Saturday, June 28, 2008

NSA Certifies General Dynamics's FASTLANE KG-75A Encryptor

Via DarkReading -

The National Security Agency (NSA) has certified General Dynamics C4 Systems’ FASTLANE® KG-75A encryptor for securing high-speed, high-volume transmission of voice, video and data, classified up to Top Secret, across two common network platforms: Synchronous Optical Networks (SONET)/Synchronous Digital Hierarchy (SDH) and asynchronous transfer mode (ATM) networks.

Currently employed by military, government and public networks worldwide, the FASTLANE KG-75A provides a software-based, graphical user interface that enables users to transition between ATM and SONET/SDH functionality without hardware change or modification, simplifying integration and operation for either network.

“The FASTLANE KG-75A encryptor is the first NSA-certified, network encryptor to offer programmable, multi-data rate encryption for information classified up to Top Secret over both SONET/SDH and ATM networks,” said John Cole, vice president of Information Assurance for General Dynamics C4 Systems. “The more than 176,000 General Dynamics encryptors reflect our company’s expertise in this market. Government and military users have a complete portfolio of General Dynamics interoperable information security products that are available whenever and wherever needed."

Montgomery Ward Failed to Inform Customers of Data Breach

Via -

An old name in retail was hit by a modern scourge - a hack of its customers' credit card numbers - but didn't inform the consumers, revealing how data breaches might be heavily undercounted even with new notification laws.

At least 51,000 records were exposed in the breach at the parent company of Montgomery Ward. The venerable Wards chain that began in 1872 went out of business in 2001, but in 2004 a catalog company, Direct Marketing Services Inc., bought the brand name out of bankruptcy. It now runs a Web site along with six other sites, including three with Sears brands it has acquired:, and

Direct Marketing Services' CEO, David Milgrom, said the financial company Citigroup detected the computer invasion in December. By going through, another Direct Marketing Services site, hackers had plundered the database that holds account information for all the company's retail properties.

Milgrom said Direct Marketing Services immediately informed its payment processor and Visa and MasterCard. Then, Milgrom said, Direct Marketing Services closely followed a set of guidelines, issued by Visa, on how to respond to a security breach. That included a report to the U.S. Secret Service. He said he believed by the end of December that Direct Marketing Services had met its obligations.

However, those guidelines from Visa are largely technical, and they do not cover a key additional step: that notification laws in nearly every state generally require organizations that have been hacked to come clean to the affected consumers, not just to the financial industry.

Companies that fail to comply can be hit with fines or be sued by affected customers, depending on the state.

As a result, scores of breaches covering hundreds of millions of consumer accounts have been disclosed by banks, universities, corporations and retailers in recent years.

After being asked about those laws by The Associated Press, Milgrom said Direct Marketing Services now plans to contact consumers.

Tomato 'Repacking' Vexes The FDA

Via -

A widespread practice of mixing tomatoes from different farms at produce distribution centers has made it impossible so far to trace the source of a nationwide salmonella outbreak that has sickened hundreds, federal regulators said Friday.

Dr. David Acheson, an associate commissioner for the Food and Drug Administration, acknowledged that the extent of the practice, known as "repacking," was a surprise to agency investigators, and that it vastly complicates the process of tracing the path of tomatoes from farm to store.

"We are learning that this is a very common practice," said Acheson. "Possibly 90 percent of tomatoes are repacked."

The agency has found, for example, that tomatoes from Mexico have been shipped to Florida, repacked and sold with tomatoes from Florida. Similarly, tomatoes from the United States are sent to Mexico, where they are repacked and shipped to the United States as a product of the United States.

None of these juggled tomatoes has yet been linked to the salmonella outbreak, but the practice illustrates one reason why FDA disease detectives have had no success in tracking the bug back to the farms in Mexico or southern Florida, where they think it may have originated.

"We've got to examine the whole traceability system," Acheson said.


Is the FDA serious?

Are we sure this isn't the Drug and 'When We Are Forced to Look at' Food Administration?

Thursday, June 26, 2008

Woman Accused of Spying for China at Motorola

Via -

A Chinese spy was caught "red-handed," according to federal authorities, as she was about to board a plane at O'Hare bound for Beijing.

Hanjuan Jin says she worked as a computer engineer for Schaumburg-based Motorola, a global leader in communications technology.

Federal agents say Jin was also working as a spy for a Chinese company, and she has been charged in a corporate espionage case that reflects a growing national security problem.

She doesn't look much like the villainess in a James Bond film. But the FBI says 37-year-old Hanjuan Jin played the spy role in real life.

Jin, a Chinese-born American citizen and graduate of the Illinois Institute of Technology, had been working at Motorola headquarters in Schaumburg since 1998. She was a software engineer, living in a comfortable townhouse not far from her job.

Two years ago, according to a federal indictment handed up in April, Jin went on medical leave from Motorola.

Despite claiming to be deathly ill, investigators say, she traveled from Chicago to Beijing where she agreed to work for a Chinese tech company that allegedly recruited her to steal Motorola secrets.

"The federal government is saying basically that you're a corporate spy. What about that?" the I-Team's Chuck Goudie asked Jin.

"No, I'm not. I'm not. I'm not," she responded.

"You're not a spy?" Goudie asked.

"They made a mistake," Jin said.

According to the indictment, a Chinese executive told Jin, "You should share in the fruit of our collective effort," once she'd stolen top-secret Motorola files, schematics and military communication plans.

When Jin returned to Motorola from medical leave in February of 2007, authorities say, she did just that, downloading hundreds of confidential documents from the company's supposedly secure internal network, including documents related to public safety organizations in Africa, the Middle East and Europe.

Two days later, she arrived at O'Hare Airport with a one-way ticket to Beijing.

"What were you doing at O'Hare Airport with a one-way ticket to China?" Goudie asked.

"No, I go to visit my mom. My husband and my mom are China," she said.

Hanjuan Jin was just a few steps away from boarding a United 747 non-stop to China. It was only a routine check of passengers by customs agents that revealed she was carrying $30,000 in cash after declaring she had only $10,000.

"Why were you on a one-way ticket?" Goudie asked.

"Because I can buy it cheaper to China," Jin said.

"They say you're a spy," Goudie said.

"They say that, but it's not true. They make mistake. They're paranoid. They wrongly accuse me. I have fatal disease," Jin said.

"What is the fatal disease?" Goudie asked.

"I have TB and meningitis," Jin said.

"You have tuberculosis?" Goudie asked.

"I almost died," Jin responded.

During the search of Jin and her bags at O'Hare, federal agents say they found a laptop computer and more than 30 compact data storage devices containing stolen Motorola files.

Jin told Goudie the files had been given to her by a supervisor at Motorola to refresh her memory from the medical leave.

"He assigned me too much work. I couldn't do it," Jin said.

"So you were gonna take and do it in China?" Goudie asked.

"That's OK," Jin responded before getting into a car.


Right...and I am sure those "military communication plans" were not going to the China government.

If you are carrying 30k dollars in cash...why would you care about a "cheaper" one-way ticket?

United States law [31 U.S.C. §§ 5316(a)(1)(B), 5322(a)] says that if you try to leave or enter the country with $10,000 or more in cash, you must declare it. The penalty for not doing so is a jail sentence of up to five years, a $250,000 fine, and government confiscation of the money that you tried to smuggle out.

Seriously...she was gone and wasn't coming back.

Good stop guys. Good stop.

Facebook Suspends "Top Friends" App Due to Personal Information Leakage

Via CNET -

Vancouver-based computer technician Byron Ng, who likes to prod social networks for holes and other errors, stumbled across a way to learn more about Facebook users than you're supposed to be able to--prompting Facebook to suspend the Top Friends application late on Wednesday.

