Saturday, October 20, 2007

In Memoriam: Abha Ahuja

Abha Ahuja
1972 -- October 20, 2001

Programming Note: Light Posting This Weekend

...while entertaining family from out-of-town.

Back to normal on Monday.


- ferg

Friday, October 19, 2007

Firefox Released

Several (8) security fixes:

MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:

Details here. Get v2.0.0.8 here. - ferg

Thursday, October 18, 2007

xkcd: Photoshopping Fun

Click for larger image.

We love xkcd.

Copyright Showdown: Standing Up To Takedown Notices

Catherine Rampell writes in The Washington Post:

On a chilly February day, Stephanie Lenz decided to show her family and friends what her bouncing baby boy could do. She plopped 13-month-old Holden, then learning to walk, on the floor, cranked up Prince's song "Let's Go Crazy" and whipped out the digital camera.

In the 29-second YouTube video that resulted, Holden smiles and bobs up and down to the music. According to Universal Music Publishing Group, he also helps his mom commit a federal crime: copyright infringement.

In June, Universal, which owns the rights to Prince's song, sent a notice to YouTube requesting the video be taken down but did not take action against Lenz. On the contrary, Lenz sued Universal for abusing copyright law.

"The idea that putting a little video of your kid up on YouTube can mean you have to go to court, and maybe declare bankruptcy and lose your house, is just wrong," Lenz said. "I don't like being made to feel afraid, and I don't like being bullied."

More here.

Web 2.Woe: Simple Security Flaws Going Unfixed

Liam Tung writes on ZDNet Australia:

Web application vulnerabilities are simple to fix but they're here to stay and will likely get worse, say security analysts.

Last week, minor flaws in the Web sites of the Liberal and Labor parties, which allowed the public to create "spoof" pages of the sites, led to fears that the Web sites had been hacked.

Andrew Walls, research director of Gartner's security and privacy group, told ZDNet Australia it did not constitute a genuine hack. "The 'spoof' or prank is actually outside the control of the Web master or developer that is responsible for the Web site," he said.

Security experts refer to the vulnerabilities as cross-site scripting or XSS flaws. While they are fairly simple to fix, Walls said the examples highlight why they should be fixed. Despite the flaws not amounting to any serious threat to security -- no money was lost, no personal details were exposed -- Walls said it had a significant impact, particularly on the Liberal Party's image.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Oct. 18, 2007, at least 3,831 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,120 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Democratic Lawmaker Pushing Immunity Is Newly Flush With Telco Cash

Ryan Singel writes on Threat Level:

Senator Jay Rockefeller (D-West Virginia) is reportedly steering the secretive Senate Intelligence Committee to give retroactive immunity to telecoms that helped the government secretly spy on Americans.

He has also recently benefited from some interesting political contributions.

Top Verizon executives, including CEO Ivan Seidenberg and President Dennis Strigl, wrote personal checks to Rockefeller totaling $23,500 in March, 2007. Prior to that apparently coordinated flurry of 29 donations, only one of those executives had ever donated to Rockefeller (at least while working for Verizon).

In fact, prior to 2007, contributions to Rockefeller from company executives at AT&T and Verizon were mostly non-existent.

More here.

Simple Tactics Can Disrupt Internet Underground, Undermine Cyber Criminals

Thomas Claburn writes on InformationWeek:

To reduce cyber crime, the government may want to consider the tactics employed by the music industry against copyright scofflaws, suggests Jason Franklin, a Ph.D. student in computer science at Carnegie Mellon University.

Franklin has co-authored a paper with Adrian Perrig, associate professor at Carnegie Mellon University, Vern Paxson, associate professor at University of California, Berkeley, and Stefan Savage, assistant professor at the University of California, San Diego, which explores the underground hacker economy.

The paper [.pdf], "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants," measures and analyzes the Internet's black market for information. It is based on 7 months of observation, from January to August 2006, during which 2.4 Gbytes of Internet Relay Chat (IRC) data was logged. IRC is one of the main communication channels of cyber criminals who participate in credit card fraud, identity theft, spamming, and phishing.

The researchers saw over 87,000 credit card numbers traded during this time; they estimate that the total wealth generated from credit card fraud over IRC exceeded $37 million.

More here.

Mukasey Says Bush Entitled to Ignore Federal Surveillance Law

Dan Eggen and Paul Kane write in The Washington Post:

Attorney general nominee Michael B. Mukasey suggested today that the president could ignore federal surveillance law if it infringes on his constitutional authority as commander in chief.

