Saturday, November 24, 2007

U.S. Toll in Iraq


Via The Boston Globe (AP).

As of Saturday, Nov. 24, 2007, at least 3,875 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

UN: Tasers Are a Form of Torture


Via News.com.au.

Taser electronic stun guns are a form of torture that can kill, a UN committee has declared after several recent deaths in North America.

"The use of these weapons causes acute pain, constituting a form of torture,'' the UN's Committee against Torture said.

"In certain cases, they can even cause death, as has been shown by reliable studies and recent real-life events,'' the committee of 10 experts said.

Three men, all in their early 20s, were reported to have died in the United States this week, days after a Polish man died at Vancouver airport after being Tasered by Canadian police.

More here.

Picture of the Week: Pigeon Point Lighthouse




Image source: MumbleyJoe, via Good Morning, Silicon Valley.

Friday, November 23, 2007

U.S. Toll in Iraq, Afghanistan


Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Nov. 23, 2007, at least 3,875 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Nov. 23, 2007, at least 401 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Nov. 17, 2007, at 10 a.m. EST.

Of those, the military reports 271 were killed by hostile action.

More here and here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Some Good Advice: Secure Chat



So if you haven't heard already, there's good reason to consider a private, encrypted instant messaging system -- The Man is listening.

So say foobar to that.

Check out OTR: Off The Record, a popular plug-in for IM systems.

The AIM/ICQ plug-in works wonderfully for Trillian.

- ferg

Firefighters Taking New Role as Anti-Terrorist Eyes of The U.S. Government

An AP newswire article, via The International Herald Tribune, reports that:

Firefighters in major cities are being trained to take on a new role as lookouts for terrorism, raising concerns of eroding their standing as trusted American icons and infringing on people's privacy.

Unlike police, firefighters and emergency medical personnel need no warrants to enter hundreds of thousands of homes and buildings each year, which puts them in position to spot behavior that could indicate terror activity or planning.

There are fears, however, that they could lose the faith of a skeptical public by becoming the eyes of the government, looking for suspicious items like building blueprints or bomb-making manuals or materials.

More here.

Cellphone Tracking Powers on Request

Ellen Nakashima writes in The Washington Post:

Federal officials are routinely asking courts to order cellphone companies to furnish real-time tracking data so they can pinpoint the whereabouts of drug traffickers, fugitives and other criminal suspects, according to judges and industry lawyers.

In some cases, judges have granted the requests without requiring the government to demonstrate that there is probable cause to believe that a crime is taking place or that the inquiry will yield evidence of a crime. Privacy advocates fear such a practice may expose average Americans to a new level of government scrutiny of their daily lives.

More here.

Researcher Releases Proof-of-Concept VoIP Hack

John E. Dunn writes on TechWorld:

An expert has released a proof-of-concept program to show how easy it would be for criminals to eavesdrop on the VoIP-based phone calls of any company using the technology.

Called SIPtap, the software is able to monitor multiple Voice-over-IP (VoIP) call streams, listening in and recording them for remote inspection as .wav files. All that the criminal would need would be to infect a single PC inside the network with a Trojan incorporating these functions, although the hack would work at ISP level as well.

More here.

France Sets Sanctions Against Internet Piracy

A Reuters newswire article, via The New York Times, reports that:

Internet users in France who frequently download music or films illegally risk losing Web access under a new anti-piracy system unveiled on Friday.

The three-way pact between Internet service providers, the government and owners of film and music rights is a boon to the music industry, which has been calling for such measures to stop illicit downloads eating into its sales.

Under the agreement -- drawn up by a commission headed by the chief executive of FNAC, one of France's biggest music and film retailers -- service providers will issue warning messages to customers downloading files illegally.

If users ignore those messages, their accounts could be suspended or closed altogether.

More here.

MPAA University 'Toolkit' Raises Privacy Concerns


Brian Krebs writes on Security Fix:

The Motion Picture of Association of America is urging some of the nation's largest universities to deploy custom software designed to pinpoint students who may be using the schools' networks to illegally download pirated movies.

A closer look at the MPAA's software, however, raises some serious privacy and security concerns for both the entertainment industry and the schools that choose to deploy the technology.

More here.

Friday, 23 November 2007: 'Buy Nothing Day'


A 24 hour moratorium on consumer spending.
Participate by not participating.





Works for me. -ferg


Hat-tip: The Daily Galaxy

Thursday, November 22, 2007

U.S. Toll In Iraq


Via The Boston Globe (AP).

