Brazilian Blackout Traced to Sooty Insulators, Not Hackers

Via Wired.com -

A massive 2007 electrical blackout in Brazil has been newly blamed on computer hackers, but was actually the result of a utility company’s negligent maintenance of high voltage insulators on two transmission lines. That’s according to reports from government regulators and others who investigated the incident for more than a year.

In a broadcast Sunday night, the CBS newsmagazine 60 Minutes cited unnamed sources in making the extraordinary claim that a two-day outage in the Atlantic state of Espirito Santo was triggered by hackers targeting a utility company’s control systems. The blackout affected 3 million people. Hackers also caused another, smaller blackout north of Rio de Janeiro in January 2005, the network claimed.

Brazilian government officials disputed the report over the weekend, and Raphael Mandarino Jr., director of the Homeland Security Information and Communication Directorate, told the newspaper Folha de S. Paulo that he’s investigated the claims and found no evidence of hacker attacks, adding that Brazil’s electric control systems are not directly connected to the internet.

The utility company involved, Furnas Centrais Elétricas, told Threat Level on Monday, it “has no knowledge of hackers acting in Furnas’ power transmission system.”

A review of official reports from the utility, the country’s independent systems operator group and its energy regulatory agency turns up nothing to support the hacking claim.

The earliest explanation for the blackout came from Furnas two days after the Sept. 26, 2007, incident began. The company announced that the outage was caused by deposits of dust and soot from burning fields in the Campos region of Espirito Santo. “The concentration of these residues would have been exacerbated by the lack of rain in the region for eight months,” the company said.

Brazil’s independent systems operator group later confirmed that the failure of a 345-kilovolt line “was provoked by pollution in the chain of insulators due to deposits of soot” (.pdf). And the National Agency for Electric Energy, Brazil’s energy regulatory agency, concluded its own investigation in January 2009 and fined Furnas $3.27 million (.pdf) for failing to maintain the high-voltage insulators on its transmission towers.

Cascading electrical failures like the one in Espirito Santo often have a number of contributing factors, and it’s possible that the poorly maintained insulators were only the most conspicuous element in the 2007 incident.

Reports that hackers triggered at least one blackout outside the United States first got wide attention last year, based on comments made by the CIA’s chief cybersecurity officer, Tom Donahue. He declined, however, to identify any country or the specifics of the alleged attacks. The blackout claim even made it into a speech given by President Obama in May. “In other countries cyberattacks have plunged entire cities into darkness,” Obama said, not mentioning the cities. In an interview with Threat Level last month, former cybersecurity czar Richard Clarke named Brazil as a hack-attack blackout victim, but didn’t provide verifiable details.
In some versions of the story, the hackers were trying to extort money from the utility. The 60 Minutes broadcast this week — which cited six unnamed sources in the intelligence, military and cybersecurity communities — was the first to peg the story to specific blackouts. CBS did not repeat the extortion claim, reporting instead that the location and motives of the hackers are a mystery.

Fallout from the story kept telephones ringing in Brazil’s electricity sector Monday. “Everyone’s been calling us all day about it,” said a beleaguered spokesman with the National Operator of the Electric System.

Microsoft's USB-Based Forensics Tool (COFEE) Leaked Online

Via Darkreading.com -

A forensics tool built by Microsoft exclusively for law enforcement officials worldwide was posted to a file-sharing site, leaving the USB-based tool at risk of falling into the wrong hands.
COFEE is a free, USB-based set of tools, which Microsoft offers only to law enforcement, that plugs into a computer to gather evidence during an investigation. It lets an officer with little or no computer know-how use digital forensics tools to gather volatile evidence.
COFEE was posted, and then later removed, from at least one file-sharing site, but security experts say the cat is now out of the bag. While many forensics tools with similar functionality as Microsoft's Computer Online Forensic Evidence Extractor (COFEE) are available, security experts still worry the bad guys will use their access to the tool to figure out ways to circumvent it.

Chris Wysopal, CTO at Veracode, says the danger is that a detection tool will be written for COFEE so that the bad guys can cover their tracks. "Someone will build a detector so that machines will wipe themselves or give rootkit-like fake answers if this USB is inserted into a computer," Wysopal says.

