An Oldie, But Goodie: Children's Xmas Letters to Christopher Walken
Something I blogged about the past couple of years -- the gift that keeps on giving.
Enjoy! And Seasons Greetings.
Something I blogged about the past couple of years -- the gift that keeps on giving.
Enjoy! And Seasons Greetings.
As of Saturday, Dec. 22, 2007, at least 3,897 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,171 died as a result of hostile action, according to the military's numbers.More here.
The AP count is three higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.
Tim Wiener writes in The New York Times:
A newly declassified document shows that J. Edgar Hoover, the longtime director of the Federal Bureau of Investigation, had a plan to suspend habeas corpus and imprison some 12,000 Americans he suspected of disloyalty.More here.
Hoover sent his plan to the White House on July 7, 1950, 12 days after the Korean War began. It envisioned putting suspect Americans in military prisons.
Hoover wanted President Harry S. Truman to proclaim the mass arrests necessary to “protect the country against treason, espionage and sabotage.” The F.B.I would “apprehend all individuals potentially dangerous” to national security, Hoover’s proposal said. The arrests would be carried out under “a master warrant attached to a list of names” provided by the bureau.
As of Friday, Dec. 21, 2007, at least 3,896 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count.More here and here.
The figure includes eight military civilians. At least 3,171 died as a result of hostile action, according to the military's numbers. The AP count is two higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.
As of Friday, Dec. 21, 2007, at least 405 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department.
The department last updated its figures Dec. 15, 2007, at 10 a.m. EST. Of those, the military reports 274 were killed by hostile action.
Ellen Nakashima writes on The Washington Post:
The FBI is embarking on a $1 billion effort to build the world's largest computer database of peoples' physical characteristics, a project that would give the government unprecedented abilities to identify individuals in the United States and abroad.More here.
Digital images of faces, fingerprints and palm patterns are already flowing into FBI systems in a climate-controlled, secure basement here. Next month, the FBI intends to award a 10-year contract that would significantly expand the amount and kinds of biometric information it receives. And in the coming years, law enforcement authorities around the world will be able to rely on iris patterns, face-shape data, scars and perhaps even the unique ways people walk and talk, to solve crimes and identify criminals and terrorists. The FBI will also retain, upon request by employers, the fingerprints of employees who have undergone criminal background checks so the employers can be notified if employees have brushes with the law.
Christine Kearney writes for Reuters:
Tough-guy actor and martial arts expert Chuck Norris sued publisher Penguin on Friday over a book he claims unfairly exploits his famous name, based on a satirical Internet list of "mythical facts" about him.More here.
Penguin published "The Truth About Chuck Norris: 400 facts about the World's Greatest Human" in November. Author Ian Spector and two Web sites he runs to promote the book, including www.truthaboutchuck.com, are also named in the suit.
The book capitalizes on "mythical facts" that have been circulating on the Internet since 2005 that poke fun at Norris' tough-guy image and super-human abilities, the suit said.
Grant Gross writes on InfoWorld:
The U.S. International Trade Commission (ITC) has voted to investigate claims by Trend Micro of competitors' patent infringement involving antivirus products.More here.
Trend Micro filed a trade complaint Nov. 21 against fellow cybersecurity vendors Barracuda Networks of Campbell, California; Panda Software International, based in Spain; and Panda Distribution of Glendale, California.
Trend Micro's complaint accuses the three companies of infringing its patent for virus detection and removal apparatus for computer networks. The technology "represents a dramatic departure from the traditional antivirus methods of safeguarding individual computers," the company says in its complaint.
Over the years ICANN constituencies and others have observed apparent inaccuracies in Whois contact information provided by registrants when registering and maintaining their domain names. In an attempt to contribute to community discussion regarding Whois policy, ICANN has undertaken a study of domain name Whois contact information accuracy.More here.
After finalizing the methodology to determine the Whois data accuracy of each data set, staff will execute the steps for each registered domain name within the representative sample. Staff anticipates several steps will be necessary to determine Whois data accuracy. Therefore, staff will conduct this study in phases. ICANN will publish status reports as staff completes work in connection with each phase of the study. The first report regarding this study will be published by February 2008.
Andy Greenberg writes on Forbes.com:
Given Apple's marketing toward the young and the trendy, you wouldn't expect the U.S. Army to be much of a customer. Lieutenant Colonel C.J. Wallington is hoping hackers won't expect it either.More here.
