Saturday, September 29, 2007

Myanmar: Light at the End of the Tunnel


Click for larger image.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Saturday, Sept. 29, 2007, at least 3,802 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,099 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Off Beat: Did Terror War Became War on Americans?

Christopher Dickey writes in Newsweek:

A slew of recent books about the Bush administration's wars (at home as well as abroad) might leave you wondering if President George W. Bush and Vice President Dick Cheney are their own Axis of Evil. In excruciating detail, these tomes tell of torture and warrantless wiretaps; they show a relentless arrogation of power and abrogation of what were thought to be solid constitutional principles.

In these books, apocalyptic delusions got us into Iraq and misjudgments have helped keep us there. The picture that emerges is so bleak that even serious journalists and scholars sometimes veer toward conspiracy theories.

More here.

Big Brother Britain: Government and Councils to Spy on ALL Our Phones

Jason Lewis writes in The Daily Mail:

Officials from the top of Government to lowly council officers will be given unprecedented powers to access details of every phone call in Britain under laws coming into force tomorrow.

The new rules compel phone companies to retain information, however private, about all landline and mobile calls, and make them available to some 795 public bodies and quangos.

The move, enacted by the personal decree of Home Secretary Jacqui Smith, will give police and security services a right they have long demanded: to delve at will into the phone records of British citizens and businesses.

More here.

(Props, Pogo Was Right.)

Iraq Wiretap Delay Not Quite as Presented

Dan Eggen writes in The Washington Post:

Director of National Intelligence Mike McConnell told Congress last week that a May wiretap that targeted Iraqi insurgents was delayed for 12 hours by attempts to comply with onerous surveillance laws, which slowed an effort to locate three U.S. soldiers who had been captured south of Baghdad.

But new details released this week portray a more complicated picture of the delay, which actually lasted about 9 1/2 hours and was caused primarily by legal wrangling between the Justice Department and intelligence officials over whether authorities had probable cause to begin the surveillance.

More here.

Friday, September 28, 2007

UC Faces $3M Fine for Security Breach at Los Alamos

Charles Burress writes in The San Francisco Chronicle:

Federal officials Friday affirmed a $3-million fine they had proposed to levy against the University of California for a serious security lapse last year at the Los Alamos Nuclear Laboratory in New Mexico.

The "final notice of violation" was filed by the Department of Energy's National Nuclear Security Administration, which issued a preliminary notice of the fine in July.

The fine followed an incident in which an employee of a subcontractor downloaded more than 1,000 pages of classified documents, including data on nuclear weapons design, on a thumb drive and took them to her mobile home, where they were discovered in a drug raid targeting another resident.

UC officials had objected to the fine, saying they had followed proper procedures.

More here.

Internet Access Restored in Myanmar

Via Reuters AlertNet.

Internet access was restored in military-ruled Myanmar on Saturday a day after a Web blackout believed to have been imposed to stop reports and pictures of a major crackdown reaching the outside world.

Internet users inside the former Burma were able to see domestic Web pages as well as send e-mails outside the country.

Pictures and video footage relayed by citizen reporters have played a major role in fuelling diplomatic revulsion at the crackdown against 45 years of military rule and deepening economic hardship.

More here.

U.S. Missile Intercept System Passes Latest Test

A Reuters newswire article by Jim Wolf, via MSNBC, reports that:

A U.S. interceptor missile on Friday shot down a dummy warhead replicating an incoming North Korean missile in the seventh successful test of the Boeing Co.'s long-range missile shield, the Pentagon said.

The interceptor missile was launched from Vandenberg Air Force Base on California's central coast, and its target was fired from Alaska's Kodiak Island.

U.S. critics say the missile defense tests prove little because they are highly scripted. An attacker would use decoys that would likely foil U.S. defenses, they say.

More here.

Lawsuit Claims That NHL Unfairly Controls Teams Websites


Via Reuters.

The National Hockey League is violating antitrust laws by seeking to control the Web sites that promote its teams, Madison Square Garden, home of the New York Rangers, charged in a lawsuit filed on Friday.

The lawsuit seeks to block the league from imposing a $100,000-per-day fine on the Garden, which along with the Rangers, is owned by Cablevision Systems Corp.

The league promised to impose the fine, starting on Friday, if the Rangers did not hand over "virtually complete control" of the Web site nyrangers.com, the suit said.

The suit said the league had violated state and federal antitrust laws by planning to create 30 "cookie-cutter club Web sites" that it will link to its main site, nhl.com, according to the lawsuit, filed in U.S. District Court in New York.

More here.

Three Cheers for the 'Sufficient' Internet

David Needle writes on internetnews.com:

The amazing power of the Internet as an information and communications source is trumpeted every day. But just talk to some of the guys who helped make the Internet what it is today, and the reviews aren't quite as glowing.

"Windows crashes, cell phone reception is horrible and the Internet drops packets left and right," said Ethernet inventor Bob Metcalfe. "And those are three of the technologies we rely on the most."

Metcalfe, who joined a panel of distinguished tech leaders here Thursday at an event at research institute SRI, said the Internet remains popular because it's "sufficient" in giving most people what they expect from it, and is certainly better than no Web at all.

"Reliability is expensive, and people won't pay," he said. In Metcalfe's view, the Internet is hamstrung by the ideology of its builders, who generally "treasure anonymity" and won't allow a system in which online identity can be readily verified.

More here.

Humor: The 8 Most Needlessly Detailed Wikipedia Entries


Via Cracked.com.

They say "knowledge is power," but "they" seem to forget that most of our knowledge is devoted to subjects that are completely useless and retarded. If you could somehow harness just the brain power that's currently being spent on, say, memorizing fantasy football stats, you could probably cure cancer.

Nowhere is humanity's obsession with the inconsequential more obvious than on Wikipedia, where even the most obscure topics get propped up on enormous blocks of text. Here are the most depressing--and somewhat frightening--examples.