One researcher who got a copy of COFEE online says bad guys could abuse the tool by taking one of its DLLs and loading it into a compromised machine's memory, where it then dumps stored clear-text passwords to a file.

Microsoft says it's investigating reports that some version of COFEE may have been made available online, but that it's not worried about workarounds. "Note that contrary to reports, we do not anticipate the possible availability of COFEE for cybercriminals to download and find ways to 'build around' to be a significant concern," said Richard Boscovich, senior attorney for Microsoft's Internet Safety Enforcement Team, in a statement. "COFEE was designed and provided for use by law enforcement with proper legal authority, but is essentially a collection of digital forensic tools already commonly used around the world. Its value for law enforcement is not in secret functionality unknown to cybercriminals -- its value is in the way COFEE brings those tools together in a simple and customizable format for law enforcement use in the field."
Boscovich said Microsoft "strongly" recommends downloading "any technology purporting to be COFEE outside of authorized channels -- both because any unauthorized technology may not be what it claims to be, and because Microsoft has only granted legal usage rights for our COFFEE technology for law enforcement purposes."

"We will take action to mitigate any unauthorized distribution of our technology beyond the means for which it's been legally provided," he said.

Graham Cluley, senior technology consultant with Sophos, says while there are plenty of tools that perform similar tasks to COFEE, it's not very likely to be abused for nefarious purposes. But, "that can't be ruled out," he says.

Cluley is more concerned about criminals learning the inner workings of COFEE. The real danger is if they can "determine if it is being run on one of their PCs and take precautionary steps to prevent the computer crime community from finding out what they've been up to," he says.

But getting a copy of COFEE won't likely expose its "secret sauce," says Jamie Butler, a director at digital forensics firm Mandiant. Attempting to reverse-engineer it to evade it probably isn't necessary for the bad guys, anyway, because the suite of tools in COFEE collects so much data that they already can get lost in the "noise," Butler says.

Pakistan Gov Considers Restricting Media Coverage

The Pakistani government is considering passing laws that would restrict media coverage of sensitive issues. The move risks rolling back improvements in media coverage and freedoms that gained ground under the administration of President Pervez Musharraf.

h/t - The Long War Journal

------------------

Here is RSF's Press Freedom Index of 2009...showing Pakistan 159 out of 175.

In comparison, the UK, the US and Luxembourg share the 20th ranking.

Transnational Terror: Lashkar-e-Taiba’s Chicago Plot

Via CT Blog -

Three names have been doing the rounds in India these days: Maulana Ilyas Kashmiri, David Coleman Headley (a.k.a Dauod Geelani) and Tahawur Hussein Rana; one hard core veteran Jehadi and two motivated ‘would be’ terrorists. They are in the news for plotting major assaults in India. Among them, Ilyas Kashmiri who was rumored to be dead early this year, in fact survived three drone attacks in Pakistan’s Waziristan region, belongs to the Al Qaeda- Harkat-Ul- Jihad- Al-Islami (HuJI) lineage and heads the Qaeda’s deadly 311 brigade. He still carries a head money of US $ 600,000 dollars. His name resurfaced when a report was published in the Asia Times last month. The semi-biographical report titled, “Al-Qaeda's guerrilla chief lays out strategy” was written by Syed Saleem Shahzad of Pakistan who interviewed Ilyas Kashmiri about his future terror plans at his den and on his invitation.

In early September 2009, Pakistani officials and Western intelligence agencies believed that Ilyas Kashmir, Al Qaeda/HuJI operations chief in Pakistan and another close aide of Bin Laden, a Uzbek terrorist commander identified as Nazimuddin Zalalov (a.ka. Yahyo) have been killed in missile attacks in Turrikhel area of North Waziristan.

The other two names, Headly and Rana came as a bit of surprise to many in India and in the US. But their plan made one thing clear about the intention and capability of terrorist outfits (like LeT, Al Qaeda and JeM) that have transnational reach and global Jihadi agenda. These two men are part of a Lashkar-e-Taiba plot to attack major landmarks in India and Denmark. The US investigating agencies, including the Federal Bureau of Investigation (FBI) have so far neutralized what is now dubbed as LeT’s ‘Chicago Terror Plot’. Headley was arrested early in October 2009 by the Joint Terrorism Task Force at Chicago’s O’Hare International Airport. He was reportedly planning to travel to Pakistan in near future to meet Ilyas Kashmiri and other terrorist leaders. His accomplice and co plotter Rana was arrested from Chicago later in that month.

