Saturday, July 28, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, July 28, 2007, at least 3,646 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,992 died as a result of hostile action, according to the military's numbers.

The AP count is seven more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Bush Wants to 'Modernize' FISA Laws

An AP newswire article by Deb Riechmann, via The Washington Post, reports that:

President Bush wants Congress to modernize a law that governs how intelligence agencies monitor the communications of suspected terrorists.

"This law is badly out of date," Bush said Saturday in his weekly radio address.

The Foreign Intelligence Surveillance Act, or FISA, provides a legal foundation that allows information about terrorists' communications to be collected without violating civil liberties.

Democrats want to ensure that any changes do not give the executive branch unfettered surveillance powers.

More here.

NOTE: The ACLU reponds.

Virginia Tech Professors Question Copying of Hard Drive Data

Beth Macy and Greg Esposito write in The Roanoke Times:

The Virginia Attorney General's Office has ordered Virginia Tech to copy the hard drives of every Tech faculty and staff person who had contact with gunman Seung-Hui Cho, and some professors are not happy about their methods.

So far, one-quarter of 130 hard drives have been copied, including the computer files of every English professor who taught Cho, according to English department chairwoman Carolyn Rude.

The reason, say Rude and other professors, is to preserve data -- both for the investigation and in anticipation of possible lawsuits, which would presumably be filed by victims' families. "Because these are state-owned computers, they have a right to do that," Rude said.

But in the midst of an ongoing investigation -- and a little more than three months since Cho killed 32 people and himself -- the stakes are high, and the mood is tense.

More here.

Cisco Systems to Invest $150 million in VMware

Dean Takahashi writes in The Mercury News:

Cisco Systems agreed to invest $150 million in VMware, a virtualization software company that is readying itself for an initial public offering.

San Jose-based Cisco will buy VMware Class A common shares currently held by VMware's owner, the enterprise storage giant EMC.

After the investment, Cisco will own approximately 1.6 percent of Palo Alto-based VMware's total outstanding common stock, giving VMware a valuation of $9.4 billion. The deal is subject to regulatory approval.

More here.

Friday, July 27, 2007

If AT&T Ran the Highway System...

Thomas Claburn writes on InformationWeek:

If AT&T ran the highway system, things would be different.

Only AT&T-approved cars would be allowed on the roads, all of which would be toll roads.

Drivers would have to prepay their tolls, based on the estimated number of miles they expected to drive. Those who drove fewer miles than estimated would get no refund; those who drove more would be charged for the overage at a higher rate.

The AT&T-approved Apple iCar would be limited to a top speed of 30 mph. Sales people in AT&T car showrooms would have no idea how the iCar operated.


More here.

U.S Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, July 27, 2007, at least 3,646 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,992 died as a result of hostile action, according to the military's numbers.

The AP count is seven more than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Friday, July 27, 2007, at least 346 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures July 21, 2007.

Of those, the military reports 225 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

California Results of Voting Machine Investigation: All Three Systems Could Be Compromised

Kim Zetter writes on Threat Level:

California Secretary of State Debra Bowen just released the results of the state's unprecedented top-to-bottom review of voting systems being used in the state. The review consisted of three parts, one of which involved a Red Team led by UC Davis computer scientist Matthew Bishop that was tasked with examining the systems for security vulnerabilities.

The team found that it could compromise all three of the top voting systems used in the state made by Diebold Election Systems, Hart Intercivic, and Sequoia Voting Systems, with the caveat that many, but not all, of the attacks they were able to accomplish on the machines could be mitigated with proper physical security of the machines, security training of staff, and contingency planning.

More here.

Quote of the Day: Ryan Singel

"This 'news report' is by far the funniest prank anyone on the board has ever pulled off."

- Ryan Singel, writing on Threat Level, regarding a Fox 11 News report about a hacker group called "Anonymous".

Trial of 'Spam King' Postponed Until January

David Bowermaster writes in The Seattle Times:

The federal trial of Robert Soloway, the man dubbed the "spam king" for his practice of sending millions of unwanted e-mails around the world, has been postponed until Jan. 7.

