Thursday, May 31, 2007

MoAxB Fades as MoSEB Starts

Today is May 31st. The last day of MoAxB (Month of Active X Bugs).

MoAxB had one pretty good gem - MoAxB #23

Tomorrow will be the first day of MoSEB (Month of Search Engine Bugs).

I personally believe that MoAxB wasn't as exciting as it could have been. Perhaps people see ActiveX vulnerabilities as "Been there, done that, already heard about them on SecurityFocus".

MoAxB lacked the new feeling, new tools and star names connected to Month of Browser Bug (MoBB).

It lacked the new shiny feel, the tools and cloak & dragger view of Month of Kernel Bugs (MoKB).

It lacked the Anti-OSX drama of Month of Apple Bugs (MoAB).

It lacked the internal fighting, the expertise and pure pwnage of Month of PHP Bugs (MoPB).

And MoAxB lacked the totally silliness and Web 2.0 feel of Month of Myspace Bugs (MoMBY).

MoSEB could be different. Search Engine Bugs feel new...and have that shiny Web application type finish. People like shiny things...

Lets just hope the bugs are a bit more complex than the old Google URL Redirection issue.

Tools of the Trade - Crazy Catnip Batman!

Cats, from our domestic companions to lions and tigers, are exquisitely susceptible to a volatile oil found in the stems and leaves of the catnip plant.


On to the tools....

1) On May 31st, Paweł Pokrywka released Etherbat. Etherbat is a Linux application that uses ARP & MAC spoofing for mapping local networks. It is limited to wired network and does not work on wireless.

2) On May 30th, MITRE released HoneyClient V0.9.7. A honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner. Specifically, honeyclients can proactively detect exploits against client applications without known signatures.

3) On May 30th, Mozilla released Firefox This update includes enhanced Vista support and fixed several security issues.

4) On May 29th, Paint .NET 3.08 Beta was released. This is mostly a service release that fixes some bugs, while also improving keyboard / accessibility cues for some dialogs.

5) On May 27th, 7-Zip 4.47 Beta was released. 7-Zip is a open-source file archiver with a high compression ratio. Check the changelog for all the details.

6) On May 27th, ClamWin was released. ClamWin is a Free Antivirus for Microsoft Windows 98/Me/2000/XP and 2003. This maintenance release includes a re-written MS Outlook Plug-in and further improvements.

7) On May 25th, AVG Free Edition 7.5.472 was released. This update makes small improvements to the update process.

8) On May 25th, Tor was released. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. This new version changes the addresses of two directory authorities (this change especially affects those who serve or use hidden services), and fixes several other crash and security related bugs. See the changlog for all the details.

9) On May 23th, Cain & Abel v4.9.2 was released. Improvements include the following:
  • Added PTW WEP cracking attack.
  • Added Windows Vista support in Wireless Password Decoder.
  • Wireless Password Decoder now uses DLL injection under XP.

Moroccans Cut Off From YouTube

Via -

(AP) -- Internet users in Morocco unable to access the video-sharing Web site YouTube since last week expressed fears Tuesday that the government has stepped up its campaign to restrict independent media.

Moroccan bloggers were surprised to discover they could no longer open YouTube on Friday and promptly speculated in online forums about whether the site had been censured and, if so, why.

Najib Omrani, a spokesman for state-controlled telecommunications provider Maroc Telecom, which supplies most Internet access in Morocco, blamed the problem on a technical glitch but could not explain why it affected only Google Inc.'s YouTube.

Moroccan government spokesman Nabil Benabdallah said he was unable to comment on telecommunications issues.

Some Internet users were skeptical that a technical problem was to blame and noted that the site went down after users posted videos critical of Morocco's treatment of the people of Western Sahara, a territory that Morocco took control of in 1975 after Spain, the colonial power, withdrew.

"They've clearly blocked YouTube," said university student Abdelhakim Albarkani, parked in a Rabat cyber cafe doing his economics homework. "I'm worried, because YouTube allowed us to see things the state newspapers and television won't show."

CIA - Harder, Better, Faster, Stronger

Via -

WASHINGTON — The CIA has gotten younger and is taking "more operational risk" since the September 2001 attacks, agency Director Michael Hayden told USA TODAY on Wednesday.

An unprecedented hiring boom, Hayden said, has meant nearly half of the CIA workforce is new since 9/11. That has produced a spy agency with "more language skills and cultural diversity" and a need to "get rolled out quickly."

New operatives, Hayden said, are being asked to take more risks. The agency's new mission — targeting transnational terrorist groups as well as rival states — is causing CIA to stretch to produce "non-traditional" cover identities for undercover officers. "Human intelligence (performed by CIA) is much better than anyone ever said," Hayden said. "And not nearly as good as we need it to become."

The number of CIA employees is classified as a security measure, Hayden said.


Hayden credited improved internal communication and officer morale for an absence of unflattering leaks during his first year on the job. Hayden said he attempts to inform employees quickly of the agency's successes and to pass along compliments from foreign intelligence partners.

He did so this month, Hayden said, when "we killed a guy we were really mad at" — Mullah Dadullah, a top Taliban leader — in fighting in Afghanistan.

Former CIA deputy director for operations Robert Richer says his agency colleagues have noted "a major improvement in morale" in the past year. Richer, head of Total Intelligence Solutions, a consulting firm in Virginia, credits Hayden.


Yes, "Harder, Better, Faster, Stronger" is a song by French duo Daft Punk.

Iran Claims Several Spy Networks Busted

Via -

TEHRAN (IRNA) -- A senior Information Ministry official said here Tuesday that several espionage networks have been busted in West Azarbaijan, Kurdestan, Ilam, Kermanshah, Hamedan and Tehran provinces.

Talking to reporters, the official added that several members of the networks have also been arrested by the security forces.

The agents of the espionage networks have been identified and nabbed before they could cause a lot of mischief in different parts of the country, he said.

Sabotage, assassination, abduction, and taking photographs and films from important sites were among activities of those espionage networks, the official announced.

Referring to expansion of terrorist activities in Iraq, he regretted that the occupying forces are incapable of establishing security in that war-hit country.

He said the espionage services have promised people, including Iranians living in border areas, to issue visa for them, to let them live in European countries, and give them huge sums of money but they never fulfilled their commitments.

Several agents of those networks are Iranian nationals, he regretted, warning the Iranian nationals living in border areas against the conspiracies of the espionage networks and services.

Russian Chemist Cleared of Espionage by FSB

Via -

MOSCOW, May 30 (UPI) -- Russia's Federal Security Service formally dropped all charges against chemist Oleg Korobeinichev, who was suspected of divulging state secrets.

The researcher from the Russian city of Novosibirsk was accused by the service of providing the U.S. Department of Defense top secret information regarding advanced types of solid rocket fuel, the Moscow Times said Wednesday.

Korosbeinichev's lawyer said that, according to FSB officials, the charges were dropped due to a lack of evidence.

Alexander Litvinenko Case Update

Via Yahoo News! -

LONDON (AFP) - Russian businessman Boris Berezovsky urged the man British authorities want to charge over the death of former spy Alexander Litvinenko to talk to police here, a report said Thursday.

Berezovsky also hinted that Andrei Lugovoi, his former bodyguard, may have been coerced into killing Kremlin opponent Litvinenko, though did not elaborate, the Independent newspaper said.

Lugovoi called Berezovsky following his employee Litvinenko's death by poisoning from the radioactive isotope polonium 210 last November, the businessman said in a London speech reported by the paper.

"I told him, if you are not guilty, you should come to this country -- go to Heathrow and talk to Scotland Yard," the paper quoted Berezovsky as saying.

"There is no chance you will go to jail if you are not guilty.

"I told him there was a polonium trail all over Europe, including in my office, and that he had to explain it."

Berezovsky reportedly added that "all the steps of Lugovoi just confirm that he is behind" the killing. Lugovoi has denied any involvement in Litvinenko's death.


