Saturday, May 31, 2008

Anger at 'Slutty' Starbucks Logo

Via BBC -

US coffee chain Starbucks has come under fire for a new logo that critics say is offensive and overly graphic.

The Resistance, a US-based Christian group, has called for a national boycott of the coffee-selling giant.

It says the chain's new logo has a naked woman on it with her legs "spread like a prostitute... The company might as well call themselves Slutbucks".

Starbucks says the image - based on a 16th century Norse design of a mermaid with two-tails - is not inappropriate.

Rather, the image is a more conservative version of the original Starbucks design, which hung above the chain's first store when it opened in Seattle's Pike Place Market in 1971.

It says the image - the longstanding logo for Pike Place bags of coffee - is appearing on some of its cups as part of a promotion, and will remain "for several weeks".

Howard Schultz, who bought Starbucks in 1982, described the emblem in his memoirs as "bare-breasted and Rubenesque; [it] was supposed to be as seductive as coffee itself".


Based in San Diego, the Resistance claims to have more than 3,000 members across the US and has gained a reputation for espousing diverse conspiracy theories.


Someome tell Resistance there there are more important things in the world to yell about, this one is kinda silly. Srsly.

Creative Software AutoUpdate Engine ActiveX Stack-Overflow Exploit

A vulnerability has been reported in Creative Software AutoUpdate Engine ActiveX Control, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the Creative Software AutoUpdate Engine ActiveX control (CTSUEng.ocx) when handling certain unspecified properties or methods. This can be exploited to cause a stack-based buffer overflow when a user is tricked into visiting a malicious website.

Successful exploitation may allow execution of arbitrary code.


Public Exploit

Dept of Justice: Electronic Crime Scene Investigation Guide

This guide is intended to assist State and local law enforcement and other first responders who may be responsible for preserving an electronic crime scene and for recognizing, collecting, and safeguarding digital evidence. It is not all inclusive but addresses situations encountered with electronic crime scenes and digital evidence. All crime scenes are unique and the judgment of the first responder, agency protocols, and prevailing technology should all be considered when implementing the information in this guide. First responders to electronic crime scenes should adjust their practices as circumstances—including level of experience, conditions, and available equipment—warrant. The circumstances of individual crime scenes and Federal, State, and local laws may dictate actions or a particular order of actions other than those described in this guide. First responders should be familiar with all the information in this guide and perform their duties and responsibilities as circumstances dictate.

Friday, May 30, 2008

Software Bug Prevented Horse Racing Payoff

Via ZDNet -

A horse racing bettor discovered a software bug preventing race payoffs under certain conditions. Following inquiries from California’s Horse Racing Board, Scientific Games, which manufactured the race management software / hardware system, reported a bug that “dropped the last horse in the field from quick pick tickets on all 7,000 of its BetJet machines nationwide.”

According to the San Mateo County Times, a wide-ranging Kentucky Derby bet exposed the bug:

The attention stems from a problem discovered by an unidentified bettor at Bay Meadows Race Track who put down 1,300 one-dollar quick pick superfecta bets on the Kentucky Derby. Not one of the computer-generated tickets included the eventual winner, Big Brown.

In an interesting twist, California lawmakers are calling for a fraud investigation against Scientific Games, since it appears the company knew of the problem for months before acknowledging the bug. Blood-Horse Magazine reports:

In a May 15 e-mail to Ed Martin, president of the Association of Racing Commissioners International, CHRB chairman Richard Shapiro contended that SG “apparently became aware of the problem in February, but they failed to disclose it to customers or certainly to us in California.”

Al-Qaeda Pushes Harder on Iran to Free Key Operatives

Via ABC News -

Shortly after the U.S. invaded Afghanistan in late 2001, al Qaeda's central leadership broke into two groups. U.S. intelligence believes that one group, headed by Osama bin Laden and Ayman al Zawahiri, fled to the east to find safe haven in Pakistan's tribal areas. The second group, headed by an Egyptian named Saif al Adel, went west to Iran. This second group, which intelligence analysts say includes al Qaeda's management council, or "shura," includes about two dozen militants, including Adel, al Qaeda spokesman Suliman abu Ghaith and some of bin Laden's relatives, including two of his sons, Saad and Hamza.

Although U.S. officials rarely talk publicly about them, these militants are considered to be among the most dangerous terrorists in the world. Adel is on the FBI list of Most Wanted Terrorists and is a suspect in the 1998 bombings of the U.S. embassies in Kenya and Tanzania. The State Department has put a $5 million bounty on his head through the Rewards for Justice program; the only al Qaeda figures with higher bounties are Osama bin Laden and his deputy, Zawahiri.

Iranian authorities detained these militants in 2003, and they have been under what one U.S. official called "loose house arrest" in Iran ever since. The U.S. government quietly sent messages to Iran through the Swiss government, requesting that the al Qaeda figures be turned over to their native countries for interrogation and trial. Iran has refused.

In the past, the Iranians have also resisted efforts by al Qaeda to get the militants released. But recently there has been a renewed effort by al Qaeda to negotiate for their release and signs that the Iranians are willing to at least talk about that.

"Al Qaeda would like to get those folks a deal and they've been trying to work a deal," a senior defense official tells ABC News. "Right now there is greater effort being applied by al Qaeda to seek a resolution." Although Iran has recently signaled a willingness to discuss the issue, this official says, "I don't see the Iranian government desiring to work very fast or quickly on that. "

Buried inside the latest State Department report on terrorism, released in April, is one of the few on-the-record statements on this issue by the U.S. government.

"Iran has repeatedly resisted numerous calls to transfer custody of its AQ detainees to their countries of origin or third countries for interrogations or trial," the report says. "Iran also continued to fail to control the activities of some AQ members who fled to Iran following the fall of the Taliban regime in Afghanistan."

But U.S. officials tell ABC News that one reason they have not raised the issue more publicly is that they believe Iran has largely kept these al Qaeda operatives under control since 2003, limiting their ability to travel and communicate.

"It's been a status quo that leaves these people, some of whom are quite important, essentially on ice," said a U.S. official.

Iran has its own reasons to keep these militants under house arrest. Al Qaeda is a Sunni Muslim group that has a complicated, sometimes tense, relationship with Iran. Recent public statements by al Qaeda have taken an unusually anti-Iranian tone. In two audiotapes released last month, for example, Zawahiri lambastes the Iranian government for, among other things, trying to take over southern Iraq.


Very interesting....

Thursday, May 29, 2008

Tools of the Trade - Hackintosh 10.5.3 Edition

If you've installed OS X hack-free on your $800 Hackintosh, then updating willy-nilly to OS X 10.5.3 isn't in the cards. On the plus side, your fellow OSx86 hackers have already released their own update for Hackintosh users—just one day after the official Apple release. The update is a fairly simple three-step process, but I haven't installed it yet, so if you feel like being the canary in the coal mine, let's hear how it worked for you in the comments.


On to the tools...

On May 29th, CCleaner 2.08.588 was released. CCleaner is a freeware system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space.

On May 28th, OpenSSL 0.9.8h was released. Two moderate severity security flaws have been fixed.

On May 23rd, Foxit Reader 2.3.2923 was released. Foxit Reader is a free PDF document viewer and printer, with incredible small size, breezing-fast launch speed and rich feature set. Foxit Reader supports Windows Me/2000/XP/2003/Vista. Its core function is compatible with PDF Standard 1.7. This release addresses a highly critical buffer overflow vulnerability.

On May 21st, Filezilla 3.0.10 was released. Precompiled binaries available from now link against GnuTLS 2.2.5 due to security vulnerabilities in previous GnuTLS versions.

On May 19th, Michele Dallachiesa released rtpBreak 1.3a. rtpBreak detects, reconstructs and analyzes any RTP [rfc1889] session through heuristics over the UDP network traffic. It works well with SIP, H.323, SCCP and any other signaling protocol. Check the changelog for all the details.

