Monday, December 31, 2007

Egypt Reports Third H5N1 Death in Single Week

Via Middle East Times -

CAIRO (AFP) An Egyptian woman died from the H5N1 strain of bird flu on Monday, the health ministry said, the third such death in less than a week as officials and experts warned against the relaxation of precautions.

Fardos Mohammed Haddad, 36, from the Nile Delta province of Menufia died in hospital after being admitted on Saturday with a high fever and difficulty breathing, ministry spokesman Abdel Rahman Shahin said in a statement carried by the official MENA news agency.

Her death, the second in as many days and the third in less than a week, is the 18th death in Egypt from the disease since the virus first appeared in the country in February 2006.

"She had been exposed to poultry infected with bird flu," Shahin said. "All members of her immediate family and people she has been in contact with recently are being tested for the disease."

Egypt's location on major bird migration routes and the widespread practice of keeping domestic fowl near living quarters have led to it being the hardest-hit country outside Asia.

The government says it is conducting a vigorous campaign to combat the spread of the virus through vaccinations and raising awareness.

Bedbugs Take a Bite Out of The Big Apple

Via Register UK -

New York City is suffering a bedbug epidemic which has provoked a huge rise in reports of the nocturnal bloodsuckers, the New York Daily News reports.

The onslaught of the harmless but unpleasant creatures has seen complaints to 311 (the number for government information and non-emergency services) rise from 537 calls in 2004 to 6,889 in the fiscal year which ended in June. In the former year, 82 landlords were hit with bedbug violations by the Department of Housing, Preservation & Development (HPD), but by 2007 this had risen to 2,008.

Bedbugs hitch a ride on "clothing, luggage, furniture, bedding, bookbags, even shoelaces" and have apparently been seen moving around New York in cabs, limos, buses and subways.

Jeff Eisenberg, owner of Pest Away Exterminating on the upper West Side, confirmed that infestations were city-wide, and affecting rich and poor alike. He said: "In the last six months, I've treated maternity wards, five-star hotels, movie theaters, taxi garages, investment banks, private schools, white-shoe law firms... even the chambers of a federal judge."

The highest-profile bedbug incident was in around five apartments in the "swanky" rental tower at 220 E. 72nd St. owned by Bernard Spitzer, the 83-year-old dad of governor Eliot Spitzer.


According to HPD, though, the worst affected area is Bushwick in Brooklyn, where it has issued 172 violations this year, up from four in 2004. Landlords have 30 days to clean up their premises, or face legal action.

Experts attribute the plague to various factors, including the increased risk of importing bedbugs due to the "surge in global travel and mobility in all socioeconomic classes", combined with "less toxic urban pesticides and the banning of DDT".

U.S. Based Chinese News Website DDoS'd

Via -

DECEMBER 28, 2007 | A U.S.-based Chinese News Website has been hit by a massive distributed denial-of-service (DDOS) attack that journalists say may have been orchestrated by hackers in China.

The attack on Boxun also knocked down some 2,000 blogs hosted on its site. "We have never before experienced such a DDOS attack, which consists of bombarding the site with an almost infinite number of connection requests," Wei Shi, editor of Boxun, told Reporters Without Borders. "Our platform crashed on 24 December. We are not even sure if we will be able to recover all the data and we will have to find a new server."

Reporters Without Borders expressed outrage on this latest attack on a Chinese dissident Website, and noted that this is not the first hack on Boxun. An August attack affected 10 U.S.-based Chinese dissident Websites, and another had to shut down altogether in July. Reporters Without Borders says journalists and dissidents in China who write for Boxun appear to be targeted most often.

Several Boxun reporters have been arrested and imprisoned over the past year in China, under charges such as "criticizing abuse of authority," "subverting state authority," and for "alarmist reports," according to Reporter Without Borders. Another Chinese blogger was committed to a psychiatric hospital in August, which his family says occurred in response to his blog writings.


I guess those Internet Cultural units created by the government are working pretty well...if you call censoring freedom of speech "cleaning up".

North Korea Slams U.S. Ahead of Nuclear Deadline

Via -

SEOUL (Reuters) - North Korea, facing a looming deadline in a nuclear disarmament deal, blamed the United States on Monday for hurting the prospects for peace on the Korean peninsula with plans to attack the reclusive state.

North Korea is almost certain to miss an end-of-year deadline to give a full accounting of its nuclear arms programs under a disarmament-for-aid deal it struck earlier this year with regional powers, including the United States.

"The reality testifies once again that there is no change in the U.S. intention to invade us with force and occupy the whole of Korea, although the U.S. is uttering 'peace' and 'dialogue'," the North's communist party newspaper said in a commentary.

"Dialogue and war attempts can't stand together."

The U.S. government has said Washington has no plans to attack North Korea.

In Washington, U.S. officials on Sunday said North Korea has not yet fully accounted for its nuclear activities.


Bring light to the darkness, open your doors...

And explain how that uranium got on those aluminum tubes. Is it left over from Pakistan or not?

World's Oldest Orangutan Dies

Via -

Miami MetroZoo officials will continue testing to determine what caused a fatal brain hemorrhage in the world's oldest orangutan.Fifty-five-year-old Nonja was found dead Saturday at the zoo where she had lived since 1983.

Sumatran orangutans typically live 40 to 50 years.

MetroZoo officials said Nonja was in good health until suffering the brain hemorrhage that made her pass out and vomit. Necropsy results showed the orangutan choked to death on her vomit.


Damn, getting old sucks...

Sunday, December 30, 2007

Official Tiger Team Fan Site

Looks like their Wikipedia page is coming along as well.

Well done gents.

AOL Tosses Netscape Browser for Firefox

Via -

AOL is abandoning all work on the Netscape browser and wants users to migrate to Firefox. Not that there are many left: in the mid-1990s, Netscape commanded well over 80 per cent of the internet browser market. But it has been moribund for many years, with share down to one per cent, at best.

In an obituary on the Netscape blog, lead developer Tom Drapeau threw in the towel today. "AOL's focus on transitioning to an ad-supported web business leaves little room for the size of investment needed to get the Netscape browser to a point many of its fans expect it to be", he wrote.

AOL is stopping support on all Netscape browser versions on Feb 1. Die-hard users can, of course, continue to browse the Net, but this may be unwise, considering there won't be any more security patches. Drapeau recommends that people who like the interface, should download a Netscape skin or 'theme' for their Firefox browsers.

Video Leak of Upcoming iPhone 1.1.3 Firmware

Via -

Here's a video of the iPhone Firmware 1.1.3, with confirmation that the leak is real from Natetrue, famed iPhone hacker. Like before, the update breaks unlocks and third-party apps, patching previous vulnerabilities at the same time. The video shows how to move icons around in the Springboard, wobbling to indicate they can be dragged and dropped around, which is kind of an Apple-meets-Nintendo touch.

[see video via gizmodo link above]

We had some doubts, but now we can tell you we are sure: the new firmware 1.1.3 is real. Or as Nate puts it: "if it is a hoax, they did a buttload of work." The fact is that it installs normally and it works perfectly. For those not familiar, Natetrue is one of the most respected and veteran iPhone hackers and the author of the popular app iBrickr.

Nate goes on to say that "it installs on the phone no-questions-asked and for that you need to have Apple's private key, which i can confirm that the iphone hacker community does not have—as much as we would love to have it." Indeed, Apple's private encrypted key, used to authenticate all accesses to the iPhone most-private guts, hasn't been uncovered yet by anyone in the world.

