Saturday, August 02, 2008

Late Night Flashback: The Ventures - Walk Don't Run




Enjoy.

- ferg

TSA Puts Gags on Airline Ticket Agents

P. Jeffrey Black writes on The Washington Times' "Aviation Security" Blog:

In typical government fashion, the Transportation Security Administration (TSA) is blaming somebody else for problems it created.

As reported in USA Today, and shown on CNN this week, the TSA is telling airline ticket agents to keep their mouths shut and not to inform passengers that they are on the TSA terrorist watch list, or the airline they work for will be subject to a $25,000 fine if they do.

This seems to be a semantics word game TSA has been playing recently, especially after CNN reporter Drew Griffin reported that he found himself on the TSA's terrorist watch list soon after doing a report that was critical of the Federal Air Marshal Service.

When grilled by Congresswoman Sheila Jackson-Lee recently in a congressional hearing, DHS Secretary Michael Chertoff stated, "It is not my understanding that the reporter was put on the list, he may share the name with someone who was put on . . . we do have circumstances where we have name mis-matches."

But wait, if there were "mis-matches" of the names, then Drew Griffin and all of the other passengers on the terrorist watch list wouldn't be complaining. The problem is, their names are matching the names on the watch list –– not mis-matching. If Secretary Chertoff cannot even understand this basic concept, then we are all in trouble.

More here.

Hat-tip: Homeland Stupidity

New Zealand: Police Deliver Internet Auction Site User Details to Prisoners

Anna Leask writes in The New Zealand Herald:

The private details of up to 10,000 Trade Me users - described as a "shopping list for criminals" - have been released by police to prison inmates.

Police investigating the so-called terror raids last year obtained the information of the innocent traders as evidence. They then passed the disclosure material to defence lawyers and, in one case, to the prison cell of Jamie Lockett.

One of the "Urewera 16" arrested on firearms charges, Lockett received 16 boxes containing 24,000 pages of information relating to the police case against him, according to this week's Listener.

One of the boxes contained the personal details of up to 10,000 Trade Me customers, including their name, user name, personal email address, phone numbers, home address and trading history over the past five years.

More here.

Ticket Scam Hits Olympics

Greg Johnson writes in The Los Angeles Times:

Olympic officials have turned to the federal courts in a bid to shut down two online companies suspected of stealing money, credit card information and passport numbers from hundreds of people who thought they were buying scarce tickets to prime events in Beijing.

The International Olympic Committee and the U.S. Olympic Committee won a restraining order July 23 in federal court in Phoenix that shut down one of the websites, www.beijing-tickets2008.com. On Monday, the USOC and IOC plan to ask a federal judge in San Francisco for an order that would shut down www.beijingticketing.com, which remained active Friday.

Attorneys for the IOC and USOC have been in touch with authorities, and "it is our understanding that there are discussions ongoing within law enforcement as to whether the FBI will become involved," said USOC General Counsel Rana Dershowitz.

Officials said they did not know for certain whether the operators of beijing-tickets2008 were out of business, or had simply shifted to a new online address. Both companies appeared to have been operating several related websites promising to deliver hard-to-find Olympics tickets.

The websites lured people in large part by their extensive -- and allegedly illegal -- use of logos that look very similar to the official Olympic ones. The websites' names also helped them appear atop search engine results.

More here.

Hawaii Man Accused of Helping China Design Missile

An AP newswire article by Audery McAvoy, via The SFGate.com, reports that:

Cheryl Gowadia couldn't figure out why FBI agents in riot gear, guns drawn, were storming her home on Maui's tranquil North Shore. At first, she thought they might be after the man building a pond in her backyard. Instead, she was stunned to learn they wanted to question her husband, a former B-2 stealth bomber engineer.

A week later, on Oct. 13, 2005, agents arrested Noshir Gowadia, a native of India who received a Ph.D. at 15, on suspicion he sold military secrets to China.

Maui is an unlikely place for a spy saga., a mostly rural island of 140,000 known more for big-wave surfing and five-star resorts.

The case comes amid growing U.S. concern about Chinese spying and enhanced prosecution efforts across the country.

More here.

Friday, August 01, 2008

Five Stars: Talk To Me

Don Cheadle as Petey Greene.


Yes, I know I'm a little late to the party, but I finally just saw this movie.

It was fantastic. I can't recommend it enough.

- ferg

Firewall Vendors Scramble to Fix DNS Problem

Robert McMillan writes on PC World:

Nearly a month after a critical flaw in the Internet's Domain Name System was first reported, vendors of some of the most widely used firewall software are scrambling to fix a problem that can essentially undo part of the patches that address this bug.

The DNS flaw affects server software made by many vendors, including Microsoft, Cisco Systems, and the Internet Systems Consortium.

Some firewall software undoes a source port randomization feature that was introduced in the DNS patches. While this change doesn't completely negate the DNS patch, it could make it easier for attackers to pull off a cache-poisoning attack against the DNS server, security experts say.

This could lead to virtually undetectable phishing attacks against users of those DNS servers.

More here.

U.S. Toll in Iraq, Afghanistan



Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Aug. 1, 2008, at least 4,127 members of the U.S. military have died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,362 died as a result of hostile action, according to the military's numbers.

The AP count is two fewer than the Defense Department's tally, last updated Friday at 10 a.m. EDT.

As of Friday, Aug. 1, 2008, at least 491 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Saturday at 10 a.m. EDT.

Of those, the military reports 347 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Black Hats and Cold War

Kelly Jackson Higgins writes on Dark Reading:

What you can’t see can hurt you -- and most likely, it already has. By now, your credit card number is probably sitting somewhere on a crime server, either already compromised or ripe for the picking. But since we don’t actually see this happen nor can we put a face to the perpetrators, it’s easy to dismiss the threat or ignore it altogether -- until we feel it in our wallets.

