Saturday, September 08, 2007

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Saturday, Sept. 8, 2007, at least 3,760 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,071 died as a result of hostile action, according to the military's numbers.

The AP count is 12 higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Saturday, Sept. 8, 2007, at least 372 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Sept. 1, 2007.

Of those, the military reports 247 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Chip Implants Linked to Animal Tumors


An AP newswire article by Todd Lewan, via The Boston Globe, reports that:

When the U.S. Food and Drug Administration approved implanting microchips in humans, the manufacturer said it would save lives, letting doctors scan the tiny transponders to access patients' medical records almost instantly. The FDA found "reasonable assurance" the device was safe, and a sub-agency even called it one of 2005's top "innovative technologies."

But neither the company nor the regulators publicly mentioned this: A series of veterinary and toxicology studies, dating to the mid-1990s, stated that chip implants had "induced" malignant tumors in some lab mice and rats.

"The transponders were the cause of the tumors," said Keith Johnson, a retired toxicologic pathologist, explaining in a phone interview the findings of a 1996 study he led at the Dow Chemical Co. in Midland, Mich.

Leading cancer specialists reviewed the research for The Associated Press and, while cautioning that animal test results do not necessarily apply to humans, said the findings troubled them. Some said they would not allow family members to receive implants, and all urged further research before the glass-encased transponders are widely implanted in people.

More here.

FBI Data Mining Reached Beyond Target Suspects

Eric Lichtblau writes in The New York Times:

The F.B.I. cast a much wider net in its terrorism investigations than it has previously acknowledged by relying on telecommunications companies to analyze phone-call and e-mail patterns of the associates of Americans who had come under suspicion, according to newly obtained bureau records.

The documents indicate that the Federal Bureau of Investigation used secret demands for records to obtain data not only on individuals it saw as targets but also details on their “community of interest” — the network of people that the target in turn was in contact with. The bureau recently stopped the practice in part because of broader questions raised about its aggressive use of the records demands, which are known as national security letters, officials said Friday after being asked about it.

More here.

Friday, September 07, 2007

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Sept. 7, 2007, at least 3,760 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,071 died as a result of hostile action, according to the military's numbers.

The AP count is 12 higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Friday, Sept. 7, 2007, at least 372 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Sept. 1, 2007.

Of those, the military reports 247 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

China's Cyber Army is Preparing to March on America, Says Pentagon

Tim Reid writes on The Times Online:

Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.

The blueprint for such an assault, drawn up by two hackers working for the People’s Liberation Army (PLA), is part of an aggressive push by Beijing to achieve “electronic dominance” over each of its global rivals by 2050, particularly the US, Britain, Russia and South Korea.

China’s ambitions extend to crippling an enemy’s financial, military and communications capabilities early in a conflict, according to military documents and generals’ speeches that are being analysed by US intelligence officials. Describing what is in effect a new arms race, a Pentagon assessment states that China’s military regards offensive computer operations as “critical to seize the initiative” in the first stage of a war.

More here.

Quote of the Day: Eric Zeman

"Correct me if I am wrong, but didn't RIM co-CEO Balsillie vow that BlackBerry users would never experience a blackout similar to the one that occurred several months ago? Open mouth, insert foot..."

- Eric Zeman, commenting on YABBO (Yet Another Blackberry Blackout).

Filipino Action to Remove Porn Site Domain Name

Via DomainNews.com.

In the Philippines, a fight against online pornography has developed, started by Catanduanes Rep. Joseph Santiago, chairman of the House committee on information and communications technology, is supporting Sen. Loren Legarda in the war on computer pornography.

The fight against pornography involves the National Bureau of Investigation (NBI), according to Santiago, finding ways to remove the domain name of the Philippine’s top online portal with the help of Network Solutions according to a report in Balita from the Philippines.

Santiago appears to be basing the possibility of removing the domain name on previous FBI efforts in the US in removing several domain names used by paedophiles to traffic in child porn.

More here.

ID Theft Research Group to Come Out of the Shadows

Kelly Jackson Higgins writes on Dark Reading:

The Center for Identity Management and Information Protection (CIMIP) has kept a low profile since its inception over a year ago, but that's about to change: The public-private partnership that includes IBM, the U.S. Secret Service, and the FBI, has just broken ground on a new multi-million dollar secured facility, and next month will release some surprising findings about the bad guys behind identity theft.

Gary Gordon, executive director for CIMIP, says the organization will be presenting some interesting findings from two research projects to the Secret Service and the Bureau of Justice Assistance next week, and then will go public with those results at its "Identity Management and Information Protection: Research to Action" conference next month in McLean, Va.

More here.