In other words, no firmware upgrades can be installed without the knowledge of this key. Furthermore, the idea that someone would have access to this key and spend months to create a fully functional firmware update, with key new features and without any documentation whatsoever seems just absolutely silly.

Saturday, December 29, 2007

Teenage Female Arrested for Stealing GPS Equipped Baby Jesus

Via -

Maybe next year they can just spring for an RFID baby Jesus. The folks in Florida noticed that their GPS-equipped baby Jesus we mentioned the other day was missing from his nativity, and fired up the old GPS tracker. Turns out they didn't have to look far: baby Jesus had been swiped Wednesday night and brought to a house across the street from the nativity. Deputies showed up at the door Thursday morning and hauled off the 18-year-old female culprit with a charge of grand theft. The statue is valued at $800, while the GPS system rings up at $400, and the girl is currently in jail with bail set at $3,500. Are we feeling a brand new sort of holiday tradition coming on? We think yes.

New Video Shows Gun Attack Against Bhutto

Found via the Counterterrorism Blog

Actual video of the shooting of Benazir Bhutto.

There is still tons of finger pointing going on about the attack...and it is currently unknown who exactly was behind the attack.

However, more and more reports keep pointing to Lashkar-i-Jhangvi.

NIST Draft - Guide for Assessing the Security Controls in Federal Information Systems

Via -

The National Institute of Standards and Technology has released the final public draft of a framework that will assist agencies create the security assessments mandated by the Federal Information Security Management Act (FISMA).

Copies of Draft Special Publication 800-53A, "Guide for Assessing the Security Controls in Federal Information Systems," can be downloaded from the NIST site. NIST expects to publish the final edition in March.

SP 800-53A is an addendum to NIST SP 800-53, "Recommended Security Controls for Federal Information Systems." This addendum establishes a framework for assessing security controls. Both publications are extensions of Federal Information Processing Standard 200, the core document NIST produced to help agencies with FISMA.

This draft incorporates comments from the previous public drafts. Changes include updated assessment procedures, clarification of some chapters and a new set of assessment cases.

The agency is seeking comments until January 31, 2008.

NIST expects this document to be relevant for agency security professionals working as consultants, operational managers, program managers and product developers.

Dissecting and Digging Application Source Code for Vulnerabilities

Application source code scanning for vulnerability detection is an interesting challenge and relatively complex problem as well. There are several security issues which are difficult to identify using blackbox testing and these issues can be identified by using whitebox source code testing methodlogy. Application layer security issues may be residing at logical layer and it is very important to have source code audit done to unearth these categories of bugs.

Tools of the Trade - Now Evil Tomato Free!!

Recently I conducted an informal survey among my friends. Basically, I wanted to determine if Tomatoes were evil or good. Simple right? Well, it seem the majority of my friends think Tomatoes are good....but I have to disagree.

What is a tomato? The tomato (Solanum lycopersicum) is a plant in the Solanaceae or nightshade family, as are its close cousins tobacco, chili peppers, potato, and eggplant. Sounds harmless right? Well, think again.

Tomatoes, like all nightshade plants, contain the glycoalkaloid poison, Solanine. Solanine is very toxic even in small quantities. Solanine has both fungicidal and pesticidal properties, and it is one of the plant's natural defenses.

According to the Zombie Survival Guide, zombie outbreaks are caused by a virus known as "Solanum". It is said to be neither water-borne nor airborne; the only means by which to become infected is through direct fluid contact, in which case the virus is 100% communicable with a 100% mortality rate. Random coincidence? I think not!

On to the tools..


On Dec 29th, Innotek released VirtualBox 1.5.4. VirtualBox is a general-purpose full virtualizer for x86 hardware. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software. Check the changelog for all the details.

On Dec 28th, Paint.NET 3.22 Beta was released. Check the roadmap for the changes.

On Dec 28th, Wine 0.9.52 was released. Wine is an Open Source implementation of the Windows API on top of X, OpenGL, and Unix. Check the announcement for the change details.

On Dec 27th, Bastian Ballmann released Bluediving 0.9. Bluediving is a bluetooth penetration testing suit which implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack and has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and a L2CAP packetgenerator.

On Dec 23rd, PDF Creator 0.9.5 was released. PDFCreator easily creates PDFs from any Windows program. Use it like a printer in Word, StarCalc or any other Windows application. Check the release announcement for all the details.

On Dec 21st, Real Alternative 1.75 was released. Real Alternative will allow you to play RealMedia files without having to install RealPlayer. All RealMedia formats (.ra .rm .rmvb .ram .rpm .rv .rp .rt .rnx .smi .smil etc.) are supported, including streaming content and RealMedia content that is embedded in webpages.

On Dec 21st, Nmap 3.51 Beta was released. Check the changelog for all the details.

On Dec 20th, Winamp 5.51 was released. Nullsoft Winamp is a fast, flexible, high-fidelity media player for Windows. Winamp supports playback of many audio (MP3, OGG, AAC, WAV, MOD, XM, S3M, IT, MIDI, etc.) and video types (AVI, ASF, MPEG, NSV). Check the version history for all the details.

On Dec 20th, GnuPG 2.0.8 & 1.4.8 were released. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It is a complete and free replacement of PGP and can be used to encrypt data and to create digital signatures. It includes an advanced key management facility, samrtcard support and is compliant with the OpenPGP Internet standard as described by RFC-4880 (the recently released update of RFC-2440).

On Dec 14th, The guys over at Remote-Exploit released Backtrack 3 Beta. BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Happy Belated Birthday to muts.

On Dec 11th, Nikto 2.1 was released. Nikto is an perl-based Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.

Friday, December 28, 2007

Warner Music Drops DRM

Via -

Warner Music has bent beneath the force of the anti-DRM winds sweeping the globe. The label will now offer its complete catalog, DRM-free, through Amazon's new MP3 store.

The announcement means that EMI, Universal, and Warner now offer their catalogues in DRM-free digital formats, making Sony BMG (of rootkit fame) the lone holdout among the majors. Amazon now claims to offer for than 2.9 million songs in MP3 format from over 33,000 unique labels.

Warner's announcement says nothing about offering its content through other services such as iTunes, and represents the music industry's attempt to make life a bit more difficult for Apple after all the years in which the company held the keys to music's digital kingdom; no one could sell major label tracks to iPod owners except for iTunes, and iTunes even become a go-to destination for non-iPod owners who wanted a simple, cheap way to pick up some songs. Now, with the move to MP3, the labels that have chosen to open their music have a way to encourage multiple download services to flourish, keeping labels safe from being dominated by any single digital distributor.

The move comes just before Amazon plans to give away one billion tracks, a promotion that will begin with the Super Bowl in January, and Warner was no doubt interested in jumping on board the promo train before it left the station.

Will Sony BMG, which has apparently never met a form of copy protection that it doesn't like, follow suit? The "Mene, mene..." is already on the wall, and it looks likely that Sony BMG will go DRM-free, too, by the end of 2008. The entire movement to free music from DRM's shackles has had stunning success in 2007 after years in which such widespead moves to MP3 looked impossible. Could movies be next?


Duh! DRM is defective by design.

Bhutto Buried, Violence Stalks Pakistan

Via -

GARHI KHUDA BAKHSH, Pakistan (Reuters) - Benazir Bhutto was laid to rest next to her father in the family mausoleum on Friday after the opposition leader's assassination plunged Pakistan into crisis and triggered violent protests.

Tens of thousands of mourners wept and beat their heads as Bhutto, killed by a suicide attacker at an election rally on Thursday, was carried from her ancestral home in Sindh province, in the south of the country, to the domed mausoleum.