On May 17th, Pidgin 2.4.2 was released. Pidgin is a multi-protocol Instant Messaging client that allows you to use all of your IM accounts at once. Check the changelog for all the details.

On May 17th, Microsoft released Virtual PC 2007 Service Pack 1. Virtual PC lets you create separate virtual machines on your Windows desktop, each of which virtualizes the hardware of a complete physical computer. I still prefer VMware Workstation however. ;)

On May 14th, NewsGator released Feed Demon 2.7.0. Feed Demon is a very powerful (and free) RSS reader for Windows. I moved to Feed Demon last year and haven't looked back. Very fast and customizable.

On May 13th, the Fedora Project released Fedora 9. Check out the release notes for all the details.

On May 12th, Microsoft released Process Monitor v1.33. This update to Process Monitor, a real-time file, thread, DLL and performance monitoring utility, improves 32-bit stack walking on 64-bit Windows, fixes a driver bug that could cause crashes on 64-bit Windows, and preserves profiling information by default when saving log files.

On May 3rd, released Nmap v4.62. Check the changelog for all the details.

On April 30th, Ophcrack v3.0 was released. Ophcrack is a Windows password cracker based on a time-memory trade-off using rainbow tables. This is a new variant of Hellman's original trade-off, with better performance.

US State Dept: Country Reports on Terrorism

U.S. law requires the Secretary of State to provide Congress, by April 30 of each year, a full and complete report on terrorism with regard to those countries and groups meeting criteria set forth in the legislation. This annual report is entitled Country Reports on Terrorism. Beginning with the report for 2004, it replaced the previously published Patterns of Global Terrorism.


Check out the Shimron Letters Blog for some of the highlights related to Africa.

Mars Phoenix Lander Phones Home

Via NYTimes -

A satellite radio that carries signals and commands to the Mars Phoenix lander restarted last night, ending a one-day delay in the robotic explorer’s deployment on the Martian surface.

The UHF radio on the Mars Reconnaissance Orbiter satellite shut down on Tuesday, blocking communications between mission controllers and the newly arrived spacecraft. In a statement posted to the Web site of the National Aeronautics and Space Administration late on Tuesday, the balky orbiter “successfully received information from the Phoenix lander and relayed the information to Earth. The relayed transmission included images and other data collected by Phoenix during the mission’s second day after landing on Mars.”

The cause of the glitch is undetermined, according to the NASA statement. During the radio silence, the lander carried out instructions that had been sent on Monday.

In a press conference on Tuesday, mission officials displayed startlingly clear photos taken by the orbiter of the lander on the Martian surface, its solar panels shining a brilliant bluish against the red soil. Other images showed the heat shield and parachute, along with the mark they made after crashing into the soil. A photograph from the lander showed the parachute and shield in the distance.

The lander’s Canadian-made weather monitoring station is also up and running, and in the Tuesday press conference included a slide of a mock weather report that showed the skies “sunny and clear,” with dust storm activity to the west and temperatures that ranged from minus 22 degrees Fahrenheit to minus 112 degrees.


Check out Tuesday's Astronomy Picture of the Day for a couple of Phoenix snapshots.

New Smart Phone Hack Could Expose Cell Network

Via DarkReading -

Researchers have hacked a built-in maintenance application found on many smart phones that could open the door to hacking the cellular network itself.

David Maynor, CTO for Errata Security, this weekend at the Summercon security confab in Atlanta will demonstrate a tool built by Errata that provides a peek into the inner workings of the cell network, such as the frequency at which a smart phone is operating. Maynor will also explain how he reverse engineered the so-called Field Test application found in Windows Mobile and Apple iPhone smart phones in advance of Errata's building the tool.

Errata calls its hack “cellular spelunking,” and will release the source code for its new tool in conjunction with Maynor’s presentation. Maynor says the tool is aimed at cell network providers and smart phone manufacturers, as well as “people who want to know how cell networks work.”
“I don’t know why these [maintenance] apps are on a phone for consumers,” says Maynor, who says his demo won’t contain any potentially unlawful or malicious hacking activities. “If you start looking at security as whole, mobile devices are a larger concern... This is really an unexplored area of security.”

Maynor says Errata didn’t exploit any vulnerabilities in the hack -- that wasn’t necessary, he says. “This weakness in the phone leads to a greater understanding of the network as a whole.”

Oklahoma Auctions Tax Data-Loaded Drive

Via SecurityProNews -

A computer labeled as coming from the Oklahoma Tax Commission ended up in an auction with personally identifiable information, including Social Security numbers, intact and unencrypted.

With governments like these, who needs enemies? Grifters seeking financial gain at the expense of others don't need to work on botnets or spam Trojans to millions of people, if more locales plan to auction off PC hardware without scrubbing it first.

Granted, my idea of secure hard drive disposal involves degaussers, industrial grinders, and an intense smelting process for the bits; that may be a little excessive, especially when government budgets come into the picture.

But the report at in Oklahoma beggars belief. Any mildly competent security pro should be aghast at how one man managed to purchase 50 computers from a government auction and end up with a treasure trove of personal data on one of them.

Joe Sill found thousands of entries from 2003 about state citizens, including names, addresses, and Social Security numbers, on the machine in question. Such details easily enable identity theft for criminals.

Oklahoma government types said in the report they're trying to figure out what happened. They also plan to enact a new policy prohibiting machines from leaving with their hard drives.

They plan to erase such drives, but the nominal cost of storage these days ought to prompt a different course of action from them. Drives on machines destined for auction should be erased and physically destroyed.

There is no plausible reason to do otherwise. Any techie buying a computer at auction likely knows how to drop in a new hard drive on a deeply discounted machine. As long as the auction says "HD not included," no one should be willing to complain.



Royal Flag Comes Down at Nepal Palace

Via AP -

KATHMANDU (AFP) — The royal flag was taken down from Nepal's royal palace Thursday as the Himalayan nation celebrated a vote consigning its centuries-old monarchy to the history books and declaring a republic.

The country was marking late Wednesday's decision by a Maoist-dominated constitutional assembly with a two-day public holiday, and King Gyanendra -- facing a two-week deadline to leave -- was said to be packing his bags.

"The royal flag was replaced by Nepal's national flag inside the palace," a palace source said. "The flag has been changed as part of the government decision to implement a republic."

In a landmark vote capping a peace accord between the Maoists and mainstream parties, lawmakers voted just before midnight on Wednesday to abolish the 240-year-old Hindu monarchy and establish a secular republic.

It also ordered that the main palace in Kathmandu be turned into a museum.

Nepal's army, long seen as a bastion of royal support, said it will respect the verdict of the assembly.

And according to prominent royal watcher Kishore Shrestha, the editor of the Nepali-language weekly newspaper Jana Aastha, the king was packing up and could move to a royal lodge on the outskirts of Kathmandu on Friday.

Some revellers tried to celebrate near the palace, but were beaten back by police who have kept the area sealed off for several days. At least five people, including one police officer, were injured in the skirmishes.

The Maoists, clear winners of last month's elections to the constitutional assembly, waged a decade of war to overthrow what they view as a backward, caste-ridden structure that kept most of Nepal's 29 million people living in dire poverty.

They have repeatedly warned Gyanendra he faces "strong punishment" if he refuses to bow out gracefully.

"It's a great day for Nepal," said Damodar Mainali, 20, a Kathmandu resident celebrating the radical change for the impoverished country. "The new Nepal belongs to people like me."
Maoist spokesman Krishna Bahadur Mahara said Nepal was now free of "feudal tradition," and promised "a radical social and economic transformation."

Many ordinary Nepalese are delighted to see the back of the dour, unpopular king as well as his son and would-be heir, Paras -- notorious for his playboy lifestyle.

Wednesday, May 28, 2008

UK Turns CCTV, Terrorism Laws on Pooping Dogs

Via CNET -

The United Kingdom has the most surveillance cameras per capita in the world. With the recent news that CCTV cameras do not actually deter crime, how can the local town councils justify the massive surveillance program? By going after pooping dogs.

