Saturday, March 31, 2007

More News from Iran on the Detention of 15 British Soliders

Fars News Agency is filled with stories on this growing issue. Remember, the BBC and many Western new agencies consider Fars News to be semi-affiliated to Iranian judiciary (or semi-official).


President Calls on Britain to Apologize to Iran

Iranian President Mahmoud Ahmadinejad, in a phone conversation with Turkish Prime Minister Recep Tayyip Erdogan on Friday, stressed that Britain should apologize to Iran for having trespassed the territorial waters of Iran.


MP Calls for Trial of British Trespassers

An Iranian lawmaker said that his country cannot ignore Britain's hostile measures taken against the Islamic Republic, and further called for the trial of the 15 British marines who had trespassed Iran's territorial waters.


Security Measures Increase around British Embassy in Tehran

Following increased tensions between Tehran and London over the detention of 15 British marines who entered Iranian waters illegally and likely gatherings by protestors in front of the embassy compound, the police increased security measures and arrangements around the embassy here in Tehran on Friday.

Lack of IPv6 Security Products Makes DoD Transition Harder

Via -

While the vast majority of networks today are based on the IPv4 protocol, the U.S. government is mandating that defense and civilian agencies are ready to accept IPv6-based traffic as well by June 2008. Those guiding the effort know the transition won’t be easy, especially given the lack of IPv6-based security products.

“Unfortunately, we’re set to be the guinea pig,” says Sheila Frankel, senior computer scientist at the National Institute of Standards and Technology (NIST). “Business will seriously be watching the government experience.” Frankel is co-author of “A Profile for IPv6 in the U.S. Government – Version 1.0,” a NIST document that draws attention to the lack of IPv6-based security products, including firewalls, intrusion-detection systems and vulnerability-assessment tools on the market today.

With its charter to set standards for nonclassified systems, NIST expects its role will be to set up a conformance-testing regime where independent accredited labs would review network-infrastructure equipment, such as routers and switches for IPv6 support. NIST also wants to set specific requirements for IPv6-based security equipment.

By this summer, says Frankel, NIST will issue for public comment a document titled “Secure Transition to IPv6.” The NIST document would be intended to offer guidance to agencies about making the transition into what will be a new world where IPv4 and IPv6 must coexist. It will be a world of dual-stack protocols, IPv4-to-IPv6 and IPv6-to-IPv4 tunneling. “For the civilian agencies, we have to express this coexistence,” Frankel says. “Each carries a burden in terms of processing and security, and there are pros and cons of each approach.”

MySpace Layout Designer Pranks McCain's Mypace Profile

Via -

Republican presidential hopeful John McCain's MySpace page was commandeered on Tuesday to display a satirical message suggesting the Conservative was now in favour of gay marriage, particularly between "passionate females".

The prank was orchestrated by Mike Davidson, chief exec of Newsvine, after he noticed that the Senator's aides has taken a MySpace layout template he'd designed without credit. McCain's page used unmodified imagery to create the "Contacting John McCain" table.

Adding insult to injury, the image to create this table was served from Newsvine's site, costing the firm extra bandwidth charges every time someone visited McCain's MySpace page.

Davidson was relaxed about McCain's use of his code but irritated by politicians, like McCain, who get their aides to establish MySpace pages they pretend they actually use in a bid to "connect" with younger audiences. He was further irritated by a Newsweek article that listed McCain's MySpace page.

Fortunately, Davidson has set up his server to serve his real "contact me" image if the image was referenced from his own MySpace page, but a sample image if it was served from anywhere else.

So by changing this sample image, the content on McCain's MySpace page was easily changed to read: "Today I announce that I have reversed my position and come out in full support of gay marriage...particularly marriage between two passionate females."

Davidson described the prank, which he said was not politically motivated, as the perfect hack.
"The only thing necessary to effectively commandeer McCain's page with my own messaging was to simply replace my own sample image on my server with a newly created sample on my server. No server but my own was touched and no laws were broken. The immaculate hack," he said.

McCain's aides moved quickly to remove the offending image but not before Davidson was able to grab screen grabs and document his hack here.

Dell to Expand Linux Desktop & Notebook Line

Via Dell Company Blog -

Since launching Dell IdeaStorm a little more than a month ago, one idea has risen to and stayed at the top: better support for Linux. We have heard you and appreciate the direct feedback. On March 13, we responded by launching a Linux survey asking for your feedback on what you need for a better Linux experience. Thank you to the more than 100,000 people who took the survey. Here are some of the highlights from the survey:
  • More than 70% of survey respondents said they would use a Dell system with a Linux operating system for both home and office use.
  • Survey respondents indicated they want a selection of notebook and desktop offerings.
  • Majority of survey respondents said that existing community-based support forums would meet their technical support needs for a tested and validated Linux operating system on a Dell system.
  • Survey respondents indicated that improved hardware support for Linux is as important as the distribution(s) offered.
Dell has heard you and we will expand our Linux support beyond our existing servers and Precision workstation line. Our first step in this effort is offering Linux pre-installed on select desktop and notebook systems. We will provide an update in the coming weeks that includes detailed information on which systems we will offer, our testing and certification efforts, and the Linux distribution(s) that will be available. The countdown begins today.

Keyloggers - How they Work & How to Detect Them

Via -

In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia.

An investigation showed that Mr. Lopez’s computer was infected with a malicious program, Backdoor.Coreflood, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez’s user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account.

However the court did not rule in favor of the plaintiff, saying that Mr. Lopez had neglected to take basic precautions when managing his bank account on the Internet: a signature for the malicious code that was found on his system had been added to nearly all antivirus product databases back in 2003.

Joe Lopez’s losses were caused by a combination of overall carelessness and an ordinary keylogging program.

Mozilla Firefox DoS Exploit

Mozilla Firefox and Gran Paradiso 3.0a3 DoS

author: shinnai
mail: shinnai[at]autistici[dot]org

For convenience I post up a script in python that create a .html file
You can open it locally, upload and browse it or directely browse here:

Firefox 2 stops to answer, Gran Paradiso crahses

To avoid confusion, this is based on "marquee" idea but it's not the same exploit.
Take a look here to see differences -

Top 12 OS X Tiger Security Issues

Via -

In what has been billed one of the safest operating systems of all time, Mac's OS X Tiger has become a fan favorite among Mac users for its bells and whistles and UNIX based architecture. From power user to newbie, Tiger provides both comfort and security for all OS X users.

However, to provide such scalability, Mac decided to leave Tiger in a fairly insecure default configuration. Consequently, we've prepared a short guide to bring your copy of Tiger up to speed and protect your data from the various intruders and hackers out there.

Keep in mind this guide was not written for the seasoned Tiger pro. If you fall into that category you might want to skip down to sections 11 and 12. But for those of you who are new to Tiger, this guide will help you optimize your security settings and close up some of the holes the default settings left vulnerable.

MS Windows Animated Cursor (.ANI) Stack Overflow Exploit

* Copyright (c) 2007 devcode
* ^^ D E V C O D E ^^
* Windows .ANI LoadAniIcon Stack Overflow
* [CVE-2007-1765]
* Description:
* A vulnerability has been identified in Microsoft Windows,
* which could be exploited by remote attackers to take complete
* control of an affected system. This issue is due to a stack overflow
* error within the "LoadAniIcon()" [user32.dll] function when rendering
* cursors, animated cursors or icons with a malformed header, which could
* be exploited by remote attackers to execute arbitrary commands by
* tricking a user into visiting a malicious web page or viewing an email
* message containing a specially crafted ANI file.


In the words of my good friend, this is "The New WMF"

IE 7.0 on Vista...pwnage. Pretty bad all around. There is talk of its origin being traced back to China as well.

We need to be asking Microsoft why they have been sitting on this since Dec 06. Just a month ago, they decided not to release a single patch...even when they knew that this was out there..and it would only be a matter of time before it was released. Sad.