The 54-year-old's death stoked fears a January 8 election meant to return Pakistan to civilian rule could be put off amid a backlash threatening to engulf embattled President Pervez Musharraf.

Pakistan said there were signs al Qaeda was responsible.

"We have intelligence intercepts indicating that al Qaeda leader Baitullah Mehsud is behind her assassination," an Interior Ministry spokesman said. Mehsud is one of Pakistan's most wanted militant leaders.


Many mourners chanted slogans against Musharraf and the United States, which has long backed the former army general in the hope he can maintain stability in the nuclear-armed country racked by Islamist violent.

"Shame on the killer Musharraf, shame on the killer U.S.," mourners cried.

Others wept in despair. "Bhutto was my sister and Bhutto was like my mother," cried farmer Imam Baksh. "With her death, the world has ended for us."


Meanwhile, violence has erupted in the Sindh province of Pakistan. Protesters have set fire to banks, shops and gas stations, dozens of cars, blocked streets and pelted police with rocks. Most businesses have shut down due to the growing violence. Sindh province's home secretary said 23 people had died in the outpouring of grief and outrage.

This violence has lead to the Pakistan government issuing orders to the paramilitary forces in Sindh to "shoot on site" anyone causing civil disturbances.

Thursday, December 27, 2007

New Microsoft Security Vulnerability Research and Defense Blog

Welcome to the new Microsoft Security Vulnerability Research and Defense blog!

We are excited to have this outlet to share more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities. You can read much more about the goals of the blog and about the SWI teams contributing to the blog in our “About” link:

The two posts below are examples of the type of information we’ll be posting. We expect to post every “patch Tuesday” with technical information about the vulnerabilities being fixed. During our vulnerability research, we discover a lot of interesting technical information. We’re going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds, and mitigations will help you more effectively secure your organization.

Iraq Army Claims Capture of Senior Al-Qaeda Figure

Via -

BAGHDAD (Reuters) - The Iraqi army captured a senior al Qaeda militant in a clash south of Baghdad on Thursday, a government security spokesman said.

Baghdad security spokesman Qassim al-Moussawi said the militant, Ahmed Turki Abbas, claimed the rank of defense minister of the al Qaeda-linked group Islamic State of Iraq.

Moussawi said Abbas was lightly wounded and was in the custody of Iraqi forces after being captured in the clash near the town of Mahmudiya, 30 km south of Baghdad.

Violence in Iraq has declined in recent months after Sunni Arab tribes turned against strict Islamist militants from al Qaeda and related groups. But U.S. commanders say al Qaeda remains a dangerous foe in Iraq.

Skipton Financial Services Loses Laptop Holding Data on 14,000

Via The Register UK -

Skipton Financial Services has confessed to losing a laptop containing records of 14,000 customers. Information exposed by the breach includes names, addresses, National Insurance numbers, and fund investment details of clients of Skipton's Fidelity FundsNetwork.

The laptop was nicked from a locker being used by a staff member of Moore Stephens Consulting, an IT consultancy employed by Skipton Financial Services, on Tuesday evening last week, the Yorkshire Post reports.

Imminent Statement Expected from Al-Qaida's Mustafa Abu Yazid Claiming Credit for Bhutto

Via CT Blog -

There are now widespread reports suggesting that an imminent official statement is expected from Egyptian Al-Qaida spokesman Mustafa Abu Yazid claiming responsibility for the assassination of former Pakistani Prime Minister Benazir Bhutto.

Earlier today, Al-Qaida issued a separate statement from Mustafa Abu Yazid denying any role in recent blasts targeting mosques in the Pakistani border city of Peshawar. According to that communique from Abu Yazid (dated December 24), "We do not attack targets in mosques or in public places where there are crowds of Muslims in order to safeguard Muslim blood and to respect the sanctity of mosques. This is our approach generally, and we inform all of our supporters in Pakistan--and everywhere else--about these facts."

It should be noted that is not the first time that Al-Qaida and its affiliates have allegedly targeted Benazir Bhutto for assassination. During the Philippine police interrogation of Abdul Hakim Murad--an associate of 1993 World Trade Center bombing mastermind Ramzi Yousef--Murad recalled that Yousef "once made a statement that BHUTTO should be replaced as PM of Pakistan since Islamic belief does not allow a woman to occupy such position and that [mujahideen organizations] should do something to unseat her. Said statement indicates that [Yousef] might be planning to carry out an attack against the PM of Pakistan." Likewise, during the mid-1990s, the FBI recorded several telephone conversations involving Kifah Jayyousi and Adham Hassoun (who were recently convicted in federal court for their role in recruiting would-be Al-Qaida operative Jose Padilla) in which the men discussed "getting rid" of the late Pakistani Prime Minister--who they referred to as "Khanazir Bhutto" ("Bhutto the Pig"): "She's done... done... she... she was finished... finished, my brother... I was reading about the life... the life of the Prophet, peace and blessing upon him... 'Men are ruined if they are to obey women'. Praise to God."


In addition, I have seen similar reports on other terrorism watch sites which I normally review.

Benazir Bhutto Assassinated at Political Rally

Via (Pakistan) -

Rawalpindi: An attack on a political rally killed the Pakistani Opposition leader Benazir Bhutto including 30 more people near the capital.

Witnesses said Ms. Bhutto was fired upon before the blast, and an official from her party said Ms. Bhutto was further injured by the explosion, which was apparently caused by a suicide attacker.

Hundreds of party supporters had gathered at the rally, which was being held at Liaqut Bagh, a park that is a common venue for political rallies , in Rawalpindi, the garrison city adjacent to the capital.

When Ms Bhutto returned to Pakistan in October, her rally was hit by a double suicide attack that left some 130 dead.

Earlier on Thursday at least four people were killed ahead of an election rally that Pakistan's former Prime Minister Nawaz Sharif was preparing to attend close to Rawalpindi.


Due to holidays, I was a little slow on hearing this news. I heard it via a friend as I was enjoying my morning coffee. Also see the following articles: Reuters, NYTimes, Times of India & BBC UK

At this point, the group responsible for the attack is unknown. The global media is full of ideas, and one even suggested it was the work out Al-Qaeda. I think it is a little early to suggestion that connection, but it is the media.

Perhaps it was a rival political party, perhaps it was Taliban type forces...who knows, we will have to wait and see.

Wednesday, December 26, 2007

Court TV - Tiger Team Premiere

Well, I am in the process of watching the second episode of Tiger Team on Court TV. The Tiger Team broke into Symbolic Motors during the first episode and Jason of Beverly Hills in the second.

So far, the show is pretty good. The show format is basically the same as Discovery channel's "It Takes a Thief".

I have already seen the Tiger Team perform the following: Lock picking, safe cracking, RFID cloning, social engineering, video recon, dumpster driving, USB trojans, and GSM jamming (of a triggered alarm system).

The show appears to be tilted toward the physical aspects of security, or at least it was for these two episodes....physical security makes for good TV, I guess.

During the show, I did notice the following t-shirts: "303", "I am InfoSec Sellout" and "Defcon 13".

If you know those first two shirts...then you read too much FD and know what a hangover it all about.

I have also heard several names dropped that would be very meaning to those in the infosec world.

I am quite surprised that these clients would allow their vulnerabilities to be broadcast on national TV. But looking back, these clients are very high-end dealers and will most likely use this as evidence to impress possible clients.

Hopefully, it doesn't breed security complacency with these clients.

However, it is clear to me that the Tiger Team is comprised of several well-connected security professionals that are seriously fighting the good fight against criminals.