Under sharp questioning about the Bush administration's warrantless eavesdropping program, Mukasey said there may be occasions when the president's wartime powers would supersede legal requirements to obtain a warrant to conduct wiretaps.

More here.

Analysis: A New USAF Cyber Warfare Doctrine

Shaun Waterman writes for UPI:

Recent pronouncements by U.S. Air Force officials about their view of cyberspace as a war-fighting domain have attracted little attention. But the questions they raise for U.S. military policy and doctrine are profound.

“Cyber(space) is important to the nation,” said Gen. Robert Elder, the military officer in charge of the U.S. Air Force’s day-to-day cyberspace operations, acknowledging the dependence of U.S. commerce and banking on the Internet, “But to the Air Force, it’s really important.”

He told a recent briefing organized by the Air Force Association that cyberspace was vital because it was the key to the U.S. military’s fabled cross-domain dominance.

More here.

DOE Reveals Cyber Security Partners

Trudy Walsh writes on

The Energy Department today announced the five companies it has selected for negotiation of awards of as much as $7.9 million to develop and integrate cybersecurity devices into the electricity grid and energy infrastructure.

The companies will work on five projects designed to protect the nation’s energy infrastructure from cyberattacks and to modernize the electricity grid. The projects will integrate control systems, vast networks of interconnected electronic devices that help monitor and control the production and distribution of energy in the electric grid, and oil and gas infrastructure.

More here.

Quote of the Day [2]: Richard Stiennon

"No sir, you have not spent enough on security."

- Richard Stiennon, writing on the Threat Chaos blog.

More: Russian Business Network

Dancho Danchev:

In case you haven't come across it before, here's an informative blog whose objective is to track events related to the Russian Business Network (RBN) and expose its nodes in between.

What is the RBN at the bottom line? A diversified set of IP blocks located at different parts of world, who periodically appear within the deobfuscated javascipts of the sites who got IFRAME-ed and were found to serve malware by exploiting outdated browser vulnerabilities. What's more interesting to me than the "yet another popular site which got IFRAME-ed by the RBN's network" is the success of the popular malware exploitating kits using outdated and already patched vulnerabilities.

What use are patches when no one is applying them, and aren't unpatched vulnerabilities just as effective as zero day ones? Yes, they are.

More here.

Quote of the Day: Mona Shaw

"They thought just because we're old enough to get Social Security that we lack both brains and backbone."

- Mona Shaw, commenting on what led her to take a hammer and smashing the keyboard, monitor, and telephone of a Comcast customer service rep. Hammer time!

Toon of the Day: Revisionist History, Take Two

Click for larger image.

Via Truthdig.

Analysts: Chinese Search Engines 'Hijacked'


US Internet search engines in China were being hijacked and directed to Chinese-owned Baidu, analysts said Wednesday, speculating that this may be retaliation for the White House award to exiled Tibetan leader the Dalai Lama.

Analysts at Search Engine Roundtable, a website focusing on Internet search, said Chinese users trying to search on Google, Yahoo and Microsoft websites were being directed to the Chinese search engine.

"It seems like China is fed up with the US, so as a way to fight back, they redirected virtually all search traffic from Google, Yahoo and Microsoft to Baidu, the Chinese based search engine," the analysts wrote.

The authors said it was not clear exactly how or why the searches were being redirected, but China is known for tightly controlling the Internet and using a variety of filters to screen out search results for issues relating to dissidents or the Tibetan spiritual leader.

More here.

(Hat-tip: Richard)

NSA Can Eat Data Faster Than Anyone on The Planet

Bob Brewin writes on GovExec's "Tech Insider":

Northrop Grumman recently won a National Security Agency information management and data services contract, which will allow the agency to ingest data at a speed faster than any other entity that the company knows on the planet.

Kevin Henderson, chief systems engineer for the information management and data services project, declined to provide any speed benchmarks for me but said the system would outperform those used for high-energy physics computations, which does provide a good baseline to work from.

In 2005 a team from the Energy Department's Fermi National Accelerator Laboratory and Stanford Linear Accelerator Center transferred physics data at the rate of 150 gigabits per second, or the equivalent of downloading 130 DVD movies in one minute. The NSA system supposedly can work faster than that.

More here.

Security Theater: Most Fake Bombs Missed by Screeners

Thomas Frank writes on USA Today:

Security screeners at two of the nation's busiest airports failed to find fake bombs hidden on undercover agents posing as passengers in more than 60% of tests last year, according to a classified report obtained by USA TODAY.

