Tuesday, September 30, 2008

The Risk of ePassports and RFID

Via THC Blog (The Hacker's Choice) -

Today vonJeek/THC released his tool and a video how to duplicate (clone) and modify a Passport with RFID chip.

http://freeworld.thc.org/thc-epassport/

The weakness is in the way the system has been rolled out. The terminal accepts self-signed data.

This attack is different to the grunwald attack. VonJeek's attack makes it possible to copy, forge and modify the data so that it is still accepted as a genuine valid passport by the terminal.

Using a Certification Authority (CA) could solve the attack but at the same time introduces a new set of attack vectors:

1. The CA becomes a single point of failure. It becomes the juicy/high-value target for the attacker. Single point of failures are not good. Attractive targets are not good.

Any person with access to the CA key can undetectably fake passports. Direct attacks, virus, misplacing the key by accident (the UK government is good at this!) or bribery are just a few ways of getting the CA key.

2. The single CA would need to be trusted by all governments. This is not practical as this means that passports would no longer be a national matter.

3. Multiple CA's would not work either. Any country could use its own CA to create a valid passport of any other country. Read this sentence again: Country A can create a passport data set of Country B and sign it with Country A's CA key. The terminal will validate and display the information as data from Country B.

This option also multiplies the number of 'juicy' targets. It makes it also more likely for a CA key to leak.

Revocation lists for certificates only work when a leak/loss is detected. In most cases it will not be detected.

So what's the solution? We know that humans are good at Border Control. In the end they protected us well for the last 120 years. We also know that humans are good at pattern matching and image recognition. Humans also do an excellent job 'assessing' the person and not just the passport. Take the human part away and passport security falls apart.

Never let a computer do a job that can be done by a human.

Monday, September 29, 2008

Social Networking Puts Staff at Risk of Mafia Extortion

Via ComputerWeekly -

Staff in profitable businesses are leaving
too much of their personal information online, which could make them vulnerable to extortion from the Russian and Italian Mafia, a former FBI undercover agent has warned.

Joe Pistone, who worked at the FBI for 27 years, said the Russian and Italian Mafia were using data from public sites to launch attacks against businesses and individuals.

"People put
too much information on social media sites like Facebook and MySpace," he said.

Users on these sites may include their work details in personal profiles, allowing organised crime gangs to identify them and their company.

Speaking to Computer Weekly prior to a panel discussion at the Institute of Directors with business heads in London today, Pistone said, "Anyone is vulnerable. They will try to find your weakness. It may be money, it may be drugs, it may be women. They will go after vulnerable individuals in your business."


People who put their CVs online may also be at risk, as this could identify that they work, or have worked at companies the Mafia wants to target.

MS Internet Explorer GDI+ Proof of Concept (MS08-0520)

MS08-052: GDI+ Vulnerability
------------------------------------------------
Operating System: XP SP2
Internet Explorer Version: 6.0.2900.2180
Gdiplus.dll Version: 5.1.3102.2180

Credit:
John Smith,
Evil Fingers

Link: http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt

-------------------------------------------------

http://www.milw0rm.com/exploits/6619

Private Data of RAF Personnel Stolen UK MoD Establishment

Via The Register UK -

Personal details of potentially all current and ex-RAF personnel and dependents were stored on three USB-connected storage drives which went missing from a Ministry of Defence establishment at Innsworth, Gloucestershire.

Both the MoD police and Gloucester Police are investigating a presumed theft. A statement from the MoD said: "The theft of these hard drives from a secure location, where they were subject to physical protection standards consistent with the Data Handling Review, is being treated with great seriousness.

"There is no indication that the theft was motivated by a desire to obtain the data, nor that the data has been exploited maliciously in any way; but personal information on anyone serving or who has served in recent years in the RAF, Regular or Reservist, may have been compromised."

[...]

The three A5 book-sized hard disk drives holding the unencrypted data were stored, it is understood, in a locked cupboard in the SPVA office. Two of the drives contained personnel details such as MoD email addresses, appraisal results, and bank details. The third did not contain any personal details. Access to the room in question is via two successive manned security doors. Visitors need a pass and an escort to pass between the two doors. It's understood that there is no perimeter security for the site.

Laurence Robertson, the MP for Tewkesbury, said: "It is totally unsatisfactory ... It does seem a bit like somebody inside knows something about it. For someone to walk in off the street, know where to find a certain file and walk in and take it, seems a bit strange ... There needs to be a full investigation." That they might have been able to walk in off the street is not the least strange aspect of the affair.

An implication is that the control of perimeter access to the site may have been compromised by the changeover from RAF to Army base supervision, particularly as much of the base is empty and has no perimeter access control. Another implication is that a site visitor whose details were recorded is responsible for the theft.

-------------------------------

Lets look at this part of the MoD statement...

"There is no indication that the theft was motivated by a desire to obtain the data, nor that the data has been exploited maliciously in any way...."
Sounds like the standard data breach remark....meant to reassure those affected and help reduce fears. But lets look at it the same statement from a different angle.

Someone stole confidential data from a MoD Base - a base with almost no perimeter security. The data is unencrypted and was supposedly protected behind two manned security doors. After all of this, the MoD comes out and tells the public that "there is no indication that the theft was motivated by a desire to obtain the [personal] data". Seriously?

Affected people are suppose to be reassured by the knowledge that a non-targeted attacker can obtain sensitive personal information and walk away?

Well, thank god..the attack doesn't appear targeted..otherwise they might have made off with the crown jewels.

Navy Warships Monitor Boat Hijacked by Somali Pirates

Via Washington Post -

The U.S. Navy bolstered its force of warships off Somalia on Monday, intensifying its watch over Somali pirates holding a hijacked Ukrainian-operated vessel with crew members, arms and tanks aboard.

Lt. Nathan Christensen, a spokesman for the U.S. Navy 5th Fleet, said "there are now several U.S. ships" within eyesight of the hijacked ship, Faina, which according to the Kenyan government was bound for Kenya when it was seized last week. The pirates are negotiating for ransom with the vessel's owner.

Speaking by telephone from Bahrain, Christensen declined to say how exactly many other U.S. warships had joined the USS Howard, a guided-missile destroyer, off Somalia. The U.S. ships were staying in international waters off Somalia, Christensen said, while the Somali pirates kept the Faina within the 12-mile territorial bounds of Somali waters.

U.S. sailors remained close enough to see the ship and had established bridge-to-bridge contact via radio, he said.

Somali pirates hijacked the Faina on Thursday, seizing its 21 Ukrainian, Russian and Lithuanian crew members and an arms cargo that included 33 T-72 tanks. Kenya said the tanks and weapons were for its military. Pirates have anchored the hijacked vessel a few miles off the Somali town of Hobyo.

The U.S. Navy intends to maintain "a vigilant, visual watch of the ship" to make sure pirates don't try to unload the tanks, ammunition and other arms aboard, Christensen said.

"We're deeply concerned about the cargo and we don't want it to go into the wrong hands," he said.

Russia has said it is sending a warship as well.

Radio France International said Monday it had spoken, apparently by cellphone, with a pirate aboard the Faina, who said at least three warships were near the hijacked ship.

"Ships and troops have surrounded us," said a man identified by RFI as pirate Sugule Ali. He spoke in Somali. "There's a lot of unusual movement surrounding us and planes are flying overhead. I warn anyone who might be tempted by any military operation or use of force, if we're attacked, we'll defend ourselves, until the last one of us dies."

The man repeated a demand for $20 million in ransom, as well as the release of the ship and the crew.

Somali news media reported over the weekend that one of the hostage crew members had died. Pirates told local elders that the man died of problems related to high blood pressure, according to the Somali news reports.

Saturday, September 27, 2008

Senate Passes Controversial 'Copyright Czar' Bill

Via PCMag.com -

On Friday, the U.S. Senate passed the controversial Pro-IP Bill, which would effectively create a "copyright czar" answering to the President.

