Monday, July 31, 2006

Insurance Companies Won't Pay Because Thieves are Too Good

Via Wired -

Last summer Emad Wassef walked out of a Target store in Orange County, California, to find a big space where his 2003 Lincoln Navigator had been. The 38-year-old truck driver and former reserve Los Angeles police officer did what anyone would do: He reported the theft to the cops and called his insurance company.

Two weeks later, the black SUV turned up near the Mexico border, minus its stereo, airbags, DVD player, and door panels. Wassef assumed he had a straightforward claim for around $25,000. His insurer, Chicago-based Unitrin Direct, disagreed.



So normal unlucky car owners get shafted by the insurance companies before the thieves were "too good"??


Are you serious?

It is a known fact that RFID system are breakable...so how can they do this?

The bad guys are basically using a digital lockpick. Would we get shafted the same if someone broken in our homes using a standard lockpick set??

Saturday, July 29, 2006

Mass Source Code Auditing using Google

I just found this gem over at RootSecure.net:

The Bugle Project - "Google Source Code Bug Finder"

He came up some the slick idea of using Google to search for known bad functions in internet readable source code.

Here is one example Google search

"strncpy(bufferbuf,str,len)" filetype:c - Strncpy length miscalculation

Super cool stuff. Nice work Cipher.

Friday, July 28, 2006

Myspace Phishing - It never ends...

** WARNING - THIS IS NOT THE REAL MYSPACE **

http://logintomyspacerighthere.50webs.com/

Found this URL in an auto-bulletin "posted" by a friend today.

When will Myspace take action to stop these auto-bulletins??

Myspace should:
  1. Use a simple cookie setting to remove the ability for a 3rd party site to post bulletin onto a user's profile.
  2. Go over to Verisign and drop the couple of hundred dollars and get SSL on your login page. Seriously...what is the hold up??

Social-networking Sites Rife with Wormable Flaws

Via F-Secure Blog -

Web Application Worms exploit persistent Cross Site Scripting (XSS) vulnerabilities in websites. It's a new category of malware and it's a growing concern for popular websites. Social Networking sites seem to be the most popular target as of now. MySpace has already been hit by two such worms - the Samy worm in October last year and last week's Flash worm. Samy was written by a guy who wanted to become popular on MySpace. So he designed the worm to crawl through the site while furiously adding people to his friends list. The result: over a million "friends" in a couple of hours. Last week's worm exploited a vulnerability in Macromedia Flash to redirect MySpace users to an objectionable webpage.

Last week MySpace was also the target of a malicious banner advertisement that ran on the site. It used the WMF vulnerability in Windows to serve adware to more than a million users with unpatched machines.

All this piqued our interest and we decided to see how secure other popular social networking sites are against "wormable" XSS vulnerabilities. We picked two among the top social networking sites with a reported combined user base of 80 million. Within half an hour we had discovered over half a dozen potentially "wormable" XSS vulnerabilities in each site! We stopped looking after finding half a dozen, but we are sure there are a lot more holes in there. With about a day's work a malicious attacker with a half-decent knowledge of javascript could create a worm using just one of these vulnerabilities.

Something to consider: The WMF banner ad successfully reached about one million users. An automated worm utilizing a similarly malicious WMF exploit or a similar browser expoit (maybe even a 0-day exploit) could potentially reach a much, much larger audience of unpatched machines. Theoretically, this could be the entire user base...

Recommendations -

  1. End users need to patch their machines. There's no excuse not to.
  2. Web application developers must start taking security seriously. Yes, XSS issues are silly, easy to find and omnipresent. And XSS issues have stopped being funny for a long time now. They are a real danger with the advent of Phishing and Web Application worms that exploit a mass user base of millions of users within a very short time.

Of course, we have reported the issues to the affected websites and are working with them to get the issues fixed. And, of course, we aren't taking any names here.




This isn't much of a shocker to me and to other people that have used these sites. Myspace is totally blind the the ad companies and other groups that are taking advantage of their user base.