Screeners at Los Angeles International Airport missed about 75% of simulated explosives and bomb parts that Transportation Security Administration testers hid under their clothes or in carry-on bags at checkpoints, the TSA report shows.

At Chicago O'Hare International Airport, screeners missed about 60% of hidden bomb materials that were packed in everyday carry-ons — including toiletry kits, briefcases and CD players. San Francisco International Airport screeners, who work for a private company instead of the TSA, missed about 20% of the bombs, the report shows. The TSA ran about 70 tests at Los Angeles, 75 at Chicago and 145 at San Francisco.

The report looks only at those three airports, using them as case studies to understand how well the rest of the U.S. screening system is working to stop terrorists from carrying bombs through checkpoints.

The failure rates at Los Angeles and Chicago stunned security experts.

More here.

6 Hot Items On The Hacker's Holiday Shopping List

A ComputerWorld article by Jaikumar Vijayan, via NetworkWorld, reports that:

Malicious hackers and other assorted bad guys looking for new tools for plying their trade this upcoming holiday season will have plenty of toys and services to choose from.

Servicing them is a growing underground market bristling with botnets, Trojans, rootkits, spyware and all sorts of shady services aimed at everybody from the humble do-it-yourself hacker to sophisticated, organized criminal gangs.

"Just like there is a B2B marketplace, now there's a C2C -- criminal-to-criminal -- market," said Don Jackson, security researcher with Atlanta-based security vendor SecureWorks.

More here.

The Carrot & Stick Approach to Internet Pollution

Brian Krebs writes on Security Fix:

Study after study show that ISPs in the United States lead the way in providing connectivity to computers that are a major source of malicious activity online, from bot-infected, spam-spewing PCs to compromised computers acting as download sites for malicious software or hosts for phishing Web sites. While it is true that some network providers do a much better job than others in cleaning up problem sites and PCs that are part of their networks, in far too many cases problematic customers are allowed to pollute the Internet for weeks or even months at a time.

Experts say it often costs ISPs more to field a support call from a customer seeking help in cleaning up a virus-infected PC than the provider will make from that customer in an entire year. The result is that -- unless problematic customers are consuming way more than their share of Internet bandwidth -- network providers often find it more cost-effective to simply ignore problematic customers.

I'm not suggesting that taxing online access is the way to fix this problem. But perhaps the time has come for Congress to at least hold out the threat of more government involvement in this space as a means of encouraging Internet providers to do the right thing on security.

More here.

Senate Dems Reportedly Agree To Immunize Spying Telecoms

Ryan Singel writes on Threat Level:

Democrats on the Senate Intelligence Committee will include retroactive legal protections for telecoms that helped with the government's secret surveillance programs after the administration handed over some of the legal documents about the program that the Congress has been asking for, according to the Washington Post.

The deal worked out with the administration at the same time that House Republicans ran procedural circles around the majority party, who was forced to remove their FISA reform bill from the House calendar. The House hoped to move in time to send a message to the Senate.

The deal reportedly would let the telecoms get out of the 50 or so suits pending against them for violating the nation's privacy laws, so long as they can show to a judge in secret that they were given a legal order to help the government.

More here.

Wednesday, October 17, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Wednesday, Oct. 17, 2007, at least 3,830 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,120 died as a result of hostile action, according to the military's numbers.

The AP count is six higher than the Defense Department's tally, last updated Wednesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

EFF Files Suit Against Director of National Intelligence

Via The EFF.

The Electronic Frontier Foundation (EFF) filed suit against the Office of the Director of National Intelligence (ODNI) today, demanding any information about telecommunications companies' efforts to get off the hook for their role in the government's illegal electronic surveillance of millions of ordinary Americans.

Congress is currently considering granting amnesty to the telecoms -- a blatant attempt to derail lawsuits aimed at holding the companies responsible for knowingly violating federal privacy laws with warrantless wiretapping and the illegal transfer of vast amounts of personal data to the government. EFF represents the plaintiffs in Hepting v. AT&T, one of dozens of class-action suits accusing the telecoms of violating customers' rights by illegally assisting the National Security Agency with this domestic surveillance.

More here.

Will Cyber Intrusions Crash U.S. Electrical Grid?

Anne Broache writes on the C|Net News Blog:

Some critics of the U.S. government's cybersecurity efforts might argue that nothing short of a bomb going off--or, well, purported Chinese cyberattacks on feds' machines--will land the issue more notice.