China Shuts Down Data Centers and Server Farms in Internet Purge

Via Interfax China.

China has shut down a large number of Internet data centers (IDCs) and server cabinets in recent weeks in its latest Internet purge, a source told Interfax today.

"The government began shutting down large IDCs across China last week," a Web site owner, who wished to remain anonymous, said. He said IDCs in Fujian, Henan and Shanghai had been closed.

The source believed the shut downs were part of an Internet purge in preparation for the upcoming 17th National Congress of the Communist Party of China (CPC). He said accusations that Web sites contained illegal information were being used to justify the shut downs. Server cabinets hosting Web sites subject to these accusations were also disabled. If an IDC was found to contain a number of Web sites accused of holding illegal information, then the entire facility would be taken offline, closing down all sites hosted at that particular IDC.

More here.

UK: Data Theft From Loans.co.uk

Via The Watford Observer.

Police have confirmed Watford firm Loans.co.uk have contacted them regarding the possible theft of thousands of customers' personal details.

It is understood Herts police have investigated the theft of data, possibly including credit card numbers and bank account details, from the credit broker, based in Croxley Business Park.

Customers with Loan.co.uk have already been informed about the theft and potential risk it puts them in.

Other customers have reported receiving hundreds of unwanted calls from credit card firms. It is understood they too have been contacted by Loans.co.uk and told their personal information was stolen and sold on.

More here.

(Props, Pogo Was Right.)

U.S. Joint Staff Readies Cyber Operations Plan

Sebastian Sprenger writes on FCW.com:

Military officials are readying a new plan central to how U.S. forces will operate in cyberspace, according to the Joint Staff’s vice director for command, control, communications and computer systems.

Air Force Brig. Gen. Michael Basla said officials in his directorate, dubbed J-6, are developing what he called an “implementation plan” to complement the classified National Military Strategy for Cyberspace Operations. Senior Defense Department leaders approved that document last December.

More here.

U.S. Lawmakers Urge Delay in Domestic Spy Satellite Plan

Mimi Hall writes on USA Today:

Members of Congress and civil liberties groups demanded Thursday that the Homeland Security Department delay a new program that will let police and counterterrorism officers use powerful spy satellites above the United States.

"Privacy and civil liberties concerns were apparently an afterthought" when the Bush administration decided to give Homeland Security the authority to run the new program, Rep. Jane Harman, D-Calif., said at a House Homeland Security Committee hearing.

More here.

The Non-Defense Department

Lisa Vaas writes on eWeek:

On July 18, Sunbelt Software came across a SQL command passed as a query within a URL belonging to an arm of a European country's military. With that, any visitor can pass queries in the URL straight to the back-end database and squeeze out any data, no password required.

At the time, the URL displayed what Sunbelt President Alex Eckelberry calls an "infantile" security screw-up: Namely, putting production code and a back-end database into the hands of anybody who wanders by. It was, in other words, a serious security vulnerability that even the most basic security policy should have forbidden, never mind the security policy of a major defense agency.

Sunbelt, of Clearwater, Fla., alerted security researchers from the country in question. They in turn assured Sunbelt that they would notify the defense agency.

End of story? Unfortunately not. Six weeks later, Sunbelt checked the site and found it was still a sitting duck, serving up military base information to any visitor who knows how to frame a SQL query, telling potential attackers exactly which database it was running and what operating system it was using, thereby painting a day-glow arrow toward the exact class of known vulnerabilities and exploits that could bring it to its knees.

More here.

Off Beat: UK: Plan to Put Everyone in DNA Database Hinges on Human Rights Case

Via OUT-LAW.com.

Lord Justice Sedley's proposal to put everyone in the UK on a DNA database would be dependent on a British man's case against the UK at the European Court of Human Rights (ECHR), according to a privacy law expert.

Michael Marper is objecting to the retention of his DNA information on the Home Office's database, despite the fact that he has never been convicted of a crime. He has appealed through the English courts and the ECHR agreed earlier this year to hear his case.

More here.

The Singularity Summit 2007


Via The Mercury News.

In the coming decades, humanity will probably create a powerful artificial intelligence. The Singularity Institute at Stanford University is sponsoring a two-day summit to discuss this urgent challenge, both its opportunities and its risks.

When: Saturday and Sunday

Where: Palace of Fine Arts Theater, San Francisco, 9 a.m. to 6 p.m.

Cost: $50

For more information: www.singinst.org

Speakers will include: Rodney Brooks, MIT roboticist and founder of iRobot; Peter Norvig, director of research at Google; Paul Saffo, leading technology forecaster; Steve Jurvetson, managing director at Draper Fisher Jurvetson; Barney Pell, founder and CEO of Powerset.

More here.