What has changed since Myspace hired Hemanshu Nigam? It was great PR, sure...but Myspace's code practices are horrible.

Security did not become an issue to them until Sammy did what he did. But even right now, there are ways to see "private blogs", etc.

Myspace security is nothing but smoke and mirrors at this point.

Take into consideration the information that SPI Labs just released and the picture gets even darker.

Thursday, July 27, 2006

In Iraq, Anyone can be Policeman for Few Dollars

By Nafia Abdel Jabbar and Patrick Fort - Baghdad

A disreputable crew of unshaven men wearing police uniforms pounces on a businessman before the horrified eyes of his wife as he leaves his home in an upscale Baghdad neighbourhood.

Luckily for the hapless commuter, two crisply dressed "heroes" show up, swiftly disarm the attackers and derisively tear off their fake "Iraqi Police" armbands.

Welcome to the world of state-owned television's public service announcements.

Outside in the real streets, however, the heroes don't always arrive and survivors of incident after bloody incident report being attacked by gunmen wearing apparently official security uniforms - with total impunity.

The attacks have reached such a level that the interior ministry this week issued phone numbers for its operations room so people can call to confirm the identities of gunmen in uniform.

"The ministry asked citizens to prevent such criminals from carrying out their dirty intentions by using the name of a force which works hard to serve the people," the ministry statement said.

Many Sunnis have accused the country's Shiite-dominated security forces of involvement in attacks and kidnappings, but would-be gunmen don't have to look far to find security uniforms.

"Iraqi army, police, ministry of interior, US army - choose! We have all the uniforms," said one salesman in Baghdad's downtown Tahrir Square.

With shirts available for 3.25 dollars (2.55 euros), pants at 5.50 dollars and an "IP" armband for one dollar, a hypothetical kidnapper would only have to spend 10 dollars for his disguise.

For those looking to add flair to the outfit, unit insignia and ranks range from 15 cents to a dollar. Genuine medals can even be bought at stores in the major hotels.

"I regret that military clothing can be found freely sold in the market or be imported," said Major General Abdel Aziz Mohammed in a briefing this week.

"We will import new uniforms that will be distributed to our units that no one will be able to obtain otherwise, and will be difficult to imitate," he said, repeating the oft-heard promise of new uniforms.

At the start of a month-old Baghdad security operation, the government also said that police and military units would wear new outfits that would be hard to imitate. They have yet to appear.

There is debate over whether the new outfits will even solve the problem. Merchants selling military garb point out that while some uniforms are counterfeit, most are the real deal - obtained from soldiers and police themselves.

"It's members of the different units that sell their uniforms," said one salesman.

A major from the interior ministry walking through the market explained to AFP that he had come here to sell his new uniform and buy an old one.

The officer said he could make a little profit of between 20 and 30 dollars a uniform - but still show superiors that his unit has the correct number of uniforms.

Salaries for soldiers and police range from 250 to 400 dollars per month, depending on rank, with soldiers making more than police in a country where prices always seem to be rising.

"We buy new uniforms for between 20 and 25 dollars and then resell them for 40 dollars, with the price depending on the state of the uniform. The price can go down," the salesman said.

On one occasion a member of the army sold 60 uniforms at once, but then the next day there was an operation. "They wanted them back. As a rule, we store the uniforms elsewhere," added the seller.

The true prizes in the market for military clothing are the rare US uniforms sold by the local interpreters working with the US army. These cost more than Iraqi uniforms, at around 70 dollars each.

The boots are particularly valued and cost 70 dollars a pair.

"The American boots are the best. Inimitable!" the salesman said.

Wednesday, July 26, 2006

FireFox 1.5.0.5 Released - Sorta

The release page is up, but it isn't officially being released until tomorrow (July 27th).

However, it is currently on their FTP server. ;)

FBI Hacker Gets Merciful Sentence - 6 Months of Home Detention

Via Softpedia News -

The FBI hacker Joseph Thomas Colon accused of illegally accessing the bureau's secret network in 2004, using FBI agent's password has recently received a sentence that spared him of jail time.

