Saturday, March 08, 2008

Computer Problems Threaten 2010 U.S. Census

A McClatchy News Service article by David Goldstein, via The Miami Herald, reports that:

The 2010 Census is already in trouble.

The handheld mobile computers that are supposed to replace the pens and paper long used by census-takers aren't working properly, and delays could send the cost from $600 million to as much as $2 billion.

The Census Bureau has done little, if any, planning for what to do if the handheld mobile computers can't be made to work.

As a result, an important census dress rehearsal this spring has been delayed by a month as the agency looks for backup plans.

"I cannot overemphasize the seriousness of this problem," Census Bureau Director Steve Murdock told a Senate hearing last week.

That same day, the Government Accountability Office, the investigative arm of Congress, designated the 2010 Census a "high-risk area."

More here.

Toon of The Day: It's 3 A.M....

Click for larger image.

Quote of The Day: Bill Maher

"New rule, politicians must stop saying 'the American people are smarter than that.' No they aren’t! If the Bush era has taught us anything, it’s that voters want a president carved in their own image. Someone who doesn’t like to read or believe anything he’s told and is easily distracted by bright, shiny objects."

- Bill Maher, as quoted on Crooks and Liars, on his HBO show "Real Time with Bill Maher".

Friday, March 07, 2008

One More: Late Night Kick Ass: Linkin Park - One Step Closer

That's just how I'm feeling lately.


- ferg

Late Night Flashback: Faith No More - Epic


- ferg

Off Topic: When Did LinkedIn Start Sucking So Bad?

I just logged in to LinkedIn for the first time in a few weeks, and... wow. It stinks.

LinkedIn People: Stop it.

Stop it now.

I can't even use the site now.

Why do people insist on screwing up a good thing?!?

- ferg

Shame of a Nation: Bush to Veto CIA Waterboarding Ban Bill

Via Reuters AlertNet.

President George W. Bush will veto legislation on Saturday banning U.S. intelligence agents from using waterboarding and other controversial interrogation methods, White House spokesman Tony Fratto said on Friday.

Last month, Congress sent Bush a broad intelligence authorization bill that contained new limits on CIA interrogation techniques, despite Bush administration warnings that such a measure would be rejected.

"The president will veto the intelligence authorization bill tomorrow," Fratto told reporters.

The legislation was approved by the Senate and House of Representatives on partisan votes that did not indicate there was enough support in Congress to overturn Bush's veto.

More here.

Note: Remember this? Well, it was a lie.

I love my country, but I'm so very ashamed of it's government. -ferg

5,000 MTV Networks' Employees Potentially Affected by Breach

Greg Sandoval writes on the C|Net News Blog:

Someone apparently hacked into a computer belong to an employee of MTV Networks and possibly gained access to names, birth dates, social security numbers and compensation data of 5,000 employees.

MTV Networks, a unit of media conglomerate Viacom, notified employees of the security compromise on Friday and said that while the computer files pertaining to employees' private information were password protected, the company can't be sure they haven't been opened.

"Once we learned of the incident, we immediately launched an internal investigation," the company said in a statement. "We ... contacted appropriate law enforcement authorities, who have begun a criminal investigation."

The company apologized to employees and provided phone numbers to credit-monitoring services to help protect them from identity theft.

More here.

CREW: White House Misled Court About Missing e-Mail

Ben Bain writes on

One of the groups suing the Bush administration over the alleged loss of millions of e-mail messages asked a federal court to hold administration officials in contempt, saying the Office of Administration’s chief information officer appeared to have knowingly submitted false, misleading and incomplete information to the court in January.

As part of ongoing litigation, Citizens for Responsibility and Ethics in Washington, a government watchdog group, requested March 6 that the court order Bush administration defendants to show cause why they should not be held in civil contempt of court. CREW also asked the court to order the administration to pay some of CREW’s legal fees and to allow the group to take a deposition from the CIO as part of the discovery process.

CREW and the George Washington University’s National Security Archive are part of a consolidated lawsuit alleging that the Bush administration failed to meet legal obligations under the Presidential Records Act by not preserving millions of e-mail messages sent and received between 2003 and 2005.

More here.

ICANN Looks Toward End of U.S. Agreement

Grant Gross writes on InfoWorld:

The Internet Corporation for Assigned Names and Numbers (ICANN) is starting to look at how the organization might function after its current memorandum of understanding with the U.S. Department of Commerce expires in September 2009.