According to FBI affidavit filed in a Chicago court, Headley had visited Pakistan a number of times before and constantly in touch with his LeT handlers (two Pakistan based LeT terrorists are still to be identified) in Pakistan through emails. As per the FBI the email communications revealed that a LeT mastermind in Pakistan was placing a higher priority on using Headley to assist in planning a new attack in India than on completing the planned attack in Denmark (facilities of Jayland Posten, the Danish newspaper which carried a cartoon strip of Prophet Muhammad in 2005 and perhaps (I suspect) a commando type assault during the upcoming Climate Summit). Any audacious attacks on these spots (and in India) would have given Lashkar-e-Taiba a position parallel to Al Qaeda in the international terrorism arena.

In June 2003, FBI made a similar breakthrough arresting at least seven Lashkar sympathizers or world be terrorists from in and around Washington region (3 from Maryland, 3 from Virginia and one in Pennsylvania), for providing material support to LeT.

The latest foiled LeT plot targeted vital landmarks, installations and elite boarding schools, as per the FBI investigations. The LeT is obviously planning Nov 2008 Mumbai type assaults in India and the possible targets were National Defense College, New Delhi, Doon School in Dehradun and Woodstock School in Mussoorie. It has been reported also that these terrorists have major plans to target the American and the Israeli nationals in India.

We find nothing new about the latest and earlier Lashkar planning to target India, Israelis and Americans. The threat emanates from LeT is still vivid in public memory: during October 2000 annual convention of the LeT in Lahore's Gulshan-i-Iqbal park where LeT chief Hafiz Saeed uttered anti India and Anti Israel rhetoric following a blast that took place near the venue. He held India and Israel responsible for the blast and threatened revenge; and of course his infamous utterances that LeT would plant the 'flag of Islam' in Washington, Tel Aviv and New Delhi.

Barely twenty more days to go when India will observe the first anniversary of Mumbai terror mayhem (26/11, 2008). The memory of that sixty odd hours of ordeal will again haunt us for some time and then ‘business as usual’. The question to ponder here is how far we have progressed so far since 26/11, especially to fight the menace like Mumbai or Chicago type assults and plots.

OWASP Top 10 2009/2010 Expected Next Week @ AppSec DC

http://www.owasp.org/index.php/OWASP_AppSec_DC_2009

We are pleased to announce that the OWASP DC chapter will host the OWASP AppSec 2009 conference in Washington, DC. The AppSec DC OWASP Conference will be a premier gathering of Information Security leaders. Executives from Fortune 500 firms along with technical thought leaders such as security architects and lead developers will be traveling to hear the cutting-edge ideas presented by Information Security’s top talent. OWASP events attract a worldwide audience interested in “what’s next”. The conference is expected to draw 600-700 technologists from Government, Financial Services, Media, Pharmaceuticals, Healthcare, Technology, and many other verticals.

------------------

I will be in attendance...so if you see me walking around be sure to say hi....

Russian Tochka-U Missile Accidentally Self-Destructs During Exercises

Via Janes.com -

The Russian Defence Ministry has revealed that an army OTR-21 Tochka-U (SS-21 'Scarab B') ballistic missile accidentally self-destructed during live-firing exercises on 28 October in the northwest of the country.

The incident took place at the Luga training area close to the Estonian and Latvian borders, just outside the missile's 120 km maximum effective range.

The exercise was carried out by the Russian Army's 26th Missile Brigade, based at the Luga Training Centre in the Leningrad Military District.

The firing follows the launch of another Tochka-U missile on 8 October from the Pavenkovo test site in the nearby Kaliningrad enclave during the final stages of Baltic Fleet coastal defence exercises.

Explaining that "the missile self-destructed at the height of 1000 m [3,000 ft]", spokesman Colonel Alexei Kuznetsov said that the weapon was already past the end of its service life and due for destruction. An accident investigation will take place.

Russia reportedly possesses 140 Tochka-U systems. Some 15 are said to have been deployed during the Georgian conflict with five attacks confirmed in addition to other missile attacks. The system's missiles can carry nuclear or conventional warheads.