On Wednesday, Sen. Ron Wyden asked and was granted a request to remove a provision that would have required the Department of Justice to enforce copyright provisions, after the DOJ had objected. However, the bill, as passed, does create an Intellectual Property Enforcement Coordinator that will serve within the Office of the President.

The bill now moves to the U.S. House of Representatives, which passed its own version of the bill in May. After differences in the two bills are worked out, the compromise bill will be passed to President Bush for his signature before the end of the congressional session.

According to the Senate bill, the IPEC will chair a committee made up of representatives from the Office of Management and Budget, the DOJ, the U.S. Trade Representative, the Patent and Trademark Office, the Department of Homeland Security, the FDA, and others.

As written, the IPEC "may not control or direct any law enforcement agency in the exercise of its investigative or prosecutorial authority". But its primary function is to develop a "joint strategic plan" to wage war on those who infringe copyrights, which include facilitating the sharing of information across law-enforcement agencies and between other countries.

Mozilla Rushes to Fix Firefox Non-Security Password Bug

Via ComputerWorld -

Just a day after it released Firefox 3.0.2 to fix 11 vulnerabilities, Mozilla Corp. said that an overlooked password bug requires a fast-track update it hopes to launch next week.

Late Wednesday, Mike Beltzner, Mozilla's director of Firefox, said that the bug, which prevents some users from accessing their browser-saved passwords, means another update is necessary. "While this doesn't affect all Firefox users, it is a significant regression and has triggered a fast-release Firefox 3.0.3 which will contain a single fix," Beltzner said in a message to the mozilla.dev.planning group.

The bug popped up in Firefox 3.0.2, which Mozilla released Tuesday, after developers added a fix to make the browser's password manager work on international domain name (IDN) sites. IDN sites are those that have non-ASCII characters in their URLs, such as addresses with Arabic, Hebrew or Chinese characters, or ones with non-English diacritical marks.

According to Beltzner, users who have saved passwords on IDN sites or some non-English domains will be unable to access those passwords or save any new passwords after updating to Firefox 3.0.2.

"There is no permanent data loss, the saved data is just inaccessible," Beltzner noted.

Regression bugs aren't unknown to Mozilla or Firefox. Last November, the company rushed a release out the door to fix five bugs it had introduced in the previous version of the browser, which had been posted for download about a week before.

A fix for the password regression bug has been crafted and is being tested, Beltzner added.

----------------------------

Ohh well, mistakes happen.

At least it wasn't a missing fix for a critical remote code execution vulnerability.

People really shouldn't be storing their passwords in the browser anyways ;)

UPDATE - 9/27/08 3:07pm CST - Firefox 3.0.3 has been released. Check the release notes for the details.

Shadowserver to Build 'Sinkhole' Server to Find Errant Bots

Via DarkReading -

OWASP AppSec USA 2008 -- NEW YORK -- Ever wonder what happens to the bots when a botnet domain shuts down? The Shadowserver Foundation, a volunteer organization that gathers intelligence on the Internet’s dark side, has begun building a so-called “sinkhole” server that poses as those now-defunct malicious domain servers in order to find out what they left behind.


The project, which is in the early phases, will allow Shadowserver to emulate both botnet IRC and HTTP traffic as a way to study those botnets as well as find bots that remain infected by them, says Steven Adair, a security expert with Shadowserver, who revealed the new project to attendees of the OWASP USA security conference here.


“There are still a lot of [machines] communicating with” these now-defunct servers, Shadowserver’s Adair says. Shadowserver then could trace those infected machines and alert the organizations whose machines or Web servers are still infected by the botnets, he says. “We would register and take those [former malicious] domains.”


Shadowserver’s sinkhole server will be able to accept incoming traffic from infected machines as they try to communicate with their former command and control server, for example. “We’ll be able to see referrers, who came in and which sites or pages are infected,” Adair says.


It will also allow companies who know they have bots to direct their bot-infected traffic to the sinkhole server for Shadowserver to analyze, although Adair says he’s unsure if companies will use it that way.


HTTP remains the favorite communication method for botnets today, he says. One infamous HTTP-based botnet Shadowserver has been studying closely is Black Energy, which traditionally has been used for distributed denial-of-service (DDOS) attacks. (See Botnets Behind Georgian Attacks Offer Clues.) Black Energy this year went from just DDOSing to spreading keyloggers to steal credentials and passwords, Adair says. Like other botnets, it has been updating itself with new malware. “It went from a mundane botnet to stealing [credentials] and taking when it can from the same infection."


But even the deadliest botnets have their flaws. Adair disclosed two major vulnerabilities in the Black Energy bot code -- one that let him bypass authentication with the C&C infrastructure, and several cross-site scripting bugs. Those weaknesses could be used to turn the tables on the botnet -- another botnet could then infect Black Energy, for instance, he says.

Friday, September 26, 2008

Somali Pirates Grab Ukrainain Ship Loaded with 30 Russian Tanks

Via Reuters -

NAIROBI (Reuters) - Somali pirates have seized a Ukrainian ship carrying more than 30 tanks to Kenya and Russia said on Friday it was sending a warship to combat piracy in the region.

The U.N. World Food Program said Canada had extended its naval escorts of food aid shipments for another month.

Pirates have captured more than 30 vessels off Somalia this year, making its waters the most dangerous in the world and threatening a globally important shipping lane between Europe and Asia. The gangs seek, and often receive, large ransoms.

The Mombasa-based East African Seafarers' Assistance Program said the Ukrainian ship, sailing under a Belize flag, was seized on Thursday.

Ukrainian Defense Minister Yuri Yekhanurov, quoted by the news agency Interfax Ukraine, said its cargo included 33 T-72 tanks being sold to Kenya under a legal contract.

He told reporters in Kiev that the cargo included grenade launchers and ammunition.

"All this is being sold in full accordance with Ukrainian legislation," Yekhanurov was quoted as saying.

Kenyan government spokesman Alfred Mutua confirmed that the military equipment was destined for Kenya.

---------------------------------------

In the wake of this news, Russia has dispatched a warship to the area to assist in anti-piracy efforts (and to hopefully rescue the 21 crew members aboard the Ukrainian ship - three of which are Russian).

Several nations run patorals off the Somali coast. Just recently the US Navy fired warning shots at two small approaching boats and chased them away - most likely pirates.

On the lighter side, French officials have filed preliminary charges against six suspected Somali pirates accused of taking two French citizens captive off the coast of East Africa this month.

Real Clickjacking?

Via BreakingPoints Systems Blog (Tod B.) -

After Michael Zalewski's WHATWG post spilled enough beans to show definitely that yesterday's pop-up evaders weren't "clickjacking," I put together another demo this afternoon (link below), which uses a combination of opacity and z-index settings on an iframe. Again, it's just speculation.

http://www.planb-security.net/notclickjacking/iframetrick.html

This seems to fit the bill: No Javascript required, uses iframes, and gives the ability to seemingly overlay one UI on top of another. By the way, the demo is mostly harmless -- it just turns your Myspace profile from private to public. I started down the path of masking my brokerage's trading app, but masking out keystrokes for stock orders seemed to be overkill for a simple speculative demo.


----------------------------------------

Pretty scary stuff. The font differences make the alignment difficult, but you can clearly see the danger in this...nice work Tod.

Two Arrested in First Bust for ATM Reprogramming Scam

Via Wired.com -

It took a high-speed chase and some gunplay, but two men in Lincoln, Nebraska, are the first to face felony charges for using default passcodes to reprogram retail cash machines to dispense free money.

Jordan Eske and Nicolas Foster, both 21, are in Lancaster County Jail pending an October 1st arraignment. They're each charged with four counts of theft by deception, and one count of computer fraud, for allegedly pulling cash from privately owned ATMs at four stores in the area. The pair allegedly reprogrammed the machines to believe they were loaded with one-dollar bills instead of tens and twenties. A withdrawal of $20 would thus net $380.