The trial originally had been scheduled to begin Aug. 6, but U.S. District Court Judge Marsha Pechman granted a continuance Wednesday after receiving a joint request last week from Soloway's attorney, Richard Troberman, and assistant U.S. Attorney Kathryn Warma.

Soloway was charged May 23 in a 35-count indictment that includes allegations of mail fraud, aggravated identity theft, money laundering and fraud in connection with electronic mail.

Magistrate Judge James Donohue on June 13 ordered Soloway be detained in federal custody until his trial.

More here.

GAO Report: State Fusion Centers Struggling

Wilson P. Dizard III writes on Washington Technology:

State intelligence fusion centers, which have received praise and federal funds as a tool for merging terrorism, law enforcement and all-hazard intelligence, are struggling to produce useful information as a result of tangled technology and unclear missions, according to a nationwide study.

The report, titled “Fusion Centers: Issues and Options for Congress” and completed this month by the Congressional Research Service, cited problems with the centers’ lack of connectivity with existing law enforcement databases and poor compliance with federally backed technical data-sharing standards. Federal agencies have contributed to the problems by spewing overlapping data at the centers via uncoordinated and insecure networks that are hard to use, the auditors said.

More here.

New 'Last Supper' Theory Crashes Websites


An AP newswire article, via MSNBC, reports that:

A new theory that Leonardo’s “Last Supper” might hide within it a depiction of Christ blessing the bread and wine has triggered so much interest that Web sites connected to the picture have crashed.

The famous fresco is already the focus of mythical speculation after author Dan Brown based his “The Da Vinci Code” book around the painting, arguing in the novel that Jesus married his follower, Mary Magdelene, and fathered a child.

Now Slavisa Pesci, an information technologist and amateur scholar, says superimposing the “Last Supper” with its mirror-image throws up another picture containing a figure who looks like a Templar knight and another holding a small baby.

More here.

Thursday, July 26, 2007

Programming Note: Busy, Busy, Busy

As you might have noticed, I've been extraordinarily busy today and haven't really had time to blog.

I might get a chance later tonight, but if not, posting will be back to normal tomorrow (Friday).

Cheers!

- ferg

Wednesday, July 25, 2007

Second Life Bans Gambling Following FBI Investigation

Duncan Riley writes on TechCrunch:

An ongoing investigation by the FBI into gambling in Second Life is believed to be directly related to Linden Lab’s sudden decision to ban all forms of gambling on Second Life.

The FBI investigation commenced in April and was considering the legality of online gambling within the virtual world. The US Government prohibits most forms of online gambling.

It was unclear at the time of writing whether the FBI would take the matter further, including the possible arrest of Linden Lab directors or the prosecution of individual users.

More here.

U.S. Government is 'Overzealous' With Secrecy

Charles Pope writes in The Seattle Post-Intelligencer:

The United States is threatened by its fetish for secrecy, an expanding and often arbitrary impulse that adds 40,000 new documents each day to the federal government's mountain of "classified" papers.

That conclusion comes not from the ACLU or Moveon.org, though both organizations agree. It comes from Rep. Dave Reichert, a Republican from Bellevue and a former King County sheriff who is working on legislation that would refine the government's process for deciding which documents remain secret.

The urge to classify, he said, "has been institutionalized, and that's the problem. It's a Cold War mind-set, and it's a hurdle we have to overcome."

More here.

Late Term Polyp Removal of the Day



As soon as Bush was removed from surgery, additional polyps began to spontaneously remove themselves. In a speech yesterday he pushed out "Al Qaeda" 93 times in 27 minutes.


Props, Steve Brodner. Via Mother Jones.

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Wednesday, July 25, 2007, at least 3,638 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,989 died as a result of hostile action, according to the military's numbers.

The AP count is two more than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

As of Wednesday, July 25, 2007, at least 346 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures July 21, 2007.

