Saturday, January 17, 2009

Programming Note: Manila

Manila

I'm heading out for The Philippines early this morning, and I'll be in meetings all week, so the blog will probably not see very many posts.

Sorry -- the "Day Job" comes first. :-)

Things should return to normal next weekend.

Cheers!

- ferg

Friday, January 16, 2009

U.S. Toll in Iraq, Afghanistan


Iraq and Afghanistan statistics via The Boston Globe (AP).

As of Friday, Jan. 16, 2009, at least 4,227 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.

The figure includes eight military civilians killed in action. At least 3,404 military personnel died as a result of hostile action, according to the military's numbers.

The AP count is one fewer than the Defense Department's tally, last updated Friday at 10 a.m. EST.

As of Friday, Jan. 16, 2009, at least 567 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Friday at 10 a.m. EST.

Of those, the military reports 413 were killed by hostile action.

More here and here.

And as always, the Iraq Coalition Casualty Count keeps the grim watch on their website here.

Honor the Fallen.

Computer Bugs Bite The EU's Big Brother

Via The Times of India.

Big Brother would like to watch you. But he can't, because his computer has crashed.

That was the problem occupying European Union (EU) interior ministers in Prague as they debated the 27-member bloc's continuing inability to share the fingerprints and photos of foreigners entering the border-free Schengen zone because of computer bugs.

"From our point of view, the test phase (of the Schengen Information System II, SIS II) has failed. The technical experts couldn't manage it," Austrian Interior Minister Maria Fekter told journalists during an informal meeting with EU counterparts.

It is a classic EU problem. On the one hand, one of the bloc's founding principles is the free movement of people - a principle which led to the abolition of border controls between almost all EU member states with the creation of the so-called Schengen zone.

But on the other hand, governments across the EU are under ever-increasing pressure to defend their citizens against unwanted foreigners ranging from terrorists to unregistered grape-pickers.

More here.

Friday Monkey Blogging: Capuchin Monkeys Choose The Right Tool For The Nut

Click for larger image.

As I mentioned a couple of months ago, I have started a regularly recurring blog entry meme every Friday afternoon, inspired by Bruce Schneier's regular series of "Friday Squid Blogging" posts, and my very own maddening Monkey Theory.

Here is this week's installment.

Via Monkeys in The News.

Wild capuchin monkeys don’t thoughtlessly grab any handy piece of stone to crack open hard-shelled nuts at snack time. These slender, agile primates select the best tool for the job, a new study finds.

Much like people, capuchins translate past experiences into action, say primatologist Elisabetta Visalberghi of the Institute of Cognitive Sciences and Technologies in Rome and her colleagues. These monkeys draw on a reservoir of knowledge about a variety of stones and nuts to select suitable nut-cracking implements, the scientists assert in a study published online January 15 in Current Biology.

Capuchins make mental plans for fracturing a particular nut before selecting an appropriate stone for the task, Visalberghi’s team proposes.

“The present findings make capuchins a compelling model to track the evolutionary roots of stone-tool use,” Visalberghi says. Because capuchins last shared a common ancestor with humans approximately 35 million years ago, the team writes, the capacity for stone-tool use evolved earlier than thought.

More here.

Image source: Monkeys in The News

GoDaddy DDoS Takes Sites Offline

Bob Walsh writes on C|Net News:

A distributed denial-of-service attack turned dark at least several thousand Web sites hosted by GoDaddy.com Wednesday morning. The outage was intermittent over several hours, according to Nick Fuller, GoDaddy.com communications manager.

Neither e-mail nor DNS services were interrupted, Fuller said.

While one GoDaddy.com tech support person told me during the DDoS attack that at least several thousand Web sites were unreachable, Fuller said only a very small percentage of sites were unreachable but would not provide exact numbers "because of security reasons."

To add to the consternation of Web site owners, GoDaddy.com's voice mail system pointed to its support page for more information about the outage and when it would be corrected. No such information was posted there.

More here.

UK: MoD Hit By Computer Virus

Jeremy Kirk writes on TechWorld:

The Ministry of Defence has been hit by a computer virus that has rapidly spread through its computer networks since 6 January.

The virus infected computers throughout the military, including those used by the Royal Air Force and Royal Navy, and is one of the most severe attacks the organisation has ever faced, according to a Ministry of Defence spokeswoman.

"Obviously with a computer system of our size we are fighting off viruses daily, but not of this scale," the spokeswoman said. "I don't think we've ever had an instance like this before."