Alum Charged With Hacking Into Texas A&M

An AP newswire article, via The New York Times, reports that:

A recent graduate of Texas A&M University is charged with hacking into the school's computer system and illegally accessing information on 88,000 current and former students, faculty and staff members.

Luis Castillo must appear before a magistrate judge Wednesday.

Federal prosecutors said Castillo, who graduated in December with a computer science degree, accessed the system in February and caused more than $5,000 in losses to the university. The school had to hire extra staff to minimize damage.

Castillo was charged with felony reckless damage to a protected computer and could face as many as five years in prison if convicted.

More here.

Thursday, September 06, 2007

Local: More Than 4,000 De Anza Students At Risk For ID Theft

Via NBC11.com.

De Anza College announced Thursday that thousands of former students might be at risk for identity fraud after an instructor's laptop computer, containing students' personal information, was stolen last month.

The Cupertino community college is attempting to contact 4,375 students and former students of the mathematics instructor to inform them that their personal information may be at risk. The computer contained the students' names, addresses, grades and in many cases Social Security numbers.

"Probably the bulk of them are Social Security numbers," said Foothill-De Anza Community College District spokeswoman Becky Bartindale.

More here.

Off Beat: Southwest Airlines Thinks Your Outfit Is Inappropriate


Meg Marco writes on The Consumerist:

According to the Union-Tribune, Southwest airlines objected to an outfit worn by a 23 year-old Hooters waitress.

Southwest went so far as to ask the woman the leave the airplane. So what was she wearing?

A "white denim miniskirt, high-heel sandals, and a turquoise summer sweater over a tank top over a bra."

My god! Alert the TSA and the local police! We can see leg!

More here.

Madness.

Image source: The Consumerist.

xkcd: Madness Can't Be Far Away


Click for larger image.

We love xkcd.

China Seen as Honing Cyber-Attack Skills

Peter Spiegel writes in The Los Angeles Times:

The recent allegations that China has been hacking into sensitive government computer systems in the United States and Europe follow years of heavy investment by the People's Liberation Army in cyber-attack capabilities, U.S. defense officials and Asian security analysts said.

Although much of China's spending on information warfare remains secret, the Chinese military and its propaganda organs have regularly expressed their desire to develop computer warfare expertise and have boasted of their growing sophistication in the field, these experts said.

"There are intensive discussions in China about developing and perfecting their information warfare abilities," said Andrew Yang, a China military expert at the Taiwan-based Chinese Council of Advanced Policy Studies. "They have improved their tactics and approaches."

The U.S. military has alleged for nearly a year that China has launched cyber attacks on Pentagon networks. The issue returned to the spotlight this week after allegations, first reported by the Financial Times, that the PLA in June broke into an unclassified computer system used by the office of Defense Secretary Robert M. Gates. The breach forced the Pentagon to disable the computer system for several days.

More here.

Spam Nuisance Spreads to Text Messaging

Herb Weisbaum writes on MSNBC.com:

It seems like everyone with a wireless device is communicating via text messaging these days.

Unfortunately, this includes spammers.

For a few days in late August, wireless customers across the country received an unsolicited bulk text message on their cell phones and pagers pitching the penny stock of a Nevada company.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Sept. 6, 2007, at least 3,752 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,065 died as a result of hostile action, according to the military's numbers.

The AP count is 10 higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Terrorists Foil FBI Watchlist Due to 'Technical Glitch'

An AP newswire article by Lara Jakes Jordan, via SFGate.com, reports that:

The FBI failed to put as many as 20 suspected terrorists on watch lists tailored to alert border agents and immigration officials because of a technology glitch, a Justice Department audit concluded Thursday.

It was not immediately clear whether any of the suspects entered the United States as a result of the security lapse.

Responding, the director of the FBI's Terrorist Screening Center acknowledged the gap, but said it soon will be fixed.

More here.

Quote of the Day: Ben Laurie

"But the interesting point is this: if Tor is worth targeting for your Trojans, then Tor has entered popular culture. Which rocks."

- Ben Laurie, commenting on the fact that bogus Tor spam & download sites have now been incorporated into the Storm botnet scheme. (Hat-tip: Xeni.)

U.S. Tested Terrorist Data Program Using Real People's Names

A CanWest News Service article by Randy Boswell, via Canada.com, reports that:

A damning privacy audit of the U.S. Department of Homeland Security's "data-mining" activities has found tests conducted on a new computer program designed to identify potential terrorist suspects used real names and birth dates of people travelling across the U.S.-Canada border instead of dummy data.

Concerns about DHS's testing of its ADVISE data analysis system have dogged the agency since March, when the congressional Government Accountability Office first identified possible privacy violations.