Of those, the military reports 225 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Police Say LifeLock Coerced Unusable Confession from Identity Theft Suspect

Kim Zetter writes on Threat Level:

A man who stole the identity of LifeLock co-founder Todd Davis won't face criminal charges, police say, because LifeLock stepped in before the police could finish investigating the crime and coerced the suspect into making a videotaped confession that isn't admissible in court.

Davis, you'll recall, publishes his Social Security number on LifeLock's web site and in the company's TV commercials to demonstrate how effective the company is in protecting the identity of its customers. Back in June I disclosed that Davis himself had become a victim of identity theft after someone used his Social Security number to obtain a $500 loan. The news only added to the scrutiny and criticism the company was already facing over the questionable background of its other founder Robert Maynard, Jr., who subsequently resigned amid that other controversy.

More here.

Appeals Court Clarifies: Government Spyware Not Protected in Ruling

Kevin Poulsen writes on Threat Level:

Orin Kerr at the Volokh Conspiracy has been looking at whether the FBI can legally install its CIPAV spyware on your computer without a search warrant or wiretap order under a recent U.S. 9th Circuit Court of Appeals decision. Today the 9th Circuit clarified: no, it can't.

The original July 6th opinion in U.S. v. Forrester upheld the DEA's limited monitoring of a suspect's internet use under the low "pen register" standard, which requires only that a law enforcement agency certify that the surveillance will be "relevant" to an investigation -- no probable cause or judicial fact finding needed.

Key to the ruling was that the DEA recorded only the IP addresses of the websites the surveillance target visited, and the e-mail addresses he corresponded with, and not the content of the communication.

But the ruling didn't say how the agency performed that monitoring. Kerr wondered whether the DEA used the FBI's CIPAV tool, or something similar, and whether the 9th Circuit thus made government spyware legal under the low standard.

More here.

Fidelity National Widens Scope of Data Theft

Via CNN (AP).

Fidelity National Information Services Inc. believes a former employee stole 8.5 million consumer records from the check authorizing company, more than 3 times the original estimate, according to a regulatory filing Wednesday.

In Wednesday's Securities and Exchange Commission filing, Fidelity said about 5.7 million of the records included checking account information and about 1.5 million included credit card records.

The new estimate is an increase of about 3.5 million checking account records and about 1.4 million credit card records over original projections. The company said it continues to believe that the records were only used for marketing purposes.

Fidelity National said it has also determined that some of the stolen credit card information was derived from its credit card issuance business.

The company said more records may be identified as the investigation continues.

More here.

Off Topic: Terrorism, Lex Gabinia, and The Self-Destruction of Empires


I have frequently returned to read this opinion piece by Robert Harris from September 2006 in The New York Times:

In the autumn of 68 B.C. the world’s only military superpower was dealt a profound psychological blow by a daring terrorist attack on its very heart. Rome’s port at Ostia was set on fire, the consular war fleet destroyed, and two prominent senators, together with their bodyguards and staff, kidnapped.

The incident, dramatic though it was, has not attracted much attention from modern historians. But history is mutable. An event that was merely a footnote five years ago has now, in our post-9/11 world, assumed a fresh and ominous significance. For in the panicky aftermath of the attack, the Roman people made decisions that set them on the path to the destruction of their Constitution, their democracy and their liberty. One cannot help wondering if history is repeating itself.

More here.

I thank my friend and colleague, Alex, for reminding me of it again recently.

How so very much does Harris' comparisons ring true.

- ferg

New Tor Version Improves Security and Anonymity

Via heise Security News.

The developers of the Tor anonymity service have eliminated multiple security vulnerabilities in their new version 1.2.15.

Using the now fixed vulnerabilities listed in the release notes, attackers can potentially exploit previous versions of the software to take control of Tor computers remotely, manipulate transferred data and monitor user behaviour. One of the bug fixes provides for overall improved anonymity in the Tor network.

More here.

Maryland: Verizon Fibercut Takes Down Statewide Court Computer System

Julie Bykowicz writes in The Baltimore Sun:

Damage to Verizon cables overnight has shut down the main computer information system serving courts throughout the state and has affected businesses and homes throughout Annapolis and Parole.

