Wednesday, October 31, 2007

iPhones & International Travel Don't Mix

Via Yahoo! News -

Last month I told you about the fellow who, misunderstanding AT&T's international data plan and the amount of bandwidth the iPhone actually uses, ended up with a $3,000 bill after a couple of weeks overseas. Many felt unsympathetic, saying he should have known what the charges would be since AT&T was up front about the cost and he was responsible for how much data has was using.

Well now the story gets a little stranger: A family with three iPhones went on a Mediterranean cruise with their gadgets, but didn't even turn on the iPhones during the trip. When they got back, a $4,800 bill for international roaming was waiting for them. How? Because the iPhone, according to this Newsday story, checks for service updates and email whether it's turned on or off.

Sure enough, the fine print on AT&T's web site agrees: "Substantial charges may be incurred if phone is taken out of the U.S. even if no services are intentionally used."

But still, nearly $5,000 in charges for a phone that isn't turned on feels, well, a bit excessive. And stories like this are piling up to the point where class-action lawsuits are in the works, alleging that Apple (and AT&T, I assume) did not do a good enough job at informing consumers how much they'd have to pay if they stepped foot out of the country.

Memo to AT&T: Isn't it time to offer some real, unlimited international data plans for the iPhone? You know, like the ones you offer for all the other phones you sell?


You iphone suckers....

Congress Weighs Wireless Contract Changes

Via Yahoo! News -

Aha. There's a reason both Verizon and AT&T loosened restrictions on wireless contract changes recently. The moves appear timed to precede U.S. Congressional hearings on whether to legislate more consumer-friendly practices among cell phone carriers.

The Washington Post reports that a bill introduced by Sen. Amy Klobluchar (D.-Minn.) would require wireless providers to prorate fees charged to customers who cancel cell phone contracts. Some carriers charge up to $200 to cancel wireless service before the end of a typically two-year contract. The bill also would demand that companies allow customers to make changes to their calling plans without having to sign up for a contract extension.

That last requirement is what Verizon and AT&T both addressed when they voluntarily removed the contract-extension stipulation, allowing customers to change their plans without signing a new contract. Verizon has been prorating cancellation fees for about a year, and AT&T announced it will do the same.

Could it be the carriers are making peace offerings so Congress will not see a need for regulating their business further? Yep.

We'll see if lawmakers are convinced. The recent changes are a move in the right direction, especially when you consider that consumers filed more complaints with Better Business Bureaus about the wireless industry than any other. And, the Post notes, contract-related problems were at the top of the list.

Accused Madrid Bomb Mastermind Acquitted

Via Yahoo! News -

MADRID, Spain - Three lead defendants in the 2004 Madrid train bombings were found guilty of mass murder and other charges Wednesday but four other top suspects were convicted on lesser charges and an accused ringleader was completely acquitted.

The verdicts were a partial victory for prosecutors, with 21 of the 28 people on trial convicted on at least some charges. Seven got off entirely, including an Egyptian who prosecutors said had bragged that he masterminded the March 11, 2004 blasts, which killed 191 people and injured more than 1,800.

The three lead suspects convicted of murder and attempted murder each received sentences ranging from 34,000 to 43,000 years in prison, although under Spanish law the most time they can spend in jail is 40 years. Spain has no death penalty or life imprisonment.

The three are: Jamal Zougam, a Moroccan convicted of placing at least one bomb on one of the trains; Emilio Suarez Trashorras, a Spaniard who is a former miner found guilty of supplying the explosives used in the attacks; and Othman Gnaoui, a Moroccan accused of being a right-hand man of the plot's operational chief.

Top suspects Youssef Belhadj, Hassan el Haski, Abdulmajid Bouchar and Rafa Zouhier were acquitted of murder but convicted of lesser charges including belonging to a terrorist organization. They received sentences of between 10 and 18 years.

Fourteen other people were found guilty of lesser charges like belonging to a terrorist group.

Accused mastermind Rabei Osman, who is in jail in Italy, had allegedly bragged in a wiretapped phone conversation that the massacre was his idea. But his defense attorneys argued successfully that the tapes were mistranslated.

Six lesser suspects were acquitted on all charges in addition to Osman.

Much of the evidence against the men was circumstantial. Bouchar, for instance, had been seen on one of the bombed trains shortly before the attack, but at trial nobody could definitively identify him.

Circumstantial evidence is admissable in Spanish court but the judges may have avoided relaying heavily upon it because of a number of high-profile terror cases that were overturned on appeal, including one involving a Spanish cell accused of involvement in the Sept. 11 attacks.


43,000 / 40 = 1075

holy crap - what is wrong with this picture?

Zero Byte Padding Detection Evasion

Via -

Security experts have warned that cyber-criminals could "wreak havoc" by reworking the decade-old malware-disguising technique of adding zero byte entries to scripts.

Belgian IT security expert Didier Stevens wrote in a blog posting that, without zero byte padding, 25 out of 32 IT security applications tested could easily detect his malware script.

As more padding is added to the script, however, the detection rate went down at 254 zero-bytes between the individual characters of the script.

Only one antivirus application was still able to detect the obscured script, and at 255 none detected it.

According to vendor Tier-3, the technique can still be used to fool "most signature-based" antivirus and anti-malware software.

"The code 'obfuscation' technique first appeared more than a decade ago as malware writers attempted to hide their scripts from Windows 98 antivirus software," said Tier-3 chief technology officer Geoff Sweeney.

"By adding zero byte entries to the first 32 characters of a script, the malware could escape the attention of most of the signature-based detection software of the mid-1990s.

"Now it appears that malware authors have stumbled on the fact that many of today's 32-bit and 64-bit IT security software still limit signature analyses to the first 256 or 512 bytes of a script.

"If a script is padded out with a lengthy string of zero byte entries, then it follows that a modern script can pass unnoticed and wreak havoc on a Windows-driven computer system."

Sweeney added that questions need to be asked as to why some antivirus products and internet browsers are still susceptible to this well-documented obfuscation technique.


This is just a single technique used by malware authors...they have a systematic detection evasion playbook and the bad guys are getting first downs.

Annual Ninja Parade in Modesto

Modesto, CA residents turned out for the city's annual Ninja Parade, where no ninjas were seen for the 30th year in a row.

Tuesday, October 30, 2007

Google Earth Used to Target Israel

Via -

Palestinian militants are using Google Earth to help plan their attacks on the Israeli military and other targets, the Guardian has learned.

Members of the al-Aqsa Martyrs Brigade, a group aligned with the Fatah political party, say they use the popular internet mapping tool to help determine their targets for rocket strikes.

"We obtain the details from Google Earth and check them against our maps of the city centre and sensitive areas," Khaled Jaabari, the group's commander in Gaza who is known as Abu Walid, told the Guardian.

Abu Walid showed the Guardian an aerial image of the Israeli town of Sderot on his computer to demonstrate how his group searches for targets.

The Guardian filmed an al-Aqsa test rocket launch, fired into an uninhabited area of the Negev desert, last month. Despite the crudeness of the weapons, many have landed in Sderot, killing around a dozen people in the last three years and wounding scores more.

Al-Aqsa is one of several militant groups firing rockets, known as Qassams, from Gaza into Israel. A rocket attack by Islamic Jihad on a military base last month wounded more than 50 soldiers. Hamas's military wing, the Izzedine Qassam Brigades, is not believed to be firing rockets.

Abu Walid insists there is no contradiction between his group's actions and talk of peace by Mahmoud Abbas, Fatah's leader.