The virus has affected email systems and Internet access but has not jeopardised war-fighting systems, she said. Due to pre-existing security systems, no classified or personal data was compromised, the Ministry said.

More here.

Malware Purposely Not Infecting Machines in Certain Countries

Angela Moscaritolo writes on SC Magazine US:

Malware authors are adopting a new technique to avoid getting caught.

Recently, two malware families -- Swizzor and Conficker -- stopped infecting machines in countries out of which the authors were operating, so not to attract law enforcement, Pierre-Marc Bureau, senior researcher at ESET, told SCMagazineUS.com on Friday. If a cybercriminals targets users outside of their country, it's harder for authorities to respond, he said.

The Swizzor malware has been around for about two years but only recently stopped infecting Russian machines by identifying the language of a user's operating system, Bureau said. Users running a Russian version of Windows will not be infected.

The fact that the trojan is now avoiding Russian targets reveals some clues about the cybercriminals behind the Swizzor malware, Bureau said. The individuals likely have servers located there and perhaps are conducting other operations, such as money laundering.

More here.

1 in 3 Windows PCs Vulnerable to Worm Attack

Gregg Keizer writes on InfoWorld:

The worm that has infected several million Windows PCs is causing havoc because nearly a third of all systems remain unpatched 80 days after Microsoft rolled out an emergency fix, a security expert said Thursday.

Based on scans of several hundred thousand customer-owned Windows PCs, Qualys concluded that about 30 percent of the machines have not yet been patched with the "out of cycle" fix Microsoft provided Oct. 23 as security update MS08-067.

"The unpatched numbers went down significantly around the 30-day mark," said Wolfgang Kandek, Qualys' chief technology officer, "when less than 50 percent were unpatched. After that, it went down a little slower. As of yesterday, 30 percent of the machines are unpatched."

With nearly a third of all Windows systems still vulnerable, it's no surprise that the "Downadup" worm has been able to score such a success, Kandek said. "These slow [corporate] patch cycles are simply not acceptable," he said. "They lead directly to these high infection rates."

More here.

'Amazing' Worm Attack Infects 9 Million PCs

Gregg Keizer writes on ComputerWorld:

Calling the scope of the attack "amazing," security researchers at F-Secure Corp. today said that 6.5 million Windows PCs have been infected by the "Downadup" worm in the last four days, and that nearly 9 million have been compromised in just over two weeks.

Early Friday, the Finnish firm revised its estimate of the number of computers that had fallen victim to the worm, and explained how it came to the figure. "The number of Downadup infections [is] skyrocketing," Toni Koivunen, an F-Secure researcher, said in an entry to the company's Security Lab blog. "From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing."

On Tuesday, Koivunen put the number of infected systems at 2.4 million, then updated the estimate Wednesday to 3.5 million, an increase of 1.1 million in just 24 hours.

"We haven't seen outbreaks of this scale in many years," said Mikko Hypponen, chief research officer at F-Secure, in an e-mail reply to questions. "[It] reminds me of the old Loveletter/Melissa/Sasser/Blaster cases size-wise," he added, ticking off some of history's biggest malware attacks.

More here.

Thursday, January 15, 2009

Widespread Worm May Be Building A New Botnet

Kelly Jackson Higgins writes on Dark Reading:

A rapidly spreading worm infection may be a tool for building out a major new botnet, according to security researchers who have been watching the aggressive Confickr/Downadup worm multiply around the globe. The number of PCs infected by the worm has now reached more than 3.5 million, according to the latest count by F-Secure, while other researchers say it's closer to half a million.

Either way, security experts are anxiously awaiting the attackers' next move. They suspect a massive botnet is in the works, but so far the attackers haven't completely tipped their hand. The mere infection of so many machines that could then be controlled by a third party indicates it is indeed a botnet-in-progress, according to Damballa. "It's a close call. If it has the potential for a remote, malicious third party to do whatever they want, that makes it a botnet," says Paul Royal, chief scientist for the antibotnet company.

The code automatically generates domains that infected machines connect to, which could lay the groundwork for a botnet command and control infrastructure. But so far, there's been no official botnet activity. "The infected machines are looking at 250 different domains a day to try and download additional code, but so far all those domains we've looked at have either been unregistered, accidental random variations that happen to point to an existing site, registrars with a wildcard DNS for unregistered domains, or other researchers trying to get a count of the bots," says Joe Stewart, director of malware research for SecureWorks. And the fact that domains aren't actually set up means it's not yet ready as a botnet, he says.