"Like other data-mining applications, the ADVISE tool could misidentify or erroneously associate an individual with undesirable activity such as fraud, crime or terrorism," the GAO said in a report at the time.

More here.

Storm Worm Botnet More Powerful Than Top Supercomputers

Sharon Gaudin writes on InformationWeek:

The Storm worm botnet has grown so massive and far-reaching that it easily overpowers the world's top supercomputers.

That's the latest word from security researchers who are tracking the burgeoning network of Microsoft Windows machines that have been compromised by the virulent Storm worm, which has pounded the Internet non-stop for the past three months. Despite the wide ranging estimates as to the size of the botnet, researchers tend to agree that it's one of the largest zombie grids they've ever seen -- one capable of doing great damage.

More here.

UK: A Crime is Committed Online Once Every 10 Seconds

Via OUT-LAW.com.

More than three million online crimes were carried out last year, according to estimates published today. These included more than 200,000 cases of financial fraud, twice the official number of real-world robberies carried out during the same period.

The report was written by criminology firm 1871 Ltd and commissioned by online identity firm Garlik. It suggests that 60% of the online crimes committed last year, an estimated 1.9 million incidents, were ‘offences against the person’ including abusive or threatening emails, false or offensive accusations posted on websites and blackmail perpetrated over the internet.

Online identity theft reached more than 90,000 incidents, unauthorised access to someone’s PC with ulterior intent reached 144,500 and online sexual offences 850,000, claimed the report.

According to the report, 90% of cybercrimes go unreported with victims deterred from coming forward as they wrongly believe the activity is not criminal or that the police will be unable or unwilling to investigate.

More here.

Judge Strikes Down Part of Patriot Act

An AP newswire article by Larry Neumeister, via Forbes.com, reports that:

A federal judge struck down parts of the revised USA Patriot Act on Thursday, saying investigators must have a court's approval before they can order Internet providers to turn over records without telling customers.

U.S. District Judge Victor Marrero said the government orders must be subject to meaningful judicial review and that the recently rewritten Patriot Act "offends the fundamental constitutional principles of checks and balances and separation of powers."

The American Civil Liberties Union had challenged the law, complaining that it allowed the FBI to demand records without the kind of court order required for other government searches.

The ACLU said it was improper to issue so-called national security letters, or NSLs - investigative tools used by the FBI to compel businesses to turn over customer information - without a judge's order or grand jury subpoena.

More here.

Goodbye, Network Neutrality: Feds OK Fee for Priority Web Traffic

An AP newswire article, via The Washington Post, reports that:

The Justice Department on Thursday said Internet service providers should be allowed to charge a fee for priority Web traffic.

The agency told the Federal Communications Commission, which is reviewing high-speed Internet practices, that it is opposed to "Net neutrality," the principle that all Internet sites should be equally accessible to any Web user.

Several phone and cable companies, such as AT&T Inc., Verizon Communications Inc. and Comcast Corp., have previously said they want the option to charge some users more money for loading certain content or Web sites faster than others.

More here.

NIST Issues New Computer Security Guidelines for Active Content

William Jackson writes on GCN.com:

The National Institute of Standards and Technology has updated its security guidelines for dealing with active content, providing an overview for active content and mobile code in use today and laying out a framework for making security decisions about its use within an organization.

A draft of Special Publication 800-28 Revision 2 [.pdf], titled “Guidelines on Active Content and Mobile Code,” has been released for public comment.

Incorporating active content such as Java applets, JavaScript and other scripts, and macros can add to the functionality of documents, e-mails, Web pages and files in a wide variety of formats, but NIST calls their security vulnerabilities “insidious.” The expanding use of these technologies is becoming common in a range of products and services, on desktop computers, servers and gateway devices.

More here.

Wednesday, September 05, 2007

Singapore Exchange Hit by Another Computer Problem

Sumner Lemon writes on ComputerWorld:

Singapore Exchange Ltd. has warned investors not to rely on data provided for the Straits Times Index, one day after a computer inaccurately reported the value of the component stocks in the benchmark index.

The incident is the latest in a string of computer-related problems to hit the exchange this year.

"The Straits Times Index may not reflect fully the movement in its components. Market participants are advised not to rely on the figure until further notice," the exchange said on its Web site Thursday morning.

More here.

In Passing: Luciano Pavarotti



Luciano Pavarotti
October 12, 1935 - September 6, 2007

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP):

As of Wednesday, Sept. 5, 2007, at least 3,750 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,064 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

As of Wednesday, Sept. 5, 2007, at least 372 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Sept. 1, 2007.

