Wednesday, December 31, 2008

Worm Exploiting Microsoft MS08-067 Circulating

Via US CERT -

US-CERT is aware of public reports of a worm circulating that has the capability of exploiting the patched vulnerability described in Microsoft Security Bulletin MS08-067.

US-CERT encourages users to do the following to help mitigate the risks:

  • Review Microsoft Security Bulletin MS08-067 and apply the update or workarounds listed.
  • Install antivirus software, and keep the virus signatures up to date.
------------------------

Symantec has identified W32.Downadup.B as a new worm that is spreading by taking advantage of the RPC vulnerability from MS08-067.

Possible ETA Bomb Explodes in Spain

Via GlobalSecuirty.org -

Spanish police say a bomb exploded Wednesday in the northern Basque city of Bilbao.

Police say they evacuated offices of a regional television station (EITB) after a warning call in the name of the armed group ETA informed them that a bomb would explode soon in the area. Police have not reported any injuries.

Emergency services say they found a suspicious vehicle after closing off the area. They say they found the vehicle's owner tied up on a mountain in a nearby town.

ETA has killed more than 825 people since its campaign for an independent Basque state in northern Spain and southwestern France began in 1968. Recently, police in France have arrested many suspected members of the group.

------------------------

Euskadi Ta Askatasuna or ETA (Basque for "Basque Homeland and Freedom"), is an illegal and armed Basque nationalist and separatist organisation. Founded in 1959, it evolved from a group advocating traditional cultural ways to a paramilitary group demanding Basque independence.

The group is proscribed as a terrorist organisation by both the Spanish and French authorities as well as the European Union as a whole, and the United States.

Hundreds of Israeli Websites Hacked in 'Propaganda War'

Via DarkReading -

It didn't take long after Israel's bombing of Gaza began for cyberwarfare to erupt as well: over 300 Israeli Websites over the past few days have been hacked and defaced with anti-Israeli and anti-US messages in an online propaganda campaign, a security expert says.

Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham and a co-chair of the Anti-Phishing Working Group, warned in his blog that U.S. Websites should be prepared for similar attacks. "In the current situation, the hackers supporting Gaza clearly believe Israel AND the US are culpable. That means American webmasters may wish to be especially vigilant right now," Warner blogged.

The attacks on Israeli sites occurred within a period of 48 hours, in what Warner calls a "Propaganda War."

"As soon as Israel started bombing Gaza we began to look for signs of a cyber response. And we've found it, in the form of more than 300 Israeli websites which have been defaced with anti-Israeli and anti-US messages," Warner blogged.

He says these types of propaganda Website attacks are all about location, not size or prominence of the targeted site. "It only matters WHERE the Website is," he says.

Website propaganda defacements are nothing new. In 2001, Chinese hackers hit tens of thousands of U.S. Websites with messages blaming the U.S. after a Chinese fighter jet and U.S. Navy plane collided. Most recently, Israel's bombing of Lebanon in 2006 was the topic of defacements of U.S. sites.

Warner advises Webmasters to check their site's content each day for tampering, and to regularly patch, and use strong passwords and Secure FTP.

Meanwhile, Israel is reportedly using blogs, Twitter, and YouTube to wage a military digital media war of sorts.

New Year Delayed by Extra Second

Via Dw-World.de -

Revellers ushering in 2009 will have to literally wait a second this New Year's Eve. The world's official timekeepers are adding a "leap second" to the final day of the year to help match clocks to the Earth's spin.

The International Earth Rotation and Reference Systems Service (IERS) has to occasionally add an extra second to keep our clocks in sync with solar time used by astronomers. That's because, sometimes, the Earth's rotation on its axis can take longer or shorter than 24 hours, depending on factors such as the breaking action of tides, snow or the lack of it at the polar ice caps, solar wind, space dust and magnetic storms.

"The difference between atomic time and Earth time has now built up to the point where it needs to be corrected, so this New Year's Eve we will experience a rare 61 second minute at the very end of 2008 and revelers... will have an extra second to celebrate," Peter Whibberley, a senior research scientist at Britain's National Physical Laborator told the British media.

The U.S. Naval Observatory, keeper of the Pentagon's master clock, said it would add the extra second on Wednesday in coordination with the world's atomic clocks at 23 hours, 59 minutes and 59 seconds Coordinated Universal Time, or UTC.

Pakistan's Probe Finds Local Links To Attacks On Mumbai

Via WSJ.com -

Pakistan's own investigation of terror attacks in Mumbai has begun to show substantive links between the 10 gunmen and an Islamic militant group that its powerful spy agency spent years supporting, say people with knowledge of the probe.

At least one top leader of militant group Lashkar-e-Taiba, or "Army of the Pure," captured in a raid earlier this month in Pakistani-controlled Kashmir, has confessed the group's involvement in the attack as India and the U.S. have alleged, according to a senior Pakistani security official.

The disclosure could add new international pressure on Pakistan to accept that the attacks, which left 171 dead in India, originated within its borders and to prosecute or extradite the suspects. That raises difficult and potentially destabilizing issues for the country's new civilian government, its military and the spy agency, Inter-Services Intelligence -- which is conducting interrogations of militants it once cultivated as partners.

Pakistani security officials say a top Lashkar commander, Zarar Shah, has admitted a role in the Mumbai attack during interrogation, according to the security official, who declined to be identified discussing the investigation. "He is singing," the security official said of Mr. Shah. The admission, the official said, is backed up by U.S. intercepts of a phone call between Mr. Shah and one of the attackers at the Taj Mahal Palace & Tower, the site of a 60-hour confrontation with Indian security forces.

