Tuesday, January 30, 2007

Wiinja - The First Wii Mod Chip

Via computerandvideogames.com -

Hackers have created the first mod-chip to compromise Wii's anti-piracy software, and will make the chip available for public purchase in February.

The new 'Wiinja' Chip has to be soldered to certain points on the Wii's motherboard. Once installed, the Wii will play 'back-up' (copied) versions of Wii and GameCube games.

Its major downfall is that it will only play copied games of the same region, rendering it useless for playing import games - the key reason to consider getting a mod-chip.

Websites have already started taking pre-orders on the chip, which is expected to go for around $55, with installation costing more unless you run the risk of fitting it yourself.


Just two months after its release...the first mod chip has been created. More to come in the future, I am sure..

Debian Plugs Mozilla Javascript Holes

Via vnunet.com -

Linux distributor Debian issued a security advisory over the weekend, warning of several problems in Mozilla and associated products such as Mozilla Firefox.

The vulnerabilities include bugs in the layout engine which could allow a denial of service attack and the execution of arbitrary code.

Vulnerabilities in the JavaScript engine could allow the same attacks, and a 'shutdown' flaw could allow remote attackers to gain privileges and install malicious code via the watch JavaScript function.

For the stable distribution of Debian, known as 'sarge', these problems have been fixed in version 1.0.4-2sarge15.

For the testing and unstable distribution, known as 'sid' and 'etch', these problems have been fixed in version of 'Iceweasel'.

Debian recommends that users upgrade their Firefox and Iceweasel packages.

There have been no announcements from Mozilla or other Linux distributions, although Debian warned that the bugs are not Debian specific.

Drug Ads Make Me Sick, Seriously!

Via ABC News -

Do you experience confusion? Anxiety? Feelings that your life is out of your control?

Televised advertisements for prescription drugs may be partly to blame, new research suggests.

A study published in the current issue of the journal Annals of Family Medicine examined 38 different pharmaceutical advertisements that ran during peak television viewing times. Researchers found that while the overwhelming majority of the ads made arguments for the use of drugs, only about a quarter of them described the causes of the medical conditions the drugs are designed to treat.

The study also found that emotional appeals were common, and about 85 percent emphasized regaining control over some aspect of life.

"The ads do rely almost universally on the consumers' emotions," says Dominick Frosch, lead study author and assistant professor of general internal medicine at UCLA. "Medical decisions shouldn't be about emotions. They should be on carefully weighed benefits, risks and costs."

Frosch says presenting information about the drugs in this way could also lead patients to think that they need medicine even if they really don't. This could lead to changes in the way patients and doctors communicate.

"It's really intruding onto the doctor-patient relationship," says Dr. Kurt Stange, editor of Annals of Family Medicine and professor of family medicine at Case Western Reserve University in Cleveland. "What the ads tend to do is take up time and energy during a visit that could otherwise be spent on things that are important to the patient."

And both Stange and Frosch say the drug ads may lead patients to demand the advertised medications from their doctors.

"Doctors in surveys have said that they have provided drugs even when the prescription wasn't appropriate," Frosch says. "If consumers were powerless in changing the views of the doctors, the pharmaceutical industry would not be spending money advertising to them. It works."


Pharmaceutical companies are getting out of hand IMHO, something needs to be done. Feeding on the fears of the general people, while perhaps harming them more, is not something that we should endorse as a society.

So, I will say it again....Drug Ads make me Sick...in multiple ways it would seem.

A Look Inside the Dark World of Internet Crime

Via Wired -

By the time David Thomas eased his Cadillac into the parking lot of an office complex in Issaquah, Washington, he already suspected the police were on to him.

An empty Crown Victoria in one of the parking spaces confirmed it. "That's heat right there," he told his two passengers -- 29-year-old girlfriend Bridget Trevino, and his crime partner Kim Marvin Taylor, a balding, middle-aged master of fake identities he'd met on the internet.

It was November 2002, and Thomas, then a 44-year-old Texan, was in Washington to collect more than $30,000 in merchandise that a Ukrainian known as "Big Buyer" ordered from Outpost.com with stolen credit card numbers. His job was to collect the goods from a mail drop, fence them on eBay and wire the money to Russia, pocketing 40 percent of the take before moving to another city to repeat the scam.

But things didn't go as planned.

Ignoring Thomas' suspicions, Taylor walked into the Meadow Creek Professional Center to collect the Outpost shipment, and found the cops waiting for him. Thomas and his girlfriend tried to escape in the Cadillac but were caught half a mile away.

An ID badge that Taylor wore when he was arrested indicated that he worked for Microsoft. But that was no more accurate than the two-dozen other employee badges he possessed for E-Trade and AT&T Broadband, or the 15 driver's licenses from various states that featured his congenial face and a dozen aliases. Nor did Thomas's California driver's license help authorities identify him. Although it had his picture, the name and address on the ID belonged to a producer for the A&E channel.

With so many fake IDs in play it was unclear to police exactly who they had in custody. Then as they read Thomas his rights, he told them: "Get me some federal agents and I'll give you a case involving the Russians and millions of dollars."

Thus was the beginning of Thomas' turn to the other side. For 18 months beginning in April 2003, Thomas worked as a "paid asset" for the FBI running a website for identity and credit card thieves from a government-supplied apartment in the tony Queen Anne neighborhood of Seattle.


Check out the full article via the link at the top. It is a long read, but well worth it.

Intel 2200BG 802.11 Disassociation Packet DoS PoC


Title: Intel 2200BG 802.11 disassociation packet Kernel Memory Corruption

Description: The intel wireless mini-pci driver provided with Intel2200BG cards is vulnerable to a remote memory corruption flaw. Malformed disassociation packets can be used to corrupt internal kernel structures, causing a denial of service (BSOD)

This vulnerability was found at Intel 2200 driver version (09/12/2005).

Driver files:

w29n51.sys - 9ee38ffcb4cbe5bee6c305700ddc4725w29
mlres.dll - 35afeccc4092b69f62d757c4707c74e9w29
NCPA.dll - 980f58b157baedc23026dd9302406bdd

Author: Breno Silva Pinto ( Sekure.org ) / bsilva[at]sekure[dot]org)

Get a First Life!


"First Life is a 3D analog world where servers never lag..."


Iran Set to Launch Satellite Into Space

Via aviationweek.com -

Iran has converted one of its most powerful ballistic missiles into a satellite launch vehicle. The 30-ton rocket could also be a wolf in sheep's clothing for testing longer-range missile strike technologies, Aviation Week & Space Technology magazine reports in its Jan. 29 issue.

The Iranian space launcher has recently been assembled and "will liftoff soon" with an Iranian satellite, according to Alaoddin Boroujerdi, the chairman of the Iranian parliament's National Security and Foreign Policy Commission.

The move toward an independent space launch capacity is likely to ratchet up concern in the U.S. and Europe about Iran's strategic capabilities and intents. Orbiting its own satellite would send a powerful message throughout the Muslim world about the Shiite regime in Tehran.

U.S. agencies believe the launcher to be a derivation of either of two vehicles -- the liquid-propellant, 800-1,000-mi. range Shahab 3 missile, or the 1,800-mi. range, solid propellant Ghadar-110. A Shahab 3 or a Ghadar-110 fired from central Iran could strike anywhere in Israel, Saudi Arabia, the entire Persian Gulf region and as far west as southern Turkey.

There are concerns in the West that space launch upgrades, however, could eventually create an Iranian intercontinental ballistic missile (ICBM) with a range of nearly 2,500 mi., giving Tehran the ability to strike as far as central Europe, well into Russia and even China and India.

The U. S. Defense Intelligence Agency has told the Congress that Iran may be capable of developing a 3,000-mi. range ICBM by 2015.

"But ultimately, their space program aims to orbit reconnaissance satellites like Israel's "Ofek," using an Iranian satellite launcher from Iranian territory, says Uzi Rubin, the former head of the Israel Missile Defense Organization. Rubin made his assessment in a report for The Jerusalem Center for Public Affairs.

British to Create Footwear Intelligence Database

Via reuters.com -

LONDON (Reuters) - Britain is launching a database of thousands of shoes and shoe types next month to help track down criminals, thought to be the first of its kind in the world.