More here.

(Props, GMSV)

Four Horsemen Alert [2]: Senators OK Triple Fines for Ignoring Net Child Porn

Anne Broache writes on the C|Net News Blog:

A bill just approved by a U.S. Senate committee would slap steeper fines on Internet service providers that fail to alert authorities when they obtain knowledge of child pornography on their servers.

Federal law already requires ISPs to file such reports "as soon as reasonably possible" to the National Center for Missing and Exploited Children's Cyber Tipline--although they're not required to proactively search for the illegal images.

The Protecting Children in the 21st Century Act, which the Senate Commerce Committee cleared by a unanimous voice vote on Thursday afternoon, would triple the fines for failure to comply with the current law--rising to up to $150,000 for the first offense and up to $300,000 for each subsequent violation.

ISPs would also have to include a variety of information in their reports that is not required by existing law, including any relevant user IDs, e-mail addresses, geographic information and IP addresses of the involved person or reported content.

More here.

Senator: Verizon Wireless Proves Need for Net Neutrality

Roy Mark writes on eWeek:

Verizon Wireless' decision to reject text messages from a pro-abortion group and its sudden reversal under public pressure is why the country needs a network neutrality law, U.S. Sen. Byron Dorgan, said Sept. 27.

Verizon Wireless had told NARAL Pro-Choice America that it would not carry text messages from the group, prompting an outcry of censorship from NARAL and other public policy advocates. All other major carriers had agreed to carry the text messages on their networks.

The nation's second largest wireless carrier quickly changed its mind and blamed the initial decision on an "incorrect interpretation" of company policy.

"Verizon may have reversed its initial decision in this case, and I'm glad they did. But the fact that they were willing and able to take their initial action is very troublesome," Dorgan said in an e-mail to eWEEK.

More here.

Judge Pushes Back On TJX Settlement

Evan Schuman writes on Storefront Backtalk:

The federal judge overseeing the consumer portion of the TJX case is concerned about the proposed settlement and wants to see TJX vouchers replaced by cash.

U.S. District Court Judge William G. Young told attorneys late Thursday that he "had a lot of questions and concerns" about the settlement, which provided for wronged consumers to be given $30 TJX vouchers, according to Thomas G. Shapiro, an attorney representing some of the consumer plaintiffs who was present in the courtroom.

Attorneys on both sides had asked that the judge approve the proposed settlement and that he remove the trial—currently slated for July 2008—from the court calendar. Young, however, refused to do that and ordered that the trial date be maintained and he scheduled another hearing for October.

More here.

Off Beat: USGS Computer Glitches Spawn Reports of Bogus Earthquakes

Mark Gomez writes in The Mercury News:

A series of earthquakes that reportedly shook the East Bay this morning didn't actually happen, according to the United States Geographical Survey.

Shortly before 7 a.m. the USGS reported multiple earthquakes with preliminary magnitudes ranging from 3.8 to 5.2 in the East Bay and North Bay.

Within a matter of minutes, the USGS Web site that lists earthquake activity was showing no temblors today in the Bay Area.

"The earthquakes were incorrectly reported due to computer glitches, and the system has since corrected itself," USGS spokeswoman Leslie Gordon said.

More here.

Storm: The Largest Botnet in The World?

Cara Garretson writes on Network World:

Storm may not be the most creative or malicious piece of malware ever written, but it’s on track to become the most productive; threat researchers’ recent estimates put the number of PCs it has infected at more than 1 million.

First showing up on researchers’ radars about a year ago, Storm is defined by some as a worm, others as a Trojan Horse. [It is both. -ferg]

Though it has gone by many names, Storm — referring to the spam blasts it’s been behind that mention storms — has stuck.

More here.

Dot-Name Becomes Cybercrime Haven

Ryan Singel writes on Wired News:

The company that controls the .name registry is charging for access to domain registration information, a step that security researchers say frustrates their ability to police the internet and creates a haven for hackers who run internet scams.

When security researchers investigate spam and phishing activity on the internet, they rely on special Whois directories, which list the owner of a domain name, their hosting service and their contact information.

They can use the information to track down who is responsible for a particular scam and to notify innocent webmasters if a portion of their site has been hijacked by black-hat hackers.

ICANN, which sets the rules for the internet's top-level domain names such as .com and .net, has traditionally required registrars to make Whois data publicly searchable as a condition of the companies' right to sell domain names.

But Global Name Registry, or GNR, which administers domain names ending in .name (that are intended for use by individuals e.g., johndoe.name), won the right to create tiered levels of Whois access, where public searches show very little information beyond what registrar sold the name and what name servers the site uses.

More here.

Four Horsemen Alert: FBI Chief Discusses 'Shadows of the Internet'

Claudia Parsons writes for Reuters AlertNet:

A London student known online as "Irhabi 007" served as a vital communications link in three militant plots that had once appeared unrelated, FBI Director Robert Mueller said on Friday.

Mueller disclosed details of the student's role as a way, he said, of illustrating the importance of the Internet as a communications channel in modern terrorism and the challenges authorities face in tracking down militants.

"The threat exists not only in the mountains of Pakistan, but also in the shadows of the Internet," Mueller told the Council on Foreign Relations in a speech.

More here.

Note: Background on the "Four Horsemen of the Information Apocalypse" can be found here.

Should've Seen This Coming: Burmese Demonstrations Social Engineering


Via The Sophos Labs Blog.

As is often the case with high profile news stories, malware authors are quick to theme the social engineering of their attacks accordingly.

More here.

Image source: Sophos

NSA Writes More Potent Malware Than Hackers

John Leyden writes on The Register:

A project aimed at developing defences against malware that attacks unpatched vulnerabilities involved tests on samples developed by the NSA.