As of Thursday, Nov. 22, 2007, at least 3,874 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

LaoAirlines Website Serves Up Malware

Negar Salek writes on iTnews.com.au:

Sophos has warned Australian travellers looking to book flights to South East Asia to make certain their anti-virus software is up to date before going online after yesterday intercepting malware on Lao Airlines.com.

According to Sophos, the malware is embedded at the bottom of the Laoairlines.com web page in invisible java script code.

Users who simply embark on the site will automatically be redirected to another site in China which then attempts to run an exploit and download an executable.

More here.

(Props, Spyware Sucks)

Canada: SaskTel Hit By Malware

Via The Regina Leader-Post.

A malicious code known as malware infected one SaskTel computer, leading the company to issue a release to all of its customers Wednesday, informing them of the issue and asking them to ensure their e-mail security filters are up to date.

Darcee MacFarlane, SaskTel's director of corporate affairs, said the incident occurred about a week ago after an employee inadvertently downloaded a file containing the malware onto a computer that contained distribution lists for the company.

More here.

(Props, Flying Hamster.)

UK Government CIO Warns Against More Giant Databases

Via ComputerWorld UK.

The man charged with bringing coherence to government IT strategy issued his warning about the risks of large databases to a meeting of MPs called to discuss “The Surveillance Society”.

He made his comments just hours before Chancellor Alistair Darling revealed to MPs the loss of 25 million personal records on two discs being transferred between the HM Revenue and Customs and the National Audit Office.

More here.

Image of the Day: Perverted Thanksgiving History



Via Gizmodo.

Skype Encryption Stumps German Police

Louis Charbonneau writes for Reuters:

German police are unable to decipher the encryption used in the Internet telephone software Skype to monitor calls by suspected criminals and terrorists, Germany's top police officer said on Thursday.

"The encryption with Skype telephone software ... creates grave difficulties for us," Joerg Ziercke, president of Germany's Federal Police Office (BKA) told reporters at an annual gathering of security and law enforcement officials.

"We can't decipher it. That's why we're talking about source telecommunication surveillance -- that is, getting to the source before encryption or after it's been decrypted."

More here.

UK: HMRC Had 2,111 Data Disasters in Past Year Alone

Simon McGee writes in The Yorkshire Post:

The bungling Government department responsible for losing 25 million people's personal details in the post was hit by more than 2,100 reported breaches of security in the past year alone.

And 41 laptops – many containing sensitive financial details relating to members of the public – were stolen from employees at HM Revenue and Customs (HMRC) over the last 12 months, demolishing any notion that the loss of two computer discs containing the details of child benefit claimant was a "one-off" error.

HMRC's record of data losses came to light as it emerged that the National Audit Office (NAO), to which the HMRC was sending the discs, specifically asked for many sensitive details to be filtered out and not sent to it.

But HMRC officials refused to separate the details the NAO wanted to audit from those it did not need – like parents' names and bank details – because it would be "too burdensome" and costly to separate them.

More here.

(Props, Pogo Was Right.)

Fun Thanksgiving


Yes, I hand-crafted this (origin unknown) image via the icanhascheezburger.com LOLcat Builder (a truly remarkable manifestation of the Internet).

Happy Turkeys.

- ferg

Random Browser Numbers

Click for larger image.


Here's a snapshot of visitors to the blog recently, and what they use as a browser.

As you can see, Internet Explorer checks in at a whopping 70%...

Just random snapshot of the distribution of browsers over the past 100 hits, which equates to the past couple of hours... I'm not exactly sure if it actually means anything, so take it at face value.

- ferg

For Thanksgiving: Thanks, G.I. Joe



To Whoever You Are: Thank you.

I give thanks that we have men & women in this country that hear the call, and follow it, regardless of the mindless politics -- regardless of the controversy over whether it is right or wrong.

They are unassuming Heroes, following orders, part of a machinery that must function.

And they make it so.

And on this day of thanks, and as a former Soldier, I thank you.

Whoever you are. Wherever you are.

If you've worn the uniform, you know the drill.

I salute you.

"De Oppresso Liber."

- ferg

p.s. Hit the mess hall and grub on some of that turkey dinner when you get a chance...

Wednesday, November 21, 2007

Siberian Hacker Shut Down

Via 1888 Press Release.

In January, the Russian software developer Smart-Soft discovered a breach of the copy protection on its internet traffic solution Traffic Inspector. The company contacted investigators from the cyber-crime unit of the Internal Affairs Ministry. Investigators traced the breach back to Yuri Navilnikov, a 24-year old resident of Tobolsk, Siberia who went by the aliases “Faza” and “Faza9.”