-------------------------

OTR-21 Tochka is a Soviet short-range tactical ballistic missile. Its GRAU designation is 9K79; its NATO reporting name is SS-21 Scarab. It is transported in a 9P129 vehicle, then erected vertically prior to launch. The improved Scarab B (Tochka-U) was introduced in 1989. Improved propellant increased the range to 120 km (75 mi). CEP (Circular Error Probable) significantly improved, to less than 95 m (310 ft).

Cyber Attacks Caused Brazil Power Outages

Via CBSNews.com -

A series of power outages affecting millions of people in Brazil in 2005 and 2007 were the result of cyber attacks, "60 Minutes" has learned. The two-day event in Espirito Santo State affecting more than three million people in 2007 and another, smaller event in three cities north of Rio de Janeiro in January 2005 were perpetrated by hackers manipulating control systems.

The revelation is part of a Steve Kroft investigation into how computers and the Internet can be used as weapons to be broadcast this Sunday, Nov. 8, at 7 p.m. ET/PT.

Former Chief of U.S. National Intelligence Retired Adm. Mike McConnell believes it could happen in America. "If I were an attacker and wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer," he tells Kroft. "I would probably sack electric power on the U.S. East Coast, maybe the West Coast and attempt to cause a cascading effect."

If hackers did attack the U.S. power grid, "The United States is not prepared for such an attack." says McConnell.

Congressman Jim Langevin (D.- R.I.), who chaired a subcommittee on cyber security, agrees. He says that U.S. power companies need to be forced to deal with the issue after they told Congress they would take steps to defend their operations but did not follow up. "They admit that they misled Congress," says Langevin, and they still haven't made much progress. "The private sector has different priorities than we do in providing security. Their…bottom line is about profits," he tells Kroft. "We need to change their motivation so that when see vulnerability like this, we can require them to fix it."

Computer hackers have struck in the U.S. already. "People talk about cyber Pearl Harbors, …we probably had our electronic Pearl Harbor," says Jim Lewis, director of the Center for Strategic and International Studies which oversaw a study on cyber security for the Obama Administration. He is referring to a breach of computer security resulting in the downloading of huge amounts of critical information from several governmental departments, including Defense, State and Commerce. "So we probably lost the equivalent of a Library of Congress worth of information in 2007," he says.

A bigger event than even that, says Lewis, was a breach of the CENTCOM Network, the U.S. command fighting the wars in Afghanistan and Iraq. "We know it was a foreign country. We don’t know which one…this was a very sophisticated set of skills," Lewis tells Kroft.

Banks are also targets; more money has been stolen by cyber thieves than by those walking into banks so far this year in the U.S. - over $100 million says FBI Agent Sean Henry. But you don't hear much about it. "When there's a network breach, the owners of the network are not keen to have it known…it might impact their business," says Henry.

Money being stolen isn't even the biggest threat says McConnell, because a worse scenario would be if the hackers were to destroy the system that accounts for all the money and its movement. That would create a bank rush and financial pandemonium. McConnell worries it will take some horrific event to get the country focused on shoring up cyber security. "If the power grid was taken off line in the middle of winter and it caused people to suffer and die, that would galvanize the nation. I hope we don't get there," he tells Kroft

Google Dashboard

The Google Dashboard allows you to view and control data associated with the different products you use with your Google Account.

---------------

Using Dashboard, I found that I had a ton of old RSS feeds still in Google Reader.

Worried about all that data stored in your Google account? Well, get to configuring and cleaning!

It should be noted that Google Dashboard only shows info you've consciously given to Google. It doesn’t let you know and control the data directly tied to your computer’s IP address, which is Google’s black box and data mine.

OpenSSL 0.9.8l Released - Renegotiation Disabled by Default

http://isc.sans.org/diary.html?storyid=7543&rss

OpenSSL has released a new version (OpenSSL 0.9.8l). It should be noted that this update does not "fix" the vulnerability in the protocol. It appears that they have made the choice to simply remove TLS/SSL negotiation from their package by default. I would urge anyone who is running a SSL enabled site that uses OpenSSL to thoroughly test their application as well as any software clients that are in used with their application. There has been some discussion on the effects of simply removing renegotiation from these packages or disabling them by default (as OpenSSL has done). There will no doubt be instances where clients/servers will cease to function properly when renegotiation is disabled or removed. The nice thing about what OpenSSL has done is if you do run into issues, it appears to be an easy fix (set a flag and -hup!). So as always make sure to test vigorously before you deploy!