The ultra-secretive US spy agency supplied network testing firm Iometrix with eight worms as part of its plans to develop what it describes as the industry's first Zero-day Attack Test Platform.

Richard Dagnell, VP of sales and marketing at Iometrix, said the six month project also featured tests involving two worm samples developed by a convicted hacker. The potency of the malware supplied by the NSA far exceeded that created by the hacker.

More here.

Quote of the Day: Bruce Schneier

"Privacy is part of security. We don't give up privacy to get security. And there's a lot of talk about that after 9/11 for terrorism -- that we must give up privacy in the name of security. But we know that's ridiculous."

- Bruce Schneier, quoted in an interview with Canada AM.

New York Times Recovers After Network Failure

Thomas Claburn writes on InformationWeek:

The New York Times was back to its regular schedule Thursday after the internationally known newspaper experienced a network failure of more than three hours Wednesday afternoon.

In a detailed internal e-mail to staffers, New York Times general manager and president, Scott Heekin-Canedy, said a network and phone outage crippled the paper's critical network-dependent systems, including ones used to "produce the news and advertising content."

According to the memo seen by InformationWeek, the backup server management software failed, leaving redundant systems waiting for word to step in and save the network.

The Times' IT staff and executives from Nortel, the media company's equipment provider, managed to restore the newspaper's systems in New York by 7:30 p.m. in time to publish its Thursday morning edition.

More here.

Cox Telecom Worker Pleads Guilty To Sabotage, Crashing Service

Sharon Gaudin writes on InformationWeek:

A Cox Communications employee pleaded guilty to hacking into the telecom's computer system, knocking out service in several parts of the country.

William Bryant, 38, of Norcross, Ga., faces a maximum sentence of 10 years in prison and a $250,000 fine for the May 6 incident. The U.S. Attorney's Office reported that his attack crashed sections of the company's system, causing the loss of computer and telecommunications services for Cox customers throughout Dallas, Las Vegas, New Orleans, and Baton Rouge. The outage included emergency 9-1-1 services.

Cox technicians reportedly restored service within hours.

More here.

Thursday, September 27, 2007

Quote of the Day: Mike Masnick

"People don't want to buy mobile phone service from an entertainment company -- especially when it's ultra expensive and has little in the way of features that are actually useful."

- Mike Masnick, the Pundit-in-Chief over at techdirt.com, discussing the all-too-predictable failure of the Disney cellphone service targeted to kids.

Mike echos something that I have also been saying for several years now -- there seems to be this idiotic trend with cellphone MVNOs who try to shove "services" down the consumer's throats, charge them an enormous amount of money for the priviledge, and then wonder why they fail to succeed in the market.


FBI Faces Deep Cuts in Programs to Fight Crime


Paul Shukovsy and Daniel Lathrop write in The Seattle Post-Intelligencer:

The Bush administration's 2008 budget cuts deeply into the FBI's crucial criminal program, further crippling the bureau's ability to tackle white-collar fraud, police abuse, civil rights violations and many other crimes, a Seattle P-I analysis has found.

A larger budget battle is brewing between the White House and Congress, leading lawmakers to challenge the cuts to the FBI, which could take effect as soon as Monday, the start of the federal fiscal year.

But the Democratic majority's spending plan -- under the ever-present threat of a presidential veto -- restores only a small fraction of the FBI agents needed to keep the criminal program at current levels.

Through accounting sleight of hand, President Bush's plan concentrates the loss of thousands of unfilled staff positions across the FBI on its criminal program by transferring hundreds more agents to counterterrorism operations -- continuing a trend that started after 9/11.

More here.

Rolling Stone: The Ballistic Missile Defense Scam


Jack Hitt writes on Rolling Stone:

The Shield Star Wars began as a Reagan-era fantasy. Under Bush, it is now the most expensive weapons system in the history of man.

It has never been successfully tested. It will never be finished. And it is completely unnecessary.

Much more here.

Image source: Rolling Stone / U.S. Navy

German Company Puts the Infamous 'Anti-Hacker' Law to Test

Via net-security.org.

Thierry Zoller, Security Engineer at German tech company n.runs AG, posted a message to the Full Disclosure list saying that n.runs is now putting the new local "anti-hacker" law to test:

We are fed up with the ambiguity and confusion surrounding Germany controversial new anti-hacker law and n.runs AG decided to put the law to the test, we reuploaded the BTCrack (Bluetooth Cracking tool) and futhermore added a new Item, the source code to the Linux port for immediate download.

The law, which took effect Aug. 10, mandates fines or prison sentences for any person who violates 202a or 202b "by providing access to, selling, acquiring, leaving at the disposition of someone, distributing or otherwise making accessible" passwords or access control information. It also outlaws computer programs whose purpose is solely criminal.

N.runs hopes its actions will encourage other German security firms and researchers to put their security tools and research back online as well.


More here.

Off Beat: Who Wants To Be In Ben Stein’s Movie? Not Richard Dawkins...

Cornelia Dean writes in The New York Times:

A few months ago, the evolutionary biologist Richard Dawkins received an e-mail message from a producer at Rampant Films inviting him to be interviewed for a documentary called “Crossroads.”

The film, with Ben Stein, the actor, economist and freelance columnist, as its host, is described on Rampant’s Web site as an examination of the intersection of science and religion. Dr. Dawkins was an obvious choice. An eminent scientist who teaches at Oxford University in England, he is also an outspoken atheist who has repeatedly likened religious faith to a mental defect.

But now, Dr. Dawkins and other scientists who agreed to be interviewed say they are surprised — and in some cases, angered — to find themselves not in “Crossroads” but in a film with a new name and one that makes the case for intelligent design, an ideological cousin of creationism. The film, “Expelled: No Intelligence Allowed,” also has a different producer, Premise Media.