A second person familiar with the investigation said Mr. Shah told Pakistani interrogators that he was one of the key planners of the operation, and that he spoke with the attackers during the rampage to give them advice and keep them focused.

The person said Mr. Shah had implicated other Lashkar members, and had broadly confirmed the story told by the sole captured gunman to Indian investigators -- that the 10 assailants trained in Pakistan's part of Kashmir and then went by boat from Karachi to Mumbai. Mr. Shah said the attackers also spent at least a few weeks in Karachi, a crowded Arabian Sea port, training in urban combat to hone skills they would use in their assault.

Mr. Shah was picked up along with fellow Lashkar commander Zakiur Rehman Lakhvi during the military camp raids in Kashmir.

Tuesday, December 30, 2008

25C3: Cheap Swarm Robotics

Via HackaDay -

The Formica project was our favorite presentation at 25C3. The goal is to build open source swarm robots as cheaply as possible. The team ended up building 25 robots in an assembly line fashion. With enough lead time, the price could get as low as £15 each. Each bot has two direct drive cellphone vibration motors with tiny neoprene wheels. They’re controlled by an MSP430 microcontroller. The only really specialized chip is a charge controller so the bots can charge without any intervention. They have copper skis on the front that touch the ground plane plus antennas to contact Vcc. On top of the bot are three IR detectors for both navigation and for transferring firmware updates between bots. A reflective sensor is on the underside for detecting “food”. It looks like a great design and any easy way for anyone to start researching swarm robotics.

Beer Marinade Cuts Steak Cancer Risk

Via New Scientist -

If you are frying a steak and mindful of your health, then marinate it in either beer or red wine. So say food scientists who measured amounts of a family of carcinogens found in fried steaks after steeping them in booze.

Cooking food increases levels of cancer-causing compounds called heterocyclic amines (HAs). Fried and grilled meat are particularly high in these compounds, because fiery temperatures convert the sugars and amino acids in muscle tissue into HAs. Various substances can reduce HA content: an olive oil, lemon juice and garlic marinade cut HAs in grilled chicken by 90 per cent, while red wine reduced HAs in fried chicken.

Now Isabel Ferreira and colleagues at the University of Porto in Portugal have looked at the effects of beer and red wine marinades on fried steak. Six hours of marinating in beer or red wine slashed levels of two types of HA by up to 90 per cent compared with unmarinated steak (Journal of Agricultural and Food Chemistry, DOI: 10.1021/jf801837s).

For a third type of HA, beer was more efficient at reducing its content than wine, cutting levels significantly in 4 hours, while wine took 6. Beer contains more water-retaining sugars than wine and Ferreira says that may hinder the transport of water-soluble molecules to the steak's surface, where high heat converts them into HAs. Tasters also preferred the smell, taste and appearance of beer-marinated steak.

Former U.S. Army Mechanic Pleads Guilty in Israel Spy Case

Via ChinaView -

A former U.S. army engineer pleaded guilty Tuesday to spying for Israel during the 1980s, the Justice Department said.

Ben-Ami Kadish, 85, admitted at a New York court that from about 1980 to 1985, he provided numerous classified documents, including information about missile systems, to Yosef Yagur, an official at the Israeli consulate in New York.

At the time, Kadish worked as a mechanic at the U.S. army's Armament Research, Development and Engineering Center at Picatinny Arsenal in Dover, N. J.

In his guilty plea, he said Yagur asked him to obtain classified military documents, including documents related to missile defense systems.

Kadish admitted that he stole the documents from the U.S. army, but said he didn't ask for, nor did he receive, anything of value for spying activities.

Kadish said his motive is solely "for the benefit of Israel."

25C3: Reliable Exploits for Cisco Routers

Via Heise Security (UK) -

In his 25C3 presentation on Cisco IOS attack and defense, Felix "FX" Lindner of Phenoelit gave the first public presentation of a technique for reliably exploiting buffer overflows in Cisco routers.

The problem with attacks on Cisco routers is that the system images used are so different that each device is virtually unique. That means that exploitable code and essential functions are always held at different addresses, so the Cisco exploits published up to now really only work on the demo system they were built for and not on arbitrary systems running in the wild.

However, FX's presentation outlined an exploit technique that uses fragments of code from the ROMMON, the boot loader that loads IOS, the Cisco operating system, on system start-up. ROMMON is always positioned at constant addresses at the bottom end of memory and there are only a few different versions of ROMMON.

FX then showed how a known vulnerability could be exploited, using a single ping packet, to get the Cisco router to send text. As he then explained, this technique can easily be used to inject the more complex code required for an attack.

FX said his research on this topic was motivated by the need to identify just what it is that the forensic and analytical tools he is developing have to look for in order to discover injected malicious code. He said routers are such rewarding targets that attacks must be expected from organised criminals and secret services, who could already have such techniques in their repertoire.

MD5 Considered Harmful Today: Creating a Rogue CA Certificate

http://www.phreedom.org/research/rogue-ca/

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats.

This successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites.

The infrastructure of Certification Authorities is meant to prevent exactly this type of attack. Our work shows that known weaknesses in the MD5 hash function can be exploited in realistic attack, due to the fact that even after years of warnings about the lack of security of MD5, some root CAs are still using this broken hash function.

Co-authored by Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger

-----------------------------------------

Full paper describing the attack, including proof is now available.

-----------------------------------------

Find more here, here and here.