This time around, the wake-up call for politicians was, indeed, an explosion: In September, U.S. Homeland Security officials revealed that researchers at the Idaho National Laboratory had managed to destroy a small electrical generator through a simulated cyberattack. A few weeks ago, CNN aired a gloom-and-doom segment featuring snips from the once-classified video showing the device going up in smoke.

Although the prospect of that sort of incident causing massive disruption to the U.S. electrical grid has been around for years, the success of the experimental hack is drawing new calls from Congress for tougher federal security standards on the computer systems that control the nation's power systems.

More here.

GPS Jamming in Iraq: 'We Have Met The Enemy...'

Bob Brewin writes on GovExec's "Tech Insider":

U.S. and coalition forces are the single largest source of jamming of Global Positioning System (GPS) receivers in Iraq, according to a co-inventor of the system.

As much as 85 percent of the jamming of GPS receivers in Iraq was caused by U.S. and coalition forces, according to GPS co-inventor Bradford Parkinson with Stanford University, and Martin Faga, former president and CEO of MITRE Corp. and a former director of the National Reconnaissance Office. Parkinson and Faga reported their findings in a briefing given this month to the multi-agency National Space Based Positioning, Timing and Navigation Meeting.

The origins of the GPS jamming was made by personnel from the 14th Air Force, which provides space support to operational missions, but the 14th Air Force did not identify which U.S. or coalition systems had inadvertently jammed GPS receivers.

More here.

Image of the Day: So Secure, Even a Caveman...

Via Worse Than Failure.

Australia: IDC Website Defaced by 'Eco-Terrorists'

Liam Tung writes on ZDNet Australia:

The Web site of IT research firm IDC Australia has been hacked by a group purporting to be Brazilian environmental terrorists.

A page created to present new research to media and analysts had been serving content created by a group calling itself the "RitualistaS Group".

"Breve [sic] New World!" the page said, above an image of a semi-molten earth nested between icons of global warming, including smoke stacks, nuclear plant cooling towers and burning forests.

Hackers going by the names of "s3r14l k1ll3r" [Serial Killer], "lc3 Br34k" [Ice Break] and "Mental_Way" have laid claim to the attack.

More here.

Expert Calls Apple's iPhone 'Perfect Spying Device'

Richard Koman writes on CIO Today:

Hackers intent on unlocking Apple's iPhone for use with carriers other than AT&T -- and for using third-party applications -- exploited a bug in the device's handling of TIFF images. But that same bug can be used for far more nefarious exploits, renowned hacker HD Moore reported on his Web site, Metasploit.

Moore posted to the site an exploit that would allow a hacker to insert malicious code onto someone's iPhone to access the device's data. Because the flawed TIFF library is used by the iPhone's Web browser, e-mail program, and iTunes software Relevant Products/Services -- and because all of those programs run as root processes -- one of the iPhone's undocumented "features" is a gaping security hole.

More here.

NSA may be Reading Windows Software in your Computer?

Sherwood Ross writes on Scoop:

Sooner or later, a country that spies on its neighbors will turn on its own people, violating their privacy, stealing their liberties.

President Bush's grab for unchecked eavesdropping powers is the culmination of what the National Security Agency(NSA) has spent forty years doing unto others.

And if you're upset by the idea of NSA tapping your phone, be advised NSA likely can also read your Windows software to access your computer.

European investigative reporter Duncan Campbell claimed NSA had arranged with Microsoft to insert special "keys" in Windows software starting with versions from 95-OSR2 onwards.

More here.

(Props, Pogo Was Right.)

UK: Police to be Assessed on e-Crime Response

Tom Young writes on Computing (UK):

Electronic crime is to be included for the first time in the criteria by which local police forces are assessed.

From this week, HM Inspectorate of Constabulary (HMIC) will examine whether forces have investigated the problem of computer-based criminal activity and what reporting structures are in place to focus on it.

The changes are a major step forward and will help establish a co-ordinated national response, according to Sue Wilkinson, the Association of Chief Police Officers (Acpo) lead on e-crime.

More here.

Sex, Nazi, Burritos, Viagra: Who Googles What?

Via Reuters.

Internet users in Egypt, India and Turkey are the world's most frequent searchers for Web sites using the keyword "sex" on Google search engines, according to statistics provided by Google Inc.

Germany, Mexico and Austria were world's top three searchers of the word "Hitler" while "Nazi" scored the most hits in Chile, Australia and the United Kingdom, data from 2004 to the present retrievable on the "Google Trends" Web site showed.

Chile also came in first place searching for the word "gay", followed by Mexico and Colombia.

More here.