------------------------------

Also, Leviathan Security has released a technical overview of the vulnerabilities and possible mitigation, along with a simple detection tool to see if your server excepts client renegotiations.

http://www.leviathansecurity.com/pdf/Renegotiating_TLS.pdf
http://www.leviathansecurity.com/pdf/ssltlstest.zip

Major SSL Flaw Find Prompts Protocol Update

Via DarkReading -

The Internet Engineering Task Force (IETF) is about to issue a proposed extension to Secure Sockets Layer (SSL) that addresses a major vulnerability in the protocol that was inadvertently disclosed publicly late yesterday -- a flaw that affects browsers, servers, smart cards, VPN products, as well as many lower-profile products that contain the protocol embedded in their firmware.

Marsh Ray, who first discovered the bug in August, has been working with the IETF, vendors including Google and Mozilla, and members of the Industry Consortium for the Advancement of Security on the Internet (ICASI) on a fix since last month. He says he expects the IETF to issue a proposed extension to its specification for SSL, known as Transport Layer Security (TLS) in IETF parlance, as early as today. Software vendors that use SSL can then create patches for the vulnerability.

"The bug results in a set of related attacks that allow a man-in-the-middle to do bad things to your SSL/TLS connection. The [attacker] in the middle is able to inject his own chosen text into what your application believes is an encrypted, secure communications channel," says Ray, a senior software development engineer for PhoneFactor. "This has implications for all protocols that run on top of SSL/TLS, such as HTTPS."

[...]

SSL has been under siege during the past year, with the groundbreaking man-in-the-middle hack by researcher Moxie Marlinspike, which dupes a user into thinking he's in an HTTPS session when in reality he has been taken elsewhere by the attacker, as well as Kaminsky's research exposing critical flaws in X.509 certificate technology used in SSL.

But this latest threat resides within the SSL protocol itself and will require fixes to browsers, Web servers, database servers, mail servers, SQL servers, smart cards, and other SSL-based software. "All the [SSL] attacks I've seen [recently] have been around the client or server software, or the way it handles a certificate," Ray says. "What's different with this [bug] is that both the client and server need to be patched to restore the full security guarantees that are expected with TLS."

Marlinspike maintains that the newly found SSL flaw is not earth-shattering. "The sky is not falling," he says. "This was some clever work, and it is interesting for those of us who are into secure protocols, but I have yet to see an example of how this could significantly impact the way that SSL/TLS is commonly deployed in ways that differ from simple CSRF [cross-site request forgery]."

----------------------------

This SSL bug is still pretty new and many questions remain about exactly which software platforms and protocols are vulnerable.

In the coming weeks, as tools, POCs and more research comes to the surface, the community as a whole will have a better picture of the overall threat.

Here are two great blog entries on the new SSL bug...
Understanding the TLS Renegotiation Attack
Thoughts on the TLS Bug

Quick Take: Fort Hood Shootings - The Investigation

http://www.stratfor.com/analysis/20091105_quick_take_fort_hood_shootings_investigation

STRATFOR security expert Fred Burton describes the complex process of investigating a shooting spree that killed 12 people and injured scores more at Fort Hood, Texas.



--------------------------

http://www.foxnews.com/story/0,2933,572405,00.html?test=latestnews

The suspect, Army Major Nidal Malik Hasan, was not killed during the event and is currently in stable condition at a local hospital. Hasan was born and raised in Virginia and graduated from Virginia Tech University in 1997 with a bachelor's degree in biochemistry. He received his medical degree from the military's Uniformed Services University of the Health Sciences in Bethesda, Md., in 2001.

------------------------

On a more important note, I just read Jeffery's Intelfusion entry and couldn't agree more....

In the wake of the tragic and senseless killings of innocent people at Ft. Hood by a crazed psychiatrist who happened to be Muslim, take notice of who uses this as an opportunity to bash an entire religion. You want to avoid those people, both professionally and personally. Every religion has extremists out on the fringes, including Christianity. In no case should the acts of extremists be used to paint an entire group of believers, regardless of the religion. The people who engage in that kind of religious bigotry have surrendered the control of their mind to fear instead of logic. And fearful people are dangerous to be around.