Wallington, a division chief in the Army's office of enterprise information systems, says the military is quietly working to integrate Macintosh computers into its systems to make them harder to hack. That's because fewer attacks have been designed to infiltrate Mac computers, and adding more Macs to the military's computer mix makes it tougher to destabilize a group of military computers with a single attack, Wallington says.
This year, we've seen many ARP spoofing viruses, also known as ARP cache-poisoning viruses. This type of malware comes in many variants and is widely spread in China. Recently, we uncovered an ARP spoofing virus that exhibits several new features.More here.
The new ARP spoofing virus inserts a malicious URL into the session of an HTTP response, thus including significant malicious content, and then exploits Internet Explorer. At the same time, the virus makes a poisoned host act as an HTTP proxy server. When any machine in the same subnet with the poisoned machine accesses the Internet, the traffic goes through the poisoned machine.
An AP newswire article, via MSNBC, reports that:
A federal judge appeared reluctant Friday to investigate the destruction of CIA interrogation videotapes while the Justice Department is conducting its own inquiry.More here.
U.S. District Judge Henry H. Kennedy is considering whether to delve into the matter and, if so, how deeply. The Bush administration is urging him to back off while it investigates.
An AP newswire article by Peter Svennson, via SFGate.com, reports that:
When Adele Rothman bought her 16-year-old son a car in 2003, she made sure to pick one that had OnStar, the onboard communications and safety system.More here.
What the Scarsdale, N.Y., resident didn't know was that the OnStar system in the car was already doomed to die. The federal government decided in 2002 to let cellular carriers shut down analog cell phone networks, used by Rothman's Saab and about 500,000 other OnStar-equipped cars, after Feb. 18, 2008.
It's the end of the nationwide network that launched the U.S. wireless industry 24 years ago, and it leaves a surprising number of users like Adele Rothman in the lurch.
OnStar told Rothman in March its service would stop at the end of this year, in anticipation of the network shutdown in February. "I was really upset," she said, "because that was my tieline" to her son.
Bill Gertz writes in The Washington Times:
China's intelligence service gained access to a secret National Security Agency listening post in Hawaii through a Chinese-language translation service, according to U.S. intelligence officials.More here.
The spy penetration was discovered several years ago as part of a major counterintelligence probe by the Naval Criminal Investigative Service (NCIS) that revealed an extensive program by China's spy service to steal codes and other electronic intelligence secrets, and to recruit military and civilian personnel with access to them.
According to officials who spoke on the condition of anonymity, China's Ministry of State Security, the main civilian spy service, carried out the operations by setting up a Chinese translation service in Hawaii that represented itself as a U.S.-origin company.
The ruse led to classified contracts with the Navy and NSA to translate some of the hundreds of thousands of intercepted communications gathered by NSA's network of listening posts, aircraft and ships.
Jim Carr writes on SC Magazine US:
Anti-virus vendor Grisoft has filed subpoenas requesting that Google, Microsoft and Yahoo provide it with the identities of advertisers it claims are fraudulently promoting the company's products via sponsored text ads on search engines.More here.
Grisoft, which does business as AVG, filed the subpoenas in Seattle district court under the Digital Millennium Copyright Act.
In addition, because the registration information for the alleged con sites used by the advertisers is not publicly available, Grisoft has requested the same sort of information from domain-name registrar GoDaddy, where the websites for several of the fraudulent site operators are registered.
To date, none of the companies has provided Grisoft "with accurate, up-to-date information regarding the identities of the entities behind the fake sites," the company said in a prepared statement this week.
As of Thursday, Dec. 20, 2007, at least 3,896 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,171 died as a result of hostile action, according to the military's numbers.More here.
The AP count is two higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.
Saul Hansell writes on the New York Times "Bits" Blog:
In less than 14 months, any traditional television set still connected to its antenna will receive nothing but static, as the broadcasting industry cuts over completely to its new digital frequencies.More here.
A recent poll by the marketing arm of the cable industry shows that most people still have no clue this is going to happen.
In a telephone survey in November of 1,017 people, only 48 percent said they had heard about the switch to digital television. And only 17 percent correctly identified 2009 as the year that analog television will be cut off.
Carolyn Pesce writes on the USA Today "On Deadline" Blog:
A new Associated Press-Ipsos poll reports that the Transportation Security Administration is among the least-liked federal agencies.More here.
Only the Federal Emergency Management Agency, still suffering from its mishandling of Hurricane Katrina, ranks below the TSA, which tied with the Internal Revenue Service.