Cash machine reprogramming scams first became public in 2006 when a cyber thief strolled into a gas station in Virginia Beach, Virginia, and, with no special equipment, persuaded the Tranax ATM that it had $5.00 bills in its dispensing tray, instead of $20.00 bills. Threat Level later confirmed that default administrative passcodes for ATMs manufactured by industry leaders Tranax and Triton were printed in owner's manuals easily found online. Both companies said they were surprised by the scam, but an industry association of which they are members privately spotted the capers and warned members over a year earlier.

Since then, the scam has also surfaced in Derry, Pennsylvania. But the Nebraska case marks the first reported arrests for the keypad capers.

[...]

The defendants are suspected of stealing $13,600 in the Lincoln area, and pulling an unknown amount from ATMs in New Orleans, where they're from. Asked by police how they did it, "They said it's well-known on the internet," says Flood.

In 2006, both Tranax and Triton issued software patches for new ATMs that force operators to change the default passcodes on first use.


-----------------------------------------------------

I have a copy of the manual that shows the default password and I am sure it is still all over the net, if you know where to look.

Isn't two years enough time to update these machines? Srsly.

Stem Cell Alchemy Refined

Via Wired Blog -

Scientists may have found a safer way of giving a flake of skin the biologically alchemical powers of embryonic stem cells.

They turned adult cells into versatile, embryonic-like cells without causing permanent damage -- potentially solving the central problem of a promising but uncertain field of stem cell science.

"This is certainly a major stem cell milestone," said Advanced Cell Technologies chief scientific officer Bob Lanza, who was not involved in the research. "It’s the first ray of light that iPS cells could soon be used to treat patients."

These iPS cells -- short for induced pluripotent stem cell -- debuted less than a year ago: By using viruses to insert key developmental genes, researchers coaxed human skin cells into an embryonic state, capable of growing into almost any other type of tissue.

It was the biggest stem cell breakthrough in a decade. No longer would tricky -- and ethically controversial -- manufacturing procedures be required to produce ultra-versatile stem cells.

Cloning wouldn't be needed to produce personally customized embryonic stem cell lines, which remain as elusive as they are promising.

But there was a catch: Viruses used to reset the cells tended to fuse with their DNA, leading to unpredictable mutations and cancer. The cells were promising in principle, but couldn't be used medically. The standard iPS technique was a blunt and damaging instrument.

The new technique doesn't cause permanent genetic alterations; it's a scalpel that leaves no scar behind. And though important caveats remain -- the procedure, published today in Science, was performed on mice -- it has made safe iPS cells a realistic possibility.

"Clinical translation of iPS technology has been dead in its tracks," said Lanza. "The use of iPS cells to treat -- or even cure -- human disease may not be far away."

Estonian MoD - Cyber Security Strategy

Summary

The asymmetrical threat posed by cyber attacks and the inherent vulnerabilities of cyberspace constitute a serious security risk confronting all nations. For this reason, the cyber threats need to be addressed at the global level. Given the gravity of the threat and of the interests at stake, it is imperative that the comprehensive use of information technology solutions be supported by a high level of security measures and be embedded also in a broad and sophisticated cyber security culture.

It is an essential precondition for the securing of cyberspace that every operator of a computer, computer network or information system realises the personal responsibility of using the data and instruments of communication at his or her disposal in a purposeful and appropriate manner. Estonia’s cyber security strategy seeks primarily to reduce the inherent vulnerabilities of cyberspace in the nation as a whole. This will be accomplished through the implementation of national action plans and through active international co-operation, and so will support the enhancement of cyber security in other countries as well. In advance of our strategic objectives on cyber security, the following policy fronts have been identified:
  • application of a graduated system of security measures in Estonia;
  • development of Estonia’s expertise in and high awareness of information security to the highest standard of excellence;
  • development of an appropriate regulatory and legal framework to support the secure and seamless operability of information systems;
  • promoting international co-operation aimed at strengthening global cyber security.

---------------------------------

http://www.mod.gov.ee/static/sisu/files/Estonian_Cyber_Security_Strategy.pdf

(Hat-tip to Gadi for the link and the doc)

More Art, Less Ads

Add-Art is a free FireFox add-on which replaces advertising on websites with curated art images. The art shows are updated every two weeks and feature contemporary artists and curators.

Learn more about Add-Art or install it now (instructions).

http://add-art.org/

Olympic Activist Detained by China Police

Via IHT (AP) -

A Chinese activist who applied to protest in special zones set up for demonstrations during the Beijing Olympics has become the latest applicant to be detained by police, a rights group said Friday.

Ji Sizun disappeared Aug. 11, three days into the Olympic Games, and hasn't been seen since, the overseas Chinese Human Rights Defenders group said. On Thursday, police from Fuzhou City in southeastern Fujian province told a friend of Ji's that he had been detained, the group said.

It was not clear when he was taken into police custody.

A man surnamed Teng at the legal department of the Fuzhou City public security bureau said he did not know of Ji's case. He said his bureau only deals with people once there is a case against them, and Ji might have been detained by lower-level agency.

The five other local police bureaus in the city said they had not heard of Ji's case.

Detentions in China can last weeks or even months and do not always lead to a person being arrested or criminally charged.

In July, China said those who applied would be allowed to protest during the Olympics in three parks far away from the main venues. But no applications were approved and China detained some who applied, even threatening to send two elderly women to a labor camp.

Ji went to a Beijing police station on Aug. 9 to apply for a permit to protest social and political problems but was told that because it was a Saturday he could not apply. He returned two days later to apply and has not been seen since, according to the rights group.

Chinese Human Rights Defenders said another activist, Liu Xueli, had been under surveillance since he applied to protest at the Olympics and was dragged into a police car Tuesday in central Henan province.

The group said Liu was told he would be sent to a re-education camp. It said he was not given the reason for his punishment or presented with a written order.

The group did not say how it was told about Liu.

The re-education system allows police to sidestep a criminal trial or a formal charge and directly send people to prison for up to four years of penal labor. Critics say it is misused to detain political or religious activists, and violates suspects' rights.

The director of the legal office of Song County's public security bureau, in Henan province, surnamed Tai, said he did not know who was handling Liu's case and did not know if Liu had been detained.

The Chinese government has said the Olympics were a resounding success, but New York-based Human Rights Watch has said the games led to a surge in arrests, detentions and harassment of government critics.

Thursday, September 25, 2008

Toronto 18: Canadian Guilty in Plot to Behead Prime Minister

The Seattle Times (AP) -

A Canadian man accused of participating in military exercises and firearms training as part of a group authorities say plotted to storm Parliament and behead the prime minister was found guilty Thursday.

The man's attorney says the plot was a "jihadi fantasy" and that his client knew nothing about it.

A judge ruled Thursday that evidence of a terrorist group was "overwhelming." The man is the first person to be found guilty of a terrorist offense in Canada since the country enacted anti-terrorism laws in 2001.

The arrests of the 18 group members, known as the "Toronto 18," made headlines around the world and heightened fears in Canada, where people believe they are relatively immune from terrorist strikes.

Prosecutors said there were plans to truck-bomb nuclear power plants and a building housing Canada's spy service.

Seven of those arrested have since had their charges either withdrawn, or stayed. The trials of 10 adults, including the alleged ringleaders, have yet to begin. The young man was the first to go on trial.

Superior Court Justice John Sproat found the man guilty of knowingly participating in a terrorist group. As the 94-page judgment was handed down, the defendant's mother wept quietly in the back of the court.

The man has not been identified because he was 17, a legal minor, when he was arrested in 2006. He is now 20.

Prosecutors argued he attended a training camp where he participated in military exercises and firearms training and that he knowingly participated in a potentially deadly conspiracy. He had pleaded not guilty to terrorism-related charges.

Sproat rejected the defense argument that the plot was a "jihadi fantasy" that the defendant knew nothing about.

"He clearly understood the camp was for terrorist purposes," he said.

The defense had cast the plot as "musings and fantasies" with no possibility of being carried out.

"It might well have been said prior to Sept. 11, 2001 that a plan to kill thousands and destroy landmark buildings in lower Manhattan and Washington had no possibility of implementation," Sproat said.