ICANN, the nonprofit group that manages the Internet domain name system, has suggested it should become independent of Commerce Department oversight when the current Joint Project Agreement (JPA) with the agency expires. The agency's memorandum of understanding with ICANN has been in place since 1998, but in recent years, representatives of some other countries have questioned why the U.S. government should have primary oversight of the organization.

More here.

RNC Snaps Up Domain Names

Kitty Bennett writes on the New York Times' "The Caucus" Blog: At least 25 domain names related to Hillary Rodham Clinton have links to the Republican National Committee: the names were either registered by the R.N.C. last year or showed up on servers the committee uses. Half a dozen seemed to guess at Mrs. Clinton’s eventual running mate, like, referring to Gov. Martin O’Malley of Maryland.

The day after Barack Obama won the Iowa caucuses, the R.N.C. snapped up at least 20 domains related to his candidacy. Some of them may signal the party’s future strategy: and The party has also begun preemptively registering domains that could be used to attack John McCain, like,, and ( was taken.)

More here.

Image of The Day: The Colbert Report: AT & Treason

Via Crooks and Liars.


- ferg

Chinese Hackers: No Site Is Safe

John Vause writes on

They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world's most sensitive sites, including the Pentagon.

In fact, they say they are sometimes paid secretly by the Chinese government -- a claim the Beijing government denies.

"No Web site is one hundred percent safe. There are Web sites with high-level security, but there is always a weakness," says Xiao Chen, the leader of this group.

"Xiao Chen" is his online name. Along with his two colleagues, he does not want to reveal his true identity. The three belong to what some Western experts say is a civilian cyber militia in China, launching attacks on government and private Web sites around the world.

More here.

Hit by ID Theft, Then Plagued by Sprint

Bob Sullivan writes on the MSNBC "Red Tape Chronicles" Blog:

Last year, identity thieves wormed their way into Michael Carner’s Sprint account, tacked on 14 new cell phones and began ringing up phone charges. Even though he reported the intrusion, things only got worse. For nearly a year, the real estate agent was hit with late fees, frequent automated collections calls, service interruptions, and a $5,000 bill.

When Carner finally gave up and tried to cancel his account, Sprint had one more piece of bad news: The imposters had extended his service contract for two years, meaning he'd have to pay a $200 early termination fee to get out of his contract.

More here.

International Women's Day

Today is International Women's Day 2008.

- ferg

Thursday, March 06, 2008

Mark Fiore: President Petro

More brilliant Mark Fiore.

Via The San Francisco Chronicle.

- ferg

Toon of The day: The Passing of the Torch


TSA Gangstaz


Hat-tip: Bruce Schneier

- ferg

Outlook Bleak for Phishing Defeat

Matt Hines writes on the InfoWorld "Security Watch" Blog:

Everyone from the law enforcement community, to ISPs, to the very firms whose names are being tarnished by phishing attacks is trying to pitch in and help find a solution for the problem, but prospects for decreasing the prevalence of the threats remains daunting, according to the leader of one of the most high-profile efforts to do so.

David Jevans, the chairman of the nonprofit industry consortium the Anti-Phishing Working Group (and the CEO of encrypted USB drive specialist IronKey) said in a recent interview that as the phishing problem keeps "changing and getting worse" it has become clear that there are no simple answers to the issue.

Traditional mass-market phishing is still thriving despite the best efforts of ISPs and Webmail companies to filter out as much of the nefarious spam as possible -- as phishers continue to utilize the fast-flux model to evade pursuit, and even worse, targeted attacks are growing in complexity and popularity, Jevans said.

More here.

NATO: Cyber Warfare Poses as Great a Threat as Missile Attack

Bobbie Johnson writes in The

NATO is treating the threat of cyber warfare as seriously as the risk of a missile strike, according to a senior official.

A London conference was told that online espionage and internet-based terrorism now represent some of the gravest threats to global security.

Suleyman Anil, who is in charge of protecting NATO against computer attacks, said: "Cyber defence is now mentioned at the highest level along with missile defence and energy security.

Anil, who is head of NATO's computer incident response centre, told the E-Crime congress in London that the cost of hi-tech strikes on government communications was falling, while the amount of damage they could inflict grew.

More here.

More CNET Sites Under IFRAME Attack

Dancho Danchev:

What has changed for the past 24 hours, despite that the now over 51,900 pages at continue to be indexed by search engines? The folks at ZDNet Asia have taken care of the IFRAME issue, so that such injection is no longer possible.

