarantee it will become law.

More here.

Fed Weighs Future of Contactless Payments

Paul F. Roberts writes on InfoWorld:

You can call it 'cash 2.0': a new age of wireless payment technology that may replace even the smallest cash transactions in the coming years with the wave of a credit card or mobile phone.

But as major corporations like CVS, McDonald's, and Walgreens begin deploying new RF, or "contactless," payment technology, the Federal Reserve is taking a closer look at the technology and is asking the payment industry and card companies, among other questions, whether the new payment systems are secure.

More here.

Is Your Internet Service Being Throttled Down?

Tom Regan writes on

These days, online users want to watch a YouTube video, access e-mail, send instant messages, play online games, and talk on the digital phone – all at the same time.

If you're noticing slowdowns while online, the culprit could be "bandwidth shaping." Most Internet service providers (ISPs) don't like to talk about it, but it's the most recent method to deal with the masses of people who use a lot of bandwidth during peak periods.

More here.

International effort on privacy protection is launched


The world's most developed economies will co-operate to uphold privacy laws in the face of increasing amounts of cross border data transfer. The member countries of the Organisation for Economic Cooperation and Development (OECD) have agreed the plan.

The new deal updates a 25 year old agreement on the upholding of privacy laws. A new deal was needed in order to guard against the privacy risks of the increasing amounts of personal data currently being sent from country to country.

More here.

Wednesday, June 27, 2007

xkcd: We Love Bad Puns

...and we love, too.

Commentary: CNN Losing Credibility

It's not like there aren't other, more pressing issues, facing us on the world stage.


CNN should be ashamed. This is not a front page story, guys.

This, on the other hand, is. Where is the real journalism?

This is just sickening...

- ferg

Shocker: Distrust of U.S.Grows World-Wide

An AP newswire article, via MSNBC, reports that:

Unease with American foreign policy and President Bush has intensified in countries that are some of the closest U.S. allies and around the globe, while Russia and China also face growing international wariness, a survey released Wednesday said.

Support for the U.S.-led war in Iraq, the NATO military action in Afghanistan and worldwide American efforts against terrorism have dropped since 2002, according to an international survey by the nonpartisan Pew Research Center. Views of the United States in much of the Muslim world remain particularly negative.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, June 27, 2007, at least 3,568 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,929 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Hacker Accesses Student Files at UC Davis

Eric Stern writes in The Sacramento Bee:

A computer hacker has gained access to nearly 1,500 application files to the UC Davis veterinary school, university officials said Wednesday.

The hacker accessed applicants' names, birth dates and Social Security numbers.

The breach was discovered when applicants who had recently been admitted to the School of Veterinary Medicine tried to set up campus computer accounts and were notified that the accounts had already been established.

More here.

FTC Shoots Down Net Neutrality, Says It Is Not Needed

Ken Fisher writes on ARS Technica:

The Federal Trade Commission today dealt a serious blow to "Net Neutrality" proponents as it issued a reporting dismissive of claims that the government needs to get involved in preserving the fairness of networks in the United States.

The report [.pdf], entitled "Broadband Connectivity Competition Policy," was drafted in response to growing concerns about broadband competitiveness and network neutrality. The FTC intends the report to be consulted as a guideline by policy makers and legislators, but it has no binding force. Nevertheless, the report's findings are yet another sign that US government agencies are not particularly interested in the network neutrality problem right now.

In fact, the FTC is essentially saying that they can find no evidence of a problem to begin with.

More here.

Consumer Reports: AT&T’s Network Might Hinder iPhone Success

Denise Pappalardo writes on NetworkWorld:

The national publication that rates and evaluates everything from mattresses to cars to washing machines points out in a press release Wednesday that for “several years running AT&T…has been among the least-satisfying service providers. This is according to the journal’s annual customer satisfaction surveys.

Consumer Reports says customers complain about static and busy circuits. “Frequent service-related problems were compounded by the company’s relatively low mark for helpfulness in handling customer questions and complaints,” according to the magazine.

More here.

U.S. Secret Service Arrests Data Theft Suspects

Robert Lemos writes on SecurityFocus:

Two operations run by the the U.S. Secret Service led to the arrests of French and Canadian citizens on charges stemming from the theft of user names and passwords and illegal carding activity, the federal agency said this week.

