Late Night Flashback: Living Colour - Cult Of Personality
Some of the smartest lyrics of the early '90's.
Some of the smartest lyrics of the early '90's.
China and the United States on Friday officially signed an agreement to set up a military hotline between the defence departments of both countries, in a reflection of the improving Sino-American security ties.More here.
The hotline, the first of its kind Beijing has ever established with any country at the defence ministry level, would enable Chinese and the US defence and military leaders to remain in constant touch on major issues of common concern, specially in emergencies.
The agreement was signed at the end of a working meeting between the two defence departments in Shanghai as a follow-up to the announcement on the hotline made by both countries during the visit of US Defence Secretary Robert Gates to China in November last year.
Both sides had said earlier that the hotline would "reduce the risk of misunderstanding".
Russian Business Network (RBN)
In the last few months, there has been a significant amount of press coverage given to insidious cyber activity associated with the segment of the Internet known as the “Russian Business Network,” or RBN. Previous studies have suggested that the RBN has ties to nearly every area of cybercrime, including: phishing, malware, DDOS activity, pornography, botnets, and anonymization.
In November 2007, media reporting indicated that a large portion of the RBN “went dark.” Since that time, the Shadowserver Foundation has been more closely analyzing outlying networks implicated as being associated with RBN. One of these suspected outliers is AS9121, known as TurkTelekom. SecurityZone.org reported in early December 2007 that while not everything in TurkTelekom appears to be malicious, there are some ranges that are “particularly bad” and analysis of Shadowserver Foundation data agrees. Several subranges quickly stand out as being deeply involved in malicious cyber activity: 22.214.171.124/24 and 126.96.36.199/24. IP registration indicates these ranges are listed under the name “ABDALLAH INTERNET HIZMETLERI” (AIH).
Abdallah Internet Hizmetleri (AIH)
In one of the most thorough RBN studies to date, David Bizeul reported that AIH ranges 188.8.131.52/24 and 184.108.40.206/24 - are among the “most used network ranges used by RBN affiliates’ domain names.” The purpose of this paper is to take a deeper look at these two class C ranges of AIH based out of Rize, Turkey, available information from the Internet, and statistics collected by the Shadowserver Foundation to provide further insight into the scope and depth of the RBN.
Greg Miller writes in The Los Angeles Times:
Under pressure to end an impasse over espionage legislation, House Democrats are considering a plan to vote on a bill next week that would give the government broad new eavesdropping authorities but strip out a provision that would protect phone companies from lawsuits.More here.
Senior Democratic aides said the plan would set up a separate vote on the divisive issue of whether to grant legal immunity to phone companies that took part in a secret wiretapping program authorized by President Bush after the Sept. 11 terrorist attacks.
"The objective would be to pass something that is less controversial," yet still allow Democrats to register their objections to the immunity provision, said one senior Democratic aide, speaking on condition of anonymity because House Speaker Nancy Pelosi (D-San Francisco) and other party leaders have yet to reach a decision on the matter.
The proposal emerged Friday as a possible endgame in the drawn-out congressional debate over how to overhaul laws that govern when and how American spy agencies can intercept international e-mails and phone calls coming into the United States.
- The Hacker Webzine, on hacking home routers.
Florida Power & Light said that a preliminary investigation has found that human error was responsible for the massive power outage on Tuesday that affected more than 584,000 customers.More here.
A field engineer was diagnosing a switch that had malfunctioned at FPL’s Flagami substation in west Miami. Without authorization, the engineer disabled two levels of relay protection — something contrary to the Juno Beach-based company’s procedures.
During the diagnostic process, a fault occurred. With both levels of relay protection removed, the outage affected 26 transmission lines and 38 substations.
One of the substations served three of the generation units at the company’s Turkey Point nuclear plant, which was designed to automatically shut down if there is a lack of enough power. Also affected were two other generation plants in FPL’s system. The system lost 3,400 megawatts of generating capacity.
The number of cyber crime-related arrests in Japan last year grew 23.7 pct from the previous year to hit an all-time high, the National Police Agency said Friday.
The number came to 5,473, reflecting surges in phishing, which is an act of sending emails to users pretending to be a legitimate enterprise in an attempt to entrap users into providing their personal information such as identification numbers to certain Web sites.
