Via FAS Secrecy Blog -
New reports from the Congressional Research Service include the following (pdf):
“Al Qaeda and Affiliates: Historical Perspective, Global Presence, and Implications for U.S. Policy,” February 5, 2010.
Via Symantec.com -
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a busy month—the vendor is releasing 13 bulletins covering a total of 26 vulnerabilities.
Eight of the issues are rated “Critical” and affect SMB Server, SMB Client, Windows, and Data Analyzer ActiveX control. An attacker could exploit the SMB Server issues remotely to gain complete control of an affected computer. However, to exploit the SMB Client issues to compromise a computer, the attacker must first entice a victim to connect to a malicious server.
The remaining issues, rated “Important” and “Moderate,” affect SMB Server, Windows, Windows Kernel, Office, PowerPoint, and Paint. Although the kernel issues are rated only “Important” by Microsoft, we consider them to be a high security risk because exploit code already exists for one of the issues.
-------------------Via The Long War Journal -
A wanted Egyptian al Qaeda operative who helped establish the terror group in the Caucasus has been killed by Russian security forces during a clash in Dagestan.
Russia's Federal Security Service killed Mokhmad Mohamad Shabban, who is better known as Saif Islam or the Sword of Islam, and an associate during a raid yesterday in a mountainous region in the Republic of Dagestan.
"On February 2, the FSB [Federal Security Service] carried out a special operation in the district center of Botlikh, Dagestan. One of the founders of the Al Qaeda network in the North Caucasus Mokhmad Mohamad Shabban, 49, also known as "Saif Islam," and a gunman accompanying him were neutralized as they offered armed resistance," according to a statement published at Itar-Tass.
Shabban helped establish al Qaeda in the Caucasus, along with Ibn al Khattab. "In 1992, he [Shabban] arrived in Chechnya to take part in operations against federal forces," a Federal Security Service spokesman told RIA Novosti .
Russian security forces killed Khattab in 2002. Khattab served as the commander of the International Islamic Battalion in Chechnya, al Qaeda’s combat unit in the Caucasus.
The Federal Security Service has accused Shabban of plotting attacks against government and security personnel, and infrastructure throughout the Caucasus, at the behest of Georgian intelligence.
"He masterminded acts of sabotage to blast railway tracks, transmission lines, and gas and oil pipelines at instructions by Georgian secret services" the FSB stated. The FSB also accused Shabban of masterminding the Jan. 6 suicide attack that killed seven policemen on the outskirts of Makhachkala, the capital of Dagestan.
Via CNN -
Without issuing a recall of its iconic Prius hybrid vehicles, Toyota said Thursday a software glitch is to blame for braking problems in the 2010 model.
"We would want to be given a little time," Hiro Yuki Yokoyama, Toyota's managing officer, said when reporters asked whether a recall was in the works.
The company changed its braking system software in January as part of what it called "constant quality improvements," but did not say what it would do about vehicles manufactured before then.
Toyota officials described the problem as a "disconnect" in the vehicle's complex anti-lock brake system (ABS) that causes less than a one-second lag. With the delay, a vehicle going 60 mph will have traveled nearly another 90 feet before the brakes begin to take hold.
Brakes in hybrids such as the Prius operate differently from brakes in most cars. In addition to standard brakes, which use friction from pads pressed against drums or rotors, the electric motors in hybrids help slow them. The process also generates electricity to recharge the batteries.
The Japanese government has warned Toyota to take seriously mounting complaints of brake problems with its 2010 Prius hybrid.
[...]
"The complaints received via our dealers center around when drivers are on a bumpy road or frozen surface," said Paul Nolasco, a Toyota Motor Corp. spokesman in Japan. "The driver steps on the brake and they do not get as full of a braking feel as expected."
In the United States, more than 100 complaints alleging poor brake performance have been lodged with the National Highway Traffic Safety Administration against the 2010 Prius, a newly designed version of the car that was introduced last summer.
"NHTSA has received a number of complaints about a potential defect affecting the brake system in Toyota's Prius hybrid and is conducting field work to examine the issue," the agency said Wednesday.
[...]
"I have been driving my 2010 Prius for 6 months and have experienced the following nearly 10 times," one owner wrote. "When braking, if a pothole or bump in the road is hit, the car seemingly jerks forward/accelerates for a split second."
The Prius is Toyota's third best-selling model in the United States, ranking behind the Camry mid-size sedan and the Corolla compact car.
It's been a long week...but next week will be better. I am finally taking a long overdue vacation, so the blog will be pretty quiet for about a week.
But be sure, I will return and hit it harder than before....see everyone next weekend.
Thanks reading.
Via Threatpost.com -
Google is starting a new program that will pay security researchers a $500 bounty for every security bug they find in Chromium, the open-source codebase behind the Google Chrome browser, as well as for bugs found in Chrome itself.
The company said Thursday that the plan is both meant as a reward for researchers who have been contributing bugs to the project already, and as a way to encourage other researchers to find security flaws in Chromium. Google said it will pay a base bounty of $500 for most bugs contributed, but may raise the payment to $1337 for bugs that are "particularly severe or particularly clever." The program is modeled after one started some time ago by Mozilla, which also pays $500 bounties.