Tobolsk police located and confiscated the computer used to attack Smart-Soft. Further analysis showed that in addition to Smart-Soft, Navilnikov had cracked programs from other developers including Microsoft, Adobe Systems, Autodesk, ABBYY, and Ahead Software.

The hacker was charged with unsanctioned access to information and the creation, use and modification of harmful computer programs under Articles 272 and 273 of the Russian Civil Code. Faced with the evidence against him, Navilnikov admitted to his crime.

In August, Navilnikov was found guilty in criminal court and hit with a hefty government fine.

More here.


Hat-tip: First.org Global Security News

U.S. Toll in Iraq


Via The Boston Globe (AP).

As of Wednesday, Nov. 21, 2007, at least 3,874 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is two higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Happy Thanksgiving! Now, Shove Off! China Blocks USS Kitty Hawk Port Call

USS Kitty Hawk

A Reuters newswire article, via TVNZ.co.nz, reports that:

China has refused permission for a US aircraft carrier and accompanying vessels to visit Hong Kong for a long-planned Thanksgiving holiday visit, the US State Department said.

The Kitty Hawk group and its crew of 8,000 US airmen and sailors had been expected in Hong Kong on Wednesday, but will now spend the holiday on the South China Sea.

Hundred of relatives of crew members of the USS Kitty Hawk had flown to Hong Kong to celebrate Thanksgiving with their loved ones. Hong Kong has been a regular port of call for US sailors on R & R (rest and recuperation) since the Vietnam War.

More here.

Image source: navydaze.com

Constituents' E-Mail on XM Deal Not Well Received

Jeffrey H. Birnbaum and Kim Hart write in The Washington Post:

A check by The Washington Post of 60 people whose names were attached to identical, anti-merger e-mails instigated by the National Association of Broadcasters, a major opponent of the merger, produced mostly unanswered phone calls and recordings saying the phones were disconnected. Of the 10 people reached, nine said they never sent anything to the FCC, and only one said she remembered filling out something about Sirius but did not recall taking a position on a merger.

The responses raise questions debated a lot in Congress and at federal agencies lately: Are the hundreds of millions of narrow-interest e-mails that deluge official Washington each year a useful measure of public sentiment? Are they even being sent by real people?

The torrent, made possible by Web lobbying techniques, is subverting the process it was meant to influence, some experts said.

More here.

Feds Invoke Secrets Privilege to Limit Qwest CEO Defenses in Civil Suit

Ryan Singel writes on Threat Level:

The nations' top intelligence official told a Denver court Monday that the nation's safety would be imperiled if Qwest employees are allowed to get classified documents about the telecom's secret contracts with the National Security Agency. The employees, who include former CEO Joseph Nacchio want the documents about NSA contracts to fight a civil suit filed against them by federal financial regulators, accusing them of defrauding shareholders in 2001.

In a 12-page affidavit, Directtor of National Intelligence Michael McConnell told a federal district court that turning over to the defense any information about classified and unclassified contracts, including dates of meetings between the telecom giant and the intelligence community "reasonably would cause damage to the national security." Nacchio - along with Robert Woodruff, Afshin Mohebbi, James Kozlowski and Frank Noyes - are being sued for millions in damages in civil court by the Security and Exchange Commission.

More here.

Wow Factor: This is What I Want for X-Mas





Wow. I want that!

Forget the secret blimp. Ditch the slithering bio-bot. The hottest video you'll see on DANGER ROOM today is this one right here, for an early prototype of the Howe Brothers' Rip Saw vehicle.

Shaped like a mini-tank, with the giddy-up of a motorcycle (0-50 in 3.5 seconds), the thing blasts over ditches, cruises through water -- and crushes unsuspecting houses.


Via Danger Room.

The Most Disturbing Thing I've Seen in a While



As the man said, "I have to go scrub my eyeballs with Clorox now." -ferg

Via Scholars & Rogues.

Survey: 85% of Public Lack Confidence in Local Government's Computer Security

Via Government Technology.

Eight-five percent of users of online government services believe that their local authority's IT systems have probably already suffered a security breach at the hands of cybercriminals, according to a survey released today by Sophos. The survey, which polled 241 members of the public, also revealed that in such circumstances, 86 percent of users would hold the local authority itself responsible, rather than the hackers.

While 62 percent of the public believe that the private and public sectors are as bad [as] each other when it comes to defending this personal data, almost a third of users believe the public sector does a worse job, compared to just 7 percent who stated that the private sector is at greater fault.