The film is described in its online trailer as “a startling revelation that freedom of thought and freedom of inquiry have been expelled from publicly-funded high schools, universities and research institutions.” According to its Web site, the film asserts that people in academia who see evidence of a supernatural intelligence in biological processes have unfairly lost their jobs, been denied tenure or suffered other penalties as part of a scientific conspiracy to keep God out of the nation’s laboratories and classrooms.

More here.

(Props, Crooks and Liars.)

Ex-NASA Workers Accused of Stashing Kiddie Porn on Federal Computers

Henry K. Lee writes in The San Francisco Chronicle:

Two former NASA officials were indicted by a federal grand jury in San Jose today on charges of possessing child pornography on their government computers.

Christopher Burt Wiltsee, 56, of Morgan Hill and Mark Charles Zelinsky, 56, of San Bruno were named in separate indictments handed down today.

Wiltsee was employed in at the Ames Research Center of the National Aeronautics and Space Administration in June 2005 when he possessed images of child pornography on a government computer, the indictment against him said.

Zelinsky was employed at the same facility in August 2005 when he also allegedly had child-pornography images on his government computer, authorities said.

NASA Ames spokesman Mike Mewhinney confirmed today that both men no longer work at the center.

More here.

San Francisco: Cut Cable Halts Service for 1,300 AT&T Customers

Ryan Kim writes in The San Francisco Chronicle:

About 1,300 AT&T customers in the Richmond District of San Francisco who lost their telephone and DSL service around noon today should have their service restored by Friday evening, company officials said.

The outage happened when independent contractors working on a sewer line at 9th Avenue and Clement Street accidentally severed an underground cable, an AT&T spokesman said. The accident left customers without a dial tone and Internet access. About 330 customers called AT&T to complain about the failure.

AT&T workers began restoring service to some customers at around 1 p.m. today and plan to have the rest of the work finished by 8 p.m. Friday. The process involves identifying and reconnecting 2,400 separate twisted pairs of copper wire that run along one 3-inch cable.

More here.

Happy 9th Birthday, Google



More here.

U.S. Army Blocks Some Time Warner E-mails & Web Sites Over Security Breach

Via WWNY TV 7.

A Pentagon source said Wednesday that certain Time Warner e-mails and Web sites have been blocked on Army computers around the world due to a security breach.

That means people at Fort Drum, who use computers to send and receive certain e-mails or access certain Web sites, are unable to do so.

The Army blocked Time Warner Business Class servers last week.

More here.

(Props, Danger Room.)

Gadget of the Day: Portable Cell Phone Jammer


Mike Elgan writes on ComputerWorld:

Can you hear me now? No? Maybe that guy sitting on the other side of the restaurant is jamming your call.

Cell phone jammers, which scramble the signal of any incoming or outgoing cell phone call within a certain range, are illegal in the U.S. But that doesn't stop dozens of online catalogs from selling them to American buyers.

Although available for years, cell phone jammers are rare. You probably have never had your phone jammed. The reason is that, historically, jammers have been expensive, large and generally conspicuous looking.

Suddenly, all that has changed.

More here.

Image source: Brando

EFF FIles Suit Against DoJ Over Stealth Campaign to Block Surveillance Suits

Via EFF DeepLinks.

The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice (DOJ) today, demanding any records of a telecom industry lobbying campaign to block lawsuits over their compliance with illegal electronic surveillance. EFF's lawsuit comes as Congress debates letting telecommunications companies off scot-free as part of the hotly disputed "modernization" of the Foreign Intelligence Surveillance Act (FISA).

EFF represents the plaintiffs in Hepting v. AT&T, a class-action lawsuit brought by AT&T customers accusing the telecommunications company of violating their rights by illegally assisting the National Security Agency in domestic surveillance. The Hepting case is just one of many suits aimed at holding telecoms responsible for knowingly violating federal privacy laws with warrantless wiretapping and the illegal transfer of vast amounts of personal data to the government.

The government has intervened and moved for dismissal of many of these lawsuits. The DOJ has also pushed for changes to federal law that would ensure the telecoms are not held responsible for their role in the warrantless surveillance. Meanwhile, the DOJ has not responded to EFF's Freedom of Information Act (FOIA) requests to disclose records concerning any lobbying activities regarding potential immunity for the telecom industry.

More here.

'Radical Rethinking' of Internet Routing Under Way

Carolyn Duffy Marsan writes on NetworkWorld:

Some of the world’s top network engineers are engaged in a research effort that could lead to the most radical redesign of the Internet’s underlying routing architecture since it was developed in the 1980s.

The Internet Research Task Force (IRTF) is searching for a new routing architecture that would improve the Internet’s ability to scale to support potentially billions of new users in developing countries.

The IRTF is a sister organization of the Internet Engineering Task Force, one of the Internet’s leading standards bodies.

More here.

Internet, Mobile Phone Lines Cut in Attempt to Hide Burma's Peril

Gina M. Scott writes on Government Technology:

Most of Burma's (Myanmar) mobile phone lines have been cut and the Internet network has been drastically reduced since the military junta cracked down on peaceful protesters this week. Charges by police and troops on demonstrators in Rangoon, especially near the Shwedagon pagoda, have left several dead, while dozens of people have been arrested and injured. Security forces opened fire on demonstrators near the Tarder Hotel in the centre of Rangoon Thursday.

As the security forces step up their crackdown by firing on crowds and arresting hundreds of monks and pro-democracy activists, communications continue to be severely disrupted by the authorities.

Internet communication has been slowed right down while more mobile phones have been disconnected. Many blogs maintained by Burmese citizens have been made inaccessible by the authorities. Despite these restrictions, pictures and reports continue to get out of the country thanks to the foreign journalists present there and to Burmese journalists.

More here.

UK Businesses Are Stalling on PCI Compliance

Fiona Raisbeck writes on SC Magazine Online:

Just one in ten UK businesses are fully PCI DSS compliant, despite the looming 30 September deadline for some organisations.