Most of those bad mouthing kids on /. would do well to watch and learn.

Tuesday, December 25, 2007

AOL YGP Picture Editor YGPPicEdit.dll Multiple Buffer Overflows

Elazar Broad posted the following on the Full Disclosure mailing list around 4 hours ago.

The AOL YGP Picture Editor Control (AIM PicEditor Control) version suffers from multiple exploitable buffer overflows in various properties. This object is marked safe for scripting. I have not tested other versions.


PoC was also included in his message but was not posted here...

UPDATE (12/27/07) - According to a post by Elazar Broad several hours ago, this issue has been found to NOT be exploitable as a BoF. This was determined after analysis by Carsten Eiram @ Secunia. So it looks like this is just a DoS.

N.H. Business says Hacker Ran Up Phone Bill

Via -

FRANKLIN, N.H.—A New Hampshire business says a hacker rang up a $8,700 phone bill for one call to Saudia Arabia.

Michael Bednaz, owner of Hexa Interactive Communications, says the caller talked for 808 minutes and insists it wasn't one of his employees.

AT&T is suing him for not paying a $14,600 phone bill -- which includes the call to Saudia Arabia and several other overseas calls Bednaz says aren't his responsibility.

Bednaz says he doesn't use AT&T for long distance. The calls were made late at night when the business isn't open. Bednaz hasn't had any luck persuading AT&T the calls aren't his. The company sued him earlier this month.

Apple to Copy Windows DRM

Via The Inquirer -

TOYMAKER Apple has decided that Microsoft's Windows Genuine Advantage is so wonderful that it is trying to patent something similar.

Apple have been doing wonderful things this year to really miff its loyal fan base and it seems it wanted to close the year by nicking the thing that annoys even the most loyal Microsoft user.

The outfit has updated the patent application it calls "Run-time Code Injection to Perform Checks".

This patent tells the story of how Apple boffins invented the idea of a digital rights management system that could restrict use of an application to specific hardware platforms.

Apparently, the software phones home for an authenticity check.

If the software is pirated then Jobs Mob shall deem the software unworthy in its sight and make it unusable.

A160T "Hummingbird" Unmanned Chopper Crashes

Via Register UK -

A revolutionary* new robotic whisper-mode helicopter under development in America has crashed, according to reports.

The A160T "Hummingbird" unmanned chopper was under development by US aerospace colossus Boeing for the Pentagon deathboffin bureau, DARPA (the Defence Advanced Research Projects Agency) and the Special Operations Command. Likely end-users would include top-secret American special-forces units operating undercover.

The design features a new variable-speed rotor configuration which Boeing believes will offer improved range, speed, height and the ability to "operate much more quietly than current helicopters".

Given this background, Boeing's choice of colour scheme seems at odds with popular culture to say the least. White is the new black when it comes to silent government helicopters, seemingly.

However, it appears that the you-didn't-see-us crowd may have to wait a while for their new ride. Flight International reports that the sole flying A160T prototype was destroyed in a crash on Monday during trials in California. The cause of the wreck is unknown thus far. Apparently this was the turbine-powered T model's tenth flight, though there was an earlier test programme involving basic piston-engined A160s. (That version suffered three crashes in 36 sorties.)

Flights of the (literally - cough) groundbreaking new helicopter will be suspended while an investigation takes place. There is apparently one further A160T in existence, but it is only being used for ground testing at present.

Al-Qaida's "11th" Hallmark

Via Middle East Times -

The Maghreb, or "the West" in Arabic, is slowly turning into a crucial region in the war on radical Islam. Al-Qaida's number two, Ayman al-Zawahiri, has devoted many of his recent messages to the Maghreb calling for the overthrow of regimes in place and attacking French and Spanish interests there.

The main terror vehicle to attain this goal is al-Qaida in the Islamic Maghreb, or AQIM. In fact, this organization was "founded" in January 2007 when the former Algerian insurgent group Salafist Group for Preaching and Combat changed its name and decided to officialize its merger with al-Qaida.

What is al-Qaida in the Islamic Maghreb really up to?

One of its primary goals is to federate the main terror organizations in Algeria, Morocco, Tunisia, and Libya in order to attain full regional reach. For the time being, AQIM is just the improved Salafist Group for Preaching and Combat.

Even though AQIM was behind several suicide attacks in Morocco last spring, including the ones on April 14 against the U.S. consulate and the American language center in Casablanca, most of its attacks occurred in Algeria.

And the Dec. 11 spectacular double suicide bombings in Algiers against the United Nations and Algeria's constitutional court are the latest proof of AQIM's potential to create chaos in North Africa.

The symbolical aspect of these attacks is very important. First, Dec. 11, 1960 is a crucial date in Algeria's history of independence from France. The constitutional court happens to be located on the December 11 Boulevard.

And most importantly the "11th" factor is one of al-Qaida's hallmarks: not only for 9/11 in the United States, but also for 3/11 in Madrid and AQIM's suicide attacks on 3/11 in Casablanca, 4/11 in Algiers, 7/11 in Lakhdaria in Algeria and now 12/11.

AQIM has succeeded in creating an "11" psychosis; some in Algeria even describe the 11th as "the date of the devil."

Russia Launches Test Ballistic Missiles

MOSCOW, December 25 (Itar-Tass) - Nuclear submarine Tula of the Russian North Fleet has performed a combat training launch of the RSM-55 intercontinental ballistic missile, North Fleet’s press service told Itar-Tass.

“The missile was launched from a submerged position when the submarine was in the Barents Sea and its warhead arrived at a destination point at Kura testing range in Kamchatka on time,” an official at the press service said.

The submarine Tula performed a similar task December 17, when an RSM-54 missiles, the brainchild and product of the Makeyev State Missile Center, successfully hit targets on Kamchatka.

RSM-54’s were commissioned for combat duty 18 years ago. At this moment, their replacement for Sineva missiles is underway.

“July 9, 2007, President Vladimir Putin signed a decree on adding the Sinevas to the tables of naval equipment,” a source at the Makeyev Center said.

“The Sineva compound has a big enough and durable technological potential, which will help us to react promptly to defense challenges of the 21st century through to 2030,” the source said.

The submarine Tula falls into the family of Delfin 667BDRM submerging ships /Delta IV submarines under NATO classification/. Each ship of the family is equipped with 16 missiles.

A total of seven subs of this class have been built since 1981.


MOSCOW, December 25 (Itar-Tass) - Russia test-launched a new multiple-reentry ballistic missile (RS-24) from the Plesetsk cosmodrome on Tuesday, spokesman for the Strategic Missile Forces (RVSN) Alexander Vovk told Itar-Tass.

"The missile was launched from the northern cosmodrome at 16:10, Moscow time," Col Vovk said.

"The main objective of the launch was to obtain experimental data confirming the validity of the scientific and technological solutions in developing intercontinental ballistic missiles, check the efficiency and determine performance characteristics of its systems and units, as well as confirm the effectiveness of safety measures," the spokesman said.

"Adding the RS-24 missile to the arsenal will enhance the combat efficiency of the RVSN group in overcoming missile defense systems and strengthening Russia's nuclear deterrent potential," military officials said.

"These missiles will replace the ageing multiple warhead RS-18 and RS-20 systems as their service life will expire. In 2008, together with the single-warhead RS-12M2 Topol M, RS-24 will make up the backbone of the RVSN. It will be capable of providing reliable security of the country and its allies until the middle of the 21st century," the RVSN's press serviced said.