Until Facebook suspended the Top Friends app, created by Slide, anyone could browse partial profiles of anyone else on Facebook who had added Top Friends to their page. CNET confirmed that the security hole exposed the birthdays, gender, and relationship status of strangers, including Facebook executives, the wife of Google co-founder Larry Page, and one profile that seemed to belong to Paris Hilton that used her middle name "Whitney."

Basically, the app was not obeying the privacy settings specified by the user, enabling anyone with the know-how to bypass the security once they obtained someone's Facebook ID number.

"We expect third-party apps to follow the rules the users set," Ben Ling, director of platform product management at Facebook, said in a phone interview Wednesday. "With Top Friends, the privacy settings of the user were not being respected according to the privacy policy terms of use."

Less than six hours after CNET contacted Facebook on Wednesday about the matter, the company decided to suspend the Top Friends app, meaning no one can use it, Ling said. The company is also conducting an ongoing investigation into the matter, he said.

Meanwhile, another third-party app that Ng disclosed a security hole in, Super Wall, was fixed. With Super Wall, which was created by RockYou, no personal data is revealed, but anyone could have viewed the Super Wall of any other user, even if they were not friends.

Fired Houston Organ Bank Tech Director Accused of Hacking into System

Via Chron (Houston) -

The fired technology director of a Houston organ donation company has been accused of hacking into its computer system and deleting records.

A federal indictment alleges that over two days in November 2005, Danielle Duann illegally accessed and damaged LifeGift Organ Donation Center's database.

The agency recovers organs and tissue from the deceased for distribution in 109 Texas counties. Recipients live in a broad swath of the state including Houston, Fort Worth, Lubbock and Amarillo.

After Duann, 50, was fired as the agency's director of information technology, she is accused of accessing the system and issuing commands that wiped out organ donor information and accounting files.

"There was no interruption in clinical operations as a result of the deletion of files, therefore no lives of transplant candidates were in jeopardy," LifeGift spokeswoman Catherine Burch Graham said Tuesday afternoon.

The agency recovered the information from a backup system.

"All of the files were back within several months of the hacking and clinical operations were not affected in any way," Graham said.

Duann is charged under a statute that makes it a federal crime to use technology to impair, or potentially impair, medical examination, diagnosis, treatment and care.

Graham said she could not elaborate on the reason why Duann was fired after a 2 1/2-year tenure.

The intrusion cost the center, which coordinates organs and tissue donations to 200 hospitals in the Southwest, $70,000.

The case is being prosecuted by lawyers from the local U.S. Attorney's Office and the Justice Department's computer crime and intellectual property section.

Duann's face was wet as she was escorted by a U.S. Marshal Tuesday afternoon and she was unable to respond to questions.

If convicted, the former computer chief faces up to 10 years in prison and a $250,000 fine.


If donation information was lost, someone could have been killed because of her actions.

Crazy. Sad.

Dutch Gov Gags Oyster Researchers

Via The Register UK -

The publication of a scientific paper by Radboud University that discusses design flaws of the MIFARE chip in cards such as the Oyster travelcard may be in jeopardy. Dutch secretary of state Tineke Huizinga has urged the university not to publish any secrets that may lead to abuse.

Last week researchers from Radboud University in Nijmegen revealed they had cracked and cloned London's Oyster travel card. Earlier this year the researchers did the same to the Dutch MIFARE travel card. As a result, the introduction of the €1bn transport payment system in the Netherlands has now been postponed.

The Dutch researchers were planning to publish their scientific paper, appropriately named Dismantling MIFARE Classic, at the European Computer Security Conference Esorics in October, but secretary of state Huizinga has called upon the university to exercise responsibility. Radboud is now declining any media request that specifically addresses the vulnerabilities of the MIFARE chip.

Researcher Bart Jacobs admits that the issue is sensitive, but doesn't believe the publication will threaten present installments of the cards. "A mathematical analysis is not the same thing as writing attack code," Jacobs says in an internal memo. "It requires a lot of expert work to transform the analysis from the Esorics paper into a working device for performing attacks on card installations."

However, he warned that other groups may already have started writing tools and released them on the net.

"Killing the messenger does not solve the problem," Jacobs says. "This paper serves the interest of our society. The problems are real and should be addressed on the basis of sound and well-informed judgment."


The MIFARE chip is a commercial product that is used by many companies, beyond the British Government....therefore this attempt by the Dutch Gov to restrict this vulnerability knowledge is counter to protecting the security of those affected companies. But this gag attempt is in the best interest of NXP's bottom line...

Again, this is a paper of ideas...not a tool..or a hacking is pure information.

The truth will be exposed, regardless of an attempt to throw a blanket over it.

Wednesday, June 25, 2008

Saudi Marriage Official Says 1-Year-Old Brides OK

Via Fox News -

Saudi marriage officiant Dr. Ahmad al-Mu’bi told Lebanese television viewers last week that it’s permissible for girls as young as 1 to marry — as long as sex is postponed.

Al-Mu’bi’s remarkable comments also included an explanation that “there is no minimal age for entering marriage.”

“You can have a marriage contract even with a 1-year-old girl, not to mention a girl of 9, 7 or 8,” he said. “But is the girl ready for sex or not?” What is the appropriate age for sex for the first time? This varies according to environment and tradition,” al-Mu’bi said.

Hackers Crack London Tube's Ticketing System

Via Wired Blog -

Dutch security researchers rode the London Underground free for a day after easily using an ordinary laptop to clone the "smartcards" commuters use to pay fares, a hack that highlights a serious security flaw because similar cards provide access to thousands of government offices, hospitals and schools.

There are more than 17 million of the transit cards, called Oyster Cards, in circulation. Transport for London says the breach poses no threat to passengers and "the most anyone could gain from a rogue card is one day's travel." But this is about more than stealing a free fare or even cribbing any personal information that might be on the cards.

Oyster Cards feature the same Mifare chip used in security cards that provide access to thousands of secure locations. Security experts say the breach poses a threat to public safety and the cards should be replaced.

"The cryptography is simply not fit for purpose," security consultant Adam Laurie told the Telegraph. "It's very vulnerable and we can expect the bad guys to hack into it soon if they haven't already."

The Dutch government has taken the breach seriously and says it is upgrading the smartcard system that secures its buildings. "It's a national security issue," a spokesman for the Dutch Interior Ministry told reporters. "We're in the process of replacing the cards of all 120,000 civil servants at central government level."

According to the Times, Radboud University researcher Bart Jacobs and his team used an ordinary laptop to clone an access card to a building in the Netherlands. When that worked, they went to London to test the technique on the Underground.

RFIDs Cause Hospital Machine Incidents

Via BBC -

Lifesaving equipment in hospitals may be switched off by radio-frequency devices used to track people and machines, Dutch scientists claim.

Radio frequency identification devices (RFIDs) are on the rise in healthcare, helping identify patients, and reveal the location of equipment.

The Journal of the American Medical Association study found they could interfere with machines.

But NHS computer specialists said RFIDs could eventually make patients safer.

There are two types of RFID, one which transmits information, and another, "passive", device which can be "read" by a powered machine when it is held nearby.

They are small and cheap enough to be in everyday use in society, in everything from security and travel cards - such as London Transport's Oystercard, to anti-theft devices on goods in shops, and hospitals are starting to become aware of their potential.

At Heartlands Hospital in Birmingham, patients heading for the operating theatre wear an RFID wristband, so that even when anaesthetised, their full identity, including a picture, can be downloaded into a PDA held nearby.

