Saturday, February 16, 2008

Late Night Flashback: Neil Young - Four Dead in Ohio


- ferg

Local: Ex-Intern Allegedly Hacked SJ Councilman's E-Mail


A former intern to a San Jose council member has been arrested for allegedly hacking into the city's e-mail system more than 100 times.

Eric Abraham Hernandez faces a felony charge that he broke into the e-mail system to look for political dirt to spread about the girlfriend of his former boss, San Jose Councilman Sam Liccardo.

Police say the 18-year-old Hernandez was arrested at the San Jose home he shares with his parents.

Prosecutors say he could be sentenced to three years in prison if convicted of the felony charge of unlawfully taking, copying and using computer data.

More here.

FBI Received Unauthorized E-Mail Access

Eric Lichtblau writes in The New York Times:

A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network — perhaps hundreds of accounts or more — instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.

F.B.I. officials blamed an “apparent miscommunication” with the unnamed Internet provider, which mistakenly turned over all the e-mail from a small e-mail domain for which it served as host. The records were ultimately destroyed, officials said.

Bureau officials noticed a “surge” in the e-mail activity they were monitoring and realized that the provider had mistakenly set its filtering equipment to trap far more data than a judge had actually authorized.

The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.

The problem has received no discussion as part of the fierce debate in Congress about whether to expand the government’s wiretapping authorities and give legal immunity to private telecommunications companies that have helped in those operations.

More here.

Wireless Devices a Security Threat Overseas?

JJ Green writes on

The intelligence community has expressed concern that when traveling to some foreign countries with wireless communications devices, it's possible your email may be read, your address book may be downloaded and your phone calls may be monitored, WTOP has learned.

This is because when you fly overseas and turn your wireless phone back on after the flight, it's no longer operating on your company's network -- it's linked to a foreign network.

Government hackers can open your address book and download all the information. They can also listen to your phone calls. And according to U.S. intelligence sources, one country has been known to try to infect wireless devices with viruses.

When you get back to the U.S. and plug back into your company's network, the intelligence agencies of those countries may have access to your company's network.

More here.

Note: This has got to be one of the most creative bits of fear-mongering and misinformation I have ever heard. Can this somehow be an effort by U.S. Customs & Border Protection to attempt to justify their searches & seizures of personal electronics? If so, even more reason to sue DHS to halt this chicanery. -ferg

Friday, February 15, 2008

Late Night Flashback: Talking Heads - Wild Wild Life


- ferg

U.S. Toll in Iraq, Afghanistan

Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Feb. 15, 2008, at least 3,961 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,225 died as a result of hostile action, according to the military's numbers.

The AP count is one higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Feb. 15, 2008, at least 415 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Saturday at 10 a.m. EST.

Of those, the military reports 283 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

BitTorrent Developers Introduce Comcast Busting Encryption

Via TorrentFreak.

BitTorrent throttling is not a new phenomenon, ISPs have been doing it for years. When the first ISPs started to throttle BitTorrent traffic most BitTorrent clients introduced a countermeasure, namely, protocol header encryption. This was the beginning of an ongoing cat and mouse game between ISPs and BitTorrent client developers, which is about to enter new level.

Unfortunately, protocol header encryption doesn’t help against more aggressive forms of BitTorrent interference, like the Sandvine application used by Comcast. A new extension to the BitTorrent protocol is needed to stay ahead of the ISPs, and that is exactly what is happening right now.

More here.

Malware: One Victim's Story

Thomas Claburn writes on InformationWeek:

When you have spinal and liver cancer, computer infections are the least of your worries. But even the least of worries can diminish your quality of life.

Tim, a resident of Aberdeen, Wash., just wanted to play some online games, his friend Sharon explained over the phone on Tuesday. Sharon provided her last name and address, but asked that it not be published because Tim and she are dealing with identity theft, in addition to cancer.

Tim, she explained, saw a TV ad for an online bingo site,, while watching Fox News recently. Upon visiting the site, Tim lost control of his computer.

"My friend loves online games," said Sharon. "I'm always telling him to be careful. But when you see it advertised on TV, you figure it's safe."

Tim had been redirected to malware-alarm dot com, one of several variant Web domains associated with the MalwareAlarm rogue antivirus software. The site receives 31,147 unique U.S. monthly visitors, according to Quantcast.

More here.

Cartoon of The Day: McCain's Winning Smile

Click for larger image.

We love Mr. Fish.

- ferg

Scientists Call on Next President to End Political Interference in Science

Via The Union Of Concerned Scientists.

A group of prominent scientists today called on the next president and Congress to end political interference in science and establish conditions that would allow federal science to flourish. Organized by the Union of Concerned Scientists (UCS), the group released a statement at a press conference during the annual American Association for the Advancement of Science (AAAS) meeting.

"Good federal policy depends upon reliable and robust scientific work," said Francesca Grifo, director of the Scientific Integrity Program at UCS. "When science is falsified, fabricated or censored, Americans' health and safety suffer."