Of those, the military reports 247 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Australia: Cyber Crime Will Spread

Jordan Baker writes on The Sydney Morning Herald:

Cyber criminals will try to exploit the Federal Government's proposed health and welfare access card, interfere with e-passports and engage in "industrial espionage", a federal study predicts.

The criminals will move away from a scatter-gun approach and start targeting specific companies and people, the Australian Institute of Criminology report on directions in technology crime warns. It says the access card planned by the Federal Government will be a "likely target".

"Areas of risk will relate to dishonest initial enrolment of users as well as data insecurity, both with respect to the card's computer chip as well as supporting databases," it said.

Criminals might also try to compromise the quality of data protection for e-passports.

More here.

UK: London Tops the Charts in 'Card Not Present' Fraud

Sara Yirrell writes on ChannelWeb.com.uk:

Card not present (CNP) fraud has soared in the UK and London is the number one hotspot, according to figures released by retail watchdog Early Warning.

According to the figures - which revealed CNP fraud shot up 22 per cent in the past year - central London postcodes saw the heaviest CNP activity, and are fast becoming known as the CNP fraud capital of Europe.

Trailing behind London in the CNP fraud top ten were Manchester, Coventry, Kilmarnock, Bristol, Brighton, Leicester, Leeds, Glasgow and Nottingham.

More here.

Chinese Cyberattacks Cause Damage, Embarrassment

A Reuters newswire article by Mark Trevelyan, via InformationWeek, reports that:

China has rejected both the U.S. and German allegations, complaining of "wild accusations" which were "totally groundless and also reflect a Cold War mentality".

Sandra Bell, security analyst at the Royal United Services Institute in London, said the emergence of the two reports in consecutive weeks appeared to signal that Western governments were running out of patience with the alleged Chinese activity.

"It does seem the international community appears to be saying: 'We know who's doing this and we want it to stop,'" she said.

More here.

Russian Proton Rocket Fails to Orbit Japanese Communications Satellite


A Spaceflight Now article by Justin Ray, via Space.com, reports that:

Two minutes after launching from the Baikonur Cosmodrome in Kazakhstan tonight, a Russian heavy-lifting Proton rocket suffered a malfunction of its second stage, leading to destruction of Japanese satellite payload riding aboard the booster.

Destroyed in tonight's launch accident was the JCSAT-11 communications spacecraft, the first commercial Japanese satellite to ever fly on Proton.

Built by Lockheed Martin, the 8,800-pound (4,000-kilogram) spacecraft was headed for geostationary orbit 22,300 miles (35,786 kilometers) above the equator. JSAT Corp. of Tokyo would have operated the satellite to provide telecommunications services to Japan, the Asia-Pacific region and Hawaii.

More here.

Titan Rain UK: How Chinese Hackers Targeted Whitehall

Richard Norton-Taylor writes in The Guardian (UK):

Chinese hackers, some believed to be from the People's Liberation Army, have been attacking the computer networks of British government departments, the Guardian has learned.

The attackers have hit the network at the Foreign Office as well as those in other key departments, according to Whitehall officials.

The Ministry of Defence declined yesterday to say whether it had been hit. An incident last year that shut down part of the House of Commons computer system, initially believed to be by an individual, was discovered to be the work of an organised Chinese hacking group, officials said.

Security and defence officials are coy about what they know of specific attacks. However, they say several Whitehall departments have fallen victim to China's cyberwarriors. One expert described it as a "constant ongoing problem".

More here.

Are Chinese Attacks Blunders?

Richard Stiennon writes on Threat Chaos:

Now the British press is reporting infiltration of Whitehall by the People’s Liberation Army. You have to ask yourself is this just bad hacking on the part of the PLA? After all, a good cyber attack would either be super stealthy, thus undetected and never reported or, it would serve some purpose to be blatant and cause network outages.

If the recent incidents at the Pentagon, the German Chancellery, and now Whitehall are blunders then it points to what is probably the tip of the iceberg. In other words, hacking by China is so prevalent that accidents happen and these few incidents get discovered. That is my current theory. The Chinese are very bold, there are no negative repercussions from being discovered, and they are probably still in the early phases of exploratory hacking just to see what happens and what can be gained from hacking.

The other theory that comes to mind is a little more disturbing. That would be that the Chinese are already so confident in their hacking ability that they are using attacks to demonstrate their ability.

More here.

U.S. Concedes Danger of Cyber-Attack

Andrew Ward, Demetri Sevastopulo, and Stephen Fidler write on FT.com:

George W. Bush has acknowledged that the US is vulnerable to cyber-attack and said he might raise the issue with Chinese President Hu Jintao when they meet in Sydney on Wednesday.

The US president’s comments followed a report in the Financial Times that the Chinese People’s Liberation Army had allegedly hacked into the Pentagon’s computer network.