According to a survey by the Logic Group, six per cent of companies have not started the compliance process or are not even planning to.

This could be due to a lack of information about the updated requirements. More than half of those surveyed said that they did not get enough support from banks and international card schemes.

More here.

Spy Charges for U.S. Computer Duo

Via The BBC.

Two computer engineers in the US state of California have been charged with conspiring to steal microchip designs to sell to the Chinese military.

US citizen Lee Lan and Chinese national Ge Yuefei are accused of stealing computer chip designs from their employer Netlogics Microsystems.

The two are alleged to have formed a company to develop chips based on the stolen designs.

They then contacted the Chinese army to sell the chips, prosecutors said.

More here.

Wednesday, September 26, 2007

Toon of the Day: Crash Course


Click for larger image.

Gapingvoid: The Network

Via gapingvoid.com. Enjoy!


Verizon Rejects Abortion Rights Group’s Messages - UPDATE

Adam Liptak writes in The New York Times:

Saying it had the right to block “controversial or unsavory” text messages, Verizon Wireless has rejected a request from Naral Pro-Choice America, the abortion rights group, to make Verizon’s mobile network available for a text-message program.

The other leading wireless carriers have accepted the program, which allows people to sign up for text messages from Naral by sending a message to a five-digit number known as a short code.

The dispute over the Naral messages is a skirmish in the larger battle over the question of “net neutrality” — whether carriers or Internet service providers should have a voice in the content they provide to customers.

“This is right at the heart of the problem,” said Susan Crawford, a visiting professor at the University of Michigan law school, referring to the treatment of text messages. “The fact that wireless companies can choose to discriminate is very troubling.”

More here.

UPDATE: 13:25 PDT, 27 September 2007: Verizon has reversed its decision on this issue.

U.S. Spies Prep Reporters on Protecting Secrets


Josh Gerstein writes in The New York Sun:

Frustrated by press leaks about its most sensitive electronic surveillance work, the secretive National Security Agency convened an unprecedented series of off-the-record "seminars" in recent years to teach reporters about the damage caused by such leaks and to discourage reporting that could interfere with the agency's mission to spy on America's enemies.

The half-day classes featured high-ranking NSA officials highlighting objectionable passages in published stories and offering "an innocuous rewrite" that officials said maintained the "overall thrust" of the articles but omitted details that could disclose the agency's techniques, according to course outlines obtained by The New York Sun.

Dubbed "SIGINT 101," using the NSA's shorthand for signals intelligence, the seminar was presented "a handful of times" between approximately 2002 and 2004, an agency spokeswoman, Marci Green, confirmed yesterday. Officials were pleased with the program, she said.

More here.

U.S. Military Deaths in Iraq at 3,800, Afghanistan 375

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Wednesday, Sept. 26, 2007, at least 3,800 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,098 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

As of Wednesday, Sept. 26, 2007, at least 375 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Sept. 22, 2007.

Of those, the military reports 249 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Court Slaps Credit Agency for Ruining Man's Reputation

Bob Egelko writes in The San Francisco Chronicle:

A federal appeals court has reversed itself and ruled that a Southern California man's rights were violated by a credit agency that put an erroneous court filing on his record, refused to change it when he complained and wrecked his hopes of starting a business.

The Ninth U.S. Circuit Court of Appeals in San Francisco had voted 2-1 in May to dismiss Jason Dennis' lawsuit, saying the credit agency had conducted an adequate investigation of his case. But on Tuesday, the same panel, by a 3-0 ruling, not only reinstated the suit but also found the agency negligent for failing to correct the error.

The court told a federal judge who had previously dismissed the suit to decide how much Dennis should receive in damages and attorney's fees from Experian Information Solutions, a credit reporting agency. The court also said Dennis was entitled to a trial on his claim that Experian failed to adopt reasonable procedures to assure accurate reporting, which could lead to additional damages.

"This case illustrates how important it is for Experian, a company that traffics in the reputations of ordinary people, to train its employees to understand the legal significance of the documents they rely on," Judge Alex Kozinski wrote. Kozinski had dissented from the ruling in May, by Judges Diarmuid O'Scannlain and Carlos Bea, that threw out the lawsuit.

More here.

SCADA Watch: Government Video Shows Mock Hacker Attack

An AP newswire article by Ted Bridis, via MSNBC, reports that:

A government video shows the potential destruction caused by hackers seizing control of a crucial part of the U.S. electrical grid: an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down.

The video, produced for the Homeland Security Department and obtained by The Associated Press on Wednesday, was marked "Official Use Only." It shows commands quietly triggered by simulated hackers having such a violent reaction that the enormous turbine shudders as pieces fly apart and it belches black-and-white smoke.

The video was produced for top U.S. policy makers by the Idaho National Laboratory, which has studied the little-understood risks to the specialized electronic equipment that operates power, water and chemical plants. Vice President Dick Cheney is among those who have watched the video, said one U.S. official, speaking on condition of anonymity because this official was not authorized to publicly discuss such high-level briefings.

More here.

Off Beat: U.S. Navy to Mask Swastika-Shaped Barracks

The buildings, constructed in the 1960s, are on the Coronado amphibious base and serve as a barracks for Seabees. Image source: LA Times / Google Earth

Tony Perry writes in The Los Angeles Times:

The U.S. Navy has decided to spend as much as $600,000 for landscaping and architectural modifications to obscure the fact that one its building complexes looks like a swastika from the air.

The four L-shaped buildings, constructed in the late 1960s, are part of the amphibious base at Coronado and serve as barracks for Seabees.

From the ground and from inside nearby buildings, the controversial shape cannot be seen. Nor are there any civilian or military landing patterns that provide such a view to airline passengers.

But once people began looking at satellite images from Google Earth, they started commenting about on blogs and websites about how much the buildings resembled the symbol used by the Nazis.

More here.