"Whoever is behind this is not ready to deploy his or her code just yet. Maybe they first need to figure out how to get their botnet controller to scale to handle 3.5 million nodes," Stewart notes.

More here.

Toon of The Day: Cheney In Retirement



Via Truthdig.com.

U.S. Gov. Plots Major Upgrade to Internet Router Security

Carolyn Duffy Marsan writes on NetworkWorld:


The U.S. federal government is accelerating its efforts to secure the Internet's routing system, with plans this year for the Department of Homeland Security to quadruple its investment in research aimed at adding digital signatures to router communications.

DHS says its routing security effort will prevent routing hijack attacks as well as accidental misconfigurations of routing data. The effort is nicknamed BGPSEC because it will secure the Internet's core routing protocol known as the Border Gateway Protocol (BGP). (A separate federal effort is under way to bolster another Internet protocol, DNS, and it is called DNSSEC.)

Douglas Maughan, program manager for cybersecurity R&D in the DHS Science and Technology Directorate, says his department's spending on router security will rise from around $600,000 per year during the last three years to approximately $2.5 million per year starting in 2009.

More here.

U.S. Court Affirms Wiretapping Without Warrants

James Risen and Eric Lichtblau write in The New York Times:

In a rare public ruling, a secret federal appeals court has said telecommunications companies must cooperate with the government to intercept international phone calls and e-mail of American citizens suspected of being spies or terrorists.

The ruling came in a case involving an unidentified company’s challenge to 2007 legislation that expanded the president’s legal power to conduct wiretapping without warrants for intelligence purposes.

But the ruling, handed down in August 2008 by the Foreign Intelligence Surveillance Court of Review and made public Thursday, did not directly address whether President Bush was within his constitutional powers in ordering domestic wiretapping without warrants, without first getting Congressional approval, after the terrorist attacks of 2001.

Several legal experts cautioned that the ruling had limited application, since it dealt narrowly with the carrying out of a law that had been superseded by new legislation. But the ruling is still the first by an appeals court that says the Fourth Amendment’s requirement for warrants does not apply to the foreign collection of intelligence involving Americans. That finding could have broad implications for United States national security law.

More here.

Waledac is the New Storm

Kelly Jackson Higgins writes on Dark Reading:

It's official: Storm is back. The notorious botnet that ballooned into one of the biggest botnets ever and then basically disappeared for months last year is rebuilding -- with all-new malware and a more sustainable architecture less likely to be infiltrated and shut down.

Researchers during the past weeks have been speculating about similarities between the new Waledac, a.k.a. Waled, botnet and Storm. Now new evidence has helped confirm that this new botnet is, indeed, Storm reincarnated.

Storm all but disappeared off of the grid last year, basically going dormant in mid-September after its last major spam campaign in July -- a "World War III" scam. In October, researchers started to write off Storm, at least in the short term. But now they say the big botnet has reinvented itself with new binary bot code, and that it is no longer using noisy peer-to-peer communications among its bots. It has instead moved to HTTP communications, which helps camouflage its activity among other Web traffic.

Jose Nazario, manager of security research for Arbor Networks, says he was initially skeptical of speculation that Waledac and Storm were one in the same. But Nazario says the latest findings on the malcode and its activity -- the botnet is using many of the same IP addresses that were used in Storm -- changed his mind. "[The Waledac bots] are talking to the same servers we saw in Storm," he says.

More here.

Wednesday, January 14, 2009

Mark Fiore: The New New Deal



More Mark Fiore brilliance.

Via The San Francisco Chronicle.

Enjoy!

- ferg

Toon of The Day: Last Press Conference




Image source: Truthdig.com

Ex-Worker Planted Malware to Crash Restaurant Systems

Graham Cluley:

A 21-year-old man has admitted planting malware on his former employer’s computer network after he was fired, according to the US Attorney’s Office.

David Ernest Everett Jr stopped working on the helpdesk at Wand Corp, a firm which produces integrated solutions for fast-food restaurants, in March 2008.

It seems that he wasn’t entirely happy when his employment was terminated as three weeks later he sought revenge by breaking into servers at the Eden-Prairie, Minnesota-based company.

From his home Everett was able to plant three malicious files on 1000 different servers, designed to crash systems, according to media reports.

Sure enough, according to Dave Perrill, VP at Wand, servers at 25 different restaurants crashed on 10 April, stopping companies from registering transactions.