An AP newswire article, via SFGate.com, reports that:
Charles Giancarlo, Cisco Systems Inc.'s chief development officer and heir-apparent to CEO John Chambers, resigned Thursday to join the investment firm Silver Lake Partners.More here.
In a conference call, Chambers called Giancarlo's departure a rare loss "where it wasn't the right time to lose him."
Giancarlo, 50, joined the network equipment maker 14 years ago when it bought Ethernet switch maker Kalpana. He started Cisco's business development organization and formed its successful acquisition strategy, the company said.
An AP newswire article, via Military.com, reports that:
The CIA said it would begin handing over documents to Congress about the destruction of videotapings showing the harsh interrogation of two terror suspects after the House Intelligence Committee threatened to subpoena two agency officials.More here.
Committee Chairman Silvestre Reyes, D-Texas, said Dec. 19 he had prepared subpoenas for former and current CIA officials and attorneys if they won't appear before the committee voluntarily. The panel rejected a Bush administration request that it defer to an executive branch preliminary inquiry and has launched its own investigation into the videotape destruction.
Reyes wants acting CIA general counsel John Rizzo and Jose Rodriguez, the former head of the National Clandestine Service, to testify to the committee on Jan. 16. Rodriguez is the official who directed that the tapes, which document the interrogation of two al-Qaida suspects in 2002, be destroyed.
Kevin Johnson writes on USA Today:
Federal prosecutors are targeting a rising number of law enforcement officers for alleged brutality, Justice Department statistics show. The heightened prosecutions come as the nation's largest police union fears that agencies are dropping standards to fill thousands of vacancies and "scrimping" on training.More here.
Cases in which police, prison guards and other law enforcement authorities have used excessive force or other tactics to violate victims' civil rights have increased 25% (281 vs. 224) from fiscal years 2001 to 2007 over the previous seven years, the department says.
Brian Krebs writes in The Washington Post:
The year 2007 may go down in the annals of Internet crime as the year when organized cyber criminals finally got serious about their marketing strategies -- crafting cyber schemes that were significantly more sophisticated and stealthy.More here.
Security experts say criminals are increasingly trying to ensnare Internet users by lurking on familiar Web sites and using purloined data to craft scam e-mails that are more believable, and thus more likely to entice an unsuspecting user.
"The attackers are now following the same path that businesses have, in trying to advertise themselves in their own special way on the more popular Web sites," said Tom Liston, an incident handler at the Bethesda, Md.-based SANS Internet Storm Center and a senior security consultant with Intelguardians, a Washington-based Internet security consulting group. "They're doing exactly what every business tries to do, which is to find innovative ways get themselves out in front of as many eyeballs as possible."
While Christmas shopping online this season, be careful what you are signing up for.More here.
Visiting Sears.com (and Kmart.com) a few weeks ago, I was offered a chance to join My SHC Community, for free, but what I received was, from a privacy perspective, very costly. Sears.com is distributing spyware that tracks all your Internet usage - including banking logins, email, and all other forms of Internet usage - all in the name of "community participation." Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer.
In other words, if you have installed Sears software ("the proxy") on your system, all data transmitted to and from your system will be intercepted. This extreme level of user tracking is done with little and inconspicuous notice about the true nature of the software.
An AP newswire article, via The New York Times, reports that:
U.S. antitrust regulators approved Google Inc.'s $3.1 billion purchase of DoubleClick Inc. Thursday, removing a key obstacle to a formidable combination in the burgeoning online advertising sector.More here.
The transaction still faces substantial antitrust scrutiny from European regulators and cannot be completed without their approval. The European Commission has set a deadline of April 2 to finish its review.
The Federal Trade Commission appeared to accept many of Google's arguments that its online ad sales business doesn't compete with DoubleClick's ad-serving tools, saying its analysis ''showed that the companies are not direct competitors in any relevant antitrust market.''
An AP newswire article, via CBS5.com, reports that:
Gov. Arnold Schwarzenegger is fond of referring to California as a nation state.More here.
Population figures released Wednesday show that if the Golden State was its own country, it would be right there with Poland.
California's population is nearing 38 million, up 11.5 percent since the 2000 census, according to estimates by the state Department of Finance.
Among nations, 33 countries have more people, with Poland's population running just ahead at 38.5 million. The latest figure still means California has more people than Canada.
The department calculated that the nation's most populous state had about 37,771,000 people as of July 1. It added 438,000 more residents in the previous year.
Just more than 12 percent of the 301 million people in the U.S. live in California.