“I’m very aware that a lot of our systems are vulnerable to cyber-attack from a variety of places,” said Mr Bush, who is in Sydney for the annual Asia-Pacific Economic Co-operation (Apec) summit.

Mr Bush said he “may” raise the matter with countries the US suspected of cyber warfare, without acknowledging China’s alleged role in the Pentagon incident.

More here.

UK: Thousands of e-Mails Lost in Spam Attack

Laura Clout writes on The Telegraph.co.uk:

Thousands of emails have been stuck in virtual limbo for days after a massive “spam attack” on the telecoms firm Onetel.

A large number of the firm’s 30,000 email customers have been unable to send or receive emails properly for more than a month and many say their complaints to Onetel appear to have fallen on deaf ears.

Frustrated by the company’s apparent delay in responding to their complaints, many say they have decided to switch to alternative providers.

More here.

Cisco Security Advisories

XSS and SQL Injection in Cisco CallManager/Unified Communications Manager Logon Page

Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.

Denial of Service Vulnerabilities in Content Switching Module

The Cisco Content Switching Modules (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain two vulnerabilities that can lead to a denial of service (DoS) condition. The first vulnerability exists when processing TCP packets, and the second vulnerability affects devices with service termination enabled.

Cisco Video Surveillance IP Gateway and Services Platform Authentication Vulnerabilities

Cisco Video Surveillance IP Gateway video encoder and decoder, Services Platform (SP), and Integrated Services Platform (ISP) devices contain authentication vulnerabilities that allow remote users with network connectivity to gain the complete administrative control of vulnerable devices. There are no workarounds for these vulnerabilities.

DHS Chief: Cyber Security Efforts Are 'Classified'

Anne Broache writes on the C|Net News Blog:

Homeland Security Secretary Michael Chertoff on Wednesday largely dodged questions from a congressional committee about the department's cybersecurity operations, including whether its computers have ever faced attacks from Chinese hackers.

During wide-ranging testimony before the U.S. House of Representatives Homeland Security Committee here, Chertoff devoted only a few sentences to his department's charge of protecting the nation's computer systems from attack. He claimed he couldn't get into many of the details because of their "classified" nature.

"I can assure you we are working with other elements of the federal government and giving the highest priority to putting together an enhanced strategy with respect to cybersecurity," he told the politicians.

DHS has been publicly blasted by Congress and government auditors in the past for failing to live up to their expectations in the cybersecurity realm.

More here.

Judge Scolds U.S. on Wiretapping Records

An AP newswire article, via Forbes.com, reports that:

A federal judge scolded the Bush administration Wednesday for responding with sometimes blanket secrecy to a request for documents on its warrantless wiretapping program.

Privacy groups and civil rights organizations sued the Justice Department last year, demanding it release documents under the Freedom of Information Act. The government refused to release most of the records, arguing that such a move could jeopardize national security and undermine terrorism investigations.

But U.S. District Judge Henry H. Kennedy Jr. said Wednesday that's not good enough.

"While the court is certainly sensitive to the government's need to protect classified information and its deliberative processes, essentially declaring 'because we say so' is an inadequate" defense, Kennedy wrote.

More here.

Quote of the Day: heise Security News

"The principle of Potemkin Villages was the same, but now the trappings are different..."

- heise Security News, on the criminal activities of phishing security companies for profit.

Off Beat: Nuclear Bombs Mistakenly Flown Over U.S.


An AP newswire article by Pauline Jelinek, via Wired News, reports that:

A B-52 bomber was mistakenly armed with six nuclear warheads and flown for more than three hours across several states last week, prompting an Air Force investigation and the firing of one commander, Pentagon officials said Wednesday.

The incident was so serious that President Bush and Defense Secretary Robert Gates were quickly informed and Gates has asked for daily briefings on the Air Force probe, said Defense Department press secretary Geoff Morrell. He said, "At no time was the public in danger."

More here.

The Economist: Is Cyber Warfare a Serious Threat?

Via The Economist.

A decade or so ago, thinkers and pundits were fond of discussing the emerging threat of cyber attacks as a matter of international affairs. The growing reliance of advanced economies on the internet, and the increasing use of the internet by governments and armies, seemed to offer vulnerability along with riches and convenience. The scare of the “Y2K bug” seemed to highlight the danger, at least until it became obvious that the bug was of no threat to anyone.

Now, despite preoccupation with more old-fashioned sorts of terrorism and war, is there, again, reason to fret about the cyber sort? Revelations this year that hackers successfully broke into Pentagon computers, followed by off-the-record confirmation by officials speaking to the Financial Times this week that the assailants were connected to China’s army, have brought the issue back to the fore.