Using computing power from a cluster of 200 PS3 game consoles and about $700 in test digital certificates, a group of hackers in the U.S. and Europe have found a way to target a known weakness in the MD5 algorithm to create a rogue Certification Authority (CA), a breakthrough that allows the forging of certificates that are fully trusted by all modern Web browsers.

[...]

Sotirov said the team was able to secure NDAs in advance of briefing the major browser vendors about the problem but because of issues — some practical and some political — there are no straightforward fixes unless the CAs stop using MD5 and move to the more secure SHA-1 algorithm.

To avoid abuse, the team back-dated its rogue CA (it was set only for August 2004) and will not release the private key. “We’re also not going to release the special code that we used to do the MD5 collisions until later this year,” Sotirov added.

“We don’t anticipate this attack to be repeatable very easily. If you do a naive implementation, you would need six months to run it successfully,” he added.

Arjen Lenstra, head of EPFL’s Laboratory for Cryptologic Algorithms, the key objective of the research was to stimulate better Internet security with adequate protocols that provide the necessary security.

The key takeaway, according to Lenstra: “It’s imperative that browsers and CAs stop using MD5, and migrate to more robust alternatives such as SHA-2 and the upcoming SHA-3 standard.”

Pakistan Urges "De-Escalation" with India

Via Reuters -

Pakistan and India should reduce tension inflamed by last month's militant attacks in Mumbai and resume a peace dialogue, Pakistani military chiefs told a visiting Chinese official on Monday.

India has blamed Pakistan-based militants for the assault on Mumbai in which 179 people were killed, reviving old hostilities between the nuclear-armed rivals and raising fears of conflict.

Indian and Pakistani military officials held an unscheduled hotline call on the weekend as China's Vice Foreign Minister He Yafei arrived in Pakistan to ease tension between the neighbors.

The Chinese minister met military chiefs and Foreign Minister Shah Mehmood Qureshi on Monday.

The chairman of Pakistan's joint chiefs of staff committee, General Tariq Majid, reiterated Pakistan's commitment to regional peace and cooperation, the military said.

"(He) emphasized the need for avoidance of provocative belligerent posturing, initiation of reciprocal measures for immediate de-escalation and earliest resumption of the peace dialogue," the military quoted Majid as telling He.

India has put a "pause" on a five-year peace process.

Army chief General Ashfaq Kayani "highlighted the need to de-escalate and avoid conflict in the interest of peace and security," it said.

New Open Standard Arrives For Gauging Security of Web Apps, Services

Via DarkReading -

Now there's an open industry standard for Web application and Web service security: The Open Web Application Security Project (OWASP) Foundation has released the Application Security Verification Standard (ASVS).

Mike Boberski, project lead and co-author of OWASP's ASVS Project, says the main goal of the standard is to provide a commercial and workable open standard for application security verification. The standard is aimed at helping Web application developers with a "yardstick" to assess the degree of security of their apps, and to help security folks determine what to build into their apps security-wise, according to Boberski. And the standard also can be used in procurements for specifying security verification requirements, he says. This is OWASP's first-ever standard.

ASVS includes four levels of security verification, each with specific security requirements it must address. "It starts with Level 1, prescribing the use of automated tools augmented with manual verification," Boberski says. "It then progresses to Level 4, which includes searching for malicious code manually."

The standard, among other things, will help "differentiate between folks running tools and folks doing detailed design-based analysis" in their Web applications.

While Level 1 encompasses automated scanning, Level 2 includes manual penetration testing; Level 3 includes design verification; and Level 4, internal verification, which includes also ensuring the developers themselves are not malicious. "Level 4 includes, for example, a search for malicious code, to check for the handiwork of evil developers during development," Boberski says.

Army Destroys Last VX Nerve-Agent Munitions

Via GlobalSecurity.org -

The U.S. Army Chemical Materials Agency marked the elimination of the last VX nerve-agent munitions from its stockpiles Dec. 24 with destruction of the last land mine containing VX at the Anniston Chemical Agent Disposal Facility in Anniston, Ala.

"I commend Anniston and all CMA destruction sites on this extraordinary achievement. By destroying the VX agent at each of CMA's destruction sites, you have made the world a much safer place," said Conrad Whyne, director of CMA.

The ANCDF Site Project Manager Timothy K. Garrett, declared, "We have reached a truly remarkable milestone following more than five years of deliberate, but careful operations. All nerve-agent munitions - those containing GB and those containing VX -have been safely processed."

CMA personnel and contractors have destroyed the VX nerve-agent munitions at six disposal sites: Anniston, Ala.; Umatilla, Ore.; Newport, Ind.; Pine Bluff, Ark.; Tooele, Utah; and Johnston Island approximately 800 miles southwest of Hawaii.

CMA continues to safely and securely store the remaining VX in the U.S. chemical weapons stockpile at the Blue Grass Chemical Activity near Richmond, Ky., officials said. A separate Department of Defense organization, the U.S. Army Element Assembled Chemical Weapons Alternatives, is charged with its destruction, with construction currently under way on a neutralization facility there.

Destruction of chemical weapons is complete at Newport, Ind., Aberdeen, Md., and Johnston Island in the Pacific. Operations continue at Tooele, Umatilla, Anniston, and Pine Bluff, CMA's remaining destruction sites. These sites are destroying or preparing to destroy blister agent and the only remaining nerve agent for CMA's destruction mission - GA (Tabun) at Tooele. In addition to Kentucky, CMA continues to safely store chemical- agent munitions at Pueblo, Colo., officials said.