The latest research, conducted at Vrije University in Amsterdam, tested the effect of holding both "passive" and powered RFIDs close to 41 medical devices, including ventilators, syringe pumps, dialysis machines and pacemakers.

A total of 123 tests, three on each machine, were carried out, and 34 produced an "incident" in which the RFID appeared to have an effect - 24 of which were deemed either "significant" or "hazardous".

In some tests, RFIDs either switched off or changed the settings on mechanical ventilators, completely stopped the working of syringe pumps, caused external pacemakers to malfunction, and halted dialysis machines.

The device did not have to be held right up to the machine to make this happen - some "hazardous" incidents happened when the RFID was more than 10 inches away.


Shouldn't medical equipment be shielded from interference like this?

Is there no standard for industry/medical equipment?

Virgin Media Loses Details of 3K Cusomters on Unencrypted CD

Via Heise Security -

Virgin Media has disclosed that an unencrypted CD containing personal details of around 3000 customers went missing on 29 May.

Normally, Virgin uses encrypted FTP to transfer files between offices, but in this case an unnamed member of staff burned the data onto a CD instead. It is not clear whether the CD was sent by commercial carrier or by internal messenger between two of the media giant's offices, but it never arrived at its destination. The Office of the Information Commissioner has been informed, and the member of staff has apparently been identified and is being "dealt with". Virgin has described the loss as an "isolated incident", has undertaken to contact all affected customers, and is apparently reviewing its security policies and procedures.

Customers at risk would have signed up to Virgin services in Carphone Warehouse stores from January 2008.

Stanford Stolen Laptop Leaks Data on 62K Employees

Via -

A data breach resulting from a stolen laptop has leaked sensitive information including Social Security Numbers of approximately 62,000 (as reported by Stanford University) former and current Standford University employees. The Privacy Rights Clearinghouse, a site devoted to the collection of data breach information, reports this number as 72,000, and I’m not positive which is more accurate at this time. Stanford’s site says that original estimates placed the number at 72,000, so I’m inclined to believe that the number is actually 62,000.

This is just the newest example of a university falling pray to data breaches… in fact, if you look through the aforementioned Privacy Rights Clearinghouse site, you’ll see numerous universities listed, with some pretty amazing numbers of records stolen.

For the record, this isn’t to point the finger at Stanford, the point of the article is simply to suggest that just like financial service organizations, health care providers, etc., schools (and I say schools since this could translate to high schools just as easily) have an amazing amount of data available and typically have less stringent security controls and governing compliance demands.

Monet Lilies Painting Sells for Record at Auction

Via Bloomberg -

A Claude Monet painting of water lilies sold tonight for a record 40.1 million pounds ($79 million) with fees at Christie's International in London.

Monet's 6-foot, 7-inch-wide canvas, "Le Bassin aux Nympheas," dating from 1919, had been expected to sell for between 18 million pounds and 24 million pounds, said Christie's. The auction house said the seller had been guaranteed an unspecified minimum price.

The previous auction record for Monet was set in May at Christie's, New York, when the 1873 canvas, "Le Pont du Chemin de Fer a Argenteuil," sold for $41.5 million with fees, according to the saleroom result tracker Artnet.

"So much for the Impressionist market being dead," said James Roundell, a London art dealer. "If you can get good pictures and price them low, people will buy."

The Monet picture was the second-most expensive painting sold at a European auction, after the Rubens work "The Massacre of the Innocents" in July 2002, bought by newspaper magnate Ken Thomson for 49.5 million pounds.

A weak dollar and strong demand from new Russian buyers have encouraged Americans to sell Impressionist works in the U.K. capital. The Monet was part of a group of 17 works entered from the estate of the late J. Irwin and Xenia S. Miller, collectors from Columbus, Indiana. Their paintings had not been seen on the market for several decades.


Many Thanks to my good friend, Sonia Semone, for the tip.

Tuesday, June 24, 2008

Day in Pictures - Firewalking in Spain

Via BBC -

In Spain, a reveller walks on burning embers on the night of San Juan, when people make wishes as they burn unwanted objects.

Monday, June 23, 2008

New Trojan Leverages Unpatched Mac Flaw

Via -

A tool for exploiting an unpatched security hole in Mac OS X systems has been developed and until earlier today was being distributed through an online forum that caters to Mac hackers, Security Fix has learned.

The exploit tool, labeled "Applescript Trojan horse template" by hackers at, appears to be a collective and ongoing effort to create a package of malicious software that capitalizes on the ARDagent security hole first publicized last week. The vulnerability essentially allows any program to run on a Mac user's machine without first prompting the user to enter his or her user name and password.

Currently, the Macshadows user forum appears to have been wiped clean, both from the Web site and from Google's cache. However, Security Fix obtained screen shots of forum postings from the code's authors, which are sprinkled throughout this blog entry. It appears that development of this malware started back in mid-May.

Security Fix also obtained a copy of the Trojan horse template from an anti-virus industry expert who asked to remain anonymous. An analysis of the code by noted security researcher Dino Dai Zovi indicates that it is designed to be bundled with any downloadable Mac program, with the aim of turning an otherwise legitimate program into an exploit toolkit capable of handing control of the system to attackers.

"This could be bundled with any arbitrary application very easily," Dai Zovi said of the Trojan template. "Most people assume that if something is going to do something dangerous, that it will ask you for your password first, but this won't."

Dai Zovi said the Trojan tries two different exploits to install itself without having to prompt the user for his or her system credentials. One exploit is the aforementioned ARDagent attack; the other is for a privilege escalation vulnerability that Apple patched in 2006. (As an interesting aside, Dai Zovi himself reported that latter vulnerability to Apple back in 2006, only to later learn that exploit code for that same vulnerability had been publicly posted online prior to Apple issuing a patch for the flaw).

Technocrat in Washington DC

Hey everyone,

I am current in Washington DC, getting a bit of corporate re-education (aka security cert training).

Due to the need for constant studying, I will be unable to blog as much as normal...but I will be back next week.

So don't go

Sunday, June 22, 2008

HSBC Web Sites Are Open to Critical XSS Attacks

Via -

Evidently, major unwanted consequences could be a result of multiple cross-site scripting vulnerabilities affecting bank web sites. XSS must be considered as the phishers' future weapon by all people working in the security industry.

Scammers can register domains and set up fake bank web sites in a few minutes. With the help of bulk e-mailers they can phish personal sensitive data from thousands of unsuspecting web users.

If they want to own HSBC's e-banking customers, all they have to do is to register a "suspicious" looking domain like which is currently available and then serve a phishing page.

Even better, they can exploit a cross-site scripting vuln on, obfuscate the attack vector and significantly increase their phishing success rate!


Check the link above for all the XSS attack vectors....

Photographer Documents Secret Satellites — All 189 of Them

Via -

BERKELEY, California -- For most people, photographing something that isn't there might be tough. Not so for Trevor Paglen.

His shots of 189 secret spy satellites are the subject of a new exhibit -- despite the fact that, officially speaking, the satellites don't exist. The Other Night Sky, on display at the University of California at Berkeley Art Museum through September 14, is only a small selection from the 1,500 astrophotographs Paglen has taken thus far.

In taking these photos, Paglen is trying to draw a metaphorical connection between modern government secrecy and the doctrine of the Catholic Church in Galileo's time.

"What would it mean to find these secret moons in orbit around the earth in the same way that Galileo found these moons that shouldn't exist in orbit around Jupiter?" Paglen says.

Satellites are just the latest in Paglen's photography of supposedly nonexistent subjects. To date, he's snapped haunting images of various military sites in the Nevada deserts, "torture taxis" (private planes that whisk people off to secret prisons without judicial oversight) and uniform patches from various top-secret military programs.