Gunmen Attacks Senior Pakistan Army Officer in Islamabad

Via NYTimes -

Gunmen on a motorcycle fired on the car of an army brigadier in Islamabad on Friday, the third such drive-by attack against senior military officers in 15 days.

The brigadier and his military driver were injured and taken to a nearby hospital, said Maj. Gen. Athar Abbas, the spokesman for the Pakistani military. The gunmen escaped.

General Abbas said the attack took place around 8:30 a.m. An Islamabad police official, Tahir Malik, told Dawn television that the assailants were waiting for the brigadier as he left his house and opened fire on his car as it turned onto a main road.

General Abbas said the brigadier, who was not identified, was in stable condition and was speaking to military officials. His driver, however, was in serious condition.

The recent attacks on senior officers appear to be direct reprisals for the army’s ongoing offensive against Taliban and Al Qaeda militants in the tribal region of South Waziristan.

The attacks from motorcycles also seem to signal a new tactic being used by Islamist militants in the capital. Previously, military personnel have traveled relatively freely and openly in Islamabad.

Baguette Dropped From Bird's Beak Shuts Down The Large Hadron Collider

Via popsci.com -

The Large Hadron Collider, the world's most powerful particle accelerator, just cannot catch a break. First, a coolant leak destroyed some of the magnets that guide the energy beam. Then LHC officials postponed the restart of the machine to add additional safety features. Now, a bird dropping a piece of bread on a section of the accelerator has, according to the Register, shut down the whole operation.

The bird dropped some bread on a section of outdoor machinery, eventually leading to significant over heating in parts of the accelerator. The LHC was not operational at the time of the incident, but the spike produced so much heat that had the beam been on, automatic failsafes would have shut down the machine.

This incident won't delay the reactivation of the facility later this month, but exposes yet another vulnerability of the what might be the most complex machine ever built. With freak accident after freak accident piling up over at CERN, the idea of time traveling particles returning from the future to prevent their own discovery is beginning to seem less and less far fetched.

Counterterrorism: Shifting from 'Who' to 'How'

Via STRATFOR (Global Security & Intelligence Report) -

In the 11th edition of the online magazine Sada al-Malahim (The Echo of Battle), which was released to jihadist Web sites last week, al Qaeda in the Arabian Peninsula (AQAP) leader Nasir al-Wahayshi wrote an article that called for jihadists to conduct simple attacks against a variety of targets. The targets included "any tyrant, intelligence den, prince" or "minister" (referring to the governments in the Muslim world like Egypt, Saudi Arabia and Yemen), and "any crusaders whenever you find one of them, like at the airports of the crusader Western countries that participate in the wars against Islam, or their living compounds, trains etc.," (an obvious reference to the United States and Europe and Westerners living in Muslim countries).

Al-Wahayshi, an ethnic Yemeni who spent time in Afghanistan serving as a lieutenant under Osama bin Laden, noted these simple attacks could be conducted with readily available weapons such as knives, clubs or small improvised explosive devices (IEDs). According to al-Wahayshi, jihadists "don't need to conduct a big effort or spend a lot of money to manufacture 10 grams of explosive material" and that they should not "waste a long time finding the materials, because you can find all these in your mother's kitchen, or readily at hand or in any city you are in."

That al-Wahayshi gave these instructions in an Internet magazine distributed via jihadist chat rooms, not in some secret meeting with his operational staff, demonstrates that they are clearly intended to reach grassroots jihadists -- and are not intended as some sort of internal guidance for AQAP members. In fact, al-Wahayshi was encouraging grassroots jihadists to "do what Abu al-Khair did" referring to AQAP member Abdullah Hassan Taleh al-Asiri, the Saudi suicide bomber who attempted to kill Saudi Deputy Interior Minister Prince Mohammed bin Nayef with a small IED on Aug. 28.

The most concerning aspect of al-Wahayshi's statement is that it is largely true. Improvised explosive mixtures are in fact relatively easy to make from readily available chemicals -- if a person has the proper training -- and attacks using small IEDs or other readily attainable weapons such as knives or clubs (or firearms in the United States) are indeed quite simple to conduct.