Without access to the computer system, court clerks today have been entering data by hand, and court processes such as posting bail have been slow.

A break in four cables -- three of which were severed completely -- about 1 a.m. today in front of the Annapolis Mall caused the outages, said Sandra Arnette, a Verizon spokeswoman. She said Verizon was investigating what happened but that apparently a contractor had cut the lines.

More here.

Researchers: Forensics Software Can Be Hacked

Robert McMillan writes on InfoWorld:

The software that police and enterprise security teams use to investigate wrongdoing on computers is not as secure as it should be, according to researchers with iSEC Partners.

The San Francisco security company has spent the past six months investigating two forensic investigation programs, Guidance Software's EnCase, and an open-source product called The Sleuth Kit. They have discovered about a dozen bugs that could be used to crash the programs or possibly even install unauthorized software on an investigator's machine, according to Alex Stamos, a researcher and founding partner with iSEC Partners.

More here.

Tuesday, July 24, 2007

New Zealand: Consumer Advocates to Fight Banking Online Fraud Liability Code

Brett Winterford writes on ZDNet Australia:

Internet advocacy group InternetNZ and the NZ Consumers' Institute have both come out swinging over the New Zealand Bankers Association's (NZBA) decision to allow victims of Internet banking fraud to be potentially held liable for losses.

Representatives from both institutions have met with the NZBA to voice their concerns about the new Banking Code of Practice, which essentially makes Internet banking users liable for fraud-related losses.

More here.

Note: Background here and here.

FBI Seeks To Pay Telecoms For Data Records

Ellen Nakashima writes in The Washington Post:

The FBI wants to pay the major telecommunications companies to retain their customers' Internet and phone call information for at least two years for the agency's use in counterterrorism investigations and is asking Congress for $5 million a year to defray the cost, according to FBI officials and budget documents.

The FBI would not have direct access to the records. It would need to present a subpoena or an administrative warrant, known as a national security letter, to obtain the information that the companies would keep in a database, officials said.

More here.

Note: First reported on July 18th on Threat Level here, and ACLU statement here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, July 24, 2007, at least 3,637 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,986 died as a result of hostile action, according to the military's numbers.

The AP count is four more than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Judge Rules Against U.S. Government in Warrantless Surveillance Cases

Via NewsDay.com (AP).

A federal judge in California ruled Tuesday against the federal government's attempts to stop investigations in five states, including Connecticut, of President Bush's domestic spying program.

U.S. District Chief Judge Vaughn Walker last winter was assigned to hear arguments in the federal government's attempt to stop Maine regulators from forcing Verizon to say whether it provided customer call records to the government without a warrant. Similar cases in Missouri, New Jersey, Connecticut and Vermont were combined with the Maine case.

The Department of Justice was seeking to stop the investigations of phone records based on the Supremacy Clause of the U.S. Constitution, the foreign affairs power of the federal government and the state secrets privilege.

In a 35-page ruling, Walker dismissed the government's request to stop the investigations, ruling that neither the Supremacy Clause nor the foreign affairs power of the government prevented a state from asking about phone records.

More here.

U.S. Veterans Agency Missing Millions in IT Equipment

Grant Gross writes on CSO Online:

A government audit of four U.S. Department of Veterans Affairs (VA) centers found US$6.4 million worth of missing or misplaced IT equipment, according to a report released Tuesday.

Inventories in fiscal 2005 and 2006 found about 2,400 missing IT devices at the four VA locations, the U.S. Government Accountability Office (GAO) report said. Among the missing items were dozens of computers that could have stored personal information.

The GAO also found computer hard drives being disposed of containing the names, Social Security numbers or medical histories of hundreds of U.S. military veterans.

About 28 percent of the IT equipment at the VA medical center in Washington, D.C., was missing or misplaced, the GAO said.

More here.

MySpace: 29,000 Sex Offenders Have Profiles

An AP newswire article by Gary D. Robertson, via MSNBC, reports that:

MySpace.com has found more than 29,000 registered sex offenders with profiles on the popular social networking Web site — more than four times the number cited by the company two months ago, North Carolina officials said Tuesday.