Police Stop Suspected Bomber in Istanbul

Via Asharq Alawsat -

ISTANBUL, Turkey, (AP) - Turkish police thwarted a bomb attack in Istanbul on Monday, arresting a 25-year-old man with explosives in his backpack outside a subway station, the city's governor said.

The man was carrying more than seven pounds of plastic A-4 explosives when he was arrested in the Sisli district, one of the most crowded areas of the city, Turkish news agencies reported.

The motive was unclear, as was whether it was to have been a suicide attack.

Gov. Muammer Guler said it was certain that the man was planning to carry out a bombing but that police had not yet determined the intended target.

He said a man with suspected ties to the suspect was also arrested, but he did not elaborate.

Guler said police raided an apartment believed to be used as a safe house and seized more explosives and various equipment that could be used to set off a bomb. He said a woman and two children living in the apartment were being questioned.

Police chased the would-be bomber, Guler said. "He may be a member of a separatist terrorist organization," Guler said, adopting a euphemism Turkish officials use to refer to the separatist Kurdistan Workers' Party, or the PKK.

Cooking Can Preserve, Boost Nutrient Content of Vegetables

Via -

In a finding that defies conventional culinary wisdom, researchers in Italy report that cooking vegetables can preserve or even boost their nutritional value in comparison to their raw counterparts, depending on the cooking method used. Their study is scheduled for the Dec. 26 issue of ACS’ Journal of Agricultural and Food Chemistry.

Nicoletta Pellegrini and colleagues note that although many people maintain that eating raw vegetables is more nutritious than eating cooked ones, a small but growing number of studies suggest that cooking may actually increase the release of some nutrients. However, scientists are seeking more complete data on the nutritional properties of cooked vegetables, the researchers say.

In the new study, the researchers evaluated the effects of three commonly-used Italian cooking practices — boiling, steaming, and frying — on the nutritional content of carrots, zucchini and broccoli. Boiling and steaming maintained the antioxidant compounds of the vegetables, whereas frying caused a significantly higher loss of antioxidants in comparison to the water-based cooking methods, they say.

For broccoli, steaming actually increased its content of glucosinolates, a group of plant compounds touted for their cancer-fighting abilities. The findings suggest that it may be possible to select a cooking method for each vegetable that can best preserve or improve its nutritional quality, the researchers say.

Thunderbolt - UK Government Encryption

Does anyone have any information on the UK government encryption algorithm known as "Thunderbolt"??

I found it referenced a bit on the Internet, but even Google doesn't have much on it.

Just wondering what it was based on, its key size, etc...

Monday, December 24, 2007

Five Malaysians Arrested in Vietnam for Using Fake Credit Cards

Via Gulf Times -

HANOI: Police in Vietnam arrested five Malaysian men accused of using fake credit cards in a $38,000 holiday shopping spree at a Louis Vuitton shop, police said yesterday.

The men were arrested Saturday while shopping at the luxury fashion and leather goods store in the Metropole hotel in Hanoi, said Tran Van Hoa, head of the High-Tech Crime Department under the Public Security Ministry.

“They were using credit cards, using stolen credit card numbers and names,” Hoa said. “Many foreigners have been arrested in Vietnam for using fake credit cards recently.”

Two of the men were identified as Tan Wel Hong, 24, and Cham Tack Chol, 23, both of Malaysia, according to the local newspaper Nhan Dan.

Police seized 22 fake credit cards, nine Louis Vuitton bags, one cap, two wallets and one digital camera from the men. The men had apparently been into the Louis Vuitton store earlier in the week and used a fake credit card to pay for goods.

Confirmed: Leader of Islamic State in Iraq Killed

Via (Pakistan) -

DUBAI: An al Qaeda-linked group in Iraq has confirmed the death of Abu Maysara, a top operative who the U.S. military said was killed in a clash last month, according to a recording posted on the Web.

Abu Omar al-Baghdadi, leader of the Islamic State in Iraq, hailed Maysara as "a martyr who was a scholar and a mujahid (holy war fighter)", on the audio tape posted on Islamist Websites.

The U.S. military said earlier in December that Maysara, a Syrian, was among nine senior al Qaeda members killed in November.

It described him as an adviser to Baghdadi, also known as Abu Ayyub al-Masri, and his slain predecessor Abu Musab al-Zarqawi.

Pakistan Military 'Misusing US Anti-Terror Aid'

Via Al-Jazeera -

Pakistan's government has misused billions of US aid dollars meant for anti-terror efforts, channelling the money to finance weapons against India, US officials say.

The claim, carried by the New York Times newspaper on Monday, has been denied by the Pakistani military.

Bush administration and military officials in Islamabad and Washington acknowledged that there were too few controls over the more than $5bn the US spent to bolster Pakistan's military against al-Qaeda and the Taliban, telling the paper that the strategy had to be completely revamped.

The officials said they believed much of the American money was not making its way to frontline Pakistani units but being diverted to help finance weapons systems designed to counter India.

The military had also inflated claims for fuel, ammunition and other costs to the tune of tens of millions of dollars, officials said.

"I personally believe there is exaggeration and inflation," said a senior American military official who reviewed the programme.

"Then, I point back to the United States and say we didn't have to give them money this way."

A European diplomat in Islamabad told the Times that the US should have been more cautious with its aid, saying: "I wonder if the Americans have not been taken for a ride."


See more on this subject here and here.

Ask Al-Qaeda (via Media Wings)

Via Middle East Online -

People are invited to quiz Al-Qaeda number two in writing via As-Sahab, Al-Fajr before January 16.

DUBAI - Al-Qaeda has launched an open offer to people to quiz terror network chief Osama bin Laden's number two Ayman al-Zawahiri, according to a statement published on an Islamist website.

"Anyone who would like to ask him a question must be concise and precise," according to the statement published on December 16 by Al-Qaeda's media outlets As-Sahab and Al-Fajr.
People are invited to pose questions to Zawahiri in writing via the two websites before January 16 and both media organisations and individuals are welcome to take part, it said.

The statement, whose authenticity could not be verified, asks media groups to identify themselves and said queries will be sent without any changes to Zawahiri, who is known as Al-Qaeda's ideological thinker.

Saudi Arrests Seven Non-Saudi Arabs for Hajj Attack Plot

Via Middle East Online -

RIYADH - Saudi security forces arrested seven non-Saudi Arabs on suspicion of plotting attacks during the annual Muslim pilgrimage, the Arabic newspaper Al-Hayat reported on Saturday.

The report came a day after the interior ministry said security forces in the oil-rich kingdom, the target of Islamist attacks since 2003, had arrested an Al-Qaeda linked group planning a "terrorist act" during the hajj.

Security forces "arrested seven people of two Arab nationalities, but not Saudis, at the entrance to the city of Mecca", Al-Hayat said, quoting sources within the security services.

"They were planning acts of sabotage during the hajj period," it said, adding that the arrests were carried on December 16 and 17 but without giving details on the plot.

Al-Hayat said the arrests were not announced earlier so as not to create panic among the hundreds of thousands of pilgrims to Islam's holiest sites in and around around Mecca, western Saudi Arabia.

Pinch Trojan Authors Pinched in Russia

Via -

Today Nikolay Patrushev, head of the Federal Security Services, announced the results of the measures taken to combat cyber crime in 2007.

Among other information, it was announced that it had been established who was the author of the notorious Pinch Trojan - two Russian virus writers called Ermishkin and Farkhutdinov. The investigation will soon be completed and taken to court.

It's well known that Pinch is one of the most popular Trojan programs with Russian malicious users. The Trojan makes it possible to steal email, icq and other account data, including to network services and application. The authors of this program, also known as Damrai and Scratch, used Pinch to build a criminal industry.