Daniel C. Vock writes on Stateline.org:
Some of the pro football fans who flocked to sports bars on a recent Thursday night to see a highly anticipated showdown between the Green Bay Packers and the Dallas Cowboys weren’t there for big-screen TVs and alcoholic beverages. They were just looking for a place to see the game.More here.
That’s because, for most of the country, it wasn’t on cable. The game was carried by NFL Network, a four-year old programming outlet for the National Football League that many cable companies, including Comcast and Time Warner Cable, refuse to carry on basic cable.
Now the NFL wants states to end the standoff.
The league is starting its offensive drive in Texas and Wisconsin, home states of the Cowboys and Packers. NFL Commissioner Roger Goodell addressed Texas lawmakers in Austin last week and NFL officials talk to Wisconsin legislators in Madison on Thursday (Dec. 20).
An NFL Network spokesman said the appearances are just the beginning of the league’s state-level push.
In an extension to analysis of the Russian Business Network (RBN) this is the first element of a series on RBN payment systems.More here.
This article focuses on just one of the several payment systems for its “fakes” retail division i.e. isoftpay.com, this has been reported before namely the Sunbelt Blog Oct 3rd 06 in the report on the rogue software, also more recently reported within 2-spyware on Dec 10th 07.
In exploring this node of the RBN’s organization it raises several areas of interest; the location(s) of internet operation, SSL and transactional base. Briefly by way of an introduction to later more in depth analysis malware revenue models, analysis solely of isoftpay does provide a starting point for some generalized assumptions of RBN retail revenue.
Liam Tung writes on ZDNet Australia:
Launched in 2005, Google AdSense allows third-party Web sites or publishers to generate revenue from Google's text advertisers.More here.
AdSense acts as a middleman between an advertiser and a publisher. By crawling the content of publishers' Web pages, AdSense determines the relevance of a text ad to page content and then places the ad within the page if there is a match.
Trojan.Qhost.WU, discovered by security firm BitDefender, has been designed to replace ads served by Google on third-party Web sites that use Google's AdSense network. The ads are replaced with alternative ads called from hosts outside the AdSense network.
Although it has not been established whether the ads served -- or the pages that the ads link to -- contain malicious software, BitDefender virus analyst Attila-Mihaly Balazs said it is "a very likely situation, given that they are promoted using malware in the first place".
Mark Fiore, via Truthdig.com.
Today the House of Representatives unanimously approved H.R. 4040, the Consumer Product Safety Commission Modernization Act of 2007, that virtually eliminates lead from children's toys (down to 100 parts per million by 2012) and increases the funding of the CPSC.More here.
A Senate committee approved its own version of an anti-lead/pro-CPSC bill in October, but it hasn't reached a floor vote yet—so sometime (early?) next year a final bill should be hammered out to send to the White House.
Mahesh Sharma writes on Australian IT:
Australian web hosting company's servers have been hacked, with attackers embedding malicious code to generate "link farms" on its customers' websites.More here.
Link farming is the process of exchanging reciprocal links with websites in order to increase search engine optimisation, according to internet encyclopedia [Wikipedia].
Melbourne-based MD Web Hosting confirmed that over the past two weeks it's been the victim of hacking attacks from IP addresses that originated from Russia and Turkey.
"Obviously some companies buy the services of these Russians to find vulnerable websites," Tom Najda, MD Web Hosting business services manager, said.
"These link farms were linking back to pharmaceutical websites which are obviously looking to boost their Google ranking," he said.
Attackers were able to gain access to around five servers which didn't have the correct security profiles. The problem was compounded by the fact that the company's IP blocking and firewalls were not up to scratch, Mr Najda said.
Ryan Singel writes on Threat Level:
By now it's well known that FBI agents can't always be troubled to get a court order before going after a surveillance target's telephone and internet records. But newly released FBI documents show that aggressive surveillance tactics have even caused friction within the bureau.More here.
The revelation is the second this year showing that FBI employees bypassed court order requirements for phone records. In July, the FBI and the Justice Department Inspector General revealed the existence of a joint investigation into an FBI counter-terrorism office, after an audit found that the Communications Analysis Unit sent more than 700 fake emergency letters to phone companies seeking call records. An Inspector General spokeswoman declined to provide the status of that investigation, citing agency policy.
R J Hillhouse writes on The Spy Who Billed Me:
Just as Congress is attempting to get a clearer picture of the extent of outsourcing in the Intelligence Community, the Department of Defense is doing its part to keep this information from the light of public scrutiny.More here.