The Footwear Intelligence Tool will be similar to the database of genetic samples that Britain created in 1995, which now has millions of DNA profiles.

"Footwear marks at the scene are the second biggest evidence type behind blood and DNA," said Dr Romelle Piercy, of the Forensic Science Service (FSS) in London.

Like fingerprints, hair, blood or fibers, footprints are left at many crime scenes -- on carpets or bodies as well as in earth or mud -- and are often highly distinctive.

Footwear prints and marks from crime scenes and information from manufacturers will be loaded on to the database, which will be updated daily. Similar clues have already been used to track down suspected bombers and in other major criminal cases.

"The technology, like the DNA database, has no upper limits as far I am aware," Piercy told reporters.

The archive, to be launched on February 15, will include information on shoe type, color, branding and marks as well as demographic information. It already contains over 1,000 distinguishing marks on Nike training shoes alone.


Frankly, I am shocked they didn't already have one of this? Does the US government keep paint samples and almost every gun made to help in forensic work?

TomTom GO 910 Devices Shipped with Viruses

Via TomTom.com -

Isolated number of TomTom GO 910's may be infected with a virus

It has come to our attention that a small, isolated number of TomTom GO 910’s, produced in one week in the last quarter of 2006, may be infected with a virus. The virus is qualified as low risk and does not affect the navigation performance of the TomTom GO 910 in any way. The virus can be removed safely with virus scanning software. Appropriate actions have been taken to make sure this is prevented from happening again in the future.

Affected devices

It has been confirmed that a small number of TomTom GO 910 devices, produced between September and November 2006, and shipped with software version 6.51, may be infected with a virus.

Known risks

The viruses that were detected present an extremely low risk to customers’ computers or the TomTom GO 910. To date, no cases of problems caused by the viruses are known.

How to detect the virus?

In the isolated cases that a virus was detected, it was found when the TomTom GO 910 was connected to the computer and for example, a back-up of the content on the device was being made.

What to do when a virus is found?

TomTom highly recommends that all TomTom GO 910 customers update their virus scanning software, and if a virus is detected, allow the virus scanning software to remove the ‘host.exe’ file, ‘copy.exe’ file or any other variants.

The above identified files or any variants can safely be removed from the device with virus scanning software, and are NOT to be removed manually, as they are not part of the standard installed software on a TomTom GO 910. They present no danger whilst driving with the TomTom GO 910.

Customers that do not have virus scanning software are advised to install virus scanning software. The internet offers many free online virus scanners like Symantec and Kaspersky) that will remove the virus safely from the TomTom GO 910 as soon as it is detected.

Any customers who experience problems or have further questions are welcome to contact our Customer Support department.


All those words and not even a "sorry about that" or "we deeply reget making you pay for virsues".


Monday, January 29, 2007

Preserving Moore's Law & Moving Toward 22-nm Chip Production

Via ComputerWorld -

IBM Corp. and Intel Corp. accelerated their horse race in semiconductors when each unveiled over the weekend similar chip-manufacturing advances.

The research from both companies involves a crucial building block -- called high-k material -- to build smaller, more efficient transistors in microprocessors. High-k materials are better insulators than standard silicon dioxide, allowing engineers to keep shrinking transistors without losing efficiency through leaking electricity.

In both announcements Saturday, engineers say they plan to use the material to build transistors that switch on and off better, using "high-k metal gate" technology.

The announcements promise to keep alive Moore's Law, which holds that the number of transistors on a chip doubles every two years. It's good news for users because the more transistors that can be packed on a microprocessor, the faster it runs a PC.

The new materials also mean the manufacturers won't have a problem continuing to etch transistors on chips at microscopic sizes, and more importantly, mass-produce them so they're affordable to PC users. In fact, Intel officials predict this breakthrough alone will ensure Moore's Law thrives "well into the next decade."

The announcements underscore an old industry rivalry, since IBM worked with Sony Corp., Toshiba Corp. and Advanced Micro Devices Inc. (AMD), Intel's main opponent in the microprocessor market.


high-k material – A material that can replace silicon dioxide as a gate dielectric. It has good insulating properties and also creates high capacitance (hence the term “high-k”) between the gate and the channel. Both of these are desirable properties for high performance transistors. “k” (actually the Greek letter kappa) is an engineering term for the ability of a material to hold electric charge. Think of a sponge. It can hold a lot of water. Wood can hold some but not as much. Glass can’t hold any at all. Similarly, some materials can store charge better than others, hence have a higher “k” value. Also, because high-k materials can be thicker than silicon dioxide, while retaining the same desirable properties, they greatly reduce leakage.

Sunday, January 28, 2007

Terrorism Continues to Tap Cyber-Fund Rising

Via Zone-H.org -

Is money made by data thieves a source for terrorism?

The link between cyber crime and terrorism is quite foggy and it is not easy to determine which activities are backed by terrorist organizations and which ones are carried out by “normal” attackers. Anyway, as declared by Miss Avivah Litan, Gartner's resident expert on identity theft, recent events have cleared up the situation a bit more.

"This is something people have been talking about since 9-11,"she says. "But it's really a new phenomenon."

The first effective proof of cracking activities aimed to Middle East extremist group's fund-raising was discovered in late 2006 thanks to the arrest of approximately 50 people in Egypt and Lebanon. The arrests led to the discovery of millions of dollars filched by using stolen debit and credit account numbers.

Miss Litan’s declaration was released after last week’s attack to the company of chain retailers T.J. Maxx and Marshalls that provoked a huge data breach.

There’s no confirmation about the involvement of terrorism in such attack but security experts do not hide their concern about this possibility.

Specifically, Miss Litan's assertions focus on the debate about what is really happening on the digital ground: nothing new... but very little known!


This type of thing isn't new. For as long as there has been an internet, bad people have used it to do bad things.

But it is important to remember that bad people just don't want to buy boats with your money....sometimes they want to hurt people.

How much of the fraud is really going directly toward terrorism? Who knows, and perhaps we will we will never know. I have a feeling that the percent is low...but then again, who knows.

If even the percentage was low, it would still be more than the general person on the street would ever expect it to be.

To see into the future, you only need to look into the past.

Syngress XSS Book in the Works

Via Hac.kers.org -

I was wondering how long it would take for someone to make the suggestion, and a few days ago it finally happened - someone made the suggestion that I write a book on XSS. The idea would be to write a book that anyone could pick up and use as a reference to understand and combat XSS attacks. Whelp, as it turns out, I’ve been doing just that for months now. Yup, the people on the forum outed us.

Several months ago Syngress Publishing asked a few people to help contribute to a book on XSS. The contributing authors are Jeremiah Grossman, Anton Rager, Seth Fogie and yours truly. We are still several months away from completing the book, but we are well on our way. Sorry I didn’t tell you all earlier, but I was just finally allowed to start talking about it.

I’ll let you all know as the date gets closer. But if I’m not super quick on the posts and answering email, that’s part of what’s going on - too many irons in the fire these days.


This book is long overdue...but it will be a welcome sight to many programmers and managers struggling with fighting the XSS war. XSS isn't just vulnerability, it is a security pandemic.

Plus you couldn't find a better group of people to write the book. I am looking forward to this one. Hopefully the book will provide strong guidelines for programmers.

I still see programmers attempting to use blacklist to kill XSS and SQL injections. Of course, this never works.

More Myspace XSS Fun

Via Ha.ckers.org -

This is perhaps one of the weirdest vectors I’ve come across. It took me a while to figure out why this was happening, but after some time it became clear. SystemOfAHack sent me this vector a few days ago, but I was unable to get all the peices put together until now. MySpace allows users to enter HTML as we all know. But due to an open ended div tag and overwriting a class with a set id that MySpace uses, SystemOfAHack was able to execute XSS.


See RSnake's blog to see the full code example.

Reporter Jailed For Hacking Royal UK Phones

Via telegraph.co.uk -

The disgraced royal editor of the News of the World and a private investigator were jailed yesterday after admitting hacking into hundreds of messages on mobile phones belonging to aides of the Royal Family.

Clive Goodman, 49, a senior journalist on the Sunday tabloid, was sentenced to four months, while Glenn Mulcaire, 36, a freelance "researcher", got six months after judge Mr Justice Gross described their conduct as "reprehensible in the extreme".