(Props, Truthdig.)

White House to Create a Cyber War Czar?

Brian Ross and Vic Walter report on ABC News' "The Blotter":

The White House is preparing a new initiative to protect against what it fears could be a crippling attack against the U.S. by computer, from overseas, and in particular, from China.

After a series of cabinet-level meetings this month at the White House, computer security analysts say the Bush administration is considering creating a new agency or cyberwar center to better protect the federal government's computers and find ways to help private companies and public utilities fend off computer attacks.

Those attacks, which could be just a few key strokes away, could shut down U.S. power grids and communication and banking systems, security analysts warn.

More here.

Judge Rules Part of Patriot Act Unconstitutional

An AP newswire article, via MSNBC, reports that:

Two provisions of the USA Patriot Act are unconstitutional because they allow search warrants to be issued without a showing of probable cause, a federal judge ruled Wednesday.

U.S. District Judge Ann Aiken ruled that the Foreign Intelligence Surveillance Act, as amended by the Patriot Act, "now permits the executive branch of government to conduct surveillance and searches of American citizens without satisfying the probable cause requirements of the Fourth Amendment."

Portland attorney Brandon Mayfield sought the ruling in a lawsuit against the federal government after he was mistakenly linked by the FBI to the Madrid train bombings that killed 191 people in 2004.

More here.

TJX Credit-Monitoring Offer No Good For 99% Of Breach Sufferers

Jon Brodkin writes on NetworkWorld:

TJX customers who lost a whopping 45.2 million credit or debit card numbers will not be offered credit monitoring in the tentative settlement TJX drafted in hopes of smoothing over its data breach controversy.

TJX is offering three years of credit monitoring and identity theft insurance, but only to 455,000 customers who returned merchandise to TJX stores without receipts. The entire breach affected 45.7 million card numbers, the owners of which will be offered vouchers that can be used at TJX stores.

More here.

Quote of the Day [2]: Mike Rothman

"I know a lot of security professionals feel like they are just banging their heads against the wall, day in and day out. Most have nice, thick calluses on their forehead, so it doesn't even hurt too much after a while."

- Mike Rothman, writing on Security Incite Rants.


Quote of the Day: Steven Aftergood

"This would turn Patrick Henry's revolutionary slogan 'Give me liberty or give me death!' upside down into a pusillanimous 'Take my liberties but don't hurt me!' After years of fear-mongering by government officials, this may turn out to be an accurate reflection of American character today."

- Steven Aftergood, writing on Secrecy News (from the Federation of American Scientists Project on Government Secrecy).


UK: Website Glitch Exposes Travelodge Customer Details

Tom Young writes on Computing:

A glitch on the web site of hotel chain Travelodge led to names, addresses and parts of credit card numbers being accessible to other customers.

One affected site user claimed thousands of records could have been exposed. But Travelodge said that only a small proportion could have been accessed in the time that it took to fix the fault.

A customer discovered the problem by clicking on the link in a booking confirmation email and changing the booking number. The result was access to other customers’ orders showing their name, postal address and the last four digits of the credit card number.

More here.

Websense: Storm Worm Chronology

Via Websense Security Labs.

The notorious "Storm Worm" series of spam attacks is interesting for several reasons. One, of course, is its simplicity as a social engineering attack. The lures are presented as very short, simple emails, enticing the victim to click the links proferred, and run the downloaded file.

Secondly, the scope of the attacks are unprecedented. It is generally accepted that the point of these attacks is to build a huge botnet for financial gain. Stock pump-and-dump scams, and even DDOS attacks have been blamed on it. In other words, although the attacks are very basic, they have had widespread success.

A third point of interest, and the research focus for this blog, is the structure of the spam runs themselves. The accepted notion is that the runs are distinct from one another based on their subject matter. For example, we consider "NFL" spam to be one instance of the Storm attack, and "ArcadeWorld" another, but we cannot by that alone make an assertion regarding their specific rate of occurrence and precise ordering. Our goal is to confirm the ordered relationship between subjects, and to use the resulting distribution and frequency data to build a volume-based chronology.

Much more here.

Very, very nicely done! - ferg

Tracking by Cell Phone: No Warrant Needed

Linda Rosencrance writes on ComputerWorld:

A federal court in Massachusetts has ruled that the government doesn't need probable cause to obtain a warrant allowing it to use a person's cell phone to track his past movements.

According to the ruling by the U.S. District Court in Massachusetts, law enforcement officials only need to show the information is "relevant to an ongoing investigation."

The decision stems from an appeal by the government of a magistrate judge's ruling that required members of law enforcement to show probable cause before they could be issued a warrant to gain access to an individual's past movements from cell phone providers. Cell phone companies can track a customer's movements by identifying the cell tower or towers through which his calls were handled. The case is sealed because it is part on an ongoing criminal investigation.

More here.

TJX Encryption, Data Retention Details Trickle Out

A Ziff Davis Internet article by Evan Schuman, via eWeek, reports that:

TJX is still retaining customer data for far too long—months—and for the wrong reasons, although it's current wireless efforts appear adequate, according to a report issued Sept. 25 by the Office of the Privacy Commissioner of Canada and the office of the Information and Privacy Commissioner of Alberta.

The report shed light on a few details of the TJX situation, but it didn't answer the critical questions of how it happened. Reports have focused on a wireless hack and on breaking into a job application kiosk.

The Canadian report made a cursory reference to the wireless effort, but couched it by saying that "TJX informed us that the intruder may have gained entry into the system outside of two stores in Miami, Florida." If taken literally, that says little, other than wireless access is still one of the main theories of TJX. The report mentioned nothing about any other theories.

The only new detail is the reference to Miami. Prior reports—beginning with a May report in the Wall Street Journal—had fairly consistently placed the point of wireless penetration in St. Paul, Minn. But with no specifics as to the method used, those details are relatively meaningless.