I have already installed the eEye patch at the house and I would advise all non-novice users to do the same thing (at home, of course).

The exploit released above it not a fully working calls ExitProcess just as a PoC. However, more refined exploits are out there and they will surface soon.

Friday, March 30, 2007

Iran Puts British Soliders on State TV

Via -

Iran's state television showed on Friday a footage of a male British naval serviceman confessing to entering Iran "without permission."

"I deeply apologize for entering your waters," the British sailor, identified as Nathan Thomas Summers, said in an interview with the Al-Alam, Iran's state-run Arabic-language television.

"We trespassed without permission," he said.

Summers, who wore camouflage fatigues, was shown sitting with another British serviceman and Faye Turney, the only female among the 15 British naval personnel seized by Iranian forces last week.

His confession came after Turney was shown on Iran's television earlier this week admitting "illegal entry" into Iranian waters.

Earlier on Friday, Iran's official IRNA news agency reported that another sailor among the 15 British naval personnel seized by Iranian forces last week has confessed to "illegal entry" into Iranian waters.

Britain's Foreign Office on Friday denounced Iran for showing footage of the detained naval serviceman confessing to illegally entering Iranian waters.

"Using our military personnel in this way for purposes of propaganda is outrageous," a Foreign Office spokesman said.

Last Friday, 15 British naval personnel were seized by Iranian forces when they were patrolling off the Iraqi borders.

Iran has insisted that the British boats illegally entered its territorial waters. But Britain said its soldiers were in Iraqi territorial waters.

The UN Security Council in a statement on Thursday called for early solution of the 15 British sailors detained by Iran.


Sounds pretty familiar....lets just hope they release them now - exactly like they did in 2003.

A nation grabs a group of people and begins to talk about charging them as spies...I think I would say whatever they wanted on TV as well.

The world isn't stupid, they know what is going on say you say the propaganda they tell you to say and hope you are on the way home soon. Makes sense to me.

Microsoft Cursor & Icon ANI Format Handling Remote Code Execution Vuln

Via McAfee Avert Labs Blog -

Several of my posts over the last few months have centered around very targeted zero-day attacks. This post covers an exploit that McAfee researchers discovered in the field, posted to a message board. That posting was simply a proof of concept; however McAfee Avert Labs has since received a malicious sample as well. It is quite likely that similar exploits targeting this vulnerability are currently being used in other attacks on the web.

Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.

The vulnerability lies in the handling of malformed ANI files. Known exploits download and execute arbitrary exe files. This vulnerability is reminiscent of MS05-002.


More on this serious new vulnerability at the following locations.

eEye ANI ZeroDay Patch

MSRC Blog - Microsoft Security Advisory 935423

Banner Removal in IIS 6.0 - Without URLScan

Back in the IIS 5.0 days, IISLockdown was an essential tool. Every IIS Security guide told you to run it....and for good reason.

The IIS Lockdown Tool functions by turning off unnecessary features, thereby reducing attack surface available to attackers. URLScan was part of IIS Lockdown and offered several positive security features as well.

Microsoft noticed the importance of URLScan and ended up integrated many of the security features directly into IIS 6.0. Many were even improved beyond what was offered in URLScan.

However, one feature was not included - RemoveServerHeader

By default, a Web server returns a header that identifies what Web server software it is running in all responses. This can increase the server vulnerability because an attacker can determine that a server is running IIS and then attack known IIS problems, instead of trying to attack an IIS server by using exploits that are designed for other Web servers. By default, this option is set to 0. If you set the RemoveServerHeader option to 1, you prevent your server from sending the header that identifies it as an IIS server. If you set RemoveServerHeader to 0, this header is still sent.
But on the release of IIS 6.0, Microsoft changed positions on the Header leakage issue...
IIS 6.0 does not include the RemoveServerHeader feature because this feature offers no real security benefit. Most server attacks are not operating system specific. Also, it is possible to detect the identity of a server and information about the operating system by mechanisms that do not depend on the server header.
This change took into account several new Web Server fingerprinting methods. Those methods are outlined here and here. These new methods allowed attackers to fingerprint servers well beyond the standard Header leakage issue.

Because of this, the general idea in the security world was that IIS 6.0 made URLScan obsolete.

But what about those super-security freaks that still wanted to remove the banner?

The answer was URLScan v2.5 on IIS6.0 - until now.

Recently, it was brought to my attention that a free tool existed could easily remove the Header Information in IIS 6.0 & IIS 7.0 Beta.

The technoheresy has been lifted!

It is called - Server Header. It is basically a custom ISAPI filter, created by Thomas Deml, which allows you to modify the Server Header of IIS4/5/5.1/6 and 7.0. He even included the source code!

Given, this is an ISAPI filter and this could have a negative performance impact on servers with very high traffic volumes. So take that into account before considering the tool. Of course, this is basically third party code, so as always; it is highly advised to test the tool in a non-production environment before deployment. In this case, the included source code is also a plus.

So the debate might continue on weather changing the header offers any REAL security benefits, but at least the security paranoid now have an option.

Thursday, March 29, 2007

A CAPTCHA-Solving Service

Via Symantec Security Response Weblog -

A “CAPTCHA” (completely automated public Turing test to tell computers and humans apart) is one of those puzzles you are sometimes asked to solve when signing up for a free email account or similar services. These puzzles involve distorted images that are sometimes enough to thwart an automated computer program that is trying to sign up for free email accounts, giving it the impression that it is dealing with a human. Well, an "enterprising" human found a clever way to cheaply solve a lot of CAPTCHAs.

His idea was to post a project ad on the site, to see how much it would cost him to hire someone to solve CAPTCHAs for a 50-hour week. Within a week, he received 58 bids, ranging from $30 to $100 (with the average bid being $57) before the site administrator cancelled the ad. Assuming (very conservatively) that it would take someone 30 seconds, on average, to solve a single CAPTCHA, anyone completing the job would have solved about 6000 CAPTCHAs in a 50-hour week. So, it would have cost our poster about a half a cent per CAPTCHA, for the lowest bidder, and about one and two-thirds cents per CAPTCHA for the highest bidder.

CAPTCHAs have a number of interesting security applications. One of the most well known is in trying to deter spam, by requiring anyone who signs up for a free email account to solve a CAPTCHA. This step prevents automated programs from signing up for an account. Similarly, one might try to use CAPTCHAs in conjunction with email itself, where the recipient might require the sender to solve a CAPTCHA before accepting the email. This idea also applies to other forms of spam, such as trackback or comment spam on blogs. For legitimate, low-volume email senders, this cost is pretty small; but, it might shift the economic threshold for spammers so that their practices are less profitable.

Another interesting application of CAPTCHAs is in making dictionary attacks for guessing passwords harder to accomplish. The idea here is to require someone to solve a CAPTCHA in conjunction with a password guess. This measure would increase the time for password guesses considerably (assuming, of course, that human intervention is necessary in each password guess and that this intervention is actually expensive).

CarderIM - Encrypted IM for Carders

Via -

March 28, 2007 (IDG News Service) -- Hackers have built their own encrypted instant-message (IM) program to shield themselves from law enforcement trying to spy on their communication channels.

The application, called CarderIM, is a sophisticated tool hackers are using to sell information such as credit-card numbers or e-mail addresses, part of an underground economy dealing in financial data, said Andrew Moloney, business director for financial services for RSA, part of EMC Corp., during a presentation at the International e-crime Congress in London on Wednesday.

CarderIM exemplifies the increased effort hackers are making to obscure their activities while continuing to use the Internet as a means to communicate with other criminals. "They're even investing in their own custom tools, their own places to work," Moloney said.

CarderIM's logo is humorous: two overlapping half suns in the same red-and-yellow tones as MasterCard International Inc.'s logo. The name, CarderIM, is a reference to the practice of "carding," or converting stolen credit-card details into cash or goods.