"This was serious criminal conduct," he said while passing sentence at the Old Bailey. "It's of very first importance to the fabric of our public life that such intrusive, sustained, criminal conduct should be marked by an immediate loss of liberty".

Saturday, January 27, 2007

Russia Unwilling to Extradite Litvinenko Suspect

Via guardian.co.uk -

Russia said yesterday it was not willing to hand over to Britain the businessman suspected by Scotland Yard of poisoning the former KGB officer Alexander Litvinenko.

Russian prosecutors said there was virtually no prospect they would agree to any future British request for Andrei Lugovoi to be extradited to the UK to stand trial.

Senior Whitehall officials have told the Guardian that a Scotland Yard file on Mr Litvinenko's murder, which is about to be passed to the Crown Prosecution Service, alleges there is sufficient evidence against Mr Lugovoi for the CPS to decide whether he should face prosecution.

But yesterday sources in Russia's prosecutor's office said Mr Lugovoi would not leave Moscow. "If a request for Lugovoi's extradition arrives from London, the following answer will most likely be given to it: the constitution of Russia prohibits extradition of its citizens," the official said. He said Mr Lugovoi could be tried in Russia for a crime committed abroad "if there is evidence proving his guilt".

Yesterday Mr Lugovoi shrugged off the accusation against him and repeated his denials that he had nothing to do with Mr Litvinenko's murder. In an interview with the Russian news agency Interfax, he said he had given "exhaustive answers" to Scotland Yard detectives when they visited Moscow last December. "I have not received any official statements. However, if it happens I am ready to protect my reputation in any court," he added.

There were signs yesterday that the affair is damaging relations with Moscow. Government officials are convinced that, in return for an extradition request for Mr Lugovoi, the Kremlin is likely to demand extradition of Boris Berezovsky, the Russian oligarch granted asylum in the UK.


Wikipedia Details on Lugovci

Andrei Lugovoi (Lugovoy) (Russian: Андрей Луговой) is a former Federal Security Service of Russia (FSB) operative and millionaire who met with Alexander Litvinenko on the day he fell ill (1 November).

He had visited London at least three times in the month before Litvinenko's death and met with the victim four times. Traces of polonium-210 have been discovered in all three hotels where Lugovoi stayed after flying to London on October 16, and in the Pescatori restaurant in Dover Street, Mayfair, where Mr Lugovoi is understood to have dined before 1 November; and aboard two aircraft on which he had travelled.

He has declined to say whether he had been contaminated with polonium 210, the substance that led to Litvinenko's death on 23 November 2006.

Meet with the Nordea Bank Hacker

Via computersweden.idg.se -

For the price of 3,000 dollars, our reporter was offered his personal bank Trojan. In an interview with Computer Sweden, the hacker behind the recent Internet frauds against Sweden's Nordea bank claims responsibility for more intrusions. "99 percent of all bank intrusions are kept secret," he insists.

The same Trojan that stole eight million Swedish kronor from the Nordea bank was also used for a major attack in Australia. This is confirmed by the hacker who calls himself "Corpse", a developer of advanced Trojans. Computer Sweden's reporter met him in an anonymous chat.

With the aid of security expert Per Hellqvist of Symantec, Sweden, Computer Sweden tracked the Russian-speaking hacker. Using a pseudonym, our reporter claimed to be interested in buying his own Trojan, tailored for attacking an internet bank. It was soon obvious that "Corpse" knows very well that his application is used for major Internet banking frauds.

The bank accounts broken into are selected at random: "It's like roulette," he says in broken English: "Some accounts have a million dollars, some have one dollar. You never know who gets infected."


Check out the full Q&A section via the news link at the top. Also, check out my first blog on this bank hack if you aren't up on the details.

Remote Authenticated Vulnerabilitiy in PGP Desktop

Peter Winter-Smith of NGSSoftware has discovered a medium risk vulnerability in PGP Desktop which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed.

The vulnerability resides within the Windows Service which PGP Desktop installs (which operates under the Local System account), and as such it may be used by any local or remote user (who must be a member of at least the Everyone/ANONYMOUS LOGON groups) to run code with escalated privileges. NGSSoftware have not been able to exploit this issue in the context of a NULL session.

Friday, January 26, 2007

Al-Zawraa TV: 24-hour Insurgent Propaganda Station

Via CT Blog -

Nick Grace and I have been following the case of al-Zawraa TV, a 24-hour insurgent station that focuses on Iraq but is broadcast through the Middle East. Here's how we described the station in a Daily Standard article on January 3:

Al-Zawraa hit the airwaves on November 14. According to Middle East-based media monitor Marwan Soliman and military analyst Bill Roggio, it was set up by the Islamic Army of Iraq, an insurgent group comprised of former Baathists who
were loyal to Saddam Hussein and now profess their conversion to a bin Laden-like ideology.

The Islamic Army of Iraq is subordinate to the Mujahideen Shura Council, an umbrella organization of Sunni insurgent groups, including al Qaeda in Iraq. The Al-Zawraa channel is not only viewed as credible by users of established jihadist Internet forums, but as a strategically important information outlet as well.

Moreover, Abu Ayyub al-Masri, the leader of al Qaeda in Iraq, is delighted by the station. A U.S. military intelligence officer told us that al-Masri "has long-term and big plans for this thing." . . . .

Al-Zawraa's content is heavy with insurgent propaganda, including audio messages from Islamic Army of Iraq spokesman Dr. Ali al-Na'ami and footage of the group's operations. The station calls for violence against both Shia Iraqis and the Iraqi government. According to Marwan Soliman, the station's anchors appear in military fatigues to rail against the Iraqi government while news crawls urge viewers to support the Islamic Army of Iraq and "help liberate Iraq from the occupying U.S. and Iranian forces."

When we wrote this, al-Zawraa was being broadcast by Nilesat, a powerful satellite administered by the Egyptian government. Today, BBC Monitoring reports that al-Zawraa has been picked up by Saudi-based Arabsat, thus making it more difficult to shut down the station:

On Friday 26 January BBC Monitoring observed Al-Zawraa TV, a Sunni satellite channel that targets viewers in Iraq and the Middle East, transmitting on Badr 4, one of the Arabsat satellites, at 26 degrees east.

Al-Zawraa also continues to be carried on the Egyptian-run Nilesat satellite.

Arabsat, based in Saudi Arabia, is an intergovernmental organization established originally by the Arab League. Saudi Arabia is the main stakeholder.

Al-Zawraa's founder is Mishan al-Jaburi, a former member of the Iraqi parliament and leader of the Sunni Arab Front for Reconciliation and Liberation.

The US has expressed concern about the content of the channel's broadcasts. An unnamed US official quoted by United Press International news agency on 14 January said: "We are very concerned about this. Al-Zawraa is glorifying the killing of American and Iraqi government officials, which we strongly object to. This needs to be taken care of. . . . This should never have been on air in the first place, much less over the satellite of a country that professes to be a friend of the United States."

Al-Zawraa is now based in Syria, after its studios in Iraq were closed by the Iraqi Interior Ministry in November 2006, for allegedly inciting violence and terrorism.

The Iraqi government has also asked Egypt to remove Al-Zawraa from the Nilesat satellite. So far, Egypt has refused to take Al-Zawraa off the air, saying that the channel's broadcasts are a purely commercial arrangement.

Worst Practices for Online Service Providers

Via EFF -

In an instant, Seclists.org, including thousands of pages, vanished from the Internet this week. And if your online service providers have as weak a backbone as GoDaddy, the same thing could happen to your site.

Here's the story (as recounted by News.com): A list of MySpace user names and passwords began floating around online weeks ago, including in a Seclists.org and many other places online. Rather than ask the Seclists.org's owner, Fyodor Vaskovich, to remove a single offending page, MySpace wrote to his domain name registrar GoDaddy, which shut down all 250,000 Seclists.org pages.

Did GoDaddy demand to receive a court order first? Was it at any legal risk? No. Apparently all it took was a single informal request from MySpace, and Seclists.org was gone, a mere 52 seconds after GoDaddy notified Vaskovich.