As the number of phishing-related arrests surged 5.3-fold to 1,157, arrests related to unauthorized access jumped 2.1-fold to an all-time high of 1,442, according to the agency.
An AP newswire article, via MSNBC, reports that:
Notices are going out to millions of customers who may have had credit card information compromised in a data breach at stores such as T.J. Maxx and Marshalls.More here.
The notices contain information about eligibility for compensation such as vouchers and credit monitoring to be provided under a proposed settlement with TJX Cos., the operator of more than 2,500 discount stores.
TJX said last March that at least 45.7 million cards were exposed to possible fraud in a breach of its computer systems. Court filings by banks that also sued TJX estimated the number of cards affected at more than 100 million.
As the House of Representatives takes the time it needs to negotiate a bill to amend the Foreign Intelligence Surveillance Act (FISA), the White House has launched a public assault on the legislative body. The administration claims that the House has endangered the country by letting the Protect America Act (PAA) expire and should pass the bill already approved by the Senate. The Senate bill, however, is unconstitutional and contains immunity for the telecommunications companies that aided the president’s warrantless wiretapping program. The American Civil Liberties Union (ACLU) is urging the House to continue to stand strong for the Constitution.More here.
In a February 22nd letter to the House Permanent Select Committee Chairman Silvestre Reyes, Attorney General Michael Mukasey and Director of National Intelligence Mike McConnell made several misleading claims. A corrective statement was released by the Justice Department and Office of the Director of National Intelligence regarding the cooperation of “private partners” the following day. Here, the ACLU refutes some of the administration’s arguments.
Leap Day is causing quite a stir at Department of Motor Vehicle offices across the state.More here.
According to Beth Parks with the DMV, computers are currently down due to a glitch with one of the programs that calculates the day. The system did not recognize February 29.
This programming error has affected office statewide; however, the offices are not closed. The DMV has continued to serve customers as much as possible while the system has been down.
David Kravets writes on Threat Level:
A federal judge on Friday allowed whistle-blower site WikiLeaks to resume operation in the United States, a week after ordering its U.S. hosting company and domain registrar to shut down and lock the renegade's site from the internet.More here.
The judge conceded the futility of attempts to censor information, in this instance private banking records, after it has been posted to the internet.
"When this genie gets out of the bottle, it's out for all purposes," U.S. District Judge Jeffrey White said after a more than 3-hour-long hearing here. Earlier, White said he had "an obligation to get it right" and that "I took an oath to uphold the Constitution."
An AP newswire article, via PhysOrg.com, reports that:
A divided Virginia Supreme Court affirmed the nation's first felony conviction for illegal spamming on Friday, ruling that Virginia's anti-spamming law does not violate free-speech rights.More here.
Jeremy Jaynes of Raleigh, N.C., considered among the world's top 10 spammers in 2003, was convicted of massive distribution of junk e-mail and sentenced to nine years in prison.
Almost all 50 states have anti-spamming laws. In the 4-3 ruling, the court rejected Jaynes' claim that the state law violates both the First Amendment and the interstate commerce clause of the U.S. Constitution.
"This is a historic victory in the fight against online crime," state Attorney General Bob McDonnell said in a written statement. "Spam not only clogs e-mail inboxes and destroys productivity; it also defrauds citizens and threatens the online revolution that is so critical to Virginia's economic prosperity."
Brian Krebs writes in The Washington Post:
House lawmakers yesterday raised concerns about the privacy implications of a Bush administration effort to secure federal computer networks from hackers and foreign adversaries, as new details emerged about the largely classified program.More here.
The unclassified portions of the project, known as the "cyber initiative," focus on drastically reducing the number of connections between federal agency networks and the Internet, and more closely monitoring those networks for malicious activity. Slightly more than half of all agencies have deployed the Department of Homeland Security's program.
But administration officials have not said how far monitoring would go, and whether oversight would extend to networks operated by state, local, and private sector entities, including government defense contractors.
Daniel Karrenberg writes on CircleID:
As you may be aware from recent news reports, traffic to the youtube.com website was ‘hijacked’ on a global scale on Sunday, 24 February 2008. The incident was a result of the unauthorised announcement of the prefix 220.127.116.11/24 and caused the popular video sharing website to become unreachable from most, if not all, of the Internet.More here.