Wand Corp, who numbers Pizza Hut, KFC and Burger King amongst its clients, claims that it spent almost $49,000 investigating the crashes and fixing the problem.

Everett, who will be sentenced at a later date, faces up to 10 years in prison.

More here.

Obama Faces Gaping Holes in U.S. Intelligence

Jeff Stein writes on SpyTalk:

Word hasn't leaked yet, but I wouldn't be surprised if President-elect Barack Obama has already figured out that when he wants quick answers to what's going on in the world, the last person to ask is the head of U.S. intelligence.

The steady deterioration of personnel and standards of intelligence analysis, especially at the CIA, has been going on for decades, a number of former top intelligence officials I know say.

The tip of the rot surfaces from time to time, such as with the 9/11 surprise and the gimcrackery reports on Iraq's weapons of mass destruction.

The dogs howl and the caravan moves on. Nothing changes, many well placed former intelligence officials have been telling me. But the current, possibly fatal dangers we face demand the problems be fixed.

We've been spending too much time chattering about the operations side of intelligence lately, they say, in particular whether Leon Panetta, the former OMB head and chief of staff to President Clinton, is up to handling the spies and back-alley guys and gals.

But officials have been reminding me that it was the dismally poor analysis of intelligence that enabled President Bush to lead the nation into the disastrous invasion of Iraq -- not faulty espionage (such as it was).

More here.

SecureWorks: Spam Botnets to Watch in 2009

Joe Stewart writes on the SecureWorks Research Blog:

Last year, we reported on the top spam botnets plaguing the world. Since then there have been significant changes to the botnet landscape, so we've decided to issue a new report covering a brief history of spam botnets in 2008, detailing the latest botnet threats.

After two years of domination, the Storm botnet finally died on September 18, 2008. Multiple academic and professional botnet reseachers had been drawn to study Storm, and because of some mistakes/bad choices in the encryption protocols, some discovered ways to disrupt the botnet. But because of the P2P functionality in the Storm code, it was never fully possible to take over the entire botnet at once. The number of Storm infections was further impacted by Microsoft's Malicious Software Removal Tool (MSRT), taking out hundreds of thousands of bots at a time. Storm's numbers continued to fall off over the course of 2008, before it was apparently abandoned in September.

One of the biggest factors in the shifts we've seen is the takedown of the notorious McColo hosting operation. In the second half of last year, we detailed just how many spam botnets were dependent on McColo's connectivity, and we predicted that if McColo were shut down, worldwide spam would be cut in half. Shortly after that, McColo was featured in a blog posting by Brian Krebs, and the attention caused its upstream ISPs to pull the plug. According to various sources, spam dropped by anywhere from 50 to 75 percent on the very same day.

More here.

U.S. Businesses Concerned About ICANN Changes

Grant Gross writes on PC World:

Some Internet-based businesses in the U.S. would support the splitting of the domain-name governance system instead of allowing an agreement between the Internet Corporation for Assigned Names and Numbers (ICANN) and the U.S. government to end later this year, the leader of a U.S. trade association said Wednesday.

When a ten-year-old agreement between ICANN and the U.S. Department of Commerce expires in September, the organization will be vulnerable to outside takeover by other governments, said Steve DelBianco, executive director of NetChoice, a trade group of online companies.

With other countries calling on ICANN to become more international, DelBianco suggested that the organization's traditional role be split up, with ICANN retaining responsibility for overseeing generic top-level domains (TLDs) like .com and .org and a new organization overseeing country-code TLDs like .uk and .br.

More here.

Beware Web Ads in Disguise

Ian Paul writes on PC World:

"Buyer beware" may be a cliché, but any regular Web user knows you have to watch your back when clicking display ads on Websites. However, noted antispyware researcher Ben Edelman has had enough of the misleading ads and is taking action. In a blog post today, Edelman blasted Yahoo-owned Right Media for shady ad practices that are specifically designed to deceive you. He also plans to take things a step further by filing complaints against Right Media with the Better Business Bureau.

Edelman calls Right Media a ‘remnant' advertising marketplace -- basically a bargain basement ad network where companies can place their ads on Websites for a relatively cheap price. You've likely seen these types of ads before: mysterious windows that look like a system message from Windows XP or an ad that camouflages itself perfectly by blending in with the surrounding Website's design. Edelman contends these types of ads and many others are illegal and violate longstanding rules of conduct from the Federal Trade Commission as well as the Better Business Bureau.