VX is the least volatile, but most potent of all chemical warfare agents, officials said. They said it attacks the nervous system, causing the muscles to convulse uncontrollably. Exposure can result in loss of consciousness, convulsions, paralysis, and respiratory failure resulting in death. The nerve agent works similarly to pesticide and was originally developed in the early 1950s. The nation's entire original stockpile of approximately 4,400 tons of VX was produced at Newport Chemical Depot between 1961 and 1969. Newport's production facility was destroyed in 2006.

VX nerve agent was never used in combat by the United States.

"The elimination of this deadly chemical agent from each site's stockpile is a relief to the stockpile communities, and a sign of our commitment to other nations as we move one step closer to a safer world," said Whyne.

Monday, December 29, 2008

Suspected Al-Qaida Operative Held in El Paso

Via El Paso Times -

A Lebanese man who was part of a complex federal investigation into a suspected U.S. terrorist network with ties to al-Qaida is in custody at the El Paso immigration detention center facing deportation, officials have confirmed.

According to court documents, Mohamad Kamal Elzahabi, 44, told the FBI he was a freedom fighter in 1988 and 1989 against the Soviets in Afghanistan, where he also attended a jihad military training camp, provided small-arms instruction and was a sniper.

Elaine Komis, spokeswoman for the Executive Office of Immigration Review in Falls Church, Va., said her office could not discuss anything about the case due to a "non-disclosure order" by the Department of Justice. She said that the Department of Homeland Security initiated the case, and that it's now up to the Justice Department to decide Elzahabi's immigration status.

Adelina Pruneda, spokeswoman for the Department of Homeland Security, Immigration & Customs Enforcement, in San Antonio, said Elzahabi is being held at the El Paso federal detention center. No other details, including his hearing date and name of his new lawyer, will be released as long as the non-disclosure order is in effect.

Elzahabi caught the attention of authorities in Canada, Minnesota, New York and Massachusetts, who learned he and three other men fought in Afghanistan and all became cab drivers in Boston. Elzahabi has continually denied he was part of a sleeper cell or terrorist group.

[...]

The complaint also states Elzahabi admitted knowing Abu Zubaida, a senior al- Qaida associate.

Elzahabi told FBI agents he traveled to Lebanon and Chechnya and returned to the United States in 1995 "because he was in need of medical care after suffering an abdominal gunshot wound in combat," records state.

Elzahabi and his brother operated an axle-repair business in New York from 1995 to 1997 before he moved to Boston, where he worked as a cab driver "and he again associated with Raed Hijazi and Basam Kanj," who were employed by the same cab company.

The 2004 complaint signed by FBI Special Agent Kiann Vendenover alleges Elzahabi lied about not knowing the contents of packages he helped ship from his axle business to Pakistan and other countries -- packages that contained radios and other communications equipment.

The FBI also alleged he lied about helping Hijazi obtain a Massachusetts driver's license, and about letting him use Elzahabi's U.S. address for that purpose.

New BD+ Blu-ray Copy Protection Cracked Months Ahead of Schedule

Via The Inquirer -

Slysoft has done it again with their highly recommended AnyDVD HD product. The new version 6.5.0.2, announced today, breaks the new revision of the unbreakable BD+.

For those of you not following this one-sided fight, Blu-Ray movies do a lot of very unfortunate things, like stripping your fair use rights, preventing backups (no one has kids or pets that maul disks), being incompatible with boatloads of hardware, and transmitting every viewing, every click, and every thing you do back to who-knows-where to be used against you. Really, they do that, why do you think net access is mandatory?

Slysoft was the first to fully crack the old encryption scheme over a year ago.

A few weeks ago however, a new revision of BD+ came out that was not crackable with the current schemes. A fix was estimated at a few months, but never doubt the good folk at Slysoft, they did it in a few weeks.

Order is restored in the universe, and you can watch your legally purchased BDs on your legally purchased equipment, even if the DRM schemes don't like each other. No more black screens with AnyDVD HD. If you are looking to pirate, this is not your product - it is much easier to download pre-cracked files.

In any case, you can read all about the program. I would need to grow more thumbs to give it any higher praise. Go out and buy this if you haven't already.

Chocolate, Wine And Tea Improve Brain Performance

Via ScienceDaily (Dec 24th) -

All that chocolate might actually help finish the bumper Christmas crossword over the seasonal period. According to Oxford researchers working with colleagues in Norway, chocolate, wine and tea enhance cognitive performance.

The team from Oxford’s Department of Physiology, Anatomy and Genetics and Norway examined the relation between cognitive performance and the intake of three common foodstuffs that contain flavonoids (chocolate, wine, and tea) in 2,031 older people (aged between 70 and 74).

Participants filled in information about their habitual food intake and underwent a battery of cognitive tests.Those who consumed chocolate, wine, or tea had significantly better mean test scores and lower prevalence of poor cognitive performance than those who did not. The team reported their findings in the Journal of Nutrition.

The role of micronutrients in age-related cognitive decline is being increasingly studied. Fruits and beverages such as tea, red wine, cocoa, and coffee are major dietary sources of polyphenols, micronutrients found in plant-derived foods. The largest subclass of dietary polyphenols is flavonoids, and it has been reported in the past that those who consume lots of flavonoids have a lower incidence of dementia.

The latest findings seem to support the theory, although the researchers caution that more research would be needed to prove that it was flavonoids, rather than some other aspect of the foods studied, that made the difference. The effect was most pronounced for wine.