The Undersecretary of Defense has granted waivers [.pdf] to the Defense Intelligence Agency (DIA), Counterintelligence Field Activity (CIFA) and the National Geospacial Agency (NGA) to withhold unclassified contracting data from a government website designed to give greater transparency to government spending.
Ryan Singel writes on Threat Level:
At the end of 2006, the FBI's Telecommunications Intercept and Collection Technology Unit compiled an end-of-the-year report touting its accomplishments to management, a report that was recently unearthed via an open government request from the Electronic Frontier Foundation.More here.
Strikingly, the report said that the FBI's software for recording telephone surveillance of suspected spies and terrorists intercepted 27,728,675 sessions.
Twenty-seven million is a staggering number given that the FBI only got 2,176 FISA court orders [.pdf] in 2006 from a secret spy court using the Foreign Intelligence Surveillance Act.
According to the math that means each court order resulted in 12,742 "sessions," all in regards to phone, not internet, surveillance.
"Well if the FBI can have a terrible computer system that's useless at catching terrorists, should it really be much of a surprise that the SEC has a computer system that isn't particularly useful at catching insider trading?"
- Mike Masnick, writing on techdirt.com.
Watch it here.
An AP newswire article, via NewsDay.com, reports that:
A $2 billion radio network intended to connect emergency responders throughout the state failed its first major test, a newspaper reported Tuesday.More here.
Buffalo chose to opt out of the system following what officials said were problems so severe that radios did not work in about half of the state's second largest city, the New York Times reported.
"West of the center of the city we had zero reception," said Buffalo Fire Commissioner Michel Lombardo. In the areas that did receive reception, he said, "it sounded like a guy was talking in a tin can."
We're bidding adieu to 2007 with a look back at the breaking news, the big events and the must-have gadgets that captivated us this year (give or take a few weeks; we compile this list by early December). To get a glimpse of what's been on our collective consciousness, we mined billions of search queries to discover what sorts of things rose to the top.Much more here.
We encourage you to check out our findings to see if you, too, reflect the zeitgeist — the spirit of the times.
The Internet is useful to Islamic terror groups for propaganda and recruitment, but it cannot be used for terrorist military training, says a U.S. report.More here.
The Austin, Texas-based private sector intelligence company Stratfor says in an analysis that some experts overstate the importance of the Internet.
"Although the Internet has been a great enabler for grassroots (terrorist) cells to spread their ideology and recruit new acolytes, some things are incredibly difficult to accomplish online -- namely, absorbing the technical information and tradecraft of terrorism and applying it to a real-world situation, particularly in a hostile environment," reads the analysis, published last week.
Grant Gross writes on PC World:
Microsoft, Google and Yahoo have agreed to pay a total of US$31.5 million to resolve claims that they promoted illegal gambling, the U.S. Department of Justice announced Wednesday.More here.
Microsoft will pay $21 million, Google will pay $3 million and Yahoo will pay $7.5 million, the DOJ said in a news release. The three companies neither contest nor admit they promoted illegal online gambling by running advertisements for gambling Web sites between 1997 and June of this year.
Dennis Fisher writes on SearchSecurity.com:
In early 2006, Dave Dittrich, a senior security engineer and researcher at the University of Washington in Seattle, got a sample of a new strain of malware from a colleague, and began monitoring its activity. The Trojan was a bit lazy at first, making just a few outbound connections.Much more here.
But it quickly became obvious that this was no ordinary piece of malware, because each of the connections was to a peer and not a central command and control server.
Today Nikolay Patrushev, head of the Federal Security Services, announced the results of the measures taken to combat cyber crime in 2007.More here.
Among other information, it was announced that it had been established who was the author of the notorious Pinch Trojan - two Russian virus writers called Ermishkin and Farkhutdinov. The investigation will soon be completed and taken to court.
It's well known that Pinch is one of the most popular Trojan programs with Russian malicious users. The Trojan makes it possible to steal email, icq and other account data, including to network services and application. The authors of this program, also known as Damrai and Scratch, used Pinch to build a criminal industry.
Patrushev's announcement today clearly shows that the security services are targeting active virus writing groups which participate in cyber crime, and that the steps being taken are meeting with success.
Ryan Naraine writes on eWeek:
Adobe Systems has shipped an extremely critical patch to correct at least nine cross-platform vulnerabilities in its ubiquitous Flash Player software.More here.
The APSB07-20 update, available for Adobe Flash Player 184.108.40.206 and earlier, 220.127.116.11 and earlier, and 18.104.22.168 and earlier, could allow complete system takeover attacks on Windows, Mac and Linux machines.