However, the same IPs used in this IFRAME campaign, including two new domains introduced have been injected, and are loading at, and, again pushing the rogue XP AntiVirus, the rogue Spyshredderscanner, as well as another fake codec MediaTubeCodec.exe, hosted and distributed under two new domains.

Which sites are currently targeted?

ZDNet Asia - currently has 51,900 injected pages - 49,600 locally hosted IFRAME injected pages - 167 locally hosted pages, injection is ongoing - currently 4 pages, the campaign is ongoing

Which domains and IPs are behind the IFRAMEs? ( ( (

More here.

Notes: Hmm, let's look at this batch: InterCage, Inc. (Concord, California) EasySpeedy ApS (Denmark) PIRADIUS NET (Singapore), netdirekt e.K. (Germany) Layered Technologies, Inc. (Plano, Texas) Netcat Hosting (Panama)

Looks like I have a few incident notifications to send... - ferg

Java Update Fixes Security Vulnerabilities

Via heise Security News.

The release of Java 6 Update 5 by Sun has plugged multiple security vulnerabilities, but the vendor has so far disclosed no details.

According to the release notes, the update also installs new root certificates from AOL, DigiCert and TrustCenter. As Sun's updates generally fix critical security vulnerabilities, users should install the latest versions of the runtime environment (JRE) or development kit (JDK) as soon as possible. Because the software still does not automatically uninstall previous versions when it is installed, users should do so manually after installing the update.

More here.

Wednesday, March 05, 2008

Late Night Flashback: Cat Stevens - Peace Train (Live)

Yes, we love Alfred Hitchcock, too.


- ferg

The Subtleties of '...Attacks Appeared to Originate in China'

Shaun Waterman writes for UPI:

Defense-related think tanks and contractors, as well as the Pentagon and other U.S. agencies, were the target of repeated computer network intrusions last year apparently originating in China, the Department of Defense said this week.

In its annual report to lawmakers on China's military power, the department said the intrusions "appeared to originate in" China but added, "It is unclear if these intrusions were conducted by, or with the endorsement of" the Chinese government or military.

The report gave few details, but one China expert who works in the private sector told United Press International that in the last 18 months, China scholars who have close links to the U.S. government have been the repeated targets of sophisticated hacking attempts, using malicious software packages called Trojan horses hidden in e-mail attachments.

"Almost every think tank in Washington has dealt with this," said the expert, who did not want to be named because of the ongoing investigations into the intrusions. "I personally have received more than two dozen" such e-mails, which arrive purportedly sent by other China-watchers.

More here.

Note: Anyone who has dealt with technical cyber crime issues knows that it is trivial to commandeer a host and launch an attack, masquerading the origination of the true attacker.

Not for nothing, but I'm glad to see people start to acknowledge that China may not actually be behind these attacks.

But then again, it is almost impossible to be sure.

- ferg

National Dragnet Is a Click Away

Robert O'Harrow Jr. and Ellen Nakashima write in The Washington Post:

Several thousand law enforcement agencies are creating the foundation of a domestic intelligence system through computer networks that analyze vast amounts of police information to fight crime and root out terror plots.

As federal authorities struggled to meet information-sharing mandates after the Sept. 11, 2001, terrorist attacks, police agencies from Alaska and California to the Washington region poured millions of criminal and investigative records into shared digital repositories called data warehouses, giving investigators and analysts new power to discern links among people, patterns of behavior and other hidden clues.

Those network efforts will begin expanding further this month, as some local and state agencies connect to a fledgling Justice Department system called the National Data Exchange, or N-DEx. Federal authorities hope N-DEx will become what one called a "one-stop shop" enabling federal law enforcement, counterterrorism and intelligence analysts to automatically examine the enormous caches of local and state records for the first time.

More here.

A New Role for Defense Contractors? Counting Votes

Via The New York Times.

There has long been good reason to worry about Diebold voting machines. Many are “black box” electronic machines that do not produce paper records, so voters have to accept the results they report on faith.

Diebold, however, has not inspired much faith. It has been accused of illegally using uncertified software on its voting machines, exposing elections to possible tampering, and of making glitchy machines that misrecord votes.

Then there’s the little matter of the company’s CEO signing a letter before the 2004 election — in which his machines would be counting many of the votes — saying that he was committed to helping deliver Ohio to President Bush.