Although he was facing a potential four years behind bars for hacking the FBI's network while working at BAE Systems on the Trilogy project to upgrade the federal institution's aged IT infrastructure, Colon has successfully proven that his hack, while premeditated, did nothing to threaten national security. Based on this argument U.S. District Judge Richard Leon sentenced Colon to only six months of home detention. In addition the hacker will have to pay $20.000 in restitution to the Federal Bureau of Investigation.

Colon had pleaded guilty to four misdemeanor counts. All of them concerned premeditated access of governmental information while exceeding the authorization level. In doing so, Colon had sensitive data of no less than 38.000 FBI employees at his fingertips. In his defense, the accused stated numerous times that he actually meant to bring to the surface the systems' vulnerabilities while increasing network processes performance and speed, as was his job, and not to hack into the system.This is not a case of al-Qaeda people trying to sneak into the FBI system, stated Judge Richard J. Leon when he delivered his ruling.






This sounds pretty fair. The judge is right; this wasn't a terrorist attempting to damage America or anything. However, what Joseph did was illegal and beyond his scope of work, therefore he got in trouble.

From what I gather, he had access to the network and used a password brute-forcer on some entry point (LDAP, AD, etc). The simple fact that he was able to do this proves two points that are well known in the computer security industry.
  • Internal network security is just as important as external network security.
  • Insider attacks are a real danger and normally are harder to detect.

This case just points out that the FBI, like most huge corporations in the world, are pretty vulnerable once an attacker is beyond the perimeter security.

I like to call it "M&M Security" - hard on the outside; soft in the middle.

Monday, July 24, 2006

A Tough Call: Invisible Phone Or Invisible Friend

Washington Post has a great article on those bluetooth earpiece wearing freaks. Yep, that is right...I called you a freak. I don't like it when you are yelling in public...I think you are talking to me and I just want to stab you.

Happy Monday...

Mwsearch - Finding Malware with Google






In early July, Websense released information on a technique they developed to acquire malware samples using Google. Websense did not want to release details of the technique, fearing that it would be used for evil. However, in today’s world, anything and everything can be used for good or evil.

It was only a matter of time, before blackhats coded a tool and started to collected malware. So why shouldn't the good guy have the same tools? Anti-spyware and anti-virus companies could use this technique to refine signatures or fill in the detection gaps.

Once an idea is released, it is only a matter of transforming it to code...this is exactly what HD Moore did with Mwsearch.

Check out HD's recent "Internet Drive-By Shootings" blog, to understand the type of information that can found with this new tool. It should help the good guys find out more about what the bad guys are doing....

Go, use, detect and clean the infected....

Sunday, July 23, 2006

Malicious Trojan Disguised as Google Toolbar

Via Softpedia News -

Online Security Company SurfControl based in Scotts Valley, California, has issued a public warning revealing that it has detected a new malicious threat that impersonates a Google product. SurfControl claims to have identified e-mails disguised as being originated by Google that invite the users to follow up a link that would lead to the installation of the latest variant of Google Toolbar. The use of Google’s brand in an attack translates into consumer confidence and a human based vulnerability.

The link comprised in the e-mail leads to a spoofed Google Toolbar Web site that apparently offers the Mountain Views Company’s toolbar. In actuality, the fake page delivers a Backdoor Trojan instead of the Google Toolbar plug-in.

The fake Google Toolbar Web was spoofed correct addresses, and SurfControl warned that the hackers made use of Google’s redirection service to hide the real addresses. Users downloading the malicious Toolbar will become infected with Backdoor Trojan W32.Ranky.FW. The malware will eventually turn a compromised machine into a bot zombie.

SurfControl did not rank the threat with a high level, partly because the attempt is a poor programming compilation and defective in achieving its purpose. The company claims that it has toned its security products in accord with the new threat and that its customers are well protected.