In a recent interview with The Guardian, the head of the Metropolitan Police's Visual Images Office explained the failings of CCTV:

"Billions of pounds has been spent on it, but no thought has gone into how the police are going to use the images and how they will be used in court. It's been an utter fiasco: only 3 percent of crimes were solved by CCTV. There's no fear of CCTV. Why don't people fear it? (They think) the cameras are not working."

Conjuring up the bogeymen of terrorists, online pedophiles and cybercriminals, the U.K. passed a comprehensive surveillance law, The Regulation of Investigatory Powers Act, in 2000. The law allows "the interception of communications, carrying out of surveillance, and the use of covert human intelligence sources" to help prevent crime, including terrorism.

Recent reports in the U.K. media indicate that the laws are being used for everything but terrorism investigations:
  • Derby City Council, Bolton, Gateshead, and Hartlepool used surveillance to investigate dog fouling.
  • Bolton Council also used the act to investigate littering.
  • The London borough of Kensington and Chelsea conducted surveillance on the misuse of a disabled parking pass.
  • Liverpool City Council used Ripa to identify a false claim for damages.
  • Conwy Council used the law to spy on a person who was working while off sick.

Privacy activists were, unsurprisingly, up in arms. Shami Chakrabarti, director of human rights group Liberty, told the BBC that "you don't use a sledgehammer to crack a nut, nor targeted surveillance to stop a litter bug." Liberty and other groups have called for a complete review of the law and its unplanned uses.

Is this surprising? Not really. Just as we've seen in the U.S., once law enforcement and intelligence agencies are given new unchecked powers, abuse tends to happen. The more secretive and unchecked the powers, the more widespread the abuse.


Also, I would like to comment on the media reports of a possible Al-Qaeda video related to the use of WMDs against the West.

As far as I can tell, a Unofficial compilation video entitled "Nuclear Jihad - The Ultimate Terror" was posted this week to a known terror-related forum. The video is a 128MB RealVideo Variable Bit Rate File.

Again, as far as I can tell, this video is just pieces of other videos mashed together and does not appear to have been created by Al-Qaeda or its official media wing.

Motorola RAZR JPG Processing Stack Overflow

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Motorola RAZR firmware based cell phones. User interaction is required to exploit this vulnerability in that the target must accept a malicious image sent via MMS.

The specific flaw exists in the JPEG thumbprint component of the EXIF parser. A corrupt JPEG received via MMS can cause a memory corruption which can be leveraged to execute arbitrary code on the affected device.


Check out Nate's writeup on ZDNet as well.

I don't know about other AT&T Razr users but in the past I have had a very very hard time finding software updates for my phone. Basically, I haven't found any....ever.

Even when other vendors are updating their Razr phones - Verizon, T-mobile, Sprint, etc.

I won't know what AT&T's deal is..but it is not cool.

Sunday, May 25, 2008

NIST Releases XML Design Tool

Via GCN -

The National Institute of Standards and Technology has released a tool for checking whether your Extensible Markup Language schema meets guidelines for well-formed schemata.

Schema Quality of Design Tool (QOD) can use guidelines set forth by users, or use those already established by other parties, such as those developed by the Internal Revenue Service, the Department of the Navy or the Open Applications Group.

"Consistent design of XML schemas within an organization or single integration project can reduce the number and the severity of interoperability problems," the software's Web site states. "In addition, this consistency makes the XML schema easier to extend, understand, implement, and maintain; and, it paves the way for automated testing and mapping. Applying best practices is one way to achieve this design consistency."

NIST's Manufacturing Systems Integration Division's Manufacturing Engineering Laboratory developed the checker, under its Manufacturing Interoperability Program.

n addition to QOD, the program has developed other free tools for creating and editing XML schemas, such as a content checker, naming assister and schema editor.

Coverity Open Source Report 2008

Via GCN -

A two-year study of more than 55 million lines of code showed that open-source systems include a variety of errors that closely track those found in software written for proprietary systems.

The incidence of those errors in open-source code is declining, according to a study that the Homeland Security Department funded. The department hired Coverity to analyze more than 55 million lines of code in two years as part of the government’s Open Source Code Hardening Project.

Coverity used its Scan service to help open-source developers improve their products' security by pinpointing and categorizing code flaws. Scan uses the company's widely deployed Coverity Prevent static source-code analysis system.

The two-year project covered more than 250 popular open-source projects.

Open-source software products are improving in quality and security, according to the study.
Using the Scan service, researchers detected a 16 percent reduction in source code errors, based on a measure known as static analysis defect density, during the past two years. Project researchers cited a report from Gartner that states that by 2012, as many as four-fifths of all commercial software will include open-source code.

The Scan site sorts open-source projects into rungs based on their success in eliminating defects, Coverity said. “Projects at higher rungs receive access to additional analysis capabilities and configuration options,” it said. “Projects are promoted as they resolve the majority of defects identified at their current rung.”

“The continued improvement of projects that already possess strong code quality and security underscores the commitment of open-source developers to create software of the highest integrity,” said David Maxwell, open-source strategist at Coverity.

The company said its initial two-year DHS contract is ending, and Coverity will continue to operate the Scan site because of the favorable response the project has received from software developers and others in the open-source community.

The full Open Source Report 2008 is available here.


It is sad to see this awesome project come to an end....

Here are a couple of highlights from the full report.

• The overall quality and security of open source software is improving – Researchers at the Scan site observed a16% reduction in static analysis defect density over the past two years

• Prevalence of individual defect types – There is a clear distinction between common and uncommon defect typeacross open source projects

• Code base size and static analysis defect count – Research found a strong, linear relationship between these two variables

• Function length and static analysis defect density – Research indicates static analysis defect density and functiolength are statistically uncorrelated

• Cyclomatic complexity and Halstead effort – Research indicates these two measures of code complexity are signifcantly correlated to codebase size

• False positive results – To date, the rate of false positives identifed in the Scan databases averages below 14%

New Google Service Could Help Users Browse Safe

Via -

Google is now sharing details on why its automatic search deems certain Websites risky.
The search giant this month quietly added a new, free service called the
Safe Browsing Diagnostic Page that tells whether a site flagged by Google as potentially dangerous is hosting malware, or helps distribute malware, for instance.

Google’s new diagnostics service provides information about any bad behavior by the site within the past 90 days. The idea is to give owners of the compromised Websites more information to assist in their remediation and cleanup of the site, and to provide users more information on why the site has been flagged.

The search giant’s automatic flagging of potentially risky Websites has been “highly accurate,” according to Niels Provos, senior staff engineer for Google, but it wasn’t easy for Webmasters and users to verify the results. “Attackers often use sophisticated obfuscation techniques or inject malicious payloads only under certain conditions,” Provos wrote in the Google security blog. “With that in mind, we've developed a Safe Browsing diagnostic page that will provide detailed information about our automatic investigations and findings.”

"For users, this increases confidence in our findings. For Webmasters, this information may assist them in cleaning up their servers," Provos told Dark Reading.

Google’s new service got a nod of approval from security watchdog for pulling back the covers on Google’s site-flagging process. “We’d like to applaud Google for taking this step in greater transparency. This new resource should help website owners in cleaning and securing their sites faster, which will help protect even more internet users,”’s Erica George wrote in the organization’s blog yesterday.

Provos says the diagnostics page provides the current listing status of a site, as well as whether the site or some of its pages had been listed by Google in the past as dangerous. It also details what occurred when Google analyzed the page, when it was detected to be malicious, and what type of malware it contained, for example. Google now also reveals whether the flagged site was serving malware to users, or if it served as an intermediary for malware distribution.


Developers should check out the new Google Safe Browsing API as well.

Friday, May 23, 2008

Mars Phoenix Lander Set for Touchdown on Sunday

Via -

After years of planning followed by a ten-month journey, the Mars Phoenix Lander is slated to touch down Sunday near the red planet's north pole.

If successful, the probe will be the first lander to reach a Martian pole and the first to actually touch the planet's water ice.

What's more, it could settle the debate over whether Mars was once suitable for life.

