Saturday, January 23, 2010

Spy Drones Will Monitor U.K. Citizens

Via UPI.

Camera-equipped drones, developed by the British military for use in war, will be used in England to keep an eye on civilians from the sky, officials say.

Police in Kent and Essex counties plan to start using them in 2012 for routine monitoring of motorists, protesters, agricultural thieves and illegal dumping, The Daily Telegraph reported Saturday.

Collaboration between the police departments and BAE Systems, maker of the drones, began in 2007, the Telegraph said.

A prototype for police use is expected to fly this year. Its high-resolution cameras can capture images from 20,000 feet.

More here.

Friday, January 22, 2010

Image of the Day: Motif of Conan O'Brien in Cheetos

In celebration -- and sadness -- of Coco's last Tonight Show.

Via HuffPo.

- ferg

In Passing: Jean Simmons

Jean Simmons
January 31, 1929 – January 22, 2010

Cyber Crooks Cooked the Books at Florida Library

Brian Krebs:

Jan. 7, 2010 was a typical sunny Thursday morning at the Delray Beach Public Library in coastal Florida, aside from one, ominous dark cloud on the horizon: It was the first time in as long as anyone could remember that the books simply weren’t checking out.

Sure, patrons were still able to borrow tomes in the usual way — by presenting their library cards. The trouble was, none of the staff could figure out how or why nearly $160,000 had disappeared from their bank ledgers virtually overnight. The money was sent in sub-$10,000 chunks to some 16 new employees that had been added to the usual outgoing direct deposit payroll.

More here.

Thursday, January 21, 2010

80% of U.S. Government Web Sites Miss DNS Security Deadline

Carolyn Duffy Marsan writes on NetworkWorld:

Most U.S. federal agencies -- including the Department of Homeland Security -- have failed to comply with a Dec. 31, 2009, deadline to deploy new authentication mechanisms on their Web sites that would prevent hackers from hijacking Web traffic and redirecting it to bogus sites.

Agencies were required to roll out an extra layer of security on their .gov Web sites under an Office of Management and Budget mandate issued in August 2008, although at least one expert calls that yearend deadline "a little aggressive."

Aggressive or not, independent monitoring indicates that only 20% of agencies show signs of deploying this new security mechanism, which is called DNS Security Extensions, or DNSSEC for short.

More here.

Wednesday, January 20, 2010

Mark Fiore: Aid Quake

More Mark Fiore brilliance.

Via The San Francisco Chronicle

- ferg

Aurora Attack Malware Components May Be Four Years Old

Dennis Fisher writes on

Although the first known attacks using the Aurora malware that compromised Google weren't discovered until late last year, some parts of the malware codebase has been in existence in China for nearly four years, raising questions about how many other attacks it might have been used in during that time frame.

Researcher Joe Stewart of SecureWorks in Atlanta analyzed the Aurora codebase in great detail and found that several components of the malware were written in mid-2006, more than three years before the attacks on Google, Adobe and others were first discovered. The Aurora codebase comprises several discrete modules that each perform separate tasks during the exploitation, installation and remote-control process. Stewart said that although the Aurora malware itself isn't necessarily the most advanced attack tool, the authors, as well as the attackers who used it, knew what they were doing.

"I'd say it's of average sophistication for this kind of Trojan backdoor these days. It's not of any staggering technical complexity," Stewart said in an interview. "But the attackers did some things right. They used the code sparingly in highly targeted attacks, they didn't just use something off the shelf and they didn't pack and encrypt the binaries, because that looks suspicious. Using custom code was a smart move."

More here.

Microsoft to Issue Emergency IE Patch Thursday

Gregg Keizer writes on ComputerWorld:

Microsoft will release its emergency patch for Internet Explorer (IE) on Thursday, the company said today as it also admitted that attacks can be hidden inside rigged Office documents.

"We are planning to release the update as close to 10:00 a.m. PST as possible," Jerry Bryant, a program manager with the IE group, said in an entry on the Microsoft Security Response Center (MSRC) blog.

Yesterday, Microsoft confirmed speculation that it would issue an "out-of-band" update for the IE vulnerability, but postponed specifying a ship date until today.

More here.

Tuesday, January 19, 2010

China's Baidu Sues U.S. Domain Registrar After Hack

Owen Fletcher writes on PC World:

Top Chinese search engine has sued its U.S. domain registrar over a hack that took down the Web site, alleging negligence by the U.S. company, Baidu said Wednesday.

Users had trouble accessing for several hours last week after the company's domain name server in the U.S. was tampered with. The Iranian Cyber Army, the same group that took down Twitter last month, also appeared to be behind the attack on Baidu.

Baidu's lawsuit, filed in a court in New York, seeks related damages and alleges "gross negligence" by led to the service disruption, Baidu said in a statement. Baidu only said was hit by the outage, and that mirror site had not been affected. Domain service providers including provide the setup needed to take Internet users to the correct Web site when they type a domain name like

No one at was available to comment.