“I think the fact that we gave him notice at all was pretty generous,” said GoDaddy’s general counsel Christine Jones, in what has to be in the running for most ironic comment of the week.
All too often, that's what passes for customer service when your free speech is at stake. Internet intermediaries owe their customers more than that. GoDaddy should have given Vaskovich meaningful notice, time, and information to respond, and it should have been willing to stand up for his rights.

Read the News.com article for more, and check out EFF's Best Practices for Online Service Providers for more on how companies like GoDaddy ought to behave.

iDefense Begins to Dig into Mujahideen Secrets

Via CT Blog -

CT Blog posting from Jim Melnick, iDefense Intelligence Team, VeriSign, Inc.

On January 1, 2007, the pro-terrorist group, "Global Islamic Media Front" (GIMF) announced the "imminent release" of what they called "the first Islamic computer program for secure exchange on the Internet." Some Western websites that track online terrorist activity reported on the GIMF announcement, but it has otherwise not received any serious media attention. iDefense/VeriSign has since found a copy of this program, "Mujahedine Secrets," on a pro-terrorist Arabic language forum and has begun analyzing its capabilities and assessing what its impact will be. Earlier this week we announced this to our client base, which includes numerous key elements of the U.S. government. We are continuing to discover new aspects about the software, which we believe is bound to spread quickly in the online pro-terrorist world. As far as is known, none of this new information has been announced publicly anywhere else other than among the pro-terrorists themselves.

The "Mujahedine Secrets" encryption program offers terrorists and their sympathizers several key features, some of which are common features of PGP programs that are currently available elsewhere as well as other features that appear to be new. Technical analysis is ongoing and will be assessed in future iDefense reporting. Most importantly, this program is an executable application that does not need to be installed onto a PC and can be used with a USB drive. According to iDefense Middle East analyst Andretta Summerville, "the program's 'portability' as an application (not requiring installation) will become an increasingly desirable feature, especially considering the high use of Internet cafés worldwide by pro-terrorist Islamic extremists." The use of the 'Mujahedine Secrets' on a portable USB drive will offer additional anonymity to those who use the program, which may make it increasingly difficult or even impossible for investigators to track down the source of activity further than the Internet café itself.

Due to the strong "marketing" campaign of the program by the Global Islamic Media Front in Arabic-language forums, specifically on hacker and pro-terrorist forums, "Mujahedine Secrets" is likely to reach a broad audience of pro-terrorist supporters online and Arabic-speaking hackers. The PDF file included with the software assists non-English speaking users in the application's operation. This, unfortunately, could greatly impact the threat landscape of pro-terrorist communications worldwide, since it will make it easier and more comfortable for those Arabic speakers who may have been wary of using English-based encryption programs to use a program developed by "their own" people. According to a statement within the Arabic PDF file, this is a code that they have been developing for years. iDefense/VeriSign is continuing to assess what the impact will be with this new software - both as to its technical characteristics as well as how it will be greeted in the pro-terrorist online world. Requests for follow-on information on this development or information on how to obtain iDefense products can be sent to:

di@idefense.com. Jim Melnick, Director of Threat Intelligence, iDefense/VeriSign, Inc.

New Unpatched Zero-Day in Microsoft Word

US-CERT is investigating reports of a new Microsoft Word vulnerability affecting Word 2000 and Word 2003/XP. Earlier today, Symantec published an alert indicating that the vulnerability could be exploited to allow an attacker to execute arbitrary code in the context of the user who is logged in. Details of the vulnerability are not yet clear; however, the alert indicated that exploitation is occurring in the wild.

Until more information becomes available, US-CERT recommends the following actions to help mitigate the security risks:
  • Do not open untrusted Word documents or attachments from unsolicited email messages.
  • Disable automatic opening of Microsoft Office documents.
  • Do not rely on file name extensions as a way to securely filter against malicious files.
  • Install anti-virus software and keep its virus signature files up-to-date.
  • Save and scan any attachments before opening them.
  • Limit user privileges to no administrator rights.
US-CERT will continue to investigate and provide additional information as it becomes available.

Bankers Detect Fraud from TJX Hack

Via BusinessWeek.com -

Customer data stolen by computer hackers from TJX Cos. has been used to make fraudulent debit card and credit card purchases in the United States and overseas, the Massachusetts Bankers Association said Wednesday.

The fraudulent purchases have been made in Florida, Georgia, and Louisiana, and overseas in Hong Kong and Sweden, the association said.

Nearly 60 banks have reported they've been contacted by credit and debit card companies about compromised cards, the association said. The number is likely to grow because less than half of the association's 205 banks have reported to it on the issue.

The association said banks are notifying customers about fraudulent purchases, and reissuing cards, in some cases.

TJX, operator of T.J. Maxx and Marshalls discount stores, did not immediately respond to a request for comment.

Last week, TJX said hackers had broken into a system that handles credit and debit card transactions, as well as checks and merchandise returns for customers in the U.S. and Puerto Rico and may involve customer accounts from the U.K. and Ireland.

The company has refused to say how many customers had their data stolen or accessed by a computer hacker.

Credit card companies have noted that consumers are not responsible for fraudulent purchases.


Sounds like the bad guys know that the information they have it only valid for a limited time...so they are using it before they lose it.

Now the banks that were affected really should step up and reissue new cards...even if illegal activity hasn't been detected on those accounts yet.

Because sooner or later...it will be.

Right after the CardSystem hack, my little small town bank didn't reissue cards right after the hacke. They wouldn't even tell me if my number with on a list of exposed accounts, which I know they had.

But a year later, they started to detect fraud on several of the cards and ended up sending me a new card anyways....

Attacks on Virtual Machine Emulators


As virtual machine emulators have become commonplace in the analysis of malicious code, malicious code has started to fight back. This paper describes known attacks against the most widely used virtual machine emulators (VMware and VirtualPC). This paper also demonstrates newly discovered attacks on other virtual machine emulators (Bochs, Hydra, QEMU, and Xen), and describes how to defend against them.

Paper by Peter Ferrie, Senior Principal Researcher, Symantec Advanced Threat Research

Full PDF

MS Windows Explorer (AVI) Unspecified DoS Exploit

Explorer.exe version 6.0.2900.2180 .avi file Denial of Service


author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org

Month of Apple Bugs (MoAB) Comic 1

http://www.milw0rm.com/papers/135 (PDF Redirect)

Good stuff, indeed.

It even appears to be in the Zone-H Comic spoof manner...classic.

Cameras to Watch Cameras in Scotland

Via theregister.co.uk -

The Scottish Borders are considering putting in CCTV cameras to keep an eye on speed camera installations, the BBC reports.

The Lothian and Borders Safety Camera Partnership is weighing up the move after having to replace seven of the Gatso cameras in the last three years. Machines have suffered various attacks including being set alight, vandalised, and even pulled over.

According to the BBC, partnership head Colin McNeil said: "There are companies there who would provide us with CCTV coverage of the cameras themselves - the cameras looking after the cameras kind of thing."

The partnership is also the body that was last year responsible for creating the perfect job - riding a motorcycle around the Borders chasing speeding motorists, with no requirement to pull them over or speak to them.

Protecting Gatso deployments not attached to motorcycles is what the CCTV is all about, though we detect some trace of a schism in the Rise of the Machines: it seems they no longer trust each other.


So who is going to watch the CCTV cameras? Giant Killer Robots with Missiles perhaps?

Or perhaps another set of cameras in helicopters that never need to land....yeah, that’s the ticket.

MS Excel Malformed Palette Record Vulnerability DoS PoC (MS07-002)


Microsoft Security Bulletin MS07-002

Rremember that Microsoft re-released this patch for Excel 2000 users.

NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow

Secunia Research has discovered a vulnerability in NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the NCTAudioFile2.

AudioFile ActiveX control (NCTAudioFile2.dll) when handling the "SetFormatLikeSample()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (about 4124 bytes) as argument to the affected method.

Successful exploitation allows execution of arbitrary code.


As it turns out, this ActiveX Control is used in over 70 applications...therefore this vulnerability just became a lot more serious. Welcome to the world of ActiveX, thank you...drive thru.

Major Pwnage.