The stakes are higher than a compromised credit card account, however. There’s a cyberspace Cold War going on right now between the U.S. and two countries-who-must-not-be-named (two guesses), according to a commissioner on the Commission on Cyber Security for the 44th Presidency, which is working on policy, research, and technology recommendations for the next administration to combat cybercrime and cyber warfare.

More here.

FBI: Flash Drive Used to Steal Countrywide Customer Data

Nancy Gohring writes on ComputerWorld:

Struggling home mortgage lender Countrywide, already hit hard by the lending crisis and an investigation into potential fraud at the company, now faces another crisis: One of its former employees has been charged for allegedly stealing personal information about customers.

Rene Rebollo was arrested on Friday by agents with the Federal Bureau of Investigation (FBI) in California, who say he stole and then sold personal information about Countrywide customers throughout the country over a two-year period.

Rebollo worked as a senior financial analyst for Countrywide Home Loan's subprime mortgage division, where he had access to Countrywide databases containing customer data, according to the complaint against him. Using his computer at work, he saved the customer data onto his own flash drives to remove it from the office, the FBI alleges. About a month ago, during an interview by FBI agents, Rebollo admitted he gave out the account information to third parties, according to the complaint.

Rebollo lost his job with Countrywide in July.

Another man, Wahid Siddiqi, was arrested for allegedly buying the stolen data and also selling it.

More here.

Local: Police Make Arrest in Grocery Store ATM Scams

Via NBC11.com.

Police arrested a man Friday they say was involved with an ATM scam at a Los Gatos supermarket that lost about $300,000.

The Los Gatos Monte/Sereno Police Department arrested Raymond Kurt Fisher, 37, at his San Jose home Thursday, police said.

Between March and April, 14 2008, 250 Lunardi's shoppers found fraudulent charges or cash withdrawals totaling about $300,000 from their bank accounts, police said.

The majority of the withdrawals were made in Southern California, police said.

More here.

Apple Security Patch Flubs DNS Fix

Thomas Claburn writes on InformationWeek:

Apple on Thursday released Security Update 2008-005, a collection of 17 fixes for security vulnerabilities in its Mac OS X operating system.

Among the fixes is what looks to be a patch for the DNS cache poisoning vulnerability that security experts spent most of July warning about.

But according to security researcher Swa Frantzen from the SANS Internet Storm Center, Apple's fix hasn't quite done the trick.

"Apple might have fixed some of the more important parts for servers, but is far from done yet as all the clients linked against a DNS client library still need to get the workaround for the protocol weakness," said Frantzen in a blog post.

The issue appears to be that despite Apple's patch, BIND under OS X is incrementing the ports it uses to communicate DNS information in a predictable pattern.

More here.

FCC Declares Comcast's Throttling Violated Net Neutrality

David Kravets writes on Threat Level:

The Federal Communications Commission, by a 3-2 vote Friday, blasted Comcast's network-management practices of throttling BitTorrent peer-to-peer applications, calling them unreasonable and a violation of FCC rules.

"In analyzing whether Comcast violated federal policy when it blocked access to certain applications, we conduct a fact-specific inquiry into whether the management practice they used was reasonable," FCC commissioner Kevin Martin said. "Based on many reasons, including the arbitrary nature of the blocking, the lack of relation to times of congestion or size of files, and the manner in which they hid their conduct from their subscribers, we conclude it was not."

The commission concluded that Comcast had interfered with internet users' right to access the internet and to use applications of their choice. The commission said Comcast monitored the content of its customers' internet connections and selectively blocked peer-to-peer connections.

More here.

Conflicting Reports: Online Tibet Briefing Blocked By Beijing

Via Stuff.co.nz.

An online media conference about freedom for Tibet was blocked in China today, confirming that internet access continues to be censored for international media at the Beijing Olympics.

Students for a Free Tibet held the live broadcast via their website, to update the situation in Tibet and outline plans for global action during the Olympic Games.

AAP was unable to access the website from Beijing. Each attempt to connect resulted in a note that the webpage could not be displayed.

However, journalists in Australia could participate in the conference without difficulty.

More here.

Note: So where are the reporting conflicts? Well, earlier, "..The International Olympic Committee and the Chinese organizers BOCOG have agreed to lift all Internet restrictions for media covering the Beijing Games, the IOC told Reuters on Friday." Details here.

I guess they just haven't gotten around to removing the access restrictions yet.

Who knows. - ferg

Thursday, July 31, 2008

China Hits Back at U.S. Senator's Spying Claims

Steven Schwankert writes on PC World:

China's Foreign Ministry brushed off but did not specifically deny accusations that Chinese authorities are forcing foreign hotel chains operating here to install Internet eavesdropping devices ahead of the Olympics.

"Those accusations are unfair," the state-run Xinhua News Agency quoted Foreign Ministry spokesperson Liu Jianchao as saying at the ministry's biweekly press conference Thursday. "Privacy is respected and guaranteed in China. China's security measures in hotels and other public places are not beyond the internationally, generally used measures," he said.

On Tuesday, Kansas Senator Sam Brownback accused China again of ordering foreign hoteliers to permit the Public Security Bureau, China's police, to deploy Internet monitoring hardware and software. "The Chinese government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying," he said in a statement. "This means journalists, athletes' families and other visitors will be subjected to invasive intelligence gathering by the Chinese Public Security Bureau."

More here.

Classic xkcd: Frustration




Yes, we love xkcd. And this is why.