Not every bug found in Chromium will qualify for the bounty. Google is looking for flaws in the Stable, Dev and Beta channels of the Chromium codebase, and said that the company will not pay for bugs that are disclosed publicly before they're disclosed to the Chromium developers. However, the company will pay for bugs that are disclosed publicly after they've been fixed in Chromium.
"In addition, bugs in plugins that are part of the Chromium project and shipped with Google Chrome by default (e.g. Google Gears) may be eligible. Bugs in third-party plugins and extensions are ineligible," the company said.
Other organizations have been buying vulnerabilities privately for several years now, most notably the Zero Day Initiative from Tipping Point, and VeriSign's iDefense Labs unit. Those companies pay far more than $500 for vulnerabilities, and researchers say that private organizations, such as government agencies, routinely pay tens of thousands of dollars for critical remotely exploitable bugs in popular software.
Via EFF -
Remember what put the debate over net neutrality into high gear? In 2007, EFF and the Associated Press confirmed suspicions that Comcast was clandestinely blocking BitTorrent traffic. It was one of the first clear demonstrations that ISPs are technologically capable of interfering with your Internet connection, and that they may not even tell you about it. After receiving numerous complaints, the FCC in 2008 stepped in and threw the book at Comcast, requiring them to stop blocking BitTorrent. The Comcast-BitTorrent experience put net neutrality at the top of the FCC agenda.
Yet now that the FCC has formally issued draft net neutrality regulations, they have a huge copyright loophole in them — a loophole that would theoretically permit Comcast to block BitTorrent just like it did in 2007 — simply by claiming that it was "reasonable network management" intended to "prevent the unlawful transfer of content."
You heard that right — under these conditions, the new proposed net neutrality regulations would allow the same practices that net neutrality was first invoked to prevent, even if these ISP practices end up inflicting collateral damage on perfectly lawful content and activities.
When we saw the loophole, we had to ask ourselves, "Is this real net neutrality?" And the answer was simply, "No." The entertainment industry is already pressuring ISPs to become copyright cops. Carving a copyright loophole in net neutrality would leave your lawful activities at the mercy of overbroad copyright filtering schemes, and we already have plenty of experience with copyright enforcers targeting legitimate users by mistake, carelessness, or design.
If net neutrality regulations are to be taken seriously at all, then the loophole must be closed. Sign the petition to demand real net neutrality from the FCC.
Via ubiwar.com -
The Register has the skinny on the UK’s new Communications Capabilities Directorate (CCD), as mentioned here the other day. Sod the iPad, or whatever it’s called, read this:
Home Office Spawns New Unit to Expand Internet Surveillance
Exclusive The Home Office has created a new unit to oversee a massive increase in surveillance of the internet, The Register has learned, quashing suggestions the plans are on hold until after the election.
The new Communications Capabilities Directorate (CCD) has been created as a structure to implement the £2bn Interception Modernisation Programme (IMP), sources said.
The CCD is staffed by the same officials who have have been working on IMP since 2007, but it establishes the project on a more formal basis in the Home Office. It is not yet included on the Home Office’s list of directorates.
The intelligence and law enforcement agencies have pushed hard for new laws to force communications providers to store details of who contacts whom, when, where and how via the internet.
However, following a consultation last year, when the Home Office’s plans were heavily criticised by ISPs and mobile companies, it was widely assumed progress on IMP would slow or stop. The CCD has continued meeting with industry to try to allay concerns about the project’s costs, effect on customer privacy and technical feasibility.
“The Home Office has long been working with communications service providers to take forward legislation providing for the retention of communications data,” a Home Office spokesman said. “That is continuing.”
“More recently, we have been considering how, in a changing communications environment, lawful acquisition of communications data and interception of communications can continue to save lives, to counter terrorism, to detect crime and prosecute offenders, and to protect the public.”
Officials envisage communications providers will maintain giant databases of everything their customers do online, including email, social networking, web browsing and making VoIP calls. They want providers to process the mass of data to link it to individuals, to make it easier for authorities to access.
Access to communications data is currently governed by the Regulation of Investigatory Powers Act. Under European legslation ISPs are required to retain basic information about what their customers do online, but not to open their data packets to record who they contact on Facebook, for example.
The Home Office spokesman added: “This is a diverse range of activity now organised within a single Communications Capabilities Directorate with its focus on work under current legislation.
“The Directorate will continue to consider the challenges posed by new technologies, working closely with communications service providers and others to bring forward proposals that command public confidence and demonstrate an appropriate balance between privacy and security.”
Work is also continuing at GCHQ in Cheltenham on its classified Mastering the Internet programme, which is developing systems and methods for extracting intelligence from the huge volumes of new surveillance data online services can generate.
Perhaps government could demonstrate the need for this before ploughing ahead against the interests of almost everyone consulted? Perhaps ‘command public confidence’ by stating exactly what this project is actually going to do, what safeguards there are, and why on earth we need it. Fat chance. We’ve got a war to fight, don’t you know.