More here.

Microsoft Confirms XP Contains Random Number Generator Bug

Gregg Keizer writes on ComputerWorld:

Windows XP, Microsoft Corp.'s most popular operating system, sports the same encryption flaws that Israeli researchers recently disclosed in Windows 2000, Microsoft officials confirmed late Tuesday.

The researchers, Benny Pinkas from the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, reverse-engineered the algorithm used by Windows 2000's pseudo-random number generator (PRNG), then used that knowledge to pick apart the operating system's encryption. Attackers could exploit a weakness in the PRNG, said Pinkas and his colleagues, to predict encryption keys that would be created in the future as well as reveal the keys that had been generated in the past.

More here.

Militants Seen Educated in Cyber Training Camps

Louis Charbonneau writes for Reuters:

The Internet has become a key teaching tool for Islamist militants who are using it to educate recruits in cyber training camps, crime and security experts said on Wednesday.

Gabriel Weimann, an Internet security expert who teaches at the University of Haifa in Israel and the University of Mainz in Germany, said militants used to do all their training at secret camps in countries like Afghanistan.

"Now they meet in cyberspace," Weimann told a conference on Internet security at the headquarters of Germany's Federal Police Office (BKA).

He said that Web sites and chat rooms used by militant Islamist groups like al Qaeda are not only used for the dissemination of propaganda but also for education.

More here.

Tuesday, November 20, 2007

U.S. Toll in Iraq


Via The Boston Globe (AP).

As of Tuesday, Nov. 20, 2007, at least 3,873 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,157 died as a result of hostile action, according to the military's numbers.

The AP count is one higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Quote of the Day [2]: Adam Shostack

"Data breaches are not meaningful because of identity theft. They are about honesty about a commitment that an organization has made while collecting data, and a failure to meet that commitment. They're about people's privacy, as the Astroglide and Victoria's Secret cases make clear."

- Adam Shostack, writing on Emergent Chaos.

An Unfortunate Situation: Smithsonian's AU$2.8B Cry for Help

The Smithsonian Castle

Tom Baldwin writes in The Australian:

The world's largest museum, created with a bequest of golden sovereigns from a British scientist, is asking for an injection of $US2.5 billion ($2.8 billion) of private capital to stop it falling down.

The Smithsonian Institution's board of regents authorised this week the first big fundraising campaign in its 161-year history to meet a backlog of repairs on crumbling buildings.

The Washington complex houses 142 million items, including some of America's greatest treasures, in art galleries, research centres and world famous museums like those for Natural History or Air & Space.

In the past year the venerable organisation has been shaken by allegations of financial scandal, political controversy over its programs and warnings that some artefacts are being put at risk by inadequate or dilapidated facilities.

More here.

Note: As a member of The Smithsonian Institution, I find this to be a very sad and unfortunate state of affairs for "America's Attic". -ferg

Quote of the Day: Spencer Ackerman

"Just in time for the holidays, there's a special place in Hell just waiting to be filled by some as-yet-unknown Pentagon bureaucrat. Apparently, thousands of wounded soldiers who served in Iraq are being asked to return part of their enlistment bonuses -- because their injuries prevented them from completing their tours."

- Spencer Ackerman, writing on TPMmuckraker.


Cable Finds FCC Allies

Jeff Baumgartner writes on Light Reading's Cable Digital News:

Federal Communications Commission (FCC) Commissioner Robert McDowell spoke out yesterday against Chairman Kevin Martin's plans for cable, saying Martin's data doesn't support the idea of new regulations.

McDowell addressed his position in a speech at a Media Institute luncheon in Washington, D.C.

He said Martin's assertion that the cable industry is facing less competition and should be subject to more regulation "is a radical departure for the Commission -- a departure being made without sufficient public comment."

More here.

Numbers: E-commerce Fraud will Cost Merchants $3.6 Billion This Year

Katherine Walsh writes on CSO Online:

As online retailers gear up for Black Friday and Cyber Monday--when they hope consumers will come in droves to spend money on their websites--they must also deal with another reality of electronic commerce: the increasing expense of preventing credit card fraud. E-commerce fraud will cost U.S. merchants $3.6 billion this year, a 20 percent increase over 2006, according to the ninth annual CyberSource Fraud Survey.

According to the study, which was conducted by CyberSource and Mindwave Research, merchants are losing more money in 2007 not because fraud is happening more often, but because keeping fraud at bay is becoming more expensive.

More here.

Image of the Day: Big Blue Marble




Via ESA News.