However, say the researchers, those overdoing it at Christmas should note that while moderate alcohol consumption is associated with better cognitive function and reduced risk of Alzheimer’s disease and dementia, heavy alcohol intake could be one of many causes of dementia – as well as a host of other health problems.

Mexico Detains Presidential Guard in Drug Case

Via Yahoo! News (Dec 27th) -

Mexico's drug corruption scandals reached into the presidential guard as authorities identified an officer who served in the unit as a possible spy for the country's violent drug cartels.

An official of the federal prosecutor's office who was not authorized to be quoted by name identified Arturo Gonzalez Rodriguez on Saturday as an army major who was assigned to a unit of the presidential guard.

Prosecutors announced on Friday that Gonzalez Rodriguez had been placed under hour arrest for 40 days while he is investigated.

The prosecution official said there are allegations that the officer passed information to the Beltran Leyva drug cartel in exchange for payments of as much as $100,000.

The prosecutor's office could not confirm what type of information the major purportedly passed to drug traffickers.

But an official of President Felipe Calderon's office said that Gonzalez Rodriguez wasn't part of the elite section of the guard that takes care of Calderon's personal security or logistics.

The official, who was not authorized to be quoted by name, stressed that Gonzalez Rodriguez never had access to any information about Calderon's activities.

In a 2007 interview with The Associated Press, Calderon said members of the federal government have received threats from traffickers.

"There have been a lot of threats — whether they have been false or real — but they won't stop us from taking action," Calderon said.

More than a dozen high-ranking police and prosecution officials have been detained on similar allegations of spying for cartels in recent months, but none has been linked so closely to the president's office.

Attacking Critical Internet Infrastructure

Via BreakingPoint Labs (HD Moore) -

Taking a page from L0pht Heavy Industries, Alexander Sotirov, Jacob Appelbaum, and a team of researchers whose identities have to remain secret for now are making the theoretical possible this Tuesday at the 25th Chaos Communication Congress in Berlin. The details of their presentation have been heavily censored leading up the event, with only a handful of security researchers, journalists, and collaborators given early access to the materials. Fortunately, I was one of them, and I wanted to take the opportunity to talk about their research, why it is important, and why the pre-conference secrecy is justified.

First things first; the reason for secrecy. Their research combined a known weakness in one area with a massive resource investment in another to show that a third party was vulnerable to a practical attack that affects the security of all Internet users. Security researchers often release code and technical documentation to demonstrate a flaw, but in this case, they went a step further and used the attack in the real world to obtain proof that it works. This process required interaction with a third party that will likely do whatever they can to save face once the details become public.

To prepare for the fallout, Alexander and Jacob have been working with a legal team to review their work and advise them on the best way to disclose the issue without finding themselves at the receiving end of a lawsuit. From my own conversations with Alexander, I don't believe they broke any laws, but in the past few years there have been multiple unjustified legal actions and threats against researchers who have tried to warn the public about serious security issues.


The last ten years have shown us that it is usually better to ask for forgiveness than permission when it comes to vulnerability disclosure. Vendors have a financial interest in protecting their reputation and this is apparent in the number of pre-disclosure threats they make; however, once the proverbial cat is out of the bag, it is cheaper to address the problem than to proceed with legal action, since that legal action will usually result in even worse publicity for the vendor. If your organization is withholding vulnerability information due to concerns over a legal reaction from the affected vendor, then you have already lost the game and are doing a disservice to every user that relies on that vendor's product or service.

Switching back to the actual presentation; there are three things that make their research impressive. First, their work involved serious collaboration between academia and independent security researchers. This type of coordination is tough to manage and nearly impossible to actually publish anything under terms everyone can agree to. Jacob's previous work on cold-boot memory attacks faced similar challenges and the end result was partial disclosure of the developed tools (the BitLocker code was never released). Second, their research required massive computational resources that had to be utilized within a specific window of time. Although computing costs have dropped significantly over the last few years, the researchers estimated that commercially available computation resources such as Amazon EC2 put the technique within the grasp of a profitable criminal organization, large botnet operator and certainly state sponsors. The attack only has to be performed once in order to reap rewards for a long time afterward (months, if not years). This one-time investment model could pay for itself many times over if it was used to provide services to criminal organizations. Finally, they actually did it. This isn't a pie-in-the-sky talk about what may happen or what someone might be able to do, this is a demonstration of what they actually did with the results to prove it.

Their live presentation will be available online via streaming video, it is scheduled for Saal 1 at 3:15pm (8:15am CST, 9:15am EST, 6:15am PST) on Tuesday, December 30th. Keep an eye on the schedule in case their timeslot is moved.

Sunday, December 28, 2008

Windows Media Player Integer Overflow in Playing WAV Files

http://www.securitytracker.com/alerts/2008/Dec/1021495.html

A vulnerability was reported in Windows Media Player. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted WAV, SND, or MIDI file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

-----------------

UPDATE - Microsoft appears to agree with you, Frantisek. Microsoft pours cold water on WMP flaw warning.
Microsoft is aware of a falsely reported vulnerability in Microsoft Windows Media Player Dec. 25, 2008. Microsoft investigated the claim and found that this is not a product vulnerability. Microsoft confirmed that the reported crash is not exploitable and does not allow an attacker to execute arbitrary code, as was incorrectly claimed in the public report.

Dark Energy Independently Confirmed

Via Scientific American -

In 1998 two teams of researchers made a milestone cosmological announcement: The universe, long known to be expanding, was not slowing down in its expansion as expected but was in fact accelerating. Both groups had been studying exploding stars, or supernovae, and used the objects' movement to show that the universe is speeding up. The culprit was labeled dark energy—a hypothesized presence that pervades space and pushes the pieces of the universe apart.