While all of Paglen's projects are the result of meticulous research, he's also the first to admit that his photos aren't necessarily revelatory. That's by design. Like the blurry abstractions of his super-telephoto images showing secret military installations in Nevada, the tiny blips of satellites streaking across the night sky in his new series of photos are meant more as reminders rather than as documentation.

"I think that some of the earliest ideas in the modern period were actually from astronomy," Paglen explains. "You look at Galileo: He goes up and points his telescope up at Jupiter and finds out, hey, Jupiter has these moons."

More significant than the discovery itself, Paglen says, was the idea that anyone with a telescope could verify it and see the same exact thing that Galileo saw -- an idea Paglen is trying to re-create in his own photographs.

"It really was analogous to a certain kind of promise of democracy," says Paglen, who sees a similar anti-authoritarian premise running through his own work.

Friday, June 20, 2008

Man's Melanoma Thwarted by Lab Grown CD4+ T Cells

Via -

Melanoma researchers may have saved a patient's life with an experimental immune system treatment that used the patient's own cells.

That patient was a 52-year-old man with recurrent melanoma that had spread to a lung and to a groin lymph node. After getting the experimental treatment, his melanoma disappeared and didn't come back during the next two years.

Since then, "we're in touch with him indirectly through his doctor," researcher Cassian Yee, MD, tells WebMD. "As far as I know, he's still doing well without any symptoms."

But the treatment isn't ready for widespread use yet, and it's not a cure, says Yee, who works at Seattle's Fred Hutchinson Cancer Research Center.

"This is just a small step," Yee says. "There are many other immunotherapy treatments that we're not doing, that other people are doing, that probably deserve more attention."
Still, Yee's team has shown that its basic idea for fighting melanoma might work.

Yee and colleagues hunted for special immune system cells called CD4+ T cells in a blood sample provided by the melanoma patient. Specifically, the scientists looked for CD4+ T-cells that targeted the man's melanoma.

The researchers isolated those cells and cloned them in their lab over several months, and then infused 5 billion of the cloned CD4+ T-cells back into the patient.

"What we and others have thought might be important is that we need to give patients more of these cancer-fighting T cells which may be present in low frequency in most people," Yee says. "You can do that either by giving them a vaccine or, in our case, we took the cells out and grew them and gave them back to him."

That may sound simple, but it's complex work.

"It's taken us many years to get to this point," Yee says. "Hopefully, we'll eventually streamline the process a bit, but it's not something most labs do."

No side effects were seen. Details of the melanoma patient's case appear in The New England Journal of Medicine.

But Yee points out that his team has tried the same T cell approach on eight other patients, none of whom has had the same success.

"There are some responses in the other patients, but not nearly as good as this one individual," Yee says. "I cannot tell you right now why that's the case."

"We are hoping to expand this study, but because it's very expensive and it takes several months to grow the T cells, only a very, very small number of patients would be eligible for the trial," Yee says. "We have far more requests than we can handle and so we are primarily interested in seeing what the next step might be in improving therapy."

Defacement: Hacked by MaXi32

Website Defacements...they can be a headache for individuals and a terrible embarrassment for corporations (and a security risk).

You wake up one morning to find your website changed and possibility even linking to some 3rd party website hosting malware. Not good at all.

You immediately jump into action, assessing the situation - How did they get in? What exploit was used? XSS? SQL Injection? Did they really change the server or is it some form of ARP Poisoning? Did they have access to sensitive data? Was anything copied or taken from the server?...the list goes and goes.

But then what? You remove the defaced page and restore the original right? Well...not everyone.

Just a couple of days ago, a friend of mine woke up to see one of his sites defaced by an Algerian Defacement Group (otherwise known as ALgeRia HaCkeRz). He assessed the situation and believes that one of the admin accounts for the site had a weak password, that must have been the entry point. He strengthen the password, case closed.

So did he remove the defaced page?

Nah...he left it, he said it was 'kinda cool' - and I kinda agree.

(Why IE, you ask? So I could hear the kick ass music embedded. =)


UPDATED (7/7/08) - The defacement has been removed. Other visitors to the site were freaking

Mac OS X Trojan Reported in The Wild

Via -

On Thursday, security vendor SecureMac reported seeing new variants of AppleScript.THT Trojan horse in the wild affecting users of Mac OS X 10.4 and 10.5.

The new variations exploit a vulnerability within the Apple Remote Desktop Agent, and can avoid detection by opening ports in the firewall and turning off system logging. The new Trojans can log keystrokes, take screen shots, take pictures with the Apple iSight camera, and enable file sharing, according to SecureMac.

The Trojans are using an AppleScript called ASthtv05 and/or may be bundled as an application. You must download and execute the file for your Mac OS X system to become infected.

SecureMac makes the MacScan, antispyware security software for Mac OSX.


This isn't the first piece of Apple malware and it won't be the last....

BackTrack 3.0 Final Released

We have slaved for weeks and months, together with the help of many remote-exploit'ers to bring you this fine release. As usual, this version overshadows the previous ones with extra cool things.

SAINT has provided BackTrack users with a functional version of SAINT, pending a free request for an IP range license through the SAINT website, valid for 1 year.

The guys over at Paterva have created a special version of Maltego v2.0 with a community license especially for BackTrack users. We would like to thank Paterva for co-operating with us and allowing us to feature this amazing tool in BackTrack.

Tenable would not allow for redistribution of Nessus.

Kernel Yes, yes, stop whining....We had serious deliberations concerning the BT3 kernel. We decided not to upgrade to a newer kernel as wireless injection patches were not fully tested and verified. We did not want to jeopardize the awesome wireless capabilities of BT3 for the sake of sexiness or slightly increased hardware compatibilities. All relevant security patches have been applied.

As usual, updated, sharpened, SVN'ed and armed to the teeth. This release we have some special features such as spoonwep, fastrack and other cool additions.

We will be releasing an internal "IRC pre release" version of BT3F for final testing and identification of possible blunders...and shortly after that we will have a full blown release.

Final Requests

We request the community to not mirror or torrent this release, or otherwise distribute it online without our knowledge. We are trying to gather statistics about bt3 downloads. If you would like to mirror BT3 then please:
1) Think again! Traffic generated by BT3 downloads is CRAZY.
2) Please contact us before doing so.
3) Send us monthly statistics of downloads for the iso.

If you would like to add a link to BackTrack downloads to your website, please use as the download link.

Problems, fixes, bugs, opinions - should all end up in our Remote Exploit community forums, and our wiki:


Damn you

Forcing Presidential Votes in Zimbabwe

Via -

POLICE officers were this week reportedly forced to cast their postal ballots in favour of President Robert Mugabe in a bid to secure a head start for the veteran leader ahead of Friday's presidential run-off against the MDC's Morgan Tsvangirai.

Tsvangirai won the first round of voting on March 29 with 48% of the votes, against Mugabe's 43%.

Impeccable sources told the Zimbabwe Independent that apart from police officers, members of the army and the prison service were expected to vote for Mugabe through the same system before the postal ballot boxes are sealed today.

Zimbabwe is estimated to have a combined 100 000 members of the police, army and prison service.

The sources said the police officers voted at various stations throughout the country, among them Ross Camp in Bulawayo, Harare Central's Provincial Conference centre and at all stations in Kwekwe.

The officers, the sources said, voted in front of their superiors and the voting process was done in the absence of Mugabe and Tsvangirai's election agents or observers.

In Harare on Wednesday, the sources said, Senior Assistant Commissioner Fortune Zengeni and Assistant Commissioner Thomsen Jangara supervised the voting.