Via Yahoo News! -

MOSCOW - A Russian who met in London with Alexander Litvinenko and with the man whom British authorities accuse of murdering him said in an interview broadcast Tuesday that he expects he may also be accused in the former KGB agent's poisoning death.

Dmitry Kovtun expressed solidarity with Andrei Lugovoi, the Russian businessman British authorities want to prosecute in Litvinenko's poisoning, saying the accusations against him were groundless and suggesting they were politically motivated.

"I consider the charges against him completely baseless, and the fact that they haven't been made against me is quite possibly a delicate political game or simply a matter of time," Kovtun said in an interview with Russia's Ren-TV television in Moscow.

Microsoft Windows AD User Enumeration Weakness

Posted by Sumit Siddharth on the FD Mailing List (5/31/07) -

Windows Server 2003 can be configured to restrict the hours and days that a user may log on to a Windows Server 2003 domain. This could lead to username enumeration.

Issue:- Microsoft Windows Active Directory Username Enumeration

Criticality:- Less Critical

Impact:- Exposure of system information

Description:- It has been identified that the Microsoft windows Active Directory contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the Windows Domain Controller returns different error messages depending on if a valid username was supplied via windows terminal services. This only happens for the user accounts that have time restrictions set and when these accounts are accessed during restricted time. This can be exploited to help enumerate valid usernames resulting in a loss of confidentiality.

Vendors response:-
"We will NOT be issuing a security update for this issue. It is likely that in a next version or service pack of the product we may consider making changes, but not before then".

1. Error returned When Account is Accessed at Restricted time
2. Error returned When Account is Accessed at Permitted time



Most likely the time blocking feature of Windows 2003 is only used by a small subset of overall users, therefore the severity of this issue is greatly reduced. But it is still a issue....

Lugovoi Claims Litvinenko was MI6

Via -

The thickening plot in the radiation murder of Kremlin opponent Alexander Litvinenko took a sensational new twist Thursday. The chief suspect, KGB agent-turned-businessman Andrei Lugovoi told reporters here that he is being framed by MI6, the British intelligence service, which, he claimed, had tried and failed to recruit him.

In a long and rambling statement, Mr. Lugovoi, who was formally charged with murder by British prosecutors last week, shed little light on who may have killed Mr. Litvinenko, or why. But he did lob fresh accusations which, analysts say, could raise the temperature in the already heated war of words between Moscow and London over the Litvinenko affair and might be used by the Kremlin to crack down harder on its domestic opposition.

Lugovoi claimed that both Litvinenko (a former KGB agent) and his sponsor, exiled anti-Kremlin billionaire Boris Berezovsky, were MI6 agents.


Note the June 1, 2007 publication date...this is new from the future. Sorta

New AACS MKB Processing Key Released

Via ZDNet Blog -

The cat and mouse game between the hackers and the AACS Licensing Authority continues as the latest MKB v3 Processing Key is released onto the web.

This latest key can be used to decrypt all newly released (and future releases, for a while at least) HD DVD and Blu-ray discs. This public release of the Processing Key comes shortly after Slysoft released an updated version of AnyDVD HD which could defeat the MKB v3 copy-protection used on the latest titles.

Swedish Second Life Embassy Now Open

Via -

STOCKHOLM, Sweden (Reuters) -- Sweden became the first country on Wednesday to open an embassy in the virtual world Second Life.

Created to promote the Nordic state's image and culture, the embassy does not offer any real or virtual consular services but provides information on its real world counterparts.

Second Life, an Internet-based world where users create characters known as avatars, is run by Linden Lab, based in San Francisco.

The opening of the embassy was attended online by Foreign Minister Carl Bildt, in the form of an avatar, and at a real-life press conference in Stockholm.

"The embassy is now open to the public and offers a smorgasbord of impressions to anyone interested in Sweden," said the Swedish Institute, which was behind the project.

The embassy also includes a room dedicated to Raoul Wallenberg, who helped save thousands of Jews in World War Two.

It recreates his office in Budapest, where he worked as a diplomat and issued Swedish passports to Hungarian Jews to help them escape the Nazis.

It also has an art exhibition, pictures of Sweden and fact sheets and radio news via iPod.

Phishing for Class Credit

Via RSnake's Blog -

I found this interesting link in my logs to the University of Washington’s CS department coursework. Apparently their assignment (due tomorrow) is to actually get their professors to give up their fake credentials by getting them to click on links. Pretty interesting actually! I’m surprised to see this kind of stuff being taught, but I’m really glad too, because a lot of what XSS is is input validation basics. It’s exactly the sort of thing that needs to be taught in CS classes, and it’s one that has somehow evaded most schools.

The intense irony in finding this is not lost on me though - I actually failed out of school and now my site is recommended course reading for CSE 490K (an advanced CS class). Maybe I should ask for course credit! Now don’t go and help the students! They have to learn this stuff for themselves!

Seattle Man Arrested for Spam Business

Via -

May 30, 2007 (IDG News Service) -- A Seattle man was arrested Wednesday morning for illegal spamming activities.

The arrest follows an indictment (download PDF) by a federal grand jury in Seattle last week.

The indictment charges Robert Alan Soloway and his company, Newport Internet Marketing Corp., with fraudulently selling broadcast e-mail products and services that amounted to spam. The U.S. attorney's office for the Western District of Washington referred to Soloway as a "spam king" for the volume of unsolicited commercial e-mail his company produced. He is charged with mail fraud, identity theft, fraud and money laundering,

Soloway advertised a mass e-mail service that sent messages to an opt-in list of addresses but didn't actually use such a permission-based list, the indictment said. He also sold software products that customers could use themselves to send out mass e-mails. However, the product often didn't work, and if it did, it sent e-mails using forged headers. He also failed to offer promised support services, according to the court documents.

In addition, when customers complained, Soloway threatened additional fees and referral to a collection agency.

Soloway is also accused of sending out tens of millions of e-mails, often using forged e-mail addresses and domains in the "from" line, advertising his services. As a result, some people who legitimately owned the e-mail address or domain were blamed for the spam and were blacklisted by Internet service providers.

Wednesday, May 30, 2007

Mac OS X < 2007-005 (vpnd) Local Privilege Escalation Exploit

Security Update 2007-005

CVE-ID: CVE-2007-0753

Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9,Mac OS X v10.4.9, Mac OS X Server v10.4.9

Impact: A local user may obtain system privileges

Description: A format string vulnerability exists in vpnd. By running the vpnd command with maliciously crafted arguments, a local user can trigger the vulnerability which may lead to arbitrary code execution with system privileges. This update addresses the issue by performing additional validation of the arguments passed to vpnd. Credit to Chris Anley of NGSSoftware for reporting this issue.

Exploit =

Groom With Tuberculosis Under Federal Quarantine

Via -

ATLANTA (AP) -- A man with a form of tuberculosis so dangerous he is under the first U.S. government-ordered quarantine since 1963 had health officials around the world scrambling Wednesday to find passengers who sat near him on two trans-Atlantic flights.

The man told a newspaper he took the first flight from Atlanta to Europe for his wedding, then the second flight home because he feared he might die without treatment in the U.S.

Centers for Disease Control and Prevention Director Julie Gerberding said Wednesday that the CDC is working closely with airlines to find passengers who may have been exposed to the rare, dangerous strain. Health officials in France said they have asked Air France-KLM for passenger lists, and the Italian Health Ministry said it is tracing the man's movements.

"Is the patient himself highly infectious? Fortunately, in this case, he's probably not," Gerberding said. "But the other piece is this bacteria is a very deadly bacteria. We just have to err on the side of caution."

Health officials said the man had been advised not to fly and knew he could expose others when he boarded the jets from Atlanta to Paris, and later from Prague to Montreal.

The man, however, told the Atlanta Journal-Constitution that doctors didn't order him not to fly and only suggested he put off his long-planned wedding in Greece. He knew he had a form of tuberculosis and that it was resistant to first-line drugs, but he didn't realize it could be so dangerous, he said.