A new study that examines the growth of galaxy clusters rather than the movement of stars independently confirms the presence of dark energy. Researchers, led by Alexey Vikhlinin of the Harvard-Smithsonian Center for Astrophysics (CfA), found that dark energy seems to restrain the growth of clusters over time, hindering the gravitational clumping of matter that would allow them to grow even more massive.

Vikhlinin called the findings, which are set to be published in The Astrophysical Journal, "an unambiguous signature of dark energy." Such an effect is not entirely surprising: Astrophysicist Christopher Conselice of the University of Nottingham in England raised this as a likely role for dark energy in a 2007 Scientific American article.

-----------------------------

At the same time, new theories my shed light on dark matter.

Windows 7 Beta 1 (Build 7000) Leaked On BitTorrent

Via gizmodo.com -

The Windows 7 Beta 1 that was public-bound in mid-January has been leaked now, and you can get a copy on BitTorrent.

The beta expires July 1, 2009, and from what we read, it's a bit more stable than the versions people have been playing with for a few months. Hit the links below to get a copy, if you're OK with the fact that you're technically not supposed to have this just yet. [My Digital Life via BlogsDNA via Technovedad via Download Squad]

Update: ZDNet also has a look at the beta over here, and they concur that it's pretty good:

# This beta is of excellent quality. This is the kind of code that you could roll out and live with. Even the pre-betas were solid, but finally this beta feels like it’s “done.” This beta exceeds the quality of any other Microsoft OS beta that I’ve handled.

US Army Uses iPod Touch for Translation On the Field

Via gizmodo.com -

This week on the Pentagon Channel (?), a soldier demonstrates the Army's cutting-edge new translation tool: an iPod touch.

The demo iPod looks to have the stock Apple OS, running a custom translation application. It allows the user to select a language, then a situation, and finally a command or question, like "Get down!" in Arabic, which I'm sure comes in handy. The app will also show a video of a CGI soldier saying the selection, in case your platoon is made up of visual learners. It's a pretty cool little program, but I hope the soldiers actually use it instead of playing Tap Tap Revenge like I'm sure they want to. [The Pentagon Channel, thanks Paul!]

Saturday, December 27, 2008

Haqqani: Pakistan Will Defend Itself Against Aggression

Via Daily Times (Pakistan) -

Due to India’s war rhetoric and potentially dangerous military moves, Pakistanis must be reassured that the country, though committed to fighting terrorism, is prepared to defend itself against any aggression, Islamabad’s envoy in Washington told CNN on Saturday.

Hussain Haqqani said Pakistan wanted to pursue terrorists in the border areas between Pakistan and Afghanistan rather than go to war with India, adding the country also wanted to work with New Delhi to capture terrorists who were responsible for the Mumbai attacks.

“That said, over the last few days, we have reason to believe that there has been an escalation of rhetoric in India, which is accompanied by certain moves that we consider to be potentially dangerous,” Haqqani said.

He told the channel that he could not reveal the intelligence Pakistan had about Indian moves “but we are willing to share that with our friends around the world. And we have attempted to do that”.

Troop movement: He rejected the suggestion that the movement of Pakistani troops signalled an escalating situation.

“There is no bravado. Pakistan is not trying to make a show of might. All we are trying to do is to reassure our people that we do not want to go to war, but in case there are aggressive moves from the other side, then certainly we will take defensive positions,” Haqqani said.

“(It) is a call for India and our friends internationally to make sure that this remains a situation in which we work co-operatively,” he said, adding there had been no movements of troops from active engagement against terrorists and their supporters in the border areas between Pakistan and Afghanistan.

Need for evidence: He said Islamabad ‘has been fully co-operating’ with New Delhi in anti-terrorism efforts but pointed out the need for evidence to prosecute suspects.

“We have arrested many people that the Indians have named. Now, of course, we are asking for evidence. After all, people, once they have been arrested and charged, need evidence to be prosecuted. And we are a country under the rule of law now that democracy has been restored in Pakistan,” the envoy said.

“The most important thing is Pakistan wants to continue pursuing the war against terror. We remain the allies of the international community in fighting terrorists and we certainly do not want to divert our attention from that,” he added. app

More Users Report Apple's Update Kills Their Macs

Via PCMag -

A Monday update to Apple's Leopard operating system continued to wreak havoc today, with some users reporting that Mac OS X 10.5.6 has completely killed their machines.

"Since I (and many other users) installed the update our machines have completely died," Pedro Paiva, who owns a 17-inch MacBook Pro Core 2 Duo, wrote in an e-mail.

When Paiva turns on his MacBook, it makes a spinning sound, the LED light turns on, but then nothing happens, he said.

An authorized Apple reseller told Paiva, who is based in Rio de Janeiro, that "the symptoms look like logic board failure and that I'll probably need to have it replaced. Problem is that warranty expired 9 days ago and logic board costs almost as much as a new machine."

A user who identified himself as "Beerman07" on the Apple forums said he experienced the same thing. "I had a perfectly healthy MacBook until about 10 [minutes] ago when I tried to update to 10.5.6. Now, I cannot start up on that computer. I also have the LED light on in the front," he wrote Tuesday.

"Beerman07" said that he eventually got his machine to start working again after connecting to another computer in Target mode using Diskwarrior, but when he restarted the next day, he was again met with the blank screen and LED light.