Sproat rejected defense arguments that two camps organized by the alleged ringleaders were simply a religious retreat or recreational in nature. "Apparently benign activities may be used to identify and indoctrinate recruits," he said.

Sproat called the young man an "acolyte" of the "charismatic" ringleader. Evidence was clear the youth listened carefully to his mentor, the plot's ringleader, and wanted to please him, and therefore understood what the camps were about, the judge said.

Defense lawyer Mitchell Chernovsky said it's hard to know what sentence will be imposed but said his client was involved peripherally and doesn't have a criminal record.

He faces a maximum 10-year sentence.

Wesley Wark, a University of Toronto professor and national-security expert, said the guilty verdict is the first test of Canada's anti-terrorism legislation and that it shows its a tough law.

"You can be convicted for terrorism even if nothing particular happens as a result of a plot, even if the plot looks amateurish, even if you didn't fully know the details of the conspiracy you were a part of," he said.1 The prosecution's star witness, Mubin Shaikh, infiltrated and spied on the alleged terror cell members before their arrests. Shaikh is a former Canadian army cadet.

Shaikh said outside court that the youth should not have been found guilty. Shaikh called the man a "naive Muslim kid who fell into the wrong circle of Muslim kids."

"I don't believe he's a terrorist," Shaikh said.

Shaikh, however, was happy the judge found his testimony about the alleged ringleaders credible. Shaikh received about $300,000 for infiltrating the group.

Sproat noted that the defense did not make any suggestion that the payments influenced Shaikh's evidence. Sproat said he found Shaikh to be a truthful and reliable witness, a development that doesn't bode well for the adults in their trials.

"I've been telling the truth since day 1," Shaikh said. "I'm very happy that the judge validated that and confirmed that. That will carry through to the remaining adult trials."

----------------------------------

Ohhh yeah, it all looks very innocent to me. I mean everyone has a Black Flag...right?

The NEFA Foundation has obtained exclusive footage of a would-be "terrorist training camp" that took place near Washago, Ontario, in a rural section of Canada in 2006. The camp, directed by CSIS confidential informant Mubin Shaikh, included members of the alleged “Toronto 18” terror cell, who are accused of conspiring to carry out a large-scale terrorist attack in southern Ontario, including plans for truck bombings and storming local buildings such as the Canadian Parliament and the headquarters of the CSIS. The video features footage of the men receiving instruction on the use of handguns, sniper tactics, and basic calisthenics. Crudely edited by its creators to include nasheed music, the video also shows the men practicing evasive driving maneuvers at night in an abandoned parking lot.

China Liftoff Announced Before Liftoff

Via Space.com -

BEIJING (AP) — A news story describing a successful launch of China's long-awaited space mission and including detailed dialogue between astronauts launched on the Internet Thursday, hours before the rocket had even left the ground.

The country's official news agency Xinhua posted the article on its Web site Thursday, and remained there for much of the day before it was taken down.

A staffer from the Xinhuanet.com Web site who answered the phone Thursday said the posting of the article was a "technical error" by a technician. The staffer refused to give his name as is common among Chinese officials.

The Shenzhou 7 mission, which will feature China's first-ever spacewalk, ended up launching Thursday from Jiuquan in northwestern China late in the evening.

The article, dated two days from now on Sept. 27, vividly described the rocket in flight, complete with a sharply detailed dialogue between the three astronauts.

Excerpts are below:

"After this order, signal lights all were switched on, various data show up on rows of screens, hundreds of technicians staring at the screens, without missing any slightest changes ...

'One minute to go!'

'Changjiang No.1 found the target!'...

"The firm voice of the controller broke the silence of the whole ship. Now, the target is captured 12 seconds ahead of the predicted time ...

'The air pressure in the cabin is normal!'

"Ten minutes later, the ship disappears below the horizon. Warm clapping and excited cheering breaks the night sky, echoing across the silent Pacific Ocean."

----------------------------------

So, I guess this "dialogue" was pre-determined...much like other things in China these days.

U.S. Says Pakistan Shot at Copters in Afghanistan

Via Reuters.com -

WASHINGTON (Reuters) - Two NATO helicopters fired upon by Pakistani forces on Thursday were U.S. military aircraft operating inside Afghanistan, the Pentagon said.

"They were U.S. helicopters," Pentagon spokesman Bryan Whitman told reporters at a briefing. "The flight path of the helicopters at no point took them over Pakistan."

A Pakistani military spokesman said the helicopters had crossed the border into Pakistani territory, while Pakistan's president, Asif Ali Zardari, denied troops had shot at the helicopters, insisting that only warning flares had been fired.

Zardari, speaking to reporters in New York with U.S. Secretary of State Condoleezza Rice, said the border area between Pakistan and Afghanistan was often unclear, a comment Rice agreed with, saying "yes, the border is very, very unclear."

Whitman said U.S. and NATO military officials were speaking to their Pakistani counterparts to determine what had happened and to ensure there would be no recurrence.

"This is an unfortunate incident. It just goes to demonstrate the importance of coordination along that border," he said. "The Pakistanis have to provide us with a better understanding of why this took place."

Citing early reports, Whitman said neither helicopter was hit by ground fire and did not return fire against Pakistani positions.

Officials said the aircraft would likely have fired back had they been hit. "We avoided a serious incident," Whitman said, but added: "The incident is troubling, no doubt".

Frustrated by an intensifying Taliban insurgency in Afghanistan, the United States has stepped up attacks on militants inside Pakistan with six missile attacks and a helicopter-borne ground assault this month.

Pakistanis Say Suspected US Drone Shot Down

Via JPost.com (AP) -

Pakistani soldiers and tribesman shot down a suspected US military drone close to the Afghan border, three intelligence officials said.

If verified, the overnight incident apparently would be the first time a pilotless aircraft was brought down over Pakistan and likely would add to tensions between Washington and Islamabad over recent American cross-border incursions into the country's lawless tribal regions.

The three officials said the aircraft was hit late Tuesday at the village of Jalal Khel in South Waziristan after circling the area for several hours. Wreckage was strewn on the ground, they said, speaking on condition of anonymity because they were not authorized to brief the media.

A US military spokesman in Afghanistan, Capt. Christian Patterson, said officials were looking into the claim.

The report came a day after intelligence officers said two US helicopters crossed a kilometer and a half into Pakistan late Sunday over North Waziristan, but flew off after Pakistani troops and tribesmen opened fire. The Pentagon denied any incursion by US helicopters.

--------------------------

Also on Sept 24th, Georgia stated that it shot down a Russian drone just south of the breakaway region of South Ossetia.

Standard Winter Shutdown Delays CERN LHC Project

Via Yahoo News! -

GENEVA - Scientists will have to wait until spring to use the world's biggest particle collider for groundbreaking research because repairs to damage will run into the laboratory's normal winter shutdown, the operators said Tuesday.

The European Organization for Nuclear Research earlier said an electrical failure Friday, nine days after the collider was first started, released a large amount of liquid helium into the tunnel.

Experts have gone into the 17-mile circular tunnel housing the Large Hadron Collider to check on damage caused when an electrical connection between two magnets apparently melted, said James Gillies, spokesman for the organization, which is known as CERN.

But they have to wait several weeks before the temperature can be raised from near absolute zero so they can actually go inside the equipment and fully assess the damage, Gillies said.

"They're going to have to open up and really investigate what went on there," he said. "So that's going to be two or three weeks before we can put out something that we're sure of."

But he added it is clear at least two months will be needed for the whole procedure, including the rechilling of equipment to obtain the "superconducting" properties needed to send subatomic particles streaming through the collider in beams that can be collided for studies.

That would go past the shutdown already scheduled for CERN's facility to begin its winter break. It usually shuts in mid-November and resumes at the end of March or early April, to avoid its heavy use of electricity during the winter months when Europe has high demand for power.

"We are not going to be done with this before the winter shutdown, so there will be no more beam in the LHC this year," Gillies told The Associated Press. "The winter shutdown will go according to schedule, which means that we start up the accelerator complex in the spring months."