As STRATFOR has noted for several years now, with al Qaeda's structure under continual attack and no regional al Qaeda franchise groups in the Western Hemisphere, the most pressing jihadist threat to the U.S. homeland at present stems from grassroots jihadists, not the al Qaeda core. This trend has been borne out by the large number of plots and arrests over the past several years, to include several so far in 2009. The grassroots have likewise proven to pose a critical threat to Europe (although it is important to note that the threat posed by grassroots operatives is more widespread, but normally involves smaller, less strategic attacks than those conducted by the al Qaeda core).

From a counterterrorism perspective, the problem posed by grassroots operatives is that unless they somehow self-identify by contacting a government informant or another person who reports them to authorities, attend a militant training camp, or conduct electronic correspondence with a person or organization under government scrutiny, they are very difficult to detect.

The threat posed by grassroots operatives, and the difficulty identifying them, highlight the need for counterterrorism programs to adopt a proactive, protective intelligence approach to the problem -- an approach that focuses on "the how" of militant attacks instead of just "the who."

Judge Penalizes Lawyer for Leaking Personal Data in Brief

Via The Register UK -

A judge has chastised a lawyer for including the social security numbers and birthdays of 179 individuals in an electronic court brief, ordering him to pay a $5,000 sanction and provide credit monitoring.

US District Judge Michael J. Davis said he was meting out the penalty under his "inherent power," meaning no one in the court case had filed a motion requesting he do so. In an order issued late last month, he said the move was designed to prevent attorney Vincent J. Moccio from repeating the carelessness again.

The court is deeply concerned with the harmful and widespread ramifications associated with negligent and inattentive electronic filing of court documents," he wrote. "Although electronic filing significantly improves the efficiency and accessibility of our court system, it also elevates the likelihood of identity theft and damage to personal privacy when lawyers fail to follow federal and local rules."

Davis ordered Moccio to send the individuals a letter informing them that their private information had been made public and that unless they objected within seven days, they would automatically begin receiving a year's worth of credit monitoring services fee of charge. He also ordered the attorney to pay $5,000 to a Saint Paul, Minnesota, food bank.

Moccio is scheduled to appear in court next October to report on the status of the credit reports.

------------------------

Well done Mr. Davis...well done.

Payments in Ivoirian Toxic Dumping Case Disputed

Via NY Times -

Thousands of victims of one of the worst toxic dumping scandals in years could lose their hard-won settlement thanks to maneuverings by a shadowy but “influential” figure in Ivory Coast, where the dumping occurred, the victims’ lawyer said Wednesday.

Up to $45 million in compensation is at stake, intended for about 30,000 victims of an oil-based sludge surreptitiously dumped around Abidjan, Ivory Coast’s capital, in 2006. The tanker’s poisonous shipment has become notorious as a kind of African Bhopal, an example of a multinational corporation’s negligence in the third world.

The waste was shipped by Trafigura, an international commodities trading giant. About 108,000 people sought treatment for nausea, headaches, vomiting and abdominal pains, and at least 15 died. All had apparently been poisoned by the toxic brew of gasoline and caustic soda, refining byproducts dumped by Trafigura’s contractor.

The company agreed to pay the Ivorian government about $200 million in 2007, then settled separately with the victims in September of this year. But now the money, frozen in a local bank, has been claimed by a largely self-appointed community representative named Claude Gohourou. In recent weeks, the Ivorian judiciary has sided with him, according to the London law firm Leigh Day & Company, which represents the victims.

Behind the representative is “a highly influential figure within Ivorian judicial and financial circles,” who offered to clear up the roadblocks to the money’s distribution “if I agreed to the interest being paid to him,” Martyn Day, senior partner of Leigh Day, said in a statement filed in British courts Wednesday. “I of course refused to have anything to do with such blatant corruption.”

Mr. Day said he did not know the identity of the “influential figure” because his associates in Ivory Coast were “too nervous” to reveal it. But in an interview he said there was a real risk that millions of dollars destined for the victims would simply disappear into undeserving pockets. “I’ve never seen anything like this,” Mr. Day said. “Mr. Big is clearly pretty big. The whole scene makes me feel extremely nervous that our claimants will never see a penny of their damages.”

Israel Intercepts Arms-Laden Ship

Via Al-Jazeera -

A ship carrying hundreds of tons of weapons has been seized by Israeli commandos, government and military officials have said.