Bringing up archive footage of rocket launches on his computer, he said that the group had modified the homemade rockets to travel longer distances by cultivating salt from the sea. "It's a secret process, but we're very excited by the results."

Leopard Hacked to Run on PCs

Via PC World -

The cat and mouse game between hackers and Apple takes another move, with news that Apple's new Leopard operating system has already been successfully installed on Windows PCs.

The OSx86 Scene forum has released details of how Windows users can migrate to Apple's new OS, without investing in new hardware -- even though installing Leopard on an PC may be counter to Apple's terms and conditions.

The forum is offering full instructions on how to install the system, including screenshots of the installation process.

Not all the features of Leopard function with the patch -- Wi-Fi, support, for example, is reportedly inoperable. Historically, Apple's likely next move will be to track down and act against those behind the hack.

The move to make Leopard work on a PC is just the latest in Apple's continual struggle with the hacker community.

Tools of Trade - CastleCops PIRT Edition

Since May 2006, our Phishing Incident Reporting and Termination team has directly prevented more than $80 million in credit card losses, and indirectly an additional $75 million by working with our partners. We've shut down not only phish sites, but drops all the while preserving evidence for law enforcement. And we need your help by donating your time as handlers to keep on investigating phish crimes so we can continue to prevent even greater numbers.

PIRT right now is receiving around 47,000 unique phish submissions per month. Our PIRT handlers are doing amazing work and trailblazing new roads in phish investigations and intelligence.


1) On Oct 30th, Nmap 4.22SOC8 was released. Check out the changelog for all the details.

2) On Oct 28th, CDBurnerXP v4.0.022 was released. CDBurnerXP is a free application to burn CDs and DVDs, including Blu-Ray and HD-DVDs. It also includes the feature to burn and create ISOs, as well as a multilanguage interface. See the changelog for all the details.

3) On Oct 27th, Honeytrap 1.0.0 was released. Honeytrap is a network security tool written to observe attacks against network services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information.

4) On Oct 26th, Mark Russinovich & Microsoft released Process Explorer v11.03.

5) On Oct 26th, Wine 0.9.48 was released. Changes includes:
  • Still more fixes for regression test failures
  • Much more complete cryptnet implementation
  • WIDL is now able to generate the oleaut32 proxy code
  • Lots of bug fixes
6) On Oct 26th, fgdump 1.7.0 was released. fgdump was born out of frustration with current antivirus (AV) vendors who only partially handled execution of programs like pwdump. Certain vendors' solutions would sometimes allow pwdump to run, sometimes not, and sometimes lock up the box. As such, we as security engineers had to remember to shut off antivirus before running pwdump and similar utilities like cachedump. Needless to say, we're forgetful sometimes...So fgdump started as simply a wrapper around things we had to do to make pwdump work effectively.

7) On Oct 25th, Pidgin 2.2.2 was released. Pidgin is a multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once.

8) On Oct 24th, FeedReader 3.11 Beta 3 was released. Feedreader is a free lightweight aggregator that supports RSS and ATOM formats. Some people call it Beta 4...but whatever, it is a pretty good feedreader and it is free. =)

9) On Oct 24th, 7-Zip 4.56 Beta was released. 7-Zip is an open source file archiver predominantly for the Microsoft Windows operating system.

10) On Oct 24th, WinSCP 4.0.5 was released. WinSCP is an open source SFTP client and FTP client for Windows.

11) On Oct 19th, OpenSSL 0.9.8g was released. This release includes mostly bug fixes.

Other cool applications:

12) Streamripper for Windows 1.62.0 - Open Source (GPL) application that lets you record streaming mp3 to your hard drive.

Monday, October 29, 2007

Exploiting the Weakest Link with Drive-by Java

Via -

For those of you who have never seen a warning message like the one above, this is the default dialog box you get from the Java Runtime when you run cryptographically signed applets. Signed applets are different when compared to the unsigned ones. Basically they defer in terms of their security sandbox and level of privilege. Signed applets can do anything that your desktop applications can do, although they run from the browser.

The one million dollar question is: How is that secure? and Should SUN rethink the security of their platform? We know that unaware users will approve anything just to get their game running. This type of attack is by far the simplest to perform and does not relay on any particular kind of vulnerability. The Java Runtime is the only embeddable object which gives such a degree of access from simple Web pages. Flash, Adobe, and even Signed JavaScript (disabled by default) wont allow you to do all of these, mainly because it is highly insecure!

I know that a lot of angry Java developers and many military grade (what’s that?) exploit hunters may object but let’s be honest here for a moment. Most of the hacks occur due to simple human mistakes. In the case of the Java Runtime, there is 50% chance to make the wrong choice. I think that malware authors like this figure a lot, especially when no vulnerability is required to perform the hack. Not to mention that the information displayed inside the security warning box can be easily forged in such a way that the attackers can increase the their chances by making the user believe they are doing the right thing.

Over the years, I’ve been using this type of attack in a number of scenarios and I am sorry to say but it works so well that it almost feels surreal. The following ant script is a tool that I wrote long time ago to compile and sign Applets and JAR files in a few simple steps. I use it every time I can, just to prove that having Java enabled on workstation part of a large enterprise is kind of a bad idea.


The human element is the weakest link in the security chainmail.

You can patch Quicktime and you can patch Firefox...but you can't patch human stupidity.

The word, stupidity, may sound harsh but ultimately it is just human nature and it bites us all sooner or later.

Education is the key to fighting these types of human "vulnerabilities".

MySpace Resource Script (MSRS) 1.21 RFI Vulnerability

MySpace Resource Script (MSRS) 1.21 Remote File Inclusion Vulnerability

Author Site :

Leopard Firewall is Chink in Armor

Via -

Apple is using security in general and the new firewall in particular to promote Leopard, the latest version of Mac OS X. However, initial functional testing has already uncovered cause for concern.

The most important task for any firewall is to keep out uninvited guests. In particular, this means sealing off local services to prevent access from potentially hostile networks, such as the internet or wireless networks.

But a quick look at the firewall configuration in the Mac OS X Leopard shows that it is unable to do this. By default it is set to "Allow all incoming connections," i.e. it is deactivated. Worse still, a user who, for security purposes, has previously activated the firewall on his or her Mac will find that, after upgrading to Leopard, the system restarts with the firewall deactivated.

In contrast to, for example, Windows Vista, the Leopard firewall settings fail to distinguish between trusted networks, such as a protected company network, and potentially dangerous wireless networks in airports or even direct internet connections. Leopard initially takes the magnanimous position of trusting all networks equally.


Apple is like the old dog that can't learn the security tricks....seriously.

Apple to Shrink iPhone Black Market by Shrinking Consumer Market

Via PC World -

People looking to walk into an Apple retailer and buy an iPhone with cash will be out of luck. The company is now accepting only credit or debit card payments for the devices so they can track who purchases the phone, according to an employee at the Apple Store in New York's SoHo neighborhood.

The new policy is Apple's attempt to prevent people from purchasing and then unlocking and reselling iPhones, a situation that has been a problem for the company. Apple won't let anyone without a credit card or debit card in their name purchase iPhones, according to an unidentified Apple Store employee in a phone interview.

"We need to track the purchases of the iPhone [because] we have people buying the phones, unlocking the phones and selling them," she said.

A report by the Associated Press last week said Apple was limiting the purchases to two devices and allowing users to purchase them only with credit or debit cards. According to store employees, the two-device limit has always been in place, but the noncash policy is new.