Enjoy!

- ferg

U.S. Border Laptop Search & Detention: No Suspicion Required Under DHS Policies

Ellen Nakashima writes in The Washington Post:


Federal agents may take a traveler's laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

Also, officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.

"The policies . . . are truly alarming," said Sen. Russell Feingold (D-Wis.), who is probing the government's border search practices. He said he intends to introduce legislation soon that would require reasonable suspicion for border searches, as well as prohibit profiling on race, religion or national origin.

DHS officials said the newly disclosed policies -- which apply to anyone entering the country, including U.S. citizens -- are reasonable and necessary to prevent terrorism. Officials said such procedures have long been in place but were disclosed last month because of public interest in the matter.

More here.

Background here. Also, I feel compelled to draw your attention to Magic Lantern...

-ferg

'Anthrax Scientist' Commits Suicide As FBI Closes In

An AP newswire article by Lara Jakes Jordan and David Dishneau, via The Boston Globe, reports that:

A top U.S. biodefense researcher apparently committed suicide just as the Justice Department was about to file criminal charges against him in the anthrax mailings that traumatized the nation in the weeks following the Sept. 11, 2001, terrorist attacks, according to a published report.

The scientist, Bruce E. Ivins, 62, who worked for the past 18 years at the government's biodefense labs at Fort Detrick, Md., had been told about the impending prosecution, the Los Angeles Times reported for Friday editions. The laboratory has been at the center of the FBI's investigation of the anthrax attacks, which killed five people.

Ivins died Tuesday at Frederick (Md.) Memorial Hospital. The Times, quoting an unidentified colleague, said the scientist had taken a massive dose of a prescription Tylenol mixed with codeine.

More here.

Beijing Olympic Web Restrictions to Be Lifted

A Reuters newswire article, via The New York Times, reports that:

The International Olympic Committee and the Chinese organizers BOCOG have agreed to lift all Internet restrictions for media covering the Beijing Games, the IOC told Reuters on Friday.

"The issue has been solved," vice-president Gunilla Lindberg said. "The IOC Coordination Commission and BOCOG met last night and agreed. Internet use will be just like in any Olympics."

The issue had caused a major stir days before the start of the August 8-24 Olympics with IOC officials insisting there would be no censorship and BOCOG saying sensitive sites would remain blocked.

In a statement issued late on Thursday, the IOC had said it was expecting BOCOG to solve the issue and said it has always made clear that media representatives should have full access to the Internet.

More here.

Apple Finally Releases Patch For Critical DNS Flaw

Steven Musil writes on C|Net News:

Apple released a security update Thursday for its Tiger and Leopard operating systems to patch a critical Domain Name System flaw, along with a dozen other updates.

The update also fixes a QuickLook bug where loading a malicious Microsoft Office file could lead to "arbitrary code execution."

More here.

Mark Fiore: The Acronym Institute



More Mark Fiore brilliance.

Via The San Francisco Chronicle.

Enjoy!

- ferg

Black Hat Talk on Apple Encryption Flaw Pulled

Brian Krebs writes on Security Fix:

A security researcher who was set to speak at the Black Hat hacker convention in Las Vegas next week on a previously undiscovered flaw in Apple's FileVault encryption system has canceled his talk, citing confidentiality agreements with the Cupertino computer maker.

Charles Edge, a researcher from Georgia, had been slated to discuss his research on a weakness that could be used to defeat FileVault encryption on the Mac. But sometime last week, Black Hat organizers pulled his name and presentation listing from its schedule of talks.

Contacted via cell phone, Edge said he signed confidentiality agreements with Apple, which prevents him from speaking on the topic and from discussing the matter further.

More here.

Bush Orders Expands Role For National Intel Chief


An AP newswire article by Pamela Hess, via SFGate.com, reports that:

President Bush's new executive order revising rules for intelligence agencies expands the national intelligence director's powers and may further erode the CIA's traditional autonomy.

The order, revised in secret and signed Wednesday, is drawing criticism from civil liberties groups and even lawmakers from the president's own party.

House Republicans on the intelligence committee walked out of a Thursday morning briefing by the national intelligence director, Mike McConnell, on the order to protest what they consider the White House's pattern of disrespect for congressional oversight.

The committee believes it has not been consulted or informed about critical intelligence matters. These include the executive order; Israel's bombing of an alleged Syrian nuclear facility last summer; changes in U.S. intelligence on Iran; the administration's warrantless wiretapping program; and the CIA's destruction of interrogation videotapes.

"This president is making it impossible for Congress to do oversight of the intelligence community," the committee's top Republican, Rep. Peter Hoekstra of Michigan, told The Associated Press. "The only effective oversight that can be done is out of the executive branch. And this is the fox guarding the chicken coop."

More here.

Black Hat: A Photo That Can Steal Your Facebook Account

Robert McMillan writes on CIO.com:

At the Black Hat computer security conference in Las Vegas next week, researchers will demonstrate software they've developed that could steal online credentials from users of popular Web sites such as Facebook, eBay and Google.

The attack relies on a new type of hybrid file that looks like different things to different programs. By placing these files on Web sites that allow users to upload their own images, the researchers can circumvent security systems and take over the accounts of Web surfers who use these sites.

"We've been able to come up with a Java applet that for all intents and purposes is an image," said John Heasman, vice president of research at NGS Software.

They call this type of file a GIFAR, a contraction of GIF (graphics interchange format) and JAR (Java Archive), the two file-types that are mixed. At Black Hat, the researchers will show attendees how to create the GIFAR while omitting a few key details to prevent it from being used immediately in any widespread attack.

More here.