After its closest approach to Earth, Rosetta looked back and took a number of images using the OSIRIS Narrow Angle Camera (NAC). This particular image was acquired 15 November 2007 at 03:30 CET.

The image is a colour composite of the NAC Orange, Green and Blue filters.

At the bottom, the continent of Australia can be seen clearly.

More here.

Image source: Credits: European Space Agency (ESA)

Credit Card Thieves Flood Wikimedia With Pennies


Brian Krebs writes on Security Fix:

The Wikimedia Foundation, the parent organization of the free online encyclopedia Wikipedia and other open-source projects, recently increased the minimum amount it will accept in donations after scammers apparently began testing the validity of stolen credit cards by sending a series of 1-cent "donations" to the group.

On Nov. 8, Wikimedia saw hundreds of penny donations come in over a very short period of time. In many cases, Wikimedia donors leave messages of support or praise for the organization along with their gift, but all of the fake donations were anonymous and contained no greeting, suggesting their submission may have somehow been automated.

More here.

Report Cites China's Cyber-Warfare Plans

Roy Mark writes for eWeek:

If the United States and China were to find themselves in an armed conflict, China is likely to launch cyber attacks on American regional bases in Japan and South Korea, and might even include cyber attacks on the U.S. homeland that target financial, economic, energy and communications infrastructures.

According to Gen. James Cartwright, commander of the U.S. Strategic Command, China is already actively engaging in cyber-reconnaissance through the probing of computer networks of U.S. government agencies and private companies.

Cartwright said the data collected from these reconnaissance probes can be used for many purposes, including identifying network weak points, understanding how U.S. leaders think, discovering the communication patterns of government agencies and private companies, and gaining valuable information stored throughout the networks.

More here.

UK: HMRC and Government Condemned Over Loss of 25M Records

Paul Fisher writes on SC Magazine Online:

Industry figures unite in condemnation of the Government's handling of the loss of 25 million child benefit records - thought to be the name and address of every child in Britain, as well as the bank account details of carers and parents.

In a statement to the House of Commons, the Chancellor Alistair Darling explained that the data had been held on two disks that had been sent to the National Audit Office (NAO) from an HMRC office. The chairman of HMRC had already offered his resignation after the breach was made public.

More here.

Hackers Jack Monster.com, Infect Job Hunters

Gregg Keizer writes on ComputerWorld:

Monster.com took a portion of its Web site offline Monday as researchers reported that it had been compromised by an IFrame attack and was being used to infect visitors with a multi-exploit attack kit.

According to Internet records, the Russian Business Network (RBN) hacker network may be involved.

Parts of the Monster Company Boulevard, which lets job hunters search for positions by company, were unavailable Monday; by evening, the entire section was dark. Most major American companies are represented on the site -- Google Inc.'s cache of the page that shows only those firms that begin with the letter B, for example, included Banana Republic, Bank of America, Black & Decker, Boeing, Broadcom and Budget Car Rental.

More here.

Best Exposé of the Day: The Guardian on Fox News Fake Impartiality

Roger Ailes


Michael Tomasky writes in The Guardian Unlimited:

Britons may be familiar with Rupert Murdoch, but I don't think the UK has a beast quite like the American Fox News Channel. Celebrating its 11th year on the air, Fox is a breathtaking institution.

It is a lock, stock and barrel servant of the Republican party, devoted first and foremost to electing Republicans and defeating Democrats; it's even run by a man, Roger Ailes, who helped elect Richard Nixon, Ronald Reagan and George Bush senior to the presidency.

And yet, because it minimally adheres to certain superficial conventions, it can masquerade as a "news" outfit and enjoy all the rights that accrue to that.

More here.

Note: Which reminds me why making a mental note of this is vastly important to save ourselves. Big media -- especially this sort of big media -- is poison. -ferg

Image source: Fred Prouser / Reuters / New York Times

Monday, November 19, 2007

In Passing: Central CA Gas Station Owner Dies In Hunger Strike

Mehdi Shahbazi in 2005.


Via CBS5.com.

Mehdi Shahbazi, a gasoline station operator who waged a hunger strike and public-relations battle against Shell Oil Co., died this week at Stanford University Hospital of liver failure. He was 65.

Shahbazi leased a Shell station in central California from 1982 until September. In 2005, he posted signs at the Marina station highlighting "big oil's unearned profit"—a protest that Shell said violated the terms of his lease. Shell sued, then Shahbazi accused the company of breach of contract and of violating the Petroleum Marketing Practices Act.