Apple's public relations team did not respond to multiple requests for comment on the new policy. However, it's no secret the company is trying to stem the tide of unlocked and resold phones, now totaling about 250,000. Apple Chief Operating Officer Tim Cook mentioned that number last week in a quarterly results conference call as the difference between the number of handsets sold -- approximately 1.4 million -- and those actually connecting via AT&T Wireless, the iPhone's exclusive U.S. carrier.


Because we all know that unlockers don't have checking accounts or credit cards....

All the while, a new tool has been released that helps in jailbreaking.

iPhone hackers have released a tool that allows owners of firmware 1.1.1 iPhones and iPod Touches to open up their devices to third-party apps - all without the need for a host Mac or PC.

Egypt to Build Nuclear Plants

Via Yahoo! News -

CAIRO, Egypt - Egypt's president announced plans Monday to build several nuclear power plants — the latest in a string of ambitious such proposals from moderate Arab countries. The United States immediately welcomed the plan, in a sharp contrast to what it called nuclear "cheating" by Iran.

President Hosni Mubarak said the aim was to diversify Egypt's energy resources and preserve its oil and gas reserves for future generations. In a televised speech, he pledged Egypt would work with the U.N. nuclear watchdog agency at all times and would not seek a nuclear bomb.

But Mubarak also made clear there were strategic reasons for the program, calling secure sources of energy "an integral part of Egypt's national security system."

In Washington, State Department spokesman Sean McCormack said the U.S. would not object to the program as long as Egypt adhered to the nuclear Non-Proliferation Treaty and International Atomic Energy Agency guidelines.

"The problem has arisen, specifically in the case of Iran, where you have a country that has made certain commitments, and in our view and the shared view of many ... (is) cheating on those obligations," he said.


I heard talk about this in the past...but it looks to be moving forward. Clearly the US government sees a nuclear Egypt as a counter to a nuclear Iran.

But, in my view, this is just the beginning of a larger nuclear Middle East.

Mexican Mafia Member Walks Out of Texas Jail

Via (Houston) -

SAN ANTONIO — A man charged with murder walked out of the Bexar County Jail after pretending to be his cellmate, a ruse that apparently worked because of a miscommunication among jail workers, a county official said today.

Bexar County Judge Nelson Wolff said three workers handled David Sauceda, 27, before his release and that there appeared to be a breakdown of communication somewhere in the process.

Sauceda walked out early Sunday morning when he recited the personal information of his cellmate, Michael Garcia, according to the sheriff's department. An unidentified person had posted bond for Garcia, who is jailed on a felony auto theft charge.

Sauceda was loose for more than six hours before authorities realized he had escaped, officials told the San Antonio Express-News. He was still at large Monday, said Sheriff Rolando Tafolla's office, adding that no other new information was available. Sauceda is considered armed and dangerous.

Wolff said that when officers went to retrieve Garcia, Sauceda stepped forward and recited Garcia's serial number. When Sauceda's fingerprints, taken by another jail employee, didn't match those on file for Garcia, Sauceda was taken for a fingerprint check using the jail's Live Scan technology.

Using Live Scan, Sauceda's profile, including his photo, was pulled up instead of Garcia's. A third jail employee, Wolff said, confirmed that Sauceda was the same person in the profile, and he was released.

"Somehow in there the communication between the two did not go well," Wolff said. "It sounds like it's human error. We don't know for sure."

A message left for Sauceda's attorney of record was not immediately returned Monday.

Wolff said it appears Garcia was complicit in letting Sauceda use his information, but that a full investigation will be done.

"He's being questioned," Wolff said. "They're going to try to get to bottom of it."

Tafolla told the San Antonio Express-News that Sauceda and Garcia are members of the Mexican Mafia, a violent prison gang based in Texas.

Sauceda also is charged with aggravated robbery and burglary with intent to commit assault.

He and his brother, Jesse Sauceda, were charged with killing of a San Antonio man last year, and with robbing a 59-year-old woman after binding her with duct tape, the newspaper reported.

Sauceda was booked into the Nueces County jail in 2006 for unlawful possession of firearm by a felon. He was transferred to Bexar County in January after the outstanding murder charge was discovered, said Maria Medrano of the Nueces County Sheriff's office.

Medrano said Nueces County dropped the firearm charge because of the more serious murder charge.

Corpus Christi attorney James Lawrence, who was to represent Sauceda on the firearm charge, said he hasn't had contact with Sauceda and isn't representing him.

Operation Firefox

Operating Firefox is currently recruiting agents to place huge 3.5 feet Firefox Fathead stickers where the world will see them. Are you up to the challenge?

Sunday, October 28, 2007

Over 70,000 Phished Myspace Passwords Released!

Posted by Sniper223 on cDc Bovine Dawn Dojo -

"Over 70,000 phished and stolen myspace passwords have been released by *channers (calling themselves Anonymous and blaming it on Ebaumsworld, as always). They seem to be releasing the accounts in some form of javascript-rich HTML page, which automatically logs you in as you select your targets. I must admit, it's pretty well made considering where it's coming from. There's an easy to read mirror (most of them seem to be rapidshare uploads of the pages themselves) here:, and here: (Note: these links are currently down)."

Mirror of new release pack:


Thanks to my contacts at the cDc for the heads up.

Radioactive Substance Seized on Georgian-Turkish Border

Via -

An Armenian citizen was arrested while attempting to smuggle 2.04 grams of a radioactive substance, Lawrencium-103, from Georgia into Turkey, the Georgian Border Police said on October 26.

It said three companions – also Armenian citizens – were also arrested.


Lawrencium is the most stable isotope is 262Lr, with a half-life of approximately 4 hours. Lawrencium is synthesized from californium and has no known uses.

Microsoft Patches DRM Against FairUse4WM v2

Via ZDnet -

Just over a year ago when hacker “Viodentia” wrote FairUse4WM and broke Microsoft’s Windows Media DRM scheme wide open, Microsoft responded with record urgency in a mere 3 days. But when Viodentia came back as “Divine Tao” and wrote a second major revision of FairUse4WM this July and broke Microsoft’s Windows DRM scheme wide open again, Microsoft didn’t seem to be as concerned and spent their usual 3 months to patch the issue. As of the last patch Tuesday, the current version of FairUse4WM no longer works so the ball is in the hacker’s court again to break Microsoft’s latest DRM revision.

More Details on the TJX Break In

Via -

More information about the TJX data theft is coming out in court papers filed this week against the retail company. Earlier this week it was reported that the breach of customer credit and debit card info was much larger than previously thought, with about 96 million customers being affected by the breach, as opposed to the 46 million to which the company had previously admitted.

Now eWeek's Evan Schuman reports, per new information in court documents, that thieves on TJX's network had managed to install a sniffer in May 2006 that allowed them to capture card data as it traveled over the network in the clear. TJX failed to detect the sniffer for seven months and also failed to notice that the intruders siphoned 80 gigabytes of stored data from a TJX server and transferred it over TJX's own high-speed connection to another location.

The papers also revealed that in 2004, before the thieves began their initial intrusion in 2005, an audit of TJX's network found "high-level deficiencies" in its security practices. The company was found to be non-compliant with 9 of 12 requirements established by the payment card industry for secure card transactions. The problems included a misconfigured wireless network, improper anti-virus protection, weak intrusion-detection, use of user names and passwords that were easily cracked, and improper patch procedures and log maintenance.