More here.

Getting Pinched


Via the Kaspersky Labs blog.

Pinch is a true omnivore – it grabs just about everything it can from the victim machine: the Windows license number, system information, a list of programs installed, as well as ICQ, email and FTP passwords, and passwords saved to Windows Protected Storage.

On the most productive days, the person behind the mass mailings managed to collect up to a hundred logs. And his e-store has a whole bunch of ICQ numbers for sale, presumably stolen from victim machines. He's clearly out to make money – given that malware writers have made the shift from simple disruption to clearly criminal activity, that's no surprise. However, what he maybe doesn't realize is that a careful analysis of Pinch leads to a wealth of information about the author - name, date of birth, town, mobile number and various other personal data.

Good news for those fighting cyber crime, but not so great for those involved in illegal activity.

More here.

Image source: Kaspersky Labs blog

Robert Moore Tells How He Broke Into Routers And Stole VoIP Services

Sharon Gaudin writes on InformationWeek:

Convicted hacker Robert Moore, who is set to go to federal prison this week, says breaking into 15 telecommunications companies and hundreds of businesses worldwide was incredibly easy because simple IT mistakes left gaping technical holes.

Moore, 23, of Spokane, Wash., pleaded guilty to conspiracy to commit computer fraud and is slated to begin his two-year sentence on Thursday for his part in a scheme to steal voice over IP services and sell them through a separate company. While prosecutors call co-conspirator Edwin Pena the mastermind of the operation, Moore acted as the hacker, admittedly scanning and breaking into telecom companies and other corporations around the world.

"It's so easy. It's so easy a caveman can do it," Moore told InformationWeek, laughing. "When you've got that many computers at your fingertips, you'd be surprised how many are insecure."

Pena, who is charged with acting as a legitimate wholesaler of Internet-based phone services as part of what the government called a "sophisticated fraud," fled the country a year ago and is wanted as a fugitive. Assistant U.S. Attorney Erez Liebermann said Pena allegedly stole and then sold more than 10 million minutes of service at deeply discounted rates, netting more than $1 million from the scheme.

More here.

Fraud Police Buckling Under Mountains of Data

Jeremy Kirk writes on ComputerWorld UK:

Fraud investigators are struggling to cope with vast quantities of data sent to them by financial institutions, meaning some crimes may go uninvestigated or even unnoticed, experts said on Wednesday.

The issue is prompting banks and other financial institutions to ask law enforcement and regulators to share with them more of the data they have about suspicious transactions, in order to better combat fraud.

Banks and transfer agencies are required by regulators in the US and the UK to file reports when they detect a potentially illegal transaction, said Olga Maitland, head of the International Association of Money Transfer Networks, at the Fraud World 2007 conference in London.

Up to 300,000 Suspicious Activity Reports (SARs) are filed per month in the US, and up to 200,000 a year in the UK, but most of those reports "disappear into a black hole" because law enforcement agencies don't have the resources to investigate each one, she said.

More here.

Tuesday, September 25, 2007

Syrian Embassy UK Website Hacked

Click for larger image.


Via Websense Security Labs.


The site www.syrianembassy.co.uk contains three unique iframes that direct visitors to malicious Web sites. The iframes use various techniques to evade detection, including Javascript Obfuscation. The iframes point to hosts in the United States, Malaysia, and the Ukraine.

The Mpack attack toolkit is hosted on one of these sites and attempts several exploits depending on OS, browser, and plugin versions. The end result is that two Trojan Downloaders are dropped on visitors' computers from two of the iframes.

More here.

Note: At this moment, this website still contains malicious content. - ferg

Judge in Spector Trial Gets MySpace Threat as Jury Deliberates

Dan Whitcomb writes for Reuters:

A MySpace posting declaring that the judge in the Phil Spector murder trial "should die" was being investigated by Los Angeles police on Tuesday as jurors deliberated for an 11th day in the sensational case.

The posting appeared over the weekend on a MySpace page possibly belonging to Spector's wife, Rachelle, and read: "I love Phil Spector -----!!! The Evil Judge Should Die!!!! Xoxo Chelle," Los Angeles Superior Court spokesman Allan Parachini said.

Parachini said the MySpace page, which features a picture of Rachelle Spector wearing a "Team Spector" T-shirt, was referred to a special sheriff's department unit which protects and judges and investigates such threats.

The posting has since been removed.

More here.

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Tuesday, Sept. 25, 2007, at least 3,799 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,098 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

As of Tuesday, Sept. 25, 2007, at least 375 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Sept. 22, 2007.

Of those, the military reports 249 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

New Legislation Would Reform National Security Letters

Via The Center for Democracy & Technology (CDT).

Senators Russ Feingold (D-WI) and John Sununu (R-NH) have introduced a bill to reform National Security Letters -- demands issued by FBI agents without a judge's approval to compel disclosure of financial, telephone, Internet and other records.

Under the proposed NSL Reform Act, the FBI could still use an NSL to obtain less sensitive information such as a person's name, address and account identifying information, but more sensitive information such as financial details or logs of the e-mail addresses would require a different process, such as a court order or a subpoena.

More here.

MIT Hackers Prank Harvard Statue With Master Chief Helmet, Assault Rifle


Via MIT's "The Tech".

In recognition of the release of Halo 3, a highly anticipated video game by Microsoft and Bungie, MIT hackers adorned the John P. Harvard statue, in Harvard Yard, with a Spartan helmet.

The back of the helmet, which is worn by the protagonist of the game, Master Chief, was labeled with “Master Chief in Training.” The statue was decorated with an assault rifle (bullet count of 2E), as well as a Beaver emblem on the right shoulder.

More here.

(Props, Engadget. Image source: The Tech.)

eBay Forum Mysteriously Leaks Account Details on 1,200 Users

Dan Goodin writes on The Register:

Hackers brazenly posted sensitive information including home addresses and phone numbers for 1,200 eBay users to an official online forum dedicated to fraud prevention on the auction site.