In July, he went on a liquids-only diet to underscore what he called onerous franchise fees and other problems faced by individual gas station operators.

He refused to sell gas, instead inviting customers to spend money at the store's mini-mart and car wash. He spent long hours writing legal motions for his federal case against Shell and e-mailing journalists about how station operators were suffering. He passed out business cards with the slogan "Pumping Mad" above his phone number.

More here.

Image source: Monterey County Weekly

Terrorists Better At Targeting Online Audience

Mike Sachoff writes on WebProNews.com:

"One of the most alarming trends we found on the Internet recently is what we call 'narrowcasting'," said Gabriel Weimann, professor of communications at the University of Haifa in Israel which monitors 5,800 militant Web sites.

Weimann said terrorist's goal is not to reach the largest Internet audience but to slice the audience into segments and target each with specific tactics. "Terrorists are using the Internet to focus on children, very young children, to attract young people to the ideology and later to the way of terrorism."

"When they target children, they do everything any commercial advertiser would do. They use comic books, storytelling, graphics, movies, competitions, prize-winning and so on," Weimann added.

More here.

The VA's Computer Systems Meltdown: What Happened and Why



Dian Schaffhauser writes on ComputerWorld:

At times, the bad news coming from the U.S. Department of Veterans Affairs seems unstoppable: D-grade medical facilities, ongoing security and privacy breaches, and a revolving door of departing leadership. In September, during a hearing by the House Committee on Veterans' Affairs, lawmakers learned about an unscheduled system failure that took down key applications in 17 VA medical facilities for a day.

Characterized by Dr. Ben Davoren, the director of clinical informatics for the San Francisco VA Medical Center, as "the most significant technological threat to patient safety the VA has ever had," the outage has moved some observers to call into question the VA's direction in consolidating its IT operations. Yet the shutdown grew from a simple change management procedure that wasn't properly followed.

The small, undocumented change ended up bringing down the primary patient applications at 17 VA medical centers in Northern California.

More here.

U.S. Toll in Iraq


Via The Boston Globe (AP).

As of Monday, Nov. 19, 2007, at least 3,873 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,153 died as a result of hostile action, according to the military's numbers.

The AP count is six higher than the Defense Department's tally, last updated Monday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

High Seas Drama Unfolding: Campaigners Plan to Ram Whaling Ships

Sea Shepherd Conservation Society Flagship Farley Mowat

Via The Australian.

Radical environmentalist group Sea Shepherd has again vowed to ram Japanese ships hunting whales in the Antarctic Ocean.

Japan's six-vessel whaling fleet took off from the western port of Shimonoseki for its five-month voyage on Sunday heading to the Antarctic Ocean for a hunt that will include humpback whales for the first time.

The Sea Shepherd Conservation Society says it will physically stop the hunt by ramming whaling vessels if necessary.

“Basically we're going down there to stop them,” Sea Shepherd's Jonny (Jonny) Vasic told the Nine Network this morning.

“We're not going down there to protest; we're going down to directly intervene and put an end to this criminal behaviour."

“We've been known to ram a vessel that's engaged in illegal activity as a last ditch effort to get them to stop."

“We have a reputation of direct action and we mean business."

More here.

Image source: Melbourne Indymedia

UK: Family Doctors to Shun National Database of Patient Records

John Carvel writes on The Guardian Unlimited:

Nearly two-thirds of family doctors are poised to boycott the government's scheme to put the medical records of 50 million NHS patients on a national electronic database, a Guardian poll reveals today.

With suspicion rife across the profession that sensitive personal data could be stolen by hackers and blackmailers, the poll found 59% of GPs in England are unwilling to upload any record without the patient's specific consent.

More here.

Red Hot Chili Peppers Sues Showtime Over 'Californication' Series Title

Red Hot Chili Peppers


An AP newswire article, via SFGate.com, reports that:

The Red Hot Chili Peppers on Monday sued Showtime Networks over the name of the television series "Californication," which is also the name of the band's 1999 album and a single on it.

The lawsuit alleges unfair competition, dilution of the value of the name and unjust enrichment, claiming the title is "inherently distinctive, famous ... and immediately associated in the mind of the consumer" with the Red Hot Chili Peppers.

More here.

Image source: Rockphiles.com

Are Your DNS Servers Vulnerable to Cache Poisoning Attacks?

Denise Dubie writes on NetworkWorld:

More than half of Internet name servers today allow requests that leave networks vulnerable to cache poisoning and distributed denial of service attacks -- a fact that has not improved over the past year.