Thursday, October 25, 2007

Wikipedia: Photic Sneeze Reflex

Photic sneeze reflex is a medical condition by which people sneeze with sudden exposure to bright light, and possibly also to sneeze many times consecutively. It is also referred to as photic sneeze response, sun sneezing, photogenic sneezing, the photosternutatory reflex, or even whimsically as ACHOO syndrome with its related backronym Autosomal dominant Compelling Helio-Ophthalmic Outburst syndrome. The condition occurs in 17% to 35% of humans. The condition is passed along genetically as an autosomal dominant trait.

The probable cause is a congenital malfunction in nerve signals in the trigeminal nerve nuclei. The fifth cranial nerve, called the trigeminal nerve, is apparently responsible for sneezes. Research suggests that some people have an association between this nerve and the nerve that transmits visual impulses to the brain. Overstimulation of the optic nerve triggers the trigeminal nerve, and this causes the photic sneeze reflex. Another theory suggests that tears leaking into the nose through the nasolacrimal duct are a cause of the photic sneeze reflex. The speed of the reflex seems to favour the first theory, as it happens much too quickly for tears to be generated and drain into the nose. In addition this sneeze reflex can be brought on by a sudden inhaling of cold air or a strong flavour such as a strong mint gum. This implies an overstimulation of any nerve close to the trigeminal nerve can cause the sneeze reflex.


I always wondered....

Austin - The New Blogging Epicenter

Via Wired Epicenter -

A report released Wednesday by Scarborough Research reveals that Austin, Texas has the highest percentage of residents who read or write blogs. In Austin, 15% of adults had read or contributed to a blog in the past 30 days, while #2 Portland followed with 14% and tied for third was San Francisco/Oakland/San Jose (an odd clumping, we must say) and Seattle/Tacoma, both with 13%. Other top cities: Honolulu, San Diego, Dallas, Columbus, Nashville, Colorado Springs, and Washington D.C.

Where is the creation of consumption of blogs the lowest? Only 2% of the population in Buffalo, NY and Pittsburgh has anything to do with the blogosphere. Wilkes-Barre/Scranton, Pennsylvania and Roanoke/Lynchburg, Virginia fare hardly better with 4%.


Silicon Hills in full effect...

Domain Name Front Running - Real or Myth

Via -

(AP) -- The Internet's key oversight agency is investigating suspicions that insider information is being used to snatch desired domain names before an individual or business can register them.

The Security and Stability Advisory Committee of the Internet Corporation for Assigned Names and Numbers termed the practice "domain name front running" and likened it to a stock broker buying or selling shares ahead of a client's trade, in anticipation of a movement in price.

In the case of Internet addresses, many people who see a domain name available the first time they check find it already taken by the time they return to buy it.

That has led to suspicions that someone with access to search requests has been using the information to gauge interest in a domain name.

By buying the domain first, that person can then try to sell it to the interested party for a profit. This is different from traditional domain name speculation because the buyer knows for sure that the address is of interest.

Although the practice has never been proven, the ICANN committee said the perception that it is happening "portrays an unfavorable image of the parties associated with the domain name registration process in specific, and of the domain name community in general."

The committee said it wants to prevent "perception from evolving to accepted wisdom."

Spain Arrests Six in Alleged e-Jihad Cell

Via Yahoo! News -

MADRID, Spain - Spanish police broke up an Islamic cell suspected of using the Internet to recruit fighters for the Iraq insurgency, arresting six people Wednesday in raids in northern Spain, authorities said.

The five men and a woman, all from Algeria or Morocco, were arrested in or near the city of Burgos, the Interior Ministry said. The cell is unrelated to 22 people indicted Tuesday on charges of recruiting potential suicide bombers for Iraq.

The new cell allegedly was led by an Algerian, Abdelkader Ayachine, who ran a Muslim butcher shop in Burgos. In addition to recruiting potential fighters for Iraq, authorities said the group sought donations through the shop for people jailed in Morocco in connection to a May 2003 suicide bombing in Casablanca that killed 45 people, the ministry said.

Members of the group called themselves "Los Ansar," an apparent reference to Ansar el Islam, an al-Qaida-linked group that operates in Iraq, the ministry said.

The Burgos group also allegedly distributed audiovisual material that praised jihad, or holy war, and used online chat rooms to recruit fighters for the Iraq insurgency.

"The group basically worked via the Internet," Interior Minister Alfredo Perez Rubalcaba told reporters.

Spain said it is the first time its police had cracked a cell that relied so heavily on the Internet. Police searched six homes and seized documents, computers and other material.

The investigation began a year and a half ago, with Spanish security agents receiving help from colleagues in Sweden, the United States and Denmark.

The ministry named the rest of the suspects as Algerians Mohamed Mouas, Smaine Kadouci and Yahia Drif, and Moroccans Wissan Lotfi and Fatima Zahrae Raissouni.

Ministry officials said it was not immediately clear if the cell actually managed to send any fighters to Iraq.

Wednesday, October 24, 2007

Court Leaks Info of Alleged ID Thief

Via -

Things just aren't going well for Timothy Scott Short. Just days after a pair of tech support calls he made to printer manufacturer Digimarc resulted in his arrest, he now finds himself on the receiving end of a data breach with his Social Security number and birthdate accidentally made public via the federal court's Electronic Case Files (ECF) system.

It's an ironic development, because Short, 33, was arrested in connection with the Oct. 5 theft of a Missouri Department of Revenue printer and a PC containing data on as many as 500 state residents.

Short's personal information was discovered by the IDG News Service, listed on a court document called a Criminal Case Cover Sheet, which was publicly available to users of the ECF system. Normally, this document should only be accessible to those involved in the case, but it appears to have been inadvertently made public, according to a clerk with the U.S. District Court for the Eastern District of Missouri, who asked not to be identified because she was not authorized to speak with the press. "It's something on our side," she said, adding that technical staff is now looking into the problem.

The U.S. Judicial Conference, which sets policy for U.S. courts, has said that this kind of information should be removed from publicly available electronic court records, but actually removing all the sensitive information has proved difficult.

"If you went online to various court systems, you could find Social Security numbers of many individuals," said Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse. "It's a really, really difficult question to answer, just because you're dealing with so many jurisdictions."

Social Security numbers are the building blocks of identity theft crime because they can be used to secure credit cards. "Any time you are placing Social Security numbers online, your are subjecting that person to identity theft," Stephens said.

With the push to make public documents available online, other government databases have had similar problems. Earlier this year, the states of California and Colorado were forced to take their Uniform Commercial Code (UCC) databases offline after privacy advocates pointed out that the Social Security numbers and other data they contained could be misused by identity thieves.

Short, however, may have bigger problems to worry about. He's facing $250,000 in fines and 10 years in prison on charges of possession of "document-making implements" in connection with the theft. He was arrested after U.S. Secret Service Special Agent John Bush recognized his voice in calls placed to a tech support line of the company that makes the stolen printer.

Information of Dixie College Alumni & Employees Exposed

Via The Salt Lake Tribune -

ST. GEORGE - The personal information of Dixie College alumni and employees has been stolen by a computer hacker. The St. George college's Information Technology Department says it became aware of the breach on Sept. 11. The hacker was able to gain access to Social Security numbers, birth date information and addresses, of former students, alumni and former employees.

The college does say the files did not contain any credit card or financial data. The Utah State Attorney General's office and the Utah Higher Education Commissioner's office have been notified. The college says that at this time, there is no evidence that the information has been misused. However, Dixie is taking steps to notify those whose information may be compromised.

Those potentially affected are urged to take precautionary measures by monitoring their bank and credit card statements. In addition, individuals are encouraged to request a free copy of their credit report and review it thoroughly and, if necessary, place a fraud alert on their credit.