As Phoenix closed in on the last miles of its journey, NASA scientists were gearing up for the "seven minutes of terror" that could make or break the U.S. $420-million mission.

"Approximately 14 minutes before touchdown, the vehicle separates from its cruise stage," Barry Goldstein, Phoenix project manager at the Jet Propulsion Laboratory in California, said at a recent press conference.

"At this point we lose communication from the vehicle."

Once the craft reaches Mars's atmosphere, the next critical seven minutes make up what's known as the Entry, Descent, and Landing (EDL) phase.

Screaming down at about 12,600 miles (20,270 kilometers) an hour, the craft must open a parachute to slow itself for a three-minute glide to the surface about 70 miles (113 kilometers) below.

The craft's landing sequence then includes steps such as jettisoning its heat shield, extending its legs, and firing its landing thrusters.

"There are 26 pyrotechnic events, and each of those have to work perfectly for this to go as planned," Goldstein said. "Getting EDL communication [at touchdown]—that'll be the three seconds that I am really biting my nails over."

Facebook Vulnerable to XSS - 70 Million Users At Risk

Via -

Mox has submitted a critical cross-site scripting vulnerability affecting - according to Alexa is currently ranked the 7th most used site on the web.

Malicious people can exploit this issue to execute script code in the context of Facebook or obtain sensitive information from its users, such us cleartext authentication credentials with a fake login form.

It should be noted that this XSS vuln leaves millions of unsuspecting Facebook users vulnerable to malware, spyware and adware infection.


Check the link above for the actually XSS attack vectors...

Thursday, May 22, 2008

Refurbished iPhones Could Hold User Data

Via Engadget -

It looks like you might have to think twice before flipping that old iPhone on eBay when the 3G version finally hits -- it appears that restoring the phone doesn't actually erase the contents of the flash, meaning that your data is available to anyone with the proper tools until it's overwritten. Making matters worse, it appears that Apple doesn't do a low-level format when refurbishing iPhones either -- an Oregon State Police detective was able to use forensic software to pull files, emails, and screenshots off an out-of-the-box refurbished iPhone. This actually shouldn't be surprising to anyone -- we've seen several utilities that access "deleted" portions of storage -- but since Apple doesn't provide users direct access to the iPhone's filesystem, it's basically impossible to clear your personal data off the device short of restoring and filling the disk with junk data. Hopefully iPhone 2.0's Exchange-based "remote wipe" feature is a bit more secure, eh?


Yet another reason to show why using iPhones in corporate situations is a bad idea...

Retired Professor Accused of Providing Military Data to Chinese

Via FoxNews -

A 70-year-old retired professor has been charged with plotting to defraud the U.S. Air Force and illegally disclose restricted data about military drones to foreign nationals, including persons in China.

A federal grand jury in Tennessee returned a 18-count indictment Tuesday charging J. Reece Roth, a professor emeritus at the University of Tennessee, as well as Atmospheric Glow Technologies, or AGT, a Knoxville, Tenn.-based technology company.

The indictment accuses Roth and AGT of conspiring between January 2004 to May 2006 to convey information about an Air Force contract to foreign nationals, including a citizen of China who was attending the University of Tennessee as a graduate research assistant.

Prosecutors also say Roth traveled to China in May 2006 with multiple documents related to the contract to build the drones, and he is accused of electronic transmission of a military document containing restricted data to a person in China.

The investigation was conducted by the FBI, Immigration and Customs Enforcement, the Air Force and the Department of Commerce's Office of Export Enforcement, with the cooperation of the University of Tennessee.

"Whenever restricted U.S. military data is illegally disclosed to foreign nationals, America's security is put at risk. Today's indictment demonstrates just how seriously we view such violations," Assistant Attorney General Patrick Rowan said.

Roth, who lives in Knoxville, faces maximum penalties of 5-20 years in prison and fines of up to $1 million for each count.

Conservative UK Lawmakers Pledge to Curb Use of CCTV Cameras

Via Telegraph UK -

A Conservative government would put strict new limits on the use of surveillance cameras, David Davis, the shadow home secretary, pledged on Tuesday night.

Mr Davis told the Society of Conservative Lawyers that the widespread use of closed circuit television (CCTV) risks infringing civil liberties.

He proposed new rules on the use of CCTV and penalties for people and bodies that use the cameras to invade the privacy of the public. He also promised measures to improve the quality of CCTV footage to aid prosecutions.

Mr Davis said: "There is no argument for having CCTV which both infringes on our civil liberty but is of such poor quality it does nothing to protect us or provide evidence to bring perpetrators of crime to justice - as happens now.

"Conservatives would ensure any CCTV has to be maintained at sufficiently high standard to provide evidence admissible in court.

"We would also strictly limit access to these images to the police and other relevant agencies until they get to court, and set a mandatory punishment for breaches of these rules that infringe the privacy of the individual."

Britain is one of the heaviest users of CCTV in the world, with more than 4.2 million CCTV cameras across the country, one for every 14 people.

But there are growing questions about the cameras' value.

Det Chief Insp Mick Neville, the officer in charge of CCTV for the Metropolitan Police, last month warned that the surveillance systems are often ineffective because they are badly maintained or sited, or their footage is not properly monitored and used.

Graeme Gerrard, the head of CCTV at the Association of Chief Police Officers, has said cameras often fail to act as a deterrent for drunken yobs in town centres.

About £200 million has been spent on erecting more CCTV cameras across the country over the past 10 years, leading the Information Commissioner, Richard Thomas, recently to refer to "surveillance Britain".

Wednesday, May 21, 2008

UK Gov Considers Phone Call & E-mail Database

Via BBC -

Ministers are to consider plans for a database of electronic information holding details of every phone call and e-mail sent in the UK, it has emerged.

The plans, reported in the Times, are at an early stage and may be included in the draft Communications Bill later this year, the Home Office confirmed.

A Home Office spokesman said the data was a "crucial tool" for protecting national security and preventing crime.

Ministers have not seen the plans which were drawn up by Home Office officials.

A Home Office spokesman said: "The Communications Data Bill will help ensure that crucial capabilities in the use of communications data for counter-terrorism and investigation of crime continue to be available.

"These powers will continue to be subject to strict safeguards to ensure the right balance between privacy and protecting the public."

The spokesman said changes need to be made to the Regulation of Investigatory Powers Act 2000 "to ensure that public authorities can continue to obtain and have access to communications data essential for counter-terrorism and investigation of crime purposes".

But the Information Commission, an independent authority set up to protect personal information, said the database "may well be a step too far" and highlighted the risk of data being lost, traded or stolen.

Assistant information commissioner Jonathan Bamford said: "We are not aware of any justification for the state to hold every UK citizen's phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable.

"Defeating crime and terrorism is of the utmost importance, but we are not aware of any pressing need to justify the government itself holding this sort of data."

Tuesday, May 20, 2008

Permanent Denial-of-Service Attack Sabotages Hardware

Via DarkReading -

You don’t have to take an ax to a piece of hardware to perform a so-called permanent denial-of-service (PDOS) attack. A researcher this week will demonstrate a PDOS attack that can take place remotely.

A PDOS attack damages a system so badly that it requires replacement or reinstallation of hardware. Unlike the infamous distributed denial-of-service (DDOS) attack -- which is used to sabotage a service or Website or as a cover for malware delivery -- PDOS is pure hardware sabotage.

“We aren't seeing the PDOS attack as a way to mask another attack, such as malware insertion, but [as] a logical and highly destructive extension of the DDOS criminal extortion tactics seen in use today,” says Rich Smith, head of research for offensive technologies & threats at HP Systems Security Lab.

Smith says a PDOS attack would result in a costly recovery for the victim, since it would mean installing new hardware. At the same time, it would cost the attacker much less than a DDOS attack. “DDOS attacks require investment from an attacker for the duration of the extortion -- meaning the renting of botnets, for example,” he says.