Saturday, July 22, 2006

DHCP Exploit Publicly Available (MS06-036)

Published: 2006-07-22,Last Updated: 2006-07-22 13:21:20 UTC by Swa Frantzen (Version: 1)

As a "present" for blackhat an exploit against the DHCP client of Windows 2000 was released publicly. See MS06-036 for more details.

The exploit claims to add the user "bl4ck" with a very insecure password and might cause the service to terminate. The author left some suggestions for "improvement" in the source code, so expect potentially nastier versions to be used in real life. If you still have not patched your Windows client systems, it is a very good time to do so now.

The nature of DHCP makes it so that any device on a LAN can answer any and all DHCP request. So be sure people understand there is no need to attack or compromise any server first. Detecting this is helped slightly by DHCP's use of broadcasts (the client doesn't have an IP address).It is quite imaginable that this gets used not just over wired networks - where the defending staff could disable a port in a worst-case scenario - but also over wireless networks, hotspots, hotels etc. where no such option is available. Or it could be used in a multi-stage attack where this gets inside your network in other ways and then does its "magic" on the local LAN.

-----------------------------------

After talking to a couple of friends, this exploit isn't the best in the world. Exploitation of the bug will crash the DHCP service, leaving the target box without an IP address....that is the rub.

Anyways, I know a couple of people that are looking into the issue...but this one is pretty tricky to use. This trickiness will hopefully give corporate patch administrators the time to make the patch package and get it rolling...

http://www.milw0rm.com/exploits/2054

-Technocrat

Friday, July 21, 2006

Hacktivismo Launches ScatterChat - Secure IM

FOR IMMEDIATE RELEASE

Hacktivismo Launches ScatterChat for Secure, Private Communication

CULT OF THE DEAD COW (cDc) subdivision releases user-friendly software to facilitate anonymous communication and secure file transfers

NEW YORK, NY (PRWEB) July 21, 2006 Hacktivismo, an international group of hackers, human rights workers, lawyers, and computer security experts announces the release of ScatterChat (http://www.scatterchat.com/), a free, open source application designed to facilitate secure and private real-time communication over the Internet.

ScatterChat is unique in that it is intended for non-technical human rights activists and political dissidents operating behind oppressive national firewalls. It is an instant messaging client that provides end-to-end encryption over the Electronic Frontier Foundation-endorsed Tor network. Its security features include resiliency against partial compromise through perfect forward secrecy, immunity from replay attacks, and limited resistance to traffic analysis, all reinforced through a pro-actively secure design.

According to lead developer J. Salvatore Testa II, The anonymity and encryption that ScatterChat provides ensures that both the identities and messages of activists remain a mystery, even to well-funded totalitarian governments.

Hacktivismo will be announcing the release of ScatterChat at the HOPE conference taking place July 21-23, at the Hotel Pennsylvania in New York, NY.

ABOUT HACKTIVISMO

Hacktivismo, a subdivision of CULT OF THE DEAD COW (cDc), has been combating information rights abuses for more than a decade. Its Goolag campaign brought great visibility to the issue of Internet censorship in China. Hacktivismo assumes as an ethical point of departure the principles enshrined in the Universal Declaration on Human Rights and the International Convention on Civil and Political Rights.

ABOUT CULT OF THE DEAD COW

Founded in Lubbock, TX, CULT OF THE DEAD COW (cDc) is the most influential hacking group in the world. The cDc alumni reads like a Whos Who of hacking and includes a former Presidential advisor on Internet security, among others. The group is further distinguished by publishing the longest running e-zine on the Internet [est. 1984], stretching the limits of the First Amendment, and fighting anyone or any government that aspires to limit free speech.

PRESS CONTACT: press@hacktivismo.com

Also check out:
ASCII version (thanks to Barium of ACiD)
PDF version (thanks to DaYuM of the Ninja Strike Force)

Using TrueCrypt With NTFS Alternate Data Streams

Video via IronGeek.com

Basically he is using the ADS of a text file to hide the encrypted volume - good idea.