Using Graphics Cards to Crack Passwords

Via -

Nvidia's GeForce 8 series of graphics chips can be used to crack Windows NT LAN Manager (NTLM) passwords 25 times more quickly than was previously possible, security software developer Elcomsoft has claimed.

The Russia-based company this week announced the second major release of its Distributed Password Recovery application, a tool designed to recover forgotten or lost passwords for a wide range of application and document types, including PDP-protected ZIP files, Adobe Acrobat PDFs, Lotus Notes ID files and Microsoft Office documents.Elcomsoft admits its software uses "brute force" to crack a file's password, thus exposing the lost key to the user. The technique essentially tries all possible password combinations until it finds the one that fits. It works, but it's time time-consuming.

"Using a modern dual-core PC you could test up to 10m passwords per second," Elcomsoft said, "and perform a complete analysis in two months."

But use a GeForce 8 series card and Nvidia's Compute Unified Device Architecture (CUDA) tools to run the cracking algorithms on the GPU rather than the CPU, and you can finish up in 3-5 days, the developer claimed.

"Since high-end PC mother boards can work with four separate video cards, the future is bright for even faster password recovery applications," it added.

CUDA was launched almost a year ago to enable scientists and engineers to use graphics cards typically aimed at gamers for more serious number-crunching applications. The GeForce 8 series of GPUs went on sale in March 2007.

Court Filing Pins 94 Millions Cards on TJX

Via Boston Globe -

More than 94 million accounts were affected in the theft of personal data from TJX Cos., a banking group alleged in court filings, more than twice as many accounts as the Framingham retailer has said were affected in what was already the largest data breach in history.
Article Tools

The data breach affected about 65 million Visa account numbers and about 29 million MasterCard numbers, according to the court filing, which was made late yesterday by a group of banks suing TJX over the costs associated with the breach. The banks cited sealed testimony taken from officials at the two largest credit card networks. A Visa official also put fraud losses to banks and other institutions that issued the cards at between $68 million and $83 million on Visa accounts alone, the filing states, the most specific estimate of losses to date.

TJX, which operates more than 2,500 stores worldwide under such brand names as TJ Maxx and Marshalls, previously has said the unidentified hackers who breached its systems had com promised at least 45.7 million credit and debit card numbers as far back as 2003. TJX has said about 75 percent of the compromised cards were expired or had data in the magnetic strip masked, meaning the information was stored as asterisks rather than numbers.

A TJX spokeswoman said she couldn't immediately discuss the filing yesterday, and said the company doesn't generally discuss pending litigation. Spokesmen for Visa and MasterCard did not respond to questions last night.


That is scary close to 1 in 3 Americans.

The United States population was put at 303 million and change in Oct 2007.

How to Build a Daft Punk Table Replica

I just like hearing that song...(not to be confused with ATC's Around the World)

If you haven't seen the real music video, you are truly missing out on a part of life....I like when the robots run into each other. lol

Ohh, the late 90s were fun.

Tuesday, October 23, 2007

Apple iPhone Built on 'Principle of Maximum Privilege'

Via -

With Apple's announcement Monday that it shipped 1.12 million iPhones in the three months after its launch, the gadget's apparent popularity rivals some PCs. That has security experts warning of trouble, following revelations that Apple built the iPhone's firmware on the same flawed security model that took rival Microsoft a decade to eliminate from Windows.

"It really is an example of 'those who don't learn from history are condemned to repeat it'," says Dan Geer, vice president and chief scientist at security firm Verdasys.

It wasn't long after Apple released the iPhone in June that researchers discovered that every application on the device -- from the calculator on up -- runs as "root," i.e., with full system privileges. As a result, a serious vulnerability in any of these applications would allow hackers to gain complete control of the device.

The same problem in Windows played a big role in stoking a plague of internet malware-production that began with the Melissa virus in 1999, and continues with the malicious Storm worm today.

With the limited bandwidth of the iPhone, malicious code would be unlikely to slow portions of the internet. But malware could wreak creative havoc of a different kind. It might, for example, cause a phone to call numbers without the user's knowledge, seize text messages and a list of received and sent calls, turn the phone into a listening device, track the user's location through nearby WiFi access points, or instruct the phone to snap photos of the user's surroundings -- including any companions who may be in view of the camera lens.

Apple announced last week that it plans to release a software-development kit in February, to open the way for third-party developers to create applications for the iPhone. More applications, though, invariably means more attack routes for hackers. Apple CEO Steve Jobs said in his announcement that the company was taking time to release the SDK to deal with security issues, suggesting that a future operating system update to the phone might only run applications approved and digitally signed by Apple.

But this wouldn't solve all of the security problems.

"As long as everything runs as root, there are going to be bugs and people are going to find them (to take over the device)," says Charlie Miller, principal security analyst for Independent Security Evaluators, who, with colleagues, discovered the first reported bug with the iPhone earlier this year. The bug, found in its Safari browser, would have allowed hackers to take control of a phone. The researchers criticized Apple in their paper (.pdf) for designing iPhone applications to run as root.

Although Apple issued a fix for the Safari vulnerability in July, the company never responded to criticism about the root problem with its phones. Apple also didn't respond to calls from Wired News for this story.

Last week, H.D. Moore, a security researcher who developed the Metasploit Framework security and hacking tool, posted information on his blog about a vulnerability in the iPhone's tiff library that is used by the phone's e-mail , browser and music software. He also supplied detailed instructions on how to write code to exploit the bug and provided an exploit to gain remote control of an iPhone.

Computer security professionals call the iPhone design flaw a fundamental mistake, and say that Apple should have known better.

"The principle of 'least privilege' is a fundamental security principle," says Geer. "Best practices say that if you need minimal authority to do (something on a system), then you don't need to have more authority than that to get it done."

Microsoft has been roundly criticized for years for releasing early versions of its Windows operating system with administrative privileges automatically enabled. This gave hackers who gained access to Windows machines complete privileges to modify the operating system and take control of the machine.

It took a while for the company to get the message, but Redmond finally closed the hole with its Vista operating system this year, which included a User Account Control feature to control the level of privileges required for various functions on a Vista machine.

" I guess Apple hadn't learned those lessons and is now going to learn them the hard way," says Geer.


Apple left the iPhone security door half-way open on it really doesn't surprise me that numbers indicate that 17% of all iPhone sold are on the path for unlocking.

I can just see the official Apple response now..
Apple takes security very serious....and this is why we use the 'Principle of Maximum Privilege'.

UK Graffiti Artist Works to Be Painted Over

Via BBC -

Graffiti art by the acclaimed artist Banksy on streets in Tower Hamlets is to be painted over.

Stencilled artwork from the guerrilla artist can be seen on walls across London, but Tower Hamlets is the first council to treat them as vandalism.

The plan comes as 11 pieces of the artist's work go on sale on Wednesday.

Banksy, from Bristol, made his name with public art and subversive stunts. His works now sell for hundreds of thousands of pounds.

The actress Angelina Jolie reportedly bought one of his works for more than £200,000.

Eleven of Banksy's stencilled artworks go on sale on Wednesday at Bonham's auction house in Knightsbridge.

A piece, commissioned by rock band Blur for their 2003 album Think Tank, recently sold in London for £300,000, Gareth Williams of Bonhams said.

A spokeswoman for Tower Hamlets Council said it had not thought of selling the potentially valuable artwork to help raise money for council services, but did not rule out such action being considered in the future.

A statement said: "Tower Hamlets Council takes the cleanliness of the borough very seriously and is committed to removing all graffiti as soon as possible.