More here.

Tuesday, September 04, 2007

UK: Chinese Hackers Also 'Raid Whitehall Computers'

Richard Spencer and Ben Quinn write in The Telegraph.co.uk:

Hackers with links to China's military were last night accused of waging a long-term campaign to penetrate the computer networks of British government departments.

A day after China denied that it was the hidden hand behind hackers who breached Pentagon security networks in the US, ''cyberwarriors'' acting at the behest of the People's Liberation Army (PLA) were blamed for breaking into networks at the Foreign Office and other departments.

The ''virtual'' attacks on the Pentagon were described yesterday by experts as "a wake-up call" to those in charge of safeguarding the security of British governmental secrets. So-called ''Cyber attacks'' on governmental networks in the UK by Chinese hackers are thought to have been going on for at least four years, according to a report in The Guardian.

The campaign was responsible for an incident last year that shut down part of the House of Commons computer system, according to Whitehall officials.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Sept. 4, 2007, at least 3,741 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,065 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.


FBI: Enterprises Need Counterintelligence

Matt Hines writes on InfoWorld:

The Chinese government has denied involvement in a series of hacks carried out against IT systems at the Pentagon in June this week, but the threat of technology-driven espionage has forced the FBI to push businesses and academic institutions to better prepare for such attacks.

Little publicly-available evidence exists to prove that foreign governments have backed or planned to launch attempts to steal intellectual property from U.S. corporations and researchers, but officials with the FBI claim that the problem is real and that American organizations must begin policing their operations more aggressively today to prevent valuable data from being stolen tomorrow.

In October, the FBI's Counterintelligence Domain Program -- which aims to foster cooperation between the agency and private entities to help organizations identify and protect potential intelligence risks -- will mark its first year in existence.

More here.

Off Beat: Mideast Peace Through Porn

Via The Los Angeles Times.

The Vietnam War-era slogan "Make love, not war" has been taken to its logical extreme by an Israeli pornographic website, which is engaged in a sort of cultural exchange of bodily fluids with the Arab world.

According to a recent report in Daily Variety, when executives at Ratuv installed software that could track where their users were logging in, they found that the site was getting thousands of hits a week from such countries as Syria, Saudi Arabia, Iran and Iraq, even though some of these governments block the ".il" domain address on Israeli websites. So Ratuv responded by translating the entire site into Arabic, and traffic quickly skyrocketed.

More here.

(Hat-tip: Danger Room.)

China Denies Pentagon Cyber-Raid

Via The BBC.

China has denied reports that its military hacked into the computer network of the US Department of Defense in Washington.

A foreign ministry official said the claims "reflected Cold War mentality".

The Financial Times quoted US officials as saying the Chinese army made the attack, which crashed part of a system for the defence secretary's office.

Last week China dismissed reports that its armed forces had infiltrated German government computer systems.

The reports come as US President George W Bush prepared to meet his Chinese counterpart, Hu Jintao, at the Apec summit in Sydney, Australia.

More here.

Monday, September 03, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Sept. 3, 2007, at least 3,740 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,061 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Oops: Secret U.S. Ballistic Missile Sub Caught by Microsoft's Virtual Earth

A screen grab of Microsoft's Virtual Earth showing the Ohio class ballistic missile submarine in dry dock near Bangor in Washington state. Inset: 2003 photo of USS Virginia in construction showing the propeller covered.
Image source; The Sydney Morning Herald.



Stephen Hutcheon writes on The Sydney Morning Herald:

A man looking for a new home on an online mapping service has stumbled across an aerial image of a US nuclear-powered submarine in dry dock showing a part of the vessel that wasn't meant to be seen.

The image - which appears on Microsoft's Virtual Earth mapping service - is of the seven-bladed propeller used on an Ohio class ballistic missile submarine.

The vessel was being worked on at a dry dock at the Naval Base Kitsap-Bangor in Washington State, in the north-west of the United States. The base is part of Bangor's Strategic Weapons Facility Pacific which houses the largest nuclear weapons arsenal.

Propeller designs have been closely guarded secrets since the days of the Cold War. It is still common for them to be draped with tarps or removed and covered when a submarine is out of the water.

More here.

Image of the Day: Sorry We Missed You...



Click for larger image.

Via Infowars.com.

Beware: Enemy Attacks in Cyberspace

Demetri Sevastopulo writes on FT.com:

Lieutenant General Robert Elder, senior Air Force officer for cyberspace issues, recently joked that North Korea “must only have one laptop” to make the more serious point that every potential adversary – except Pyongyang – routinely scans US computer networks.