MySpace Allegedly Kills Computer Security Website

Via 27B Stroke 6 -

Computer security guru Fyodor reports waking up yesterday to find his website SecLists.org essentially removed from the web by his domain registrar, GoDaddy. After a bunch of phone calls to GoDaddy, he eventually got them to explain why: Because MySpace asked them too.

SecLists provides public archives of over a dozen computer security mailing lists, including BugTraq and Full Disclosure. MySpace was apparently unhappy with a post that crossed Full Disclosure earlier this month, in which the author attached the spoils of a phishing attack against MySpace users, consisting of 56,000 user names and passwords.

These lists have surfaced in the security community before, allowing the white hats to see the data that the black hats have swindled out of unsuspecting users. Bruce Schneier did a fascinating analysis of an earlier MySpace password list in his Wired News column last month. But MySpace has apparently decided to take a blunt instrument to this one.


The sad truth is that even if Fydor would have removed the file right after it was posted...it still would be sitting in the e-mail inboxes of people around the world. Thousands of people have the file. Those people gave it to other people.....

I am SURE that the file is sitting in my Gmail mailing list inbox right now. Will Myspace ask Google to delete all my e-mail?

Myspace should bit the bullet and at the very least, force a password change for those exposed accounts. This should have happened as soon as Myspace knew that information was leaked. Why doesn't Myspace force users to reset their passwords once in a while anyways?

They talk about being secure and protecting minors....but they rather shutdown a security mailing list site which is used by security people all over the world to protect things which are much more important.

You know things like...credit cards, banks accounts, nuclear plants, and airport systems.....little things known as national infrastructure.

This isn't the first leak of MySpace information and it won't be the last, so MySpace should stop attempting to hide from its problems and deal with them.

You want to have a site full of minors...then you deal with the outcome. Phishing isn't going to stop and bad people aren't going away. Corporations spend tons of money attempting to educate the public and their employees on the threat of phishing. Does Myspace really think that it can just side-step this threat so easily?

Myspace's knee jerk reaction is just plain silly....

Thursday, January 25, 2007

Happy Republic Day

26th January 1950 is one of the most important days in Indian history as it was on this day the constitution of India came into force and India became a truly sovereign state. In this day India became a totally republican unit. The country finally realized the dream of Mahatma Gandhi and the numerous freedom fighters who, fought for and sacrificed their lives for the Independence of their country. So, the 26th of January was decreed a national holiday and has been recognized and celebrated as the Republic Day of India, ever since.



Happy Republic Day to my friends in India.

Memory Chip The Size Of A Blood Cell

Via InformationWeek.com -

Chip development has taken on a new scope -- microscopic, actually.

Researchers at the California Institute of Technology have created a memory circuit the size of a white blood cell that they claim has enough capacity to store the Declaration of Independence and still have space left over. The circuit, built by a joint Caltech-UCLA team, has a 160 kilobit capacity -- reportedly the densest memory circuit ever fabricated.

James Heath, a Caltech chemistry professor who led the research team, called the creation of the memory circuit a milestone in manufacturing, even though it's nowhere near ready for wide scale production and sale.

"It's the sort of device that Intel would contemplate making in the year 2020," says Heath. "But at the moment, it furthers our goal of learning how to manufacture functional electronic circuitry at molecular dimensions."

Caltech researchers say the 160,000 memory bits in the circuit are arranged like a large tic-tac-toe board -- 400 silicon wires crossed by 400 titanium wires -- with a layer of molecular switches sandwiched in between. Each wire crossing represents a bit, and a single bit is 15 nanometers wide. That's one ten-thousandth of the diameter of a human hair. In comparison, they add, the densest memory devices currently on the market are about 140 nanometers wide.

"Whether it's actually possible to get this new memory circuit into a laptop, I don't know," says Heath. "But we have time."

The researchers' work appears in today's issue of the journal, Nature.

Russian One Dollar Spam Scam

Via McAfee AverLabs -

“Give me $1 to unsubscribe”

That’s basically what the latest Russian spam says. Let me get one thing straight for anyone that’s not had their coffee yet. Never pay spammers, ever. All the smart spammers have suckers lists. You have been warned! Etc Etc…

International spam has been a growing problem for a long time and with a world-wide network of spam traps, we see (and deal with) a lot of local spam. This rather interesting specimen group landed in the lap of a researcher this afternoon because it was a little out of the ordinary.

Andrey Slabosnickiy from Rostov-on-Don was insightful enough to invite one of our international spam-traps to unsubscribe from his general database for a buck.


Check out the spam pics via the McAfee link at the top. The site is still up it would appear.

As you would expect, I don't suggest anyone send him a dollar if you get this e-mail.

Like that guy that invented the "pet rock", he most likely has already made a million dollars...

Storing Data on a Particle of Light

Via ComputerWorld.com -

Scientists are claiming a breakthrough in the ability to attach an image to a photon of light and retrieve it later.

Scientists at the University of Rochester in New York used their college logo, consisting of a few hundred pixels, for the experiment and were able to attach the image to a single photon of light. The photon or pulse of light was slowed down 100 nanoseconds and compressed to 1% of its original length. The scientists claim that the technology could one day store tremendous amounts of information very densely.

Researcher John Howell, assistant professor of physics at the university, is now working on delaying dozens of pulses for as long as several milliseconds, and as many as 10,000 pulses for up to a nanosecond in a 4-in. cell of cesium gas at a warm 100 degrees Celsius.

Previous optical buffering trials have found that most information carried by the light is lost. This latest achievement is important because engineers are trying to speed up computer processing and network speeds using light. Their systems slow down when they have to convert light to electronic signals to store information, even for a short while.

"It sort of sounds impossible, but instead of storing just ones and zeros, we're storing an entire image. It's analogous to the difference between snapping a picture with a single pixel and doing it with a camera -- this is like a 6-megapixel camera," Howell said.

The device was revealed in today's online issue of the journal Physical Review Letters.

Month of Apple Bugs - Still Rolling


The last couple of issues have been pretty interesting, indeed.

Apple Software Update Catalog Filename Format String Vulnerability

Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability


Apple iChat aim:// URL Handler Format String Vulnerability

Transmit.app ftps:// URL Handler Heap Buffer Overflow

OBEX Push Bluetooth DoS

A vulnerability in the way Bluetooth enabled phones handle incoming file-push, allows remote attackers to cause the phone to stop working effectively causing a denial of service.

Using ussp-push, it is possible to send out files very quickly. By continuously trying to push a file, the target is flooded with prompts whether to accept the file or not, which disables any other usage on the phone, including the ability to turn off Bluetooth.

The information has been provided by Armin Hornung.

The original article can be found at: http://www.xmailserver.org/ussp-push.html


You could just turn the phone off and walk away...but that just makes the remote DoS into a self-served DoS.

Yet another reason why I have not used Bluetooth on my RAZR. Bluetooth is just a drain on your battery anyways....

Interview with Muslix64

Although Hollywood has constructed enough DRM architecture to rival the Pyramid of Giza, it has long been suspected that it would be only a matter of time before HD DVD and Blu-ray content protection were compromised. Convinced the golden DRM egg had been laid, it seemed that nothing could penetrate the great AACS wall. And to this day, that great wall still stands.

But why crash through the main gates of Constantinople when you can just pick the lock of a long forgotten rear entrance?

On December 26, 2006, a member of the Doom9.com forums named muslix64 introduced himself as circumventing the content protection – not the copy protection – of HD DVD. Additionally, he made available an open source program named BackupHDDDVD. At the time, this program was a command line program that bypassed the content protection – providing the individual successfully obtained the title and volume keys associated with the HD DVD. Once the individual has the keys, the AACS protection can be sidestepped, and the HD movie content can be extracted. According to muslix64, it took all of eight days to successfully circumvent HD DVD content protection.

Much of the more difficult work, such as extracting the keys, has been alleviated as the once encrypted information has proliferated online. To understand where this stunning turn of events is heading, Slyck.com spoke with muslix64, who agreed to a PM (private message) interview.


Book: Rootkits For Dummies


CastleCops volunteer staff have come together last year to entirely author and edit "Rootkits For Dummies" published by Wiley. These CastleCops staff are: Larry Stevenson, Nancy Altholz, Dave Kleiman (Collaborator), Mahesh Satyanarayana (Collaborator), Abdul-Rahman Elshafei (Collaborator), Allen C Weil (Collaborator), Bill Bright (Collaborator), Lawrence Abrams (Technical Editor).