"A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities," Adobe warned Dec. 19.
The company is strongly recommending that all users upgrade to Adobe Flash Player 22.214.171.124 (Win, Mac, Linux) via the software's auto-update mechanism. A patch for Solaris will be issued later.
Brenden Kuerbis writes on The Internet Governance Project (IGP) Blog:
A consulting group (DNK LLC) report [.pdf] to the U.S. Department of Homeland Security stated clearly that the problems of who would own the DNSSEC keys and mistrust of the U.S. government's intentions could be barriers to DNSSEC deployment. While the August 2006 report covers developments only from March 2005 to July 2006, it makes two important points that are relevant and timely today.More here.
First it makes clear, if it weren't already, that the issue of root signing and key management has been recognized as a political issue for long time. It also offers some interesting insights on how DHS has approached the politics of DNSSEC and Internet security.
Mark Mazzetti and Scott Shane write in The New York Times:
At least four top White House lawyers took part in discussions with the Central Intelligence Agency between 2003 and 2005 about whether to destroy videotapes showing the secret interrogations of two operatives from Al Qaeda, according to current and former administration and intelligence officials.More here.
The accounts indicate that the involvement of White House officials in the discussions before the destruction of the tapes in November 2005 was more extensive than Bush administration officials have acknowledged.
Those who took part, the officials said, included Alberto R. Gonzales, who served as White House counsel until early 2005; David S. Addington, who was the counsel to Vice President Dick Cheney and is now his chief of staff; John B. Bellinger III, who until January 2005 was the senior lawyer at the National Security Council; and Harriet E. Miers, who succeeded Mr. Gonzales as White House counsel.
It was previously reported that some administration officials had advised against destroying the tapes, but the emerging picture of White House involvement is more complex. In interviews, several administration and intelligence officials provided conflicting accounts as to whether anyone at the White House expressed support for the idea that the tapes should be destroyed.
Federal Trade Commission Chairman Deborah Platt Majoras says her agency has done a credible job regulating the Big Three credit bureaus.More here.
But the boom — and now bust — of subprime mortgages is fueling criticism that the FTC under Platt Majoras has given Experian, Equifax and TransUnion too much latitude to profit from the sale of credit data to lenders and consumers.
In February, the National Association of Mortgage Brokers lambasted the FTC for giving the credit bureaus tacit approval to keep selling listings — called "trigger lists" — containing personal and financial data of prospective borrowers. Some unscrupulous lenders used trigger lists to contact people who recently filled out a loan application, and then pitched them subprime mortgages, higher-priced loans aimed at people with spotty credit histories but also marketed to borrowers with good credit.
Most applicants never knew the bureaus were placing them on trigger lists and were surprised to be deluged by phone calls and e-mails for subprime loans. These too-good-to-be-true offers came from brokers who skirted rules requiring traditional lenders to make firm offers only in writing.
A Chinese government Web site encouraging citizens to report corruption crashed on its first day under the weight of too many hits.More here.
China's National Bureau of Corruption Prevention, formed in September after a string of high-profile scandals involving government officials, launched its official Web site (yfj.mos.gov.cn) on Tuesday.
By the afternoon, the Web site could not be opened, the Beijing Youth Daily said. It quoted an official as saying that the "number of visitors was too large".
The Web site was up later on Tuesday, the paper said, and had 12 pages of comments left by Internet users on its discussion board ranging from allegations of collusion between driving schools and government traffic bureaus to criticism of the Web site itself for being "done relatively crudely".
On Wednesday morning the Web site was again down for a while.
Overwhelmed by requests from military families in Washington for emergency help, the state chapter of a charity advocating for them now also needs help.More here.
"We served over 5,000 military families and are doubling that this year," said Janice Buckley of Snohomish, president of Operation Homefront Washington.
"These military families are stressed out by the sacrifices they have made. The same higher costs that are hitting everyone, especially at Christmas season, are hitting them as well, but in the military it can be very lonely for families -- especially if a member deploys," she said.
Operation Homefront Washington is the 3-year-old state chapter of the larger national organization, Operation Homefront, founded after 9/11 and operating under a memorandum of understanding with the Defense Department to assist military families from all branches.
Robert McMillan writes on InfoWorld:
Google is working to fix a bug in the Google Toolbar that could allow criminals to steal data or install malicious software on a system, a security researcher warned Tuesday.More here.