"Whilst some graffiti is considered to be art, we know that many of our residents think graffiti in areas where they live, such as local housing estates, is an eyesore."

Tower Hamlets councillor Abdal Ullah said: "We need to be clear here, graffiti is a crime.

"It spoils the environment, makes our neighbourhoods feel less safe, and costs thousands of pounds each year to clean - money that could instead be paying for valuable local services."

It is not yet known how many of the artist's works would be affected.

The future of a Banksy piece painted on a wall in Bristol recently went to public vote, with 97% of people saying it should be kept.


They should cover up that art...I mean 'vandalism', with a beautiful colorful mural.

Who ever could they comission to paint a beautiful hip mural? ummm...wait.

Exploiting iPhone Safari Tap-to-Dial Feature

Via SPI Dynamics Blog -

The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including:
  • Redirecting phone calls placed by the user to different phone numbers of the attacker’s choosing
  • Tracking phone calls placed by the user
  • Manipulating the phone to place a call without the user accepting the confirmation dialog
  • Placing the phone into an infinite loop of attempting calls, through which the only escape is to turn off the phone
  • Preventing the phone from dialing
These types of attacks can be launched from a malicious website, from a legitimate website that has Cross-Site Scripting vulnerabilities, or as part of a payload of a web application worm.

For example, an attacker could determine that a specific website visitor “Bob” has called an embarrassing number such as an escort service. An attacker can also trick or force Bob into dialing any other telephone number without his consent such a 900-number owned by the attacker or an international number. Finally, an attacker can lock Bob’s phone forcing Bob to either make the call or hard-reset his phone resulting in possible data loss.

SPI Labs researchers reported these issues to Apple on July 6 and are working with Apple to remediate the problems. However, SPI Labs recognizes the unique urgency of these issues and the large number of people that could be affected. As such, SPI Labs recommends that iPhone users do not use the built-in Safari browser to dial telephone numbers until Apple resolves these issues.


Billy presented this research at SPI Con 2007 last week in Atlanta, GA.

RealPlayer Zero-Day Patch Released

Via RealNetworks -

RealNetworks has issued a fix for a vulnerability, identified by Symantec, that affects the import method of an Active X control.

RealPlayer 10.5 and RealPlayer 11 beta users should install the following patch to address this security vulnerability that aims to cause buffer overflow that could provide the potential for an attacker to run arbitrary or malicious code on a user’s PC.

RealOne Player, RealOne Player v2 and RealPlayer 10 users should upgrade immediately to RealPlayer 10.5 or RealPlayer 11 beta and install the available patch to ensure this security vulnerability is addressed.

Monday, October 22, 2007

How Hackers Are Different from the Rest

Via Threat Level -

Hackers who come to hacker conference, like ToorCon 9, which wraps up today, don't see computing the way the rest of us do. Now, clearly, these guys aren't true black hats, even if they came to see the attack side. The real bad hackers don't register in advance for such conventions - tho they may be hacking the machinery and watching. These ToorCon attendees are security professionals, mainly consultants, smart and full of mischief.

They don't see hacking as good or evil. It's a question of can it be done? And how?


They give each other credit and laugh at their own awesome accomplishments.

And, tho they are finding scary stuff, they aren't scared.

"These are people who are curious and are always learning to use their tools better," says Geo, minister of propaganda for ToorCon. "This is a particularly good conference because you get five times the information of DefCon with one fourth of the liver damage."


They tell you that search engines that study your activity (most if not all) are a greater danger to our privacy than the scariest Gonzales of the federal government.

They tell you that servers are so well secured that clients are now the problem and the single greatest threat to server safety and security comes from the clients, who metaphorically roll in filth and then bring it home to the server.

There's no hats here, not white, black or gray. Just cool t-shirts and smart folks who come to hang out together because a couple people can push the envelope farther than one.

Cracking the iPhone with iPwn Shell

Via Metasploit Blog -

In part one of "Cracking the iPhone", I described the libtiff vulnerability. In part two, I walked through the process of exploiting it. In part two point one, I covered a new exploit approach that resulted in reliable code execution. The one piece still missing is what to do once code execution is obtained. An unmodified iPhone does not include an interactive shell, nor any of the standard Unix tools. In order to make this exploit useful, the user needs a payload that can install arbitrary executables onto the iPhone's file system.


To demonstrate some of the options available and to assist with the 1.1.1 jailbreaking process, I created a modified version of vlad902's Impurity Shell Demo for the iPhone. This code was used in version 2.7 of the Metasploit Framework to provide an in-memory shell on Linux using the Impurity stager. Although the Impurity stager was not ported to Metasploit 3, the Shell Demo code was a perfect fit for the iPhone. This is a custom, standalone shell that provides a variety of useful Unix commands, as well as functions for in-process resource management. For example, using this shell, it is possible to enumerate all open file handles, read from those handles, and write to those handles.

The iPhone version of this shell, named ipwn, includes a few new features. The first is an internal implementation of "ps" command. The second is the "download" command, which can be used to download a file from a web server directly to disk. This makes jailbreaking and further binary installation simple. The third and fourth features, the cd (change directory), and cp (copy file), commands were added to make file management easier. Additionally, the ipwn binary will delete itself by default, unless the -k parameter is passed. This removes the need for manual cleanup when used with the Metasploit Framework. The source code to ipwn and an iPhone compatible binary are available in the Metasploit Framework development tree.


This concludes the "Cracking the iPhone" series. Any significant updates will still get posted to the blog, but the best way to follow development is by
tracking the Metasploit Framework development tree. The latest code will always be available in the trunk tree of Metasploit and patches (especially those that add features to ipwn) are welcome and encouraged. If you have any questions about iPhone-specific hackery, feel free to email me at hdm[at] If you have a Metasploit-specific question, you may want to join the mailing list or email the development team at msfdev[at] Thanks for reading!


Thanks to HD for the preview....

I have placed it on, get to dig'in.

Sunday, October 21, 2007

iPhone Pwning Pwnie - iPwnie

Created in honor of Metasploit's Soon-to-Be-Released Universal iPhone Exploit.

iPwnie may look cute, but behind those bright blues eyes lay the mind of a killer...a killer of iPhones.

Advertisement Malware Alive and Well

Early this week, my girlfriend called and told me that her Anti-virus had popped up a red warning...about a detected exploit named "qt.php". I told her that it was most likely a Quicktime exploit and that she should block it.

I had updated her Quicktime the day I knew it wasn't a problem.

Fast forward to today. While browsing on, I get the same Anti-virus I disable the AV and did a little research.

The page was loaded with images and this green banner at the top. I wanted to isolate the vector so I kicked each image into its own warning. Bringing the focus to the green banner ad.

I looked at the HTML source code of the page and found the piece that was injecting the random banner ad. I started up Firefox with Paros Proxy and started to hit refresh like a mad man. Finally I hit the correct ad, so I move over to Proxy to see what was going on...

Not only was the ad doing some funny Quicktime stuff, it was doing some funny Windows Media Player stuff as well.

A little DNS check shows the IP is based in Russia. No shocker here.

I wget'd the qt.php file and opened it up with HexView - just to confirm that it was a Quicktime exploit.

Yep, the well known Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow, released almost 9 months ago as the first bug of the Month of Apple Bug.

For good measure, I reported the file to CastleCops's MIRT team.

Moral of the Story - Keep your software updated. Even if an exploit is old and well known, it will be used.

I really like using FileHippo's Update Checker & Secunia's Software Inspector to check for missing security patches.