Google Chrome Carriage Return Null Object Memory Exhaustion Remote DoS

Google Chrome Carriage Return Null Object Memory Exhaustion Remote Denial of Service

Proof of Concept
Note:: Keep an eye on the memory consumption in Task Manager.

This POC has been designed with minimum object usage. This can be made more critical when combined with number of objects. For Example: using alert function will make it more exhaustive.

Aditya K Sood (c) SecNiche Security.

Version Tested:

Official Build 1798
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.29 Safari/525.13

Official Build 2200
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/0.2.149.30 Safari/525.13

---------------------------------------

http://www.milw0rm.com/exploits/6554

Intercage Goes Dark, Completely De-Peered

Via NetworkWorld.com -

The lifeline linking notorious service provider Intercage to the rest of the Internet has been severed.

Intercage, which has also done business under the name Atrivo, was knocked offline late Saturday night when the last upstream provider connecting it to the Internet's backbone, Pacific Internet Exchange, terminated Intercage's service.

Intercage president Emil Kacperski said Pacific did not tell him why his company had been knocked offline, but he believes it was in response to pressure from Spamhaus, a volunteer-run antispam group, which has been highly critical of Intercage's business practices. A spokesman for Pacific could not immediately comment on why the company terminated Intercage's service.

Spamhaus placed Pacific on its Spamhaus Block List on Sept. 12, after it began peering with Intercage, said Spamhaus CIO Richard Cox. (See Spammers, crammers, fraudsters and identity stealers: The FTC’s top 2008 cases).

The Spamhaus list of untrusted Internet addresses is used to filter unsolicited e-mail from about 1.5 billion e-mail boxes, so being added to the list would almost certainly have caught Pacific's attention. "Obviously they were feeling the displeasure of the rest of the Internet," Cox said.

According to security researchers, there was a lot to be unhappy about.

Last month, a team of cybercrime experts published a white paper on Intercage, slamming the San Francisco company as a "major hub of cyber crime." The researchers found that 78 percent of the domains and mail servers on Intercage's network were hostile.

Intercage's Kacperski had ignored complaints about illegal activity on its network for the past five years and only recently began to respond to problems, said Matt Jonkman, an independent researcher who contributed to the white paper. "His network was used for very clearly hostile criminal activity," he said. "I'm not aware of any legitimate customers."

In recent weeks other upstream providers terminated Intercage's service, but Pacific had stepped in at the last minute to keep the company online.

Kacperski said his company had been making efforts to remove bad operators from its network and be more responsive to complaints, but that it was not enough to keep Pacific from ultimately dropping Intercage.

Apple Bans App Store Heartbreak Chatter

Via The Register UK -

Apparently, Steve Jobs has taken his App Store despotism to new heights.

In sending rejection letters to developers applying for a spot on the virtual shelves of the iPhone App Store, Jobs is now including a caps-happy warning designed to prevent them from discussing the letter with anyone else on the planet. At least, that's the word from Macrumors.com

"THE INFORMATION CONTAINED IN THIS MESSAGE IS UNDER NON-DISCLOSURE," reads the alleged header on recent rejection letters.

Apple already imposes a "F&*king NDA" on Jesus Phone developers that prevents them from sharing programming tips with one another. It's unclear whether this includes the rejection letter non-disclosure as well. But at the very least, Apple is stepping up enforcement.

In early August, Apple famously yanked a $1000 App Store app that displayed a few red pixels. And as it continued to censor apps it didn't like, developers began broadcasting their rejection letters.

Early this month, developer Alex Sokirynsky made headlines when he told the world that Apple had barred his Podcaster app from the App Store because it "duplicates the functionality of the Podcast section of iTunes." And just this week, Sokirynsky announced that Apple has even prevented him from distributing the app on his own.

"All I wanted was for someone from Apple to contact me and tell me how we can work it out so that I get into the App Store. Instead, Apple took the cowards way out by simply disabling features in my developers portal. This seems like a childish move for a company that has been proving such high quality service and products in the past," reads a blog post Sokirynsky has since yanked from the web without explanation.

In the post, Sokirynsky vowed to take his app to Google's fledgling Android Market, a place free of Jobsian despotism. Or so Google says.

Wednesday, September 24, 2008

Firefox 3.0.2 Released

Via Internet Storm Center -

Firefox 3.0.2 was released today. The release notes are available here.

It addresses 5 security vulnerabilities:

Mozilla considers the impact of the -41 and -42 issues to be critical, the -43 and -44 issues to be moderate and the -40 issue to be low.

Man Indicted for Hacking & Blackmailing Luxury Automaker

Via DarkReading -

A 60-year-old hacker was arrested and indicted for breaking into Maserati North America’s Website to steal customer information and for using it as leverage to bilk the company of thousands of dollars.

Bruce Mengler of Solana Beach, Calif., was arraigned yesterday in federal court after his indictment for computer intrusion and extortion, according to a published report. Mengler was arrested last Friday and is accused of hacking into Maserati North America’s Website in early March and stealing customer information that was stored there as part of a special promotion.

Maserati had sent fliers to potential customers, offering them free gift certificates to Omaha Steaks in exchange for test-driving Maseratis. To redeem the certificates, the customers would enter a personal identification number printed on the flier, and then had to update their contact information on the Website. Mengler reportedly hacked into that customer data and then threatened Maserati in several email messages from his Gmail account that he would expose the breach unless the company paid him money. He even provided the names, addresses, and ID numbers of four victims to prove he had the goods.

The company lost over $5,000, according to the indictment, and Mengler will appear in court again on Oct. 31.

“If a hacker was able to gain access to customer information via the promotional website then there is a clear warning here to all companies that they need to properly secure their public websites,” blogged Graham Cluley, senior technology consultant for Sophos today. “It’s all very well asking for potential customers to enter their names and addresses in exchange for free steaks, but you’ll be dealing with higher stakes (groan…) if your website is not properly defended.”

-------------------------------

SQL Injection perhaps?

Arrests Made in Texas PayDay Load ID Theft Case

Via SealyNews -

An investigation into hundreds of cases of identity theft around the greater Houston area culminated in the arrest of 38 people. The arrests were the result of a yearlong investigation by Austin County Sheriff’s Office Investigator Kyle Fredericksen, Austin County District Attorney Travis Koehn and investigators and officials with other area law enforcement agencies.

“It affected hundreds of people in Brazoria and Fort Bend counties, a few in Austin County and others in the greater Houston area,” Fredericksen said.

The cases centered on fraudulent payday loans taken out by the alleged offenders over the Internet in other people’s names. The proceeds from the loans were deposited into bank accounts that were opened around the Houston area.

“There were five victims in Austin County,” Fredericksen said. “Some of them had multiple loans taken out in their name.”

One of the arrested suspects, Barbara Guinn, allegedly recruited people in Houston to open bank accounts, paying them off after the money was deposited, according to Fredericksen.

Two others arrested in the case, Tracy Spencer-Gilmore and Chante Monique Small allegedly stole information from their employers and provided that information to alleged ring leader Wesley Dixon. Gilmore was employed by Kelsey-Seybold Clinic and Small was employed by HCA-Clear Lake Regional Medical Center.


That information was used to take out the initial loans.

“These people were stealing the identities and giving them to Dixon, and he would get online with their identities and take out loans,” Fredericksen said. “These payday loans were relatively small, amounting to anywhere from $200 to $800.”

Once the money was deposited, Dixon would allegedly withdraw it and the account would go dormant.

“This guy had a streamline operation,” Fredericksen said. “He had an office set up in his home, and that is what he did for a living, he ripped people off.”

Investigators first heard about the scam after being contacted by the loan companies, who went to withdraw the amount loaned to individuals a few weeks after the loans were made - as per the loan agreement - but found the bank accounts empty.

The companies then sent letters to the individuals whose names the loans were in, but those individuals, who knew nothing about the situation, most likely threw those letters away, according to Fredericksen.