Anyone who wants can order a customized version of the Trojan, and also get 'technical support' from the authors of the program. Russian hacker forums were flooded with advertisements for this 'service'.

A mass of script-kiddies clearly found the idea attractive - get a functional spy program for a mere few dollars. As a result, the Internet became flooded with Pinch modifications. Our antivirus databases currently contain more than four thousand variants.

At the very lowest estimates, Pinch has caused several hundred thousand infections. It's impossible to estimate what financial losses have been caused over the years since this Trojan first saw the light of day.

Patrushev's announcement today clearly shows that the security services are targeting active virus writing groups which participate in cyber crime, and that the steps being taken are meeting with success.

The arrest of the Pinch authors is on a level with the arrests of other well known virus writers such as the author of NetSky and Sasser, and the authors of the Chernobyl and Melissa viruses.
Unfortunately, it doesn't mean that new variants of Pinch will disappear. Sadly, the source code of this Trojan is circulating on the Internet, and we'll certainly encounter 'remakes' of this pest, created by virus writers who have not yet been arrested.

The Teletubbies Perform Soulja Boy

Happy Holidays everyone.

Russians Pestered By Online Hacks Too

Via DarkReading -

Security vendor F-Secure noted the announcement by Nikolay Patrushev, head of the Russian FSB (Federal Security Agency). Patrushev said federal sites fought off 1.4 million attacks this year.

Also, Patrushev noted the pending trial of the authors of the Trojan creator, Pinch. Only the names of Russian citizens Ermishkin and Farhutdinov have been publicized as those behind Pinch.

"The financial losses due to Pinch infections can hardly be calculated," F-Secure said. It has been estimated that malware created with Pinch in turn has infected millions of PCs.

News of another scam connected to criminals in Russia, and in the Ukraine, involved fourteen people in The Netherlands who acted as mules for money laundering. The Channel Register said fake ABN Amro websites in Hong Kong stole credentials from bank customers.

Fourteen Alleged Phishing Mules Arrested

Via DarkReading -

Dutch authorities have arrested 14 ABN AMRO customers who allegedly let cybercriminals use their bank accounts to hide and transfer stolen money from other customers of the bank

The 12 men and two women were paid for their "services" by the Russian and Ukrainian cybercriminals, but reportedly did not actually steal the information themselves. They instead acted as "mules," storing and eventually transferring the stolen money overseas to Russia and other countries.
The masterminds behind the scheme set up phishing Websites to dupe other ABN AMRO customers into visiting bogus ABN AMRO Websites.

They then grabbed the victims' authentication information, accessed their accounts, and stole money from them. Several of the phishing sites were hosted on the notorious Russian Business Network's servers, according to reports.

"The Dutch police have sent a strong message to cybercriminals of all kinds -- any participation in this kind of illegal activity won't be tolerated. While these 14 suspects may not have actually carried out the phishing attacks themselves, they played a key role in the crime by allowing the fraudsters to use their bank accounts," said Mark Harris, global director of SophosLabs. "However, in these situations it can be tricky to prove the deliberate involvement of the account holder as it's quite easy for them to claim they're simply the victim of identity theft. These arrests represent an important step in the right direction and should deter anyone trying to earn a quick buck from engaging in this type of activity."

Sunday, December 23, 2007

Chunk Norris Sues Over Disclosure of Secret Superhuman Abilities

Via Yahoo News -

NEW YORK (Reuters) - Tough-guy actor and martial arts expert Chuck Norris sued publisher Penguin on Friday over a book he claims unfairly exploits his famous name, based on a satirical Internet list of "mythical facts" about him.

Penguin published "The Truth About Chuck Norris: 400 facts about the World's Greatest Human" in November. Author Ian Spector and two Web sites he runs to promote the book, including, are also named in the suit.

The book capitalizes on "mythical facts" that have been circulating on the Internet since 2005 that poke fun at Norris' tough-guy image and super-human abilities, the suit said.

It includes such humorous "facts" as "Chuck Norris's tears cure cancer. Too bad he has never cried" and "Chuck Norris does not sleep. He waits," the suit said, as well as "Chuck Norris can charge a cell phone by rubbing it against his beard."

"Some of the 'facts' in the book are racist, lewd or portray Mr. Norris as engaged in illegal activities," the lawsuit alleges.

Norris, who rose to fame in the 1970s and 1980s as the star of such films as "The Delta Force" and "Missing in Action," says the book's title would mislead readers into thinking the facts were true.

"Defendants have misappropriated and exploited Mr. Norris's name and likeness without authorization for their own commercial profit," said the lawsuit.

The suit, filed in Manhattan federal court, seeks unspecified monetary damages for trademark infringement, unjust enrichment and privacy rights.

Norris, whose real name is Carlos Ray Norris, claims in the suit he is protective of what his name is associated with. He has recently made U.S. headlines for backing Republican presidential candidate former Arkansas Gov. Mike Huckabee.

A spokesman for Penguin, owned by Britain's Pearson, was not immediately available for comment.


Chuck you can't hide your superhuman abilities! The cat is out of the bag!

Chunk Norris gets all "political" and decides to sue the last bit his public image into dust. Sad. Hopefully Mike is happy....

Army Contractor iRobot Wins Patent Suits

Via -

(AP) -- IRobot Corp. on Friday won a pair of federal lawsuits against a competitor company founded by a former employee, resolving the dispute between the companies and putting the competitor out of business.

Burlington-based iRobot filed two lawsuits in August against former employee Jameel Ahed and his company, Robotic FX Corp. - one in Alabama for patent infringement and one in Massachusetts for trade secret misappropriation.

Robotic FX claimed it developed the technology independently.

IRobot won a $286 million contract Tuesday to supply the U.S. Army with bomb-disarming robots, a contract Robotic FX had won in the summer and lost last week.

The Army put the $280 million contract on hold in October, saying it was reviewing whether Robotic FX was a "responsible" choice. The Army's Executive Office for Simulation, Training and Instrumentation said Tuesday that it was terminating the contract with Robotic FX "without cost" to the Army. IRobot, the Army said, was "the next-lowest-priced, technically qualified bidder."

IRobot, which also makes consumer robots such as Roomba vacuum cleaners, said it would immediately deliver the first 101 robots to the Army for rapid deployment.

Robot Boats Hunt High-Tech Pirates

Via -

The U.S. Navy and Coast Guard have expressed interest in the 30-ft.-long Protector, which comes mounted with a machine gun and could be retrofitted for commercial use.

Robots versus pirates -- it's not as stupid, or unlikely, as it sounds. Piracy has exploded in the waters near Somalia, where this past week United States warships have fired on two pirate skiffs, and are currently in pursuit of a hijacked Japanese-owned vessel. At least four other ships in the region remain under pirate control, and the problem appears to be going global: The International Maritime Bureau is tracking a 14-percent increase in worldwide pirate attacks this year.

And although modern-day pirates enjoy collecting their fare share of booty -- they have a soft spot for communications gear -- they're just as likely to ransom an entire ship. In one particularly sobering case, hijackers killed one crew member of a Taiwan-owned vessel each month until their demands were met.

For years now, law enforcement agencies across the high seas have proposed robotic boats, or unmanned surface vessels (USVs), as a way to help deal with 21st-Century techno Black Beards. The Navy has tested at least two small, armed USV demonstrators designed to patrol harbors and defend vessels. And both the Navy and the Coast Guard have expressed interest in the Protector, a 30-ft.-long USV built by BAE Systems, Lockheed Martin and Israeli defense firm RAFAEL.