The flaw lies in the mechanism Google Toolbar uses to add new buttons on the browser. Because the toolbar does not perform adequate checks when new buttons are being installed, a hacker could make his button appear as though it was being downloaded from a legitimate site when in fact it came from somewhere else. By spoofing the origin of the toolbar button, an attacker could download malicious files or launch a phishing attack against the victim, wrote security researcher Aviv Raff in a blog post on the issue.
Raff has posted proof of concept code, showing how such an attack would work with the Internet Explorer browser. A Google spokeswoman confirmed Tuesday that the company is working to fix the problem.
"In the final analysis, the real winners today are businesses that are in many cases quite healthy, and the real losers are going to be all of us who depend on the news media to learn what’s happening in our communities and to keep an eye on local government."
- Democratic FCC Commissioner Michael J. Copps, quoted in a New York Times article, on the FCC ruling to ease media restrictions that have, until now, prevented a company from owning both a newspaper and a television or radio station in the same city.
Declan McCullagh writes on the C|Net "Iconoclast" Blog:
The U.S. Department of Justice won't say when it believes an American citizen should be forced to divulge his or her PGP passphrase.More here.
We've been trying for the last two days to get the DOJ to answer this question, which became an important one after last week's news about a judge ruling a criminal defendant can't be forced to divulge his passphrase on Fifth Amendment grounds.
An AP newswire article by Laurie Kellman, via The Detroit Free Press, reports that:
Congress is moving to reverse one area of the Bush administration's trend toward secrecy since the 2001 terrorist attacks by expanding the Freedom of Information Act, increasing penalties for noncompliance and making records held by government contractors subject to the law.More here.
The White House isn't saying whether President George W. Bush will sign the bill, S. 2488, once the House acts on it today. With a congressional recess starting at the end of the week, that raises the possibility that the act's first makeover in a decade could become law without his signature. The Senate passed the bill last week.
Jan Libbenga writes on The Register:
Telecoms watchdog OPTA has fined three Dutch firms and their two directors a total of €1m for the illegal distribution of spyware.More here.
It is the first time OPTA has imposed fines for spreading malicious Trojans, and has been called "one of the biggest cases of illegal software crime", by the regulator.
In 2005, the two unnamed businessmen distributed software called DollarRevenue among millions of internet users. Approximately 450 million software files were installed on 22 million computers in the Netherlands and abroad.
The adware application silently downloaded advertising software and installed it to the computer without the user's knowledge. DollarRevenue was also bundled with some ad-supported products and was extremely difficult to remove.
The software was also directly linked to certain botnet attacks, with over 7,700 machines hacked within 24 hours.
An AP newswire article by Bradley S. Klapper, via E-Commerce Times, reports that:
A 4,000-year-old clay tablet authorities suspect was smuggled illegally from Iraq was pulled from eBay just minutes before the close of the online auction, authorities said Tuesday.More here.
Criminal proceedings have been launched against the seller, identified only as a resident of Zurich, Switzerland, officials said.
Paul Marks writes on NewScientistTech.com:
The next time you see something flapping in the breeze on an overhead power line, squint a little harder. It may not be a plastic bag or the remnants of a party balloon, but a tiny spy plane stealing power from the line to recharge its batteries.More here.
The idea comes from the US Air Force Research Lab (AFRL) in Dayton, Ohio, US, which wants to operate extended surveillance missions using remote-controlled planes with a wingspan of about a metre, but has been struggling to find a way to refuel to extend the plane's limited flight duration.
So the AFRL is developing an electric motor-powered micro air vehicle (MAV) that can "harvest" energy when needed by attaching itself to a power line. It could even temporarily change its shape to look more like innocuous piece of trash hanging from the cable.
Jason Miller writes on Washington Technology:
General Dynamics Corp. has won a $48.2 million from the Homeland Security Department’s U.S. Computer Emergency Readiness Team to provide support and analysis services.More here.
Under the contract, General Dynamics will provide U.S.-CERT with situational awareness support, analysis and technical and infrastructure support.
Ed Felten writes on Freedom to Tinker:
The State of Ohio released the report [.pdf] of a team of computer scientists it commissioned to study the state’s e-voting systems. Though it’s a stiff competition, this may qualify as the scariest e-voting study report yet.More here.
This was the first detailed study of the ES&S iVotronic system, which up to now had been the only major system to have avoided such study. The study found many ways to subvert ES&S systems.
This is yet more evidence that today’s paperless e-voting machines can’t be trusted.