Via guardian.co.uk -
Police in the UK are planning to use unmanned spy drones, controversially deployed in Afghanistan, for the "routine" monitoring of antisocial motorists, protesters, agricultural thieves and fly-tippers, in a significant expansion of covert state surveillance.
The arms manufacturer BAE Systems, which produces a range of unmanned aerial vehicles (UAVs) for war zones, is adapting the military-style planes for a consortium of government agencies led by Kent police.
Documents from the South Coast Partnership, a Home Office-backed project in which Kent police and others are developing a national drone plan with BAE, have been obtained by the Guardian under the Freedom of Information Act.
They reveal the partnership intends to begin using the drones in time for the 2012 Olympics. They also indicate that police claims that the technology will be used for maritime surveillance fall well short of their intended use – which could span a range of police activity – and that officers have talked about selling the surveillance data to private companies. A prototype drone equipped with high-powered cameras and sensors is set to take to the skies for test flights later this year.
[...]
Concerned about the slow pace of progress of licensing issues, Kent police's assistant chief constable, Allyn Thomas, wrote to the CAA last March arguing that military drones would be useful "in the policing of major events, whether they be protests or the Olympics". He said interest in their use in the UK had "developed after the terrorist attack in Mumbai".
Stressing that he was not seeking to interfere with the regulatory process, Thomas pointed out that there was "rather more urgency in the work since Mumbai and we have a clear deadline of the 2012 Olympics".
[...]
BAE drones are programmed to take off and land on their own, stay airborne for up to 15 hours and reach heights of 20,000ft, making them invisible from the ground.
Far more sophisticated than the remote-controlled rotor-blade robots that hover 50-metres above the ground – which police already use – BAE UAVs are programmed to undertake specific operations. They can, for example, deviate from a routine flightpath after encountering suspicious activity on the ground, or undertake numerous reconnaissance tasks simultaneously.
The surveillance data is fed back to control rooms via monitoring equipment such as high-definition cameras, radar devices and infrared sensors.
Previously, Kent police has said the drone scheme was intended for use over the English Channel to monitor shipping and detect immigrants crossing from France. However, the documents suggest the maritime focus was, at least in part, a public relations strategy designed to minimise civil liberty concerns.
"There is potential for these [maritime] uses to be projected as a 'good news' story to the public rather than more 'big brother'," a minute from the one of the earliest meetings, in July 2007, states.
-------------------------Via Root Labs (Nate Lawson) -
George Hotz, previously known as an iPhone hacker, announced that he hacked the Playstation 3 and then provided exploit details. Various articles have been written about this but none of them appear to have analyzed the actual code. Because of the various conflicting reports, here is some more analysis to help understand the exploit.
The PS3, like the Xbox360, depends on a hypervisor for security enforcement. Unlike the 360, the PS3 allows users to run ordinary Linux if they wish, but it still runs under management by the hypervisor. The hypervisor does not allow the Linux kernel to access various devices, such as the GPU. If a way was found to compromise the hypervisor, direct access to the hardware is possible, and other less privileged code could be monitored and controlled by the attacker.
Hacking the hypervisor is not the only step required to run pirated games. Each game has an encryption key stored in an area of the disc called ROM Mark. The drive firmware reads this key and supplies it to the hypervisor to use to decrypt the game during loading. The hypervisor would need to be subverted to reveal this key for each game. Another approach would be to compromise the Blu-ray drive firmware or skip extracting the keys and just slave the decryption code in order to decrypt each game. After this, any software protection measures in the game would need to be disabled. It is unknown what self-protection measures might be lurking beneath the encryption of a given game. Some authors might trust in the encryption alone, others might implement something like SecuROM.
The hypervisor code runs on both the main CPU (PPE) and one of its seven Cell coprocessors (SPE). The SPE thread seems to be launched in isolation mode, where access to its private code and data memory is blocked, even from the hypervisor. The root hardware keys used to decrypt the bootloader and then hypervisor are present only in the hardware, possibly through the use of eFUSEs. This could also mean that each Cell processor has some unique keys, and decryption does not depend on a single global root key (unlike some articles that claim there is a single, global root key).
George’s hack compromises the hypervisor after booting Linux via the “OtherOS” feature. He has used the exploit to add arbitrary read/write RAM access functions and dump the hypervisor. Access to lv1 is a necessary first step in order to mount other attacks against the drive firmware or games.
His approach is clever and is known as a “glitching attack“. This kind of hardware attack involves sending a carefully-timed voltage pulse in order to cause the hardware to misbehave in some useful way. It has long been used by smart card hackers to unlock cards. Typically, hackers would time the pulse to target a loop termination condition, causing a loop to continue forever and dump contents of the secret ROM to an accessible bus. The clock line is often glitched but some data lines are also a useful target. The pulse timing does not always have to be precise since hardware is designed to tolerate some out-of-spec conditions and the attack can usually be repeated many times until it succeeds.
------------------------