Smith will demonstrate how network-enabled systems firmware is susceptible to a remote PDOS attack -- which he calls “phlashing” -- this week at the EUSecWest security conference in London. He’ll also unveil a fuzzing tool he developed that can be used to launch such an attack as well as to detect PDOS vulnerabilities in firmware systems.

His so-called PhlashDance tool fuzzes binaries in firmware and the firmware’s update application protocol to cause a PDOS, and it detects PDOS weaknesses across multiple embedded systems.

Sunday, May 18, 2008

D.O.M Defacement Group Members Arrested in Spain

Via -

Members of D.O.M - group, that mirrored defacements in our defacement archive - were arrested by Spanish police. Five members are suspected of "hacking into or outright disabling thousands of Internet pages", AP informed recently.

Members of the group are at age 16 to 20. Investigation started as the group defaced website of a Spanish political party Izquierda Unida shortly after general election in March.List of D.O.M defacements from our archive can be viewed here.

Saturday, May 17, 2008

Tang Bomb: Liquid Explosives Are the New 'Weapon of Choice'

Via FOX News -

Tang, peroxide and a disposable camera — items you may very well have in your home — can be a deadly mix.

Far-fetched as it sounds, bombs made from hydrogen peroxide and the breakfast powder drink Tang could have taken down seven planes bound for the U.S. and Canada — using flash cameras to trigger the explosions.

A British court saw video evidence this week of the "liquid explosives plot," an alleged terrorist cabal British police say they thwarted in August 2006. The suspects allegedly had planned to use common household chemicals to mix bombs while aboard jets flying over the Atlantic.

The alleged plot, and the excellent police work that went into busting it, resulted in the tough carry-on restrictions passengers face before boarding an airplane. Knowing the dangers of liquid explosives should make the hassle of tossing your bottles when traveling a lot easier to bear.
Peter Wright, a lawyer prosecuting the case in London against eight of the 18 accused suspects, called the bombs "a deadly cargo." It's a simple one, too.

Prosecutors say the alleged terrorists intended to carry the components on board each plane to form a bomb.

One was a mix of hydrogen peroxide and Tang. The citric acid in the Tang acts as a catalyst, making the mixture deadly.

The other component is a mixture known as HMTD — hexamethylene triperoxide diamine, a chemical cocktail made from readily available household and commercial ingredients. HMTD is extremely unstable and can be set off by heat, movement and even contact with metal.

Prosecutors say the suspects had planned to hide the Tang-and-bleach mixture in plastic soda bottles and the HMTD in hollowed-out AA batteries. The initial charge would have been set off in the HMTD, causing a larger explosion.

According to Erroll Southers, the chief of intelligence and counterterrorism at Los Angeles International Airport, peroxide-based bombs are on the rise all over the world.

"Peroxide-based explosives are the weapon of choice in the Middle East," he said. "They leave no residue, they’re extremely volatile, they’re easy to make and they’ve been quite effective."
Just one bottle-sized bomb could be powerful enough to rip a hole in a plane’s hull — certain tragedy for the passengers aboard the seven targeted flights.

Prosecutors say the attack was planned for between August and December, two of the busiest months of the year for air travel. Had the planes been full, nearly 2,000 people would have been killed.

Jurors in the trial were shown video of what those explosions would have looked like. Scientists at the Forensic Explosives Laboratory in London re-created the device, but as a precaution they left the testing area and had a robotic arm mix the deadly chemicals.

It was a smart move: The tiny bomb destroyed one of the video cameras and sprayed the lab with pieces of the protective walls meant to contain the blast.

Next time you're feeling inconvenienced because you can't take a bottle of shampoo or soda pop through security, think again. Those restrictions at the gate are there to ensure that you'll reach your destination safe and sound.

French Arrest Ten in Connection with Terror Probe

Via -

Authorities in France, Germany and the Netherlands on Friday detained at least 10 people suspected of helping to fund al-Qaeda-linked militants with roots in Uzbekistan, officials said.

One suspect was detained in Germany, another in the Netherlands, with the rest detained in France, said a senior French police official who was only authorized to discuss the arrests on condition of anonymity.

The suspects' nationalities were not given but officials said they were Turkic-speaking.
French police suspect they collected funds for the Islamic Movement of Uzbekistan, a militant group said by the United States to have close ties to al-Qaeda.

The senior official described the arrests as "preventative" because the funds thought to have been collected were not known to have been used to carry out terror attacks.

MUTO: A Wall-Painted Animation by BLU

Freaking awesome...

thanks to Katie B. for the link...

UK Shops Track Customers by Phone IMEI Code

Via Times Online -

Customers in shopping centres are having their every move tracked by a new type of surveillance that listens in on the whisperings of their mobile phones.

The technology can tell when people enter a shopping centre, what stores they visit, how long they remain there, and what route they take as they walked around.

The device cannot access personal details about a person’s identity or contacts, but privacy campaigners expressed concern about potential intrusion should the data fall into the wrong hands.

The surveillance mechanism works by monitoring the signals produced by mobile handsets and then locating the phone by triangulation – measuring the phone’s distance from three receivers.

It has already been installed in two shopping centres, including Gunwharf Quays in Portsmouth, and three more centres will begin using it next month, Times Online has learnt.

The company that makes the dishes, which measure 30cm (12 inches) square and are placed on walls around the centre, said that they were useful to centres that wanted to learn more about the way their customers used the store.

A shopping mall could, for example, find out that 10,000 people were still in the store at 6pm, helping to make a case for longer opening hours, or that a majority of customers who visited Gap also went to Next, which could useful for marketing purposes.

In the case of Gunwharf Quays, managers were surprised to discover that an unusually high percentage of visitors were German - the receivers can tell in which country each phone is registered - which led to the management translating the instructions in the car park.

The Information Commissioner's Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset's IMEI code - a unique number given to every device so that the network can recognise it.

But an ICO spokesman said, "we would be very worried if this technology was used in connection with other systems that contain personal information, if the intention was to provide more detailed profiles about identifiable individuals and their shopping habits.”

PayPal XSS Vulnerability Undermines EV SSL Security

Via NetCraft -

A security researcher in Finland has discovered a cross-site scripting vulnerability on that would allow hackers to carry out highly plausible attacks, adding their own content to the site and stealing credentials from users.

The vulnerability is made worse by the fact that the affected page uses an Extended Validation SSL certificate, which causes the browser's address bar to turn green, assuring visitors that the site – and its content – belongs to PayPal. Two years ago, a similar vulnerability was discovered on a different page of the PayPal site, which also used an SSL certificate.

Harry Sintonen discovered the vulnerability and announced it to other web application security specialists in an Internet Relay Chat (IRC) channel today. Sintonen told Netcraft that the issue was critical, adding that, "you could easily steal credentials," and, "PayPal says you can trust the URL if it begins with," which is not true in this case.

While SSL certificates do indeed provide a higher level of assurance when it comes to site ownership, they cannot guarantee that a site is free from other security problems – including cross-site scripting. There are concerns that hackers may exploit misunderstandings in the significance of the green address bar for their own benefit, piggybacking off the trust that is instilled by EV certificates. Users need to be aware that a green address bar does not guarantee the origin of a page's contents if there is a cross-site scripting vulnerability on that page.

The vulnerability comes to light only a month after PayPal published a practical approach to managing phishing on their blog, which extols the use of Extended Validation certificates in preventing phishing. The document describes browsers that do not support EV certificates as "unsafe" and announces the company's plans to block customers from accessing their website from the most unsafe browsers.

PayPal was one of the first companies to adopt EV certificates and the company says it has seen noticeably lower abandonment rates on signup flows for Internet Explorer 7 users versus other browsers. According to the document, PayPal believe this correlates closely to user interface changes triggered by their use of EV certificates.

DNS Trouble Knocks NSA off Internet

Via PC World -

A server problem at the U.S. National Security Agency has knocked the secretive intelligence agency off the Internet.

The Web site was unresponsive at 7 a.m. Pacific time Thursday and continued to be unavailable throughout the morning for Internet users.

The problem was resolved at around 11 a.m. Pacific time, according to Web site measurement company Netcraft.