"The officers were provided with the presidential ballot papers," a senior police officer said. "They voted in front of Zengeni and Jangara before they placed the ballots into envelopes and into the ballot boxes."

The officer said Sadc observers who visited Harare Central on Wednesday to witness the voting process were turned away.

"The observers were told that no election was taking place," another source said. "The voting took place in an intimidatory environment. It was not free and fair."

Postal voting in Bulawayo and other areas throughout the country took place last week.

Teams of senior police officers were reportedly dispatched to provinces at the beginning of this month where they told members of the uniformed forces, their spouses and adult children that they should vote for Mugabe to avoid war.

In an internal memorandum dated June 3 in the possession of the Zimbabwe Independent, Kwekwe police command instructed all officers in charge in the district to ensure that their juniors participated in postal voting.

"Details who applied for postal ballots must be on standby as the ballot papers may arrive any time and voting may be at short notice," read the memorandum. "OICs (officers in charge) are advised to inform their ...members to make themselves available when required to. All details leaving the station must book in the charge office diary and make their whereabouts known."

Zimbabwe Electoral Commission deputy chief elections officer (operations) Utoile Silaigwana did not respond to written questions he asked for from the Independent.

Wayne Bvudzijena, the national police spokesperson, last night could not take questions saying he was in a meeting.

The MDC this week filed an application with the High Court challenging the postal voting process, which it claimed Mugabe wanted to use to rig the presidential election run-off.

Meanwhile, United States Secretary of State Condoleezza Rice on Wednesday said her government remained very concerned about the crisis in Zimbabwe.

"We're concerned for the people of Zimbabwe. We're concerned for the people of the region, because (of), obviously, the refugee flow, the violence that has been a part of this crisis," Rice said. "We're very concerned about the elections and we're trying to support the efforts of regional organisations to ensure free and fair elections, but it's very difficult when you have the kind of intimidation that is going on now in Zimbabwe."

She said it was time for leaders of Africa to tell Mugabe that Zimbabwe deserves a free and fair election.

"(In a free and fair election) you cannot intimidate opponents, you cannot put opponents in jail, you cannot threaten them with charges of treason and be respected in the international community. And I think that's a strong message, and I hope it'll be delivered," she added.

Rice was speaking after meeting Kenyan Prime Minister Raila Odinga who had visited the US.

Thursday, June 19, 2008

Mozilla Firefox 3.0 Vulnerability

Via TippingPoint ZDI Blog -

A number of people who monitor our Zero Day Initiative's Upcoming Advisories page noticed yesterday that we reported a vulnerability to Mozilla (ZDI-CAN-349). Taking into account the coincidental timing of the Firefox 3.0 release, many are asking us if this is the first reported critical vulnerability in the latest version of the popular open source browser.

What we can confirm is that about five hours after the official release of Firefox 3.0 on June 17th, our Zero Day Initiative program received a critical vulnerability affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x. We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.

While Mozilla is working on a fix, we wont be divulging anything else until a patch is available, adhering to our vulnerability disclosure policy. Once the issue is patched, we'll be publishing an advisory here. Working with Mozilla on past security issues, we've found them to have a good track record and expect a reasonable turnaround on this issue as well.

For more information on the Zero Day Initiative, you can read an intro.


Senate Housing Bill Requires eBay, Amazon, Google, and All Credit Card Companies to Report Transactions to the Government

Via -

Washington, DC - Hidden deep in Senator Christopher Dodd's 630-page Senate housing legislation is a sweeping provision that affects the privacy and operation of nearly all of America’s small businesses. The provision, which was added by the bill's managers without debate this week, would require the nation's payment systems to track, aggregate, and report information on nearly every electronic transaction to the federal government.

FreedomWorks Chairman Dick Armey commented: "This is a provision with astonishing reach, and it was slipped into the bill just this week. Not only does it affect nearly every credit card transaction in America, such as Visa, MasterCard, Discover, and American Express, but the bill specifically targets payment systems like eBay's PayPal, Amazon, and Google Checkout that are used by many small online businesses. The privacy implications for America's small businesses are breathtaking."

"Privacy groups like the Center for Democracy and Technology and small business organizations like the NFIB sharply criticized this idea when it first appeared earlier this year. What is the federal government's purpose with this kind of detailed data? How will this database be secured, and who will have access? Many small proprietors use their Social Security number as their tax ID. How will their privacy be protected? What compliance costs will this impose on businesses? Why is Sen. Chris Dodd putting this provision in a housing bailout bill? The bill also includes the creation of a new national fingerprint registry for mortgage brokers.

"At a time when concerns about both identity theft and government spying are paramount, Congress wants to create a new honey pot of private data that includes Social Security numbers. This bill reduces privacy across America's payment processing systems and treats every American small business or eBay power seller like a criminal on parole by requiring an unprecedented level of reporting to the federal government. This outrageous idea is another reason to delay the housing bailout legislation so that Senators and the public at large have time to examine its full implications."

From the Senate Bill Summary:

Payment Card and Third Party Network Information Reporting. The proposal requires information reporting on payment card and third party network transactions. Payment settlement entities, including merchant acquiring banks and third party settlement organizations, or third party payment facilitators acting on their behalf, will be required to report the annual gross amount of reportable transactions to the IRS and to the participating payee. Reportable transactions include any payment card transaction and any third party network transaction. Participating payees include persons who accept a payment card as payment and third party networks who accept payment from a third party settlement organization in settlement of transactions. A payment card means any card issued pursuant to an agreement or arrangement which provides for standards and mechanisms for settling the transactions. Use of an account number or other indicia associated with a payment card will be treated in the same manner as a payment card. A de minimis exception for transactions of $10,000 or less and 200 transactions or less applies to payments by third party settlement organizations. The proposal applies to returns for calendar years beginning after December 31, 2010. Back-up withholding provisions apply to amounts paid after December 31, 2011. This proposal is estimated to raise $9.802 billion over ten years.

Firefox 3 - Easter Eggs

A virtual Easter egg is an intentional hidden message or feature in an object such as a movie, book, CD, DVD, computer program, or video game. The term draws a parallel with the custom of the Easter egg hunt observed in many western nations.


Wednesday, June 18, 2008

Assistants of British Surgeons Cough Up Patient Data

Via -

A shocking article appeared yesterday on the BMJ website. It recounts how auditors called 45 GP surgeries asking for personal information about 51 patients. In only one case were they asked to verify their identity; the attack succeeded against the other 50 patients.

This is an old problem. In 1996, when I was advising the BMA on clinical system safety and privacy, we trained the staff at one health authority to detect false-pretext phone calls, and they found 30 a week. We reported this to the Department of Health, hoping they’d introduce some operational security measures nationwide; instead the Department got furious at us for treading on their turf and ordered the HA to stop cooperating (the story’s told in my book). More recently I confronted the NHS chief executive, David Nicholson, and patient tsar Harry Cayton, with the issue at a conference early last year; they claimed there wasn’t a problem nowadays now that people have all these computers.

What will it take to get the Department of Health to care about patient privacy? Lack of confidentiality already costs lives, albeit indirectly. Will it require a really high-profile fatality?


Scary, but I am sure the results would be equal if the same study was conducted in America...or any other major nation for that matter.

Monday, June 16, 2008

Firefox 3.0 Expected Tomorrow

Just FYI, but Firefox 3.0 is expected to be released on Tuesday.

There are several reasons to move to FF 3.0.

Better performance, less crashes, less memory usage and better user experience are just a couple.