This all started thanks to Larry's excellent work in the CastleCops Windows Security Checklist article series. After Larry published a couple articles on rootkits, Wiley contacted me seeking his information for a possible book deal. And here is the culmination of that. Congratulations to the whole team who participated in writing and editing this book.

Cisco Releases Security Advisories for Multiple Vulnerabilities in IOS


Cisco has released three Security Advisories to address severely rated vulnerabilities in their Internetwork Operating System Software (IOS).

Cisco Security Advisory: Crafted IP Option Vulnerability addresses a remotely exploitable denial-of-service vulnerability that may potentially allow for arbitrary code execution. This vulnerability may be exploited when an affected device processes a crafted packet that meets all of the following conditions:
  • The packet contains a specific crafted IP option.
  • The packet is one of the following protocols:
    ICMP - Echo Request (Type 8)
    ICMP - Timestamp (Type 13)
    ICMP - Information Request (Type 15)
    ICMP - Address Mask Request (Type 17)
    PIMv2 - IP protocol 103
    PGM - IP protocol 113
    URD - TCP Port 465
  • The packet is sent to a physical or virtual IPv4 address configured on the affected device.

Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service addresses a denial-of-service vulnerability in the Transmission Control Protocol listener. Crafted packets may cause the device to leak a small amount of memory. Over time, such a memory leak may lead to memory exhaustion and a denial-of-service condition.

Cisco Security Advisory: IPv6 Routing Header Vulnerability addresses a remotely exploitable denial-of-service vulnerability in the IPv6 Type 0 Routing header handling. This vulnerability can be triggered by a packet containing crafted IPv6 Type 0 Routing headers.

More information about these vulnerabilities can be found in the Vulnerability Notes Database.

US-CERT encourages users to apply the fixes and workarounds described in the Cisco Security Advisories and Vulnerability Notes, and will continue to investigate and provide additional information as it becomes available.

Socialize with the CIA on Facebook

Via Zone-H.org -

Do you fancy a career as an agent at the CIA? Do you long to enter international plots and special investigations? If you are a member of the social networking web site Facebook.com your “job-opportunity” could be only one click away.

As reported this morning by the web magazine Wired.com, the Central Intelligence Agency has been using Facebook to recruit employees that should work at the National Clandestine Service (NCS) .

The NCS is one of the four directorates of the CIA. It was established after 9/11 to gather intelligence from sources both domestic and abroad. President Bush itself have recently urged the Agency to increase its personnel and specifically to hire officers that could "blend more easily in foreign cities."

This search for new members lead to the creation of a specific CIA’s Facebook page, a restricted area providing details about job opportunities at the NCS and showing a promotional
YouTube video . The page appeared for the first time on December 19th, 2006 and it now counts more than 2100 members.

The website wasn’t chosen by chance: CIA’s sponsored page has been clearly studied to hit the attention of young people and Facebook users are mostly college students. Many other companies have used this medium to get in touch with potential employees but CIA’s initiative marks a turning point for governmental agencies, which are usually limited by strict regulations about personnel hiring. Yet, the CIA has its own hiring authority and isn't audited by other governmental structures.

Even if at the moment the CIA is the only Agency to use social networks for recruitment, web-based “head hunters” could soon be adopted by other structures. However the interaction between social networks and government is quite distrusted by social network users who are concerned about their privacy.

Anyway Facebook’s spokesmen claimed that direct access to user’s profile is forbidden, and as it was pointed out by Michele Neff, a CIA spokeswoman, the page is only for information purposes, and : "There is no collection of names, bio information or resume collection from this site, nor do we engage members in any way."

We could now start an endless debate about all the implications of similar initiatives for users’ privacy but we’d rather focus on a little, funny, maybe silly consideration: online recruitment and promotional videos has been used for the first time by “another” organization. Al Qaeda.

How small the (cyber) world is!

Wednesday, January 24, 2007

Green Urban Art - Reverse Graffiti

Reverse graffiti also known as clean tagging or grime writing, is a method of removing dirt from a surface while creating graffiti on walls or other surfaces.

Brazilian artist Alexandre Orion turned a São Paulo transport tunnel into a kind of graphic charnel house, lined with skulls. He created the images, the project's website explains, "by selectively scraping off layers of black soot deposited on those walls in the short life of this orifice of modernity."

Paul Curtis, also known as Moose, of the United Kingdom is considered to be a pioneer for reverse graffiti. Paul was recently charged in the United Kingdom under the Big Brother Act...errr I mean the Anti-Social Behaviour Act but the sentencing and implications are not known. New York Times has a nice write up about it as well.

Pretty cool stuff, IMHO.

Tuesday, January 23, 2007

One Hacker Kit Accounts For 71% Of Attacks

Via informationweek.com -

A multi-exploit hack pack was responsible for nearly three-fourths of all Web-based attacks during December, a security company said Tuesday.

Tagged with the moniker "Q406 Roll-up," the attack kit was behind 70.9% of last month's attacks, reported Atlanta, Ga.-based Exploit Prevention Labs. Up to a dozen different exploits make up the kit, which includes several exploits derived from the proof-of-concept code that researcher HD Moore published in July 2006 during his "Month of Browser Bugs" project.

It's difficult to tell the exact number of exploits in the package, said Exploit Prevention's chief technology officer, Roger Thompson, because the kit is heavily encrypted. The most common exploits found in the kit are setSlice, VML, XML, and (IE COM) Createcomobject Code.

"The dominance of this package reinforces the fact that the development and release of exploits frequently parallels legitimate software businesses," Thompson said in a statement. "The bad guys are working hard to update and release tweaks to existing exploits at least in part because developing a new exploit is a complex development task."

The nearest competitor to the Q406 Roll-up was a group of exploits collectively known as "MDAC" that takes advantage of vulnerabilities in multiple ActiveX controls to gain access to a victimized PC's


Sound like the bad guys are better at "patching" their applications than most of the good guys.

Move Over UAVs, In Come the MAVs

Via Wired.com -

If you feel something crawling on your neck, it might be a wasp or a bee. Or it might be something much more dangerous.

Israel is developing a robot the size of a hornet to attack terrorists. And although the prototype will not fly for three years, killer Micro Air Vehicles, or MAVs, are much closer than that.
British Special Forces already use 6-inch MAV aircraft called
WASPs for reconnaissance in Afghanistan. The $3,000 WASP is operated with a Gameboy-style controller and is nearly silent, so it can get very close without being detected. A new development will reportedly see the WASP fitted with a C4 explosive warhead for kamikaze attacks on snipers. One newspaper dubbed it "The Talibanator."

Fred Davis, technical director of the Assessment and Demonstrations Division of the Air Force Research Laboratory Munitions Directorate at Eglin Air Force Base in Florida, confirmed that the United States has ambitious plans for future micro-munitions, which he says will be pocket-sized with mission-specific payloads.

"You're not going to be knocking down walls," says Davis. "What we're looking at is functional defeat."

This means preventing the target from carrying out its mission, rather than destroying it, Davis says. A truck, for example, can be put out of action by destroying its tires; a MAV can do this by squirting them with few milliliters of a catalytic de-polymerization agent, causing them to disintegrate rapidly.

Davis sees future MAVs landing and hopping or crawling on the ground like insects, enabling them to get inside buildings. Once inside, an entire command center can be disabled by targeting the power supply.

Detecting Land Mines with Sound

Via physorg.com -

Researchers at MIT's Lincoln Laboratory are developing a highly pinpointed sound beam that can detect buried land mines from a safe distance. The new beam will use sound to seek out land mines like a bat uses sonar to hunt its prey.

Robert W. Haupt, a technical staff member at Lincoln Lab, explores innovative ways to find and reduce the large number of land mines abandoned in war-torn countries. An estimated 26,000 people are killed or maimed every year by 60 to 70 million undetected land mines in 70 countries. Those casualties include military troops but most are civilians--half of them children under age 16--who step on uncleared minefields after a war.

Many existing prototype mine detection systems can detect only metal, have limited range or are impractical in the field. "Reliable methods that quickly and accurately locate land mines made of metal and plastic, unexploded ordnance and other mine-like targets are desperately needed," Haupt said.