More here.

Banking Details Can Be Stolen Through a New JavaScript Exploit

Via heise Security News.

Phishers are reported to be able to exploit a vulnerability in the JavaScript engines of current browsers, including Internet Explorer, Firefox, Safari and Chrome. Trusteer is a security services provider specialising in online banking, whose chief technician is the well known security specialist Amit Klein. Trusteer report that a crafted web site can exploit a certain JavaScript function to identify the bank page a user is currently logged into.

If a user is connected to his bank's online banking service in one window, and leaves it open while visiting other sites, a crafted site can identify his bank, then activate a pop-up window imitating the bank's logo and appearance and ask for the login to be repeated. An inattentive user who re-inputs the data falls right into the phisher's trap.

Trusteer's report [.pdf] doesn't name the JavaScript function concerned, but says it doesn't surrender the information about open sites, instead it goes through a list of bank sites, asking each time whether the user is logged in to that particular bank, the response being a straight "yes" or "no". In order to make a phishing attack, a crafted web site merely needs to hold a long list of known banks and financial institutions.

More here.

DHS: The Monster That Ate Law Enforcement

Jonah Czerwinski writes on Homeland Security Watch:

“All my community policing grants turned into fire trucks, and homeland security became the monster that ate law enforcement.” While he may not be originally from Milwaukee, the police chief of my home town demonstrates a familiar flair that reminds me of Brew Town.

Milwaukee Police Chief Edward Flynn spoke yesterday at a two-day conference entitled “Shaping the Obama Administration’s Counterterrorism Strategy.” Flynn focused his remarks on the disconnect between what front line law enforcement sees as useful for collecting intelligence and combating crime and terrorism and what the federal agencies believe the states need. This disconnect was a concern before DHS stood up, which is why the state grants program was instituted, and it proved to be an ongoing issue as the UASI grants began to flow and when the Office of State and Local Government Coordination came to be.

Flynn was chief in Arlington on 9/11 and responded to the terrorist attacks on the Pentagon. He told the conference attendees that “The most frustrating, difficult experience of my life [has been] dealing with the federal departments.” That has to change.

More here.

NYC Police Officer Illegal Accessed Terrorist Watchlist Data

Dan Goodin writes on The Register:

A New York City Police Department sergeant has admitted he illegally obtained a name contained in an FBI terrorist watchlist and gave it to an acquaintance to use in a child custody case.

Haytham Khalil, pleaded guilty to one misdemeanor charge stemming from the unauthorized access and dissemination of information from the FBI's National Crime Information Center (NCIC). The database contains information from the agency's terrorist screening center identifying individuals listed on a terrorist watchlist.

According to documents filed in federal court in Manhattan, Khalil lacked the authority to access the information, so he used a fellow cop's username and password to gain entry. Remarkably, the fellow officer left his credentials on a notepad so his co-workers could access the system when he wasn't around.

In December 2007, Khalil used his colleague's login credentials to access the NCIC database so he could obtain information identifying an unnamed person contained on the FBI terrorist watchlist. Khalil then turned the information over to an acquaintance who was locked in a child custody battle with the person. The acquaintance then turned the information over to an attorney to use it in a pending proceeding.

More here.

In Passing: Ricardo Montalbán

Ricardo Montalbán
November 25, 1920 – January 14, 2009

Even More Late Night Fergie Music: Eminem



Enjoy.

- ferg

Even More Late Night Fergie Music: She Wants Revenge



Enjoy.

- ferg

Even More Late Night Fergie Music: Cake



Woo.

- ferg

Even More Late Night Fergie Music: Jane's Addiction



Yeah.

- ferg

More Late Night Fergie Music: B-52's



Some of the best stuff. Ever.

- ferg

More Late Night Fergie Music: Alice Cooper



Yeah, I loved him, too.

Still so.

- ferg

More Late Night Fergie Toons: Gorillaz



Enjoy.

- ferg

More Late Night Fergie Toons: Linkin Park



I relate...

- ferg

More Late Night Fergie Music: Sabbath



This is so pure, it almost makes me cry.

Enjoy.

- ferg

More Late Night Fergie Music: Living Color



Enjoy.

- ferg

One More Late Night Favorite: NiN



Love it. Since the beginning. Until the end.

- ferg

Tuesday, January 13, 2009

Late Night Funk: Creedence



For some odd reason, I just love this -- it helps define me.

Enjoy.