North Carolina's Roy Cooper is one of several attorneys general who recently demanded the News Corp.-owned Web site provide data on how many registered sex offenders were using the popular social networking site, along with information about where they live.

After initially withholding the information, citing federal privacy laws, MySpace began sharing the information in May after the states filed formal legal requests.

More here.

Local: Diablo Valley College Students Face Conspiracy Charges in Grade-Changing Scandal

Henry K. Lee writes in The San Francisco Chronicle:

Nearly three dozen current and former students at Diablo Valley College in Pleasant Hill have been charged with crimes in connection with a grade-changing scandal going back to 2000, Contra Costa prosecutors said today.

The 34 defendants face various felony charges of fraudulent computer access and conspiracy and misdemeanor charges of fraudulent use of a diploma. The charges are outlined in three separate complaints released today by prosecutors and filed this month in Contra Costa County Superior Court.

Deputy District Attorney Dodie Katague declined to discuss the case today, and school administrators did not immediately return a call for comment. Those named in the complaint could not be immediately reached or weren't available.

College officials believe as many as 400 grades were changed in deals that sometimes involved payments of thousands of dollars.

More here.

At Least 20,000 Without Power in Downtown S.F.

Marisa Lagos and Demian Bulwa write in The San Francisco Chronicle:

At least 20,000 customers of Pacific Gas and Electric Co. in downtown San Francisco lost power this afternoon, the utility said.

Brian Swanson, a spokesman for the utility, said outages have been reported throughout downtown and along the Embarcadero, including at PG&E's office on Beale Street near the Ferry Building. It was unclear initially how many customers who lost power remained without it for a sustained period.

Workers at several downtown and South of Market offices were reportedly sent home for the day following the outage. Additionally, the datacenter 365 Main -- which hosts Web sites including Craigslist and Yelp -- lost power.

More here.

Australia: Internet Porn Filtering Trial Abandoned - UPDATE

Andrew Colley writes on Australian IT:

The results of Australia's only live commercial internet content filtering trial will never be known because the exercise, championed by the federal Government, was quietly abandoned.

The trial was expected to go ahead in Tasmania last year but the major internet filtering technology supplier for the project, Internet Sheriff, has revealed that it was abandoned because Australia's two largest ISPs, Telstra and Optus, refused to participate.

Internet Sheriff chief executive David Ramsay said the project was commercially risky without support from the two carriers.

More here.

UPDATE: 21:40 PDT 25 July 2007: Apparently, they have changed their mind on this issue. Details here.

FCC May Be Told to Tell the Truth

Scott Bradner writes on NetworkWorld:

In the mid-1990s, Congress worried about the slow pace of broadband Internet deployment in the United States, so it included a requirement in the Telecommunications Act of 1996 that the FCC annually report on deployment status. Since then, the FCC has been living up to the letter of the law but producing almost useless information.

Congress may be about to order the FCC to change its ways and produce some information that actually makes sense.

More here.

Mom Sues Universal Music for DMCA Abuse

Via EFF News.

The Electronic Frontier Foundation (EFF) filed suit today against Universal Music Publishing Group (UMPG), asking a federal court to protect the fair use and free speech rights of a mother who posted a short video of her toddler son dancing to a Prince song on the Internet.

Stephanie Lenz's 29-second recording shows her son bouncing along to the Prince song "Let's Go Crazy," which is heard playing in the background. Lenz uploaded the home video to YouTube in February to share it with her family and friends.

But last month, YouTube informed Lenz that it had removed the video from its website after Universal claimed that the recording infringed a copyright controlled by the music company. Under federal copyright law, a mere allegation of copyright infringement can result in the removal of content from the Internet.

"I was really surprised and angry when I learned my video was removed," said Lenz. "Universal should not be using legal threats to try to prevent people from sharing home videos of their kids with family and friends."

More here.