"We headed off to Greece thinking everything's fine," said the man, who declined to be identified because of the stigma attached to his diagnosis.

Celebrating The Small Things of the World - Online

Via -

Put this in the 2007 time capsule: in this, the year of Facebook, we live in a culture that celebrates the small things. The tiny things, in fact. The miniscule minutiae of everyday life. Beautiful, or just inane? You decide, but by way of helping you make that decision, here's a group you can join [have to be on Facebook, sorry]: I Will Go Slightly Out of My Way To Step On That Crunchy-looking Leaf. No, seriously. All the kids are doing it. And I do mean all: as of last counting, this group had 218,133 members, 14, 591 wall posts and 822 photos. Of leaves.

But the real question remains, and that is this: did I join this group? Well, that crunchy sound is damn satisfying.

Hacking My Kid's Brain - Coping with SPD

Via (Mark Woodman) -

Three months ago I took my 7-year-old son through a neurological treatment designed to hack his brain. It's been 90 days since his treatment ended, and I am happy to report the hack has made a huge difference.

Friends and family inevitably ask, "Did it work?" While a simple "yes" might suffice, the specifics of Caleb's results show just how effectively a brain can recalibrate itself. Caleb is experiencing the world in a whole new way.

As a child diagnosed with sensory processing disorder, or SPD, Caleb doesn't experience senses the way other people do. Stimuli from his environment and body are sometimes misinterpreted or ignored altogether. In addition to the obvious physical difficulties manifested with this neurological disorder, it also diminishes the ability to learn, think and even socialize. Behaviors we take for granted, like eye contact and maintaining a polite distance, are often huge challenges for people with SPD.

The month-long Sensory Learning Program in Boulder, Colorado, was designed to recalibrate Caleb's reception of sensory input, reorganizing the neural pathways that process information. Read my mid-treatment report here. Caleb's visual and auditory perception is now within normal ranges and his visual-motor skills have significantly improved. The only area where Caleb still shows appreciable deficits is in proprioceptive awareness -- the sense of one's own body -- so we have turned to occupational therapy to help in this regard.

The Sensory Learning Program focuses on three modalities: vision, hearing and balance. The effectiveness of this "sensory intervention" is measured by a series of tests administered before the treatment, directly after the treatment, and once more at the end of three months.


Very interesting stuff indeed.

Germany Passes Anti-Hacking Laws

Via -

On Friday night the German Bundestag – the lower chamber of Germany's federal parliament – passed without amendment a controversial government bill designed to facilitate criminal prosecution of computer crimes. Only the Left Party voted against it. At a hearing in March security experts and representatives of IT companies raised many objections all of which have been turned down.

It becomes an offence to create, sell, distribute or even aquire so called Hacker Tools that are built to conduct criminal acts like aquiring illegal access to protected data. It is feared by many that this might keep administrators and security experts from doing their job – i.e. from properly testing applications or networks to enhance security while on the other hand the blackhats don't really care that their choosen tool has been made illegal now. Interestingly a similar clause in the Police and Justice Act amendments to the UK Computer Misuse Act has recently been suspended pending amendment for this very reason.

Another new offence is the unauthorized access of secured data by means that require the disabling or circumventing of security measures. This echoes the circumvention clause of the US Digital Millennium Copyright Act, which is still highly controversial after almost a decade and has been used in ways not anticipated by its creators to stifle legitimate security reaearch.

Whereas until now computer sabotage involving attacks on enterprises, companies or public authorities was an offense, in a positive move this protection is now extended by the legislation to private data processing.

The "deliberate acquisition of data by tapping into a non-public transmission of data or by way of reading radiation leaked by a data processing system" also becomes an offence. This is an important and long over-due clause; however, legislation couched in this type of very specific technical terms has proved less than ideal in the past as it can rapidly become obsolete as technologies change.

It remains to be seen whether this new legislation, expected to become effective this summer, will serve its purpose to allow more effective prosecution of cybercrime or indeed will turn out to be a step backwards for computer security by keeping the good guys from doing their work. Indeed, in the light of past experience in the UK and elsewhere, and given the novelty and scope of these measures, it is not clear that they will even prove enforceable.

Microsoft Rethinks Computer with New "Surface"

Via -

SAN FRANCISCO: Microsoft on Wednesday trumpeted an unorthodox coffee-table computer design that it predicts will become a multibillion dollar portion of the hardware market.

The announcement came as Microsoft chief executive Steve Ballmer was poised to unveil "the first in a new category of surface computing products," the company said, at an industry conference in southern California.

Microsoft Surface machines are built into tabletops and have 30-inch screens that can recognise objects placed on them and are controlled by touch instead of keyboard strokes or mouse movements, said the Redmond, Washington state-based company. Unlike standard touch-screen computers, Microsoft Surface allows more than one person at a time to drag icons or give commands to allow collaborative efforts "just like in the real world," Microsoft said.

"With Surface, we are creating more intuitive ways for people to interact with technology," Ballmer said.

"We see this as a multibillion dollar category, and we envision a time when surface-computing technologies will be pervasive, from tabletops and counters to the hallway mirror. Surface is the first step in realizing that vision."

The surface computer is the brainchild of Microsoft's hardware and research teams.

In a move unusual for Microsoft, which traditionally licenses its technology to partners, the company is contracting to have the computers made.

Microsoft is initially targeting stores, hotels and casinos with the technology. Surface computers will be available in some Las Vegas casinos, Starwood hotels and T Mobile stores by the end of the year, according to Ballmer.


Tuesday, May 29, 2007

MySpace Outage Leaves Millions Friendless

Via TheOnion -

BEVERLY HILLS, CA—An estimated 150 million people continued to be without social lives Tuesday as a massive system failure at entered its third day.

"The problem is taking longer than we anticipated, but rest assured we're working around the clock to get MySpace back online," said David Gundy, a spokesman for the social networking site. "We're hoping to have friendship restored to our users as soon as possible."

The outage, which occurred late Saturday night, is believed to be the result of a complicated wallpaper upload for the page of a former VH1 I Love New York contestant, which triggered a chain reaction of web browser crashes and server shutdowns. Although MySpace's emergency-response team has so far been unable to reconnect any of the millions currently stranded without access to online companionship, Gundy said he remains hopeful that no profiles have been lost.

However, because the sudden lack of friends has deprived MySpace users of comments, bulletin posts, and searches for elementary school crushes, it is feared that the ordeal could inflict long-term psychological damage. In Chicago alone, an estimated 50,000 people remain trapped in their apartments, with no way of contacting the outside world about new bands, Adult Swim cartoons, or the latest video games.

"I lost 6,456 of my best friends in an instant," said Minneapolis resident Peter Steinberg, 20, who has loyally befriended as many profiles as possible over the past two years. "Nothing can describe how devastated I feel. Some of these people I've exchanged two, even three comments with, and I can't tell you how many ROTFLMAOs we've shared, too."

Dutch TV Contestants Compete for Kidneys

Via -

A Dutch reality television show in which a terminally ill woman is to select one of three contestants to receive her kidneys when she dies is to air this week despite criticism that it pushes the boundaries of the format too far.

The government has called for De Grote Donorshow (The Big Donor show) to be dropped because it is "unethical" and "wretched" but the broadcaster BNN said it would go ahead to highlight the difficulties of searching for kidney donors.

In the show, due to be broadcast on Friday, a woman identified only as Lisa, 37, will select a recipient based on their history, profile and conversations with their families and friends. Throughout the 80-minute show, viewers will be invited to send Lisa text messages to advise her.

The ruling coalition parties the Christian Democrats and the Christian Union have condemned the show.

But BNN's chairman, Laurens Drillich, said the show would increase by a third the participants' chances of getting a new kidney. "The chance for a kidney for the contestants is 33%," he said. "This is much higher than that for people on a waiting list. You would expect it to be better, but it is worse."

BNN said it wanted to focus on the plight of kidney sufferers as a tribute to its founder, Bart de Graaff, who died of kidney failure five years ago in spite of several transplants.