The Web site was unreachable because of a problem with the NSA's DNS (Domain Name System) servers, said Danny McPherson, chief research officer with Arbor Networks. DNS servers are used to translate things like the Web addresses typed into machine-readable Internet Protocol addresses that computers use to find each other on the Internet.

The agency's two authoritative DNS servers were unreachable Thursday morning, McPherson said.

Because this DNS information is sometimes cached by Internet service providers, the NSA would still be temporarily reachable by some users, but unless the problem is fixed, NSA servers will be knocked completely off-line. That means that e-mail sent to the agency will not be delivered, and in some cases, e-mail being sent by the NSA would not get through.

"We are aware of the situation and our techs are working on it," a NSA spokeswoman said at 9:45 a.m. PT. She declined to identify herself.


There are three possible reasons the DNS server was knocked off-line, McPherson said. "It's either an internal routing problem of some sort on their side or they've messed up some firewall or ACL [access control list] policy," he said. "Or they've taken their servers off-line because something happened."

That "something else" could be a technical glitch or a hacking incident, McPherson said.
In fact, the NSA has made some basic security mistakes with its DNS servers, according to McPherson. The NSA should have hosted its two authoritative DNS servers on different machines, so that if a technical glitch knocked one of the servers off-line, the other would still be reachable. Compounding problems is the fact that the DNS servers are hosted on a machine that is also being used as a Web server for the NSA's National Computer Security Center.

"Say there was some Apache or Windows vulnerability and hackers controlled that server, they would now own the DNS server for," he said. "That really surprised me. I wouldn't think that these guys would do something like that."

The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyber attacks, so the outage is an embarrassment for the agency.

"I am certain that someone's going to send an e-mail at some point that's not going to get through," McPherson said. "If it's related to national security and it's not getting through, then as a U.S. citizen, that concerns me."

Major Cyberterrorism Meeting Scheduled for Next Week

Via -

A meeting next week in Malaysia being billed as the largest minister-level summit ever held on cyberterrorism will kick off an international partnership of more than 30 countries to study and respond to high-level cybersecurity threats.

The International Multilateral Partnership Against Cyber-Terrorism (IMPACT) is the brainchild of the prime minister of Malaysia, who saw the need for such an organization during the World Congress of Information Technology in Texas in 2005. Funded by a $30 million startup grant from Malaysia, the organization will hold a World Cyber Security Summit next week in conjunction with the WCIT in Kuala Lumpur.

More than 40 countries have been invited to attend, including Australia, Canada, India, Japan, Malaysia, Mexico, Saudi Arabia, Singapore, South Korea, Thailand and the United States.

“We still have not received confirmation of which agency will represent the U.S. government,” IMPACT Chairman Mohd Noor Amin said in a conference call announcing the formation of the group.

Amin said President Bush was one of the first world leaders informed of the creation of the organization and that the president was supportive and offered U.S. support.

Although the organization has not yet established a formal membership, its advisory board includes representatives from companies including Symantec, Trend Micro and Kaspersky Labs, in addition to former presidential adviser Howard Schmidt and Internet guru Vint Cerf.

A cooperative international approach to cyberthreats is essential because the threats themselves often are multi- or extra-national. “Typically, governments have approached cybersecurity as a domestic policy issue,” Amin said.

The U.S. National Strategy to Secure Cyber Space, multiple public-private partnerships and regional gatherings such as the G8 meetings are all helpful but inadequate, Schmidt said.

“This gives us a much broader perspective,” he said. “Just having North America or a European country doing their part to secure themselves does not make the world a more secure place.”

IMPACT’s focus will be on cyberterrorism rather than on the entire range of online crime and hacking activities.

“The term cyberterrorism means different things to different people,” Amin said. IMPACT will be focusing on what he called the upper end of cyberthreats, those with the potential or intention of causing significant damage, either economically or to life and limb — events that rise to the level of immediate security concerns for governments.

Among the countries that will be participating in the inaugural meeting are China and Russia, two nations that have posed cyberthreats to the United States. Russia apparently has been home to organized rings involved in the online theft of personally identifiable information used in identity theft, and China has been identified as a source of persistent attempts to breach U.S. information systems. China is believed to be pursuing a cyberwarfare capability.

Amin said all governments have a vested interest in a secure cyberspace, and he expects a high level of international cooperation.

How Information Escapes From a Black Hole

Via -

If a black hole eats a book, what happens to the information? The latest work from a team of physicists says that in the distant future, the black hole eventually spits out the book's full contents. Even a black hole can't destroy information.


Now Ashtekar and colleagues Victor Taveras and Madhavan Vadararajan at Pennsylvania State have put that idea on a firmer footing. They set up quantum equations for the space-time geometry of a black hole, but in a "flatland" universe with just one space and one time dimension. "The equations are similar, and fortunately also much simpler," Ashtekar told New Scientist.

He and his team have traced the quantum state of their simplified black hole as it forms and evolves. In their model, there is no singularity, no edge to space-time, so all the information is preserved.

Eventually the black hole will slowly evaporate in a process called Hawking radiation, and the information will re-emerge. By collecting and analysing that radiation it would be possible in theory to find out what went into the black hole, and even to read any books that fell in.
"If we know the details of quantum gravity, then theoretically we will be able to run the movie backwards and say exactly how the black hole formed," says Ashtekar.

In practice, there would be a few snags. For any reasonable-sized black hole, Hawking radiation is so weak that it will take an immense amount of time to evaporate, vastly longer than the current age of the universe. And although the information would be there in principle, decoding it is liable to be unimaginably complicated.

Journal reference: Physical Review Letters (forthcoming)


I have been reading a lot about information theory recently and it is truly a amazing idea. Computer science and cryptanalysis were born from information theory.

In the world of information security, we routinely quantify information to assess security risk. However, it isn't easy look around and understand that information is everywhere and contained in everything. It is measurable, just like weight or height.

Every atom, every light ray...every breath is controlled by information...quantum information.

If you are new to information theory, I would highly recommend "Decoding the Universe: How the New Science of Information Is Explaining Everything in the Cosmos, from Our Brains to Black Holes".

Friday, May 16, 2008

Rootkits Coming to Cisco ISO Routers

Via The Register UK -

Security researchers have devised a rootkit capable of covertly monitoring and controlling Cisco routers.

Sebastian Muniz, of Core Security, plans to demo Cisco IOS rootkit software he developed during a presentation at the EuSecWest conference in London on 22 May.

Muniz's is reckoned to be the first researcher to apply rootkits to systems running Cisco IOS software. His work builds on the pioneering work of security researcher Michael Lynn, who controversially demonstrated interactive shell code for Cisco’s proprietary Internetworking Operating System (IOS) during Blackhat 2005.

Muniz has developed techniques for applying rootkit technology to embedded systems, such as routers running Cisco IOS. He is due to repeat a demo of his software at the Black Hat conference in Vegas in August, as an abstract for his proposed talk explains.
Different ways to infect a target IOS will be shown like run-time patching and image binary patching. To discuss the binary patching technique from a practical point of view, a set of Python scripts that provides a the methods to insert a generic rootkit implementation called DIK (Da Ios rootKit) will be introduced and it's done in plain C for IOS. Also other techniques like run-time image infection will be discussed in detail.

"An IOS rootkit is able to perform the tasks that any other rootkit would do on desktop computer operating systems," Muniz told IDG. Hackers hoping to plant the rootkit would first need to obtain admin login credentials so that they could install software on networking devices, perhaps by using a separate exploit. But once planted such rootkits could be used to carry out all sorts of mischief.

Muniz doesn't intend to release his software. He hopes his talk will dispel the belief that rootkits for networking kit are impossible in the same way that Lynn's talk showed how it might be possible to plant malware onto routers. Muniz explained: "I've done this with the purpose of showing that IOS rootkits are real, and that appropriate security measures must be taken".

Anonymous Mail Relay: We Do it For the Lulz

Non-Secure relaying Sendmail servers are fun....