Have you attempted to set a World Record with no luck? Well, now is your chance to change that! Help set a Guinness World Record by pledging to download Firefox 3 today. And, help spread the word!

Download Day

A New Attack on Electronic Locks: The Magnetic Ring

Via (Blackbag) -

There has been quite some speculation about this video (YouTube) of a magnetic ring that is used to open some model of Uhlmann & Zacher lock. By now it is confirmed by the company itself the trick works, and supposably a software update will fix the problem (and even log opening attempts).

The ring used in the video now has a name: ‘the ring of the devil’ and is already available on the market (just 25 euro!).

And the questions now are: What is in the ring, how does it work and what locks are affected?

Well … I have some answers. Saturday I received my own magnetic ring and can give you some details.

Some people thought the ring was completely magnetic, but this is not the case. The ring is made out of aluminum and there are four strong magnets inside. The spacing is 90° and the magnets are mounted N, S, N, S. On this image you can see four metal keyrings that are stuck to the ring by the magnetic fields. So far I did not pry open my ring to see what it looks like inside.

The next question is why does this open (some) electronic locks? Electronics is not my strongest point (as you could have read in my previous posting), but by now I understand a little more about it.


Locks provide such a fake sense of is kinda scary. Good locks are expensive and very few people have them, not even high-end corporate entities.

Predator UAV Gets More Teeth - Sharper Teeth

Via -

A small air-to-surface missile developed as a private venture by Raytheon is being deployed on the Predator unmanned aircraft by an unidentified customer.

The Griffin is a 42-inch-long, tube-launched missile with a semi-active laser seeker, and is intended to give the Predator and smaller UAVs an organic, self-guided direct attack capability, Raytheon says.

The short-range missile including its launcher weigh around 45 pounds, and the Predator will be able to carry up to three rounds for each Hellfire missile now carried. Although longer than Hellfire, the Griffin has a narrower diameter at 5.5 inches and a smaller warhead, reducing collateral damage.

Raytheon says the low-cost weapon is modular, using technology from several of the company’s existing weapons including Javelin, AIM-9X and guided projectiles. Other seekers and warheads could be installed, the company says.


The Hellfire Air-to-Ground Missile System (AGMS) provides heavy anti-armor capability for attack helicopters. The first three generations of HELLFIRE missiles use a laser seeker. The fourth generation, Longbow HELLFIRE, uses a radar frequency seeker.

Looks like they are going for a more targeted attack (with smaller warheads) and more load capability.

UK Spy Satellite to Watch for Ilegal Logging in Africa

Via -

A spy satellite is to be trained on the vast rainforests of central Africa as part of a British project designed to protect them from illegal logging under plans to be unveiled today.

The £1m high-resolution camera will beam images of the Congo Basin Rainforest to a new ground station to allow governments, NGOs and local communities to prevent the rainforests being lost.

The equipment, which can photograph objects as small as 10 metres across, will hover 650km (400 miles) above the rainforest to track illegal logging operations, as well as monitor pollution levels and help monitor agriculture. A £1.5m satellite ground station will also be built in the region as part of an £8m package of measures to be announced today to prevent dangerous deforestation in the region.

British ministers hope the satellite camera, likely to be launched in two years' time, will also provide images for a £1.8m mapping project designed to help the 51 million inhabitants of the rainforest to establish their land rights and prevent loggers seizing territory.

The new initiative will be unveiled at the launch of a global fund to back projects to preserve the rainforest, the world's second-largest tropical forest.


I bet China doesn't like the sound of this....

China Plays Dumb on Charges of Hacking Congressional PCs

Via -

Yesterday, Representative Frank Wolf (R-VA) gave a speech on the House floor in which he admitted several of the computers in his office had been compromised, with the attacks originating in China. Since then, at least two other Congressmen have told similar tales. Wolf's speech, however, was the most specific, in that he suggested he knows what the hackers were after: files on Chinese dissidents he maintains as part of his human rights efforts.

Wolf's speech is a bit long and rambling, covering everything from attacks on specific computers to the potential for the vulnerability of the 'Net infrastructure. He also mentions sources ranging from classified intelligence documents to an article recently published in Business Week. But the meat of the story comes early, where Wolf describes how the first attack focused on his aide who handles foreign policy and human rights, and then spread to the computers of other staff members. "On these computers was information about all of the casework I have done on behalf of political dissidents and human rights activists around the world," Wolf said; the attackers apparently gained access to all of these.

Since then, two other Representatives, Christopher Smith (R-NJ) and Stephen Kirk (R-IL), have
come forward with similar tales. Smith sits on a Human Rights Subcommittee of the Foreign Affairs Committee. In all three cases, the Congressmen turned the computers over to the House Information Resources and FBI, who informed them that the attacks had originated from IP addresses in China.

The Chinese government has denied any involvement, literally playing dumb on behalf of its entire citizenry by saying the capability to hack past Congess' security measures is beyond them. "China is still a developing country," Foreign Ministry spokesman Qin Gang told
Reuters. "Does that mean we have already mastered such high-end technology? Personally I don't believe that."

Past fears about Chinese computer attacks have focused on their potential for military and industrial espionage. But, from an economic standpoint, stifling internal dissent and getting the rest of the world to ignore its human rights record may be as—if not more—important for the Chinese government, as it ensures continued open trade. In that sense, targeting a series of Republicans, who tend to take a probusiness and free-trade stance, may not have been the wisest move.


Wow. I mean, lets not sugar-coat this.

Just because the attacking IP was in China...does not mean that the Chinese government was directly involved - clearly.

Last week, I found the website of an Austin Jazz band had been hacked and included malicious javascript which linked to a server in China running the GPack exploit framework - that doesn't mean the Chinese government was looking for free MP3 downloads.

But past experience shows that nations are constantly watching each other and always try to gain the higher-hand - even nations that would we call "friendly" in all other situations. Just take a quick look @ the Annual Report to Congress on Foreign Economic Collection and Industrial Espionage for 2005 (PDF).

Does China have the capability to hack into Congressional PCs?

Sure and so do tons of other people.

But what is also very clear, is that the Chinese Foreign Ministry spokesman Qin Gang is either greatly misinformed on his nations cyberwarfare capabilities...or he is lying.

UK Civil Servant Leaves Secret Al-Qaeda Intel Files on Train

Via BBC -

Police are investigating a "serious" security breach after a civil servant lost top-secret documents containing the latest intelligence on al-Qaeda.

The unnamed Cabinet Office employee apparently breached strict security rules when he left the papers on the seat of a train.

A fellow passenger spotted the envelope containing the files and gave it to the BBC, who handed them to the police.

The official was later suspended from his job, the Cabinet Office announced.

Home Secretary Jacqui Smith now faces demands for an official inquiry.

Keith Vaz MP, chairman of the powerful Home Affairs select committee told the BBC: "Such confidential documents should be locked away...they should not be read on trains.

"I will be writing to the Home Secretary to establish an inquiry into the affair."

The Conservatives backed calls for an inquiry, with their security spokeswoman, Baroness Neville-Jones, describing the loss as the latest in a "long line of serious breaches of security."

Home Office minister Tony McNulty told the BBC he was awaiting the results of the police investigation.

The two reports were assessments made by the government's Joint Intelligence Committee.

One, on Iraq's security forces, was commissioned by the Ministry of Defence. According to the BBC's security correspondent, Frank Gardner, it included a top-secret and in some places "damning" assessment of Iraq's security forces,

The other document, reportedly entitled 'Al-Qaeda Vulnerabilities', was commissioned jointly by the Foreign Office and the Home Office.

Just seven pages long but classified as "UK Top Secret", this latest intelligence assessment on al-Qaeda is so sensitive that every document is numbered and marked "for UK/US/Canadian and Australian eyes only", according to our correspondent.