Often, the hackers who obtain credit-card numbers aren't interested in trying to convert the data into cash. But other people are. On the Internet, the two can meet. But the data buyers and sellers are constantly on the lookout for the "rippers" -- security experts or police who are gathering data on them, Moloney said.

It's not known how widely CarderIM is being used, but its distribution appears to be limited, Moloney said. Searches through Google uncover a few passing but incomplete references to the program. It's also not easy to find a copy of it.

"To get ahold of it [CarderIM] you need to be part of one of the trusted groups, which we have agents within," Moloney said.

During his presentation, Moloney showed a screenshot of an advertisement for CarderIM, which addressed the need to "secure the scene." The application supposedly uses encrypted servers that are "offshore" and does not record IM conversations.

Hackers may have needed a more secure IM application, since most of the free ones, such as ICQ, transmit messages in clear text, which can be intercepted, Moloney said.

"They know that we watch and listen," Moloney said.

TJX Data Breach - At Least 45.6 Million Cards Exposed

Via -

March 29, 2007 (Computerworld) -- After more than two months of refusing to reveal the size and scope of its data breach, TJX Companies Inc. is finally offering more details about the extent of the compromise.

In filings with the U.S. Securities and Exchange Commission yesterday, the company said 45.6 million credit and debit card numbers were stolen from one of its systems over a period of more than 18 months by an unknown number of intruders. That number eclipses the 40 million records compromised in the mid-2005 breach at CardSystems Solutions and makes the TJX compromise the worst ever involving the loss of personal data.

In addition, personal data provided in connection with the return of merchandise without receipts by about 451,000 individuals in 2003 was also stolen. The company is in the process of contacting individuals affected by the breach, TJX said in its filings.

"Given the scale and geographic scope of our business and computer systems and the time frames involved in the computer intrusion, our investigation has required a substantial period of time to date and is not completed," the company said.


"In addition, the technology used by the intruder has, to date, made it impossible for us to determine the contents of most of the files we believe were stolen in 2006," the company said. It did not elaborate on the technology it was referring to.

"We are continuing to try to identify information stolen in the computer intrusion through our investigation, but other than the information provided ... we believe that we may never be able to identify much of the information believed stolen," TJX said.


So bascially, they are only counting the cards that are known FOR SURE to be stolen...yet the real number may never be known...and sadly the hacker/hackers will most likely never be found.

Just to give you some scope. Here are some interesting numbers

Population of Canada - 33 Million
Population of Spain - 40 Million
Population of Italy - 58 Million
Population of Turkey - 70 Million
Population of Mexico - 107 Million
Population of Russia - 142 Million
Population of USA - 298 Million

Tuesday, March 27, 2007

Catholic School Bans Pupils from MySpace

Via -

Students at a suburban Catholic school are being ordered to take down their photos, snappy comments, or anything else they may have posted on

Friday is the deadline for students at St. Hugo of the Hills Catholic School to follow orders or risk suspension. School Principal Sister Margaret Van Velzen sent letters home to parents this week saying, in part, that if families allow children to continue their sites, they will not be allowed to return to school. The school plans to use its computer-savvy staff members to monitor the site for student activity.

The principal declined comment, but St. Hugo office manager Judy Martinek said the principal just wants to keep the students safe.


Big Brother isn't always the government. Next, St. Hugo will tell you that your children are not allowed to go to the mall or the movies...because it isn't safe.

I guess private schools do they their negatives.

St. Hugo Scool is dreaming if they believe they can "find" their pupils on Myspace...seriously.

Six-year-old Successfully Hacks into MP Computer

Via -

A child aged just six has successfully hacked into the UK Parliament's computersystem, installing a keylogger onto an MP's machine.

Guildford MP Anne Milton agreed to leave her computer unattended for 60 seconds as part of a test of House of Commons IT security by the BBC's Inside Out programme.

Brianagh, a schoolgirl from Winchester, took just a quarter of that time to install the keylogging software without being noticed. Such easily available applications record all the keystrokes made on a machine and can therefore be used to steal passwords, financial data and personal information.

Everything that Milton would have typed for the next six months would have been secretly recorded and it would only have taken a few seconds to retrieve the software and all the confidential information it had gathered, including the password for the whole computer.

"It really surprises me," Milton told Inside Out.

"It's the speed, the size of the device and the ease with which it was attached to my computer."

The House of Commons administration declined to comment.


Nod to my friend, Fergie, for the find.

Bulgarian Stole $350k From Americans in eBay Scam

Via -

A Bulgarian woman has been arrested and charged with participating in a scheme that used eBay to scam Americans out of at least $350,000. Her alleged fraud is similar to dozens of scams found on the auction site daily.

Mariyana Feliksova Lozanova, a.k.a. "Gentiane La France," a.k.a. "Naomi Elizabeth DeBont," was indicted for conspiracy to commit wire fraud and conspiracy to commit money laundering, according to a US Department of Justice press release. She was apprehended by law enforcement officials from Budapest, Hungary.

Mind How You Walk - It Could Be A Crime

Via -

Later today, the Commons home affairs select committee will announce it is to conduct an inquiry into the growth of surveillance in Britain. It is tempting to say this is not before time, but it is probably too late if the aim is to have any influence over policy.

We are already a "surveillance society". We are, for the time being, fortunate that the full potential for its abuse is constrained by the pluralist democracy in which we live. However, we do not have to look back very far in history to imagine the use to which such snooping could be put.


I have no doubt that our political masters believe the rapid expansion of CCTV cameras, for instance, is good for us. Indeed, that would be the view of most people, who seem happy with the cameras.

It stands to reason that if you have a camera trained on a shopping centre, a car park, a hotel lobby or a bus stop, we must be safer.

Well, actually, it does not follow at all. One problem is that cameras take the place of other forms of crime prevention, such as more police or better street lighting.

You might feel safer and the mugger may well think twice before striking if he thinks a CCTV camera is about. But they can engender complacency; and if cameras are so effective in preventing crime, why have the numbers of town-centre assaults and robberies shot up even as CCTV has mushroomed?


Why not go the whole hog and have microphones attached to cameras or embedded in street lights? The Dutch have pioneered a system that recognises aggressive sounds, without actually eavesdropping on conversations (perish the thought).

My favourite is automatic gait recognition. This identifies people by the way they walk and the Government has asked Ministry of Defence scientists to develop it for widespread use.

Cameras are programmed to pick up on a particular gait, thereby making it impossible for a suspect to escape by covering his face. Even Orwell did not come up with "gaitcrime".

It is right that the home affairs select committee should look at this, although it is hard to see what it can do about it. We already have close to five million CCTV cameras, which is one fifth of the world's total.

The average Londoner might be monitored by 300 CCTV cameras a day. They are not going to be switched off, merely made more sophisticated.

But the committee can do one thing and that is alert the country to the potential dangers of putting all this surveillance together - the CCTV, DNA, ID card, radio-frequency identification, citizens' database - and linking it up with the rest of the information held on us.

Whatever can be said for the value of any one of these, it is the combination that makes me feel uneasy. I just hope it doesn't show on my face.

Apple TV Hacked

Via -

IT DOES NOT take long for someone to hack something these days. Enthusiasts from Something Awful forum were annoyed by the general lack of third party movie support for Apple's latest product, Apple TV - and went on to create something useful with it. Awkward and Sabretooth modified Apple's little box and got it working with Xvid files with no problems.

If this mod interests you, first thing you should do is read how the new Apple TV looks from inside and after that, you could take a look what Apple TV can and can't do.

Monday, March 26, 2007

Diebold Sues Massachusetts After Losing Contract

Via -

E-voting machine provider Diebold has made some crazy statements over the years trying to defend its e-voting machines, but the company may have set a new level of craziness.