Now, there’s a new reason to worry that Diebold plays such a large role in presidential elections. United Technologies has made an unsolicited $3 billion bid to take over Diebold.

United Technologies is one of the nation’s leading defense contractors, which means it has an enormous corporate interest in who gets elected President.

More here.

Whistle-Blower: Feds Have a High-Speed Backdoor Into Wireless Carrier

Kevin Poulsen writes on Threat Level:

A U.S. government office in Quantico, Virginia, has direct, high-speed access to a major wireless carrier's systems, exposing customers' voice calls, data packets and physical movements to uncontrolled surveillance, according to a computer security consultant who says he worked for the carrier in late 2003.

"What I thought was alarming is how this carrier ended up essentially allowing a third party outside their organization to have unfettered access to their environment," Babak Pasdar, now CEO of New York-based Bat Blue told Threat Level. "I wanted to put some access controls around it; they vehemently denied it. And when I wanted to put some logging around it, they denied that."

Pasdar won't name the wireless carrier in question, but his claims are nearly identical to unsourced allegations made in a federal lawsuit filed in 2006 against four phone companies and the U.S. government for alleged privacy violations. That suit names Verizon Wireless as the culprit.

More here.

Rogue RBN Software Pushed Through Blackhat SEO

Dancho Danchev:

This is yet another example of the KISS strategy uncovering another huge IFRAME campaign, again taking advantage of locally cached pages generated upon searching for a particular word, and the IFRAME itself. In the previous example for instance, we had an second ongoing IFRAME campaign with just 4 pages injected with, however, what Keep it Simple Stupid really means in this case is that the next IP in their netblock is currently getting injected at many other sites as well.

The difference between the previous campaign and this one, is that the previous one was targeting just two high page rank-ed sites, while in the second one, the malicious parties pushing RBN's rogue XP AntiVirus are relying on a much more diverse set of domains loading the IFRAME. One factor remains the same, both campaigns continue pushing the rogue XP AntiVirus.

More here.

Note: Okay, the time has come to start naming names, apparently.

netdirekt e.K. - a hosting provider based in Frankfurt, Germany - has long been a (perhaps unwittingly) hosting provider for RBN activities for well over a year. So has Layered Technologies, Inc. (based in Plano, Texas), InterCage, Inc. (Concord, California), and SoftLayer Technologies, Inc. (Dallas, Texas). Each of these have long been known to be operational deployment platforms for RBN-related activities.

And yes, each of them have been contact through formal channels to inform them of these activities, to no avail.

Isn't it time for these companies to be called to task for continuing to turn a blind eye to criminal activities hosted in their networks? -ferg

Back to The Future: Pellicano Witness List Unveiled

Via The Smoking Gun.

Chris Rock, Sylvester Stallone, Farrah Fawcett, Garry Shandling, and Hollywood titans Brad Grey and Michael Ovitz head a list of 127 witnesses that federal prosecutors intend to call at the wiretapping trial of disgraced Los Angeles private investigator Anthony Pellicano.

The government witness list, a copy of which you'll find below, was filed today in U.S. District Court in L.A., where a jury has just been picked in the Pellicano case.

Other prosecution witnesses include powerful agents Kevin Huvane and Bryan Lourd; Bert Fields, L.A.'s best-know litigator; and journalists Anita Busch and Bernard Weinraub. Prosecutors are scheduled to deliver their opening statement tomorrow morning in the case against Pellicano, who is accused of operating an illegal wiretapping and information gathering network.

More here.

FBI's IT Raises Red Flags for Senate Judiciary Chairman

Ben Bain writes on

The FBI’s past setbacks in implementing information technology upgrades and its recent abuse of national security letters to obtain data on Americans are reasons to be concerned about its efforts to construct the $1 billion Next Generation Identification (NGI) biometric database [See previous blog entries on the FBI's "Server in The Sky" initiative. - ferg] , lawmakers said today.

“The confidence and credibility of the FBI has also taken a hit as the bureau seeks to exploit increasingly potent technologies,” Sen. Patrick Leahy (D-Vt.), the Judiciary Committee’s chairman, said in a prepared statement for the committee’s oversight hearing on the bureau.

More here.

Spyware Infections Carry Big Costs


A single spyware infection on a work computer can impact the productivity of the typical small business employee for two-and-a-half days, according to research commissioned by the Computing Technology Industry Association (CompTIA).