The statement specifically calls for the next administration and Congress to ensure that federal scientists have the freedom to publicly communicate their findings; publish their work; disclose misrepresentation, censorship or other abuses; and have their technical work evaluated by peers -- all without fear of retribution.

More here.

Identity Theft Tops FTC Complaint List Again

Martin H. Bosworth writes on

For the seventh year in a row, identity theft was the number one source of consumer fraud complaints submitted to the Federal Trade Commission (FTC). According to the agency's yearly report [.pdf] on fraud complaints for 2007, of 813,899 total complaints received in 2007, 258,427, or 32 percent, were related to identity theft.

According to the FTC, total consumer fraud losses totaled $1.2 billion, with the average monetary loss for an individual at $349. Credit card fraud was the most common form of reported identity theft at 23 percent, followed by utilities fraud at 18 percent, employment fraud at 14 percent, and bank fraud at 13 percent.

The top form of credit card fraud was opening a fraudulent new account at 14.2 percent, followed by fraud on an existing account at 9.4 percent.

More here.

Google Finds Evil All Over The Web

Robert McMillan writes on InfoWorld:

The Web is scarier than most people realize, according to research published recently by Google.

The search engine giant trained its Web crawling software on billions of Web addresses over the past year looking for malicious pages that tried to attack their visitors. They found more than 3 million of them, meaning that about one in 1,000 Web pages is malicious, according to Neils Provos, a senior staff software engineer with Google.

These Web-based attacks, called "drive-by downloads" by security experts, have become much more common in recent years as firewalls and better security practices by Microsoft have made it harder for worms and viruses to directly attack computers.

More here.

Experts Scoff at Satellite Shoot-Down Rationale

Noah Shachtman writes on Danger Room:

The Pentagon says it has to shoot down a malfunctioning spy satellite because of the threat of a toxic gas cloud.

Space security experts are calling the rationale highly unlikely. "Having the US government spend millions of dollars to destroy a billion-dollar failure to save zero lives is comedic gold," one tells DANGER ROOM.

More here.

Make Big Profits Illegally (and Maybe Keep Them, Too)

Floyd Norris writes in The New York Times:

There is not much doubt that Oleksandr Dorozhko used inside information when he made a killing trading stock options last fall. Nor is there a dispute that he gained the information illegally. His lawyer, arguing before an appeals court this week, spoke of “a high-tech lock pick.”

But that does not mean that Mr. Dorozhko, a Ukrainian resident, will have to forfeit the $296,456 he earned in one day of trading, beginning just hours before the company in question announced disappointing earnings. The Securities and Exchange Commission blocked him from collecting the profits from his brokerage account, but a federal judge has ordered the S.E.C. to let him have the cash.

More here.

Major Linux Security Glitch Lets Hackers in at Claranet

Chris Williams and John Leyden write on The Register:

A major security vulnerability in the Linux kernel, which was revealed on Sunday, has claimed its first confirmed UK victim in business ISP Claranet.

Hackers used a bug in the sys_vmsplice kernel call, which handles virtual memory management, to gain root privileges and replace Claranet customers' index.html files with the hacker's calling card.

The exploit was noticed at about 6pm on Tuesday.

Claranet said: "Malicious activity related to the vulnerability was detected on Claranet's shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.

"The shared hosting platform was fully patched with the vendor's updates by 10am on Wednesday. Less than one per cent of the total web sites hosted on the Claranet platform were affected and all were restored to their original states by 1pm on Wednesday 13 February."

More here.

OMB Does Not Support Bill To Update FISMA

Jason Miller writes on

The Bush administration doesn't support legislation introduced late last year that would modify the Federal Information Security Management Act, an administration official testified today.

The bill, sponsored by Reps. William Clay (D-Mo.), Henry Waxman (D-Calif.) and Edolphus Towns (D-N.Y.), would require agencies to develop policies and plans to identify and protect personal information and to develop requirements for reporting data breaches.

Karen Evans, the Office of Management and Budget’s administrator for e-government and information technology, told House members that current activities being undertaken by agencies are closing the performance gaps and the legislation could cause agencies some unplanned problems.

More here.

Not Again: Friendly 'Worms' Could Spread Software Fixes

Tom Simonite writes on

Microsoft researchers are hoping to use "information epidemics" to distribute software patches more efficiently.

Milan Vojnović and colleagues from Microsoft Research in Cambridge, UK, want to make useful pieces of information such as software updates behave more like computer worms: spreading between computers instead of being downloaded from central servers.

The research may also help defend against malicious types of worm, the researchers say.

Software worms spread by self-replicating. After infecting one computer they probe others to find new hosts. Most existing worms randomly probe computers when looking for new hosts to infect, but that is inefficient, says Vojnović, because they waste time exploring groups or "subnets" of computers that contain few uninfected hosts.

More here.

Note: It would appear that bad ideas have a tendency to be recirculated every few years... -ferg

Thursday, February 14, 2008

Late Night Valentine Flashback: Frank Sinatra - I've Got You Under My Skin

We love Old Blue Eyes.

- ferg

Local: Hayward Man Jams 911 With A Million Fraudulent Calls


A Hayward man was taken into custody on charges Wednesday that he clogged 911 lines with more than a million phony phone calls.