ScaredOfTheMan writes in to let us know that Diebold is suing the state of Massachusetts after the Secretary of State chose e-voting machines supplied by a Diebold competitor. Diebold doesn't seem to have any evidence that anything was done wrong -- but it insists that it has the best machines, and therefore, it wants the court to award the contract to Diebold instead. Diebold's statement on the matter is bizarre, saying that since the company competes across the country it knows it has the best machines and that it's "worth the time and money" to go to court to find out why it lost. It's nice to see that Diebold doesn't mind wasting taxpayer money in forcing Massachusetts to defend its vendor picking decisions when the company doesn't appear to have any evidence at all that something illegal actually happened. In fact, they're not even claiming anything illegal happened at all. They just think the state made the wrong choice.


What a waste of time and tax payer money...insane.

The state should countersue....but then that would just be adding more wasted tax payer money down the hole, so perhaps we should just fine the crap out of them. Yeah, thats the ticket...

Japanese DIY Cars

Via -

Mitsuoka Motor, a Japanese company, has just unveiled a micro kit car "K-4", equipped with a 50cc engine on its classical tested sports car body, developed for the do-it-yourself customers in Tokyo. It is composed of more than 500 parts and takes approximately 40 hours to assemble. The Kit-Car measures just under 2.5 meters (eight feet) long and can run at up to 50 kilometers (31 miles) an hour.

XeLL - Xbox 360 Linux Loader

XeLL is the Xenon Linux Loader

It's a second-stage bootloader and is usually run by an exploit. The method of booting this is not a part of this project. XeLL catches CPU threads, sets them up (basically setting HRMOR to zero), loads an ELF file from either network (tftp) or CDROM, and launches it. It also contains a flat device tree for linux. cdrom.c includes a very simple ISO9660 parser, which tries to boot the file named ""vmlinux".

lwIP is used for networking. Network config is currently hardcoded in network.c (and main.c). XeLL also contains a HTTP server. It is not really used.

XeLL is licensed under the GPL v2, and no other version. Xenon-specific stuff of XeLL was written by Felix Domke , other parts where taken from other free sourcecodes. No non-free hardware documentation was used for developing XeLL.

XeLL is in a very early stage, but is (most of the time) fully working

Fighting Superbugs with New Proteins

Via Scientific American -

How do you fight deadly bacteria that shrug off modern antibiotics? Simple: juice up the immune system to fight its own battles. Researchers have come up with a new compound that activates the immune system's first line of defense. Mice that received the chemical were less likely to succumb to drug-resistant staph or other infections. The group speculates that the drug could make such infections receptive to antibiotics again.

Antibiotic-resistant bacteria sicken about two million people and kill 90,000 every year in North America, says immunologist Robert Hancock of the University of British Columbia. Among the most dangerous are vancomycin-resistant Enterococcus (VRE) and methicillin-resistant Staphylococcus aureus (MRSA), which are difficult to treat with common antibiotics. Looking for new ways to attack these so-called superbugs, Hancock studied a group of short proteins, or peptides, that in high concentrations can kill bacteria.

Concerned that the peptides might trigger sepsis, a potentially lethal condition brought on by bacteria in the bloodstream, Hancock administered them to infected mice. "What we found, in contrast, was they actually reverse sepsis," he says. The only trouble was that they also caused allergylike reactions and killed healthy intestinal cells. So he and his colleagues engineered shorter peptides that they hoped would prevent sepsis without causing other complications.

They hit on a 13-amino-acid peptide, which they call an innate defense regulator (IDR-1). To test it out, they injected mice with IDR-1 either one to two days before or four hours after infecting them with VRE, MRSA or Salmonella. The treated mice were nearly twice as likely to survive infection, the group reports this week in Nature Biotechnology.

Hancock, who co-founded a company to commercialize IDR-1, says the peptide does not kill bacteria directly. Instead it seems to prime the body's quick and dirty immune response, called innate immunity. A subsequent infection, he says, may then flag the body to send a surplus of white blood cells called monocytes and macrophages to gobble up invading pathogens, but fewer of the more aggressive neutrophils, which are more likely to induce sepsis.

Hancock says that clinical trials of IDR-1 could begin in 12 to 15 months. He adds that preliminary evidence suggests that the peptide can enhance the effectiveness of antibiotics in mice, even against superbugs such as VRE.

MS IE ADODB.Recordset Double Free Memory Exploit (MS07-009)

Microsoft Security Bulletin MS07-009
Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

Exploit -

Human Implant RFID Gets Pwned at Shmoocon

Via -

Radio frequency identification tags have taken another hit from the security community and Adam Laurie -- an independent security researcher based in the U.K. -- can claim another first.

After setting off a torrent of worldwide media coverage by hacking the U.K.'s new RFID-enabled passports in a project sponsored by and first detailed by the Daily Mail newspaper earlier his month, Laurie used his presentation at the ongoing ShmooCon confab to show off techniques for hacking other RFID tags -- including one implanted inside a live human being.

After cracking the codes for a common RFID identification card and an RFID tag that would be found inside livestock, Laurie called up a volunteer from the audience who had a chip injected under their skin -- and who used the device among other things to unlock his laptop PC.

After a few minutes of wrangling with his RFID cloning device -- the same type of homemade utensil that researchers were planning to show off at the Black Hat DC conference earlier this month before ID card maker HID sufficiently intimidated researchers from IOActive against demonstrating their cloning reader -- Laurie opened the chip-wearing individual's laptop (and displayed his internal pass key to the entire audience, he better hope he can reset it).

In addition to proving further just how easily RFID tags can be hacked, Laurie effectively illustrated evidence of the type of dangers privacy advocates have cited in battling efforts to plant chips in humans (such as in the case of a Calif. School district that wanted to pin RFIDs on all its students).

If someone can hack the data on such chips, he said, it's logical to believe that someone wearing one could be tracked using the same information.

Sunday, March 25, 2007

Exploiting Microsoft DNS Dynamic Updates for Fun & Profit

Exploiting Microsoft DNS Dynamic Updates for Fun and Profit
Andres Tarasco - (c) 2007

By default, most Microsoft DNS servers integrated with active directory allowinsecure dynamic updates for dns records. This feature allows remote users to create, change and delete DNS records.

There are several attack scenarios:
  • MITM attacks: Changing dns records for the network proxy and relay HTTP queries. This attack vector is the most reliable and also allows us to exploit automatic updates for most Windows software, by deploying custom binaries to the client.
  • Denial of service: by deleting / changing critical dns records
  • Pharming: like mitm attacks, poisoning several dns records.

dnsfun exploits that weak configuration and allows remote users to modify dns records.

Graffiti Research Lab (GRL) Laser Tag System

GRL Laser Tag Rotterdam - how to and source code

Microsoft Confirms Xbox Live Pretext Hacking

Via -

Months after Xbox Live users began complaining of hacked accounts, Microsoft yesterday admitted that the service's support staff is at fault, victims of "'pretexting" calls by identity thieves.

Reports of account theft on Xbox Live have been making the rounds of its member forums since at least December. But Microsoft responded only after noted security researcher -- Kevin Finisterre of "Month of Apple Bugs" fame -- last week went public about how his account was hijacked.

As recently as Friday, the company was saying only that it had "found no evidence" of a data breach, and that any thefts had occurred could be blamed on users giving out personal information.

That assertion changed yesterday. "A security researcher, Kevin Finisterre, discovered not a hack, but the fact that some accounts may have been compromised as a result of 'social engineering', also known as 'pretexting,' through our support center," said Larry Hryb, director of programming at Xbox Live, in a blog entry. "Once I realized what he was talking about (he sent me some painful-to-listen-to audio files) I confirmed that the team is fully aware of this issue. They are examining the policies, and have already begun re-training the support staff and partners to help make sure we reduce this type of social engineering attack.

"There's no other way to say it; this situation shouldn't have happened. Our customers deserve better," Hryb added.