A survey of employees at businesses with 10 to 200 computer users found that more than one in four computer users reported having their productivity impacted by a spyware infection during the past six months. Of these, more than one-third reported multiple spyware inflections.

Even more alarming, users of spyware-infected computers reported "living with" the problem for 18 work hours – more than two full workdays – before getting it repaired. They did so even though they realized that their work productivity was reduced due to the problems associated with spyware. Users estimated their productivity was reduced by 21 percent when the spyware problem was first noticed; and was reduced by 32 percent when the problem was at its peak.

More here.

Reports of U.S. Federal Breaches Double

A UPI newswire article by Shaun Waterman, via The Washington Times, reports that:

The White House Office of Management and Budget says the number of computer security breaches reported by federal network managers more than doubled last year, largely because of improved reporting of such incidents.

Federal departments and agencies touted these figures and other findings in a report to lawmakers released over the weekend. The report also found that the threat to government computer systems was "shifting from opportunistic hacking to targeted, dynamically adapting attacks," and acknowledged that "a long-term architectural road map is necessary to provide a consistent strategy for mitigating malicious cyber-activity."

Departments and agencies reported 12,986 security incidents last year to the U.S. Computer Emergency Readiness Team, or US-CERT, the monitoring center based at the Department of Homeland Security. That was up from 5,146 reported incidents in 2006.

The two categories of incidents that grew the fastest were "improper usage" — which soared fivefold from 638 to 3,305 — and "under investigation" — which rose fourfold from 912 to 4,056.

More here.

U.S. Defense Officials Still Concerned About Data Lost in 2007 Network Attack

Jill R. Aitoro writes on GovExec:

A June 2007 network intrusion at the Pentagon resulted in the theft of an "amazing amount" of data, and the incident remains a national security concern, a top Defense Department technology official said this week.

The Office of the Secretary of Defense detected malicious code in various portions of its network infrastructure while consolidating information technology resources in the middle of last year. Over the course of two months, the code infiltrated multiple systems, culminating in an intrusion that created havoc by exploiting a vulnerability in Microsoft Windows, said Dennis Clem, OSD's chief information officer.

During the attack, spoofed e-mails containing recognizable names were sent to OSD employees. When they opened the messages, user IDs and passwords that unlocked the entire network were stolen; as a result, sensitive data housed on Defense systems was accessed, copied and sent back to the intruder.

"This was a very bad day," said Clem during a panel discussion at the Information Processing Interagency Conference Tuesday. The breach continues to pose a threat, he added. "We don't know when they'll use the information they stole, [which was] an amazing amount, [including] processes and procedures that will be valuable to adversaries."

More here.

Hat-tip: dissent

Security Fix: The FDIC Computer Intrusion Report

Brian Krebs writes on Security Fix:

Last week, Security Fix featured the highlights from a non-public report by the Federal Deposit Insurance Corp. (FDIC) that examined a huge recent spike in the cost of computer intrusions for banks and consumers. I chose not to publish the report itself at the time, but due in part to the large number of requests I've received from people inside the financial sector who claim to have never seen such figures from the government before, I've decided to release a slightly redacted version of it (the original version contained a number of case studies that included potentially sensitive data about ongoing law enforcement investigations).

FDIC Division of Supervision and Consumer Protection: Cyber Fraud and Financial Crime Report [.doc], November 9, 2007 (as of June 30, 2007) . For those who don't have Microsoft Word, a less attractive HTML version of the report is available here.

More here.

Mueller: FBI Improperly Sought Personal Data

An AP newswire article, via MSNBC, reports that:

An internal Justice Department report has found more improper use of national security letters by FBI agents seeking personal data on Americans during terror and spy investigations, Director Robert Mueller said Wednesday.

Mueller told the Senate Judiciary Committee that the privacy breach by FBI agents and lawyers occurred a year before the bureau enacted sweeping new reforms to prevent future lapses.

Details on the abuses will be outlined in the coming days in a report by the Justice Department's inspector general.

More here.

Tuesday, March 04, 2008

Late Night Flashback: Iggy Pop & Kate Pierson - Candy


- ferg

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Tuesday, March 4, 2008, at least 3,974 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes eight military civilians. At least 3,237 died as a result of hostile action, according to the military's numbers.

The AP count is one more than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Image of The Day: Dungeons & Dragons Kitteh


Spying Fight about e-Mails, Not Phone Calls, DoJ Reveals

Ryan Singel writes on Threat Level:

In the end, it turns out it's all about the emails.