The RIPE NCC conducted an analysis into how this incident was seen and tracked by the RIPE NCC’s Routing Information Service (RIS) and has published a case study.
The RIPE NCC RIS is a service that collects Border Gateway Protocol (BGP) routing information from roughly 600 peers at 16 Internet Exchange Points (IXPs) across the world. Data is stored in near real-time and can be instantly queried by anyone to provide multiple views of routing activity for any point in time.
Posting to the blog is likely to be somewhere between light and non-existant for the next couple of days, due to the fact that I'll be attending ISOI IV (Internet Security Operations & Intelligence) here in Silicon Valley starting today (Thursday -- hosted by Yahoo!).
So, hang tight and I'll post as time allows.
Shaun Waterman writes for UPI:
The official responsible for the U.S. Department of Homeland Security's relationships with foreign countries has unexpectedly quit.More here.
Marissa Lino, the assistant secretary for international affairs at the department, resigned suddenly earlier this week without giving notice, a former department official told United Press International.
DHS spokeswoman Laura Keehner confirmed Lino's departure to UPI.
U.S. military scientists are trying to develop a system for ensuring that microchips used in defense equipment are not compromised by the nation's enemies.More here.
The Defense Advanced Research Projects Agency recently awarded contracts to three companies for the first phase of the Trust in Integrated Circuits Program.
The military uses integrated circuit chips, commonly called microchips, in everything from computers and communications systems to weapons. But most are manufactured overseas, and there is currently no way of ensuring that they do not contain malicious code that could end up making equipment malfunction or fail.
Nearly three-quarters of the world's microchips are made in Taiwan and China.
Shaun Waterman writes for UPI:
The new job of Scott Charbo, the man President Bush has picked to head up the protection of U.S. computer networks, involves countering threats from Russian hackers, Chinese cyber spies and Internet Jihadis. But perhaps his most immediately dangerous adversary is the chairman of the House Homeland Security Committee.More here.
The two men will be face to face Thursday, when Charbo, the deputy undersecretary for the National Protection and Programs Directorate at the Department of Homeland Security, is to testify on Capitol Hill about the Bush administration's much-awaited cybersecurity initiative.
Earlier this month, less than 24 hours after Charbo, until then the department's chief information officer, was promoted into his new job, committee Chairman Rep. Bennie Thompson, D-Miss., fired off an angry letter to his boss.
The veteran federal official had been guilty of "an incredible and unacceptable dereliction of duty" while in charge of the department's information technology systems, Thompson wrote Homeland Security Secretary Michael Chertoff.
Ellen Messmer writes on NetworkWorld:
Healthcare organizations are stepping up efforts to protect electronic patient information as they witness increased attacks against hospital networks, mindful how a data breach could hurt patients and their own reputations.More here.
“There is definitely an uptick in attacks,” says Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area. “Privacy is the foundation of everything we do. We don’t want to be the TJX of healthcare.” TJX is the Framingham, Mass-based retailer which last year disclosed a massive data breach involving customer records.
Andy Greenberg writes on Forbes.com:
Since January, the Bush administration has committed to spending billions to keep the government's computer networks safe from cyber-spies and other malicious hackers. But to keep digital intruders away from sensitive government information, some worry the government will have to do some spying of its own--on the U.S. private sector.More here.
The House Committee on Homeland Security plans to hold the first public hearing Thursday on Presidential Directive 54, a project that could cost as much as $30 billion over seven years as it expands cyber-monitoring of all federal agencies' networks. Many former officials believe that the plan will go further, extending government surveillance to private companies, such as military contractors, that possess sensitive government information.
Some contractors' information technology officers are concerned that the new program will give the government access to data in their private networks. "Private contractors are not happy about this," says a source familiar with information security executives at contractors Northrup Grumman and Boeing. "The thought of the government watching the data flow through these corporations causes a lot of concern."
Kevin Coleman writes on Defense Tech:
In the 2008 Annual Threat Assessment of the Intelligence Community [.pdf] for the Senate Armed Services Committee for the first time the threat of cyber attacks were addressed (well, the first time in the report available to the public). The threat assessment was delivered by Director of National Intelligence Mike McConnell and Defense Intelligence Agency chief, Army Lt. Gen. Michael Maples, in testimony before the Senate Armed Services Committee Feb. 27.More here.