Israeli military said on Wedenesday the arms were destined for the Lebanese armed political group Hezbollah.

They also said an Iranian document was found on board, showing that the arms shipment originated from Iran.

The ship, the Francop, is operated by the United Feeder Services, a Cyprus-based shipping company that said it picked up the cargo in Damietta, Egypt, according to the Associated Press news agency.

Liutenant-Colonel Avital Leibovich, the Israeli military spokeswoman, said: "It's a cargo certificate that shows that it was from a port in Iran.

"All the cargo certificates are stamped at the ports of origin, and this one was stamped at an Iranian port."

Israeli commandos boarded the ship before dawn in the waters near Cyprus.

Rear Admiral Roni Ben-Yehuda, the deputy Israeli navy commander, told a briefing that "hundreds of tons" of weapons were found.

His estimate was much higher than an earlier one of more than 60 tons.

The weapons were "a drop in the ocean" of arms being shipped to Hezbollah, Ben-Yehuda said.

But hours after the seizure, Israel had not provided evidence that the arms were meant for the Lebanese guerrillas.

Speaking at a news conference in the Syrian capital, Damascus, Walid al-Muallem, Syria's foreign minister, said the ship was carrying civilian goods from Syria to Iran.

-----------------------

STRATFOR Video Dispatch
http://www.stratfor.com/analysis/20091104_video_dispatch_israels_timely_interception

Researchers Create Hypervisor-Based Tool For Blocking Rootkits

Via DarkReading -

Researchers at North Carolina State University and Microsoft Research have come up with a way to combat rootkits by using the machine's own hardware-based memory protection: the so-called HookSafe tool basically protects the operating system kernel from rootkits.

Rootkits are the most difficult of malware to detect and remove: they often evade detection by anti-malware software, and even if they are discovered, they can still be difficult to completely eradicate. A rootkit typically hijacks "hooks" in the operating system -- basically the control data in the kernel used to augment or extend the features of an OS -- in order to hide out in the OS. This in turn lets the rootkit intercept and manipulate the system's data, remain invisible to the user and anti-malware tools, and to install other malware aimed at stealing data from the system.

"Then the rootkit can hijack and manipulate the results seen by the user applications ... only allowing a user to see what it wants them to see," says Xuxian Jiang, assistant professor of computer science at NC State and a member of the research team.

"The best way to [defend against rootkits] is to prevent them in the first place," he says. "It's a mess trying to clean them up."

The researchers have devised a way to move the potentially tens of thousands of hooks in the kernel to a centralized location so they're easier to monitor and more difficult to abuse. Their HookSafe prototype is a hypervisor-based system that is able to protect nearly 6,000 different kernel hooks and has successfully stopped nine different rootkits.

HookSafe runs in Ubuntu Linux 8.04 and leverages hardware-based memory protection in the system to stop rootkits from hijacking kernel hooks. "[It] includes a patch to the OS kernel to relocate the kernel hooks," Jiang says. "It also includes an extension to commodity hypervisors [such as Xen] to enforce the hook protection with the hardware-based memory protection."

The main tradeoff of the tool thus far is a slight performance hit, about a 6 percent slowdown in system performance.

Patches Everywhere - Java, Microsoft & Adobe

http://www.computerworld.com/s/article/9140258/Microsoft_re_patches_last_month_s_critical_IE_update?source=rss_security

On Monday, Microsoft re-issued MS09-054, the update that patched four vulnerabilities in Internet Explorer (IE). According to Christopher Budd, a spokesman for the Microsoft Security Response Center (MSRC), the follow-up hotfix patches Web page display problems introduced by the update. Budd downplayed the severity of the problems, saying that the number of users affected was "limited.

---------------------------------

http://blogs.sun.com/security/category/news

On November 3, 2009, Sun will release the following security updates:

• JDK and JRE 6 Update 17
• JDK and JRE 5.0 Update 22
• SDK and JRE 1.4.2_24
• SDK and JRE 1.3.1_27

The following Sun Alerts corresponding to these updates will be released following the availability of these updates.

• 269868
• 269869
• 269870
• 270474
• 270475
• 270476

---------------------------------

http://www.adobe.com/support/security/bulletins/apsb09-16.html

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.

Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602 available here: http://get.adobe.com/shockwave/.