In the video he uses a text file as just a demo example, but I like to hide my volumes as 800MB-1GB "video" files.

Just name your volume "Family Guy EP1.avi"

Wednesday, July 19, 2006

What Happens When Money is More Important Than the Customer?

The customer gets screwed...bottom line.

So you have heard me say that Myspace is nothing more than an advanced ad machine that is focused on money? Right? Well, it is.

Don't believe me? Check this little blog over at Security Fix.

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.

So, one of Myspace's official online banner advertisements infected million of users with spyware....umm...I rest my case.

It is true that Myspace users aren't really paying customers...but Myspace wouldn't be alive if users weren't there to click on their ads - so in a way, they need us much much more than we need them.

Tuesday, July 18, 2006

Microsoft buys Winternals

Microsoft Buys Winternals

Larry Seltzer over at eWeek.com has the write-up.

Microsoft on July 18 announced that it has acquired Winternals Software, which provides security, recovery and management tools for enterprises as well as a respected collection of free Windows tools on the Sysinternals site.

Thursday, July 13, 2006

iPod Forensics

Very interesting look at the iPod and ways in which it is used by the real-world criminal element. Also the forensics used to dig into the device for invesigations purposes.

iPod Forensics (pdf) - International Journal of Digital Evidence

Tuesday, July 11, 2006

Black Tuesday!

Man, I haven't been deep in the patch management scene for a while now, but I do keep up with what is going on.

Microsoft has released a load of patches today. Go get them.

DHCP and the IIS ASP bugs look pretty bad.

Kudos to my fellow Austin friends for finding the Mailslot boundary error in the Microsoft Server Service. Well Done!

Let the patch reversing game begin....*shoots gun up into air*

Monday, July 10, 2006

Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability

/*------------------------------------------------------------
* Microsoft Word unchecked boundary condition vulnerability.
* ---------------------------------------------------------
* One of the functions in mso.dll (older versions mso9.dll)
* cannot properly handle the specially crafted files causing
* invalid memory acess and in some cases arbitrary overwrites.
* The exported function LsCreateLine (entry : mso_203) contains a boundary
* error while parsing certain specially crafted .DOC files,resulting in
* an invalid memory access.
*
* Following proof of concept code generates a .doc file , opening
* the file will cause an access violation, in mso.dll.
* Code execution is possible if 4-bytes of arbitrary memory
* is overwritten. Apparently this is not specific to MS Word
* only but other Office products are also vulnerable which use these
* functions. No other user interaction required in order to
trigger the vulnerability.
*
* Affected Products: Microsoft Office
* Tested against : Microsoft Word 2003,2002,2000
*
* // naveed afzal
*------------------------------------------------------------*/

A proof of concept code is available here
http://www.bsdpakistan.org/downloads/wordPOC.c

PoC is also listed at Milw0rm.

Microsoft states on the MSRC blog that they were able to determine that the claim is not accurate: while the Word application will exit unexpectedly, this is not a remotely exploitable vulnerability in Microsoft Word.

Sunday, July 9, 2006

Cracking the Secret Codes of Europe's Galileo Satellite

Via Newswire -

Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.



Oppps, we break codes of those that don't play nice.

Saturday, July 8, 2006

Fun: Cut Chemist Live @ Waterloo Park in Austin

A couple of weeks ago, I went to the local Alamo Drafthouse for a brew, food and a movie (Nachno Libre). It wasn't the best movie of all times, but it had its funny parts.

Anyways, during the previews they dropped some information about Cut Chemist being in town and playing a live and FREE show this weekend.

If you know anything about hip-hop or turntablistm, then you have heard the name Cut Chemist before. If you need a refresher, just watch Scratch and then watch Wild Style.

Well, tonight is the night - Cut Chemist at Waterloo Park

Should be a great show. I have my new 8 MP camera and hope to get some great shots.

Fun: Serbia Deploys Peacekeeping Forces To U.S.

God, I love the Onion.