'Aurora' Exploit Retooled To Bypass Internet Explorer's DEP Security

Kelly Jackson Higgins writes on Dark Reading:

Security experts' worst fears about the Internet Explorer exploit used to hack Google and others has been realized: It can be retooled to beat IE's best defense, the Data Execution Protection (DEP) feature.

Some researchers are actively working on ways to use the malicious code in the so-called "Aurora" attacks to bypass DEP, a security feature in Windows and available for IE that prevents so-called "heap-spray" style code execution by malware. And one group of researchers claims to have demonstrated that the exploit can bypass DEP: VUPEN Security says it has confirmed that DEP doesn't prevent the exploit and that the only way to stop it is to disable JavaScript.

Chaouki Bekrar, CETO of VUPEN Security, says his team was able to bypass DEP on IE8 and execute arbitrary code. "We first used this technique a few weeks ago when we exploited another IEb8 vulnerability [that was] fixed with MS09-072," Bekrar says. He says VUPEN has sent its exploit code to Microsoft for review. IDS, IPS, and antivirus vendors also were given access to it via the company's vulnerability analysis service.

DEP is one of the key defenses against the original Aurora exploit code, which to date has been threatening only IE 6 users in the wild after being released in the wake of the recent hacks of Google and other firms.

More here.

Hundreds of Network Solutions-Hosted Sites Hacked

Brian Krebs:

Web site domain registrar and hosting provider Network Solutions acknowledged Tuesday that hackers had broken into its servers and defaced hundreds of customer Web sites.

The hackers appear to have replaced each site’s home page with anti-Israeli sentiments and pictures of masked militants and armed with rocket launchers and rifles, along with the message “HaCKed by CWkomando.”

According to results for that search term entered into Microsoft’s Bing search engine, there may in fact be thousands of sites affected by this mass defacement.

One of the defaced pages belonged to Minnesota’s 8th District GOP, according to a story in The Minnesota Independent, which said the Arabic writing that accompanies the defaced pages contains the dedication “For Palestine,” and the repeated phrase “Allahu Akbar” [God is great].

More here.

FBI Broke Law For Years in Phone Record Searches

John Solomon and Carrie Johnson write in The Washington Post:

The FBI illegally collected more than 2,000 U.S. telephone call records between 2002 and 2006 by invoking terrorism emergencies that did not exist or simply persuading phone companies to provide records, according to internal bureau memos and interviews. FBI officials issued approvals after the fact to justify their actions.

E-mails obtained by The Washington Post detail how counterterrorism officials inside FBI headquarters did not follow their own procedures that were put in place to protect civil liberties. The stream of urgent requests for phone records also overwhelmed the FBI communications analysis unit with work that ultimately was not connected to imminent threats.

A Justice Department inspector general's report due out this month is expected to conclude that the FBI frequently violated the law with its emergency requests, bureau officials confirmed.

More here.

Evidence Found for Chinese Attack on Google

John Markoff writes on The New York Times:

An American computer security researcher has found what he says he believes is strong evidence of the digital fingerprints of Chinese authors in the software programs used in attacks against Google.

In the week since the announcement, several private computer security companies have made claims supporting Google’s suspicions, but the evidence has remained circumstantial.

Now, by analyzing the software used in the break-ins against Google and dozens of other companies, Joe Stewart, a malware specialist with the SecureWorks, a computer security company based in Atlanta, said he determined the main program used in the attack contained a module based on an unusual algorithm from a Chinese-authored technical paper that has been published exclusively on Chinese-language Web sites.

More here.

Microsoft Promises 'Out of Ban' Emergency IE Patch

Gregg Keizer writes on ComputerWorld:

Microsoft today announced that it will issue an emergency security update for Internet Explorer (IE), but postponed setting a ship date for the fix until tomorrow.

"Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment, Microsoft will release a security update out-of-band for this vulnerability," said George Stathakopoulos, general manager of the Trustworthy Computing Security group, in an entry on the Microsoft Security Response Center (MSRC) blog.

"We take the decision to go out-of-band very seriously, given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time," Stathakopoulos said.

More here.

Software Firms Fear Hackers Who Leave No Trace

John Markoff and Ashlee Vance write on The New York Times:

The crown jewels of Google, Cisco Systems or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run.

If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with the software.

The fear of someone building such a back door, known as a Trojan horse, and using it to conduct continual spying is why companies and security experts were so alarmed by Google’s disclosure last week that hackers based in China had stolen some of its intellectual property and had conducted similar assaults on more than two dozen other companies.

More here.

Hackers Wield Newest IE Exploit in Drive-By Attacks

Gregg Keizer writes on ComputerWorld:

Hackers are attacking consumers with an exploit of Internet Explorer (IE) that was allegedly used last month by the Chinese to break into Google's corporate network, a security company said Monday.

That news came on the heels of warnings by the information security agencies of the French and German governments, which recommended that IE users switch to an alternate browser, such as Firefox, Chrome, Safari or Opera, until Microsoft fixes the flaw.