This is just say the least. Thanks to Katie B. for the link.

Secure Communications via Thermal Wire Noise

Via -

American computer engineer Laszlo Kish at Texas A&M University in College Station claims to have done just that. He says the thermal properties of a simple wire can be exploited to create a secure communications channel, one that outperforms quantum cryptography keys.

His cipher device, which he first proposed in 2005, exploits a property called thermal noise. Thermal noise is generated by the natural agitation of electrons within a conductor, which happens regardless of any voltage passed through it. But it does change depending on the conductor's resistance.

MRSA is a Growing Threat to Public Health

Via -

A new study has found that drug resistant staph infection (Staphylococcus Aureus) has spread to urban poor in Chicago. The researchers reports a seven fold increase in patients with MRSA infections at Stroger Hospital’s emergency room and Cook County medical clinics between 2000 and 2005.

According to the study, the incidence of CA-MRSA skin and soft tissue infections increased from 24 cases per 100,000 people in 2000 to 164.2 cases per 100,000 people in 2005.

Until the late 1990s, MRSA was found exclusively in hospitals. Beginning in 1998, a community-associated form of the bacteria (CA-MRSA) emerged globally, with more potential toxins than hospital-acquired MRSA. Risk factors for CA-MRSA include jail or prison time, exposure while playing certain sports, intravenous drug use, overcrowded housing, tattooing and poor hygiene.

MRSA stands for methicillin-resistant Staphylococcus aureus, a potentially virulent bacteria that doesn't respond to several antibiotics used to treat common staph infections. People struck by the bug frequently develop painful skin boils or abscesses and, in rare circumstances, deadly pneumonias, blood infections and other life-threatening conditions.

"MRSA is becoming epidemic in the community," warned Dr. Bala Hota, the lead author and assistant professor of infectious diseases at Rush University Medical Center.

"It's unknown why USA300 (the MRSA strain dominant in Chicago) is so good at spreading in communities or where it comes from or even how it's transmitted.

Iran Charges Three Iranian-Americans With Spying

Via -

Iran's judiciary says three Iranian-Americans detained in Iran have been "formally charged" with endangering national security and espionage.

A judiciary spokesman Ali Reza Jamshidi said the Intelligence Ministry filed the charges against Haleh Esfandiari, Kian Tajbakhsh and journalist Parnaz Azima.

He did not announce any trial date for any of the three.

Esfandiari is the director of the Middle East Program at the Woodrow Wilson International Center for Scholars, a Washington-based foundation. She has been held in a Tehran's Evin prison since May 8, after being prevented from leaving the country.

Tajbakhsh, who is an urban planning consultant affiliated with the New York City-based Open Society Institute, has been imprisoned in Tehran since May 11. Billionaire businessman George Soros established the institute to promote democracy and human rights.

Journalist Azima, who worked for the U.S. funded Radio Farda, was detained but released and barred from leaving the country.

All three have dual U.S.- Iranian citizenship.

Earlier this month, Iran claimed Esfandiari admitted under interrogation she was trying to establish an unofficial network to topple the Iranian government. The Wilson Center's director, former U.S. Congressman Lee Hamilton, denied that.

Iran also implicated George Soros's foundation in the alleged network to topple the Tehran government.

The U.S. State Department called Iran's accusations regarding Esfandiari "absurd."

Esfandiari and Azima were in Iran to visit their mothers.

Iran has also detained another Iranian-American woman, whose identity has not been revealed at the request of her family.


No word on Bob...

Russia Test New Intercontinental Ballistic Missile (ICBM)

Via -

Moscow - Russia's military successfully tested a new intercontinental ballistic missile (ICBM) on Tuesday, sending the rocket across Russia's vast continental mass to hit a target on the Pacific Ocean Kamchatka Peninsula, defence officials said.

'The test launch of the RS-24 (ICBM) occurred at 1420 Moscow time (1120 GMT) at Plesetsk and at the designated time the warheads struck the assigned region at the Kura base on Kamchatka,' a spokesman for Russia's Strategic Rocket Forces told the news agency Interfax.

The RS-24, a missile with multiple independently targeted reentry vehicles, is to replace the current RS-18 and RS-20 rockets, known in the West as the SS-19 Stiletto and SS-18 Satan, respectively.


At the same time, Russian politicians have said Moscow will find an 'adequate response' to US plans to build a missile defence shield around Europe.

Washington says the shield is aimed against rogue missiles from North Korea or Iran, but many in Moscow say Russia is the true target and that its existing technologies will be able to best the defence.

Group of 16 Moroccans & Algerians Arrested in Spain

Via -

MADRID, May 28 —The police on Monday arrested 16 men, most of them Moroccans, suspected of recruiting volunteers to fight in Iraq and other countries and spreading propaganda calling for Islamic jihad.

Most of the men were arrested in the northeastern region of Catalonia, which has a large concentration of immigrants from Morocco and elsewhere.

Thirteen of the arrests were made in predawn raids in Barcelona, the regional capital, and other Catalonian cities and towns. Two suspects were arrested in the town of Aranjuez, in central Spain south of Madrid, and one in the southern port of Málaga, the Interior Ministry said.

Two of the men were Algerian and the rest Moroccan.

The 16 men, who were arrested on the orders of Baltasar Garzón, a top investigative judge, are suspected of recruiting and sending volunteers to fight in Muslim militant groups based in North Africa and Iraq, and of disseminating propaganda calling for jihad, or holy war.

The Interior Ministry said the police had seized computer material, Islamist propaganda and cellphones, but no weapons or explosives, during the raids.


Spanish security officials say videos made by militant groups linked to or inspired by Al Qaeda indicate that Spain continues to be a target of Islamic extremists who cleave to a nostalgic claim over Al Andalus, as the country was called in Arabic when it was the site of a thriving Muslim civilization from the 8th to the 15th century.


Sound like a loosely connected propaganda group of Al-Qaeda in the Islamic Maghreb.

Finnish Court Declares Open Season For Hacking DRM

Via -

An unusual ruling in Finnish courts appears to have declared that it’s open season for hacking DRM’d media.

In an unanimous decision, the Helsinki District Court ruled that Content Scrambling System (CSS) used in DVD movies is “ineffective”. The decision is the first in Europe to interpret new copyright law amendments that ban the circumvention of “effective technological measures”.

The legislation is based on EU Copyright Directive from 2001. According to both Finnish copyright law and the underlying directive, only such protection measure is effective, “which achieves the protection objective.”

If the ruling is upheld, it could have long-term implications for copy-protection technology in European.

EU member nations were required to implement the EU’s copyright directive, which says a technology is effective “where the use of a protected work or other subject-matter is controlled by the rights-holders through application of an access control or protection process, such as encryption, scrambling or other transformation of the work or other subject-matter or a copy control mechanism, which achieves the protection objective.”

In other words, if you can hack it, the DRM isn’t effective and isn’t covered by EU restrictions.

Monday, May 28, 2007

China Crafts Cyberweapons

Via PC -

The People's Liberation Army (PLA) continues to build cyberwarfare units and develop viruses to attack enemy computer systems as part of its information-warfare strategy, the U.S. Department of Defense (DOD) warned in a report released on Friday.

"The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks," the annual DOD report on China's military warned. At the same, Chinese armed forces are developing ways to protect its own systems from an enemy attack, it said, echoing similar warnings made in previous years.

Phone Numbers of Slovak Secret Agents Revealed

Via -

Another embarrassing incident happened last weekend in Slovakia.

The announced posting of complete telephone book on popular website from all phone operators during weekend turned to a serious security incident.

One of the phone-numbers-databases provided by T-Mobile contained also numbers that should have been classified (on customer's wish), and among them there were also more than 700 mobile phone numbers of Slovak secret service SIS. Slovak newspaper SME informed about this incident during the weekend on his web edition.

Customers, who found their classified numbers published, immediately called the operator but, in spite of this, such numbers had been accessible for more than 24 hours. Considering the reactions of SIS officials, it was clear they were surprised and astonished. Sure. How could they be less than surprised?