BELGRADE–Serbian president Vojislav Kostunica deployed more than 30,000 peacekeeping troops to the U.S. Monday, pledging full support to the troubled North American nation as it struggles to establish democracy.

Thursday, July 6, 2006

Payroll Giant Gives Scammer Personal Data of Hundreds of Thousands of Investors

Via ABC News -

The latest corporate data breach is from a company you may never have heard of, even though one in six American workers gets paid by the firm.

Automatic Data Processing, one of the world's largest payroll service companies, confirmed to ABC News that it was swindled by a data thief looking for information on hundreds of thousands of American investors.

According to a company spokeswoman, ADP provided a scammer with personal information of investors who had purchased stock through brokerages that use ADP's investor communications services. Initial reporting indicates that these firms include a number of brand-name brokers, including Fidelity Investments.

A Fidelity spokesman says the data breach compromised 125,000 of the 72 million active accounts at the brokerage.

A spokesperson for banking and financial services group UBS confirms that about 10,000 of its brokerage clients were among those whose data was disclosed.

In a prepared statement, ADP spokeswoman Dorothy Friedman said the data thief exploited a Securities and Exchange Commission rule that allows public companies to get names and addresses of shareholders from brokers, as long as the shareholder has not objected to the disclosure of such information.

The thief impersonated a corporate officer from a public company and got ADP to send the information.




Ahh, Social Engineering attacks never get old. If I said it once, I said it a million times...user security education. These type of attacks are the easiest to conduct and yet also the easiest to prevent. So why does it still happen? Two reasons.

1) People are human after all. Tell them not to look at something and they want to all the sudden. Tell them not to open any attachment and some will do it "just to see what happens".

2) Many companies don't take security education serious, or don't want to invest the money into their employees. You pay for a huge Cisco router and you always know where it will be - in the teleco room. You put that same amount into an employee and they can quit the next day.

Consultant Breached FBI's Computers

Via WashingtonPost -

A government consultant, using computer programs easily found on the Internet, managed to crack the FBI's classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.

The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection Program and details on counterespionage activity, according to documents filed in U.S. District Court in Washington. As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars to ensure no sensitive information was lost or misused.

The government does not allege that the consultant, Joseph Thomas Colon, intended to harm national security. But prosecutors said Colon's "curiosity hacks" nonetheless exposed sensitive information.






This may sound pretty bad and it kinda is pretty bad. However, the truth is that this attack would have most likely worked on many many corporate networks. Insider attack vectors are overlooked many times, because the person / employee has been given a level of trust - even if they don't deserve it.

A simple password brute-forcer on an internal network could do a huge amount of damage very quickly....then we won't even start on MITM attacks.

Tuesday, July 4, 2006

North Korea Launches Test Missiles

The North Korea Government has tested three missiles today. One of those missiles was the long range TD-2. This TD-2 seems to fail after 50 seconds.

There are reports of a fourth short range missile within the last 30 mins. Please note these launches were around the time that the NASA launched the Shuttle.

We wait to see how the Japanese will react...

UPDATE - White House has confirmed a total of six missiles were tested. Two of those missiles were the multi-stage TD-2.

Monday, July 3, 2006

July - The Month of Browser Bugs - UPDATED

HD Moore has started "The Month of Browser Bugs". He will release a new browser bug for each day of the month....

MoBB #1 - ADODB.Recordset Filter Property
MoBB #2 - Internet.HHCtrl Image Property
MoBB #3 - OutlookExpress.AddressBook

Perhaps Microsoft will start to think...."hey, we are the ones making the big money off of these prodcuts, perhaps we shouldn't treat the general public as our own paid product security team"....

Good idea Microsoft!

But don't think IE is the only browser that will see the "fun". I have heard they are starting with some of the IE ones and then moving to several other browsers.