An AP newswire article by Dibya Sarkar, via SFGate.com, reports that:
With Americans cutting the cord to their land lines, 2007 is likely to be the first calendar year in which U.S. households spend more on cell phone services, industry and government officials say.More here.
The most recent government data show that households spent $524, on average, on cell phone bills in 2006, compared with $542 for residential and pay-phone services. By now, though, consumers almost certainly spend more on their cell phone bills, several telecom industry analysts and officials said.
"What we're finding is there's a huge move of people giving up their land line service altogether and using cell phones exclusively," said Allyn Hall, consumer research director for market research firm In-Stat.
As of Monday, Dec. 17, 2007, at least 3,895 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,168 died as a result of hostile action, according to the military's numbers.More here.
The AP count is two higher than the Defense Department's tally, last updated Monday at 10 a.m. EST.
Andrew E. Kramer writes in The New York Times:
At a venture capital conference in Silicon Valley, Oleg S. Shvartsman mixed easily among the titans of private equity.More here.
“He didn’t stand out from the crowd,” said Evgeny Zaytsev, the organizer of the conference on Nov. 9.
That is, until he acknowledged in a newspaper interview that the $3.6 billion group of equity funds he manages serves investors “close to the top of the F.S.B. and S.V.R.,” the domestic and overseas espionage agencies of the Russian government.
Russians and outsiders have long suspected that the Federal Security Service, or F.S.B. by its Russian initials, successor to the K.G.B., has had a hand in Russian business. But Mr. Shvartsman’s statement, the boldest such assertion yet, has generated debate over the appropriate corporate role for spies and ex-spies.
Ryan Singel writes on Threat Level:
Connecticut senator Christopher Dodd's threatened filibuster of a bill giving immunity to telecoms that helped the government spy on Americans unexpectedly carried the day Monday, as Senate Majority Leader Harry Reid decided to postpone the vote on the measure until after the winter break.More here.
The announcement was an unexpected victory for civil liberties groups, whose anti-immunity fortunes looked grim this morning as the Senate looked primed to pass an expansive spying bill that would free telecoms like AT&T and Verizon from privacy lawsuits.
Dodd showed his moxie and determination all day, as he held the floor for long stretches, railing against an administration-backed bill that would have freed telecoms from 40-odd lawsuits pending against them in federal court.
Yes, you've probably heard by now that our elected representatives in the U.S. Senate voted this morning to pass a FISA bill that provides immunity for telecommunications companies that were complicit in providing your telecommunications & call records to U.S. Intelligence & law enforcement without a court-ordered subpoena or warrant.
Bill S. 2248 was passed by 76 votes in favor, 10 opposed, and 14 abstentions.
In my home state of California, U.S. Senator Diane Feinstein (D-CA), who voted in favor of this legislation, will not be getting my vote next time around.
On the other hand, U.S. Senator Barbara Boxer (D-CA), who voted against it, will be getting my vote.
If you would like to see how your elected representative voted for this, and if they betrayed your trust -- by not listening to the voice of their own constituents -- here is the the roll call.
This is, in my opinion, a very bad turn of events for the privacy of the citizens of this country.
Note: The New York Times also has a good summary of the situation here. - ferg
Andrew Brandt writes on InfoWorld:
When federal agents announced on November 29 that they'd indicted or convicted eight individuals accused of using botnets (networks of computers infected with Trojan horse applications) to engage in criminal activity, the press release barely explained the nature and extent of the men's crimes -- or the investigations that led to arrests in an operation the FBI and other law enforcement agencies have termed Bot Roast II.More here.
When InfoWorld decided to dig a little deeper, we found that the motivations of each perpetrator were far richer, and the nature of the crimes more complex, than a simple rundown of their rap sheets could express.
In fact, the eight Bot Roast II criminals committed a broad range of online crimes, which together make up a representative sample of motives and patterns common to these kinds of crimes. The following story is our attempt to profile the people behind the crimes.
Enrico Schaefer writes on CircleID:
How prevalent is cybersquatting and typosquatting? Take a look at www.wipo.com, and then compare it with the World Intellectual Property Organization’s web site www.wipo.org. Ironically, the WIPO Arbitration and Mediation Center handles a majority of the UDRP domain dispute arbitrations internationally.More here.
The very organization which is invested with the authority by ICANN to resolve cybersquatting and typosquatting disputes internationally under the UDRP is, by all appearances, being squatted.
As of Sunday, Dec. 16, 2007, at least 3,893 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,168 died as a result of hostile action, according to the military's numbers.More here.
The AP count is four higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.