Law Firm Denies the 'Right' to View HTML Source Code

Via -

Greg Beck writes in to let us know that the law firm that was recently challenged for claiming that it was a copyright violation to post its cease-and-desist letter also has some other interesting ideas about copyright, including banning people from looking at the firm's source code. You can view the entire user agreement, but the amusing part is:

"We also own all of the code, including the HTML code, and all content. As you may know, you can view the HTML code with a standard browser. We do not permit you to view such code since we consider it to be our intellectual property protected by the copyright laws. You are therefore not authorized to do so."
As Beck says, "That's kind of like a puppet show invoking copyright to prohibit the audience from looking at the strings. The user agreements of the law firm and one of its clients also contain a bunch of terrible terms that have become all too common: a prohibition on linking to the site, copying anything from the site (even if its fair use), and even referring to the website owner by name. The law firm doesn't even allow its own clients to say they're represented by the firm without permission." He also notes that the law firm in question is demanding that another website remove criticism of one of their clients because it did not receive permission to use the client's name or link to the website -- two things that the laws and the courts have been pretty clear in saying is perfectly legal over the years.


Damn, we need to get control of this quick....

Wrap Processing - Self Improving Chip Performance

Via -

A new, patent-pending technology developed over the last five years by UCR’s Frank Vahid, Professor of Computer Science and Engineering, called "Warp processing" gives a computer chip the ability to improve its performance over time.

The benefits of Warp processing are just being discovered by the computing industry. A range of companies including IBM, Intel and Motorola’s Freescale have already pursued licenses for the technology through UCR’s funding source, the Semiconductor Research Corporation.

Here’s how Warp processing works: When a program first runs on a microprocessor chip (such as a Pentium), the chip monitors the program to detect its most frequently-executed parts. The microprocessor then automatically tries to move those parts to a special kind of chip called a field-programmable gate array, or FPGA. “An FPGA can execute some (but not all) programs much faster than a microprocessor – 10 times, 100 times, even 1,000 times faster,” explains Vahid.

“If the microprocessor finds that the FPGA is faster for the program part, it automatically moves that part to the FPGA, causing the program execution to ‘warp.’” By performing optimizations at runtime, Warp processors also eliminate tool flow restrictions, as well as the extra designer effort associated with traditional compile-time optimizations.

FPGAs can benefit a wide range of applications, including video and audio processing; encryption and decryption; encoding; compression and decompression; bioinformatics – anything that is compute-intensive and operates on large streams of data. Consumers who want to enhance their photos using Photoshop or edit videos on their desktop computers will find that Warp processing speeds up their systems, while gamers will immediately notice the difference in better graphics and performance. Additionally, embedded systems such as medical instrument or airport security scanners can perform real-time recognition using Warp-enhanced FPGAs.

“Thread Warping: A Framework for Dynamic Synthesis of Thread Accelerators” was named one of the top five papers at the 2007 International Conference on Hardware/Software Codesign and System Synthesis (CODES/ISSS) conference in Austria, and was published among the conference proceedings. “Warp Processing and Just-in-Time FPGA Compilation,” the Ph.D. dissertation of Vahid’s student Roman Lysecky, was named “Dissertation of the Year” by the European Design and Automation Association in 2006.


Thread Warping: A Framework for Dynamic Synthesis of Thread Accelerators (PDF)

NSA Certifies Network Encryptor with Router Functionality

Via -

The National Security Agency has certified encryption technology from General Dynamics to protect classified information transmitted through military and government networks at the top-secret level and below.

The agency is using the TACLANE-Router (KG-175R) from the General Dynamics C4 Systems business unit. The KG-175R incorporates Cisco 3200 Series Mobile Routers and eliminates the need for multiple pieces of network equipment previously required for similar network routing and encryption functions.

The KG-175R comes preconfigured to NSA network routing security guidelines and is compliant with the High Assurance Internet Protocol Encryptor Interoperability Specification standard for use from the core of a network to the battlefield’s tactical edge, General Dynamics officials said.

“The KG-175R is the first NSA certified network encryptor with router functionality,” said John Cole, vice president of Information Assurance for General Dynamics C4 Systems.

“By providing multiple functions in a single device, military and government users can significantly reduce size, weight and power requirements for both stationary and on-the-move networks.”

Syrian Official Says Israeli Airstrike Hit Nuke Facility

Via Fox News -

"Israel was the fourth-largest exporter of weapons of mass destruction and a violator of other nations' airspace, and it had taken action against nuclear facilities, including the 6 July attack in Syria," Syrian representative Bassam Darwish is quoted in the document as saying.

Diplomats familiar with the document cannot explain why July 6 was invoked, instead of Sept. 6, the date both countries say an incident occurred. A State Department source tells FOX News the best explanation is that Darwish misspoke.

The document, released by the General Assembly's Department of Public Information, recounted Tuesday's proceedings at the annual gathering of the U.N.'s Disarmament and International Security Committee.

What is clear is that this is the first time Syria has acknowledged its nuclear efforts.

Saturday, October 20, 2007

Secrets of Mona Lisa Revealed

Via Yahoo! News -

New images uncover 25 secrets about the Mona Lisa, including proof that Leonardo da Vinci gave her eyebrows, solving a long-held mystery.

The images are part of an exhibition, "Mona Lisa Secrets Revealed," which will feature new research by French engineer Pascal Cotte and debut in the United States at the Metreon in San Francisco. The Mona Lisa showcase is part of a larger exhibition called "Da Vinci: An Exhibition of Genius."

Cotte, founder of Lumiere Technology, scanned the painting with a 240-megapixel Multi-spectral Imaging Camera he invented, which uses 13 wavelengths from ultraviolet light to infrared. The resulting images peel away centuries of varnish and other alterations, shedding light on how the artist brought the painted figure to life and how she appeared to da Vinci and his contemporaries.


I had the honor is seeing The Mona Lisa last summer and it was wonderful. But let me suggest that you do not take photos of her....those guys in the Louvre museum in Paris don't play around.

Electromagnetic Wormhole - Math Supports Cloaking Tube

Via -

In the study, which is to appear in the Oct. 12 issue of Physical Review Letters, Allan Greenleaf, professor of mathematics at the University of Rochester, and his coauthors lay out a variation on the theme of cloaking. Their results open the possibility of building a sort of invisible tunnel between two points in space.

"Imagine wrapping Harry Potter's invisibility cloak around a tube," says Greenleaf. "If the material is designed according to our specifications, you could pass an object into one end, watch it disappear as it traveled the length of the tunnel, and then see it reappear out the other end."


To create cloaking technology, Greenleaf and his collaborators use theoretical mathematics to design a device to guide the electromagnetic waves in a useful way. Researchers could then use these blueprints to create layers of specially engineered, light-bending, composite materials called metamaterials.

Last year, David R. Smith, professor of electrical and computer engineering at Duke's Pratt School, and his coauthors engineered an invisibility device as a disk, which allowed microwaves to pass around it. Greenleaf and his coauthors have now employed more elaborate geometry to specify exactly what properties are demanded of a wormhole's metamaterial in order to create the "invisible tunnel" effect. They also calculated what additional optical effects would occur if the inside of the wormhole was coated with a variety of hypothetical metamaterials.

Assuming that your vision was limited to the few frequencies at which the wormhole operates, looking in one end, you'd see a distorted view out the other end, according the simulations by Greenleaf and his coauthors. Depending on the length of the tube and how often the light bounced around inside, you might see just a fisheye view out the other end, or you might see an Escher-like jumble.