According to reports, this document may have contained details of names of individuals or locations which might have been useful to Britain's enemies.

However, it appears that in a serious breach of the rules, the papers were taken out of Whitehall by an unnamed official and left in an orange cardboard envelope on the seat of a Surrey-bound train from London Waterloo on Tuesday.

When a fellow passenger saw the material inside the envelope, they gave it to the BBC.

Sunday, June 15, 2008

Shmoocon Videos - March 2008

Pretty good stuff, but be warned. Some of the videos are not titled correctly. Looks like the admin that named and uploaded them messed up.

Intercepting Mobile Phone GSM Traffic is really Forensic Image Analysis....Forensic Image Analysis is really Path X...and Path X is really Path X.

I am sure several of the others are messed up as well.

Nuclear Smuggling Ring Reportedly Had Weapon Design

Via AP -

WASHINGTON (AP) — An international smuggling ring may have secretly shared blueprints for an advanced nuclear weapon with Iran, North Korea and other rogue countries, The Washington Post reported Sunday.

The now-defunct ring led by Pakistani scientist Abdul Qadeer Khan is previously known to have sold bomb-related parts to Libya, Iran and North Korea. A draft report by former top U.N. arms inspector David Albright says the smugglers also acquired designs for building a more sophisticated compact nuclear device that could be fitted on a type of ballistic missile used by Iran and other developing countries, according to the Post.

The drawings were discovered in 2006 on computers owned by Swiss businessmen; they were recently destroyed by the Swiss government under the supervision of the U.N. nuclear watchdog agency to keep them out of terrorists' hands. But U.N. officials said they couldn't rule out that the material already had been shared.

"These advanced nuclear weapons designs may have long ago been sold off to some of the most treacherous regimes in the world," Albright wrote in the draft report, which was expected to be published later this week, the Post reported.

A spokesman for the Pakistani Embassy in Washington, Nadeem Kiani, did not rebut the report's findings. "The government of Pakistan has adequately investigated allegations of nuclear proliferation by A.Q. Khan and shared the information with" the U.N.'s International Atomic Energy Agency, Kiani told the Post. "It considers the A.Q. Khan affair to be over."

In Vienna, a senior diplomat said the IAEA had knowledge of the existence of a sophisticated nuclear weapons design being peddled electronically by the black-market ring as far back as 2005. The diplomat, who is familiar with the investigations into the A.Q. Khan network, spoke on condition of anonymity because he was not authorized to comment publicly on the issue.
IAEA chief Mohamed ElBaradei had made it public knowledge back then and had expressed concern about who potentially had come in possession of the information.

The diplomat referred a reporter to a transcript of a panel discussion on Nov. 7, 2005, where ElBaradei spoke of at least one weapons design being copied by the Khan network onto a CD-ROM "that went somewhere that we haven't seen" and added, "That gives you an indication of ... how much the technology had (been) disseminated."

Saturday, June 14, 2008

Presidential Directive Orders Sharing of Biometric Data

Via FAS Blog -

The White House last week issued a National Security Presidential Directive (NSPD-59) to provide a framework for government agencies to collect, maintain and share biometric data such as fingerprints and other physiological or behavioral characteristics of suspected terrorists.

“The ability to positively identify those individuals who may do harm to Americans and the Nation is crucial to protecting the Nation,”
the directive states.

“Many agencies already collect biographic and biometric information in their identification and screening processes. With improvements in biometric technologies, and in light of its demonstrated value as a tool to protect national security, it is important to ensure agencies use compatible methods and procedures in the collection, storage, use, analysis, and sharing of biometric information.”

“Through integrated processes and interoperable systems, agencies shall, to the fullest extent permitted by law, make available to other agencies all biometric and associated biographic and contextual information associated with persons for whom there is an articulable and reasonable basis for suspicion that they pose a threat to national security.”

“The Director of the Office of Science and Technology Policy,” who hasn’t been heard from much lately, “shall coordinate executive branch biometric science and technology policy.”

The new directive on “Biometrics for Identification and Screening to Enhance National Security” was issued on June 5, 2008 as both National Security Presidential Directive 59 and Homeland Security Presidential Directive 24.

Pakistan's Frontier Corps: Friend or Foe?

Via CT Blog -

The dustup between the U.S. and its Pakistani counterterror allies over a June 10 firefight on the Afghanistan border has stirred up new questions about Islamabad's commitment to the fight and the loyalties of its border guards.

According to Pakistan, at least 11 of its paramilitary Frontier Corps border force were killed by coalition forces firing into Pakistan from inside Afghanistan this week. That's a pretty novel charge but hardly a new complaint. What Pakistani officials typically fail to acknowledge are the countless cross-border incursions by the Taliban and Al Qaeda and other militias enjoying safe havens in their country, who often fire rockets at U.S. and Afghan bases from the tribal areas on the other side of the disputed Durand Line.

To bolster U.S. claims that its forces on the Afghan side were attacked during a combat operation in Kunar province coordinated in advance with Pakistani military commanders, the U.S. military command at Bagram Airfield released an edited video of the 90-minute firefight taken by an unmanned drone (see below). A small group of people can be seen on the infrared video firing small arms and RPGs as an unidentified narrator points out that, "It is clear that there are no military structures or outposts in the area."

While the governments involved sort out who fired at whom, it’s worth noting that U.S. troops fighting along the border have long contended that the Frontier Corps - an almost exclusively Pashtun tribal militia overseen by Islamabad - has been viewed as often aiding or abetting Islamic insurgents. Pakistan defends the force by saying they have suffered hundreds of casualties fighting extremists.

One U.S. veteran involved in the border fight recently told me about an ambush in which a Special Forces operator was killed. U.S. troops following a blood trail leading to a wounded attacker found he was a Frontier Guard officer carrying a map that identified multiple U.S. "hide sites" used to maintain covert surveillance of cross-border incursions.

When I visited Camp Tillman near Lwara, Afghanistan three years ago for the New York Daily News, U.S. commanders complained bitterly about a number of incidents in which Frontier Corps troops looked the other way when Al Qaeda-led insurgents ambushed U.S. troops and never warned their American counterparts of interlopers they could plainly see from their rocky outposts.

Last April, a Washington Post reporter visited the same area and was told by one soldier: "The Frontier Corps might as well be Taliban .... They are active facilitators of infiltration."

None of this should be surprising. A 1996 State Department cable declassified last year and obtained by the National Security Archive said Islamabad had used the Frontier Corps to train and fight alongside the Taliban in Afghanistan prior to the Sept. 11, 2001 terror attacks. "These Frontier Corps elements are utilized in command and control; training; and when necessary - combat," the cable said.


Edited Video of the Jun 10th Battle Along the PK-AF Border (Cleared for Public Release)

Groups Ask Court to Review Border Laptop Searches

Via InfoWorld -

U.S. border agents should not be able to search travelers' laptops without a reasonable suspicion of illegal activity, despite a court ruling allowing such searches, two groups said.

The Electronic Frontier Foundation (EFF) and the Association of Corporate Travel Executives (ACTE) filed an amicus brief on Thursday with the 9th Circuit Court of Appeals, asking the full court to rehear and reverse a decision by a three-judge panel that ruled that border agents can routinely search files on laptops and mobile devices.

The random searching of laptops is "widespread," said Lee Tien, senior staff attorney with the EFF. The U.S. Department of Justice "claims that U.S. border agents have the power to do so, no suspicion needed, and there are plenty of reported incidents," he added.