The fight in Congress and the big push for expanded wiretapping powers has nothing to do with intercepting foreign-to-foreign phone calls inside the United States without a court order. In fact, it turns out that the nation's secret wiretapping court is fine with that.

That extraordinary admission came from Assistant Attorney General for National Security Kenneth Wainstein at a breakfast on Monday, according to the Washington Post.

More here.

Google Android SDK Hits Security Speed Bump

Ryan Naraine writes on eWeek:

Researchers find ways to exploit outdated and vulnerable open-source image processing libraries in the Google Android software development kit.

Google's Android software development kit is using several outdated and vulnerable open-source image processing libraries, according to an alert from Core Security, a company that specializes in penetration-testing software.

In an advisory released Mar. 4, Core Security identified several exploitable heap overflows and integer overflows haunting Android, Google's software stack for mobile devices that includes an operating system, middleware and key applications.

More here.

Survey: Enterprises Don't Know Sensitive Data Flow

Kelly Jackson Higgins writes on Dark Reading:

Most enterprises still don’t know where their sensitive data resides, and less than half of those that do know are actually enforcing its protection, according to new research to be released next month by The 451 Group.

“Seventy-five percent don’t know who their employees are talking to,” says Nick Selby, director of research operations and research director of enterprise security for The 451 Group. “But this is not an IT problem -- it’s a business problem.”

The 451 Group survey, which will be published as part of its “Mind the Data Gap” report next month, found that only 37 percent of enterprises have determined where their data physically resides in the organization. Only 26 percent have established data-sensitivity classification schemes -- such as “public,” “confidential,” and “regulated" -- to label their data, and over half of those respondents say enforcement of these data classifications is nonexistent in their organizations.

More here.

Kiwi Security Expert Exposes Windows Flaw


A New Zealand security consultant based has released a tool that can unlock Windows computers in seconds without the need for a password.

Adam Boileau first demonstrated the hack, which affects Windows XP computers but has not yet been tested with Windows Vista, at a security conference in Sydney in 2006, but Microsoft has yet to develop a fix.

Interviewed in ITRadio's Risky Business podcast, Boileau said the tool, released to the public yesterday, could "unlock locked Windows machines or login without a password ... merely by plugging in your Firewire cable and running a command".

More here.

Majority of Users Think Search Engines Should Do More to Fight Malware

Via Virus Bulletin News.

According to a recent poll, 85% of visitors to the VB website think that search engines should be doing more to fight malware, but experts say the matter is more complicated than that.

A recent paper by researchers at Google revealed that more than 1.3% of Google search results now contain at least one malware-serving website - a number that has quadrupled in the past nine months. Translated into actual searches this means that millions of people are being presented with links to malware-serving websites every day.

More here.

In Passing: Gary Gygax

Gary Gygax
July 27, 1938 – March 4, 2008

Chertoff Asks For Patience on Cyber Security

Alice Lipowicz writes on Washington Technology:

Federal civilian agencies need to work together more closely to coordinate their information technology network surveillance as part of the White House’s major new cybersecurity initiative, Homeland Security Department Secretary Michael Chertoff said yesterday.

The full cybersecurity strategy will not be completed this year, Chertoff said.

“We are beginning our cyberstrategy,” he said. “That will not be done this year, but I'm hoping we can get it, a cyber center, up and running, and have a full set of plans and a funding budget to move forward over the next several years to get to the next level of cybersecurity.”

More here.

U.S. Treasury 'Watch List' Causes eNom to Yank Legitimate Travel Domains

Adam Liptak writes in The New York Times:

Steve Marshall is an English travel agent. He lives in Spain, and he sells trips to Europeans who want to go to sunny places, including Cuba. In October, about 80 of his Web sites stopped working, thanks to the United States government.

The sites, in English, French and Spanish, had been online since 1998. Some, like, were literary. Others, like, discussed Cuban history and culture. Still others — and — were purely commercial sites aimed at Italian and French tourists.

“I came to work in the morning, and we had no reservations at all,” Mr. Marshall said on the phone from the Canary Islands. “We thought it was a technical problem.”

It turned out, though, that Mr. Marshall’s Web sites had been put on a Treasury Department blacklist and, as a consequence, his American domain name registrar, eNom Inc., had disabled them. Mr. Marshall said eNom told him it did so after a call from the Treasury Department; the company, based in Bellevue, Wash., says it learned that the sites were on the blacklist through a blog.