The intelligence community listed "the vulnerabilities of the US information infrastructure to increasing cyber attacks by foreign governments, non-state actors and criminal elements" as the fourth major bullet of the fourth page in the opening of the forty-five page testimony delivered to the Senate by DNI McConnell. The testimony goes on to state that due to the significance of computers and telecommunications to our country's security, defense and economy, threats to our IT infrastructure are an important focus of the Intelligence Community.
Also stated were the trends seen over the past year, which included cyber exploitation activities that grew more sophisticated, more targeted and more serious. Finally, McConnell stated that the Intelligence Community expects these trends to continue in the coming year.
Tim Wilson writes on Dark Reading:
There is a wide gap between the IT security skills that organizations want and the corresponding skills that workers bring to the job, according to a survey published today by the Computing Technology Industry Association (CompTIA).More here.
Security is at the top of the list of the technology skills that are most important to organizations today, according to the survey of more than 3,500 technology professionals in North America, Europe, and Asia. But there is a significant gap between what they want and what they can get, the survey indicates.
A cross-site scripting vulnerability on the popular SourceForge.net website shows how Extended Validation SSL certificates could be exploited by fraudsters. Piggybacking on the anticipated extra trust instilled by the presence of an EV SSL certificate, arbitrary content could be injected onto the secure page at SourceForge to create a very convincing phishing attack.More here.
The green address bar displayed by the web browser would assure users that they are looking at a website that can be trusted, even though the page they are looking at may contain scripts or HTML created by a remote attacker.
Jaikumar Vijayan writes in ComputerWorld:
A fresh discovery by security vendor Finjan Inc. provides yet another example of how easy it is becoming for almost anyone to find the tools needed to break into, infect or steal data from corporate Web sites.More here.
The San Jose-based vendor announced today that it has uncovered an illegal database containing more than 8,700 stolen File Transfer Protocol server credentials including usernames, passwords and server addresses. Anyone can purchase those credentials and use them to launch malicious attacks against the compromised systems.
The stolen credentials belong to companies from around the world and include more than 2,500 North American companies, some of whose Web sites are among the world's top 100 domains, according to Yuval Ben-Itzhak, Finjan's chief technology officer.
The FTP credentials would allow malicious hackers to break into and upload malware of their choice to compromised servers literally with a click or two, he said.
Ryan Singel writes on Threat Level:
In a first ever study of which companies have the most identity theft incidents, Bank of America, HSBC, and Washington Mutual were named as the companies with the most incidents per billions of dollars of deposits, according to a study released Wednesday by Berkeley Law School fellow Chris Hoofnagle.More here.
Among the nations' largest banks, ING Bank looks to be the safest, with only 0.085 identity theft complaints per billion dollars of insured deposits.
In terms of sheer numbers of complaints, Bank of America, AT&T and Sprint were named most often in the complaints, followed closely by Chase, Capital One and Citibank.
The study, entitled Measuring Identity Theft at Top Banks (Version 1.0), looks to be the first-ever attempt to name-and-shame companies based on their identity theft protections, or lack thereof.
Marin Perez writes on the C|Net "Military Tech" Blog:
The Air Force is developing a data-mining technology meant to root out disaffected insiders based on their e-mail activity--or lack thereof, according to an article in this month's International Journal of Security and Networks.dvMore here.
The technology, based on something called Probabilistic Latent Semantic Indexing [.pdf], scours an organization's e-mail traffic and constructs a graph of social network interactions illustrating employee activity. If a worker suddenly stops socializing online, abruptly shifts alliances within the organization, or starts developing an unhealthy interest in "sensitive topics," the system detects it and alerts investigators.
Jacqui Cheng writes on ARS Technica:
Government surveillance of citizens' personal computers is a violation of privacy, Germany's highest court ruled today. Citizens' basic right to privacy is protected by Germany's constitution, the court said, a protection that extends to their stored data. "Collecting such data directly encroaches on a citizens' rights, given that fear of being observed... can prevent unselfconscious personal communication," said Judge Hans-Juergen Papier in the court's opinion.More here.
The case began last year when officials in North Rhine-Westphalia began spying on computer-related activities using trojans and spyware (also known as "policeware"). The government apparently had few problems with this, saying that such activities were important in the fight against terrorism. Interior Minister Wolfgang Schäuble even suggested changing German law to give the government more freedom to use policeware and engage in other PC-related surveillance.