The story begins on Jan. 8, the day Hayward Police said they added T-Mobile’s 911 cellular phone calls to their service; the calls were routed to the California Highway Patrol’s communications center in Vallejo.

Officials said that immediately upon taking T-Mobile’s 911 calls, the communications center began receiving huge amounts of 911 calls from a T-Mobile cell phone.

More here.

Quote of The Day: Silvestre Reyes

"I, for one, do not intend to back down – not to the terrorists and not to anyone, including a President, who wants Americans to cower in fear."

"We are a strong nation. We cannot allow ourselves to be scared into suspending the Constitution. If we do that, we might as well call the terrorists and tell them that they have won."

- Representative Silvestre Reyes, Chairman, House Permanent Select Committee on Intelligence in a letter to George W. Bush today on letting the telcos off the hook for spying on Americans. Courtesy of Dave Isenberg.

PCI: Not Just For Payment Anymore

Evan Schuman writes on StorefrontBacktalk:

As retail CFOs begrudgingly approve extensive dollars to help with PCI accreditation efforts—even though many IT departments are using those dollars for projects that primarily have little to do with security—many are discovering that a program designed to protect payment data will also do a fine job at protecting almost any other kind of data.

With CRM systems trying to interact with Web analytics, mobile databases, purchase and returns histories and tons of other non-payment databases, the amount of non-credit-card data that is at risk easily dwarfs Visa transactions.

The same common sense guidelines that are the soul of PCI—dealing with wireless, encryption, knowing what you're retaining and retaining only what you need—can be widely extended. But the same checklist mentality that is PCI's weakness also pigeonholes PCI into only being used for payment, which is silly.

More here.

The Internet Anonymity Experiment

Catherine Price writes on

In 2006, David Holtzman decided to do an experiment. Holtzman, a security consultant and former intelligence analyst, was working on a book about privacy, and he wanted to see how much he could find out about himself from sources available to any tenacious stalker.

So he did background checks. He pulled his credit file. He looked at transactions and his credit-card and telephone bills. He got his DNA analyzed and kept a log of all the people he called and e-mailed, along with the Web sites he visited. When he put the information together, he was able to discover so much about himself—from detailed financial information to the fact that he was circumcised—that his publisher, concerned about his privacy, didn’t let him include it all in the book.

I’m no intelligence analyst, but stories like Holtzman’s freak me out.

More here.

Shocker: Telecom Industry Groups Declare War on Net Neutrality Bill

Kenneth Corbin writes on

Telecommunications industry groups have attacked a new bill calling for government regulators to take a closer look at how broadband providers manage their networks.

The Internet Freedom Preservation Act, introduced earlier this week by Rep. Ed Markey, the Democratic chairman of the House subcommittee on telecommunication and the Internet, could make it illegal for service providers to block or degrade traffic on their networks.

Its introduction revisits the contentious debate over Net neutrality, which has industry groups championing the free market and warning that government intervention threatens to choke off growth and innovation in the Internet economy.

More here.

U.S. Defends Satellite Shootdown Plans

Bettina H. Chavanne writes on

NASA, DOD and the White House defended their plans for a ballistic-missile take-down of a falling National Reconnaissance Organization (NRO) satellite, speaking to reporters this afternoon and planning to address international organizations in a "diplomatic global roll-out" later in the day.

Aviation Week first reported the shoot-down plans Tuesday on its and Aviation Week Intelligence Network websites.

Satellites have de-orbited before, but never with this much associated risk, said U.S. Marine Corps General James Cartwright, vice chairman of the Joint Chiefs of Staff. "It's the hydrazine that's the distinguishing characteristic," Cartwright said in a Pentagon briefing. "Our objective was whether we could reduce the risk to space, airborne or terrestrial platforms."

More here.

Note: As Michael Tanji points out over at Haft of the Spear, many of us believe that the only reason the U.S. is going to knock down this dead bird out of the sky is to make a point. -ferg

ICANN: TLDs Could End With EXE. Confused? Users May Be Too...

Jacqui Cheng writes on ARS Technica:

ICANN is in the process of hammering out its new generic top-level domain (gTLD) policy, and has begun to address technical issues that could pop up once the new round of applications is open later this year. As part of a discussion on how to manage DNS stability during this potentially huge expansion of the TLD system, an organization within ICANN has proposed a few basic rules for what can and can't be used as a domain extension.

Put simply, new domains will be able to make use of nearly any string of letters—including common file extensions such as .exe, .doc, and .pdf—but there will be a number of other restrictions.

More here.

Note: This needs to be watched very closely, as it could unintentionally introduce some major security issues... -ferg

'Protect America' Eavesdropping Law Is Likely to Lapse - UPDATE

Eric Lichtblau writes in The New York Times:

Broad spying powers temporarily approved by Congress in August appear likely to lapse this week after a daylong game of chicken on Wednesday between the White House and House Democrats produced no clear resolution.

At a morning appearance in the Oval Office, President Bush pressed the House to adopt quickly a plan that the Senate approved on Tuesday to broaden the government’s spying powers and give legal immunity to telephone companies.