U.S. Navy Partially Spares Moffett Field's Hangar One

The airship USS Macon first arrived at Moffett Field in Sunnyvale on Oct. 16, 1933,
and was housed at Hangar One.



Cade Metz writes on The Register:

Hangar One, the onetime airship station that has long symbolized California's Silicon Valley, won't be destroyed after all. The US Navy will allow it to stand - without its clothing.

More than two years ago, the Navy designated Hangar One for demolition, after discovering that the mammoth Mountain View landmark was poisoning nearby wetlands. But some feisty blimp garage lovers fought to save the structure, and yesterday, as reported by the San Jose Mercury News, the Navy said it will leave the hangar's steel skeleton in place while removing its toxic siding.

More here.

Image source: Moffett Field Historical Society / Stanford News Service

U.S. Homeland Security Stays Mum on New 'Cyber Security' Center

Stephanie Condon writes on C|Net News:

The Bush administration's newly-created National Cyber Security Center remains shrouded in secrecy, with officials refusing to release information about its budget, what contractors will run it, and how its mission relates to Internet surveillance.

In correspondence with the U.S. Senate posted on Thursday, the Bush administration said it would not provide that information publicly. An 18-page, partially redacted letter [.pdf] from DHS said that disclosure could affect "the conduct of federal programs, or other programs or operations essential to the interests of our nation."

The censored letter -- a non-redacted, "For Official Use Only" version was provided to senators -- came in response to queries from the top Democratic and Republican members of the Senate's Homeland Security committee.

More here.

Toon of The Day: McCain's Journeys



Via Slate.com.

U.S. Intends to Remain in Full Control of Internet Root Zone, Says Letter from NTIA

Via CircleID.com.

In a letter sent by bureau of the U.S. Department of Commerce, National Telecommunications and Information Administration (NTIA) to ICANN, the department has made it clear that despite recent discussions in Paris meetings, the U.S. department intends to remain in full authority over the Internet root zone.

"The Department believes strongly that it is important to clarify that we are not in discussions with either party to change the respective roles of the Department, ICANN or VeriSign regarding the management of the authoritative root zone file, nor do we have any plans to undertake such discussions," says Meredith Baker, NTIA's acting assistant secretary for communications and information. "Consistent with public statements made by the United States government starting in 2000 and reinforced by the 2005 U.S. Principles on the Internet's Domain Name and Addressing System, the Department, while open to operational efficiency measures that address governments’ legitimate public policy and sovereignty concerns with respect to the management of their ccTLD, has no plans to transition management of the authoritative root zone file to ICANN as suggested in the PSC documents."

More here.

Shocker: Republican House Leader Blasts FCC Ahead of Comcast Vote

John Boehner (R-Ohio)

Kenneth Corbin writes on internetnews.com:

On the eve of the Federal Communications Commission's expected vote to punish Comcast for blocking peer-to-peer traffic on its network without properly informing subscribers, the agency is taking some fire from Congress.

In a letter sent today to FCC Chairman Kevin Martin, House Minority Leader John Boehner (R-Ohio) questioned the commission's legal authority to intervene and argued that the unregulated market is moving to solve the problem of network management.

The expected vote at tomorrow's FCC meeting stems from Comcast's blocking of peer-to-peer traffic from BitTorrent, and its alleged failure to provide adequate notification to its subscribers.

More here.

U.S. Military Base Guards Not Properly Screened

A UPI newswire article, via Military.com, reports that:

The Army can't verify that all of the civilian security guards it hires to protect military bases have been screened for criminal records, records show.

Congress mandated two years ago that the Army conduct thorough criminal background checks and give proper training to base security guards but declassified Pentagon records show that two years after the new requirements, the Army couldn't say if a majority of the guards were in compliance, the Deseret News in Salt Lake City, reported Wednesday.

The newspaper said it obtained a declassified report through the Freedom of Information Act revealing that a recent inspection found many of the same problems, including at Utah's Tooele Army Depot. Some bases, it said, also failed to conduct required secret tests to see if guards could find fake IDs or simulated car bombs.

More here.

Northrop Grumman Files Protest Over TSA Infrastructure Decision

Nick Wakeman writes on Washington Technology:

Northrop Grumman Corp. is protesting the Transportation Security Administration’s decision not to consider the company a finalist for a $2 billion contract.

TSA announced in late June that Computer Sciences Corp., General Dynamics Corp. and Lockheed Martin Corp. were qualified to continue bidding on the Information Technology Infrastructure Program contract. In addition, CACI International Inc. is qualified as a subcontractor to CSC.

Unisys Corp., the incumbent on the contract, filed its own protest earlier but it did not make the cut for the final competition. Unisys won the contract in 2002, shortly after TSA was formed.

More here.

New Yorker Gets 30 Months For Bogus Cisco Gear

Dan Goodin writes on The Register:

A hardware reseller from New York state has been sentenced to two-and-a-half years in prison for passing off cheap Chinese networking gear as genuine Cisco products.

Charles Lacy-Thompson, 52, of Briarcliff Manor, New York, was also ordered to pay $2.2m in restitution and forfeiture of profits, according to the US Attorney's office in the southern district of New York.

More here.

Security Fix: U.S. Senate Approves Bill to Fight Cyber-Crime

Brian Krebs writes on Security Fix:

The Senate on Wednesday passed legislation to modernize the nation's computer crime laws and give prosecutors more leeway in pursuing cyber crooks.

Under current federal cyber-crime laws prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. Under the bill approved today, that threshold would be eliminated.

Instead, the legislation would make it a felony to install spyware or keystroke-monitoring programs on 10 or more computers regardless of the amount of damage caused.