- ferg

UK Censorship: Brit Porn Filter Censors 13 Years of Net History

Cade Metz writes on The Register:

Four weeks after birthing a nationwide Wikipedia edit ban, Britain's child porn blacklist has led at least one ISP to muzzle the Internet Archive's Wayback Machine - an 85-billion-page web history dating back to 1996.

According to multiple customers of Demon Internet - now owned by Brit telecom Thus - the London-based ISP is blocking access to all sites stored in the archive. When they query the Wayback Machine, hoping to retrieve archived pages, customers are met with generic "not found" error pages. But judging from their urls, these pages are generated by a web filter based on the blacklist compiled by the Internet Watch Foundation, a government-backed organization charged with policing online pornography.

One Demon customer tells us he was unable to visit archived versions of websites run by the BBC, Parliament, the United Nations, the Internet Watch Foundation, Demon Internet, and Thus. In other words, this customer points out, Thus is blocking its own web history. "It is nuts," he says.

More here.

Yahoo! Has More Than a New CEO...


...they also have some serious allegations of "false and deceptive" advertisers in their business flow.

Ben Edelman:

Yahoo's Right Media ad marketplace features widespread ads exactly designed to deceive. I present ten examples of these deceptive ads, and I critique their unwelcome characteristics.

To estimate the prevalence of deceptive tactics, I examine Right Media's own analysis ad characteristics -- finding that by Right Media's own admission, deceptive ads total 35% or more of Right Media's advertising inventory.

Much more here.

UK: Most MoD's Systems Do Not Meet Data Security Standards

Siobhan Chapman writes on Computerworld UK:

Almost three out of four Ministry of Defence IT systems do not meet Cabinet Office standards, a Whitehall review has found.

Only 27 percent of MoD IT systems reviewed so far meet the new data-security standards, established by the government, a compliance review has revealed.

The systems that fail to meet Government standards for data security, include those holding military secrets and sensitive personal data.

Tougher data handling sanctions were handed down last year, following a government review into the HMRC data loss debacle in 2007, which involved the loss of 25 million child benefit records. Under the security measures, any disc, USB stick or laptop containing sensitive information has to be encrypted if it is to be taken out of Whitehall.

More here.

Microsoft Patches 'Super Nasty' Windows Bugs

Gregg Keizer writes on ComputerWorld:

Microsoft Corp. today patched three vulnerabilities in the company's Server Message Block (SMB) file-sharing protocal, including two that could make "swiss cheese" out of enterprise networks, according to one researcher.

"This is super nasty," said Eric Schultze, the chief technology officer at Shavlik Technologies LLC, who also called today's update "super critical" as he rang the alarm. "Expect to see a worm on this one in the very near future, [because] this is Blaster and Sasser all over again."

Those two worms, 2003's Blaster and 2004's Sasser, wreaked havoc worldwide as they spread to millions of Windows machines.

Of the three bugs outlined in the MS09-001 security bulletin, two were rated "critical," the most serious ranking in Microsoft's four-step scoring system, while the third was pegged "moderate."

More here.

Voting Machine Audit Logs Raise More Questions about Lost Votes in CA Election

Kim Zetter writes on Threat Level:

Computer audit logs showing what occurred on a vote tabulation system that lost ballots in the November election are raising more questions not only about how the votes were lost, but also about the general reliability of voting system audit logs to record what occurs during an election and to ensure the integrity of results.

The logs, which Threat Level obtained through a public records request from Humboldt County, California, are produced by the Global Election Management System, the tabulation software, also known as GEMS, that counts the votes cast on all voting machines -- touch-screen and optical-scan machines -- made by Premier Election Solutions (formerly called Diebold Election Systems).

The logs are at the core of an investigation that the California secretary of state's office is conducting to determine why the GEMS tabulation system deleted 197 ballots from the tallies of one precinct in Humboldt County during the November 4 general election. But instead of providing transparency into what occurred on the system, the GEMS logs have so far only baffled state investigators. Deputy Secretary of State Lowell Finley has referred to the logs as "'Greek' to anyone other than a programmer."

A computer scientist who is a recognized expert on electronic voting machines says the logs are no clearer to him.

More here.

Monday, January 12, 2009

Toon of The Day: Non-Conformist



We love Mr. Fish. Really.

Via Truthdig.com.

Enjoy.

- ferg

Executive Charged With Exporting Circuits to China

An AP newswire article, via SFGate.com, reports that:

A company executive has been charged in Los Angeles with exporting high-tech computer chips to China for potential military use.