Either way, there is no dispute that eNom shut down Mr. Marshall’s sites without notifying him and has refused to release the domain names to him. In effect, Mr. Marshall said, eNom has taken his property and interfered with his business. He has slowly rebuilt his Web business over the last several months, and now many of the same sites operate with the suffix .net rather than .com, through a European registrar. His servers, he said, have been in the Bahamas all along.

More here.

Note: This is just ludicrous policy FUBAR. -ferg

Windows-Based Cash Machines 'Easily Hacked'

Nick Heath writes on

Security experts have hacked ATMs to show how easy it is to steal money and bank account details from modern cash machines.

ATMs today face the internet-born threat of worms and denial of service attacks, as well as being at risk from malware that can harvest customer data or hijack machines.

Up to 90 per cent of the ATMs in the UK could be at risk from these attacks as they rely on desktop PC technology - usually Intel hardware and Windows operating systems - linked to other machines - some connected to the internet - in the bank's network, according to experts.

More here.

ZDNet Asia and TorrentReactor IFRAME-ed

Dancho Danchev:

This currently ongoing malware embedded attack aimed at ZDNet Asia and TorrentReactor is very creative at the strategic level, whereas the IFRAME-ing tactic remains the same. The sites' search engines seem to have been exploited to have the IFRAME injected, not embedded, within the last 24 hours, redirecting to known Russian Business Network's IPs and ex-customers in the face of rogue anti-virus and anti-spyware applications.

For the time being, has 11,200 cached pages loading the IFRAME, and - 29,300 cached pages loading the IFRAME. Even worse, the IFRAME embedded search results hosted on their sites, are appearing between the first ten to twenty search results, thanks to the sites high page ranks.

More here.

Monday, March 03, 2008

Late Night Flashback: Henry Rollins - Liar

Rollins rocks.

- ferg

Australian Federal Police Unite Tech Units in Fight Against Cyber Crime

Marcus Browne writes on

The Australian Federal Police (AFP) yesterday finalised the restructuring of its high tech crimes division, with the announcement that the force's final two independent technical units have been amalgamated with High Tech Crimes Operations.

The national law enforcement agency had maintained two independent online crime departments: the Australian High Tech Crimes Centre (AHTCC) and the Online Child Sex Exploitation Team (OCSET) until June last year, when the two merged to become Australian Federal Police High Tech Crimes Operations, headed up by AFP chief of staff and assistant commissioner Andrew Colvin.

Both departments had operated autonomously from each other and were separately funded until last year's amalgamation was introduced in an attempt to streamline the forces' online investigative and technical capabilities.

More here.

Yet Another Report: China Trying to Crack U.S. Computers, Buy Nukes

Mike Mount writes for

The Chinese military continues to increase spending on efforts to break into U.S. military computer systems, expand its Navy, and invest in intercontinental nuclear missiles and weapons to destroy satellites, according to the latest U.S report on China's military power.

The annual report from the Pentagon to Congress says China's total military spending in 2007 was between $97 billion and $139 billion, but it is hard to tell exactly how much was spent and on what.

In comparison, the U.S. military budget request for 2008 is $481.4 billion, not including war requests.

Pentagon officials said a chunk of China's spending went to cyberwarfare, because 2007 saw several "intrusions" believed to be from the Peoples Liberation Army. In the incidents, unclassified U.S. military computer systems were broken into and information was taken, according to Pentagon officials.

More here.

GAO Oversight Office at NSA Lies Dormant

Steven Aftergood writes on Secrecy News:

The Government Accountability Office maintains an office at the National Security Agency but it remains unused since no one in Congress has asked GAO to perform any oversight of the Agency, the head of GAO disclosed last week.

Despite multi-billion dollar acquisition failures at NSA and the Agency’s controversial, possibly illegal surveillance practices, Congress has declined to summon all of its oversight resources such as GAO to address such issues.

More here.

Analysis: Einstein and U.S. Cyber Security

Shaun Waterman writes for UPI:

The Einstein program -- the most significant element yet unveiled of the classified multibillion-dollar cybersecurity initiative President Bush signed last month -- will still leave the U.S. government's IT security lagging the private sector, say lawmakers and industry experts.

At a hearing last week on Capitol Hill, officials faced close, skeptical questioning about the program, an intrusion detection system that will automatically monitor and analyze Internet traffic into and out of federal computer networks in real time -- allowing officials at the Department of Homeland Security to scan for anomalies that might represent hackers or other intruders trying to gain access or steal data.