This change is important because most of today's cyber criminals break into thousands of computers at a time, but seldom inflict $5,000 worth of damages on any one individual. Moreover, while most commit their crimes by tunneling their connections through hacked computers, the crooks may never damage the PCs they are using as a proxy or try to steal personal and financial data from victims.

More here.

NASA Spacecraft Confirms Martian Water, Mission Extended

Via NASA.gov.

Laboratory tests aboard NASA's Phoenix Mars Lander have identified water in a soil sample. The lander's robotic arm delivered the sample Wednesday to an instrument that identifies vapors produced by the heating of samples.

"We have water," said William Boynton of the University of Arizona, lead scientist for the Thermal and Evolved-Gas Analyzer, or TEGA. "We've seen evidence for this water ice before in observations by the Mars Odyssey orbiter and in disappearing chunks observed by Phoenix last month, but this is the first time Martian water has been touched and tasted."

With enticing results so far and the spacecraft in good shape, NASA also announced operational funding for the mission will extend through Sept. 30. The original prime mission of three months ends in late August. The mission extension adds five weeks to the 90 days of the prime mission.

"Phoenix is healthy and the projections for solar power look good, so we want to take full advantage of having this resource in one of the most interesting locations on Mars," said Michael Meyer, chief scientist for the Mars Exploration Program at NASA Headquarters in Washington.

More here.

UK: Only Those Convicted Should Be On DNA Database, Says Panel

Via OUT-LAW.com.

An inquiry panel established by a Government advisory body has recommended that many of the records on the UK's DNA database, the biggest in the world, be deleted. A ruling is still awaited from the European Court of Human Rights (ECHR) on the issue.

More than 6% of the UK population is on the DNA database, the highest proportion in the world. In England and Wales anyone detained by police on suspicion of a wide variety of offences can have DNA material added to the database even if they are never charged or convicted of a crime.

Government advisors the Human Genetics Commission (HGC) established a panel of 30 people to investigate the database. The panel, called a 'citizens' inquiry', could call expert witnesses, take evidence and direct their own six week period of research.

It concluded that the database should not hold the DNA of people who have not been convicted of a crime, and that data on people who were convicted should be held for a length of time propotionate to their sentence.

More here.

Hungarian Customs Zeroes In On Bank-Robbing Computer Hackers

Via realdeal.hu.

The Hungarian Customs and Finance Guard has recovered or accounted for some USD 1.5m stolen from a foreign financial institution in an attack by hackers as the money was laundered by a ring that included Hungarian citizens, the guard told MTI on Wednesday.

The money launderers transferred the money to bank accounts in Hungary and the accounts of off-shore companies. In the course of the investigation, they withdrew more than HUF 70m - or USD 500,000 - of the money in cash, the guard said.

The guard issued arrest warrants for three Hungarian citizens as a result of the investigation.

Link.

Hat-tip: InfoSec News

Quote of The Day: Mike Masnick

"ISPs are working hard to make their broadband offerings less and less useful by the day."

- Mike Masnick, writing on techdirt.com, regarding ISP bandwidth usage caps.

China Lashes Out at U.S. - Says Internet Curbs Will Stay

An AFP newswire article, via The Mail & Guardian, reports that:

Olympic host China lashed out on Thursday at the United States for interfering in its affairs and insisted it would maintain restrictions on internet use by reporters covering the Games.

The Chinese Foreign Ministry criticised a White House meeting with leading Chinese dissidents and called some American lawmakers "odious".

"We express strong discontent and firm opposition to this," Foreign Ministry spokesperson Liu Jianchao said about US President George Bush's encounter this week with dissidents.

"The US side has rudely interfered in China's internal affairs and sent a seriously wrong message to hostile anti-China forces," he said in a statement posted on the ministry's website on Wednesday.

In a separate statement on Thursday, Liu hit out at a resolution by the US Congress that urged Beijing to improve its human rights and stop repression of ethnic minorities.

Liu said the resolution passed on Wednesday was an attempt to politicise the Olympics in Beijing and urged Washington to curb the "odious conduct" of anti-Chinese legislators.

More here.

Wednesday, July 30, 2008

Mr. Fish: Gas Hole


We love Mr. Fish.

Via Truthdig.com.

- ferg

Bush Signs New Rules, Roles For Spy Agencies


An AP newswire article by Pamela Hess, via SFGate.com, reports that:

President Bush approved an order Wednesday that rewrites the rules governing spying by U.S. intelligence agencies, both in the United States and abroad, and strengthens the authority of the national intelligence director, according to a U.S. official and government documents.

Executive Order 12333, which lays out the responsibilities of each of the 16 agencies, maintains the decades-old prohibitions on assassination and using unwitting human subjects for scientific experiments, according to a power point briefing given to Congress that was reviewed by The Associated Press. The CIA notoriously tested LSD on human subjects in the 1950s, which was revealed by a Senate investigation in 1977.

The new order gives the national intelligence director, a position created in 2005, new authority over any intelligence information collected that pertains to more than one agency — an attempt to force greater information exchange among agencies traditionally reluctant to share their most prized intelligence. The order directs the attorney general to develop guidelines to allow agencies access to information held by other agencies. That could potentially include the sharing of sensitive information about Americans.

More here.

Quote of The Day: Kevin Poulsen

"According to his lawyers, the United States offered McKinnon a deal of six months to a year in U.S. federal custody, followed by repatriation by the U.K., where he'd be eligible for parole after six months. McKinnon turned it down, then went running to the U.K. courts whining that the big bad Americans were trying to extort him into pleading guilty. You think? That's what a plea bargain is, slick."