As of Tuesday, Feb. 26, 2008, at least 3,973 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,234 died as a result of hostile action, according to the military's numbers.More here.
The AP count is three higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.
Phillip Hallam-Baker writes in The IETF Journal (Volume 3 Issue 3 - December 2007):
The Internet is insecure, so what went wrong? Contrary to widely held belief, the reasons for Internet security protocol failure are not primarily technical. Failure to understand the risk model and to meet the actual user requirements are much more significant causes of security failure.Much more here.
The economics of security protocol deployment and security usability engineering are also key: a protocol might as well not exist if it is not used.
An AP newswire article, via ABC News, reports that:
The New York attorney general's office has requested information from Comcast Corp. on the company's handling of Internet traffic.More here.
Comcast, the nation's largest cable company, is the subject of several complaints to the Federal Communications Commission and has been sued by customers over its throttling of file-sharing traffic on its cable-modem service.
"We have requested information from the company via subpoena," Jeffrey Lerner, a spokesman for Attorney General Andrew Cuomo, said Tuesday.
Comcast said it was cooperating with the AG's office.
"There were so many bad companies that it broke our poll system."
- Ben Popkin, writing on The Consumerist, regarding the fact that so many people wanted to nominate candidates for their "Worst Company in America 2008" poll, it crashed their poll system.
The Electronic Frontier Foundation (EFF) filed suit against the Department of Justice (DOJ) today, demanding information about communications between the DOJ's former top privacy official and Google, the official's current employer.More here.
Jane C. Horvath was named the DOJ's first Chief Privacy and Civil Liberties Officer in February of 2006. At that time, Google was fighting a massive DOJ subpoena asking for the text of every query entered into the search engine over a one-week period. The DOJ request -- part of a court battle over the constitutionality of a law regulating adult materials on the Internet -- ignited a national debate about Internet privacy.
The DOJ later scaled back its request, and a judge eventually allowed access to only 5000 random Google search queries. In a subsequent news article, Horvath was publicly critical of the DOJ's initial subpoena, saying she had privacy concerns about the massive request for information. Horvath's new job as Google's Senior Privacy Counsel was announced in August of 2007.
Monica Hatcher and Martin Merzer write in The Miami Herald:
Power outages are cascading through many parts of South Florida, with Florida Power & Light and others reporting blackouts in portions of Miami, Doral, Westchester, Pembroke Pines, Miramar and Boca Raton.More here.
Many traffic lights are not working and nine accidents were reported in Miami-Dade County between 1:04 p.m. and 1:26 p.m. Police agencies were dispatching officers to as many intersections as possible.
The lights flickered off at several South Florida hospitals, which had to switch to generator power.
''We had a blip here and the generators kicked in immediately,'' Jackson Memorial Hospital spokeswoman Lorraine Nelson said.
Mount Sinai Medical Center in Miami Beach and Baptist Hospital in Southwest Miami-Dade reported similar situations.
A spokeswoman for FPL said the company was investigating the extent and cause of the problem.
As of Monday, Feb. 25, 2008, at least 3,972 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,228 died as a result of hostile action, according to the military's numbers.More here.
The AP count is four higher than the Defense Department's tally, last updated Monday at 10 a.m. EST.
Duncan Riley writes on TechCrunch:
Google has announced that it has joined a consortium to build a new trans-Pacific cable between Japan and California.More here.
The Unity consortium is a joint effort by Bharti Airtel, Global Transit, Google, KDDI Corporation, Pacnet and SingTel and will initially increase Trans–Pacific lit cable capacity by about 20 percent, with the potential to add up to 7.68 Terabits per second.
Shaun Waterman writes for UPI:
The case of a Michigan woman charged with identity theft has lifted a small corner of the veil over a huge series of credit-card scams, run from the former Soviet bloc, that have cost consumers and the card industry hundreds of millions of dollars.More here.
The state attorney general's office told United Press International that Krystal Owens would go on trial Monday on three counts of identity theft and one of conspiring to commit identity theft.
But one independent investigator who has followed the case told UPI that publicly available details of the crime match a series of "identical" frauds that are netting conspirators more than $10 million a month.