"There are still some gaping holes," said Rep. James Langevin, D-R.I., of the House Homeland Security Committee.

More here.

Security Researchers to Unveil Pacemaker, Medical Implant Hacks

Chris Soghoian writes on the C|Net "surveill@nce st@te" Blog:

A team of respected security researchers known for their work hacking RFID radio chips have turned their attention to pacemakers and implantable cardiac defibrillators.

The researchers will present their research paper "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses" during the "Attacks" session of the 2008 IEEE Symposium on Security and Privacy, one of the most prestigious conferences for the computer security field.

By reading between the lines (millions of remotely implanted medical devices, able to administer electrical shocks to the heart, can be controlled remotely from distances up to 5 feet, designed by people who know nothing about security), it is easy to predict the gigantic media storm that this paper will cause when the full details (and a YouTube video of a demo, no doubt) are made public.

Just remember where you saw it first.

More here.

SecureWorks: Hackers Use Banking Digital Certificates to Scam Financial Customers

Via SecureWorks.

SecureWorks announced today that hackers are successfully scamming banking customers with spear phishing emails stating that their banking digital certificate has expired. The malicious emails state that in order for the bank customer to access their bank account, they must load a new certificate by clicking on an enclosed link.

Once they click on the link, they are actually downloading the Prg Banking Trojan. This banking Trojan, originally discovered by SecureWorks in December 2007, is one of the most sophisticated and lethal pieces of banking malware developed.

More here.

Embedding Malicious IFRAMEs Through Stolen FTP Accounts

Dancho Danchev:

Keywords for gaining attention from a marketing perspective for last week - embedded malware, IFRAMEs, stolen FTP accounts, Fortune 500 companies, Russia. Nothing's wrong with that unless of course you're interested in the whole story and the big picture, which wouldn't be excluding the possibility for having a Fortune 500 company's servers acting as C&Cs for a large botnet.

Why are Fortune 500 servers excluded as impossible to get hacked at the first place, making it look like that the amount of money spent on security is proportional with the level of security reached? The more you spend does not mean the more secure it gets if you're not allocating the money where they have to be allocated at, in a particular moment of time, given the dynamic threatscape these days.

More here.

Telecom Amnesty Compromise in Works

Ryan Singel writes on Threat Level:

House Intelligence Committee Chairman Silvestre Reyes says the House and Senate may come to a compromise this week over whether to grant amnesty to telecoms that aided Bush's secret, domestic wiretapping program.

The Texas Democrat says he's seen some of the wiretapping documents and talked with the telecoms, and is open now to the idea of giving the companies immunity.

More here.

U.S. Government Forces Military Secrets on Brit Webmaster

Dan Goodin writes on The Register:

A website promoting the town of Mildenhall has been shut down because it unintentionally became the recipient of hundreds of classified emails, including messages detailing the planned flight path of President Bush.

According to reports, the closure of came at the prompting of US Air Force chiefs, who were concerned that its resemblance to the official website for the Mildenhall US air base was confusing some people. Evidently, their fears had some basis in fact.

More here.

In Passing: Jeff Healey

Jeff Healey
March 25, 1966 – March 2, 2008

Sunday, March 02, 2008

Yet More: Late Night Flashback: Nine Inch Nails - Every Day Is Exactly The Same


- ferg

Cyber Space: The New Art of War

Walter Pincus writes in The Washington Post:

If there were any doubts that the United States is preparing for war in space and cyberspace, testimony before the Strategic Forces Subcommittee of the House Armed Services Committee last week would have wiped them away.

According to Gen. Kevin P. Chilton, head of U.S. Strategic Command, "our adversaries understand our dependence upon space-based capabilities, and we must be ready to detect, track, characterize, attribute, predict and respond to any threat to our space infrastructure."

Although space threats have received much attention in the past, it was the possibility of cyberspace warfare that was given new emphasis at the hearing.

More here.

More: Late Night Flashback: R.E.M. - Stand


- ferg

Late Night Flashback: The B-52's - Revolution Earth

Love these guys...

- ferg

Jiangmin Will Function as Network Emergency Response Group for 2008 Beijing Olympics

Via The Dark Visitor.

Jiangmin Science and Technology, the largest anti-virus company in the country, has been officially established as a network emergency response group for the 2008 Beijing Olympic games. The group will answer to the Olympic Organizing committee, as well as the National Network Security Department.

More here.