“They’d get theses letters in the mail and they’d throw them away, thinking, ‘I don’t know anything about this,’” he said.

After the third or fourth letter, though, they’d begin calling the loan company with questions.

Although Fredericksen has never seen an identity theft case of this magnitude, cases such as this happen every day, he said.

People can protect themselves by paying attention to any letters they get in the mail alerting them of loans they need to pay back but know nothing about. The sooner they deal with the issue, the better.

Another way to protect oneself is to check credit reports at least once a year.

“If these people would have checked their credit reports, it wouldn’t have prevented it from happening, but they would have found out about (the fraudulent loans) sooner,” Fredericksen said.

Google Introduces an iPhone Rival Open to Whims

Via NYTimes -

SAN FRANCISCO — Google and T-Mobile unveiled their answer to the iPhone on Tuesday, pulling the wraps off a slick mobile device that combines a touch screen and a keyboard and is aimed at putting the Internet in the pockets of millions of cellphone users.

The T-Mobile G1, which will be available in the United States on Oct. 22, is the first mobile phone to be powered by Google’s Android operating system. It represents a milestone in Google’s efforts to extend its dominance of the PC-based Internet to mobile phones and further loosen the control that wireless carriers have over what consumers can do with their phones.

Analysts said that the G1 did not represent the kind of revolutionary change in design and function that Apple introduced last year with the iPhone. But the G1 is likely to further accelerate two trends that will have a lasting impact on the wireless industry: the growing use of the Internet on the go, and the ability of consumers to customize their phones with their favorite functions.

“I am not sure people are going to be lining up at stores for this device,” said Rajeev Chand, an analyst with Rutberg & Company. “The iPhone was a game changer from a consumer perspective. The Google phone may be more of game changer from an industry perspective.”

The G1, which is made by the Taiwanese electronics maker HTC, has a large color touch screen that slides out to expose a full keyboard. It also has a 3-megapixel camera, G.P.S. navigation, Wi-Fi access and an Internet browser. It will sell for $179, or $20 less than the iPhone, with a two-year voice and data plan.

“This is as good a computer as you had a few years ago,” said Google’s co-founder Larry Page, who along with co-founder Sergey Brin arrived on Rollerblades at the New York stage where Google and T-Mobile held a news conference to unveil the G1.

Although several applications, including Google’s search, maps, Gmail and YouTube, come installed on the phone, the G1 is also meant to encourage third-party developers to create programs to run on it. Like Apple, Google will include an applications store, called the Android Marketplace, where the owners of the G1 and future Android-powered phones will be able to download those programs.

Google said that developers would have virtually unfettered access to the marketplace, leaving it up to consumers — not Google or T-Mobile — to decide what they want to run on their phones.

FBI investigates Four Wall Street firms Over Sub-prime Meltdown

Via Guardian UK -

The FBI is investigating four Wall Street institutions at the heart of the financial crisis over their role in the sub-prime mortgage meltdown, it emerged today.

Reports said preliminary investigations into potential corporate fraud at the US mortgage finance giants Fannie Mae and Freddie Mac, the insurer American International Group and the investment bank Lehman Brothers had been opened.

They are among 26 companies being scrutinised by the FBI. Freddie Mac, Fannie Mae and AIG were bailed out by the government in the last fortnight, while Lehman Brothers filed for bankruptcy.

Senior executives at the companies are also believed to be in the FBI's sights, while the securities and exchange commission is also reportedly assessing possible civil fraud claims against the four firms.

"The FBI continues to investigate a number of companies for sub-prime lending practices, but the department brings criminal prosecutions based solely on the facts and the law," Brian Roehrkasse, a Justice Department spokesman, said.

"Where we find evidence of criminal wrongdoing, we will prosecute."

Several California institutions, including IndyMac Bank of Pasadena, which collapsed in July at a cost of $8.9bn (£4.7bn), are reported to be under investigation.

Countrywide, formerly the largest mortgage lender in the US and now owned by Bank of America, is also under scrutiny.

Tuesday, September 23, 2008

Hacker Resolves iPhone Screenshot Security Issue

Via Wired -

Two weeks after exposing a screenshot privacy issue in iPhone, hacker Jonathan Zdziarski has figured out a way to prevent it.

Zdziarski explained to Wired.com that the issue occurs when you press the Home button on the iPhone to return to the main screen, and the window of the application you have open shrinks and disappears. In order to produce that shrinking effect, the iPhone snaps a screenshot and temporarily stores it -- and hackers or forensics experts can eventually recover these photos. To fix the problem, you'd essentially have to disable the handset from storing the screenshots, he told Wired.com in an e-mail.

Granted, fixing the problem requires hacking -- or "Jailbreaking," as the community calls it -- your iPhone yourself. (Steps on that procedure can be found at the iPhone DevTeam blog.) And as you might imagine, tampering with that effect will make things less pretty: When resuming an application, you'll get the default screen, since you'll no longer have stored screenshots cached. For example, when re-launching your Mail application it will always zoom to the front and appear as though it's empty, but after the application fully resumes it'll look normal, Zdziarski explained.

Nonetheless, if privacy is your utmost concern, here are the steps:

1. After Jailbreaking your iPhone, use an OpenSSH application to gain root privileges to your iPhone.
2. Using the OpenSSH app, enter the following commands in the prompt:

  • # rm -rf /var/mobile/Library/Caches/Snapshots
  • # ln -s /dev/null /var/mobile/Library/Caches/Snapshots

Those commands will disable screenshot writing. And if you wish to undo this, delete the symlink and the directory will get recreated.

This sort of tampering isn't for the faint of heart, so exercise caution. And though this workaround addresses one major privacy issue, Zdriarski stresses that there are still plenty of other ways forensics examiners and hackers can recover other data, such as your keyboard cache, Safari cache and Google Maps lookups.

Ideological Conflict Puts Al Qaeda on the Defensive

Via FAS Secrecy News -

Al Qaeda is “imploding,” a State Department counterterrorism official told the Associated Press last week, as a result of growing opposition in the Muslim world.

The implication that al Qaeda’s demise may be imminent is almost certainly incorrect. But what is true is that “a severe intellectual conflict has emerged” within the jihadist movement, said Kamal Habib, a former official of the Egyptian Jihad Organization (Al Arab, September 14).

Over the past year, al Qaeda has been publicly criticized by several of its own former supporters and ideological leaders, most notably Sayyid Imam Al-Sharif, also known as Dr. Fadl, who once saved the life of Usama bin Laden.

“Sayyid Imam is viewed as the greatest and most important authority for all of the jihadist salafist groups,” said Kamal Habib.

So when Sayyid Imam declared in a November 2007 book that killing non-combatant civilians, including Christians and Jews, is prohibited and that Al Qaeda’s conduct of jihad against the west was illegitimate, it produced an ideological earthquake within Islamist ranks.

“Fadl’s arguments undermined the entire intellectual framework of jihadist warfare,” wrote Lawrence Wright in an illuminating article in The New Yorker (June 2, 2008).

“Al Qaeda senior leaders in 2008 have devoted nearly half their airtime to defending the group’s legitimacy,” observed National Intelligence Officer Ted Gistaro in an August 12 speech (pdf). “This defensive tone … reflects concern over allegations by militant leaders and religious scholars that al Qaeda and its affiliates have violated the Islamic laws of war, particularly in Iraq and North Africa.”

One of the major al Qaeda responses came in a book by bin Laden deputy Ayman al Zawahiri called “The Exoneration: A Treatise Exonerating the Community of the Pen and the Sword from the Debilitating Accusation of Fatigue and Weakness” (pdf).

The book is an attempt to defend the legitimacy of al Qaeda’s tactics, including the killing of civilians, against the critiques of Sayyid Imam and other Islamic figures.

“Those who claim that killing innocent persons is absolutely forbidden are in a position of accusing the prophet, may God’s peace and prayers be upon him, his companions, and the generation following them that they were killers of innocent persons, as they see it,” wrote Zawahiri.