The finding is part of the third annual survey of the Internet’s domain name servers released this week by The Measurement Factory, which conducted the survey for DNS management appliance maker Infoblox. The survey is based on a sample that included 5% of the IPv4 address space -- nearly 80 million devices -- and works to reveal configuration errors that compromise network security and availability.

More here.

Misspelled Children's Websites Lead to Porn

Jon Brodkin writes on NetworkWorld:

Children’s Web sites are frequent targets of typo-squatting, a growing category of online fraud which lures unsuspecting Web surfers to malicious sites when they misspell the URL. Some typo-squatters lure children to pornographic Web sites.

More than 60 of the “most squatted” sites are designed to appeal to minors, McAfee found in new research that quantifies the problem of typo-squatting. Domain names that are commonly targeted include webkinz.com, clubpenguin.com, and neopets.com, McAfee says.

More here.

Carriers Try To Avoid The Warrantless Eavesdropping Spotlight

Richard Martin writes on InformationWeek:

As Congress pushes forward in its effort to bring some visibility to the Bush Administration's warrantless-wiretapping program, the nation's major telecom companies find themselves in increasing danger of having their own role in the program exposed in court.

Last week both the U.S. House and Senate pushed forward versions of the bill renewing the 1978 Foreign Intelligence Surveillance Act (FISA) that would not include so-called "retroactive immunity" for the carriers who acceded to White House demands for customer records of phone calls and Web-surfing activities -- usually without warrants or subpoenas -- in the last few years. President Bush has repeatedly stated that he will not sign a FISA renewal that does not provide the large telecoms with legal cover.

More here.

Death of the Internet Predicted Again: A Little Disingenuity

Mike Masnick writes on techdirt.com:

For well over a decade now, someone will come along every few months or so and claim that the internet is about to be overwhelmed by traffic and will collapse. However, these predictions never seem to come true, and when you dig deeper, you almost always find that the reports misinterpret some data. In fact, when you get down into the details, you'll almost always find that the technology guys say there's little threat of an internet collapse -- but the policy and business guys will often state otherwise.

So, take with a large grain of salt the latest research report claiming that the internet will collapse by 2010. Thankfully, Broadband Reports quickly picks apart the report to note that it was funded by the likes of AT&T and Level3, and it's being supported by a group whose job is to lobby for laws that help the telcos.

More here.

FBI Investigates Swedish Hacker

Via The Local.se.

A 19-year-old man from Uppsala was found guilty on Monday of having gained unauthorized access to the computer networks of several Swedish universities and colleges. The teenager is now being investigated by the FBI, who suspect him of hacking American network giant Cisco.

The man was just 16 when he hacked his way in to what police described as "pretty much every college in Sweden". Svea Court of Appeal gave him a suspended sentence and ordered him to pay total damages of 181,467 kronor ($28,100) to several of the colleges and universities.

More here.

(Hat-tip: 'Eddie')

The Best Damned Thing You'll See All Week: 'The Warning'




David Vincent from the Art of Mental Warfare teamed up with Trent Reznor of Nine Inch Nails to present “Warning.” The project takes on the covert interests behind the war and our media saturated society.


(Props, Crooks and Liars.)

The Aftermath of Identity Theft

Tim Wilson writes on Dark Reading:

It's not just hype -- identity theft is definitely on the rise, according to a study published earlier today by the Identity Theft Resource Center.

The study, entitled "Identity Theft: The Aftermath 2006," offers a detailed analysis of both online and physical theft, and its impact on victims and businesses.

The study shows that ID theft, both through the Internet and through stolen wallets and purses, increased significantly between 2004 and 2006, according to the ITRC. The cost of ID theft also has grown, and now costs businesses about $87,303 per incident, a figure that is 78 percent higher than it was in 2004.

More here.

AlcaLu Identifies Deep Packet Potential

Ray Le Maistre writes on Light Reading:

The IP team at Alcatel-Lucent plans to develop its own deep packet inspection (DPI) capabilities that can be integrated into the vendor's edge routers, according to Basil Alwan, president of the vendor's IP business.

Alwan, who has just been handed additional responsibilities following a revamp of AlcaLu's Carrier Business Group, told Light Reading "there's good reason to invest" in DPI capabilities. "Investing in [DPI] makes a lot of sense and is part of our roadmap. We are going to do a lot with that technology," though nothing has yet been officially announced, he added.

AlcaLu currently has a number of partnerships to cover any current carrier customer requirements for DPI capabilities, including relationships with CloudShield Technologies Inc. and Sandvine Inc. With these partners, AlcaLu can meet the needs of service providers that want to identify P2P traffic on their networks and offer security-based managed services.