- Kevin Poulsen, writing on the Wired "Threat Level" Blog, about the news of Gary McKinnon's unsuccessful extradition appeal.

HD Moore: Hackers Start DNS Attacks

Gregg Keizer writes on ComputerWorld:

Hackers are now actively exploiting a critical flaw in the Domain Name System, but they're not using any of the already known exploits, said a researcher who crafted the first attack code to go public.

"We're seeing an entirely new technique," said HD Moore, the creator of the Metasploit penetration-testing framework, who with a hacker identified as "I)ruid" published exploits last week for the vulnerability in the Internet's routing system.

Late yesterday, Moore reported that he had found a compromised DNS server operated by AT&T Inc. when employees at his company, BreakingPoint Systems Inc., realized that they were being shunted to a bogus version of Google.com. Since then, Moore said today, he has heard from others who also reported redirects from hacked DNS servers. "They're saying, 'We've seen the same thing,' so now we're trying to figure out if we're seeing attacks on a wide scale or not."

Moore said the exploit that successfully attacked the AT&T server was not the same as the Metasploit attack code that he and I)ruid wrote, nor were any of the other public exploits.

More here.

SCADA Watch: SCADA Security Incidents Will Become More Prevalent

Via Help Net Security.

Lumeta today warned that, as industries connect their previously isolated Supervisory Control and Data Acquisition (SCADA) systems to their larger TCP/IP networks to gain better accessibility and to lower costs, they will also potentially subject these critical industrial controls to higher security risks.

As connectivity becomes ever more ubiquitous throughout organizations, it is certain that more SCADA security incidents will occur and, given how much of the world's infrastructure they control, they could potentially have serious repercussions.

More here.

Note: Hmmm. Where have I heard this before? Hint: here. -ferg

U.S. To Pilot Internet Travel Authorisation Program

A Reuters newswire article, via tvnz.co.nz, reports that:

The United States will launch a pilot scheme on Friday which will require travellers covered by its visa waiver programme to get prior Internet authorisation before boarding flights to America.

US officials outlining the Electronic System for Travel Authorisation (ESTA) denied it would amount to reintroduction of visas - a concern voiced in the European Union - even though fees might be charged for the process in future.

"The ESTA is not a visa," Jackie Bednarz, attache for the US Department of Homeland Security, told a news briefing in Brussels on Monday. "It's very different in our minds."

More here.

Advocacy Groups Win One on White House E-mail

Judy Mottl writes on internetnews.com:

A U.S. District Court yesterday quashed an effort by the Department of Justice (DoJ) to fight legal action related to missing White House e-mails.

The DoJ, which is representing the White House, had disapproved of the court's previous recommendation on e-mail preservation in the Executive Office of the President (EOP). The court had advised the EOP to search desktops and movable media used between March 2003 and October 2005 for missing e-mails.

Yesterday's decision by Magistrate Judge John M. Facciola is a small victory for two advocacy groups seeking to preserve White House e-mail. It's a minor setback for the DOJ that has consistently fought legal action related to missing e-mails and initiating new preservation processes.

More here.

Gary McKinnon Loses Extradition Appeal

Gary McKinnon

Bobbie Johnson writes in The Guardian:

A British man who hacked into computers at the Pentagon will face trial in the US after the law lords ruled that he should be extradited.

At the House of Lords this morning, Gary McKinnon, 42, was told that his appeal against extradition would not be granted.

McKinnon, an unemployed computer systems administrator from north London, invaded computer systems belonging to the US military in 2001 – shortly after the attacks on the World Trade Center and the Pentagon.

He said he was merely searching for evidence of extraterrestrial life, but American officials labelled him the world's most dangerous hacker and accused him of deleting important files and causing hundreds of thousands of dollars' worth of damage.

More here.

IOC Admits Internet Censorship Deal With China

Nick Mulvenney writes for Reuters:

Some International Olympic Committee officials cut a deal to let China block sensitive websites despite promises of unrestricted access, a senior IOC official admitted on Wednesday.

Persistent pollution fears and China's concerns about security in Tibet also remained problems for organizers nine days before the Games begin.

China had committed to providing media with the same freedom to report on the Games as they enjoyed at previous Olympics, but journalists have this week complained of finding access to sites deemed sensitive to its communist leadership blocked.

More here.

Tuesday, July 29, 2008

Australia: Software Error Cripples National Australia Bank Payment Transfers

Via Australian IT.

Thousands of National Australia Bank (NAB) customers are waiting for their pay packets after a software error caused electronic transactions to be delayed today.

NAB spokeswoman Luisa Ford said the IT problem had been rectified by staff in Melbourne working since last night and some payments had already been processed successfully.

"It's a slower process than normal," she told AAP.

The bank expected all payments to be processed by the end of today.

The error was an anomaly, Ms Ford said.

Retail and business customers were both affected by the glitch.

More here.

Metasploit Creator a Victim of His Own Creation - UPDATE

Robert McMillan writes on PC World:

HD Moore has been owned.

That's hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit has become the victim of a computer attack.

It happened on Tuesday morning, when Moore's company, BreakingPoint had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what's known as a cache poisoning attack on a DNS server on AT&T's network that was serving the Austin, Texas area. One of BreakingPoint's servers was forwarding DNS (Domain Name System) traffic to the AT&T server, so when it was compromised, so was HD Moore's company.

When Moore tried to visit Google.com, he was actually redirected to a fake page that served up a Google page in one HTML frame along with three other pages designed to automatically click on advertisements.

More here.