"My iMac died essentially the same way as yours, after the 10.5.6 update," a Minneapolis-based user known as "Guvenen" wrote in response to "Beerman07"'s post. "I also tried everything on [the] [Mac]books without success."

The OS X 10.5.6 update is supposed to improve a number of features, including synching between the address book and the iPhone, roaming capabilities of AirPort connections on Intel-based Macs, an encryption alert that appeared in the chat window of iChat, among other things.

After its release, users took to the Apple forums to report a host of problems ranging from broken Bluetooth connections and no sound to large popping noises during boot-up and dead USB ports.

There were few initial reports of completely dead machines, however.

U.K.-based user John Harvey wrote that his 10.5.6 MacBook Pro update also produced the blank screen and permanent LED light. He held the power button down, and the machine re-started, but the printer and the sound were not working. When he restarted the next morning, he was met with a recurring "kernel panic" warning.

Apple tech support eventually walked him through a re-install of 10.5.4, Harvey wrote.

"I did the install and my computer will start up to the apple symbol, hang out there for a while and then turn off," wrote user Aimee Heff. "This causes much stress for this grad student."

London-based user "trikke_d" reported that he encountered the same problem last year when installing the original Leopard on his iMac, which resulted in a dead logic board.

"If you are in warranty you should be fine, if you are not then I am afraid Apple will probably not help," "trikke_d" wrote. " In my experience OS updates can kill your machine, but Apple will never admit this is the case."

Apple did not immediately respond to a request for comment.

Complaints about the update continued to roll in on Wednesday, including users who could not print, use their machine's search function, view their e-mail, hear alert sounds, or get accurate battery status readings, among other problems.

----------------------------------

I would have more respect for Apple if they shed their tip-light (PR protection) attitude and communicated better with their customers...especially when their are experiencing patch problems or possible security issues.

Surviving a Hacker Conference

Via HackaDay -

With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.

EFF's 18th Birthday Party with DJ Spooky

http://www.eff.org/deeplinks/2008/12/eff18

On Wednesday the 7th, EFF will be celebrating our 18th year of defending digital rights with our biggest bash yet!

Special guest DJ Spooky will be rocking the DNA Lounge in San Francisco, with help from mashup party pioneers Bootie, copyfighter and Surya Dub DJ Kid Kameleon, and EFF's Tones and Qubitsu.

Party with us from 8 p.m. until late. We'll be asking for a $25 donation at the door to fund our work defending your digital freedom, but no one will be turned away for lack of funds. Please RSVP to events@eff.org. 21+ only, cash bar. The first 400 people through the door will receive a free mix CD from DJ Spooky.

Pre-pay for the party using our new Happy Birthday donation page, and you'll have the option to get a discounted membership! As always, membership includes great EFF swag - perfect for wearing to an EFF party.

For a special meet and greet opportunity with DJ Spooky, RSVP to our VIP pre-party. The first 40 people to RSVP at the VIP level will receive a copy of Sound Unbound, DJ Spooky's lastest book.

Thanks for your support of EFF! We look forward to seeing you there!

CIA Wins Over Tribal Leaders With Viagra

Via CBSNews -

The Afghan chieftain looked older than his 60-odd years, and his bearded face bore the creases of a man burdened with duties as tribal patriarch and husband to four younger women. His visitor, a CIA officer, saw an opportunity, and reached into his bag for a small gift.

Four blue pills. Viagra.

"Take one of these. You'll love it," the officer said. Compliments of Uncle Sam.

The enticement worked. The officer, who described the encounter, returned four days later to an enthusiastic reception. The grinning chief offered up a bonanza of information about Taliban movements and supply routes, followed by a request for more pills.

For U.S. intelligence officials, this is how some crucial battles in Afghanistan are fought and won. While the CIA has a long history of buying information with cash, the growing Taliban insurgency has prompted the use of novel incentives and creative bargaining to gain support in some of the country's roughest neighborhoods, according to officials directly involved in such operations.

----------------------------

Words have not been created to express how awesome this is....

OpenTape - Host Your Own Mixtapes

http://opentape.fm/

Opentape is a free, open-source package that lets you make and host your own mixtapes on the web.

Upload songs (via web or FTP), reorder, rename, customize the style, and share what you like on other sites with an embeddable player.

----------------------------

Check out this F.A.T. X-Mas 2008 Mix (via OpenTape)

Thursday, December 25, 2008

Intelligence Fusion Centers Could Endanger Privacy

Via FCW -

Intelligence fusion centers run by state and local law enforcement agencies could jeopardize privacy, according to a report from the Homeland Security Department’s chief privacy officer.
Privacy is at risk at fusion centers because of ambiguous lines of authority and oversight, the participation of military and private companies, and excessive secrecy, said Hugo Teufel III, DHS’ chief privacy officer, in a report dated Dec. 11 and posted online Dec. 22.

Teufel said the privacy assessment identifies hypothetical risks to privacy that should be examined, but they are not necessarily reflective of conditions or policies at the centers. DHS needs to investigate further to determine whether each center is effectively mitigating risks, he said.

“When we use the word ‘risk,’ we are identifying issues, not problems,” Teufel said. “These are the things that the state and local fusion centers should consider carefully.”

DHS created the fusion center program in response to the Implementing Recommendations of the 9/11 Commission Act of 2007 to foster two-way information sharing between the department and state and local police. Law enforcement agencies typically run the centers, and DHS assigns intelligence analysts to work at them.

Despite the department’s efforts to mitigate risks, DHS’ Privacy Office identified a number of ongoing problems in its privacy impact assessment. The 9/11 implementation act provides statutory authority for fusion center activities, but the public might distrust them because state and local law enforcement agencies share personally identifiable information they collect with one another and with federal officials, the report states.