The plan is essential, Mr. Bush said, because terrorists are planning attacks on American soil “that will make Sept. 11 pale in comparison.”

More here.

UPDATE: 14:48 PST: Ryan Singel has a very good overview over at Threat Level.

Bush Administration Shuts Down Website Tracking U.S. Economic Indicators


The U.S. economy is faltering. Family debt is on the rise, benefits are disappearing, the deficit is skyrocketing, and the mortgage crisis has worsened. Conservatives have attempted to deflect attention from the crisis, by blaming the media’s negative coverage and insisting the United States is not headed toward a recession, despite what economists are predicting.

The Bush administration’s latest move is to simply hide the data. Forbes has awarded one of its “Best of the Web” awards. As Forbes explains, the government site provides an invaluable service to the public for accessing U.S. economic data.

Yet the Bush administration has decided to shut down this site because of “budgetary constraints,” effective March 1.

More here.

Shrewd Attackers Bypass Old Security Defenses With Web Attacks

Dennis Fisher writes on

During the course of the last 10 years or so, security has gone from being of little to no importance in most enterprises to its current status as one of the top priorities in virtually every IT department. As threats have moved from macro viruses and simple DoS attacks to network-aware worms and Trojans to virtualized rootkits and peer-to-peer malware, the protection technologies have changed with the times. Firewalls, IDS appliances, intrusion prevention systems, content filtering and myriad other innovations have done a fine job of securing our corporate perimeters.

But all of that is about to change. The best and smartest attackers have all but abandoned their old bag of tricks and have taken their game to the Web. And the existing product set that's humming along in your server room and your data center is of little use in defending against these attacks. IDS, endpoint security, antivirus and the rest of it are all well and good, but they stand no chance of preventing users from falling prey to the current and future crop of Web-based attacks.

More here.

Wednesday, February 13, 2008

Late Night Flashback: John Lennon - Imagine


- ferg

U.S. Lawmakers Move to Grant Banks Immunity Against Patent Lawsuit

Jeffrey H. Birnbaum writes in The Washington Post:

Sen. Jeff Sessions (R-Ala.) has sponsored an unusual provision at the urging of the nation's banks granting them immunity against an active patent lawsuit, potentially saving them billions of dollars.

Adopted with little fanfare, the amendment would prevent a small Texas company called DataTreasury from collecting damages from banks for infringing on its patented method for digitally scanning, sending and archiving checks. The patents were upheld last summer by the U.S. Patent and Trademark Office after they were challenged.

The provision, passed without dissent by the Senate Judiciary Committee in July and inserted into legislation scheduled for a vote by the full Senate this month, is a rare attempt by Congress to intervene in ongoing litigation, congressional experts say.

Although the amendment would not invalidate DataTreasury's patents, it would spare the banks from paying for infringing them should courts decide that's warranted. If DataTreasury collected a royalty of just a couple pennies per check, the cost would run into billions of dollars.

More here.

EU: Brussels Attacks New U.S. Security Demands

Renata Goldirova writes on the EU Observer:

The European Commission has poured cold water on a set of security requirements recently tabled by Washington, describing the move as "unacceptable" and going "too far".

"The text is unacceptable. It's just way beyond anything that can be done," Jonathan Faull, the head of the commission's home affairs department, said on Wednesday (13 February), referring to a US-proposed memorandum of understanding distributed to EU capitals.

The document consists of a series of demands designed to keep better track of who wants to enter US territory.

The wishlist includes in-flight security officers aboard transatlantic flights operated by the US airlines, an electronic travel authorisation system as well as an accord to share further data on air passengers and lost and stolen passports.

More here.

Don't Get pwn3d on Valentine's Day

Don't fall victim to unscrupulous cyber criminals.

- ferg

Mark Fiore: The Spies Who Love You

We love you, Mark Fiore.

- ferg

Ben Edelman: Critiquing C-NetMedia's Anti-Spyware Offerings and Advertising Practices

Ben Edelman:

Not every "anti-spyware" program is what it claims to be. Some truly have users' interests at heart -- identifying and removing bona fide risks to privacy, security, stability, or performance. Others resort to a variety of tricks to confuse users about what they're getting and why they purportedly need it.

This article reports the results of my examination of anti-spyware software from C-NetMedia. I show:

  • Deceptive advertising, deceptive product names, and deceptive web site designs falsely suggest affiliation with security industry leaders.
  • The use of many disjoint product names prevents consumers from easily learning more about C-Net, its reputation, and its practices.
  • High-pressure sales tactics, including false positives, overstate the urgency of paying for an upgraded version.

Much more here.

Comcast: We Need to Play Internet Traffic Cop

Brad Stone writes on the New York Times' "Bits" Blog:

Comcast, the second largest Internet service provider in the country, is making the controversial and aggressive case that Internet service providers should be allowed to serve as traffic cops on the Internet.