Microsoft Excel Universal Hlink Local Buffer Overflow Exploit

Via Milw0rm.com -

#############################################################
# excel hlink overflow UNIVERSAL poc by SYS 49152 #
# public version #
# #
# works with ANY of the following oses/office combinations: #
# -windows 2k sp4/XP SP1/XP SP2 #
# #
# -office 2000/Xp/2003 #
# #
# bindshell on port 49152 #
# #
# thanks go to BuzzDee for some things.. #
# #
# credits to kcope for finding the vuln.. #
# #
# I'm always ready to join groups, boards and the like.. #
# #
# for anything about this sploit you can drop a mail to #
# #
# gforce(AT)operamail.com #
#############################################################

Follow Link above for the exploit code. Blogger does't like to display code correct.

------------------------------------------------------

NOTE - This isn't a new vulnerability, just a new exploit. This is a universal exploit that works for Office 2000/XP/2003.

This one put all that work together from the other separate PoCs.

Sunday, July 2, 2006

Myspace - Bulletin Data Mining

http://www.pandora-security.com/forum/viewtopic.php?t=2132

Pretty interesting little PoC, it is sad the type of information that people release. It is ok if you understand the risk...but the sad truth is, most people don't.

Myspace.com - working to fool users into a false sense of community and security.

Saturday, July 1, 2006

CastleCops Responds to Leo Stoller

BENJAMIN Z. RICE
ATTORNEY AT LAW
P.O. Box 1206
Pleasanton, CA 94566
Voice & Fax: (925) 397-2005
Internet: www.ricelaw.net
E-Mail: bzr@ricelaw.net

Mr. Leo Stoller
7115 w. North Avenue
Oak Park, IL 60302

Re: Settlement- Not Admissible for Any Purpose Pursuant to CA Evidence Code 1152Our File No. CY757-514

Dear Mr. Stoller:

I write you on behalf of my clients Paul Laudanski and Computercops, LLC. I have spoken with my clients about your previous correspondence and your allegations that you have rights in the mark “CASTLE.” In short, we find no basis for your potential opposition and believe that you are engaging in vexatious, harassing litigation with no purpose.

My client objects to any further extensions of time for you to file your opposition and will oppose any further delays caused by you or entities you control. 37 CFR § 2.102(c) states in pertinent part:

Requests to extend the time for filing an opposition must be filed as follows: …. (3) After receiving one or two extensions of time totaling ninety days, a person may file one final request for an extension of time …. The Board will grant this request only upon written consent or stipulation signed by the applicant, or a written request by the potential opposer stating that the applicant has consented to the request …..

Your refusal to substantiate your alleged ownership of rights in “CASTLE,” coupled with your avowed intention to embark on a campaign of harassment if my clients do not capitulate to your demands, make clear that there is no good faith factual or legal basis for your assertions that you or “Castle Brand Products & Services” own rights of any kind to the mark or trade name “Castlecops.” Regrettably, your tactics here are consistent with your pattern of threatening and pursuing frivolous litigation, including actions instituted by you based on fabricated claims -- a fact that is well documented in numerous Court rulings against you and your companies. E.g., S Indus., Inc. v. Centra 2000, Inc. 249 F.3d 625, 637-29 (7th Cir. 2001)(affirming attorneys’ fee award against one of your companies because its suit was “indefensible” and “meritless” and stating that your “actions here look to be part of a pattern of abusive and improper litigation”); Central Mfg. Co. v. Pure Fishing, Inc., Order of Nov. 16, 2005 (N.D. Ill., Lindenberg, J) (noting that you have “earned a reputation for initiating spurious and vexatious federal litigation” and finding that you had engaged in “gross misconduct” and “unethical conduct,” evinced “an appalling lack of regard” for the judicial process and brought motions “that lacked any evidentiary support”); Central Mfg. Co v. Brett, Order of Sept. 30, 2005 (N.D. Ill., Coar, J.)(“Stoller appears to be running an industry that produces often spurious, vexatious, and harassing federal litigation.”) S Indus,. Inc. v. Stone Age Equip, Inc., 12 F. Supp. 2d 796, 819 (N.D. Ill. 1998 (Castillo, J.) (awarding attorney’s fees against one of your companies, calling your documents “highly questionable” and “perhaps fabricated” and describing your testimony as “inconsistent, uncorroborated, and in some cases, demonstrably false”); S Indus., Inc. and Cenral Mfg. Co. v. JL Audio, Inc. 2003 WL 21189779, at *5 (TTAB 2003) (“Mr. Stoller’s and opposers’ litigation strategy of delay, harassment and even falsifying documents in other cases is well documented” and citing numerous cases in support).