UPDATE: 10:49 PDT, 30 July 2008: HD Moore has written his account of this interview, and takes issue with several points. -ferg

Internet Censorship Plagues Journalists at Olympics

Steven Musil writes on C|Net News:

With the opening of the Beijing Olympic Games a mere 10 days away, members of the media have learned that there is at least one thing they can expect not to be open: the Internet.

Despite earlier assurances that journalists would have unfettered access to the Internet at the Main Press Center and athletic venues, organizers are now backtracking, meaning that the some 5,000 reporters working in Beijing during the next several weeks won't have access to a multitude of sites such as Amnesty International or any site with Tibet in the address, according to an Associated Press report.

When Chinese officials were bidding for the right to hold the games seven years ago, they assured international organizers that there would be "complete freedom to report." In April, Chinese organizers told International Olympic Committee members that Internet censorship, which is routine for China's citizens, would be lifted for journalists during the games.

However, IOC members issued a clarification Tuesday, saying that Internet freedom applied only to Web sites related to ''Olympic competitions.'' Some journalists expressed frustration at the slow download rates and even voiced suspicion that it was deliberate and intended to discourage use.

More here.

U.S. Senator: China Will Spy on Olympics Tourists

A Reuters newswire article, via MSNBC, reports that:

China has installed Internet-spying equipment in all the major hotel chains serving the 2008 Summer Olympics, a U.S. senator charged on Tuesday.

"The Chinese government has put in place a system to spy on and gather information about every guest at hotels where Olympic visitors are staying," said Sen. Sam Brownback.

The conservative Republican from Kansas, citing hotel documents he received, added that journalists, athletes' families and others attending the Olympics next month "will be subjected to invasive intelligence-gathering" by China's Public Security Bureau. He said the agency will be monitoring Internet communications at the hotels.

More here.

Are Airport Kiosks Safe?

Bob Sullivan writes on the MSNBC "Red Tape Chronicles" Blog:

Airline travelers may want to think twice about swiping their credit cards at airport self-service check-in kiosks following the possible theft of credit card account numbers from the kiosks at Canada's largest airport in Toronto.

One Canadian airline, WestJet, already has suspended use of credit cards for check-in at the Toronto kiosks in the wake of the investigation by Visa and MasterCard, which was revealed last week. Fliers can still use the machines, but now must use other methods – by swiping frequent flier cards, entering confirmation codes or using their passports.

About 31 million passengers fly through Toronto’s Pearson International Airport every year, making the potential haul for credit card thieves able to access data entered into the 150 check-in kiosks enormous. But a possible kiosk-related heist raises questions about the security of the self-service machines at other airports, which are used by millions of travelers every day in the U.S and elsewhere.

It's still unclear how thieves could have stolen credit card numbers from the kiosks. A Canadian government report is expected later this week.

More here.

U.S. Government Agencies Slow to Deploy Crypto

Robert Lemos writes on SecurityFocus:

Following a slew of high-profile data breaches, U.S. government agencies have largely failed to roll out planned encryption deployments, leaving about 70 percent of their systems with unencrypted sensitive data, the Government Accountability Office stated in a recent report.

The report, highlighted in a statement released by the House Committee on Homeland Security on Monday, found that the lack of a specific requirement to encrypt sensitive data has led to spotty information security. The White House's Office of Management and Budget recommended in 2006 that all agencies encrypt data on laptop computers and mobile devices. In 2007, the OMB made encryption for such devices a requirement.

"Encryption is not an option, it is a mandate," Rep. Bennie G. Thompson, D-MS, chairman of the House Committee on Homeland Security, said in the statement. "Unfortunately, I’m not surprised that despite mandates by OMB, the Federal government is only 30 percent of the way there."

More here.

Security Fix: Three Quarters of Malicious Web Sites Are Hacked

Brian Krebs writes on Security Fix:

Three-quarters of all Web sites that try to foist malicious software on visitors are legitimate sites that have been hacked, a report released today found. Even worse, most of these compromised sites are social networking communities and some of the Internet's most popular destinations.

Those numbers come from stats [.pdf] collected in the first six months of this year by Websense, an online security company that scans more than 40 million Web sites hourly for signs that they may have been compromised by hackers.

Websense found that 60 percent of the Top 100 most popular sites this year have either hosted malware or forwarded visitors to malicious sites. The company also says that nine out of 10 of those compromised sites were social networking or Web search sites.

More here.

Programming Note: Swamped

Yes, my head is exploding right now...


My day job is (naturally) sucking up most of my time lately, so blogging will have to take a backseat.

I'll blog when I can, but that is pretty much being dictated by [lots of stuff right now].

The Internet is awash with badness right now, more than ever before. Unfortunately.

Hang in there.

- ferg

Monday, July 28, 2008

California Man's Computer Used to Send Bomb Threat in India

Kim Zetter writes on Threat Level:

A California man currently renting a home in India is caught in the middle of an investigation into a series of bombs that exploded in India this last weekend, according to the Associated Press.

The 48-year-old man hasn't been identified by police and is not currently a suspect.

An e-mail, which bore the subject line "Await 5 minutes for the revenge of Gujarat," was sent from the man's computer to several Indian television stations minutes before 16 bombs exploded in Ahmadabad, a city in the western Indian state of Gujarat. Police believe, however, that the message likely did not originate from the man's computer and that someone else -- presumably a hacker -- simply used his computer and Yahoo account to send it.

More here.

IBM ISS: Online Threats Materializing Faster

An AP newswire article, via CBS5.com, reports that:

The bad guys on the Internet are narrowing the time frame they need to unleash computer attacks that take advantage of publicly disclosed security holes, new research shows.