The Protector, which comes mounted with a 7.62mm machine gun, wasn't originally intended for anti-piracy operations. But according to BAE Systems spokesperson Stephanie Moncada, the robot could easily fill that role. "Down the line, it could potentially be modified for commercial use as well," she says. Instead of being deployed by a warship to intercept and possibly fire on an incoming vessel, a non-lethal variant of the Protector could be used to simply investigate a potential threat.

A favorite tactic of modern-day pirates is to put out a distress call, then ambush any ships that respond. The unmanned Protector could be remote-operated from around 10 miles away, with enough on-board sensors, speakers and microphones to make contact with a vessel before it's too late. "Even without the machine gun, it could alert the crew, give them some time to escape," Moncada says.

The 55-mph Interceptor could become the long-range patrol boat of the future, while the jetski-size Sentry (inset) could help prevent a terrorist plot such as Al Qaeda's attack on the USS Cole in December 2000.

Saturday, December 22, 2007

Angry Populace Burning British Surveillance Cameras

Via Wired -

"Motorists Against Detection, the vigilante anti-speed camera group have announced a summer of MADness which will see them target for destruction all speed cameras in the UK. It’s now going to be a period of zero tolerance against all speed cameras, said their campaigns director Capt Gatso. (((A remote descendant of General Ludd, I reckon.)))

"The group claims speed cameras are just money-making machines and they have given the authorities long enough to prove their worth. The first camera to fall in the summer campaign is in south east London on the A2 at the Sun in the Sands roundabout on-slip heading northbound towards the Blackwall Tunnel.

"Capt Gatso, the group's campaigns director, (((he's a multitalented guy))) said: "We have completely pulled it out of the ground, it is now lying flat. You can see some of our handiwork posted on

Suicide Bomber Strikes Pakistani Mosque, Kills 48

Via NY Times -

ISLAMABAD, Pakistan — A suicide attacker detonated a powerful bomb inside a crowded mosque in northwestern Pakistan on Friday, killing 48 people and wounding 100 as they celebrated one of Islam’s major holidays with the country’s former interior minister, state-run media reported.

The bombing was the second assassination attempt in eight months on the official, Aftab Ahmed Khan Sherpao, who was the country’s top law enforcement official until last month and who is running for Parliament in elections planned for January.

He was unhurt, but his son and two grandnephews were among the wounded. The local police estimated that hundreds of people had been inside the mosque, a modest white building constructed by the former minister’s family in his ancestral village, Sherpao.

In a telephone interview, Mr. Sherpao said he believed that Islamic militants linked to Al Qaeda were responsible. He said that the bomb exploded as he and his relatives prayed in the front row of worshipers.

“It was a massacre,” Mr. Sherpao said, his voice shaking with anger. “I can tell you that.”

After the bombing, police and intelligence agents raided an Islamic school in the nearby village of Turangzai and arrested seven students, some of them Afghans, The Associated Press reported, citing two police officials who spoke on the condition of anonymity because they were not authorized to comment publicly. The police officials declined to say whether the raid was connected to the suicide bombing.

Tucson Police Department Media Website Defaced

Via Register UK -

The path to enlightenment got a little shorter for the citizens of Tucson, Arizona and they have a hacker half-way around the world to thank.

An Indonesian man who goes by the handle Hmei7 bypassed the city's firewall and executed a SQL injection on the website of the Tucson Police Department. That gave him access to the media section of the department's site, where he changed the titles of all the media releases to "Hmei7 has touched your soul."

A quick web search suggests the city isn't the first group to be blessed by the web defacer. Indeed, he's also kissed the souls of people in Okaloosa County, Florida, if this press release is to be believed.

Tucson police officials were alerted to the hack two weeks ago, after a website visitor spotted the messages. They took the site down immediately and only managed to bring it back up in the last 24 hours.

No doubt, the two-week disruption came as an inconvenience to some. But we'd argue it was a small price to pay if it leads the way toward Nirvana.

WHO Says Spread of Bird Flu Among Humans Limited

Via VOA News -

The World Health Organization (WHO) says limited human-to-human transmission of the H5N1 avian influenza virus may have occurred in Pakistan. But it says the threat of further spread appears to have stopped as no new infections have been reported for two weeks. Lisa Schlein reports for VOA from WHO headquarters in Geneva.

Assistant Director-General of the World Health Organization and top bird flu expert, Doctor David Heymann, says a team of WHO experts has completed an investigation into an outbreak of bird flu in Pakistan. He says tests were carried out among a group of people who became infected with the deadly H5N1 strain of the virus in October.

Doctor Heymann says an analysis of the information is not yet complete. But preliminary results indicate there was human-to-human transmission of the virus. He says there could have been a common source of the infection.

"The team feels, we have not seen all their evidence yet, but they feel that this could be an instance of close contact of human-to-human transmission in a very circumscribed area and not sustained," he explained. "Just like happened in Indonesia and in Thailand."

Nine people, including five brothers, became infected with the H5N1 bird flu virus in a small town north of Islamabad. One was a veterinarian involved in culling sick poultry. Two of his brothers fell ill and died. The veterinarian and his other two brothers subsequently recovered.

Doctor Heymann says H5N1 remains an animal disease. He says there have been only occasional instances where human-to-human infections have occurred.

The World Health Organization reports at least 209 people have died worldwide from the virus, most in Indonesia. Scientists fear the H5N1 or another as yet unidentified virus could mutate into a form that could easily spread the disease among humans.

Doctor Heymann says there were three avian flu pandemics in the last century and other pandemics before then. He says there is a clear understanding in the scientific community that there will be another pandemic of influenza.

"We do not know what virus will cause that, but we know there are avian influenza viruses out there and those viruses could cause a pandemic eventually," he explained. "As long as H5N1 is circulating anywhere in the world, there is a chance that that virus can, either through an adaptive mutation or re-assortment, cause a pandemic. The problem is nobody can quantify that risk."


It isn't a matter of if another flu pandemic will happen...but when it will happen.

Asteroid Could Strike Mars in Early 2008

Via VOA News -

A group of U.S. astronomers say there is a chance an asteroid could hit the planet Mars by the end of next month.

Stargazers in Arizona discovered a 50-meter wide asteroid in November that was designated "2007 WD5." Astronomers at the U.S. space agency NASA's Near-Earth Object Office are tracking the object and say it may pass within 48,000 kilometers of Mars by January 30.

The astronomers say there is a one-in-75 chance the asteroid will strike the planet on that day. The asteroid is compared to a similar object that struck Siberia in 1908 with the energy of a three-megaton bomb and destroyed tens of millions of trees.

NASA officials say if the asteroid does hit Mars, it will do so near the location of its Opportunity rover, which has been exploring the Martian surface for three years.


Well, at least the Opportunity rover would go out with a bang....a really really big bang.

Not bad for a pair of rovers that were initially expected to survive only 90 days.

Chinese Cybercrime Networks Fill RBN Void

Via SC Magazine -

An intricate network of servers operated by Chinese criminals has moved into the void created when the notorious Russian Business Network (RBN) shut down, according to a report from anti-crimeware vendor Finjan.

December's "Malicious Page of the Month" report from Finjan's Malicious Code Research Center (MCRC) notes that the RBN “has suddenly picked up from its St. Petersburg digs and diversified…spreading its activity to new chunks of IP addresses, with RBN-like activity almost immediately appearing on newly registered blocks of Chinese and Taiwanese IP addresses."