Tuesday, October 16, 2007

Image of the Day: Zombie Guts Cereal

Via Boing Boing.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, Oct. 16, 2007, at least 3,828 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,120 died as a result of hostile action, according to the military's numbers.

The AP count is four higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

xkcd: Scary Crisco Theorem

Click for larger image.

We love xkcd.

Off Beat: Man Charged with Hacking into 911 System

Salvador Hernandez writes in The Orange County Register:

SWAT officers expecting to find a murder victim and an armed suspect surrounded the home of an unsuspecting couple but found they were part of what authorities are calling a prank caused by a teenager who hacked into the county's emergency response system.

Randall Ellis, a 19-year-old from Mulkiteo, Wash., is expected to appear in an Orange County courtroom Monday to face charges of computer access and fraud, false imprisonment by violence, falsely reporting a crime and assault with an assault weapon by proxy.

"It's not a prank," said Farrah Emami, spokeswoman for the Orange County District Attorney's Office. "People's lives were in danger."

Authorities believe Ellis hacked into the county's 911 system on March 29 from his home in Mulkiteo at 11:30 p.m.

Ellis allegedly randomly selected the name and address of a Lake Forest couple and electronically transferred false information into the 911 system, Emami said.

More here.

Local Value Proposition: MPack and IcePack Now Localized to Chinese

Dancho Danchev:

It is logical to consider the possibility that once a malware author starts evaluating the benefits out of releasing a malware in an open source form, malware exploitation kits can also build communities around them.

Since August, 2007, Chinese hacking groups can freely enjoy "the benefits" of IcePack's and MPack's malicious economies of scale attacking approach in the combination of a brain-damaging Keep It Simple Stupid exploitation tactic in the form of serving exploit URLs, which get automatically embedded via a web application bug, or via automated remote file inclusion enabled web site.

More here.

Image source: Dancho Danchev

Cisco Offices Rraided, Executives Arrested in Brazil

Jim Duffy writes on NetworkWorld:

Senior executives of Cisco were reportedly arrested in Brazil this week in a tax fraud investigation of the company.

Citing information from police and tax authorities, Reuters reported that Cisco's Brazilian unit had imported $500 million worth of telecommunications and network equipment over the last five years without properly paying import duties. In all, the company owes an estimated $826.4 million in taxes, fines and interest, Reuters reported.

More here.

Yahoo Executive Accused of Lying to Congress

An AP newswire article by Dibya Sarkar, via The Washington Post, reports that:

A Yahoo Inc. executive was accused Tuesday of giving false testimony to Congress last year regarding the company's role in the arrest of a Chinese journalist. A House committee wants Yahoo CEO Jerry Yang and general counsel Michael Callahan to clarify at a Nov. 6 hearing the allegedly untruthful testimony Callahan gave Congress in February 2006. "We want to clarify how that happened, and to hold the company to account for its actions both before and after its testimony proved untrue," Rep. Tom Lantos, D-Calif., chairs of the House Foreign Affairs Committee, said in a press release. "And we want to examine what steps the company has taken since then to protect the privacy rights of its users in China."

More here.

Porn Typosquatter Fined Again By FTC

Robert McMillan writes on InfoWorld:

A so-called typosquatter who served pornographic advertisements on domains such as and has been fined again by the U.S. Federal Trade Commission.

John Zuccarini has agreed to give up $164,000 in typosquatting revenue he is alleged to have raked in, the FTC said Tuesday in a statement. Five years ago, a federal court had barred Zuccarini from registering domains that are misspellings of legitimate brands, a practice called typosquatting, but he ignored the order, according to Carolyn Hann, a staff attorney with the FTC.

"He was engaging in practices that violated certain provisions of the order," Hann said. "He had certain domain names that were transpositions or misspellings of popular domain names."

More here.

National Freedom of Speech Week: October 15 - 21, 2007

This is a "Free Speech Zone".

This isn't.

Celebrate it.

- ferg

Quote of the Day: John Bambeneck

"They're about as misunderstood as a senator soliciting sexual favors in an airport bathroom. When most of the world's cyber-miscreants are paying 10 times more for hosting on your network, you don't attract the business by accident."

- John Bambeneck, commenting on an RBN spokesman's statement refuting allegations that RBN caters to criminal activity as "subjective opinion".

Swedish Hackers Target Turkish Forum


Swedish hackers have retaliated against their Turkish counterparts following an attack earlier this month on some 5,000 Swedish websites.

On Saturday, a group of disgruntled hackers posted a comment to the Flashback web forum linking to a stolen database containing thousands of user names and passwords from Turkish forum Ayyildiz.