He noted that the prophet authorized the use of catapults, which do not discriminate between innocent and guilty, and he also killed all the males of a Jewish tribe “and made no distinction between one person and another.”

“The Exoneration,” which was published in January 2008, was translated a few months later by the DNI Open Source Center. The translation has not been approved for public release, but a copy was obtained by Secrecy News.

“Zawahiri’s strategic thinking and understanding of asymmetrical warfare and revolutionary violence is heavily indebted to vanguardism, a Leninist theory of revolution which posits that a small, revolutionary elite uses violence to rouse the people to fight against the government,” according to a contractor analysis (pdf) performed for the Department of Defense and obtained by Secrecy News.

“The potential problem with Zawahiri’s application of the theory of vanguardism… is that terrorism usually diminishes the support of both the government as well as the terrorist organization,” as appears to be the case today.

"The Fedayeen of Islam" Claims Responsibility for Marriott Attack in Pakistan

Via CNN -

[...]

Meanwhile, Al-Arabiya TV reported Monday that it received a claim of responsibility for the attack by a previously unknown group called "The Fedayeen of Islam," but noted that it could not authenticate the audio recording or the name of the group.

According to the recording, the group said 250 U.S. Marines and other U.S. and NATO officials were inside the hotel at the time of the attack.

It said the group regretted the attack, but said it was necessary to press its demands, including an end to U.S.-Pakistani joint efforts and a halt to all military operations in Pakistan's tribal regions.

No arrests have been made in connection with the attack. But Malik said suspicion was falling on militants in Pakistan's tribal regions.

"I am not in a position to tell you who has done it, but (in) all the previous investigations, all the roads have gone to South Waziristan," he said.

South Waziristan is one of seven agencies of Pakistan's tribal areas where Taliban and al Qaeda militants are active.

Saturday's massive blast left a nearly 18-meter-wide (60 foot) crater, which was 7m deep (24 feet). It also caused a natural gas leak that set the top floor of the five-story, 258-room hotel on fire, police said. The blaze quickly engulfed the entire structure. At least 57 people were killed.

The blast occurred about 7:50 p.m., after the breaking of the fast during the holy month of Ramadan.

[...]

Estonia Arrests High-Ranking Official Under Suspicion of Spying

Via TopNews.in -

Tallinn - Authorities in Estonia have arrested a former high-ranking official in the defence ministry and his wife under suspicion of treason, local media reported on Monday.

The prosecutor's office said Herman Simm collected classified information and passed it on to representatives from another country.

The authorities will not release any details about the case, nor will they say which country hired the alleged spy, Gerrit Maesalu, spokesman for the State Prosecutor's Office, told Postimees Online.

However, citing unofficial information, the Baltic News Service has reported that Simm worked for Russia, making him the first official suspected of treason since Estonia broke away from the Soviet Union in 1991.

"It's a good thing that a crime has been solved and the suspects have been arrested," the Baltic nation's Defence Minister Jaak Aaviksoo told the press on Monday.

Simm's wife, who has also been arrested, has worked as an attorney at the department of police since 1995.

According to Estonia's law, those who are found guilty of treason face three to 15 years in prison.

Working in the defence ministry since 1995, Simm headed the department charged with protecting state secrets. He led a team charged with setting up a security system to protect clandestine state information as Estonia prepared to join the EU and NATO in 2004.

North Korea Asks IAEA to Pull Remove Reactor Seals & Surveillance Equipment

Via Washington Times (AP)

VIENNA, AUSTRIA (AP) - North Korea asked the U.N. nuclear watchdog Monday to remove seals and surveillance equipment from the Yongbyon nuclear reactor, the agency chief said, heightening concerns that the communist nation may be preparing to restart its nuclear program.

International Atomic Energy Agency chief Mohamed ElBaradei told the 35-nation IAEA board that North Korea said it wanted to "carry out tests at the reprocessing plant, which they say will not involve nuclear material."

Still, the move suggested the country was making good on its threat last week to restart the nuclear program, which led to an underground nuclear test blast nearly two years ago.

In Washington, State Department spokesman Robert Wood said: "Everyone views this issue with the utmost of concern," telling reporters that over the coming weeks, diplomatic efforts would continue to try and defuse the danger of a resurgent nuclear North Korea.

North Korea had said that it was making "thorough preparations" to start up Yongbyon, which it began disabling last year under a now-stalled disarmament-for-aid deal.

"Some equipment previously removed by the DPRK during the disablement process has been brought back" to Yongbyon, ElBaradei told the closed meeting in comments made available to reporters. DPRK is the abbreviation of North Korea's official name, the Democratic People's Republic of Korea.

While the reactor remains shut down, "this morning, the DPRK authorities asked the agency's inspectors to remove seals and surveillance equipment," he said.

The agency has been monitoring the nuclear facilities at Yongbyon, which were shut down and then sealed as part of a North Korean pledge to disable its nuclear program. That move was meant to be a step toward eventually dismantling Yongbyon in return for diplomatic concessions and energy aid equivalent to 1 million tons of oil under a February 2007 deal with South Korea, the U.S., China, Russia and Japan.

The accord hit a snag in mid-August when the U.S. refused to remove North Korea from its list of states that sponsor terrorism until the North accepts a plan to verify a declaration of its nuclear programs it submitted earlier.

IAEA Unsure of Iran's Nuclear Program

Via Yahoo News! (AP) -

VIENNA, Austria - The head of the International Atomic Energy Agency warned Monday that he cannot determine whether Iran is hiding some nuclear activities, comments that appeared to reflect a high level of frustration with stonewalling of his investigators.

IAEA head Mohamed ElBaradei said Iran's stonewalling of his agency was a "serious concern."

"Iran needs to give the agency substantive information" to clear up suspicions, he said at the start of a 35-nation board IAEA meeting, in comments made available to reporters.

Diplomats at the gathering described ElBaradei's comments as unusually blunt.

ElBaradei rejected the Iranian suggestion that the IAEA probe could expose non-nuclear military secrets, saying the IAEA "does not in any way seek to 'pry' into Iran's conventional or missile-related military activities."

"We need, however, to make use of all relevant information to be able to confirm that no nuclear material is being used for nuclear weapons purposes," he said, urging Iran to "implement all measures required to build confidence in the exclusively peaceful nature of its nuclear program at the earliest possible date."

If Tehran fails to do so, the IAEA "will not be able to provide credible assurances about the absence of undeclared nuclear material and activities in Iran," he said.

A senior Iranian envoy accused the United States of trying to use the IAEA as a tool in Washington's confrontation with Tehran. Iran, he said, has demonstrated full cooperation with the agency. Allegations of nuclear weapons work by Tehran is based on forged documents and the issue is closed, the envoy said.

With time running out before Tehran develops potential nuclear weapons capacity, some worry that Israel or the U.S. might resort to military strikes if they believe all diplomatic options have been exhausted.

US Intercepts Seven Tons of Cocaine in Sub off Central America

Via International Business Times (AP) -

The U.S. Coast Guard says it intercepted a submarine-like vessel carrying 7 tons of cocaine off Central America's coast.

The Coast Guard says a U.S. Navy aircraft spotted the 60-foot vessel Wednesday about 400 miles south of the Mexico-Guatemala border.

The Coast Guard sank the vessel after determining it was too unstable to be towed to port.

The Coast Guard's statement Friday did not say if anyone was arrested. Officials didn't immediately return calls seeking comment.

The bust came four days after the U.S. Coast Guard and Navy seized another homemade submarine carrying 7 tons of cocaine. That craft was towed to a Coast Rican port and four Colombians on board were arrested.