In Operation Lord Kaisersose, the Secret Service's Miami field office identified an individual, known online as "Lord Kaisersose," that had allegedly stolen more than 28,000 compromised accounts and used the information to commit more than $14 million in fraud. The investigation led the French National Police to arrest a French citizen and three associates, the Secret Service said in a statement. A second operation led the Calgary Police Service to arrest an Alberta resident on charges of possessing and trading credit-card skimming devices and a French resident on charges of illegal carding activities.

The Secret Service stressed that the operations, as with most other Internet investigations, would not have been successful without international cooperation.

More here.

Note: The U.S. Secret Service needs to learn how to properly spell "Keyser Söze".

CIA Airs Its Dirty Laundry

Kevin Whitelaw writes in U.S. News & World Report:

After fighting its release for more than a decade, the Central Intelligence Agency has published one of the most embarrassing accounts of its historical misdeeds on its website.

Much of the dirty laundry, which dates back to the 1960s and 1970s, has already been reported. But the 700-page compilation of internal documents, describing everything from plots to assassinate foreign leaders to surveillance operations of Washington reporters, is an uncomfortable reminder of the CIA's history of operating on the edge (or well over the precipice) of the law.

More here.

Accused Spammer To Decide Fate Of Anti-Spam Crusader

Larry Greenemeier writes on InformationWeek:

"Spam" has become the latest four-letter word that causes businesses to take offense when it's directed at them. Call someone a spammer, and you might just find yourself on the receiving end of a defamation lawsuit.

This is exactly what happened to Mark Mumma, president of Web design and hosting firm MummaGraphics Inc. Omega World Travel Inc., its subsidiary, and company president Gloria Bohan now have until the end of the week to decide whether to collect their court-awarded $330,000 in damages from Mumma or ask for a new trial.

More here.

Virginia Computer Crash Holds Key Lessons

Allan Holmes writes on

Virginia has learned the hard way the dual lessons of understanding what their systems support and why redundancy may be a good idea.

A hardware failure in a mainframe computer that supports numerous agencies caused the system to crash June 19, affecting, according to first reports, the state's employment commission and the departments of Motor Vehicles, Social Services, Taxation and Transportation.

Just a couple of days later, the state learned just how many state operations and Virginia residents were affected by the crash, according to an article by the Richmond Times-Dispatch.

More here.

Gonzales Pushes Again for Increased ISP Data Retention

Luke O'Brien writes on Threat Level:

U.S. Attorney General Alberto Gonzales last week reiterated his desire for increased ISP data retention to help combat crime. In a speech to the National Association of Attorneys General summer meeting in Atlanta, Gonzales gave his audience a graphic, stomach-turning look into the world of online pedophilia. He described a visit he made to to the Justice Department's child exploitation and obscenity section and some of the images and online videos he'd seen. "It changed me," Gonzales said. "It was an orientation I will never forget."

Then he argued that not enough is being done to combat child exploitation and that law enforcement tools need to be bolstered, particularly by increasing data retention.

More here.

Note: Obviously, the U.S. Department of Justice knows very well how to play the Four Horsemen of the Information Apocalypse card.

Studying Maggots And Whale Dung Better Than Being Microsoft Security Guru

Sharon Gaudin writes in InformationWeek:

What could be worse than being a Microsoft security professional?

Well, not much, as it turns out.

Popular Science magazine released its fanciful bottom-10 list of the Worst Jobs in Science 2007. And Microsoft security gurus grabbed the number six spot on the notorious list.

Who has it better than the folks patching bugs and securing software at the Redmond conglomerate? Well, first off, the answer would be nearly everyone. Specifically, though, the writers at Popular Science suggest whale feces researchers have it all over the security professionals. As the magazine sees it, the people who scoop up whale dung and dig through it for clues are thanking their lucky stars they're not working at Microsoft.

More here.

Breaking: White House, VP's Office Subpoenaed in NSA Eavesdropping Case

An AP newswire article, via MSNBC, reports that:

The Senate Judiciary Committee subpoenaed the White House and Vice President Dick Cheney's office Wednesday for documents relating to President Bush's warrant-free eavesdropping program.

Also named in subpoenas signed by committee Chairman Patrick Leahy, D-Vt., were the Justice Department and the National Security Council.

The committee wants documents that might shed light on internal squabbles within the administration over the legality of the program, said a congressional official speaking on condition of anonymity because the subpoenas had not been made public.