In an 80-page filing with the Federal Communications Commission yesterday, the company says it has a right to clamp down on the use of peer-to-peer file sharing programs on its network to preserve the smooth flow of bits to and from all its customers. The filing was in response to an F.C.C. complaint from network neutrality groups in November after the Associated Press revealed that Comcast was stopping some customers from using BitTorrent, a file sharing program often used to swap copyrighted copies of songs and movies over the Internet.

The F.C.C., in its 2005 Internet Policy Statement, said that consumers are entitled to run the applications and online services of their choice. But in the last footnote on the last page of that important document, the F.C.C. allowed for some blocking based on “reasonable network management.”

Comcast appears to be pinning its argument on that phrase.

More here.

SecureWorks: Hacker Attacks Targeting Healthcare Organizations Increase 85%

Via the SecureWorks Research Blog.

SecureWorks [...] has seen an 85% increase in the number of attempted attacks directed toward its healthcare clients by Internet hackers. Attempted attacks have increased from an average of 11,146 per healthcare client per day in the first half of 2007 to an average of 20,630 per healthcare client per day in the last half of 2007 thru January 2008.

Hunter King and Don Jackson, security researchers with SecureWorks Counter Threat Unit, attribute the increase in attacks to several factors. These include the increase in client-side attacks (attacks against the employees' pc's), the fact that healthcare organizations have large attack surfaces in which hackers can try and break in, the volume of personal, identifiable information and health insurance credentials being stored by healthcare organizations, and the valuable computing resources available to healthcare entities.

More here.

Use of Rogue DNS Servers on Rise

An AP newswire article by Jordan Robertson, via MSNBC, reports that:

They're called "servers that lie."

Mendacious machines controlled by hackers that reroute Internet traffic from infected computers to fraudulent Web sites are increasingly being used to launch attacks, according to a paper published this week by researchers with the Georgia Institute of Technology and Google Inc.

The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.

More here.

Quote of The Day: Bruce Schneier

"Does the DHS think we're idiots or something?"

- Bruce Schneier, commenting on the U.S Department of Homeland Security's latest warning that female suicide bombers can use devices to make them appear pregnant.

Tuesday, February 12, 2008

Late Night Flashback: Peter Schilling - Major Tom

Sensitive Data 'Impossible' To Protect

Robert Jaques writes on

Researchers at Leeds University Business School claimed that organisations will always run the risk of being compromised by human psychology.

The research was led by Professor Gerard Hodgkinson, director of the Centre for Organisational Strategy, Learning and Change at Leeds University.

"Our research shows that organisations will never be able to remove all latent risks in the protection and security of data held on IT systems, because our brains are wired to work on automatic pilot in everyday life," he said.

"People tend to conceptualise the world around them in a simplified way. If we considered and analysed the risks involved in every permutation of every situation we would never get anything done.

"If I make a cup of tea, I do not stop to weigh up the probability of spilling boiling water on myself or choking on the drink."

More here.

Taiwan Seeks Info on Spy Damamge

An AP newswire article by Peter Enav, via The Boston Globe, reports that:

Taiwanese officials scrambled Tuesday to determine the possible damage from a Pentagon analyst accused of passing to an agent for China classified information about Taiwan's military weapons and technology purchases.

The data allegedly provided to China outlined every planned U.S. sale of weapons or other military technology to Taiwan for the next five years, prosecutors said Monday.

A statement from the Ministry of Defense said it had set up a task force to investigate.

"The Ministry of Defense is concerned about whether the U.S. has suffered from a leak of classified information, and it is taking measures to deal with the situation," the statement said.

More here.

SCADA Watch: MS08-008 Critical Bulletin Likely Affects OPC

Via Digital Bond.

Microsoft Security Bulletin MS08-008 Vulnerability in OLE Automation Could Allow Remote Code Execution issued today is likely to affect OPC servers. Remember that OPC was originally an acronym for OLE for Process Control.

This is a serious vulnerability rated Critical by Microsoft for most OS and would allow a remote attacker to run shell code after the exploit. The bulletin talks about “remote code execution if a user viewed a specially crafted Web page”. It will be interesting to see if an OPC server can be compromised and then used to allow remote code execution if an OPC client connects to the compromised server.

More here.

DHS Granted Right to Snoop on T-Mobile Users

Nate Mook writes on

In order to gain the approval of the United States government to merge SunCom Wireless into T-Mobile USA, parent company Deutsche Telekom had to extend its electronic surveillance agreement to include the Department of Homeland Security.

The Federal Communications Commission late Friday gave the green light to Deutsche Telekom to acquire regional cellular carrier SunCom for $2.4 billion in cash. SunCom is based in Pennsylvania and serves 1.1 million customers in North Carolina, South Carolina, Tennessee, Georgia, Virginia, Puerto Rico and the U.S. Virgin Islands.

More here.

New Net Neutrality Bill Expected This Week

Declan McCullagh writes on the C|Net "Iconoclast" Blog:

House Speaker Nancy Pelosi once said that, without new Net neutrality laws, "telecommunications and cable companies will be able to create toll lanes on the information superhighway. This strikes at the heart of the free and equal nature of the Internet."