Not only Classified mobile phone numbers were revealed, but also secret service agents’ number were disclosed – this could be a real disaster.

SIS spokesman Karol Sorby said in an official statement, that "disclosing of data related to SIS on website ... is leakage of classified information and serious breach of telecommunication secret."

How serious was this leakage, we will see in next weeks.

According to SME, reporters tried to call on some of these numbers, and none but one among the people who answered, admitted to be working for Slovak secret services.

Friday, May 25, 2007

Mac OS X <= 10.4.8 pppd Plugin Loading Privilege Escalation Exploit

Author: qaaz (qaaz [at]
Date: 5-25-07


iDefense's Public Advisory

Al-Qaeda Wants Mass Destruction

Via (Israel News) -

LUXEMBOURG - Al-Qaeda is searching for ways to create nuclear weapons for mass destruction, a former UN weapons inspection chief said during a press conference at an international convention ways to prevent a nuclear catastrophe being held in Luxembourg.
Rolf Ekeus, currently High Commissioner at the Organization for Security and Cooperation in Europe (OSCE), and formerly Director of the UN Special Commission on Iraq, told reporters that the threat of a nuclear attack on a European city by al-Qaeda was tangible, and that steps are being taken to protect nuclear facilities from which terrorists can obtain enriched uranium.

"Al-Qaeda is searching for nuclear technology," Ekeus said. "They are looking for simple weapons... for mass destruction," he added.

Ekeus said al-Qaeda members "cannot be deterred. They are willing to sacrifice themselves," adding that prevention was the only means to combat the threat of nuclear terrorism.

"Of the 130 research reactors (with highly enriched uranium), very few of them have adequate protection. If I were looking for nuclear weapons, I would know where to go," the former UN official said. He added that steps were being taken to protect the reactors, and to make the enriched uranium inaccessible.

Guide to Lacing Those Sneakers

For the Sneaker Freaks, like me...

Happy Friday everyone, have a safe and fun weekend.

Tools of the Trade - Magic 8 Ball Bias

The Magic 8-Ball, manufactured by Mattel, is a toy used for fortune-telling. Invented by Abe Bookman in 1946 of the Alabe Toy Company, it is a hollow, plastic sphere resembling an oversized, black and white 8-ball. The fortunes are given by a white plastic die in the shape of an icosahedron, floating in a blue liquid, with answers to yes-no questions in raised letters on its 20 triangular faces. There is a transparent window on the bottom of the 8-ball, and when the ball is held so that the window faces up, the die floats to the top randomly exposing one of its faces in the window. As the raised white letters press against the window, they drive the dark blue liquid to the sides, away from the raised letters, so that the letters appear as white print on a still-dark-blue background (where a thin layer of fluid remains between the raised letters).

Ten of the possible answers are variations of "yes", five are ambiguous, and five are variations of "no".


I guess I should stop using the Magic 8 ball for important least I can always fall back onto RPS. It will never let me down.

On to the tools....

1) On May 25th, Michele Dallachiesa (aka Xenion) released rtpBreak v1.0. rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. In particular, it doesn't require the presence of RTCP packets (voipong needs them) that aren't always transmitted from the recent VoIP clients.

2) On May 25th, Pidgin 2.0.1 was released. Pidgin (formerly Gaim) is a GTK+ instant messaging application for Windows and Unix. It supports AIM, ICQ, Jabber/XMPP, MSN, Yahoo!, Bonjour, Gadu-Gadu, IRC, QQ, SILC, SIMPLE and more.

3) On May 23rd, Open Office 2.2.1 Release Candidate 2 was released. See the release notes for the details.

4) On May 22nd, Honeytrap 0.7.0 was released. Honeytrap is a network security tool written to observe attacks against TCP services. As a low-interactive honeypot, it collects information regarding known or unknown network-based attacks and thus can provide early-warning information.

5) On May 22nd, Opera 9.21 was released. This update fixed a buffer overflow which can be triggered by malformed torrents. See the changelog for all the details.

6) On May 17th, Asturio Kee released SambaScan2 v4.0. Sambascan2 is a small bash-script, which can scan for SMB-shares on a given network. It requires nmap, find, smbclient, sed and grep. This version adds the ability to scan password protected shares, using known logins and passwords for the host being scanned.

7) On May 16th, Adam Laurie released RFIDIOt-0.1m. RFIDIOt is an open source python library for exploring RFID devices. I had the pleasure of seeing Adam speak at CanSecWest in Canada, very interesting stuff indeed.

Al-Qaeda in Afghanistan Presents New Leader

Via -

Al-Jazeera TV broadcast today, May 24, a new Al-Qaeda film declaring the appointment of Mustafa Abu Al-Yazid as commander of Al-Qaeda in Afghanistan.

Click Here to View the Clip from MEMRI TV


Montaser al-Zayat, an Egyptian lawyer, told AKI that the Shaykh Mustafa Abu al-Yazid (a.k.a. "Shaykh Saeed") tape is most likely authentic.

"However knowing the terrorist organisation (al-Qaeda) one would not be elevated to such a position unless he had proven his loyalty to the group," al-Zayat noted.

Copying HD DVD and Blu-ray Discs May Become Legal

Via -

May 24, 2007 (IDG News Service) -- Under a licensing agreement in its final stages, consumers may get the right to make several legal copies of HD DVD and Blu-ray Disc movies they've purchased, a concession by the movie industry that may quell criticism that DRM (digital rights management) technologies are too restrictive.

The agreement, if supported by movie studios and film companies, could allow a consumer to make a backup copy in case their original disc is damaged and another copy for their home media server, said Michael Ayers, a representative of an industry group that licenses the AACS (Advanced Access Content System) copy-prevention system.

AACS is used on HD DVD and Blu-ray discs, the new high-definition DVD formats, to prevent unauthorized copying of the discs.

The concept, called "managed copy," would undercut one the strongest arguments against DRM technology, which critics say deprives buyers of their legal right to fair uses such as moving their content to other digital systems and devices.

The licensing agreement is under negotiation between the AACS Licensing Adminstrator, which Ayers represents, and companies using AACS technology, including film makers. AACS LA members include Sony Corp., IBM Corp., The Walt Disney Co., Warner Bros. and Microsoft Corp.

AACS LA is pushing the studios to support managed copy and offer consumers the option of making at least one copy, Ayers said.

"We want to be able to maximize the number of movies that are able to be offered," he said.

The idea is that the content companies could charge a premium according to how many copies are allowed, Ayers said. It remains a possibility that consumers, if given the chance to make three copies of Spider-man 2 could give those copies to their neighbors, which technically would qualify as low-volume piracy.

But AACS LA believes that movie studios will see higher sales with the managed copy option, even with the chance it could be abused, Ayers said. "Studios will have to take that into account when they select pricing," Ayers said.

FBI Internal Network Security Still Poor

Via -

The FBI could be exposing critical networks and information to attacks and insider threats, the Government Accountability Office says.

In a report published today, GAO found that the FBI uses inadequate information technology security controls on its critical internal networks. The combined security problems could lead to a breach of sensitive information or an insider attack, the report states.

The problems include:
  • Inconsistent configurations for network devices.
  • Inadequate control over identification and authentication to ensure that only authorized individuals can access networks.
  • Individuals’ ability to access information and functions outside what they need to perform their jobs.
  • Unencrypted sensitive data.
  • Patches that were not installed in a timely manner.
  • Employees not following physical security policies with their equipment.

These security issues are the exact issues faced by major corporations, so you think it would make sense to fix these common issues before attempting to put in place a next-generation
biometric system?

I guess not....

The Last Words of Mullah Dadullah

Via CT Blog -

English-subtitled video excerpts are now available for download of two exclusive interviews of former Taliban military commander Mullah Dadullah obtained by the NEFA Foundation. During the two interviews--secretly filmed in April and May of this year--Dadullah repeatedly states that American and British operatives are currently being tasked at terrorist training camps in Afghanistan with suicide attacks in their home countries. Less than thirty-six hours after the second interview was conducted, Dadullah was killed in a clash with NATO and Afghan military forces in Helmand province, Afghanistan.