The Michigan attorney general's office declined to comment further in advance of the trial, but a statement announcing the charges named her co-conspirator as Tomas Lasinkas, and identified his company and two Web sites they allegedly used to run the scam, which involved making small bogus charges to thousands of credit cards, whose numbers had been stolen.
According to a press release from the law firm Kabateck Brown Kellner, a federal class action lawsuit has been filed in U.S. District Court, Central District of California against domain name registrar Network Solutions and ICANN. The suit clam that the NSI has forced customers into buying domains from the company rather than through potentially cheaper avenues, in effect netting the company millions of dollars.More here.
ICANN is also named in the suit for their role in enabling and allowing Network Solutions to continue this practice.
Jacqui Cheng writes on ARS Technica:
The towers and offices of mobile phone operators in Afghanistan are being pressured to shut down operations at night by the Taliban. The former rulers of Afghanistan and current insurgent group held "talks" with the four major mobile companies in Afghanistan today, and gave them three days to go dark for 14 hours per day—or else.More here.
The reason for the threat is the Taliban's belief that American soldiers and rebels within Afghanistan are using mobile phones to track down remaining Taliban members. "Since the occupying forces stationed in Afghanistan usually at night use mobile phones for espionage to track down the mujahideen, the Islamic Emirate gave a three-day ultimatum to all mobile phone firms to switch off their phones from five in the afternoon until seven in the morning," Taliban spokesperson Qari Mohammad Yousuf told Reuters, ironically via mobile phone (and presumably during daylight).
Tom Young writes in Computing:
The growing number of cyber criminals in areas of Asia and Eastern-Europe is the result of a lack of IT jobs for qualified professionals, according to a report from vendor Mcafee.More here.
And the growing trade in malware means that authors can sell their code to other criminals without actually releasing their viruses.
Writing malware is a hard option to ignore, according to Joe Telafici, vice president of operations at Mcafee.
"The motivation to engage in illegal behavior is strong in Eastern Europe where technical skills were widely taught during the Cold War but economic opportunities are limited," he said.
John Leyden writes on The Register:
Unknown hackers defaced the Metropolitan Police's careers website over the weekend.More here.
Digital graffiti on metpolicecareers.co.uk featured a picture of a greenish cuddly monster (vaguely resembling Sulley from Monsters Inc) and a message mocking Scotland Yard's anti-terrorism unit.
"OpenID provides Single Sign On to social networking sites and blogs. It means we can use a public personna across sites, and just log in once to use that persona."
"But OpenID doesn’t have the privacy characteristics that would make it suitable for government applications or casual web surfing. And it doesn’t have the security characteristics necessary for financial transactions or access to private data."
- Kim Cameron, writing on the Identity Weblog [My previous comments on OpenID here. - ferg]
An AP newswire article by Erik Shelzig, via SFGate.com, reports that:
AT&T Inc. is partnering with Tennessee to provide the country's first statewide system to electronically exchange patient medical information, the telecommunications company said Monday.More here.
The system is designed to securely transmit detailed patient information between medical professionals. It will allow doctors to access medical histories, prescribe medicines over the Internet and transfer images like X-rays, MRIs and CT scans.
"As patients we really want our information to be available to physicians whenever and wherever they're needed," said Diane Turcan, director of health care marketing for AT&T in Atlanta. "And we certainly don't want to be copying paper records."
Tennessee's program is seen as a model for other states and may be a springboard for interstate information sharing networks in the future, she said.
An AP newswire article by Deb Riechmann, via SFGate.com, reports that:
House Democratic leaders came under criticism Saturday from President Bush, who said they are blocking intelligence legislation so lawyers can sue telephone companies for helping the government eavesdrop on suspected terrorists.More here.
Terrorists are plotting attacks "at this very moment," Bush said in his weekly radio address. He again urged the House to act on Senate-passed legislation needed to renew the intelligence law that expired last weekend.
The Senate bill provides retroactive protection for telecommunications companies that wiretapped U.S. phone and computer lines at the government's request, but without the permission of a secret court created 30 years ago to oversee such activities. The House version does not provide such immunity against lawsuits.
The Justice Department and Office of National Intelligence said Saturday that telecommunication companies are now complying with existing surveillance warrants. The agencies' statement reversed their declaration late Friday that some companies had refused to initiate wiretaps against people covered by orders issued under the expired law.