KF's recorded phone calls..... (3MB)

The Hacker Foundation - Hackers on a Plane

Via -

The Hacker Foundation, a nonprofit organization of ethical security researchers, is trying to extend its reach and encourage more people to join its ranks to help further codify the United States hacking community.

Many people working on important security research programs need financial help to allow them to pay their bills and maintain their efforts to improve IT systems defenses, Hacker Foundation leaders explain. In addition to giving seed money and grants to researchers, the group also raises funds for any legal defense fees incurred by white hats as they bend rules to help test the concepts they build.

By fostering a closer relationship within the white hat hacking population and bringing people together to raise funds and organize new channels for research, the growing community of individuals who engage in ethical hacking can form a more unified front to the outside world and back new projects that keep vital research moving forward, founders of the effort said in their presentation at the ShmooCon convention on March 24.

Founded in 2002, the Hacker Foundation primarily serves as a source of funds for financially challenged security researchers, but the group is hoping to begin opening facilities across the country where people can carry out their experiments and find other hackers with whom to share their work.


"We're trying to create a base of expertise within the community to give independent researchers access to things they normally wouldn't have access to," Farr said. "Many security researchers are doing work out of the goodness of their hearts. It would be great if we could get resources to allow to them to do their work full time and pay their bills; that's one of the big things we started the foundation for."

For instance, the Hacker Foundation has already set up a fund and is providing resources to the Metasploit Project, an open source computer security effort that aims to provide information to people who perform penetration testing, intrusion detection signature development, and exploit research.


Unlike in other countries such as Germany, where that country's Chaos Computer Club -- another national white hat hacker group -- receives government funding, U.S.-based hackers have few resources to turn to, according to Farr and Jesse Krembs, president of Hacker Foundation.

Other projects backed by the Hacker Foundation include efforts to get younger researchers into the wider community at a younger age to teach them the right way to go about their work, and a program to send people across the country, and even the world, to help rebuild IT systems after natural disasters such as Hurricane Katrina.


In perhaps its most optimistic scheme to date, the Hacker Foundation is also planning an unprecedented movable feast of white hat researchers that will begin with the Defcon hacker confab in Las Vegas in early August 2007.

From that notorious hacker show, the group is chartering a private plane that will fly directly to Germany for the CCC's annual hacker show, with white hat activities planned for the trip.

In addition to the freedom to bring whatever unusual boxes of gear they would like to display or use at the show, which has become tough to do on commercial flights, the $5,000 per person trip will include round-trip airfare, all the food and drink attendees seek in transit, and on-board meetings to discuss events at the two industry shows.

The Hackers on a Plane adventure is just the sort of white hat industry fraternization that the group's organizers are hoping to spread.

"We realized that all hackers don't have a place to meet and try out new things, as people in places such as Germany have been doing," Krembs said. "We want to make that happen in the U.S.; hackers need a space to learn, develop, and display their skills. We're very social creatures despite what people think and socializing the critical mass of hackers is a great way to make new things happen."

Saturday, March 24, 2007

SCADA Protocol Handling Flaw Discovered

Via -

Researchers on March 21 announced that the systems which control dams, oil refineries, railroads and nuclear power plants have a vulnerability that could be used to cause a denial of service or a system takeover.

The flaw, reported by
Neutralbit, is the first remotely exploitable SCADA security vulnerability, according to the security services provider. SCADA (supervisory control and data acquisition) is a large-scale, distributed measurement and control system used to monitor or control chemical or transport processes in municipal water supply systems, to control electric power generation, transmission and distribution, gas and oil pipelines and other distributed processes. Wikipedia has a schematic of SCADA here.

Neutralbit identified the vulnerability in
NETxAutomation NETxEIB OPC (OLE for Process Control) Server. OPC is a Microsoft Windows standard for easily writing GUI applications for SCADA. It's used for interconnecting process control applications running on Microsoft platforms. OPC servers are often used in control systems to consolidate field and network device information.

Neutralbit reports that the flaw is caused by improper validation of server handles, which could be exploited by an attacker with physical or remote access to the OPC interface to crash an affected application or potentially compromise a vulnerable server. Neutralbit has also recently published
five vulnerabilities having to do with OPC.

This isn't the first time that this vital bit of national infrastructure has gotten a black eye. Errata President Robert Graham published a scathing report last year titled "SCADA Security and Terrorism: We're Not Crying Wolf." In that report and in his more recent blog, he called SCADA "completely open to attack, especially OPC."


Someone must have seen a preview of Live Free or Die Hard. Funny, but I just noticed HD Moore's CanSecWest speech - Live Free or Hack Hard: Metasploit 2007.


Cali Posted ID Data on Web

Via -

SACRAMENTO -- Hundreds of thousands of Californians' Social Security numbers have been made publicly available for the past three years on the secretary of state's Web site, officials said Thursday.

The personal data was removed from Secretary of State Debra Bowen's Web site earlier this week after a state legislator notified her office of the situation and the vulnerability to identity theft. While officials said there is no evidence directly linking the release of the information to any particular incidents, such data is commonly used by identity thieves.

The data was available in Uniform Commercial Code filings -- documents that lenders file relating to collateral securing a loan.

About one-third of the 2 million documents on file had the borrower's name, address, Social Security number and signature. The other two-thirds of the documents were for loans to businesses rather than individuals. Bowen's office said it was unclear how many of the documents may have been purchased through the site, but said on an average day about 300 were viewed online.

The documents were available only to account users, which are mostly financial institutions, although there are no restrictions on who can create an account. The Web site has about 1,500 regular users, another 28,000 casual users and 14 "bulk" users.

Bowen, who took office in January, said the issue shows the balance governments have to strike in providing the public with access to records while also protecting privacy rights. "Making government open, accessible, and Internet-friendly while simultaneously ensuring that people's privacy is protected isn't always easy to do," Bowen said in a written statement.

California has the third-highest rate of identity theft crimes in the nation, according to the federal Identity Theft Data Clearinghouse. There were about 45,000 reports of identity theft in California in 2005, or 125 incidents for every 100,000 residents.


Who needs ID hackers when you have companies and governments like this?

Hacking Contest at CanSecWest Takes Aim at Apple

Via -

Security researchers that want to take a shot a hacking the Mac OS X will get their chance at an upcoming security conference and could take home a fully loaded MacBook Pro.

This week, the organizer of the annual CanSecWest conference announced the show will host a "PWN to Own" contest: Hack a Mac and you can take it home. The contest will place two tricked-out MacBook Pro computers with a default Apple installation on a network to which any attendee can connect and attempt to exploit the systems. The first person to use a unique attack on either of the two systems can take the laptop home, said Dragos Ruiu, the organizer of the CanSecWest.

Ruiu proposed the contest after he became frustrated with the Apple's lack of participation in the security community, its marketing campaign touting the operating system's security track record, and the company's hard-line tactics against some researchers.


I will be @ CanSecWest this perhaps I should get with HD and start to test his WiFi fuzzer for Metasploit ;)

If you are going to CanSecWest, hit me we can get together for a drink or two.

Java-based x86 Emulator

Via -

Researchers at Oxford have built an x86 emulator that runs purely on Java, making it ideal for security researchers who want to analyze and archive viruses, host honeypots and defend themselves against buggy or malicious software without hosing their machines. The JPC also emulates a host of other environments, giving technophiles the ability to play Asteroids and other software that's sat on shelves for years collecting dust.

What's more, JPC will run on any device with a Java virtual machine, so cell phones, set-top boxes and RISC systems are all fair game, according to researchers in the university's physics department, where the project was developed.

FBI Agents Stationed Abroad to Combat ID Theft

Via -

When a criminal can pick up a fake identity, complete with credit card information, for under twenty bucks, it's clear that the identity theft market has become an efficient place to do business. A recent survey claimed that nearly 9 million adults in the US were victims of identity theft in 2006, and the problem caused losses of $50 billion. In testimony to Congress this week, Associate Deputy Attorney General Ronald Tenpas painted a grim picture of the organized criminal networks behind the scams.