More and more of these attacks are coming within 24 hours after a vulnerability is disclosed. That means security flaws are being exploited in Web browsers, computer operating systems and other programs before many people even have had time to learn there's a problem, according to IBM Corp.'s latest Internet Security Systems X-Force report.

The report, scheduled to be released Tuesday, looked at the first six months of 2008 and reflects two growing trends in Internet-based threats.

The first is that online criminals have latched on in a big way to programs that help them automatically generate attacks based on publicly available information about vulnerabilities. In the past they apparently spent more time finding such holes themselves, but no longer find that as necessary.

"The bad guys are not the ones actively finding vulnerabilities—they've shifted their business to standing on the shoulders of the security research community," Kris Lamb, operations manager for X-Force, said in an interview. "They don't have to do the hard work anymore. Their job is packaging what's been provided to them."

More here.

Sunday, July 27, 2008

Bizarre 1987 Video Showing Apple Imagining Future 1997 Apple



Hat-tip: Laughing Squid

Enjoy.

- ferg

For The Second Time, Thai Court Delays 'Merchant of Death' Extradition Hearing

Viktor Bout -- currently imprisoned in Thailand awaiting U.S extradition.


An AP newswire article by Ambika Ahuja, via The Boston Globe, reports that:

A Thai court delayed for the second time an extradition hearing for an alleged Russian arms smuggler after his new defense attorney failed to show up on Monday.

Viktor Bout has been indicted in the U.S. on four terrorism charges. He is regarded as one of the world's most wanted arms traffickers, though he denies any involvement in illicit activities.

Bout was led into Bangkok's Criminal Court barefoot and shackled for a morning hearing that ended abruptly because his main defense lawyer, whose name was not immediately available, was not present.

The lawyer "says he has another case. The court deems that it is necessary to postpone," Judge Jitakorn Patanasiri told the court. The judge set the new date for Sept. 22.

The hearing, originally set for June 9, was delayed the first time because Bout's other attorney, Lak Nitiwatanavichan, said he had heart problems.

More here.

Image source: Foreign Policy Passport Blog

Quote of The Day: Ira Winkler

"...security is like the 80/20 rule, only it's 99/1. You can solve 99% of your problems with 1% of the effort."

- Ira Winkler, Founder and President of Internet Security Advisors Group, quoted in a ComputerWorld interview.

NIST Pilot Gives U.S. Agencies Experience With DNSsec

William Jackson writes on GCN.com:

Like so many of the technical underpinnings of the Internet, the Domain Name System that translates names into IP addresses was not designed with adequate security. The DNS Security Extensions (DNSsec) for digitally signing and authenticating information has been developed to help fix that problem, and its use in government is likely to become more common.

In late 2006, new federal information security requirements called for agencies to use DNSsec signatures on DNS servers that are classified as moderate- or high-impact information systems. However, to date there has been little implementation of DNSsec in the .gov domain, said Doug Montgomery, manager of the Internet technical research group for the National Institute of Standards and Technology.

More here.

Korean Police Investigate Massive Leak of Personal Data

Via The Korean Herald.

Police are investigating the leak of about 9 million items of personal information from the internet, allegedly obtained by a China-based hacker and misused by online Korean moneylenders.

Four private loan brokers in Seoul bought the stolen data for 15 million won ($14,900) from the hacker who allegedly broke into about 2,000 local websites in May 2006 using a computer program called "HDSI 2.0," the Seoul Metropolitan Police Agency said.

The suspects also resold the data to other loan businesses and mail-based marketing firms. They had raked in 220 million won from the sales between May 2007 and February 2008, police said.

A total of eight suspects were rounded up after the police crackdown from December 2007-February 2008. Two key suspects fled to China and police are tracing their whereabouts, officials said.

The stolen data includes resident ID numbers, telephone numbers, user IDs and passwords from the websites of six commercial banks, plus 12 private money lenders, two universities and 616 internet shopping malls, they said.

They also made random phone calls to encourage cash-strapped individuals to borrow money from private lenders. They collected fees amounting to 2.5 billion won [roughly US$2.48 million -ferg] from both lenders and borrowers, police said.

More here.

Hat-tip: The Dark Visitor

Internet Access Causing Headaches at Olympic Games

An AAP newswire article, via Stuff.co.nz, reports that:

Internet connection is proving to be a major problem at the Beijing Games, despite Olympic organisers promising uncensored access.

Slow connection speed and apparent restricted access to news websites have riled many of the media outlets already in Beijing 12 days out from the opening ceremony.

The Chinese ruling party is widely known to monitor and limit all internet access within China.

However, two years ago BOCOG media services head Li Jingbo promised in the official China Daily newspaper that there would be uncensored access during the Games, which begin on August 8.

Today, some media in the Main Press Centre (MPC) struggled to view various international news websites, including the BBC's Chinese service and appledaily.com.

Japanese reporters said click-through connections would not work.

More here.

The Life and Background of Terry Childs

Jaxon Van Derbeken writes in The San Francisco Chronicle:

Prosecutors portray Terry Childs as an unstable, power-mad computer engineer who held hostage the San Francisco city network he had built and awaited its destruction as revenge on bosses he saw as inferiors.

To Childs' friends, some former colleagues and his younger brother, that view doesn't remotely resemble the 43-year-old Kansas native they know: a reliable, self-made professional who overcame a troubled childhood and a stint in state prison that started when he was just a teenager.

After years of study and hard work, they say, he landed a job building a network that handled San Francisco's payroll documents, law enforcement records and other sensitive information. He spent his nights and weekends building a system that he wanted to protect, not tear down, his defenders say.

All well and good, prosecutors counter. But why won't he simply come clean about everything he has done? What about the menacing encounters with bosses at work?

Much more here.