That was nearly two years ago. At the time, legislation giving the Federal Communications Commission new regulatory authority over the Internet was rejected by a 269-152 vote in the Republican-controlled House of Representatives.

Since then, even though her party has controlled Congress for over a year, Pelosi and her fellow Democrats haven't exactly rushed to enact Net neutrality regulations into law. Maybe it's because cooler heads prevailed; maybe it's because Alyssa Milano and other celebrities are no longer talking about it. I offered some speculations last fall.

Now Rep. Ed Markey, a Massachusetts Democrat who championed the unsuccessful amendment two years ago, is planning to re-introduce it as soon as Tuesday. His office didn't want to give us a copy on Monday, indicating it was still being drafted.

More here.

FAA Wants Help Becoming Cyber Security Shared-Services Provider

Jason Miller writes on

The Federal Aviation Administration wants to become a shared-services provider under the Security Line of Business initiative.

In a market survey released on last week, FAA asked for support services for a “leading edge cybersecurity management center.”

FAA wants vendors to provide comments through the market survey on its draft statement of work.

More here.

Image of The Day: l337 Eye Chart

Via Neat-O-Rama.

Senate Moves to Shield Telecoms on Eavesdropping

An AP newswire article, via The New York Times, reports that:

The Senate voted Tuesday to shield from lawsuits telecommunications companies that helped the government eavesdrop on their customers without court permission after the Sept. 11 terrorist attacks.

After nearly two months of stops and starts, the Senate rejected by a vote of 31 to 67 a move to strip away a grant of retroactive legal immunity for the companies.

President Bush has promised to veto any new surveillance bill that does not protect the companies that helped the government in its warrantless wiretapping program, arguing that it is essential if the private sector is to give the government the help it needs.

About 40 lawsuits have been filed against telecom companies by people alleging violations of wiretapping and privacy laws.

The Senate also rejected two amendments that sought to water down the immunity provision.

More here.

Server in The Sky: FBI Expected to Award NGI Contract to Lockheed Martin

Alice Lipowicz and Ben Bain write on

The FBI is expected to announce as early as today that it has awarded a $1 billion biometric database contract to Lockheed Martin, industry sources say.

An FBI spokesman said he anticipated the agency would make an announcement as early as today but did not confirm who won. Industry sources close to the competition said the FBI has notified the bidders that Lockheed Martin was awarded the contract.

More here.

Note: Given that Lockheed Martin is also the contractor "conducting" the UK 2011 National Census, this should be rather worrisome, regardless of MP assurances. -ferg

Team Cymru: Internet Malicious Activity Map

Via Team Cymru.

The map [above] represents a summary of malicious activity seen on the Internet in our data sources over the past 30 days, and is automatically updated each day. The IP space is mapped into this image using a Hilbert Curve. The numbers in the upper left-hand corner of each block of the map indicate the first octet of the IP addresses represented in that section, so, for example, the block labeled "24" represents all of the IP addresses in the netblock.

Blocks with orange numbers and cross-hatching are full /8 networks that are bogons, unallocated space which should never be seen on the Internet. Non-bogon blocks blocks are displayed with red numbers.

More here.

Image source: Team Cymru

Monday, February 11, 2008

Late Night Flashback: Bob Seger - Turn The Page

For Dude.

- ferg

Russia Makes Its Move: The Russian Internet

Via Kommersant.

Envoys of the RF Federation Council, Interior Ministry, Justice Ministry and Public Chamber presented yesterday the drafts for “legal control over the Internet.” The actual proposal is to amend mass media laws and register as mass media all web-sites with the daily audience of at least 1,000. The initiative is technically non-realizable, the analysts say.

“You can find anything in today’s Internet – kid pornography, sites of terrorists, calls for extremism, calumny. This information flow should be regulated in the legal field,” said Fed Council Senator Vladimir Slutsker, who initiated the amendments.

More here.

In Passing: We'll Miss You, Dude

It's taken me all day to come to grips with the passing of a friend.

I have no words. Just sadness at his passing.

While this particular song was recorded as a tribute to Syd Barrett, I thought it was also befitting for the passing of a personal friend.

We'll miss you, Dude.

Shine On, You Crazy Diamond.

- ferg

Tit For Tat: Travelers to Europe May Face Fingerprinting

Ellen Nakashima and John Ward Anderson write in The Washington Post:

The European Commission will propose tomorrow that all foreign travelers into and out of Europe, including U.S. citizens, should be fingerprinted. If approved by the European Parliament, the measure would mean that precisely identifying information on tens of millions of citizens will be added in coming years to databases that could be shared by friendly governments around the globe.

The United States already requires that foreigners be fingerprinted and photographed before they can enter the country. So does Japan. Now top European security officials want to follow suit, with travelers being fingerprinted and some also having their facial image stored in a Europe-wide database, according to a copy of the proposal obtained by The Washington Post.

The plan is part of a vast and growing trend -- especially across the Atlantic -- to collect and share data electronically for the purposes of tracking and identifying people in the name of national security and immigration control. U.S. government computers now have access to data on financial transactions; air travel details such as name, itinerary and credit card numbers; and the names of those sending and receiving express-mail packages -- even a description of the contents.