Sometimes these networks are based in other countries, often Russia or Romania.

Unfortunately for the criminals, actually using stolen credit cards in Russia presents a problem, as this can easily trigger anti-fraud safeguards. The solution they hit upon sounds much like a 419 scam, except that the American accomplice actually does get some money.

One American in Virginia, who goes by the Internet nick "John Dillinger," agreed to cooperate with "vendors" from Eastern Europe. These groups "acquired" credit card numbers, then sent them by e-mail and instant message to Dillinger, who then encoded them onto credit cards. He then took these credit cards to ATMs and made cash withdrawals; a percentage of the money was then sent back to the "vendor" and Dillinger kept the rest. Dillinger was eventually busted by the feds, though, and was sentenced in February 2007 to 94 months in jail.

The Eastern European connection has become a large-enough problem that the FBI has begun working with the Romanian National Police on identity theft. Tenpas told Congress that six agents traveled to Bucharest last year to take part in "Cardkeeper," a joint initiative that ended with 13 arrests in the US and several searches in Romania. The project was successful enough that agents are now spending much more time overseas. "FBI agents are [now] deployed to Romania to work full-time, hand-in-hand with the RNP on cases of mutual interest," he said.

Insect Saliva Helps Protect Against Insect-Borne Parasites

Via -

Exposure to the saliva of biting insects could later protect people against infection by insect-borne parasites. If the components of saliva that confer protection can be isolated, they could be used to boost the strength of future vaccines against malaria and other deadly diseases.

The phenomenon has previously been documented in leishmaniasis - a skin disease spread by sandflies that currently afflicts many soldiers returning from Iraq. Now a study in mice has shown mosquito saliva can protect against malaria.

People who live in regions where insect-borne parasitic diseases are widespread, such as Africa and the Middle East, often show greater resistance to infection than people from other parts of the world. It had been assumed that the protection comes from repeated exposure to the parasite over a person's lifetime, but now it seems that repeated exposure to uninfected saliva could also play a part in generating immunity.

"In some areas people can get up to a thousand mosquito bites a day," says Mary Ann McDowell, an immunoparasitologist at the University of Notre Dame in Indiana. "That's a lot of mosquito spit."

After animal studies showed that prior exposure to sandfly saliva conferred protection against leishmaniasis, McDowell decided to test for the same effect in malaria. Working with researchers at the National Institute of Allergy and Infectious Diseases (NIAID) in Bethesda, Maryland, her team exposed mice to mosquitoes carrying the malaria parasite, some of which had previously been bitten by uninfected mosquitoes.

DoD & Spy Agencies to Improve Cross Domain Info Sharing

Via -

The Defense Department and the intelligence community have worked during the past year through a newly unveiled organization to hone technologies for sharing classified data among various levels of secrecy, according to officials and public documents.

The Information Sharing Environment, an interagency program under the aegis of the Office of Director of National Intelligence, confirmed the existence of the organization in a November 2006 report.

The new office, since renamed the Unified Cross Domain Management Office, was created to “ensure that cross-domain solutions are available to meet IC and DOD needs at acceptable levels of cost, schedule and risk,” the report said.

“While this is a promising initiative, it must be expanded beyond DOD and IC to fully encompass the needs of all [Intelligence Sharing Environment] participants,” according to the report.

The ISE, which Congress established as part of the Intelligence Reform and Terrorism Prevention Act of 2004, has developed an architecture for interagency information transfer to help promote a “responsibility to share.”

ISE participants include dozens of federal, state, local and tribal intelligence and law enforcement agencies, as well as the dozens of information fusion centers they have established.

Intelligence officials, including associate director for national intelligence and CIO Dale Meyerrose, have described a general effort to consolidate dozens of cross-domain solutions informally over the past year.

Meyerrose said the CDS project would involve consolidating hundreds of the systems for shifting data across levels of classification into about 20 basic CDSes, making exceptions where necessary.

The November report from the information-sharing office called for improved data transfer links, noting that “CDSes are available today, but existing approaches have failed to keep pace with growing requirements and changing technology.”

The report added, “Based largely on searches of textual information, these [existing information sharing] solutions do not typically support a robust exchange of graphic or multimedia information, and almost always require human review as part of the high-low transfer process.”

The CIOs of the Pentagon and the DNI Office announced their fledgling organization for reforming CDS technology in a press statement issued on March 8.

The press release stated that the organization, based in Adelphi, Md., operates under a charter signed by Meyerrose and John Grimes, the Pentagon’s CIO and assistant secretary of Defense for networks and information integration, on March 1, 2007.

Intelligence community officials confirmed that the DNI Office had approved the release of the November 2006 report stating that the office had launched in March 2006.

Commons Home Affairs Committee Probe Surveillance Society Claims

Via BBC -

The Commons Home Affairs committee is about to announce the inquiry, leader of the Commons Jack Straw told MPs.

The Information Commissioner last year warned the UK risked "sleep-walking into a surveillance society".

It is thought the inquiry will include the impact of identity cards, the expansion of the DNA database and the large rise in the use of CCTV cameras.

Shadow home secretary David Davis said the move was welcome, adding: "Under Labour we have progressively moved towards a surveillance society with the government's obsession with ID cards and the DNA database being just two examples.

Friday, March 23, 2007

Iran Captures British Soldiers Off the Coast of Iraq

Via -

DUBAI, United Arab Emirates — Iranian naval vessels on Friday seized 15 British sailors and marines in disputed Persian Gulf waters off the coast of Iraq, British and U.S. officials said. The detentions come at a time of high tension between the West and Iran, which accused the British of intruding on its territory.

The British government protested immediately, saying the 15 were taken captive in Iraqi waters and summoning the Iranian ambassador in London to the Foreign Office: "He was left in no doubt that we want them back," Britain's Foreign Secretary Margaret Beckett said after the meeting.

The Britons were assigned to a task force that protects Iraqi oil terminals and maintains security in Iraqi waters under authority of the U.N. Security Council.

A spokesman for the U.S. Navy in Bahrain said the Britons were taken captive just outside a long-disputed waterway called the Shatt al-Arab dividing Iraq and Iran. Friday's detentions came as the Security Council debates further sanctions against Iran over its disputed nuclear program, and amid U.S. allegations that Iran is arming Shiite militias in Iraq.

Iran summoned the top British diplomat in Tehran to protest the British sailors' "illegal entry" into Iranian waters.

"This is not the first time that British military personnel during the occupation of Iraq have entered illegally into Iran's territorial waters," the state TV quoted a foreign ministry official as saying. He was not identified by name.

The 15 seized British soldiers and marines have been "detained by Iran's border authorities for further investigation ... of the blatant aggression into Iranian territorial waters," the official said and demanded an immediate explanation from Britain.

Cmdr. Kevin Aandahl of the U.S. Navy's Fifth Fleet said the Iranian Revolutionary Guards had radioed a British warship explaining that no harm had come to the 15 Britons and that they were seized because they were in Iranian waters. The British Defense Ministry said the Iranians took custody of the sailors and marines in Iraqi waters.


In June 2004, six British marines and two sailors were seized by Iran in the Shatt al-Arab. They were presented blindfolded on Iranian television and admitted entering Iranian waters illegally, then released unharmed after three days.


We should not overlook the connections here...just days ago, I blogged about an Intel Summit article which contained the following information:

In an article in Subhi Sadek, the Revolutionary Guard’s weekly paper, Reza Faker, a writer believed to have close links to President Mahmoud Ahmadinejad, warned that Iran would strike back.

“We’ve got the ability to capture a nice bunch of blue-eyed blond-haired officers and feed them to our fighting cocks,” he said. “Iran has enough people who can reach the heart of Europe and kidnap Americans and Israelis.”
Most likely, no harm will come to the it would seem to be more of a political move anyways (i.e. saber rattling).