Vilifying p2p: House Panel Scrutinizes File-Sharing

An AP newswire article by Christopher S. Rugaber, via SFGate.com, reports that:

A diagram of a Pentagon computer network that includes passwords to defense contractors' systems is one of hundreds of classified documents accidentally available online, a House panel was told Tuesday.

This and other sensitive information, including personal financial data, is mistakenly leaked through popular file-sharing programs such as LimeWire, KaZaA and Morpheus that individual, corporate and government users use to share music, movie and other entertainment files, several experts said at a hearing by the House Oversight and Government Reform Committee.

"The American people would be totally outraged if they were aware of what is inadvertently shared ... by government agencies," said retired Gen. Wesley Clark, who is on the advisory board of Tiversa Inc., a data security company. Clark did not name the defense contractors whose computing passwords were compromised.

Rep. Henry Waxman, D-Calif., chairman of the committee, said the hearing was intended to scrutinize the threats file-sharing, or peer-to-peer, technology poses to privacy and security, not to ban it.

More here.

In-Q-Tel Invests in Video Enhancement Company

Matt Marshall writes on VentureBeat:

In-Q-Tel, the investment arm of the nation’s intelligence services, has invested an undisclosed small amount of money into video enhancement company MotionDSP and also awarded it with contracts.

MotionDSP chief executive Sean Varah wouldn’t say what the CIA wants do with the technology. However, he said the investment lends credibility to the company’s technology, which was dismissed by Google during a pitch last year when Google told Varah it could [do] something similar.

The company has since gotten better, he said. The technology improves low-resolution images by tracking pixels as they change frame by frame, making intelligent conclusions about blurred objects or areas.

More here.

FBI Goes on Offensive Against China's Tech Spies

David J. Lynch writes in USA Today:

Left unchecked, such economic espionage threatens the foundations of U.S. prosperity, say current and former counterintelligence officials. In an era of globalization, competitors in low-wage developing countries can produce most products less expensively. The United States' economic advantage revolves around the sophisticated technology and unique know-how residing in corporate laboratories and research institutes. So that's where the corporate thieves and foreign spies concentrate their efforts.

"The days when everything that was worth stealing, every secret that was worth stealing in the United States, was a government secret — those days are long done," says Joel Brenner, national counterintelligence executive. "Much of what makes the country tick, much of our strategic advantage in the world is economic."

More here.

Netflix Reeling From Customer Losses, Site Outage

An AP newswire article, via MSNBC, reports that:

Netflix Inc.’s stock price plunged to its lowest point in more than two years Tuesday after the online DVD rental leader reported the first quarterly customer losses in its history and dimmed its earnings outlook for the rest of the year.

Making matters worse, Netflix’s Web site — the hub of its rental system — went down Monday evening and remained inaccessible as of Tuesday afternoon (EDT). Spokesman Steve Swasey attributed the more than 12-hour outage to an unanticipated problem that he declined to describe. Engineers hoped to fix the trouble by 4 p.m. EDT. after missing several earlier targets for restoring the Web site.

Netflix had been in the process of updating its computers to reflect price reductions that took effect Tuesday.

More here.

Australia: Westpac Accepts No Blame in Security Breach

Liam Tung writes on ZDNet Australia:

Westpac has admitted that the details of around 1,400 Virgin credit card customers were exposed last week when its system security was breached, but Australia’s fourth largest bank has washed its hands of any blame.

A spokesperson for Virgin Money, which partners with Westpac to run the credit card accounts, confirmed that the incident affected 0.2 percent of its 700,000 customers -- that is 1,400 card holders.

Virgin credit card holders received letters last week explaining that their cards had been cancelled because of a "high risk compromise", which may have resulted in their "account details being compromised".

The security breach, according to a Westpac spokesperson, was "related to transactions made by a third-party vendor" through another bank's payment gateway.

More here.

Privacy: U.S. Given Information on EU Travelers' Sexual Orientation - UPDATE

Yepoka Yeebo writes on PinkNews.co.uk:

The European Commission quietly approved an agreement this Monday which gives the US Department of Homeland Security unprecedented access to the personal information of anyone on a transatlantic flight, including details of their sexual orientation.