More here.

Northrop Grumman Wins $220M NSA Storage Deal

David Hubler writes on Washington Technology:

Northrop Grumman Corp. is leading a team of government contractors on a new $220 million Defense Department contract to develop an advanced information management and data storage system that will upgrade the nation’s electronic intelligence and broaden signals intelligence capabilities at the National Security Agency.

Under the 51-month Information Management and Storage development contract, Northrop Grumman will provide architecture design, systems engineering, system development, integration and test and deployment activities.

More here.

Technologists Warn of Security Risks in Warrantless Wiretapping

Via The Center for Democracy and Technology (CDT).

Six of the nation's leading computer scientists warned in a report [.pdf] dated today that surveillance programs involving large-scale sifting of communications could jeopardize the security of communications networks.

Specifically addressing the Protect America Act, the experts called for cautious design of surveillance systems, strict minimization procedures, and independent review of implementation.

More here.

RBN: 'Okay, Now We Don't Exist...'

Via The F-Secure News From The Lab Blog:

Familiar with the Russian Business Network?

The loopback address is deliberate, the RBN doesn't want you to know anything about them...

More here.

Image source: F-Secure

RBN and Bulletproof Hosting

Fraser Howard writes on the Sophos Blog:

Several previous blog entries have described various forms of web-based attacks. In most cases, the attack involves compromising a large number of web servers in order that the sites they host are turned into drive-by download sites. When victims browse these compromised sites, additional malicious content is silently loaded from some remote server (the attack site).

Whilst looking through some of the data collected from the web threat analysis system in the lab over the last few weeks, I noticed that a number of the remote attack sites were in the same address range. Digging further, it quickly became apparent that the attack sites were using hosting services provided by the Russian Business Network (RBN). The RBN provide web hosting and other services much like any other ISP. Unlike other ISPs however, the RBN is reported to be used almost solely by cybercriminals for illegal purposes. Illegal activities such as phishing, botnet C&C, spam, DoS attacks and malware hosting have all been traced to RBN-hosted servers.

More here.

In Memoriam: Jon Postel

"Be liberal in what you accept, and conservative in what you send."

Jon Postel
August 6, 1943 – October 16, 1998

Monday, October 15, 2007

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Oct. 15, 2007, at least 3,828 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,116 died as a result of hostile action, according to the military's numbers.

The AP count is nine higher than the Defense Department's tally, last updated Monday at 10 a.m. EDT.

More here.

Verizon Says It Turned Over Data Without Court Orders

Ellen Nakashima writes in The Washington Post:

Verizon Communications, the nation's second-largest telecom company, told congressional investigators that it has provided customers' telephone records to federal authorities in emergency cases without court orders hundreds of times since 2005.

The company said it does not determine the requests' legality or necessity because to do so would slow efforts to save lives in criminal investigations.

In an Oct. 12 letter replying to Democratic lawmakers, Verizon offered a rare glimpse into the way telecommunications companies cooperate with government requests for information on U.S. citizens.

Verizon also disclosed that the FBI, using administrative subpoenas, sought information identifying not just a person making a call, but all the people that customer called, as well as the people those people called. Verizon does not keep data on this "two-generation community of interest" for customers, but the request highlights the broad reach of the government's quest for data.

More here.

AC/DC Wins Domain Name From Porn Business


For the headbangers amongst us, is no longer a porn site, but is now a website for the great heavy rockers. “ is now serving its proper master and we assure you that the dirty deeds being done dirt cheap will now be of an entirely different variety,” the band stated.

The band found that with a lot of their fans, especially kids, typing in as a default to find the band’s website, that something had to be done.

More here.

Top U.S. Spy Asked to Explain Pre-9/11 Spying Allegations

Ryan Singel writes on Threat Level:

House Judiciary Chairman John Conyers is asking the Justice Department and the head of national intelligence to answer startling allegations that the National Security Agency's still-unconfirmed call records data mining program started 7 months before the terrorist attacks of 9/11 and that the government retaliated against a telecom for saying it thought a request to participate was illegal.

As first reported here on THREAT LEVEL and then followed up on (sans credit) by the Washington Post and the New York Times, court documents unveiled last week show that former Qwest CEO Joseph Nacchio tried, unsuccessfully, to raise allegations in court that he refused an NSA request for help from his telecom in February 27, 2001, nearly 7 months prior to 9/11.

More here.

Russian Hosting Firm Denies Criminal Ties, Says It May Sue Blacklister

Ryan Singel writes on Wired News:

Speaking to the Western press for the first time, a Russia-based web-hosting firm pilloried by security companies as a free zone for online crime insists that it's really just misunderstood.