The video clips can be viewed on the NEFA Foundation website:

Myspace Adds CAPTHAs

Just FYI, last night I noticed that Myspace now requires you to fill in a CAPTHA to update your profile.

I guess they finally decided that worms and automatic scripts shouldn't be able to update profiles....

About time...

Nissan Warns U.S. Cellphones Can Disable Car Keys

Via -

DETROIT (Reuters) - Nissan North America has a warning for customers: placing your electronic key too close to your cellphone could leave you stranded.

The automaker is asking customers driving new models of two of its flagship sedans to keep their car keys and cellphones at least an inch apart to avoid disabling the "intelligent keys."

Cellphones kept near Nissan's I-Keys -- wireless devices designed to allow drivers to enter and start their cars at the push of a button -- can erase the electronic code on the keys, rendering them unable to unlock or start the cars.

The problem has occurred on the 2007 Nissan Altima and Infiniti G35 sedans -- two of their top-selling models, the company said on Thursday.


Those keys sound pretty "intelligent" to me...

I know a ton of "stupid" people that keep their cellphones and keys in the same pocket.....can you believe it?

Who Needs Seatbelts Anyways - Not New Hampshire

Via Union Leader -

The mandatory seatbelt bill hit a bump in the road when the Senate Transportation and Interstate Committee voted to recommend the bill be killed.

The committee voted 3-2 on the recommendation and the full Senate is scheduled to vote on the bill May 31.

On Wednesday, committee chairman Sen. Robert Letourneau, R-Derry, voted to recommend killing the bill, joined by Sens. Bob Clegg, R-Hudson, and Betsi DeVries, D-Manchester. Committee vice chairman Sen. Peter Burling, D-Cornish, and Sen. Molly Kelly, D-Keene, opposed the recommendation.

The bill, HB 802, passed the House last month by 13 votes. New Hampshire is the last state in the country without a mandatory seatbelt law, although restraints are required for children and teenagers.


Clegg said after the committee vote, "I don't think we should ever fear punishment as a reason to do anything. Government shouldn't be something everybody is afraid of. If seatbelts are a good idea, then we ought to educate people so they'll use them."

He said he does not use a seat belt when he drives his truck, and is not convinced that seatbelts provide a fail-safe remedy to highway deaths.

"My son once slid sideways on the ice and ended up with a branch through the door of his car. If he'd been wearing a seatbelt, it would've skewered him. Instead, the branch pushed him to the other side of the car," Clegg said. "So no, I choose not to buckle, and I think it's baloney that the government would tell me that I have to, or else."


Advocates of the bill include emergency room nurses and a doctor, safety and transportation officials, the New Hampshire Medical Society and the National Transportation Safety Board.

The state would receive a $3.7 million federal grant if the bill passes.

Supporters of the bill say with its voluntary approach, New Hampshire lags the rest of the nation in seat belt use. The bill would raise usage among all drivers and save the state $48 million in medical costs, they say.


Is Bob Clegg serious? Really?

Thursday, May 24, 2007

Anti-terror Laws Rapped as Suspects Flee UK

Via -

Britain's anti-terrorism strategy faced mounting criticism on Thursday after an embarrassing announcement that three men suspected of planning attacks on British or US troops abroad had absconded.

Police said the men, two of whom are brothers of a man jailed last month for plotting al-Qaeda-inspired bomb attacks across Britain, had violated anti-terrorism control orders and failed to check in with authorities last week. This means that more than a quarter of those subject to the orders, imposed on terrorism suspects who are not charged with a crime, are now missing after the disappearance of at least two other suspects last year. Lord Carlile, the independent reviewer of anti-terrorism laws, told the BBC the security services believe the three men had wanted to target British troops in Iraq or elsewhere. These three men were the subject of solid intelligence that they intended, not to cause damage in the UK, but that they intended to damage our national security by going as insurgents to kill British and other allied troops abroad, he said.

1971 Baker Street Robbery - MI5 Job?

Via -

A London bank robbery more than 35 years ago was staged by MI5 to recover compromising pictures of Princess Margaret on the Caribbean island of Mustique, a new film claims.

Clips of The Bank Job, which will be released next year, were shown at the Cannes Film Festival. Featuring the Lock, Stock and Two Smoking Barrels star Jason Statham, it tells the story of the 1971 Baker Street robbery, in which thieves tunnelled into the vault of a Lloyds bank and looted safe deposit boxes and jewellery worth the equivalent of £5m today. Nobody was ever arrested and none of the money recovered. The film alleges that a well-known criminal called Michael X had put the photographs of the Princess in the vault for safekeeping - and that was the point of the raid.

"What happened in the film is that the raid on Lloyds was set up by MI5," said the film's producer, Steven Chasman. "They knew a box with those pictures was inside the vaults."

The film's writers, Dick Clement and Ian La Frenais, interviewed about six people linked to the theft. Several said the photos, whose subject matter isn't known, were the real target. The Princess is not directly referred to, although the film's producers say it is "clear who we are talking about".


Sound like a great "movie plot" to me...but who really knows if it is true.

They say that the truth is sometimes stranger than fiction.

Classified Data Leak in Japan Widens to Missile System

Via The Japan Times -

Information on sea-based surface-to-air missiles was leaked along with data on the Aegis defense system, jeopardizing the deployment of a key defense system, according to sources familiar with the probe by Kanagawa prefectural and Maritime Self-Defense Force police.

MSDF Aegis ships were scheduled to start receiving the state-of-the-art SM-3 interceptor weapons system developed by the United States this year.


The case came to light in March after police found that a petty officer 2nd class had stored material containing secret Aegis data, such as an educational program, on computer hard disks discovered at his home in Yokosuka, Kanagawa Prefecture.

He told police he obtained the data from a petty officer 3rd class, though neither was authorized to access the highly classified information. Police investigated further, questioning related officers and MSDF members. The two petty officers are crew members of destroyers belonging to the 1st Escort Flotilla based in Yokosuka.

Police also found that materials on the Link 16 data exchange system — the latest system used in key U.S. warships and fighter jets — have been leaked.

Link 16, which has several times more capacity and is more resistant to electronic jamming than Link 11, is being used for information sharing between U.S. and Japanese military units. It is considered an essential tool in missile defense, which requires a swift exchange of information via reconnaissance satellites.

Materials on both the SM-3 and Link 16 are in the special category of classified information under the 1954 Law Concerning the Protection of Secrets for the Japan-U.S. Mutual Defense Assistance Agreement.

Blast from The Past - Jonathan Pollard Case

Via United Press International (UPI) -

U.S. Ambassador Richard Jones said that it is unlikely that Jonathan Pollard, a former U.S. Navy civilian intelligence analyst, would ever be released from jail and that the United States has been lenient with Pollard. Jones's remarks were part of an address at the Bar-Ilan University in Ramat Gan, Israel, and were reported in The Jerusalem Post on Monday.

"It came out in the trial very clearly, Jonathan Pollard took money for what he did, he sold out his country," Jones said, according to The Post. "The fact that he wasn't executed is the (only) mercy that Jonathan Pollard will receive."

In 1985 Pollard pleaded guilty to one count of passing classified information. Pollard worked at the Pentagon at the time. He was given a life sentence, which he is currently serving in a U.S. federal prison.

Jones said that Pollard's case was particularly disturbing for Americans because it involved Israel, a close U.S. ally.

"I know he was helping a friend, but that's what makes it even more emotional for Americans, if a friend would cooperate in aiding and abetting someone who is committing treason against his own country," Jones said.

Navy Lawyer Stationed Convicted of Leaking Secrets

Via -

NORFOLK, VA (AP) -- A Navy lawyer who gave a human rights attorney the names of 550 Guantanamo Bay detainees was convicted in military court Thursday of communicating secret information that could be used to injure the United States.