The DHS insists on the right to use the information for disease control, and there are fears that gay passengers may be singled out as possible HIV risks.

The plans involve upgrading information which is already sent by airlines to the DHS on the 4-million-plus Britons who visit the US every year, including payment details, home address and the passengers in-flight meal choice.

The agreement adds 19 possible new categories, including information on ethnic origin, political and philosophical opinions, credit card numbers, trade union membership, sex life and details of the passengers' health.

More here.

(Props, Pogo Was Right.)

UPDATE: 11:31 PDT: Some additional information comes to light here on vnunet.com, such as the fact that DHS will keep EU personal traveler records for 17 years.

Defeating CAPTCHAs: Hacker Tools Surface


Vicente Martinez writes on the Panda Labs Blog:

...it has become more and more usual to see websites (forums, blogs, wikis, guestbooks, etc...) that contain advertising comments or links that direct to sites that infect with malware.

We are going to talk about a program that allows this type of comments to be created: the XRumer.

This type of websites usually include human verification codes, in order to make automatic registration more difficult for this kind of robots or they use filters in order to block IP addresses that carry out suspicious operations.

More here.

Image source: Panda Labs

Cisco Security Advisory: Wireless ARP Storm Vulnerabilities

Via Cisco Systems.

Cisco Wireless LAN Controllers (WLC) contain multiple vulnerabilities in the handling of Address Resolution Protocol (ARP) packets that could result in a denial of service (DoS) in certain environments.

Cisco is notifying customers and partners and has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.

More here.

Researchers Blast TRUSTe on User Privacy

Shaun Nichols writes on vnunet.com:

Consumer privacy firm TRUSTe is under fire from spyware researchers over its handling of a recent rogue download incident, and the fallout is leading those connected with the case to publicly question the firm's credibility.

The controversy stems from the way TRUSTe handled reports that web traffic analysis firm comScore was installing its tracking software.

The software, known as RelevantKnowledge, is used to gather information on a user's internet behaviour such as website traffic and purchasing patterns. It normally requires direct consent from the user before installation.

More here.

From Russia With Malice: Criminals Trawl The World

Nick Miller writes on TheAge.com.au:

If it weren't true, it would be the script for the next Bond movie.

The mission: to eliminate a man. Codename: "flyman". Elite hacker. Suspected head of the so-called "Russian Business Network", a hotbed of cyber-fraud, child pornography and malicious "bot-nets" that wreaks havoc across the internet from its St Petersburg base.

"We don't know who he is," admits Rick Howard, director of intelligence at Virginia-based internet security company VeriSign. "We don't know if it's a hierarchical organisation or a loose confederation of similar groups. But it's organised.

"They are making millions of dollars a year. They are not greedy — they take a few dollars here and there and move on to the next victim. And we think their main guy has connections to the (Russian) Government, and is protected by them."

The RBN manages networks of phishing sites and Trojan programs, designed to steal banking passwords. The targets are individuals but the ultimate victims are the banks, who still compensate their customers for cyber-fraud losses.

More here.

Monday, July 23, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, July 23, 2007, at least 3,636 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,986 died as a result of hostile action, according to the military's numbers.

The AP count is five more than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

FBI, Secret Service Must Improve Cybercrime Training

Jason Miller writes on FCW.com:

The FBI, the Homeland Security Department and other federal agencies are underequipped and lack enough properly trained employees to combat cybercrime, according to a recent report by the Government Accountability Office.

GAO found that staffing was one of four major challenges to addressing cybercrime. In a report for the House Homeland Security and Judiciary committees, auditors said law enforcement agencies can do more to improve their ability to combat cybercrime.

Specifically, GAO recommended that the Secret Service and FBI modify their staff rotational policies to retain employees with key expertise in investigating and prosecuting cybercrimes.

More here.