More here.

Google Is Watching Your Every Move

Catherine Holahan writes on the NewsFactor Network:

Kevin Bankston didn't think anyone would notice his little cigarette break. His family didn't know he sometimes snuck a smoke. So Bankston was surprised when a photo of him smoking outside his San Francisco office appeared online several years ago on's now-defunct map service. He was even more shocked when, in May, he found out he was caught again on candid camera -- possibly smoking -- this time by Google's new "Street View" map service.

Bloggers began buzzing about Bankston's double-lightning-strike luck, and the two photos now appear all over the Internet. A Web search for "Kevin Bankston smokes" reveals more than 20,000 links. "I felt somewhat embarrassed and a bit spied upon," says Bankston. "I am now thoroughly outed as a cigarette smoker."

More here.

Quote of the Day: Anonymous Russian Criminals

"It’s very simple. We buy these products in Western countries with stolen credit cards. You don’t run any risk when purchasing these products."

- Anonymous Russian cyber criminals, as quoted by Luis Corrons of Panda Software. More here.

Image source: Panda Software

NZ: Banks Demand a Look Inside Customer PCs in Fraud Cases


Banks are seeking access to customer PCs used for online banking transactions to verify whether they have enough security protection.

Under the terms of a new banking Code of Practice, banks may request access in the event of a disputed transaction to see if security protection in is place and up to date.

The code, issued by the Bankers’ Association last week after lengthy drafting and consultation, now has a new section dealing with internet banking.

Liability for any loss resulting from unauthorised internet banking transactions rests with the customer if they have “used a computer or device that does not have appropriate protective software and operating system installed and up-to-date, [or] failed to take reasonable steps to ensure that the protective systems, such as virus scanning, firewall, antispyware, operating system and anti-spam software on [the] computer, are up-to-date.”

The code also adds: “We reserve the right to request access to your computer or device in order to verify that you have taken all reasonable steps to protect your computer or device and safeguard your secure information in accordance with this code.

“If you refuse our request for access then we may refuse your claim.”

More here.

Increase in Cyber Threats Spurs Feds, Industry

Wilson P. Dizard III writes on

A reinforced cadre of federal cybercrime prosecutors and technicians at the third annual GFirst conference marshaled new deterrents and defenses against the rising level of cyberattacks, as industry executives forecast increases in the market for security products.

More than 550 people from about 70 organizations attended the conference, including dozens from the Justice Department’s Computer Hacking and Intellectual Property Coordinators’ Conference. The CHIPS attendees convened several closed meetings to discuss investigative and legal strategies against cybercrime.

More here.

Tentative EU-US Deal to Limit Use of SWIFT Data

An AP newswire article, via The International Herald Tribune, reports that:

European Union governments have reached a tentative deal with the United States clarifying how it will use data it receives from Belgian-based bank transfer consortium SWIFT in anti-terror investigations, diplomats said Wednesday.

The deal is aimed at ending a trans-Atlantic battle on privacy rights in the hunt for terrorists, and would close a legal black hole over the status of a data transfer deal SWIFT signed with U.S. authorities after the Sept. 11, 2001, attacks.

The new draft agreement would bind the U.S. to use SWIFT data strictly in anti-terror investigations, the diplomats said on condition of anonymity due to the sensitivity of the talks.

Other uses of the data would have to meet conditions set by European data protection officials, they said.

More here.

Microsoft UK Website Defaced

Via Zone-H News.

Very little time has passed from the last Microsoft defacement (Microsoft Technet), when yesterday Saudi Arabia crackers successfully compromised another Microsoft website.

The technique used by the attacker to deface Microsoft's page is probably based on a kind of SQL flaw (sql injection).

More here.

U.S. Porn Spammers Convicted

Via Virus Bulletin Spam News.

A federal jury in Phoenix, Arizona, has found two men guilty of two charges of violating the US CAN-SPAM regulations, as well as other charges including fraud and money laundering.

The two men, Californian Jeffrey Kilbride and Arizona citizen James Shaffer, both 41, are thought to have started their spamming business, promoting porn sites, in 2003 and made as much as $2 million from the operation. When the CAN-SPAM laws came into effect in 2004, they started using servers based in Amsterdam, the Netherlands in an attempt to bypass the regulations, and also used companies set up in Mauritius and the Isle of Man to hide their financial traces.