North Korea may be impotent in cyberspace, but its neighbour is not. The Chinese military sent a shiver down the Pentagon’s spine in June by successfully hacking into an unclassified network used by the top policy advisers to Robert Gates, the defence secretary.

While the People’s Liberation Army has been probing Pentagon networks hund­reds of times a day for the past few years, the US is more alarmed at the growing frequency and sophistication of the attacks.

More here.

>

'Stupid' Vulnerabilities Reported in Oracle 11g

Sumner Lemon writes on PC World:

The latest version of Oracle Corp.'s flagship database offers better security than earlier versions, but development errors have left vulnerabilities that attackers can use to steal data, an expert warned Monday.

"Oracle made big progress with 11g, but some of the vulnerabilities I've found so far in 11g are stupid programming errors," said Alexander Kornbrust, managing director of Red Database Security GmbH, during an interview at the Hack In The Box (HITB) Security Conference 2007 in Kuala Lumpur, Malaysia.

Kornbrust, who helps large companies audit the security of their Oracle databases, examined the software and found SQL injection vulnerabilities, which allow attackers to run malicious code. He also uncovered a way to circumvent the auditing capability in 11g and other versions of the database, which could undermine a company's compliance efforts.

More here.

Fujitsu Scores Massive FLAG Deal

Nicole Willing writes on Light Reading:

Fujitsu Ltd. has landed a monster $1.5 billion next-generation subsea network buildout deal from FLAG Telecom Ltd., the two companies announced Monday.

That's not Fujitsu's only new subsea deal, as it has also won a capacity upgrade contract from transpacific network operator Pacific Crossing Ltd.

But it's the FLAG deal that's making the headlines, as Fujitsu has snapped up the entire rollout against fierce competition.

More here.

The History Of Labor Day




Mark Lewis writes on Forbes.com:

Most of the world marks Labor Day on May 1 with parades and rallies. Americans celebrate it in early September, by heading to the beach or firing up the grill. Why the discrepancy? Here's a hint: The answer would have been a great disappointment to Frederick Engels.

Engels, the co-author of The Communist Manifesto, had high hopes for May Day, which originated in the United States. When the socialist-dominated organization known as the Second International jumped on the American bandwagon and adopted May 1 as International Labor Day, Engels confidently expected the proletariats of Europe and America to merge into one mighty labor movement and sweep capitalism into the dustbin of history.

Things didn't work out that way, of course, and the divergent Labor Day celebrations are part of the story.

More here.

Analyst: Chinese Face Spy Scandal Fallout

Michelle Donegan writes on Light Reading:

A report suggesting that the Chinese military has hacked into German government computers could have a negative impact on the prospects in Western markets of Chinese equipment vendors Huawei Technologies Co. Ltd. and ZTE Corp., believes an analyst at Dresdner Kleinwort.

German news magazine Der Spiegel reported recently that computers in the German chancellery and the foreign, economic, and research ministries had been infected with Chinese spyware software, and German officials say they believe the hackers were linked to China's People's Liberation Army.

The incident overshadowed German Chancellor Angela Merkel's state visit last week to Chinese Premier Wen Jiabao.

But the ramifications could go far beyond international relations and even damage Chinese companies' prospects for IT and telecom contracts in the West, believes Dresdner Kleinwort analyst Per Lindberg.

More here.

Small Businesses Ignore Peril of Cybercrime

Rene Millman writes on IT Pro News:

New research finds that small companies in Europe don't think that they're a prime target for cybercrime.

Nearly half of small companies think that cybercrime is an issue for larger enterprises, according to a new survey.

The study of 600 IT managers in small and medium enterprises (SMEs) across Europe found that 47 per cent of respondents assumed that they were too small for criminals to bother attacking them.

The research, carried out by polling company ICM, found that 58 per cent of European SMEs were simply 'not concerned' about becoming victims of cybercrime, despite almost three quarters (73 per cent) of them citing online access and availability as being critical to their businesses.

More here.

Sunday, September 02, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Sunday, Sept. 2, 2007, at least 3,738 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,061 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Thousands in Minnesota Without Phone Service, Includes 911 Access

Via The Minneapolis-St. Paul Star Tribune.

A fiber optic outage in Osseo shortly after noon Sunday quickly spread in the north and west metro, causing about 98,000 customers to lose some or all of their phone service.

There were reports out of Carver and Hennepin counties that 911 service was down for some customers, but Colleen Floyd, a spokeswoman for telephone service provider Embarq, said that is still being investigated.

About 70,000 Embarq customers did not have a dial tone at all and an additional 28,000 could not make or receive long-distance calls, Floyd said. Embarq is a former division of Sprint.

More here.

Enjoy Your Labor Day Weekend, America


Click for larger image.