More here.

Minor Teen, Ancheta Associate Pleads Guily to Charges

Dan Goodin writes on The Register:

A young hacker accused of helping to corral more than 400,000 computers into a money-making botnet has pleaded guilty to criminal charges in connection with the scheme, which he admits damaged US military computers.

The defendant was identified only by the the initials B.D.H. because he was a juvenile when the crimes were committed. He is better known by the handle "SoBe" in internet relay channels frequented by hackers. He appeared in US District Court in Los Angeles on Monday, where he pleaded guilty to two counts of juvenile delinquency. His plea agreement contemplates a sentence of one year to 18 months in prison.

SoBe entered the public spotlight in November 2005 as an "unindicted co-conspirator" to Jeanson James Ancheta, who eventually pleaded guilty to four felony charges in connection with the same botnet. With SoBe located in Boca Raton, Florida, and Ancheta working in Downey, California, the two built a lucrative business by surreptitiously installing adware on computers and then pocketing affiliate fees. According to court documents, the pair collected at least $58,000 in 13 months, but it's possible they made much more.

"It's immoral, but the money makes it right," Ancheta told SoBe during one online chat, according to the indictment charging Ancheta.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Monday, Feb. 11, 2008, at least 3,960 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,221 died as a result of hostile action, according to the military's numbers.

The AP count is five higher than the Defense Department's tally, last updated Monday at 10 a.m. EST.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Internet Undergoes Covert Changes As ISPs Struggle With Demands Of Video

An AP newswire article, via CBS News, reports that:

In 1995, the first warning was raised: The throngs of people swarming to the Internet would overwhelm the system in 1996. For more than a decade, that fear has proven untrue.

Until right about now. The growing popularity of video on the Net has driven a traffic increase that's putting strains on service providers, particularly cable companies. To deal with it, they have had to change the way they convey Internet data.

And they've done this in secret, raising concerns - by Web companies, consumer groups and the chairman of the Federal Communications Commission - that the nature of the Internet is being altered in ways that are difficult to divine.

More here.

UK To Force ISPs To Cut Off Customers Who Illegally Fileshare

Duncan Robertson writes on The Daily Mail:

People who illegally download films and music will be cut off from the internet under Government plans to tackle online piracy.

Internet service providers (ISPs) such BT or Virgin Media will be legally required to take action against users who access illegal material.

Under draft proposals to be unveiled next week, users suspected of wrongfully downloading films or music will be first sent a warning email to stop.

For a second infringement they will receive a suspension and termination of their contract if caught a third time.

More here. Suffers Outage

Chris Preimesberger writes on eWeek:

One of's key North American CRM servers, NA5, was up and down for most of the business day Feb. 11 following a software upgrade, a Salesforce customer who asked to remain anonymous told eWEEK.

The unstable server caused some havoc in an unspecified number of customers' accounts, the customer said.

The software upgrade was installed over the weekend, but at 8:22 a.m. Pacific time, the company's internal server information Web page said, "NA5 Service Degradation: The technology operations team has been made aware of intermittent service disruptions to NA5. Please check back for further updates.", based in San Francisco, subsequently reported similar "service degradations" at 9:26 a.m., 10:19 a.m., 11:23 p.m. and 12:20 p.m. before announcing at 2:04 p.m. that "the Technology team has restored the service issue with NA5 at 22:11 UTC. We apologize for any inconvenience this may have caused you."

More here.

SecureWorks: Ozdok/Mega-D Trojan Analysis

Joe Stewart writes on the SecureWorks Research Blog:

Last week the TRACE research team at Marshal put forth some statistics regarding spam activity from botnets. The statistics pointed to a botnet dubbed "Mega-D" as the new leader of the spambot pack, spewing 32% of the world's spam according to Marshal's spamtraps. This set off a firestorm of speculation: what family of malware was behind this previously unknown botnet? How had it emerged to challenge Storm with hardly a mention in any research articles or press?

Based on spam samples provided by Marshal, we looked for unique patterns in the message headers, and began to filter traffic across our own monitored customer base to uncover the mystery malware. Based on the number of bots connecting to mail servers we monitor, we estimate that Mega-D consists of around 35,000 infected machines worldwide. This is a very strong botnet, but hardly a challenger to Storm. Even though Storm has waned to around 85,000 bots, it still holds far more spamming capacity. Why the Storm spam seen by Marshal's spamtraps has fallen off, we can only speculate...

More here.

All Your iFrame Are Point to Us

Niels Provo writes on the Google Online Security Blog:

It has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware.

During the course of our research, we have investigated not only the prevalence of drive-by downloads but also how users are being exposed to malware and how it is being distributed. Our research paper is currently under peer review, but we are making a technical report [.pdf] available now. Although our technical report contains a lot more detail, we present some high-level findings here...

More here.

Image source: Google Online Security Blog

DoD IT Networks Could Fail in Catastrophe

Via UPI.

Pentagon computer networks are not properly backed up and a failure could cause a "stoppage of war-fighting operations," its inspector general says.