AJAX Worm Database Kicks Off

Via gnucitizen.org -

In October 2005, a flaw in the MySpace’s site design was exploited by a user only known as “Samy” to create the world’s first self-propagating cross-site scripting worm. MSNBC has also reported that MySpace is a “hotbed” for spyware, and that infection rates are rising because of MySpace. In addition to this, the customization of user pages currently allows the injection of certain HTML which can be crafted to form a phishing user profile. Wikipedia

The purpose of this project is to collect various AJAX worms. Worm submissions must follow certain format which is:
  • Worm name - It must be enclosed inside

    [atom name here]

  • Worm description - It must start on a new paragraph.
  • Worm code - It must be enclosed inside
    [atom code here]
    tags. If the worm is composed from more then one segments, each one of them must be separated by [segment name or id] on a new paragraph.
  • Worm tags - It mus be a comma separated string.

Computing at Light Speed

Via sciencemag.org -

Researchers at Intel have created the fastest-ever silicon-based optical modulator, a device that chops a laser beam into a series of pulses, creating the optical version of digital 1s and 0s. By the middle of the next decade, the new device could help designers create computers in which optical links connect dozens of chips, raising the machines' capabilities to dizzying new heights.

Many computers sold today already sport two or more central processors linked by copper wires that allow them to communicate electronically. Chip companies envision computers with tens to hundreds of processors working side by side. But copper wires can't handle all the electrical signals needed for such an architecture. Optical connections that transmit digital 1s and 0s as streams of light pulses can carry many times the load.

Sophos Security Threat Report 2007

Sophos has published its Security Threat Report 2007 (PDF), examining the threat landscape over the previous twelve months, and predicting malware and spam developments during 2007.

The report reveals that the US hosts more than one third of the websites containing malicious code identified during 2006, as well as relaying more spam than any other nation.

Giant Fish Caught in East China Sea

Via xinhuanet.com -

People view the giant fish in an aquatic product market in Wenzhou, a city in east China's Zhejiang Province, Jan. 22, 2007. The fish that was measured 2.4 meters long and weighed 340 kilograms was caught in the East China Sea on Jan. 20. (Xinhua Photomall/Zheng Peng)

Iran Test-Fires Home-Made Missiles Successfully

Via farsnews.com -

Speaking in an exclusive interview with FNA, Commander of the Islamic Revolutionary Guards Corps (IRGC) Missile Unit, Brigadier General Majeed Ayineh also said that the missile tests by the military units subordinate to the IRGC ground forces would continue for the next three days. Fajr-5 has a range of around 75km while Zelzal has a range of 100 to 400 km.

The missile war games started in Garmsar region, 100 kilometers east of Tehran on Sunday.

Colonel Reza Hashemian told reporters on Sunday that the military exercises are aimed at testing the IRGC's missile capability and will continue for five days.

Stating that the maneuvers will be carried out in different stages, he said that the first stage, which started on Sunday and lasts until this afternoon, includes identification, occupation and settlement of positions.

According to Hashemian, other stages of the military exercises which will begin this evening include charging and launching of missiles. Earlier reports said that the maneuvers have been designed to test the performance and capabilities of two Iranian-made missiles known as 'Zelzal' and 'Fajr-5'.

Iran also test-fired its Shahab-3 ballistic missile successfully in November 2006. Shahab-3 has a range of up to 2000 km.

Zone-H Falls Victim to DNS Redirection

Via Zone-H.org -

Have you recently seen a different Zone-H when trying to access our pages? Magic of DNS redirection.

It appears that Saudi Arabia crackers managed to get the passwords of our registrar (our registrant panel to be precise), accessed the domain management page and changed the DNS entries, pointing the zone-h domain to an IP address belonging to the crackers on which they mounted the page you saw in the last 48 hours.

48 hours!?! So long it took to take contact with the registrar (they work only through email communication), explain the problem to 8 different people then finally getting a reset of our credentials, taking the domain back in control.

On the funny side, the same problem happened to Google in its German version which yesterday evening was redirected to a different page (different owner actually). In this case (automatic German/English translation) the trick was a bogus domain transfer request that a German provider accepted without explicit authorization from Google Inc. (silence-consense).

What a day! We are so glad we deserve so much of attention.

China Confirms Antisatellite Test

Via iht.com -

BEIJING: The Chinese government confirmed Tuesday that it had conducted a successful test of a new antisatellite weapon, but said that it had no intention of participating in a "space race."

The confirmation, made at a regular news briefing held by the Foreign Ministry, came 12 days after China used a medium-range ballistic missile to destroy one of its own weather satellites, which was orbiting about 720 kilometers, or 540 miles, above Earth.

The United States, Japan, Britain and Australia had pressed Beijing to explain the test, apparently the first successful destruction in more than 20 years of a satellite in orbit.

Despite numerous press reports last week quoting Bush administration officials describing the exercise in detail, Chinese officials declined to confirm or deny whether it had occurred. Liu Jianchao, the Foreign Ministry spokesman, issued the first official comment on the matter Tuesday.

"This test was not directed at any country and does not constitute a threat to any country," he said.

"What needs to be stressed is that China has always advocated the peaceful use of space, opposes the weaponization of space and an arms race in space," he said. "China has never participated and will never participate in any arms race in outer space."

Liu did not say why the 2nd Artillery Battalion of the People's Liberation Army had conducted the test. He also did not directly address concerns that shattering a satellite in low-earth orbit might be perceived as inconsistent with China's repeated calls to ban the use of weapons in space.

Beijing's prolonged silence about the test, which American intelligence officials said took place on Jan. 11, raised speculation about China's intentions and the circumstances surrounding the firing of the missile.

Senior Bush administration officials raised the possibility that the blackout of information may have reflected the autonomy and isolation of the military. They said they could not be sure that President Hu Jintao, who oversees the military and the ruling Communist Party, had personally authorized or overseen the test.

Liu denied Tuesday that officials had taken too much time before speaking publicly. "China has nothing to hide," he said. "After various parties expressed concerns, we explained this test in outer space to them."

Japanese and American officials said that China did not volunteer any information about the test until they had made formal diplomatic inquiries, and that it took at least four days to get a reply. They said that that raised concerns about the ability or the willingness of the leadership to respond in a timely fashion when Chinese military actions are perceived abroad as threatening.

Porky The Pig Takes Aim at Visual Studio 6

Microsoft Visual C++ (.RC Resource Files) Local Buffer Overflow Exploit

Microsoft Help Workshop 4.03.0002 (.HPJ) Buffer Overflow Exploit


Am I just crazy, but aren't these just local vulnerabilities?

They both require the user at the system to run or otherwise execute the exploit...against an application which is not accessible remotely (AFAIK).

So why is Secunia calling both of these remote?



Seriously? System access from remote? Am I missing something?

These are local vulnerabilities that an attacker can combined with a remote vulnerability to gain control of your system. That remote vulnerability is the human being.

Even SecurityFocus has the one labeled remote.

Please note that Milw0rm is calling both of these local attacks however.

Pentagon to Contractors: Meet DOD InfoSec Standards

Via GCN.com -

The Defense Department is proposing to amend the Defense Federal Acquisition Regulation Supplement to address training requirements that apply to contractor personnel who perform information assurance functions for DOD.

The proposed rule change provides that contractor personnel accessing information systems must meet applicable training and certification requirements. The changes would apply DOD Directive 8570.1, Information Assurance Training, Certification and Workforce Management, and DOD Manual 8570.01-M, Information Assurance Workforce Improvement Program, to contractors.

The deadline for comments to be submitted in writing is March 23; all comments should reference DFARS Case 2006-D023. Comments may be submitted using the federal e-rulemaking portal at http://www.regulations.gov or via e-mail to dfars@osd.mil.

Comments also can be submitted via fax to (703) 602-0350, or by mail to the Defense Acquisition Regulations System, Attn: Felisha Hitt, OUSD(AT&L)DPAP(DARS), IMD 3C132, 3062 Defense Pentagon, Washington, DC 20301-3062; or hand-delivered or couriered to Defense Acquisition Regulations System, Crystal Square 4, Suite 200A, 241 18th Street, Arlington, VA 22202-3402.