There have been multiple media reports in recent months of laptops or other electronic devices searched and seized at U.S. borders, Tien noted. In some cases, travelers have not gotten their electronic devices back from customs officials, he said.

The case the two groups have asked the court to review involves a U.S. man named Michael Arnold, who returned to Los Angeles International Airport from the Philippines in July 2005. A U.S. Customs and Border Patrol officer asked to see Arnold's laptop, and customs officers found pictures of naked women and, later, pictures they believed to be child pornography.

Customs officials seized Arnold's laptop and later had him arrested.

Arnold's lawyer argued that the search violated the U.S. Constitution's Fourth Amendment, prohibiting unreasonable searches and seizures. His lawyer argued that the pictures obtained in the search should not be allowed as evidence in a trial, and a judge in the U.S. District Court for the Central District of California agreed with Arnold's lawyer.

However, the three-judge panel at the 9th Circuit overturned the district court's ruling. U.S. border agents have broad authority to search luggage and their contents at borders, Circuit Judge Diarmuid O'Scannlain wrote in the panel's April 21 decision.

"Courts have long held that searches of closed containers and their contents can be conducted at the border without particularized suspicion under the Fourth Amendment," O'Scannlain wrote. "We are satisfied that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border."

The EFF and ACTE argue in their brief that "invasive" searches of electronic devices should be treated differently from searches of luggage. "Your computer contains a vast amount of information about your private life, including details about your family, your finances, and your health," Tien said. "All that information can be easily copied, transferred, and stored in government databases, just because you were chosen for a random inspection."

Tien said he expects a decision on whether to rehear the case within a few months.

Asked if defending an alleged child pornography user was a tough place to make a stand on laptop searches, Tien disagreed. "If they randomly search your machine, don't find anything interesting, and let you go, would you sue them?" he said.

How to Build a Quantum Eavesdropper

Via The Physics arXiv Blog -

In the cat and mouse game of preparing and eavesdropping on secret messages, quantum encryption trumps all. At least, that’s what we’ve been told.

The truth is a little more complex. Quantum key distribution, the quantum technique by which a classical encryption key can be transferred, is perfectly secure in theory. In practice, there are a number of loopholes that can give an eavesdropper a grandstand view of the conversation.

Here’s one loophole. The security of quantum encryption schemes depends on our inability to make a copy of a quantum state. If that were possible, Eve could make a copy of the message and pass on the original without anybody being the wiser. But in the quantum world, copying anything destroys the original, so the sender and receiver can always tell if they’ve been overheard by examining the error rates in their message. If it rises above a certain limit, the line is not secure.

That would be pretty convincing were it not for our ability to make imperfect copies of quantum states without destroying the original. That’s a loophole that an eavesdropper can exploit to extract information from a quantum message without the sender or receiver knowing. It should work as long as Eve is careful to keep the error rate below the critical limit.

Today, Yuta Okubo from the University of Tskuba in Japan and a few mates outline the design of a quantum eavesdropper that works on just this principle. They’ve yet to build their device but the publication of its plans should raise the blood pressure in a few government agencies and more than one hi-tech start up that has been selling quantum encryption as a new generation of perfectly secure communication.

Ref: Proposal of an Eavesdropping Experiment for BB84 QKD Protocol with 1→3 Phase-covariant Quantum Cloner

----------------------- might have to update their secuirty alert section soon... ;)

Isn't the Heisenberg uncertainty principle fun?

Compressed Web Phone Calls Are Easy to Bug

Via -

Plans to compress internet (VoIP) phone calls so they use less bandwidth could make them vulnerable to eavesdropping. Most networks are currently safe, but many service providers are due to implement the flawed compression technology.

The new compression technique, called variable bitrate compression produces different size packets of data for different sounds.

That happens because the sampling rate is kept high for long complex sounds like "ow", but cut down for simple consonants like "c". This variable method saves on bandwidth, while maintaining sound quality.

VoIP streams are encrypted to prevent eavesdropping. However, a team from John Hopkins University in Baltimore, Maryland, US, has shown that simply measuring the size of packets without decoding them can identify whole words and phrases with a high rate of accuracy.
VoIP systems accessed via a computer like Skype have become popular in recent years, and internet-based phone systems are increasingly appearing in homes and offices too to connect conventional telephones.

Only a few services currently employ the vulnerable compression method, but more networks had hoped to include it in future VoIP upgrades, says Charles Wright, a member of the John Hopkins team. "We hope we have caught this threat before it becomes too serious."

Friday, June 13, 2008

Oracle TNS Listener: To Password or Not To Password

For database releases prior to Oracle Database 10g Release 1: you should set an administrative password for the TNS listener. For Oracle Database 10g Release 1 and later releases, the default authentication mode for the TNS listener is local OS authentication, which requires the TNS listener administrator to be a member of the local dba group. Setting a password for the TNS listener in Oracle Database 10g Release 1 and higher simplifies administration. However, setting a password requires good password management to prevent unauthorized users from guessing the password and potentially gaining access to privileged listener operations. Because the listener acts as the database’s gateway to and from the network, it is important to secure it. Customers may wish to consider not setting a password for the TNS listener starting with Oracle Database 10g Release 1, because in the interest of increasing security and reducing risks, the default behavior changed in this and later releases.


Oracle Database Listener Security Guide (April 2007)

Now you know...

Thursday, June 12, 2008

Nessus Goes All Corporate (And Stuff)

Since creating and releasing the subscriptions, two distinct user groups emerged. They are
the home user and the commercial user. To better reflect the needs of our community, we have decided to update our Subscription licensing policy and are announcing the planned change (as outlined below and accompanied by a FAQ) that will go into effect on July 31st, 2008.

First, we will continue to enable all users to download Nessus for free.

Second, due to computers and personal networks having become ubiquitous in homes around the world, Tenable will launch a “HomeFeed” with all Nessus vulnerability plugin updates for home users at no charge and with no delay. We are excited to offer the latest vulnerability checks for personal, non-commercial use and strongly encourage home users to audit their computers and networks for the newest security flaws.

Finally, Tenable’s “Direct Feed” will be re-named to the “ProfessionalFeed” and the "Registered Feed” will be discontinued. The ProfessionalFeed will serve as Tenable’s commercial subscription and will be required for individuals and organizations that want to use Tenable’s Nessus plugins commercially.

“We are very pleased to be announcing the HomeFeed subscription,” said Renaud Deraison, Nessus creator and Tenable’s Chief Research Officer. “We urge home users to download Nessus today and start securing their personal computers and networks for free. Nessus can help them identify and provide remediation guidance for the known vulnerabilities on their personal computers and networks. This is an important step in the ongoing process of protecting themselves from unwanted intruders.”

In addition, Tenable understands that there are those in the Nessus community that serve broad social and educational objectives and Tenable will make certain that qualified charitable and information security teaching/training organizations will have access to the ProfessionalFeed free of charge. To this end, Tenable will provide ProfessionalFeed subscriptions to charity and information security teaching/training organizations at no cost for those that qualify.

The change will ensure Tenable’s ability to invest in the future roadmap for Nessus and to expand our research, support, and training capabilities to serve our growing community. We realize this may affect some individuals, corporations, and organizations that use the currently available “Registered Feed” in production audits and commercial services. Because of this, Tenable is offering a 25 percent rebate for the Direct Feed subscription service (normally available at $1200 per year), beginning May 14, 2008 until July 31, 2008 only when purchased through Tenable’s e-commerce site.


Basically that means security consultants that use Nessus are about the pay out the...well, you know what. In addition, corporations will have to access their current Nessus use and either pay up for each Nessus install or go to something else (but what else is there?).

I wonder if Tenable will do Site Licenses?