...or block them altogether. -ferg

More here.

Websense: Phishing for Fishing


Via The Websense Security Labs Threat Blog.

The term Phishing is partially derived from the practice of using sophisticated, deceptive bait in the hope of catching financial information from the end-users.

Well, in this case the bait is an online Boat Trading Web site. The victim actually appears to be Trader Online, which is a new and used online shopping site for expensive goods such as boats, motorcycles, and airplanes. It also looks like the Rock group has added this brand to their kit. One may wonder why anyone would want credentials for Trader Online. Perhaps it’s due to the high-end clientele that probably uses this service to sell yachts, RVs, and even planes on the site.

More here.

Image source: Websense

SCADA Watch: NIST Addresses Security for Industrial Controls Systems

William Jackson writes on GCN.com:

The National Institute of Standards and Technology has released an initial draft of new security guidelines for government information technology systems used for industrial control processes. The guidelines are in a revised appendix [.pdf] to NIST Special Publication 800-53, “Recommended Security Controls for Federal Information Systems.”

NIST describes the draft as an out-of-cycle update. The only change between Revision 1 and Revision 2 is the complete replacement of Appendix I, so only that appendix is being released for public review.

“This special update is required due to the urgent need to provide guidance on appropriate safeguards and countermeasures for federal industrial control systems,” NIST said in announcing the release.

More here.

Parents of MySpace Hoax Victim Seek Legal Recourse

Ina Freid writes on the C|Net "Beyind B1nary" Blog:

Getting ready for work this morning, I caught a Today Show interview with the parents of Megan Meier, the 13-year-old that I wrote about on Saturday, who committed suicide last year after being taunted on MySpace.

Meier believed she had been chatting on the social network with a boy named Josh. At first, "Josh" sent friendly messages, but after a few weeks, he abruptly turned accusatory and insulting.

Meier's parents found out several weeks after their daughter's death that Josh was actually not a boy, but rather the fictional creation of adults, including the mother of a friend of Megan's, with whom she had a falling-out.

In the Today Show interview, Tina and Ron Meier said that the FBI looked into the matter for some time, but was unable to find a law that had been broken. However, the two said they still hoped civil or criminal action might be possible against the adult cyberbullies.

More here.

Sunday, November 18, 2007

Image of the Day: Support T.W.A.T.





Image source: thesunmachine.net

PayPal to Offer Secure Method to Shop Non-PayPal Websites

Eric Auchard writes for Reuters:

PayPal, the payments service arm of online auction leader eBay Inc, is set to release on Tuesday a convenient way for its customers to make payments on Web sites that don't accept PayPal directly.

The new software utility, called the PayPal Secure Card, recognizes when a user lands on an e-commerce checkout page and automatically helps the user fill out the payment form in a secure way that also offers stepped-up fraud protections.

More here.

RBN: PC Hijacking via Banner-Ads on Major Web Portals

Via RBN Exploit.

The Russian Business Network (RBN) in one of its boldest PC hijacking exploits used conventional banner-ads to redirect web visitors to “fake” anti-spyware sites, this is a new attack vector but uses known RBN server routes and exploits. Malware based ads have been spotted on various legitimate websites, ranging from baseball's MLB.com, NHL.com, Canada.com and The Economist.

Acting as a conventional Flash file, the exploit is via DoubleClick's DART program, DoubleClick acknowledges the malware, and says it has implemented a new security-monitoring system that has thus far captured and disabled a hundred ads.

More here.

U.S. Toll in Iraq


Via The Boston Globe (AP).

As of Sunday, Nov. 18, 2007, at least 3,871 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,151 died as a result of hostile action, according to the military's numbers.

The AP count is eight higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Environment Watch: Japanese on Hunt for 1000 Whales

Minke Whale


Via The Australian.

Defying furious international protest and a decades-old moratorium, a whaling fleet has left southern Japan's Shimonoseki port on a hunt that will include the humpback.

Japanese whalers were last night heading to waters off Antarctica despite a high-seas showdown with environmental groups last year, and a deadly fire that crippled the fleet's mother ship and triggered strong protests over a potential oil spill.

This year's hunt includes a target of 50 humpback whales, the first known large-scale hunt for the species since a 1963 moratorium put them under international protection.

The mission aims to take up to 935 Antarctic minke whales and 50 fin whales by April in what Japan's Fisheries Agency says will be its largest scientific whale hunt in the South Pacific.

More here.

Image source: 7 Seas Whale Watch