Diamond Coated Gadgets & Ice Bullet Welding

Via newscientisttech.com -

"Diamond"-coated gadgets

Portable gizmos such as phones, handheld computers and mp3 players can easily get scuffed, dirty and sticky.

Bulky covers are one option, but Nokia in Finland has been experimenting with plastic casings coated with a diamond-like material made from coal. The material is more protective and grime resistant, as well as cheap and bio-degradable.

To make the material electric current is fed through coal graphite. This creates plasma, which is directed towards a plastic casing by high-voltage electrodes. The coal ions penetrate the surface and bond to form an amorphous, diamond-like coating less than 100 nanometres thick. The process works at room temperature, meaning even cheap plastics can be coated this way.

The coating is very tough, but also smooth to the touch. It is also conductive and therefore antistatic, so does not attract dirt easily. Furthermore, the surface reflects and diffracts light in a similar way to shiny metal. And, when the owner has grown tired of the gismo and binned it, the thin layer of coal will eventually degrade naturally.

Read the full diamond-like gadgets patent application.

Ice-bullet welding

High-velocity ice bullets could someday be used to weld everything from car parts to industrial components. The trick could provide an alternative to heat, electric arcs or bulky hydraulics for precision spot welding.

Researchers at Ohio State University, US, freeze water into the shape of a sharp bullet and use a gas gun to fire them at a metal sheet. These high-energy projectiles briefly plasticise the metal, causing it to deform and bond with whatever it is touching. Carefully aiming bullets at near point blank range can very quickly be used to create precision welds.

If a metal sheet is backed with a carefully-shaped material, a barrage of ice bullets can also be used to shape the metal. And the only waste product is water when the ice melts.

Read the full ice bullet welding patent application.

Monday, January 22, 2007

More Signs of Music Download DRM Fading

Via EFF DeepLinks -

Apparently, this year's MIDEM conference, the music industry's international trade show, took place in a parallel universe where the major record labels may be willing to ditch music download DRM. And this parallel universe may be coming to an online store near you in 2007.

According to the International Herald Tribune, "Executives of several technology companies ... said ... that a move toward the sale of unrestricted digital files in the MP3 format from at least one of the four major record companies could come within months." That's not all -- while the RIAA's Mitch Bainwol pretended that fully interoperable DRM could exist, the article recounts many examples that demonstrate "a new appreciation in the [music] industry for unrestricted copies, which could be sold as singles or through subscription services or made freely available on advertising-supporting Internet sites."


Nevertheless, it unfortunately remains clear that the record labels aren't ready to ditch DRM entirely. After all, they're already back in Congress pushing for a backdoor DRM mandate for satellite and digital radio as well as webcasting. The labels may finally be hearing your disdain for DRM at online music stores -- make your voice heard in Congress by opposing mandatory radio DRM now.


Now someone tell Apple....that DRM is dead. Please....

Cyberthreat Experts to Meet at Secretive Conference

Via News.com -

The meeting on Thursday and Friday at Microsoft's Redmond, Wash. headquarters is slated to bring together representatives from security companies and government and law enforcement officials, as well as others involved in network security. The agenda focuses on botnets and related topics, seen by experts as a prime threat to the Internet.

"Unlike most other security conferences, we allow only members of the different relevant groups access, and we discuss organized crime and threats across borders…with a strong lean toward how we can make things better," said Gadi Evron, an evangelist at security firm Beyond Security and organizer of the event.


Check out the Agenda and Schedule.

Looks pretty cool to me and no... I was not invited. lol

Tip of the Hat to my friend, Fergie, which will be in there and will be conducting several talks as well.

Suspects, Reportedly Tied to Al Qaeda in Iraq, Sought Student Visas

Via CT Blog -

"Being There" was the title of a movie starring Peter Sellers that was produced in 1979. It was based on a satirical novel. For criminals and terrorists, the theme can be described as "Being Here!" Their goal is to be able to enter the United States in order to carry out crimes and attacks within the United States in furtherance of their malevolent objectives. News articles out today from both ABC News and NBC News report on a disturbing prospect, that terrorists are intent on gaining access to the United States through the flawed student visa program.


Check out all the details on the Counterterrorism link at the top.

Also today, Al Qaeda's second in command Dr. Ayman al Zawahiri released another video.

The video appears timed to coincide with the State of the Union Address, which will take place tomorrow.

Vista SP1 - Codename Fiji - To Be Released 2H07

Via APCMag.com -

Reckon you won't upgrade to Vista until the first service pack is released? That's looking likely to be the second half of this year, according to Microsoft's latest email blast.

The company has put out a call for "customers and partners (to) actively test and provide feedback on Windows Vista SP1 to help us prepare for its release in the second half of CY07 (calendar year 2007)."

Microsoft hasn't released details of exactly what changes will be wrought in Vista SP1, which has been assigned the codename 'Fiji' but some OS components which missed the RTM cut-off will almost certainly be rolled into the update.

One of the candidates for this better-late-than-never brigade would be the Windows PowerShell, previously Microsoft Shell -- a .NET-based command line shell with its own scripting language.

Cisco Works to Fix Overlooked GPL Requirement in iPhones

Via NetworkWorld -

Cisco is working on fixing one problem in the WIP300 iPhone model, John Earnhardt, senior manager of global media operations for Cisco, wrote on Cisco's news blog on Saturday.

He said that Cisco has also investigated other issues that an open source software researcher raised, but has verified that the phone complies with its licensing agreement except for the one issue.

Last week, Armijn Hemel, an open source enthusiast and consultant with Loohuis Consulting, revealed that he'd reverse engineered Cisco's iPhone WIP300 and found that Cisco hasn't properly shared code used in the phone. The phone runs Linux and Cisco licensed the operating system under the GNU General Public License (GPL), requiring it to share the source code for changes to the operating system that it distributes.

Hemel spoke with Cisco in October, alerting the company to the omissions, he said. He first began publicly talking about the licensing violation last week.

When he first talked to Cisco, he didn't identify the exact code that hadn't been shared but late last week he sent the networking giant a technical report pointing out the relevant code, he said during a phone interview on Monday. He contends that the phone has more than one issue and that he will watch for updates from Cisco. The company hasn't yet posted any changes or additions to the code it has already shared, he said.

SecureLED: Better Access Control


SecureLED is an optical access control device which replaces current RFID or Magnetic Strip technologies with a cryptographically secure, contact-less device which communicates over commodity Light Emitting Diodes (LEDs).

Project Summary

This project started with one central premise: current physical access control systems are insecure in fundamental ways. We sought a way to remedy this problem, and came accross recent work which demonstrated the potential of communicating over cheap commodity LEDs. We used these as the basis of our system, building on top of it devices which use a cryptographically secure challenge-response protocol to authenciate a user.

As such, we built both a reader and a small key device (which we had originally planned to implement on an ATTiny2313, but did not for reasons listed below). The reader outputs the industry-standard Weigand protocol, so it is interoperable with current systems. All in all, we believe that this solution presents a powerful alternative to current technology.


Marcin Bojanczyk, Chris Danis and Brian Rogan

Class President Charged with Changing Grades of 19 Students

Via Sun-Sentinel -

Cooper City High School's senior class president was arrested Tuesday and charged in a grade-tampering scandal that has rocked the campus.

Ryan C. Shrouder, 18, of Cooper City, was taken to jail from school and charged with two counts of computer crime with intent to defraud, a second-degree felony, according to a Broward Sheriff's Office report.

He was released from jail on bail, has been suspended from school and will be recommended for expulsion, said Joe Melita, head of the Broward County School District's investigative unit.

Shrouder serves as the alternate student advisor to the Broward School Board. He often sits in on board meetings and was issued a school district laptop computer. Sheriff's Office investigators say Shrouder took advantage of that access and used an employee password to access the district's network and change the grades of 19 students. It's unclear whether authorities think he changed his own grades.Shrouder was considered the main suspect, but other students could be punished for being involved, Melita said.

Shrouder's attorney said his client will plead not guilty and that he is being unfairly singled out."To charge a kid with a computer crime is absurd," said Fort Lauderdale attorney Fred Haddad. "There's plenty of ways to handle this besides charging a felony."