Greenleaf and his coauthors speculated on one use of the electromagnetic wormhole that sounds like something out of science fiction. If the metamaterials making up the tube were able to bend all wavelengths of visible light, they could be used to make a 3D television display. Imagine thousands of thin wormholes sticking up out of a box like a tuft of long grass in a vase. The wormholes themselves would be invisible, but their ends could transmit light carried up from below. It would be as if thousands of pixels were simply floating in the air.

But that idea, Greenleaf concedes, is a very long way off. Even though the mathematics now says that it's possible, it's up to engineers to apply these results to create a working prototype.

Evil, Bad, Naughty Comcast

Via -

(AP) -- Comcast Corp. actively interferes with attempts by some of its high-speed Internet subscribers to share files online, a move that runs counter to the tradition of treating all types of Net traffic equally.

The interference, which The Associated Press confirmed through nationwide tests, is the most drastic example yet of data discrimination by a U.S. Internet service provider. It involves company computers masquerading as those of its users.

Designed to simplify your employment search, you will find a variety of resourceful career tools at your fingertips If widely applied by other ISPs, the technology Comcast is using would be a crippling blow to the BitTorrent, eDonkey and Gnutella file-sharing networks. While these are mainly known as sources of copyright music, software and movies, BitTorrent in particular is emerging as a legitimate tool for quickly disseminating legal content.

The principle of equal treatment of traffic, called "Net Neutrality" by proponents, is not enshrined in law but supported by some regulations. Most of the debate around the issue has centered on tentative plans, now postponed, by large Internet carriers to offer preferential treatment of traffic from certain content providers for a fee.

Comcast's interference, on the other hand, appears to be an aggressive way of managing its network to keep file-sharing traffic from swallowing too much bandwidth and affecting the Internet speeds of other subscribers.

Comcast, the nation's largest cable TV operator and No. 2 Internet provider, would not specifically address the practice, but spokesman Charlie Douglas confirmed that it uses sophisticated methods to keep Net connections running smoothly.

"Comcast does not block access to any applications, including BitTorrent," he said.

Douglas would not specify what the company means by "access" - Comcast subscribers can download BitTorrent files without hindrance. Only uploads of complete files are blocked or delayed by the company, as indicated by AP tests.

But with "peer-to-peer" technology, users exchange files with each other, and one person's upload is another's download. That means Comcast's blocking of certain uploads has repercussions in the global network of file sharers.

Comcast's technology kicks in, though not consistently, when one BitTorrent user attempts to share a complete file with another user.

Tools of the Trade - Help Protect Paranoid Schizophrenics

Is The Government Spying On Paranoid Schizophrenics Enough?

Panelists discuss ways to care for the nation's paranoid schizophrenics, such as hiding cameras in their homes or audio transmitters in their ears.


On to the tools...

1) On Oct 18th, VirtualBox 1.5.2 was released. VirtualBox is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL). See the changelog for all the details.

2) On Oct 18th, Mozilla released Firefox This release is a recommended security upgrade.

3) On Oct 17th, FileZilla was released. FileZilla is a fast and reliable FTP client and server with lots of useful features and an intuitive interface.

4) On Oct 17th, Opera 9.24 was released. This release is a recommended security upgrade.

5) On Oct 15th, Irfan Skiljan released IrfanView 4.10. IrfanView is a very fast, small, compact and innovative FREEWARE (for non-commercial use) graphic viewer for Windows 9x/ME/NT/2000/XP/2003/Vista. I have been using this product for years. This release fixes a serious file import buffer overflow vulnerability related to palette files. See the changelog for all the details.

6) On Oct 9th, Cain & Abel 4.9.7 was released. New features include:
  • Microsoft SQL Server 2005 Password Extractor via ODBC.
  • Fixed a bug in Internet Explorer 7 AutoComplete password decoder.
  • Default HTTP users and passwords fields updated.
  • Automatic recognition of AirPcap TX capability based on channels.

Automatic Anti-Aircraft Gun Goes Haywire, Kills Nine In South Africa

Via -

South Africa authorities are investigating how nine soldiers were killed and 15 injured during a training exercise when an anti-aircraft gun went haywire.

An artillery officer who reportedly risked her life was unable to curtail the fatal firing spree involving a 35mm Oerlikon cannon at the army's Lohatla training base in Northern Cape province last Friday (10 October), Wired reports. The weapon discharged a burst of shells lasting one-eighth of a second before it ran out of ammo and fell silent.

The reason why the gun malfunctioned has become the focus of a South African army inquiry, and a separate police investigation.

Earlier theories suggest either a software glitch or small explosion might have caused the gun to malfunction, causing it to begin "wildly swinging" as it sprayed 15-20 high-explosive 0.5kg 35mm cannon shells. The incident followed running repairs on the gun, a part of normal procedures when the weapon jams.

In normal use the gun is designed to automatically target aircraft, helicopters, and cruise missiles and fire when they come into range. The weapon is capable of operating, and even reloading, without human intervention. Defence Minister Mosiuoa Lekota told the National Assembly on Tuesday that all the guns were set on "manual" at the time of the exercise.

UK States DNA Database Isn't a Universal Database

Via -

Home Office minister Meg Hillier has insisted on the need to debate the future of the National DNA Database.

Responding to parliamentary questions from two Conservative MPs, Hillier said the growth of the database, which now holds records of more than four million people, has made a debate on its future development necessary.

Tory MP Stephen Crabb asked Hillier if she "understood the enormous extent to which good will and support for the police and for her department are being undermined by a system in which DNA information is being recorded aggressively, but removed in a haphazard way and on a discretionary basis, dependent on police force area".

He highlighted the case of 75 year old Geoffrey Orchard, who was wrongfully arrested and received a written apology from the police, but who remains unable to get his DNA information removed from the system.

Hitting back, Hillier claimed the database had been used to solve 452 homicides, 644 rapes, and more than 8,000 domestic burglaries. She also stressed the fact that a person's DNA was held on the database was not an indication of guilt.

But a spokesperson for human rights pressure group Liberty said by holding the records of non-convicted individuals, the database creates a stigma of guilt.

She told GC News: "Liberty is very concerned about the effect of the national DNA database on young people, in particular, the estimated 100,000 under-18s whose DNA samples are being held despite the fact that they have not been cautioned or charged with any offence. This creates a stigma of guilt which is unwarranted and could lead to problems for individuals later in life."

In September this year, appeal court judge Lord Sedley put forward the case for the compulsory retrieval and storage of every citizen's DNA record.

Asked whether she agreed with Sedley's proposal, Hillier insisted the government had no plans for a universal database, and invited a debate on its future.


Exactly, it isn't universal just holds DNA information on people that have never been charged with a crime....that makes sense right?

Can you sense the sarcasm?


TV Links Website Shut Down

Via -

One of the world's most-used pirate film websites has been closed after providing links to illegal versions of major Hollywood hits and TV shows.

The first closure of a major UK-based pirate site was also accompanied by raids and an arrest, the anti-piracy group Federation Against Copyright Theft (Fact) said today.

A 26-year-old man from Cheltenham was arrested on Thursday in connection with offences relating to the facilitation of copyright infringement on the internet, Fact said.

The arrest and the closure of the site - - came during an operation by officers from Gloucestershire County Council trading standards in conjunction with investigators from Fact and Gloucestershire Police.

Fact claims that was providing links to illegal film content that had been camcorder recorded from cinemas and then uploaded to the internet. The site also provided links to TV shows that were being illegally distributed.

Visitors to the site could get access to major feature films, sometimes within days of their initial cinema release. Recent links took users to illegal versions of the Disney/Pixar animation sensation Ratatouille as well as to most of this summer's blockbusters.