William Chai-Wai Tsu, a Beijing resident and vice president of Cheerway Inc., was charged Monday in federal court with exporting sensitive technology without permission.

He was arrested Saturday in Commerce, and agents seized documents and computers from a Hacienda Heights home Tsu allegedly used to receive business-related shipments.

Prosecutors say Tsu, a naturalized U.S. citizen, bought at least 200 sophisticated circuits from a San Jose distributor and illegally shipped them to China. The tiny circuits are used in communications and radar systems for both civilian and military purposes.

More here.

Report: U.S. Surveillance Society Running Rampant

David Kravets writes on Threat Level:

If you think you're being watched, you're probably right.

The American Civil Liberties Union posted a website Monday showing that government-financed surveillance cameras are running rampant across the United States.

All the while, studies suggest they do nothing to cut down on violent crime. San Francisco, for example, has spent $700,000 for dozens of public cameras, but a University of California study [.pdf] just concluded there was "no evidence" they curtailed violent crime.

"Violent incidents do not decline in areas near the cameras relative to areas further away," added the study, which noted the cameras helped police bring charges against six people accused of felony property crimes. "We observe no decline in violent crimes occurring in public places."

But the report did show that, over the past two years, property crimes such as burglary and muggings dropped an estimated 24 percent in areas within 100 feet of San Francisco camera locations.

More here.

Export Controls Now Threaten U.S. National Security, Panel Says

Steven Aftergood writes on Secrecy News:

Science and technology export controls that are rooted in Cold War geopolitical realities are now both anachronistic and counterproductive, a report from the National Research Council said last week.

“As currently structured, many of these controls undermine our national and homeland security and stifle American engagement in the global economy, and in science and technology,” the report said.

The authors called on the Obama Administration to promptly revise export control policies by issuing an executive order that affirms “a strong presumption for openness.” They urged that economic competitiveness be factored into export control decisions, that controls be reviewed annually and rescinded when they can no longer be justified, and that new procedures be established for adjudicating disputes. Perpetuation of existing policies, the report warned, would be “a self-destructive strategy for obsolence and declining economic competitiveness.”

The report makes a compelling case that current export control procedures and visa policies for foreign scientists are arbitrary, incoherent and even dangerous. (Perhaps not coincidentally, export controls have also proved ineffective in preventing transfers of sensitive military technologies to Iran, as the Washington Post reported on January 11.)

More here.

DDoS Attacks Against Irish Website Tracking U.S. Military and CIA Rendition Activities

Via IndyMedia.ie.

Shannonwatch.org, a website set up in December 2008 to document US military traffic and rendition flights through Shannon Airport has become the victim of organised international attacks. The attacks which started on January 8th are being repeated, and efforts to keep the website live are currently proving difficult. The website managers are determined that they will not be silenced however, and will continue in one form or another to publish information on military and suspect CIA flights through Shannon.

The attacks on ShannonWatch.org indicate that a concerted effort is under way to stop the dissemination of information about US activities in Shannon. According to the Internet Service Provider (ISP) that hosts the website, the ongoing distributed denial-of-service (DDoS) attacks are far more sophisticated and determined than most such attacks. Efforts to make websites unavailable are not unusual, but a spokesperson for the ISP said this was “the second serious one [they have seen] in ten years”. The attacks involve thousands of hits per second, first on the nameserver, then on the server hosting the website, with uploads of hundreds of megabytes designed to bring the entire system down.

More here.

McKinnon Would Plead Guilty in UK to Avoid U.S. Extradition

Gary McKinnon

Tom Espiner writes on C|Net News:

Self-confessed hacker Gary McKinnon has told U.K. prosecutors he will plead guilty to charges in the U.K., a move that could help him avoid extradition to the U.S.

McKinnon has been accused by U.S. prosecutors of "the biggest military hack of all time," after entering NASA and Pentagon systems. His solicitor, Karen Todner, sent a letter to Keir Starmer, the director of public prosecutions, to say McKinnon would plead guilty if tried in the U.K. under the Computer Misuse Act (CMA). The letter was sent on December 23, Todner told ZDNet UK on Monday.

"Gary has committed offenses under the CMA, and has been diagnosed with Asperger's," said Todner. "I think it's time the DPP recognized that. Gary will plead guilty."