Thursday, March 22, 2007

Three Held Over July 7th Terror Blasts in London

Via Scotsman UK -

THREE men were arrested yesterday in connection with the 7 July suicide bomb attacks on London.

Two men were held at Manchester Airport as they prepared to fly to Pakistan. The third was detained at a house in Leeds.

Last night, they were being questioned at a high-security police station in central London.
Scotland Yard said the three were arrested "on suspicion of the commission, preparation or instigation of acts of terrorism."

Security sources said the arrests related to "unanswered questions" about the attacks in July 2005, which killed 52 people. Among those questions are why the car in which the bombers travelled to London contained spare explosive devices.

An official government account of the attacks on Tube trains and a bus published last year reached no firm conclusions about the purpose of the extra devices. Persistent conspiracy theories suggest the original plot involved more than four bombers.

But one source familiar with the inquiry last night insisted there was "no question" of the arrested men being suspected of direct involvement in the attacks.

Rather, they are believed to have provided support for the four bombers, either by helping finance the operation or by collaborating in the planning or preparation of the attacks.

Following the arrests, officers began searching five addresses in Leeds, some of them in the Beeston area of the city, where two of the attackers lived.

Two addresses in east London were also being searched.

Although the principal members of the 7/7 conspiracy died on the day, police and MI5 officers have continued to investigate the plot.

MI5, the Security Service, has been dogged by questions about exactly what was known of the four 7/7 bombers before their attack.

It emerged in the weeks afterwards that at least two of the bombers had become known to MI5 as a result of a separate counter-terrorism operation.

GAO Report - DHS Lagging in Cybersecurity

Via -

Although the Homeland Security Department has increased its attention to cybersecurity in the past six months, it still has not implemented 25 recommendations that are needed to fulfill its cyber responsibilities, according to a new report from the Government Accountability Office.

DHS in September 2006 named Greg Garcia assistant secretary of cybersecurity and telecommunications and has made progress on improving awareness and coordination since then, the report states.

But much work remains to be done on 25 recommendations related to assessing cyberthreats and vulnerabilities, providing warning of cyberattacks, improving information sharing and coordinating response and recovery following a cyberattack, including Internet recovery, the GAO said.

“While DHS has made progress in addressing some of these recommendations much work remains to be done,” the GAO said.

Chinese-born Engineer Faces Jury in Theft of U.S. Secrets

Via -

SANTA ANA, Calif. — As a top engineer at a major U.S. defense contractor, Chi Mak helped develop some of the most advanced and closely guarded naval technology in the world, including silent-running propulsion systems that can make submarines virtually undetectable.

Now, in a case that experts say could have serious implications for U.S. security, he is accused of stealing those secrets for the Chinese.

Prosecutors say the Chinese-born Mak was working for China from 1983 until his arrest two years ago, stealing hundreds of documents about a number of defense systems, including the weapons, nuclear reactors and propulsion systems aboard U.S. submarines.

The 66-year-old Mak is set to go on trial Tuesday on charges of conspiracy to export U.S. defense secrets to China, possession of property in aid of a foreign government and failure to register as a foreign agent. He could get more than 50 years in prison if convicted.

If the allegations are true, China may have gained critical information as it tries to develop an open-water fleet to challenge U.S. naval supremacy in Asia, said Richard Fisher, vice president of the International Assessment and Strategy Center, a nonpartisan think tank in Alexandria, Va.

"China's military capabilities would benefit tremendously from the kind of inside information that he's had access to," Fisher said. "If the Chinese are on the inside track on this one, then we are truly in an arms race."

The case is also troubling because the U.S. government might have to declassify evidence and present it to jurors to prove its case.

"This is the bad choice the government faces," said Paul D. Moore, who served for more than 20 years as the FBI's chief China analyst. "There are a number of people running around the United States who have committed espionage and gotten away with it because the government couldn't afford to lose the information they needed to prove the case."

Tools of the Trade - Nmap Alpha & Nessus Beta

1) On March 20th, FireFox was released. This new released fixes a low-risk port scan FTP vulnerability.

2) On March 20th, Nessus 3.1.3 Beta was released. The whole Nessus 3.1.x series is considered as being in beta. When it reaches production quality, it will be labelled Nessus 3.2.x. The main list of changes between Nessus 3.2 and Nessus 3.0 is available on Tenable's blog. This version was not released for Windows however.

3) On March 19th, TrueCrypt 4.3 was released. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data are automatically encrypted or decrypted right before they are loaded or saved, without any user intervention. Check the change log for all the new features.

4) Recently, released Nmap 4.21 Alpha 4. Check the change log for the new features.

5) Recently, NoScript v1. was released. The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and others mozilla-based browsers: this free, open source add-on allows JavaScript and Java execution only for trusted domains of your choice (e.g. your home-banking web site). This version includes multiple new Anti-XSS features which have been the focus of the last few beta releases..

How I Became A Music Pirate

Via -

Does DRM drive even honest well-meaning people to piracy? Yes, of course it does.

Reader and music lover Jarrett tried to send the following "detailed, passionate complaint letter" to Rhino, but their only reply was:

450 Server configuration problem
Good for us, because Jerrett decided to send his letter to us. So, without delay, here is "How I Become A Music Pirate" by Jarrett.

NFL Fumbles DMCA Takedown Battle

Via -

It's no secret that some content owners don't seem to understand how the DMCA works—that, or they simply don't care when sending mass takedown notices. This seems to be the case with the recent saga of legal maneuvers between the National Football League (NFL) and Brooklyn Law School professor Wendy Seltzer. The two have been going back and forth with DMCA-related "requests" since early February—with YouTube stuck in between—and in the process, the NFL itself appears to have violated the DMCA.


Wendy Seltzer is a law professor, a former EFF lawyer, and the founder of the
Chilling Effects Clearinghouse.

Chilling Effects is a joint project of the Electronic Frontier Foundation and Harvard, Stanford, Berkeley, University of San Francisco, University of Maine, George Washington School of Law, and Santa Clara University School of Law clinics which aims to help people understand the protections that the First Amendment and intellectual property laws give to their online activities.

Go, get'em Wendy.

Isolated XBox Live Accounts Breached

Via -

Following the increasing concern about the safety of the 6 million Xbox Live accounts, Microsoft issued a press release in which admits the existence of some minor breaches.

A recent story posted on spoke about the fact that Microsoft's Xbox Live service may have been hacked into by outside forces. The allegations came shortly after a number of gamers reported that their Live accounts had been broken into and that their credit card numbers were used to purchase Microsoft Points.

One user in particular, called Kevin Finisterre, complained in detail about his troubles. He claimed that an issue regarding a session with Halo 2 led to a lockout of his girlfriend's account.

"I received a message on my Xbox that said: 'We are sorry we must log you out of Xbox Live because someone else is using your Gamertag,'" Finisterre declared in an e-mail to CNET.

Due to the lack of information for reporters at the time the story came out, several sites and blogs across the Web theorized that users such as Finisterre had simply been "phished", or tricked into revealing account information to other users. Some sites also provided the possibility that the Xbox Live service had been hacked.

Microsoft promptly issued a press release, in which the company confirmed the existence of some isolated cases of “phishing”, but also underlined that the Xbox Live accounts in general are not affected.

“Despite some recent reports and speculation, we want to reassure all of our 6 million Xbox Live members that we have looked into the situation and found no evidence of any compromise of the security of or our LIVE network. There have been a few isolated incidents where malicious users have been attempting to draw personal information from unsuspecting users and use it to gain access to their LIVE account. We think this is a good time to remind our members that they should never give out any of their personal information.”

“To our knowledge, there has been no compromise of the Xbox LIVE network. To our knowledge, no credit card or other personal information was exposed.”