The Defense Department also provided "erroneous information" to Congress and the Office of Management and Budget about whether it "had contingency planning procedures in place and periodically tested the procedures necessary to recover the systems from an unforeseen, and possibly devastating, event."

The inspector general audited contingency plans for Defense Department networks "to continue operations during a disruptive or catastrophic event."

More here.

RIM Notifies of 'Critical' BlackBerry Outage

Via Reuters.

E-mail service of Research In Motion's BlackBerry smartphones experienced a "critical severity outage" on Monday, the company told clients in an e-mail.

"This is an emergency notification regarding the current BlackBerry Infrastructure outage," RIM support account manager Bryan Simpson said in an e-mail. The message said the outage affected enterprise clients and "users of the Americas network."

RIM was not immediately available for comment and its e-mail gave no estimate on when service may be restored or how many individuals could be affected.

Last April, a massive outage crashed BlackBerry service across North America, leaving thousands of users without access to wireless e-mail.

More here.

Virginia Man, Three Others Arrested, Charged With Espionage

Jerry Markon writes in The Washington Post:

Federal agents today arrested four people on espionage charges, including a Defense Department employee from Alexandria, and accused them of passing classified information to China that included details about the Space Shuttle and U.S. military sales to Taiwan.

The DOD employee, Gregg William Bergersen, 51, was charged in U.S. District Court in Alexandria with conspiracy to disclose national defense information. He is a weapons policy analyst at the Arlington-based Defense Security Cooperation Agency. Also charged in federal court in Alexandria were Tai Shen Kuo, 58, and Yu Xin Kang, 33, both of New Orleans.

In a separate case also linked to China, a former Boeing Co. engineer was arrested on charges that he stole Boeing trade secrets related to the Space Shuttle and other programs, including the C-17 military transport aircraft and the Delta IV rocket. Dongfan "Greg" Chung, 72, of Orange, Calif., faces charges of economic espionage, obstruction of justice and lying to the FBI in U.S. District Court for the Central District of California.

More here.

Quote of The Day: Glenn Greenwald

"There are very few opinion venues -- if there are any -- more brazenly fact-free than the Editorial Page of the Wall St. Journal."

- Glenn Greenwald, commenting on an editorial in this morning's WSJ.

Bush Orders Clampdown on Flights to U.S.

Ian Traynor writes on The Guardian:

The US administration is pressing the 27 governments of the European Union to sign up for a range of new security measures for transatlantic travel, including allowing armed guards on all flights from Europe to America by US airlines.

The demand to put armed air marshals on to the flights is part of a travel clampdown by the Bush administration that officials in Brussels described as "blackmail" and "troublesome", and could see west Europeans and Britons required to have US visas if their governments balk at Washington's requirements.

According to a US document being circulated for signature in European capitals, EU states would also need to supply personal data on all air passengers overflying but not landing in the US in order to gain or retain visa-free travel to America, senior EU officials said.

And within months the US department of homeland security is to impose a new permit system for Europeans flying to the US, compelling all travellers to apply online for permission to enter the country before booking or buying a ticket, a procedure that will take several days.

More here.

In Passing: Tom Lantos

Tom Lantos
February 1, 1928 - February 11, 2008

Sunday, February 10, 2008

Welcome to Cyberwar Country, USA

Marty Graham writes on Wired News:

When a reporter enters the Air Force office of William Lord, a smile comes quickly to the two-star general's face as he darts from behind his immaculate desk to shake hands. Then, as an afterthought, he steps back and shuts his laptop as though holstering a sidearm.

Lord, boyish and enthusiastic, is a new kind of Air Force warrior -- the provisional chief of the service's first new major command since the early 1990s, the Cyber Command. With thousands of posts and enough bandwidth to choke a horse, the Cyber Command is dedicated to the proposition that the next war will be fought in the electromagnetic spectrum, and that computers are military weapons. In a windowless building across the base, Lord's cyber warriors are already perched 24 hours a day before banks of monitors, scanning Air Force networks for signs of hostile incursion.

"We have to change the way we think about warriors of the future," Lord enthuses, raising his jaw while a B-52 traces the sky outside his windows. "So if they can't run three miles with a pack on their backs but they can shut down a SCADA system, we need to have a culture where they fit in."

More here.

In Passing: Roy Scheider

Roy Scheider
November 10, 1932 - February 10, 2008

How Sticky Is Membership on Facebook? Just Try Breaking Free

Maria Aspan writes in The New York Times:

Are you a member of You may have a lifetime contract.

Some users have discovered that it is nearly impossible to remove themselves entirely from Facebook, setting off a fresh round of concern over the popular social network’s use of personal data.

While the Web site offers users the option to deactivate their accounts, Facebook servers keep copies of the information in those accounts indefinitely. Indeed, many users who have contacted Facebook to request that their accounts be deleted have not succeeded in erasing their records from the network.

“It’s like the Hotel California,” said Nipon Das, 34, a director at a biotechnology consulting firm in Manhattan, who tried unsuccessfully to delete his account this fall. “You can check out any time you like, but you can never leave.”

More here.