The information - which also included user names and email, and possibly their credit card numbers and three-digit CVV2 numbers - was visible for more than an hour to anyone visiting the forum. The miscreants appeared to create a script that caused each user to log in and post information associated with the person who owned the account. The script spit out about 15 posts per minute, starting around 5:45 a.m. California time.

An eBay spokeswoman said the posts were not the result of a security breach on eBay and that the credit card numbers contained in the posts were not those eBay or PayPal had on file for those users. eBay representatives have begun contacting all users whose information was posted to head off any further fraud and to learn more about the attack.

More here.

Countdown: Bush Used Bogus Terror Threat To Scare Votes For FISA Bill

MSNBC Countdown's Keith Olbermann

Via Crooks and Liars.

Keith Olbermann has been tracking the Bush Administration’s use of trumped up terror alerts to manipulate the American people for the past two years, but in this latest Nexus of Politics & Terror report on Countdown, it appears the president stooped to a new low by using a bogus terror threat that specifically targeted Capitol Hill to manipulate members of Congress just hours before a crucial vote on the FISA bill last August.

According to Rep. Jane Harman (D-CA), Chairwoman of the House Homeland Security Subcommittee on Terrorism Risk Assessment, the Bush administration knowingly used bogus intelligence to make lawmakers believe there was the chance of an imminent attack on the U.S. Capitol, thus frightening them into passing the temporary expansion of his powers to spy on Americans under the FISA act.

More here.

Vonage to Pay Sprint $69.5 Million

An AP newswire article, via PhysOrg.com, reports that:

Internet telephone company Vonage Holdings Corp. was ordered in federal court Tuesday to pay Sprint Nextel $69.5 million in damages for infringing on six telecommunications patents owned by competitor Sprint Nextel Corp.

Vonage shares plunged 66 cents, or more than 33 percent, to close at $1.30. Trading was temporarily halted after news of the verdict broke.

It was the second verdict against the Holmden, N.J.-based company this year. A jury in Virginia determined in March that Vonage had violated three Verizon patents in building its Internet phone system. The jury awarded Verizon $58 million in damages plus 5.5 percent royalties on future revenues.

Sprint sued Vonage in 2005, claiming the upstart company had infringed on seven Sprint patents for connecting Internet phone calls.

More here.

Toon of the Day: Things That Survive Forever


Click for larger image.

VeriSign: DoS Attack Could 'Shut Down The Internet'

Tom Espiner writes on ZDNet UK:

Denial-of-service attacks are growing faster than bandwidth is being added to the internet, according to VeriSign, the company that administers the .com domain.

Criminal groups selling services online are increasingly threatening the fabric of the internet, as the size of the compromised networks of computers they control increases, according to VeriSign.

The company claimed that a successful denial-of-service (DoS) attack against VeriSign could bring down the internet. "There are attacks attempting to shut down our servers," said Ken Silva, VeriSign's chief security officer. "This would effectively shut down the internet."

Silva said that although DoS attacks are difficult to trace, there are "a couple of well-known groups in Russia, China and Romania" that may be acting with their government's knowledge. "It would be hard to imagine groups who have this much activity going unnoticed by their governments," he said.

More here.

EchoStar to Buy Sling Media

Via Reuters.

EchoStar Communications Corp said on Monday that it will buy Sling Media Inc, a privately held company known for its Slingbox device that relays home television programs to laptops and cell phones.

EchoStar, parent of the Dish Network Satellite Television service, said the deal values Sling Media at approximately $380 million, payable in cash and EchoStar options.

The transaction is expected to close in the fourth quarter of 2007, EchoStar said.

The Slingbox connects cable and satellite TV set-top boxes to the Internet. As a result, cell phones and other Web-connected devices can show what's on a customer's living room TV.

More here.

Monday, September 24, 2007

Magna Carta Is Going on the Auction Block



James Barron writes in The New York Times:

The 2,500 words fill a page that is a couple of inches shorter than this one, but almost as wide. The faded letters in Latin are unreadable in places. Something that looks like a scraggly, russet-colored tail hangs from the bottom.

It is the document that laid the foundation for fundamental principles of English law. Angry colonists complained long before the Boston Tea Party that King George III had violated it. The men who drafted the United States Constitution and the Bill of Rights borrowed from it.

It is Magna Carta, agreed to by King John of England in 1215 and revised and reaffirmed through the 13th century. The tail dangling off the page is a royal seal.

And it is about to go on sale.

More here.

Image source: Wikipedia

Toon of the Day: Missing in Action


Click for larger image.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Sept. 24, 2007, at least 3,798 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,096 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

McTiernan Jailed in Pellicano Wiretap Case

Ed Pilkington writes in The Guardian:

The director of such blockbuster movies as Die Hard and The Thomas Crown Affair yesterday became the latest casualty of a scandal surrounding a disgraced Los Angeles private detective when he was sentenced to four months in prison for lying to the FBI.

John McTiernan was given the jail term after he admitted last year misleading federal agents investigating the case of Anthony Pellicano, a private investigator charged with setting up illegal wiretaps to pry on several Hollywood celebrities.

McTiernan confessed that he had paid Pellicano $50,000 to bug the phone of the producer of his 2000 film Rollerball, Charles Roven, whom he suspected of undermining him in front of financial backers and studio executives. The director acknowledged that he had lied to the FBI during the course of their investigations, telling agents that he had only called on Pellicano's services to help with his divorce.

McTiernan recently tried to withdraw his guilty plea, arguing through lawyers that when he gave the false information to the FBI he had been exhausted from a long work trip to Asia and from taking antibiotics for a sinus infection. The judge, Dale Fischer, rejected the request, saying he had shown "no remorse, just excuses".

More here.

Lots of background here.