The Best States For Tech Jobs - And The Worst

Brian Wingfield writes on Forbes.com:

If you've ever thought about quitting your mundane, low-paying office job for a cushy position in the lucrative high-tech sector, now might be a good time to do it.

According to a new report by the American Electronics Association (AEA), the tech industry expanded in 2005 and 2006 for the first consecutive time since the bubble burst in 2001. The study uses Labor Department statistics to show that 150,000 tech jobs were added in 2006, compared with 87,400 in 2005.

More here.

Taiwan: DPP Branches Attacked by Chinese Computer Virus

Via The Taipei Times.

Chinese hackers have sent e-mails to the Democratic Progressive Party's (DPP) local branches and other recipients in the name of the DPP chairman with a trojan horse virus in them, the Ministry of Justice's Investigation Bureau said yesterday.

The bureau said in a press statement that people receiving the e-mails should not open them as confidential information held on the computer might be intercepted by the hackers.

Warnings have been sent to DPP branches asking them not to open e-mails that show the aforementioned title and e-mail address, the bureau said.

The bureau said the attack seemed unusual and it suspects the motive is probably political and that the Chinese authorities may be involved.

In recent years the Chinese government has attempted to use computer technology to spy on Taiwan, the bureau said.

More here.

(Props, Flying Hamster.)

Amp’d Mobile May Turn Off Service Tomorrow

Kelly Hill writes on RCR Wireless News:

Amp’d Mobile Inc. subscribers may find themselves without wireless service tomorrow, according to the mobile virtual network operator.

The MVNO has begun warning subscribers via text messages and its Web site that its service could go dark as early as tomorrow. The company also said it will discontinue its customer-service operations today.

More here.

Bullet-Proof Spammers


Mikko Hypponen writes on the F-Secure "News from the Lab" Blog:

So Google has these sponsored links in their search results…

Which is all nice and simple when you search for something like "flowers" or "clip art".

But try searching for "bulletproof hosting", and you'll get a bunch of Google sponsored links for companies that sell hosting for spammers...

More here.

Image source: F-Secure

InstallShield Website Defaced




Props, Stanton McCandlish.

IPhone Flaw Lets Hackers Take Over, Security Firm Says

John Schwartz writes in The New York Times:

A team of computer security consultants say they have found a flaw in Apple’s wildly popular iPhone that allows them to take control of the device.

The researchers, working for Independent Security Evaluators, a company that tests its clients’ computer security by hacking it, said that they could take control of iPhones through a WiFi connection or by tricking users into going to a Web site that contains malicious code. The hack, the first reported, allowed them to tap the wealth of personal information the phones contain.

Although Apple built considerable security measures into its device, said Charles A. Miller, the principal security analyst for the firm, “Once you did manage to find a hole, you were in complete control.” The firm, based in Baltimore, alerted Apple about the vulnerability this week and recommended a software patch that could solve the problem.

More here.

Sunday, July 22, 2007

User Friendly: Harry Potter Spolier

Via UserFriendly.org.



Click for larger image.

Quote of the Day: Think Progress

"3,498: Number of Iranians the United States has accepted into the country in the past nine months. In contrast, the United States has admitted just 825 Iraqi refugees since 2003, 'many of them backlogged applicants from the time Saddam Hussein was in power'."

- Via Think Progress.

University Conducts Anti-Phishing Research

An AP newswire article by Ryan Lenz, via Yahoo! News, reports that:

[Indiana University] has conducted nearly a dozen experiments in the last two years. In one, called "Messin' With Texas," researchers learned mothers' maiden names for scores of people in Texas. Maiden names often are used as a security challenge question.

Another conducted in May found that 72 percent of more than 600 students tested on the Bloomington, Ind., campus fell for an e-mail from an account intended to look familiar that sought usernames and passwords.

By contrast, only 18 percent of 350 students in a separate control group were fooled when they received e-mails from addresses they did not recognize.

The experiments found that hackers have the most success by using hijacked Web addresses or e-mail accounts that look real. The research also showed computer users generally have little knowledge of Web site security certificates and leave themselves open to attack with poorly configured routers or operating systems.

More here.