Todner said that under the CMA, McKinnon would receive a different sentence from the one he would receive if tried under U.S. law, as in the U.S. he would be prosecuted on charges of causing damage to military systems. She added that it is "generally accepted" McKinnon would receive a more lenient sentence in the U.K. The Londoner currently faces trial in the U.S., pending the outcome of an appeal to the High Court.

More here.

List of Most Dangerous Programming Errors Changes IT Security Discussion

Brian Prince writes on eWeek:

Security experts from Microsoft, Symantec and a host of other organizations including the NSA have compiled a list of the most dangerous software programming errors. The list shifts the focus of IT security discussions from the results of programming vulnerabilities to the programming process itself.

SQL injection, cross-site scripting – the list of security issues affecting the programs we use daily goes on and on. So often, however, conversations about IT security focus on how to address existing vulnerabilities rather than how to prevent them from coming about in the first place.

It is here that the list of the Top 25 Most Dangerous Programming Errors released today comes into play. The list was compiled by a team of experts from more than 30 organizations, including Microsoft, Symantec and the U.S. National Security Agency (NSA). By combining a list of problems with general advice on mitigations, the authors have effectively proposed a shift in thinking about common vulnerabilities.

More here.

Israel: Looking for a Few Good Cybermen?

Kevin Coleman writes on DefenseTech.org:

A fairly active cyber militia within Israel wants you! These cyber activists (Help Israel Win) are actively recruiting pro-Israeli computer users to aide in their cyber attacks against Hamas websites. These efforts appear to date back to the very early days of the latest conflict in Gaza. The militia developed and is distributing a cyber weapon called "Patriot" that once installed turns the volunteer computer to be remotely controlled and used in a Distributed Denial of Service (DDoS) attack against targeted Hamas websites.

As of late last week, the cyber militia said there were about 8,000 downloads of the cyber weapon. This is not just a hack package. The software includes the ability to remotely update the cyber weapon as well as an uninstaller that will remove the program once the conflict has ended.

This is just one aspect of the growing cyber war. The DDoS coupled with a significant propaganda (PSYOPS) offensive has continued to intensify in the Israel/Gaza conflict. PSYOPS is commonly used to induce and/or reinforce attitudes and behaviors favorable to the desired objectives of those launching the psychological operations. There have been reports that the Israeli military is also using the good old phone system in their PSYOPS initiatives. There have been multiple reports that Palestinians have been receiving phone calls from the Israeli army warning them against dealing with or assisting Hamas.

More here.

Travelers to U.S. Now Required to Register Online With Homeland Security


Stephanie Condon writes on C|Net News:

Starting Monday, travelers from the United Kingdom, Germany, Japan, Australia, and a host of other countries will have to register online with the U.S. Department of Homeland Security before they can travel into the United States.

As part of its efforts to use technology to improve border security, the DHS is mandating that travelers from any of the 35 countries in the U.S. Visa Waiver Program apply online for an Electronic System of Travel Authorization before boarding a plane to the U.S. Previously, visitors from those countries were only required to fill out the I-94W form on flights to the U.S. for trips shorter than 90 days.

The ESTA applications collect the same information as the I-94W form and check it against DHS databases to determine whether a traveler poses a law enforcement or security risk. That information includes biographical data like birth date and passport information, as well as information regarding communicable diseases, arrests, convictions for certain crimes, and mental disorders that spur behavior that may pose a threat to others.

More here.

Sunday, January 11, 2009

Study: San Francisco Spy Cameras No Help in Reducing Violent Crime

Robert Selna and Demian Bulwa write in The San Francisco Chronicle:

A long-awaited study of San Francisco's installation of surveillance cameras in high-crime areas shows that the effort fails in its stated purpose of reducing homicide and other violent crime, but the cameras are useful in reducing such offenses as burglary, pickpocketing and purse-snatching.

The study found that the program, started by Mayor Gavin Newsom in 2005, is hampered by a lack of training and oversight, a failure to integrate footage with other police tactics, inadequate technology, and what may be fundamental weaknesses of cameras as devices to stop violent crime.

The 184-page study, which was called for by the Board of Supervisors in 2006, was conducted by the UC Center for Information Technology Research in the Interest of Society. It represents one of the most thorough reports on public surveillance, a trend that has swept the nation in recent years.

San Francisco's camera program is different from other cities because, in a nod to privacy concerns, police in San Francisco are not allowed to monitor cameras in real time; investigators must instead order footage after a crime is reported.

More here.

24: Jack is Back!

Kiefer Sutherland as Jack Bauer.

Day 7