Monday, September 22, 2008

A Little Divine (Beer) Intervention in Houston

The Saint Arnold Brewing Company is a craft brewery located in Houston, Texas. It was founded in 1994 by Brock Wagner and Kevin Bartol, graduates of Rice University, and is currently fully staffed by 21 people. The brewery is named for the patron saint of brewing, Saint Arnold of Metz. The brewery has won numerous national and international awards.

http://www.saintarnold.com/blog/index.html
If weeks of Hurricane stress has you reaching for the bottle, may we here at Saint Arnold brewing company suggest Divine Reserve 7. In this edition of the Saint Arnold Video News you'll meet Austin homebrewer Kerry Martin, the gentleman responsible for the recipe and for part of the labor that made DR7 possible.
-------------------------------------

Keep up with Saint Arnold's on Myspace as well.

If you are ever able to get your hands on a six pack of Saint Arnold Fancy Lawnmower, give it a try....very tasty.

Notorious Crime Forum DarkMarket Goes Dark

Via Wired.com -

A wave of bittersweet melancholy has descended on the thousands of phishers, hackers and credit card swindlers inhabiting the computer crime supersite DarkMarket.ws. On Tuesday the site's operator, known as Master Splyntr, announced that he was shuttering the forum, which has hummed along for nearly three years as a premier vehicle of criminal commerce.

"[R]ecent events have proven that even in our best efforts to expel and deactivate the accounts of suspected LE [law enforcement], reporters, and security agents, it is obvious that we haven't been entirely successful," Splyntr wrote in a message on the site.

Chief among those recent events is last week's arrest of Cha0, a Turkish hacker -- and alleged kidnapper -- who served as one of DarkMarket's administrators. Cha0 was known for selling high-quality ATM-skimming hardware that crooks could affix to cash machines to grab debit card swipes and PINs. Turkish police arrested Cha0 on Friday, identifying him as one Cagatay Evyapan.

"It is apparent that this forum … is attracting too much attention from a lot of the world services (agents of FBI, SS, and Interpol)," wrote Splyntr. "I guess it was only time before this would happen. It is very unfortunate that we have come to this situation, because ... we have established DM as the premier English speaking forum for conducting business. Such is life. When you are on top, people try to bring you down."

DarkMarket is the only survivor among the handful of crime forums that emerged to fill the hole left by the Secret Service's "Operation Firewall" in October 2004. In that unprecedented law enforcement crackdown, the agency used an informant to target what was then the top crime site, Shadowcrew.com. Twenty-eight fraudsters were arrested in coordinated raids, and Shadowcrew was shuttered.

Like Shadowcrew and earlier sites, DarkMarket lets buyers and sellers of stolen identities and credit card data meet and do business, in an entrepreneurial, peer-reviewed environment. Products for sale run the gamut from specialized hardware, to electronic banking logins collected from phishing attacks, stolen personal data needed to assume a consumer's identity ("full infos") and credit card magstripe swipes ("dumps), which are used to produce counterfeit cards. Vendors are encouraged to submit their goods for review before offering them for sale.

New Apple Quicktime / iTunes Zeroday Rated High

Via PocketGamer.biz -

A vulnerability within QuickTime 7.5.5 and iTunes 8.0 has been uncovered by security researchers, and given a CVSS Severity rating of 9.3 (high) by the National Vulnerability Database.

The flaw in security is being exploited by malicious code hidden inside embedded MP3 files on web pages and through a long type attribute in a QuickTime tag. According to the VND, the security gap is a "Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 [that] allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code."

So far there's been no response from Apple regarding the bug, though only last week it addressed other bugs in the QuickTime system.

People are also being warned against an email that offers 'Virtual iPhone games!" and sometimes contains the subject line "Apple: The most popular game!". The email attachment (Penguin.Panic.zip) has been confirmed to contain the malware listed as Agent-HNY Trojan, so caution is advised when it comes to Apple related messages and websites for the time being.

--------------------------------------

We are waiting Apple...waiting for a response...to see if you are serious about changing the way you respond to security issues.

There is a released public exploit on the internet, it has been rated as high and affect one of your most widely installed pieces of software...hello?

Does Apple take security serious? Perhaps.

Does Apple take the security of their users serious? Very Unlikely

FBI Searches Apartment of Alleged Palin E-mail Hacker

Via CNET -

Federal authorities are ramping up an investigation of a 20-year-old college student for allegedly hacking into Alaska Gov. Sarah Palin's e-mail account.

The FBI searched the apartment of alleged hacker David Kernell on Sunday morning, and three of Kernell's roommates could testify this week about the case before a grand jury in Chattanooga, according to local news reports.

After it was discovered that the Republican vice presidential candidate's personal Yahoo e-mail account was hacked into, reports began circulating that the hack could be traced back to Kernell, a University of Tennessee student and son of Democratic Tennessee state representative Mike Kernell.

Witnesses told a local television station that the FBI served a search warrant at Kernell's Knoxville, Tenn., apartment early Sunday morning, interrupting a party, and spent more than an hour taking pictures of the apartment. Kernell's three roommates were subpoenaed to testify this week, a witness also said.

The hacker gained access to Palin's account by guessing certain personal details about the governor's life and then resetting her password to "popcorn." ZIP files with content from Palin's account were posted on the Internet.

Laura Sweeney, a Justice Department public-affairs specialist, confirmed that there was investigatory activity relating to the Palin hack in Knoxville over the weekend but said no criminal charges have been filed against anyone.

Sunday, September 21, 2008

Yemen Arrests Leader of Islamic Jihad Group

Via Reuters -

Yemeni authorities have arrested the leader of the Islamic Jihad group which had claimed responsibility for a suicide attack on the U.S. embassy that killed 17 people, a state-run website said on Sunday. The September 26 site (26sep.net) said group leader Abu al-Ghaith al-Yamani was among six people arrested "for threatening to target foreign embassies".

On Thursday, the group, which had said it was behind Wednesday's twin car bombings of the embassy, said it belonged to al Qaeda and threatened to attack the British and Saudi embassies and assassinate high state officials unless the government freed its jailed members.

Al-Qaida, Pakistani Taliban Eyed in Marriott Attack

Via Topix.net -

Rescuers pulled more bodies from the shell of the truck-bombed Marriott Hotel in Pakistan's capital Sunday, pushing the death toll from one of the country's worst terrorist strikes to 53, including the Czech ambassador and two Americans.

The five-story hotel, a favorite spot for foreigners and the Pakistani elite _ and a previous target of militants _ still smoldered from a fire that raged for hours after the previous day's explosion, which also wounded more than 250 people.

No group immediately claimed responsibility, though suspicion fell on al-Qaida and the Pakistani Taliban. IntelCenter, a U.S. group that monitors and analyzes militant messages, noted that al-Qaida's 9/11 anniversary video threatened attacks against Western interests in Pakistan, where many are angered by a wave of cross-border strikes on militant bases by U.S. forces in Afghanistan.

The bomb went off close to 8 p.m. Saturday, when the restaurants inside would have been packed with Muslim diners breaking their daily fast during the holy month of Ramadan.

The owner of the hotel accused security forces of a serious lapse in allowing a dump truck to approach the hotel unchallenged and not shooting the driver before he could trigger the explosives.

'If I were there and had seen the suicide bomber, I would have killed him. Unfortunately, they didn't,' Sadruddin Hashwani said.

The government released footage from a hotel surveillance camera showing the heavy truck turning left into the gate at speed, ramming a metal barrier and coming to a halt about 60 feet away from the hotel.

Guards nervously came forward to look, then scattered after an initial small explosion.

Several guards tried repeatedly to douse flames spreading through the cab of the truck as traffic continued to pass on the road behind. There is no sign of movement in the truck and the footage played did not show the final blast.

Prime Minister Yousuf Raza Gilani said the bomber attacked the hotel only after tight security prevented him from reaching Parliament or the prime minister's office, where the president and many dignitaries were gathered for dinner.

'The purpose was to destabilize democracy,' Gilani said. 'They want to destroy us economically.'

--------------------------------

Other details from another Reuters report....

Four foreigners were killed including the Czech ambassador, his Vietnamese partner and two members of the U.S. armed forces assigned to the U.S. embassy. Denmark's security service said one of their staff, attached to the Danish mission in the capital, was missing, presumed dead. An American State Department employee was also missing, a spokesman said.