"We can't understand on which basis these organizations have such an opinion about our company," Tim Jaret of the Russian Business Network says in an e-mail interview. "We can say that this is subjective opinion based on these organizations' guesswork." Jaret's e-mail signature identifies him as working in RBN's abuse department.

Security researchers and anti-spam groups say the St. Petersburg-based RBN caters to the worst of the internet's scammers, renting them servers used for phishing and malware attacks, all the while enjoying the protection of Russian government officials. A report by VeriSign called the business "entirely illegal."

"They just figured out that in Russia no one will prosecute them, or if they do, they can pay them off," says Johannes Ullrich, chief technology officer of the SANS Internet Storm Center. Ullrich says RBN maintains a veneer of legitimacy by paying lip service to abuse complaints, but nothing more.

More here.

Telcos Respond to Spying Questions: AT&T Says Blame the Government - UPDATE

Ryan Singel writes on Threat Level:

Verizon, Qwest and AT&T each responded in their own special ways to a request from a key Congressional committee about how they respond to government requests for information in letters made public on Monday.

Qwest's brief answer to the House Energy and Commerce Committee said the company -- the only one known to have refused a request from the NSA for cooperation without a court order -- is extremely rigorous in reviewing complicated requests. But the company declined to answer questions about that request, saying it was caught in the crossfire of a lawsuit filed by the federal government against New Jersey's Attorney General, who is seeking answers on how telecoms cooperated with the administration's secret spying programs,

AT&T responded to the detailed questions posed earlier this month by Representatives Edward J. Markey (D-Massachusetts), John D. Dingell (D-Michigan) and Bart Stupak (D-Michigan) by dodging them.

Instead, AT&T's general counsel Wayne Watts wrote a 13-page plea for immunity from lawsuits, laying the blame for any unlawful transfer of customer communication records on the government and calling the lawsuits "exceptionally unfair."

More here.

UPDATE: 17:39 PDT: Reuters reports that "Major U.S. telephone carriers refused to answer questions from the Democratic-led Congress about their possible participation in President George W. Bush's warrantless domestic spying program, according to documents released by lawmakers on Monday."

Business Software Alliance Calls for New Cyber Security Legislation

Grant Gross writes on InfoWorld:

Members of the Business Software Alliance (BSA) have called on the U.S. Congress to pass legislation that would address new types of cybercrimes and increase funding for law enforcement.

Members of the BSA, a trade group based in Washington, D.C., on Monday asked Congress to pass the Cyber-Security Enhancement Act, which would expand the computer crimes statute in federal law to include the stealing of access codes or electronic identifiers from a computer. The bill would also make it a crime to access a computer without authorization, even if the access does not cause damage, and it would define a new crime of conspiracy to commit cybercrime.

More here.

Classified Satellite Failure Led To Latest SBIRS Delay

Amy Butler writes in Aviation Week:

The loss of a classified satellite after only 7 seconds on orbit prompted the review of software and processors that has caused the most recent delay and a potential $1 billion overrun in Lockheed Martin's Space-Based Infrared System (SBIRS), says Gary Payton, deputy under secretary of the Air Force for space programs.

The classified satellite went into a "safe hold," mode, which is initiated when a major anomaly disrupts its operation, and the failure of the safe-hold software made it impossible for ground-control to recover the spacecraft. Payton refers to it as a useless "ice cube."

More here.

Implementing Domestic Intelligence Surveillance

Steven Aftergood writes on Secrecy News:

Upon lawful request and for a thousand dollars, Comcast, one of the nation's leading telecommunications companies, will intercept its customers' communications under the Foreign Intelligence Surveillance Act.

The cost for performing any FISA surveillance "requiring deployment of an intercept device" is $1,000.00 for the "initial start-up fee (including the first month of intercept service)," according to a newly disclosed Comcast Handbook for Law Enforcement.

Thereafter, the surveillance fee goes down to "$750.00 per month for each subsequent month in which the original [FISA] order or any extensions of the original order are active."

With respect to surveillance policy, the Comcast manual hews closely to the letter of the law, as one would hope and expect.

More here.

U.S. Plan for Airline Security Meets Resistance in Canada

Ian Austen writes in The New York Times:

Canadian airlines are balking at a Department of Homeland Security plan that would require them to turn over information about passengers flying over the United States to reach another country.