FDA Limits Role of Advisers Tied to Industry

Via -

WASHINGTON, March 21 — Expert advisers to the government who receive money from a drug or device maker would be barred for the first time from voting on whether to approve that company’s products under new rules announced Wednesday for the F.D.A.’s powerful advisory committees.

Indeed, such doctors who receive more than $50,000 from a company or a competitor whose product is being discussed would no longer be allowed to serve on the committees, though those who receive less than that amount in the prior year can join a committee and participate in its discussions.

A “significant number” of the agency’s present advisers would be affected by the new policy, said the F.D.A. acting deputy commissioner, Randall W. Lutter, though he would not say how many. The rules are among the first major changes made by Dr. Andrew C. von Eschenbach since he was confirmed as commissioner of food and drugs late last year.

Advisory boards recommend drugs for approval and, in rare cases, removal, and their votes can have enormous influence on drug company fortunes.

“The $50,000 threshold is something that we think strikes an appropriate balance between” getting smart advisers and reassuring the public that their advice is not tainted, Dr. Lutter said.


Now if we can do this with political leaders.....

Morals Controlled By the Brain

Via -

It's wartime, and an enemy doctor is conducting painful and inevitably fatal experiments on children. You have two kids, ages 8 and 5. You can surrender one of them within 24 hours or the doctor will kill both. What is the right thing to do?

For most people, this scenario based on one in William Styron's novel Sophie's Choice is almost an impossible dilemma.

But for a group of people with damage in a part of the brain's frontal lobe that helps govern emotions, the decision is far clearer. They would allow one child to die.

Scientists say a study involving these people has produced unique insights into the brain mechanics of moral decision making and shows that in some key situations emotions play a fundamental role in moral judgements.

The new findings, published in the journal Nature, highlights the role of a region in the front part of the brain below the eyes called the ventromedial prefrontal cortex.

Earlier research has pegged this area, one of the more recently evolved parts of the human brain, as playing a role in generating social emotions.

In fact, the people with damage in this region due to stroke or other causes experienced severely diminished empathy, compassion and sense of guilt.

The new findings seem to confirm its central role in guiding certain moral judgements like life-or-death scenarios.

Six Individuals Suspected of Using Stolen TJX Data

Via -

Six individuals have beendetained in Florida for suspicion of fraud by using credit card information stolen from TJX. It is the first arrests connected with the theft of customer details from the company, which owns retail outlets including TJ Maxx, Marshalls, HomeGoods and A J Wright.

At least 10 people are suspected of using the customer data to buy huge numbers of gift cards at Wal-Mart and Sam's Club stores throughout the state.

The suspects then redeemed the cards at other locations to secure high-ticket items such as computers, gaming devices, and big-screen TVs, according to ComputerWorld. Wal-Mart and the banks issuing the credit cards are still calculating the losses, but so far they total more than $8m.

Those arrested in the alleged scheme include Irving Escobar, 18; Reinier Camaraza Alvarez, 27; Julio Oscar Alberti, 33; Dianelly Hernandez, 19; Nair Zuleima Alvarez, 40; and Zenia Mercedes Llorente, 23. They are charged with felony scheme to defraud and had bonds set at $1 million each.


We are looking at the "end customers" of the stolen TJX data here...and not the people that planned or ran the TJX network attack.

I would guess that these individuals were buyers of the data. That would mean that this data is already being sold on the carding black markets....all the while, banks are still counting...and the public doesn't even know who..or how many cards were exposed.

See the write-up over at SF on this topic. Also, check out the Forbes article which outlines the suit being issued against TJX by one of their big shareholder, Arkansas Carpenters Pension Fund.

Jikto - The Javascript PC Attack Tool

Via -

A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems.

That's possible with a new security tool called Jikto. The tool is written in JavaScript and can make PCs of unknowing Web surfers hunt for flaws in Web sites, said Jikto creator Billy Hoffman, a researcher at Web security firm SPI Dynamics. Hoffman, who developed the tool as a way to advance Web security, plans to release Jikto publicly later this week at the ShmooCon hacker event in Washington, D.C.

"This is going to drastically change the scope of evil things you can do with JavaScript," Hoffman said. "Jikto turns any PC into my little drone. Your PC will start attacking Web sites on my behalf, and you're going to give me all the results."

With the advent of online applications, hackers have shown increased interest in breaching Web security. Though vulnerabilities such as cross-site scripting bugs and SQL injection flaws have been around for years, such security problems are increasingly being reported and exploited.

Jikto is a Web application vulnerability scanner. It can silently crawl and audit public Web sites, and then send the results to a third party, Hoffman said. Jikto can be embedded into an attacker's Web site or injected into trusted sites by exploiting a common Web security hole known as a cross-site scripting flaw, he said.


ShmooCon begins tomorrow....and ends on March 25th.

The release of this tool might seem pretty grey, but the truth is...this type of stuff is already out there.

XSS Proxy, AttackAPI, Backframe, BeEF, etc.

It might not be packaged in a way that script kiddes (or non-tech international crime lords) can use it...but it is out there.

Inside the Windows Vista Kernel

This series has so far covered Windows Vista kernel enhancements related to processes, I/O, memory management, system startup, shutdown, and power management. In this third and final installment, I take a look at features and improvements in the areas of reliability, recovery, and security.

One feature I'm not covering in this series is User Account Control (UAC), which comprises several different technologies, including file system and registry virtualization for legacy applications, elevation consent for accessing administrative rights, and the Windows® Integrity Level mechanism for isolating processes running with administrative rights from less-privileged processes running in the same account.

Part 1 - Part 2 - Part 3

Wednesday, March 21, 2007

Data Centers Breathe Easier with Less Oxygen

Via -

As data centers become hotter and more dense with servers, a greater chance for fire exists. But there's equipment on the market that applies a well-known method of halting fire: starving it of oxygen.

Only a few vendors are offering oxygen-deprivation systems, but interest in the technology is growing. It involves pumping air that has such a low oxygen content that a fire can't start in the data center.

Air is composed of about 21 percent oxygen, 78 percent nitrogen and 1 percent of other gases. Fire needs the oxygen to burn, and lower percentages of oxygen makes it more difficult or impossible for fire to start.

Wood stops burning when the oxygen content falls to 17 percent and plastic cables between 16 to 17 percent, said Frank Eickhorn, product manager for fire detection at Wagner Alarm and Security Systems GmbH in Hanover, Germany.

Wagner makes electric compressors that use a special membrane to remove some of the oxygen from the outside air, a system the company calls OxyReduct. The excess oxygen is exhausted, and the remaining nitrogen-rich air is pumped inside the data center.

At 15 percent oxygen, it's safe for humans to enter. The lower oxygen content of the air is similar to being at an altitude of about 6,000 feet, Eickhorn said. He demonstrated with a lighter inside a sealed atrium Wagner has on display at Cebit. It won't light.

Fire poses a danger beyond the immediate equipment that burns. Burning plastic components combine with moisture in the air to create an acidic vapor that can damage other equipment away from the flames, said Dieter Lietz, manager for technical training and support. Smoke damage is just as costly for insurance companies as fire, Lietz said.

N2telligence GmbH, a startup company based in Hamburg, Germany, has taken the oxygen-deprivation concept a step further by using a fuel cell. The fuel cell provides two functions: it can supply low-oxygen air to the data center and power during a sudden outage, said Lars Frahm, one of N2telligence's co-founders.

N2telligence showed a fuel cell at Cebit that uses two, 50-liter tanks of hydrogen for fuel. It's made by Plug Power Inc., a U.S. company in Latham, New York. The air that's discharged from the fuel cell reaction has less oxygen, and a condenser removes a bit of water vapor before the air is pumped inside the data center, Frahm said.


Very interesting indeed. It would be interesting to have oxygen-deprivation system that can be set like your home thermostat.

During the day, the O2 levels can be kept at a reasonable level, but at night and on the weekend...the level could be reduced to near human limits.