Note: I know we misspelled "house", but that stuff happens when you are sending mail by hand with it was pretty early in the morning.

Thursday, May 15, 2008

Debain OpenSSL Predictable PRNG

Via -

The blacklists published by Debian and Ubuntu demonstrate just how small the key space is. When creating a new OpenSSH key, there are only 32,767 possible outcomes for a given architecture, key size, and key type. The reason is that the only "random" data being used by the PRNG is the ID of the process. In order to generate the actual keys that match these blacklists, we need a system containing the correct binaries for the target platform and a way to generate keys with a specific process ID. To solve the process ID issue, I wrote a shared library that could be preloaded and that returns a user-specified value for the getpid() libc call.


This will generate a new OpenSSH 1024-bit DSA key with the value of getpid() always returning the number "1". We now have our first pre-generated SSH key. If we continue this process for all PIDs up to 32,767 and then repeat it for 2048-bit RSA keys, we have covered the valid key ranges for x86 systems running the buggy version of the OpenSSL library. With this key set, we can compromise any user account that has a vulnerable key listed in the authorized_keys file. This key set is also useful for decrypting a previously-captured SSH session, if the SSH server was using a vulnerable host key. Links to the pregenerated key sets for 1024-bit DSA and 2048-bit RSA keys (x86) are provided in the downloads section below.


In the near future, this site will be updated to include a brute force tool that can be used quickly gain access to any SSH account that allows public key authentication using a vulnerable key.


Translation: All your SSH Key are belong to us.

For more information on this exploitation by HD Moore, check out Nate's ZDNet article.

If you are using SSH keys on either Debain and Ubuntu (or any Debain-based OS), it is highly recommended to get the fixed OpenSSL packages and to re-generated all SSH keys used for SSH access.

Wednesday, May 14, 2008

Fingerprints Help Crack iPhone PIN Security

Via ITToolbox -

I was helping a friend of mine with her new iPhone today. She finally gave in and bought one after watching me use mine on a daily (sometimes minute-by-minute) basis.

Like most new iPhone Users, she was constantly cleaning her screen after a few uses. (Note to friend: you'll get over that in a month or two)

I adjusted a few icons on her iPhone for her and returned the phone to her. She cleaned the screen again and locked it. A few seconds later, she received a SMS message and unlocked her phone. After logging into her phone she handed it to me and said that she had to use the "little girls' room" and would be right back - but would I please see why her iPhone wasn't retrieving her mail properly?

"Sure" I responded - but first I had to pour another cup of coffee. And wouldn't you know it - out of pure habit I locked her iPhone before I sat it down on her counter.

I picked up the phone with some coffee goodness on the table in front of me and swiped my finger across the screen to begin.

Oops! I'm prompted for a PIN number. Just as I was about to panic I realized that I could clearly see the smudges above each number on the PIN screen: 2, 5, 7 & 9. Gee, I wonder what her PIN could be?

2579? Nope.

2759? Nope.

2795? Nope.

I started cycling through combinations and wouldn't you know it...

5927... *click*. The iPhone was unlocked.

This made me wonder - Apple, why don't you offer a "scramble pad" feature on the iPhone?


This is pretty cool. Definitely not a new idea, as this technique as been used for access keypads and safe locks for quite sometime.

But it is a clear example, of how sometimes the smallest little thing can have a very big impact on security.

Hopefully, this isn't her ATM pin as well ;)

Internet Explorer "Print Table of Links" Cross-Zone Scripting Vulnerability

Aviv Raff posted the following vulnerability on his blog....the 0day treasure hunt is over.


Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its “Print Table of Links” feature. This feature allows users to add to a printed web page an appendix which contains a table of all the links in that webpage.

An attacker can easily add a specially crafted link to a webpage (e.g. at his own website, comments in blogs, social networks, Wikipedia, etc.), so whenever a user will print this webpage with this feature enabled, the attacker will be able to run arbitrary code on the user’s machine (i.e. in order to take control over the machine).

Affected version

Internet Explorer 7.0 and 8.0b on a fully patched Windows XP.

Windows Vista with UAC enabled is partially affected (Information Leakage only).

Earlier versions of Internet Explorer may also be affected.


A live proof-of-concept can be found at milw0rm.

Quantum Cryptography Not Yet Perfectly Secure

Via -

Quantum cryptography – commonly lauded as an absolutely secure avenue of data transfer – has been broken.

The advanced technology was thought to be unbreakable due to laws of quantum mechanics that state that quantum mechanical objects cannot be observed or manipulated without being disturbed.

In quantum cryptography, regular information is encrypted and decrypted with a quantum key. Any attempts to copy a quantum cryptographic key in transit will be noticeable as extra noise, and cause the communication to be aborted.

But a research team at Linköping University in Sweden claim that it is possible for an eavesdropper to extract the quantum cryptographic key without being discovered.

“We weren't expecting to find a problem in quantum cryptography, of course, but it is a really complicated system,” said Jan-Åke Larsson, an associate professor of Applied Mathematics at the University.

“The concern involves authentication, intended to secure that the message arriving is the same as the one that was sent,” he explained. “We have scrutinised the system as a whole and found that authentication does not work as intended.”

“The security of the current technology is not sufficient,” he said.

The currently-used Wegman-Carter authentication protocol requires users to share the key initially, before the quantum cryptographic channel is set up. This key is used to generate future quantum cryptographic keys.

By simultaneously manipulating the initial key and the regular message to be authenticated, an eavesdropper may compromise the security of quantum cryptographic authentication, the researchers suggest.

In a research paper, published in the International engineering journal IEEE Transactions on Information Theory, Larsson has proposed a change in the quantum cryptography process that he expects will restore the security of the technology.

The researchers propose an additional, non-quantum exchange of a small amount of random bits that are separate from the quantum key. The modification is not expected to produce noticeable degradations in the performance of a quantum cryptography system.

While the researchers note that it is difficult to exploit the recently-exposed security gap, Larsson recommends usage of the modification, or an equivalent extra security measure in quantum cryptography.

“With our alteration, quantum cryptography will be a secure technology,” he said.

Tuesday, May 13, 2008

China Inserts Cracks in Great Firewall for Olympics

Via -

Many foreigners who come to China for the Olympics will use the Internet to tell people back home what they have seen and to check what else has happened in the world.

The first thing they’ll probably notice is that China’s Internet seems slow. Partly this is because of congestion in China’s internal networks, which affects domestic and international transmissions alike. Partly it is because even electrons take a detectable period of time to travel beneath the Pacific Ocean to servers in America and back again; the trip to and from Europe is even longer, because that goes through America, too. And partly it is because of the delaying cycles imposed by China’s system that monitors what people are looking for on the Internet, especially when they’re looking overseas. That’s what foreigners have heard about.

They’ll likely be surprised, then, to notice that China’s Internet seems surprisingly free and uncontrolled. Can they search for information about “Tibet independence” or “Tiananmen shooting” or other terms they have heard are taboo? Probably—and they’ll be able to click right through to the controversial sites. Even if they enter the Chinese-language term for “democracy in China,” they’ll probably get results. What about Wikipedia, famously off-limits to users in China? They will probably be able to reach it. Naturally the visitors will wonder: What’s all this I’ve heard about the “Great Firewall” and China’s tight limits on the Internet?

In reality, what the Olympic-era visitors will be discovering is not the absence of China’s electronic control but its new refinement—and a special Potemkin-style unfettered access that will be set up just for them, and just for the length of their stay. According to engineers I have spoken with at two tech organizations in China, the government bodies in charge of censoring the Internet have told them to get ready to unblock access from a list of specific Internet Protocol (IP) addresses—certain Internet cafés, access jacks in hotel rooms and conference centers where foreigners are expected to work or stay during the Olympic Games. (I am not giving names or identifying details of any Chinese citizens with whom I have discussed this topic, because they risk financial or criminal punishment for criticizing the system or even disclosing how it works. Also, I have not gone to Chinese government agencies for their side of the story, because the very existence of Internet controls is almost never discussed in public here, apart from vague statements about the importance of keeping online information “wholesome.”)