Use of domain names registered with fraudulent information and spoofing email headers meant the men fell foul of the CAN-SPAM acts requirements for openness and traceability. After a three week trial the two have been found guilty on all counts, and at their sentencing in September could face up to five years jail time for each CAN-SPAM count and another 20 years for the money laundering charges.

More here.

Spanish Police Arrest Creator of Mobile Phone Virus

Via The Brisbane Times.

Spanish police said on Saturday they have arrested a 28-year-old man on suspicion of creating and spreading a virus that affected more than 115,000 high-end mobile phones.

The man was detained in the eastern coastal city of Valencia following an investigation that lasted over seven months, police said in a statement.

It is the first time that the creator of a virus that targets mobile phones was arrested in Spain, the statement added.

The virus struck Bluetooth-enabled phones that run on the Symbian operating system and it was disguised as messages claiming to contain erotic images, sports information or virus protection software.

More here.

(Props, F-Secure.)

Symantec Presenter Spotted Using KAV


During a presentation to announce Symantec's latest product, a spokesman for the company delivered an enthusiastic pitch to a roomful of big name clients. Indeed, such was the emphasis on the "uniqueness" of his company's offering that attendees could have been forgiven for thinking that no one else made anti-virus software.

Thankfully, visual aids were on hand to gently remind all present that "unique" in the marketing world should generally be accompanied by a "quite", or more accurately a "not".

During the wrap-up to his presentation, the spokesman was forced to query collective laughs, and quite possibly shouts of "it's behind you", by turning to face his presentation screen.

He found the source of their amusement in the form of a prominent pop-up box, obscuring his Powerpoint presentation, stating that the rival Kaspersky anti-virus software loaded on the machine he was using to present had updated its definitions.

More here.

SecureWorks Find Stolen Data and Trojan Variants

Frank Washkuch Jr. writes on SC Magazine Online:

Researchers at SecureWorks have discovered several caches of stolen data containing the personal and financial information of 10,000 corporate and home PC users, as well as new variants of the Prg trojan.

The caches contain the personal details of US citizens, including bank and credit union, credit card and Social Security numbers, usernames and passwords, according to SecureWorks officials.

Researcher Don Jackson said that hackers are working around encryption standards.

"When data is located, it is always encrypted to keep others from ‘leeching.’ New variants of the trojan have new ways of encrypting that data, making old analysis tools obsolete," said Jackson. "New encryption methods must be reverse-engineered from raw machine code."

More here.

ISP as Copyright Cop: Aussie ISP Kills All User Multimedia Files Nightly

Eric Bangeman writes on ARS Technica:

Envision a world where your ISP does the copyright policing at the behest of the movie studios, television networks, and music labels, where no copyrighted content stays up on a user's account for more than 24 hours. It sounds like a dream for Big Content, but it's also a nightmare for customers of Australian ISP Exetel.

An Exetel support page which features the top ten support questions from the previous month. A frequently asked question from customers is why their multimedia files keep disappearing from their accounts. Exetel says that it takes a "hard approach to copyright issues," and since April 2005 the ISP has run a script that deletes all multimedia content with common extensions including .avi, .mp3, .wmv, and .mov.

That would certainly have the effect of removing any copyrighted content that shouldn't be there, but it also makes it hard for customers to share their own slideshows, home movies, and music, because, as Boing Boing notes, Exetel will automatically delete content that isn't infringing. "Sorry you can't watch the clips of Junior's footy match, mum. My ISP nuked it last night."

More here.

UK: Private Eye Hackers Are Convicted

Via The BBC.

Two police officers who moonlighted as private detectives have been convicted of bugging phones and hacking into computers on behalf of wealthy clients.

Jeremy Young and Scott Gelsthorpe set up Active Investigation Services and ran a service dubbed "Hackers Are Us".

One of their clients, waste millionaire Adrian Kirby, paid £47,000 for AIS to spy on environmental investigators.

Gelsthorpe, of Kettering, Northants, and Young, of Ilford, east London, were convicted at Southwark Crown Court.

More here.

Monday, June 25, 2007

Programming Note: Still on Vacation

Beautiful Southwestern Virginia in The Appalachian Mountains.

Back to the Bay Area tomorrow - blogging should be back to normal on Wednesday, 27 June.


- ferg