Lt. Cmdr. Matthew Diaz also was convicted of three counts of leaking information to an unauthorized person, but was acquitted of printing out national defense information with the intent or reason to believe it would be used against the U.S.

A sentencing hearing was to begin Friday for Diaz, who could receive up to 14 years in prison.

Prosecutors said Diaz mailed an unsigned Valentine's Day card that included a printout of the detainees' names, nationalities, the interrogators assigned to them and intelligence sources and methods. They contend that his actions endangered the lives of detainees at the Guantanamo Bay Naval Base in Cuba, and of American troops.

Witness Saw Litvinenko Suspect in London

Via Yahoo! News -

MOSCOW - A Russian historian said Thursday that he told British police he bumped into the chief suspect in the murder of Kremlin critic Alexander Litvinenko in London earlier than the suspect admits being in the city, but police initially doubted his story.

Yuri Felshtinsky told The Associated Press that he met the suspect, Andrei Lugovoi, together with another figure in the case, Dmitry Kovtun, near Picadilly Circus on Oct. 12.

He said he later notified Scotland Yard about the encounter. But detectives, Felshtinsky said, were initially skeptical, saying they had no record that Lugovoi and Kovtun were in Britain on that date.

"When Scotland Yard was questioning me, they told me I was mistaken," Felshtinsky said in a telephone interview from the United States. He said investigators thought Lugovoi and Kovtun had not arrived in the country until Oct. 16.

Only after Felshtinsky produced an ATM receipt from Lugovoi from the neighborhood dated Oct. 12 did detectives change their minds, he said.

A Scotland Yard spokeswoman said the force would not comment on Felshtinsky's statement. She said police could not discuss anything a witness might have told investigators and added that she couldn't even confirm if someone had been interviewed as a witness.

Tape From 1998 Shows Russian Ex-Spy Fearful

Via Yahoo! News -

MOSCOW - Late one night in April 1998, three government security agents met at a guest house outside Moscow to make an extraordinary video in which they claimed their bosses had ordered them to kill, kidnap and frame prominent Russians.

The tape, the Federal Security Service officers said, was a kind of insurance, to be released only if something happened to one of them.

Now one of them, Alexander Litvinenko, is dead, poisoned with a rare radioactive isotope in London last November.

British police on Tuesday accused another ex-KGB agent, Andrei Lugovoi, in the killing. No motive was stated. Lugovoi denied involvement, saying the decision by British officials was politically motivated.


In the tape, Litvinenko also contends he was ordered to beat up or plant a weapon on Mikhail Trepashkin, another former FSB agent who was imprisoned several years later for revealing state secrets.

The videotaped claim appears prophetic: Trepashkin, who investigated claims the FSB was behind a series of apartment building explosions that killed about 300 people in 1999, was arrested in 2003 after police said they found a gun in his car. His lawyers said the weapon was planted.

Trepashkin was convicted of disclosing state secrets, and is now in prison. Amnesty International has said that the charges "appear to have been politically motivated," and in 2005 accused the Russian government of denying him medical treatment.

Another man in the tape identifies himself as Alexander Gusak, Litvinenko's direct superior, and says there was talk in the FSB of kidnapping Umar Dzhabrailov, a wealthy Chechen businessman.

Iran Expanding Enrichment Capabilities

Via Fars News Agency (Iran) -

With the second series of UN Security Council Sanctions on March the 24th obviously having had no effect on Iran's activities, it is difficult to see what a third series of UN Sanctions would achieve.

The EU still seems to prefer the option of resolution through negotiation, but with Iran not backing down, a third series of sanctions, though ineffective in resolving the dispute, might seem inevitable.

The US and the EU are insistent that Iran is pursuing a military nuclear program and have expressed their determination to stop it. The US has not ruled out a military option and on Wednesday launched its biggest military exercises in the Persian Gulf in recent years.

US officials had said the powers would start drafting a third, harsher batch of sanctions if the deadline was flouted. Iran has ignored the UN deadlines, and while expanding its nuclear activities insists they are for energy purposes only.

Iran has so far gained the necessary know-how for enriching uranium to a low level (3.5 to 5 percent) while nuclear bombs need highly enriched uranium (over 90 percent), meaning that Iran cannot do anything with its enriched uranium but producing energy.
Despite vast propaganda by Western media, Tehran continues cooperation with IAEA and in the latest case two of the agency's inspectors arrived here Tuesday morning.

During their one-week mission, the two inspectors are due to visit Isfahan UCF plant and Natanz enrichment facility.

The visits of the IAEA inspectors fall within the safeguard agreement of the Non-Proliferation Treaty (NPT) and are viewed as the Agency's routine inspections of nuclear sites.

Iran's nuclear activities are fully supervised by the IAEA inspectors and cameras, and Tehran is observing the rules and contents of the NPT Comprehensive Safeguard Agreement in full.


It is important for my readers to always think about where information is sourced is always to identify possible bias in all news report (in all places).

In this case, it has been shown that Fars News is affiliated to the Iranian judiciary.

Just compare the information above with this Al Jazeera article.
ElBaradei told a news conference in Luxembourg on Thursday that he tended "to agree with people like John Negroponte and the new director of the CIA ... that even if Iran wanted to go for a nuclear weapon, it would not be before the end of this decade or sometime in the middle of the next decade".

On Wednesday the IAEA issued a critical report that said Iran had expanded its uranium enrichment programme in defiance of UN demands for its suspension, and warned that the watchdog's knowledge of Iran's activities was shrinking.


But on Thursday, in a speech to a gathering of Iran's Revolutionary Guards, Mahmoud Ahmadinejad, the Iranian president, ruled out the possibility of a suspension of the country's nuclear programme.

"The enemy wants Iran to surrender so it won't have any say in the world," he said, according to state-run television.

"The aim of the enemies in thwarting Iran's exploitation of peaceful nuclear technology, is not based on any technical reasons. They want to hit at the source of the [Iranian] regime's progress.

"If Iran's right to nuclear technology is confirmed, all nations of the world will gather under Iran's political banner. The enemies of Islamic Iran know this, and for this reason they have mobilised."

Carbon Sequestration, Isotope Hydrology & Biochar Sequestration

Via International Atomic Energy Agency (IAEA) -

Not many people see isotope hydrologists on the front line of the fight against climate change. But they are -- studying how to trap greenhouse carbon gas and bury it deep below ground in salty aquifers. The work is one topic being reviewed at the IAEA, when world experts in isotope hydrology meet 21-25 May in Vienna at an international symposium.

Over 280 participants will attend the International Symposium on Advances in Isotope Hydrology and Its Role in Sustainable Water Resources Development. Studies on carbon trapping and other topics from over 60 countries will be presented.

Carbon trapping -- or sequestration in technical terms -- is an emerging research area to combat global warming. It refers to natural or artificial processes that remove carbon from the atmosphere, to reduce or slow rising emissions through interaction with natural "sinks", mainly oceans, deep parts of the Earth´s crust, or plants. In some processes, the carbon dioxide is injected into an underground water source where it dissolves and remains in long-term storage. That´s where isotope hydrologists come in.

"Once the carbon dioxide is trapped in the water you want to make sure it stays put," says Brent Newman, a scientist in the IAEA´s Isotope Hydrology section. "That´s where isotope hydrology comes in. You use isotopes like carbon and oxygen to monitor if the carbon dioxide is leaking or flowing from the aquifer, and to assure the integrity of the aquifer is maintained. For carbon sequestration you need a brine aquifer where the water is thousands of years old. Isotope hydrology can tell you the age of the water. If it´s very old, then it´s unlikely the water is flowing out of the aquifer rapidly enough to be a problem. In addition, many brine aquifers have the capacity to absorb lots of carbon dioxide."

A range of other issues -- from water pollution to protection -- are on the symposium agenda. Participants will hear how isotope hydrology is being used to help countries protect their drinking water. In the Abidjan area of Côte d´Ivoire over recent years, the main source of groundwater quickly became contaminated. Using nitrogen isotopes, hydrologists identified urban sewage as the main contributor contaminating the groundwater.