We therefore expect your written acknowledgement, no later than June 30, 2006 that you nor any company owned or operated by you, has any right title or interest of any kind in CASTLECOPS, either as a mark or a trade name. We further expect your written confirmation that you, your companies, and your purported licensees are not using and will not use the mark or trade name “Castlecops” in connection with the sale or offering for sale of goods or services. Should you fail to do so my clients will pursue any and all legal remedies available to remedy this situation.

This is my client’s good faith attempt to resolve an uncomfortable matter in an amicable and confidential manner. Be advised however, my clients will take appropriate steps to vindicate their legal rights, which may include seeking reimbursement of their attorneys’ fees and an award of sanctions against you and your companies.

This is not a complete statement of my clients’ position and they reserve any and all of their rights in this matter.

Please contact me directly should you have any questions about this matter.
I can be reached at (925) 397-2005 or bzr@ricelaw.net

Very truly yours,

BENJAMIN Z. RICE

-------------------------------------------------------

How many times can the legal system find Mr. Stoller acting in "gross misconduct” and “unethical conduct” before something is done?? Seriously?

If I call 911 several times without a real problem...I would be in jail.

How can Mr. Stoller waste the money of the state and federal taxpayers like this??

Orkut Social Network Phish

On June 25th, I reported an active Orkut phish. The website was being hosted right here in Texas, if I remember correctly.

Anyways, the reported source was a "spreading false mesage about one antivirus developed by Google and Symantec to clean a possible viruses for orkut users."

Here is the PIRT report. Phishing on social network sites is alive and well.

Terrorism: Bin Laden Endorses Abu Hamza al-Muhajir

Via Reuters -

DUBAI (Reuters) - A purported audio tape by Al Qaeda leader Osama bin Laden warned Iraq's Shi'ite majority on Saturday of retaliation over attacks on Sunni Arabs and that his group would fight the United States anywhere in the world.

Bin Laden, making his second Internet broadcast in two days and one of his strongest comments on sectarian divisions in Iraq, also warned the world community to stay out of Somalia, where Islamists have fought their way to power in Mogadishu


------------------------------

According to SITE, Bin Laden's speech concludes with a prayer for success to Abu Hamza al-Muhajer, the Emir of al-Qaeda in Iraq, chosen in the wake of Zarqawi’s death. Bin Laden urges him to have patience and obedience to Allah, continue jihad, and concentrate the attack of an undivided Mujahideen Shura Council Iraq on the Americans, their allies and supporters until the Islamic Caliphate is established. Abu Hamza al-Muhajir was named the new leader of Al-Qaeda in Iraq after the killing of Abu Musab al-Zarqawi on June 7th.

Abu Hamza al-Muhajir was named the new leader of Al-Qaeda in Iraq after the killing of Abu Musab al-Zarqawi on June 7th.

-------------------------------

More Mujahideen Shura Council stuff....

Via an Arabic Blog dated July 1st -

Mujahideen Shura Council adopts explosion device on a police car alluding

The name of God, the Merciful Your employer paid firing proved foot God the God of both worlds, prayer and peace on our Prophet Muhammad, who was accompanied by a whole.

After : The brothers in the military wing of the Shura Council of Mujahideen on Thursday 2 Jumada another e 1427, 29 / 6 / 2006 m detonated an explosive device on a police car back to Baghdad, The process led to the destruction of the car fully and killing six of them, and God mercifully Almenh.

God is great (Glory be to God, His Prophet and the believers, but the hypocrites do not know)