In a Monday alert Websense said it identified "limited public use" of the unpatched IE vulnerability in drive-by attacks against users who strayed onto malicious Web sites. The site Websense cited in its warned has since been yanked from its hosting server.

More here.

Monday, January 18, 2010

Foreign Journalists' Gmail Hijacked in China

Brian Prince writes on eWeek:

An association of journalists based in Beijing said reporters have recently had their Google Gmail accounts hijacked.

In a statement, the Foreign Correspondents' Club of China (FCCC) stopped short of accusing the Chinese government or any other entity of taking part in the hijacking, but warned members to be mindful of security.

“Foreign correspondents in a few bureaus in Beijing have recently discovered that their Gmail accounts had been hijacked,” the group said. “Their emails were being forwarded to a stranger’s address.”

When Google first announced Jan. 12 that it had been the victim of a cyber-attack, it noted there had also been repeated attempts to access Gmail accounts belonging to Chinese human rights activists.

More here.

Poisoned PDF Pill Used to Attack U.S. Military Contractors

John Leyden writes on The Register:

Unidentified hackers are running an ongoing cyber-espionage attack targeting US military contractors.

Booby-trapped PDF files, posing as messages from the US Department of Defense, were emailed to US defence contractors last week. The document refers to a real conference due to be held in Las Vegas in March.

Opening the malicious PDF file attached to the spoofed emails triggers an attempt to exploit an Adobe Reader vulnerability only patched by the software firm last Tuesday (12 January).

The infection of vulnerable systems opens up a backdoor that connects to a server hosted in Taiwan, though the hackers who set up the attack may potentially be located anywhere.

More here.

It's Not Just a Holiday: 'I'm Not Fearing Any Man'

Dr. Martin Luther King, Jr.

A great man:

Well, I don't know what will happen now. We've got some difficult days ahead. But it doesn't matter with me now. Because I've been to the mountaintop. And I don't mind. Like anybody, I would like to live a long life. Longevity has its place. But I'm not concerned about that now. I just want to do God's will. And He's allowed me to go up to the mountain. And I've looked over. And I've seen the promised land. I may not get there with you. But I want you to know tonight, that we, as a people will get to the promised land. And I'm happy, tonight. I'm not worried about anything. I'm not fearing any man. Mine eyes have seen the glory of the coming of the Lord.

Today we celebrate the birth - and life - of Dr. King, a man of conviction, and a role model for us all.

It's not "just a holiday" or a day off from work - it's an opportunity for us all to reflect on who we are, the content of our own individual character, and a moment to reflect on the depths (of lack) of truth in our own convictions, beliefs, and compassion for our fellow man, and our ability to act upon them.

I am not a religious man, personally, but don't squander the opportunity to reflect on the importance of Dr. King's words, deeds, and impact on the world around us.

His words are universal and still relevant in these troubled times.

- ferg

Sunday, January 17, 2010

Networks, Intrusions, Compromises: The Lock That Says 'Pick Me'

Steve Lohr writes in The New York Times:

The recent computer attacks on the mighty Google left every corporate network in the world looking a little less safe.

Google’s confrontation with China — over government censorship in general and specific attacks on its systems — is an exceptional case, of course, extending to human rights and international politics as well as high-tech spying. But the intrusion into Google’s computers and related attacks from within China on some 30 other companies point to the rising sophistication of such assaults and the vulnerability of even the best defenses, security experts say.

“The Google case shines a bright light on what can be done in terms of spying and getting into corporate networks,” said Edward M. Stroz, a former high-tech crime agent with the F.B.I. who now heads a computer security investigation firm in New York.

Computer security is an ever-escalating competition between so-called black-hat attackers and white-hat defenders. One of the attackers’ main tools is malicious software, known as malware, which has steadily evolved in recent years. Malware was once mainly viruses and worms, digital pests that gummed up and sometimes damaged personal computers and networks.

More here.

It's Official: NY Jets Advance to AFC Championship Game

Rookie NY Jets Quarterback, Mark Sanchez


My New York Jets managed to beat the San Diego Chargers, so they will be going to Indianapolis to play the Colts next Sunday.

J-E-T-S, Jets, Jets, Jets!

Fingers crossed for next Sunday's game!

- ferg

Indian Security Chief: China Tried to Hack Our Computers

Richard Beeston and Jeremy Page write on The Times Online:

Chinese hackers are believed to have attempted to penetrate India’s most sensitive government office in the latest sign of rising tensions between the two rival Asian powers, The Times has learnt.

M. K. Narayanan, India’s National Security Adviser, said his office and other government departments were targeted on December 15, the same date that US companies reported cyber attacks from China.

“This was not the first instance of an attempt to hack into our computers,” Mr Narayanan told The Times in a rare interview.

He said that the attack came in the form of an e-mail with a PDF attachment containing a “Trojan” virus, which allows a hacker to access a computer remotely and download or delete files. The virus was detected and officials were told not to log on until it was eliminated, he said.

More here.