The proposal, which appears at odds with Canada’s privacy laws, would mostly involve Canadians who join the annual winter exodus to Mexico, Cuba and the Caribbean. It is also viewed by the Canadian airline industry as a rejection of several costly measures already taken to assuage American concerns.

More here.

Segmenting the Storm Botnet

Joe Stewart writes on the SecureWorks Blog:

The latest Storm variants have a new twist. They now use a 40-byte key to encrypt their Overnet P2P traffic. This means that each node will only be able to communicate with nodes that use the same key.

This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities.

If that’s the case, we might see a lot more of Storm in the future.

More here.

SWIFT Will Stop Some U.S. Processing in 2009


SWIFT has been heavily criticised for allowing US authorities access to records of banking transactions involving European citizens. It was revealed by The New York Times last year that US intelligence agencies were allowed to view Europeans' transactions.

SWIFT argued that it was obliged to comply with US orders because it carried out hosting and processing of information in the US. European data protection officials have condemned the release of the information. European, Swiss and Belgian data protection authorities all ruled that SWIFT had broken data protection laws in supplying the information without informing bank customers of the US surveillance.

Europe's advisory committee of privacy watchdogs the Article 29 Working Party has revealed that SWIFT is being reorganised to lessen the risk of surveillance, but not until 2009.

More here.

Iraq: When All Else Fails, Declare Victory?

Thomas E. Ricks and Karen DeYoung write in The Washington Post:

The U.S. military believes it has dealt devastating and perhaps irreversible blows to al-Qaeda in Iraq in recent months, leading some generals to advocate a declaration of victory over the group, which the Bush administration has long described as the most lethal U.S. adversary in Iraq.

But as the White House and its military commanders plan the next phase of the war, other officials have cautioned against taking what they see as a premature step that could create strategic and political difficulties for the United States. Such a declaration could fuel criticism that the Iraq conflict has become a civil war in which U.S. combat forces should not be involved. At the same time, the intelligence community, and some in the military itself, worry about underestimating an enemy that has shown great resilience in the past.

More here.

Sunday, October 14, 2007

Ironic Image of the Day: Sure, You're Free Now, But...


U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Sunday, Oct. 14, 2007, at least 3,828 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 3,115 died as a result of hostile action, according to the military's numbers.

The AP count is 10 higher than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

More here.

And as always, keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

User Friendly: .Asia Fever

Click for larger image.


Mukasey Acknowledges Legal Questions of White House Terror Policy

An AP newswire article, via MSNBC, reports that:

As the chief federal trial judge in Manhattan, Michael Mukasey approved secret warrants allowing government roundups of Muslims in the days after the Sept. 11 attacks.

Six years later, the man President Bush wants to be attorney general acknowledged that the law authorizing those warrants “has its perils” in terrorism cases and urged Congress to “fix a strained and mismatched legal system.”

More here.

Two Are Sentenced to 5 Years in Pornographic Spam Case

An AP newswire article, via The New York Times, reports that:

Two men who sent millions of unsolicited pornographic e-mail messages have been sentenced to more than five years in federal prison as part of a prosecution under a federal antispam law, officials from the Department of Justice said Friday.

The men, Jeffrey A. Kilbride of Venice, Calif., and James R. Schaffer of Paradise Valley, Ariz., bought lists of e-mail addresses and sent the owners of those addresses links to pornographic Web sites, prosecutors said.

They were convicted in June of charges including conspiracy, money laundering, fraud and transportation of obscene materials after a three-week trial and were sentenced by a federal judge in Phoenix this week.

More here.

Note: This case goes all the way to 2005. - ferg

Hundreds of New Documents Reveal Expanded Military Role in Domestic Surveillance


New documents uncovered as a result of an American Civil Liberties Union and New York Civil Liberties Union lawsuit reveal that the Department of Defense secretly issued hundreds of national security letters (NSLs) to obtain private and sensitive records of people within the United States without court approval.

A comprehensive analysis of 455 NSLs issued after 9/11 shows that the Defense Department seems to have collaborated with the FBI to circumvent the law, may have overstepped its legal authority to obtain financial and credit records, provided misleading information to Congress, and silenced NSL recipients from speaking out about the records requests, according to the ACLU.

More here.

Australia: Cyber Threats, Personal Details

Daniel Dasey writes in The Sydney Morning Herald:

Computer hackers have cracked the defences of dozens of top government and business sector internet sites this year, raising concerns about the safety of consumers' financial and personal information.

A website used by hackers to boast of breaches of internet security shows numerous government websites have been hit.

Victims include the Australian of the Year Awards, a Sydney council and big corporations.

More here.