Paul Krill writes on InfoWorld:
Bridging the gap between desktop and Web applications, Adobe Systems is set to ship today its AIR (Adobe Integrated Runtime) 1.0 technology for melding applications from both of these realms. Formerly known by its code name Apollo, the free technology already is being used in applications at places such as NASDAQ and AOL.More here.
AIR is a desktop runtime that allows Web applications to be run on the desktop in a disconnected fashion, said Michele Turner, vice president of the Adobe platform business unit. "We really believe the innovation in technology today is … on the Web and that the desktop has stagnated over the last couple of years," she said.
As of Sunday, Feb. 24, 2008, at least 3,970 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,228 died as a result of hostile action, according to the military's numbers.More here.
The AP count is seven higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.
The trial of Kevin Underwood, accused of the gruesome murder of a young girl in Purcell took a strange twist last week in Cleveland County District Court as presiding Judge Candace Blalock accused a local TV station of hiring hackers to break into her computer and steal her e-mail.More here.
According to reports published on Valentine’s Day by state newspapers, controversy swirled around the trial after Oklahoma City television station KWTV-9 posted a story dated Feb. 11 on their Web site. The story revealed the details of what was supposed to be a “sealed” decision by Judge Blalock, a decision that allowed certain statements to be admitted into evidence.
Richard Stiennon writes on the ZDNet "Threat Chaos" Blog:
What could at first have been just one of those days on the Internet where some newbie engineer accidentally announces a spurious route and takes out a segment of the network has turned into an international fiasco. But no, Pakistan has ordered all ISP’s to block YouTube.More here.
So an ISP in Pakistan decided to announce a route that would re-direct anyone trying to get to YouTube to some other site that probably hosted a warning about the blasphemous content. Results were predictable. YouTube itself disapeared from the Internet, and, I suspect that most of Pakistan is experiencing performance issues as they are receiving ALL of the YouTube requests from around the world. By 2:30 the Internet watch guards had alerted the backbone provider for Pakistan to filter out those malicious route announcements and alerted YouTube to announce more granular routes that would supercede the Pakistani routes, at least in the US.
As of this writing, 3:30 Eastern most of the rest of world can still not get to YouTube.
Josh Meyer writes in The Los Angeles Times:
A day after warning that potentially critical terrorism intelligence was being lost because Congress had not finished work on a controversial espionage law, the U.S. attorney general and the national intelligence director said Saturday that the government was receiving the information -- at least temporarily.More here.
On Friday evening, Atty. Gen. Michael B. Mukasey and Director of National Intelligence J. Michael McConnell had said in an unusually blunt letter to Congress that the nation "is now more vulnerable to terrorist attack and other foreign threats" because lawmakers had not yet acted on the administration's proposal for the wiretapping law.
But within hours of sending that letter, administration officials told lawmakers on the House and Senate intelligence committees that they had prevailed upon all of the telecommunications companies to continue cooperating with the government's requests for information while negotiations with Congress continue.
Gregg Keizer writes on ComputerWorld:
A critical vulnerability in VMware Inc.'s virtualization software for Windows lets attackers escape the "guest" operating system and modify or add files to the underlying "host" OS, the company has acknowledged.More here.
As of Sunday, there was no patch available for the flaw, which affects VMware's Windows client virtualization programs, including Workstation, Player and ACE. The company's virtual machine software for Windows servers, and for Mac- and Linux-based hosts, are not at risk.
The bug was reported by Core Security Technologies, makers of the penetration testing framework CORE IMPACT, said VMware in a security alert issued last Friday. "Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it," claimed Core Security.
Mohammed Aly Sergie writes on Emirates Business 24-7:
More than a 1,000 Danish websites have been infiltrated following a new controversy over the publication of a cartoon that insults Islam.More here.
Meanwhile, on Friday prominent Muslim scholar Dr Yusuf Al Qaradawi called to boycott Danish goods and peacefully protest against the recent republication of cartoons ridiculing Prophet Mohammed (PBUH) in 17 Danish newspapers. However, businesses do not expect the issue to snowball as it did in 2006 when the cartoon row first came to light.
The hacker, calling himself United Arab Hackers and reportedly from Saudi Arabia, inundated online forums with exploits and links to infiltrated Danish sites. It seems the hits were indiscriminate – common factor being “.dk” at the end of the URL, which means the website is based in Denmark.