The US DOE likes the idea of Carbon Sequestration but not everyone is onboard....


In addition, check out the Biochar Sequestration research being conducted by Cornell biogeochemist Johannes Lehmann.

Writing in the May 10 issue of the journal Nature, a Cornell biogeochemist describes an economical and efficient way to help offset global warming: Pull carbon dioxide out of the atmosphere by charring, or partially burning, trees, grasses or crop residues without the use of oxygen.

This process, he writes, would double the carbon concentration in the residue, which could be returned to the soil as a carbon sink. The exhaust gases from this process and other biofuel production could then be converted into energy.

This so-called biochar sequestration could offset about 10 percent of the annual U.S. fossil-fuel emissions in any of several scenarios, says Johannes Lehmann, associate professor of soil biogeochemistry in the Department of Crop and Soil Sciences at Cornell.

"Biochar sequestration, combined with bioenergy production, does not require a fundamental scientific advance, and the underlying production technology is robust, clean and simple, making it appropriate for many regions of the world," said Lehmann. "It not only reduces emissions but also sequesters carbon, making it an attractive target for energy subsidies and for inclusion in the global carbon market."

Police Seize Truckload of Heroin in Moscow

Via ITAR-TASS (Russia) -

MOSCOW, May 24 (Itar-Tass) - Drug control police in Moscow seized a truckload of heroin, the largest ever batch of narcotics, confiscated by law-enforcement agents in the capital, the press service of the city department of the Federal Service for Control of Drugs and Psychotropic Substances Circulation told Itar-Tass.

"It's the largest batch of heroin seized in the entire history of the department," the press service said without specifying the weight of the confiscated batch.

Russian FSB Charges Second Person on Assassination Attempt

Via ITAR-TASS (Russia) -

ST PETERSBURG, May 24 (Itar-Tass) - Prosecutors brought charges against the second suspect, accused of planning an assassination attempt on the life of St.Petersburg governor Valentina Matviyenko, the regional branch of the Federal Security Service told Itar-Tass on Thursday.

Another two persons figuring in the case are on recognizance.

If proven guilty, they face 12 to 20 years in jail or life imprisonment. According to the FSB, they are members of an extremist youth organization.

The FSB did not specify the name of the organization. The crime was prevented at an early stage - approximately a month before the planned assassination attempt.

The FSB public relations department earlier told Tass that the suspects were detained on May 16 red-handed, but their names are not disclosed in the interests of the investigation.


Other blog entries on this subject...

Chinese Wireless Encryption Standard Gains Backers

Via Middle East Times -

BEIJING -- A growing number of Chinese telecom and computer companies support a local encryption standard for wireless Internet that challenges US technology in the field, state media said Wednesday.

The WAPI encryption standard, a Chinese-made rival of the US-backed 802.11 standard, has received the endorsement of companies such as cellphone operator China Mobile and PC vendor Lenovo, the China Daily reported.

"A complete WAPI industry chain is already taking shape and it is set to prevail in China," said Jiang Shiping, chairman of the WAPI alliance, an industry group pushing the standard.

China Drops Compulsory Blogger Identification Requirement

Via Middle East Times -

The fast-rising blogging population had been told late last year that they would be forced to identify themselves, in an effort to prevent anonymous people hiding in cyberspace and causing a "bad influence."

The registration plan was part of President Hu Jintao's campaign to "purify" the Internet, amid concern among China's communist leadership about the rapidly expanding power of new media.

But the official Xinhua news agency reported late Tuesday that the government now intends to drop compulsory identification following "outcries" from industry and netizens.

A new draft published this week by the Internet Society of China, a government-controlled industry association, says that real-name registration should be "encouraged" rather than made mandatory.

"Government departments have been promoting a real-name system for years, arguing it would force Internet users to watch their words and actions and to refrain from slander, pornography and dissemination of other 'harmful' information," Xinhua said.

"But the proposal has triggered protests from the Internet industry and the growing number of Internet users."

Xinhua cited the chief executive of popular Internet portal, Zhang Chaoyang, as reflecting widespread concerns that the government's initial plan would curtail much-enjoyed cyber freedoms.

"It [real-name registration] would impair the free spirit of the Internet," Zhang said.

However, industry chiefs indicated that the policy shift may simply have arisen because regulation would have been extremely difficult and costly to implement, according to Xinhua.

Another US-Iran Citizen is Detained in Iran

Via Gulf Times (Qatar) -

WASHINGTON: Iran has imprisoned an Iranian American affiliated with George Soros’ Open Society Institute, the foundation said yesterday, becoming the fourth dual citizen to be detained in Iran in recent months.

Diplomats fear that the detentions, which follow the US military’s arrest of five Iranians in Iraq in January, could herald further deterioration in relations between the two countries, which have not had diplomatic ties since 1980.

The New York-based Open Society Institute, a foundation that promotes democratic governance and human rights, said Tehran-based social scientist and urban planner Kian Tajbakhsh had been imprisoned in Iran around May 11.

“He is in prison,” said Laura Silber, a spokeswoman for the foundation. News of his detention was first reported by the Washington Post.

The other dual citizens arrested, detained or otherwise kept from leaving Iran include Haleh Esfandiari, a scholar at the US Woodrow Wilson International Centre for Scholars think tank; Parnaz Azima, a reporter for US-funded Radio Farda; and a third person whom the US government has not identified.

The State Department had no immediate comment on Tajbakhsh. It said Iran had not yet allowed Swiss diplomats, who protect US interests in Iran, to visit Esfandiari in Tehran’s Evin prison.

US officials also believe Tehran may be holding former FBI official Robert Levinson, who went missing early in March while on a visit to the Iranian island of Kish. Iran has denied it is holding him.

Iran’s intelligence ministry has accused the Soros group of promoting “soft revolution” in Iran - a term Iranian officials use to refer to a perceived US plot to use intellectuals and others inside Iran to undermine the Islamic state.

Former Coca Cola Employee Convicted of Selling Secrets

Via Gulf Times (Qatar) -

MIAMI: A former Coca Cola employee was sentenced yesterday to eight years in jail for trying to steal company secrets and sell them to arch-rival Pepsi Cola, in a case that had the trappings of a cloak-and-dagger spy caper.

Prosecutors said the sentence reflected the increasingly critical need to protect US companies intellectual property.

A US judge in Atlanta, Georgia, sentenced former Coca Cola administrative assistant Joya Williams, 43, to eight years in prison, and co-conspirator Ibrahim Dimson, 31, to five years. Another co-defendant, Edmund Duhaney, 43, is to be sentenced at a later date.

Williams and Dimson were each ordered to pay $40,000 in restitution to the Atlanta-based Coca Coca.

After the three were arrested in July, Duhaney and Dimson pleaded guilty and agreed to cooperate in the case against Williams.

The jury found Williams guilty in February after hearing of secret documents being spirited away, a cash pay-off being made in a Girl Scout cookie box and a plot exposed by an undercover Federal Bureau of Investigation agent.

Williams was accused of stashing confidential documents, and product samples in her bags and walking out of Coca-Cola headquarters in downtown Atlanta in 2006. She then handed the products over to Duhaney and Dimson to sell to Pepsi.

In May 2006, Pepsi received a letter from Dimson claiming he was a “high level” Coca Cola employee and had confidential information about products that Pepsi should be interested in.

The information was about new Coke products, not the ultra-secret Coca-Cola formula which is reportedly stored in the vault of a downtown Atlanta bank.

Pepsi contacted the FBI, which then set up a sting operation after Dimson faxed 14 pages of Coca-Cola documents marked “classified” to the undercover agent.

Dimson was paid $5,000 at first, then another $30,000 in the cookie box when he met the undercover FBI agent in the Atlanta airport.

Coca-Cola then set up secret surveillance cameras at Williams’ work station and videotaped her putting documents in her bag before she went home for the day.