Depending on how you look at it, the Chinese government’s attempt to rein in the Internet is crude and slapdash or ingenious and well crafted. When American technologists write about the control system, they tend to emphasize its limits. When Chinese citizens discuss it—at least with me—they tend to emphasize its strength. All of them are right, which makes the government’s approach to the Internet a nice proxy for its larger attempt to control people’s daily lives.

Disappointingly, “Great Firewall” is not really the right term for the Chinese government’s overall control strategy. China has indeed erected a firewall—a barrier to keep its Internet users from dealing easily with the outside world—but that is only one part of a larger, complex structure of monitoring and censorship. The official name for the entire approach, which is ostensibly a way to keep hackers and other rogue elements from harming Chinese Internet users, is the “Golden Shield Project.” Since that term is too creepy to bear repeating, I’ll use “the control system” for the overall strategy, which includes the “Great Firewall of China,” or GFW, as the means of screening contact with other countries.

Hackers Indicted for Sniffing Credit Cards from Dave & Busters

Via Wired Blog -

Three international hackers have been indicted for allegedly using "college-level knowledge of computer programming skills" to steal and sell credit card numbers from customers of Dave & Buster's restaurant chain, the Justice Department said Monday.

One of the men arrested, Maksym Yastremskiy, of Ukraine, was found in possession of millions of stolen credit card numbers, unrelated to the restaurant, on his laptop when the Turkish National Police arrested him in July. The indictments were unsealed Monday in the Eastern District of New York, and cover a 5-month-long intrusion last year into the Dallas-based eatery.

The case is the latest in a string of retail capers in which hackers burrowed into a company's network to intercept credit card transactions in real time. A similar attack, on a larger scale, played out at shoe retailer DSW in 2005, compromising 1.4 million customer records. And a prolonged infiltration of retail giant T.J. Maxx revealed last year exposed at least 45 million customers.

The government said the Dave & Buster's hackers illegally accessed 11 of the national chain's servers and installed packet sniffers at each location. The sniffers vacuumed up "Track 2" data from the credit card magstripes as it traveled from the restaurant's servers to Dave & Buster's headquarters in Dallas, according to the indictment.

At some point, the restaurant detected the intrusions and alerted authorities.

The authorities said a defect in the hackers' software program required them to regularly reactivate the packet sniffers when the restaurant's computers rebooted.

Track 2 data does not include an account holder's name but contains an account number, expiration date and security code contained in the second of two "tracks" inside a magnetic stripe on the back of a credit or debit card.

At one point, according to the indictment, the hackers scored 5,000 credit and debit card numbers from a Dave & Buster's restaurant in Islandia, NY. That information was allegedly sold to "others who, in turn, used the data to make fraudulent purchases at various retail locations and from various online merchants, causing losses of at least $600,000 to the financial institutions that issued the credit and debit cards."

Albert Gonzalez, whose home country was not immediately available, was accused of "supplying" the custom packet sniffer used in the caper. He was arrested in Miami days ago. An arrest warrant for Gonzalez describes the sniffer program as "efficient, well designed, and uses some algorithms and data structures that reflect college-level knowledge of computer programming skills, whether acquired through self-study ... or formal training."

A third defendant accused of the break-in, Aleksandr Suvorov, of Estonia, was arrested in March when he was in Germany. The United States is seeking his and Yastremskiy's extradition, the Justice Department said.

Monday, May 12, 2008

Humor: A Better Idea

Anatomy of Security-Enhanced Linux (SELinux)

Linux has been described as one of the most secure operating systems available, but the National Security Agency (NSA) has taken Linux to the next level with the introduction of Security-Enhanced Linux (SELinux). SELinux takes the existing GNU/Linux operating system and extends it with kernel and user-space modifications to make it bullet-proof. If you're running a 2.6 kernel today, you might be surprised to know that you're using SELinux right now! This article explores the ideas behind SELinux and how it's implemented.

Sharif's Party Quits Pakistan Government

Via -

ISLAMABAD (Reuters) - Former prime minister Nawaz Sharif pulled his party out of Pakistan's six-week-old coalition government on Monday, plunging the volatile Muslim nation back into political uncertainty.

Sharif, whose Pakistan Muslim League (Nawaz) was the second-largest member of a four-party alliance, made the announcement after failing to break a deadlock with its main coalition partner over the reinstatement of dismissed judges.

Sharif made the restoration of 60 judges sacked by President Pervez Musharraf in November the main condition for joining the coalition led by the party of Asif Ali Zardari, the widower and political successor of the late Benazir Bhutto.

Three days of talks in London between Sharif and Zardari, whose Pakistan People's Party (PPP) leads the coalition, ended on Sunday without any breakthrough.

"Our ministers will meet the prime minister tomorrow and will submit their resignations," Sharif told a news conference.

Nine of the 24 ministers in Prime Minister Yousaf Raza Gilani's cabinet belong to the PML-N, including Finance Minister Ishaq Dar, who was due to present the annual budget in weeks with the country sliding deeper into economic problems.

Sharif, who submitted his nomination papers to contest a by-election due in late June, said his party would continue to support the PPP government despite quitting the cabinet.
"For the time being, we'll not sit in opposition."

Sunday, May 11, 2008

Mac User Snaps Photo of Thieves Remotely, Leading to Arrest

Via NYTimes -

The thieves were voracious, filching flat-screen televisions and computer games, purloining iPods and DVDs, even making off with a box of liquor and a set of car rims in a burglary two weeks ago at an apartment three young people shared here. Luckily, they also took two laptop computers.

One of the laptops was a Macintosh belonging to Kait Duplaga, who works at the Apple store in the Westchester mall and thus knows how to use all its bells and whistles. While the police were coming up dry, Ms. Duplaga exploited the latest software applications installed on her laptop to track down the culprits and even get their photographs.

On Wednesday, the police arrested Edmon Shahikian, 23, of Katonah, and Ian Frias, 20, who lives in the Bronx. Virtually all of the property stolen from the apartment was recovered at the two men’s homes. They face charges of burglary and possession of stolen property; Mr. Shahikian was released on $3,500 bail, while Mr. Frias was at the Westchester County Jail, held in $7,500 bail.


Here in White Plains, a break in the case came on Tuesday when a friend of Ms. Duplaga’s sent her a congratulatory text message on the return of her stolen computer. “She said, ‘I don’t know what you’re talking about,’ and her friend said, ‘Well, you popped up as being online,’ ” Mr. Jackson said.

He said that Ms. Duplaga immediately signed on to another Macintosh computer and, using a feature called “Back to My Mac,” was able to gain access to her missing laptop remotely. She could see that that the person who had her computer was shopping for beds, Mr. Jackson said. Then it occurred to her that she could activate a camera on her laptop and watch the thief live.

At first, the photo application revealed only a smoky room and an empty chair, Mr. Jackson said, but then a man sat down. Ms. Duplaga, again using remote technology, typed in the command to snap a photo. “When you take a picture with that computer, it shows a countdown, and when it does, this guy figures out what’s going on,” Mr. Jackson said. “It all clicks for him, and he puts his hand up to cover the lens, but it was too late. She had already taken the picture.”

Had the suspect been a complete stranger, the photographic evidence would have been a “great lead,” but not the decisive clue, Mr. Jackson said. He said that when Ms. Duplaga described the tattooed subject of the picture to one of her roommates, the roommate replied: “Oh, I know exactly who that is — it’s Ian,” referring to Mr. Frias.

Mr. Frias and Mr. Shahikian, it turns out, had been among the guests at a party at the apartment weeks before, and were friends of friends of the victims, as Mr. Jackson put it. Ms. Duplaga was able to retrieve a photograph of Mr. Shahikian from the laptop as well, but Mr. Jackson was not aware of the circumstances. Mr. Jackson said that Mr. Frias and Mr. Shahikian were arrested last year on a felony marijuana possession charge, but are not career criminals. The disposition of their cases was not known.