Iftach Amit, director of security for the MCRC, told that the Chinese group's activity is “an evolution of the Russian Business Network."

“All of the criminal activity over the internet has financial gain behind it, and if you shut down one part of the system, it's bound to bounce back because of market forces,” he said.

The report also noted that MI5, the United Kingdom's counter-intelligence agency, warned 300 U.K. chief executives and security experts of an increased risk from Chinese hackers following an attack on government servers.

Friday, December 21, 2007

Orkut XSS Worm

Via -

Several people sent this to me over the last few days but for those of you who hadn’t seen it in the myriad of different places it showed up, Orkut was hacked using a XSS worm. Orkut is Google’s version of social networking. It was big for a while, but I think everyone bailed in favor of the more open MySpace and Facebook’s of the world. It’s still widely used by the Portuguese population though.

Rough estimates are north of 300,000 people compromised, even though it was caught relatively quickly. It’s amazing how fast these things grow in environments like that, where the medium for spreading is based on a technology that almost everyone uses and works across platform. I think they only thing stopping this from being more virulent is making it cross platform, and making the social engineering a little more seamless.

Fourteen Extremists Arrested in Belgium, Possible Al-Qeada Jail Break

Via CNN -

BRUSSELS, Belgium (AP) -- Fourteen Muslim extremists were arrested on Friday on allegations they sought to free an al Qaeda sympathizer imprisoned for planning a terrorist attack on U.S. air base personnel, Belgian authorities said.

Security was heightened across the capital, at airports and subway stations out of precaution, officials said.

"Other acts of violence are not to be excluded," Prime Minister Guy Verhofstadt said. He said authorities had "elements of information which point to the preparation of an attack."

Lieve Pellens, spokeswoman of the federal prosecutor's office, said security also was being stepped up at Christmas markets.

"Since it could not be excluded that the group had other plans and because of the heightened terror threat this time of year, it was decided no risk should be taken," Pellens said.

The suspects sought to free Nizar Trabelsi, a 37-year-old Tunisian who played soccer for several German teams and who was sentenced to the maximum 10 years in prison four years ago, authorities said.

He had admitted planning to drive a car bomb into the canteen at Kleine Brogel, a Belgian air base where about 100 American military personnel are stationed and where U.S. nuclear weapons are believed to be stored. Trabelsi testified that he intended kill American soldiers.

The federal prosecutor's office said the 14 were planning to free Trabelsi with force.

Visa Returned to Former Australian Terror Suspect

Via -

SYDNEY: Mohammed Haneef, the Indian doctor once accused of involvement with terrorist bombers in Europe, on Friday had his Australian visa returned, the latest chapter in a case that embarrassed the Australian police, prosecutors and the government of former Prime Minister John Howard.

The high court in Melbourne on Friday rejected an appeal by Kevin Andrews, the former minister of immigration, against the reinstatement of Haneef's Australian visa.

Peter Russo, Haneef's lawyer, said his client, who is in Saudi Arabia for the hajj, was happy with the outcome and would like to return to his old job as a hospital registrar as soon as the formalities have been sorted out.

"He's pretty happy," Russo said Friday. "If he can, he'll come back."

Andrews had originally canceled Haneef's visa after ruling that the doctor had associated with undesirable elements, namely his cousins who are alleged to have been involved in a terrorist plot in Britain, but the high court ruled Friday that the minister had applied the Migration Act too broadly.

Calling its judgment unanimous, the court concluded that the "association" to which the Migration Act refers "is one involving some sympathy with, or support for, or involvement in, the criminal conduct of the person, group or organization with whom the visa holder is said to have associated."

"The association must be such as to have some bearing upon the person's character," it said.

Thursday, December 20, 2007

Phishers Bypass Myspace Link Protection Scheme - Again

After making my morning coffee, I jumped online to check my vitals. I noticed one of my friends is having a birthday today, so I went to send him a quick message. After that it was all downhill.

It started with this message. That isn't your normal everyday message, so I started to dig a bit.

Umm, this isn't good. The photo points to The "r" and the "n" play tricks on the human eye, to the point that it almost appears to be a "m" - but it isn't. Also note that the link in the status bar is not being covered by Myspace's Msplinks protection scheme. More on that in a bit. Lets check this phishing site, see if it is still up.

Still up and playing the full Juno movie ad. Nice. Lets find out who and where this page is being served.

That is right boys and girls, China - just in case you couldn't have guessed from the post title. Lets look at that photo embedded in the original message. Why isn't it being covered by Msplinks?

Ok, it is hosted at Imageshack, so lets found that in the source of the page.

Very strange, yet very similar to other bypass tricks that I have reported before. They are using strange (yet valid) anchor / image herf tags to get around the filters.

Now to fill that lame form out on Myspace to report this.....

Wednesday, December 19, 2007

Update: Malware

Just wanted to give everyone an update on my previous malware blog.

I passed the information I had to some friends over at Sunbelt Software and they have been looking into it deeper.

Without getting into too much detail at this point, they found two files are dropped on the machine after the JS file does its job (which is exploitation). Both of these files were checked for current AV detection and the results were not good.

Many of the big AV companies missed at least one of the files - NOD32, Sophos, McAfee, Norton, Trend Micro, Kaspersky, Microsoft, etc. Some missed both.

Investigations are ongoing, so more information will be released when possible.

Thanks to my friends at Sunbelt Software for their help.

Putin named Time "Person of the Year"

Via -

NEW YORK (AP) - Time magazine has named Russian President Vladimir Putin its "Person of the Year."

Time's managing editor Richard Stengel says the honor went to the Russian leader for bringing stability to "a country that was in chaos." Stengel describes it as "an extraordinary feat of leadership."

Others in the running for the honor included Nobel Prize-winner Al Gore and Harry Potter author J.K. Rowling (ROHL'-ing).

The magazine returned to tradition this year by picking an individual rather than last year's choice of anyone creating or using content on the World Wide Web.

Previous winners have also included U2 frontman Bono (BAH'-noh), President Bush and CEO and founder Jeff Bezos (BAY'-zohs). Hosting RTSP Exploit (Storm?!)

It would appear that is currently having some malware issues.

At around 12:30 CST, a well-known security researcher and friend alerted me to an active RTSP exploit being served on

After several refreshes in IE7, I finally got it to pop.

Using Paros Proxy, I looked into the highlighted JS file.

Clearly, this smells bad and looks to be malicious. So I went to decode as much of the JS as I could. In the process, I found many interesting (and evil) javascript code blocks.

Ummm, Quicktime files. Lets check it out the QTL file.

Ouch, that isn't good at all. Lets look at the files a little closer.

So where is this exploit and the RTSP being hosted?? Good question. Lets look at DNS Tools.

But the real killer this post from yesterday.

So they know that this stuff is hitting their users.
Perhaps inside a malicious ad (which is out of their direct control).

But with almost 1,400 sites linking back to them, they might want to find out about this ASAP.

Now that is a Cute Pwnage.


UPDATE - As you can see from the photo above, it would appear that this JS file is full of multiple exploits, all rendered in JS - pretty nasty. Exploits include the VMLv2, SetSlice, Quicktime, GomManager, Window Media Player, etc.

It would appear that this is some type of super exploit (most likely popped out a malicious ad). In addition, most of the exploits point to the same hard-code return address - 0x0c0c0c0c

I believe this address contains the final heapslide & payload.

Here is the Setslice and the final piece of code that starts all the functions and kicks off the payload.

Also, it would appear that a cookie is used to reduce repeat infections.

Looks like it might be a Storm variant of sorts. Not good.