Furthermore, fusion centers lack clear rules for storing and sharing personal information because they are regulated by a mix of state and federal laws, the report states, citing previous findings by the Government Accountability Office. Consistent policies and training would mitigate those concerns, DHS’ Privacy Office said.

The office identified military involvement at fusion centers as a risk to privacy, but it said assessing the risk was beyond the report’s scope.

The report also lists excessive secrecy, mission creep and inaccurate information as concerns, but it states that appropriate responses should alleviate them.

The privacy assessment also notes concerns about data mining and private-sector involvement, which the office intends to study further.

Caroline Fredrickson, director of the American Civil Liberties Union’s Washington Legislative Office, said the ACLU identified similar privacy concerns a year ago.

“Police intelligence activities have a troubled history in the United States, so we're glad to see the DHS Privacy Office shining a light on the privacy threats fusion centers pose,” Fredrickson said. “Given the fact that the DHS Privacy Office sees the same problems the ACLU does with fusion centers, it should be obvious that serious oversight is necessary.”

Huge Explosives Stash Seized in Pakistan Capital

Via ABC News -

Pakistani police say they have seized a huge quantity of explosives and arrested eight people in raids at three shops on the outskirts of the capital Islamabad.

The haul included 500 kilograms of explosives, more than 500 detonators, empty bullet cartridges and sacks of chemicals, Islamabad police chief Asghar Gardezi said.

Police conducted the raids late on Wednesday on intelligence information about the storage of explosives in the shops owned by two brothers from the tribal Dir district bordering Afghanistan.

"It is a very important breakthrough. The recovery suggests the explosives might have been meant for terror attacks, but we are investigating," Mr Gardezi said.

In September, a suicide bomber rammed a truck packed with explosives into the outer gates of the luxury Marriott hotel in Islamabad, killing 60 people.

Pakistan this year has seen a spike in violence blamed on Taliban and Al-Qaeda linked militants, prompting the army to launch a major operation in the volatile northwest of the country.

Signs of a Coming Indian-Pakistani War

Via Stratfor -

Several major signs of a coming Indian-Pakistani war surfaced Dec. 24.

Indian troops reportedly have deployed to the Barmer district of southwest Rajasthan state along the Indian-Pakistani border. Furthermore, the state government of Rajasthan has ordered residents of its border villages to be prepared for relocation. The decision reportedly came after a meeting among the state’s director-general of police, home secretary and an official from the central government. Stratfor confirmed the report with an Indian army officer.

According to India’s ZeeNews, the Pakistani army replaced the Pakistan Rangers that regularly patrol the border with India. The Pakistani troop movements were later confirmed by U.K. Bansal, the additional director-general of India’s Border Security Force (BSF) in Barmer, Rajasthan.

Speed Camera Attack Highlights Public Identity Weaknesses

Via ZDNet -

In a brilliant physical-world example of what happens when too much value is placed upon open identification systems for determining reputation, a group of high school students are setting off speeding enforcement cameras using fake license plates belonging to their enemies.

According to an article in the D.C. area Montgomery County Sentinel, high school students are generating photorealistic replicas of their enemies license plates, placing them on their vehicles, and blowing through speeding cameras. Obviously people who have been victimized by this attack are upset, but at least one anonymous individual hits the nail on the head:

“The practice of sending speeding tickets to faceless recipients without any type of verification is unwarranted and an exploitation of our rights.”

Using a publicly visible number rather than direct challenge and response verification as a means of identification for a financial transaction is a bad idea. Practically all of our purchases online are made via a semi-secret identifier that stays constant for years, and our accounts are protected by a combination of semi-secret lifelong identifiers, such as social security numbers and public information, like our home address.

We should all be demanding identification mechanisms that involve multifactor data for our electronic financial transactions, such as one-time password tokens. It may not be possible to create speed traps that use stronger authentication, but improving financial transactions is within reach.

iPodhash Moves to Wikileaks Following DMCA Notice

Via arstechnica.com -

When you think of Wikileaks, things like government secrets and Sarah Palin's private e-mail come to mind. However, there's a decent amount of technology-related information on the site as well. The fact that it's nearly impossible to get content removed from Wikileaks could lead to its use as a haven for controversial technology projects, too. It turns out that the code related to the iPodhash project was posted to Wikileaks shortly after the project's BluWiki page was taken down in response to a legal notice from Apple's lawyers.

The project received a DMCA anticircumvention notice in the middle of November, and operator of BluWiki removed the content that Apple didn't like until the legal notice could be scrutinized.

Since then, the Electronic Frontier Foundation has agreed to represent iPodhash, and the project's owner has come forward with a few comments, but the original project information is still unavailable, as the various legal machinations continue. Just a few days after the takedown notice was received, however, the code generated by iPodhash thus far was posted to Wikileaks, once again making the information publicly available.

Because of the anonymous, distributed nature of Wikileaks, Apple's DMCA notice no longer carries quite as much weight to those hosting the code. Although there aren't a huge number of controversial OS X applications, I'm sure other controversial projects will turn to the site in the future, so a little project like iPodhash may end up as an example of how contentious code can be made to live on.

Aussie Government's Own Report Trashes 'Net Filtering

Via arstechnica.com -

Australia's hugely controversial ISP filtering plan received a lump of Christmas coal in its stocking with the release this week of a new report that points out the many difficulties with such a scheme. The current government's response is to make clear that the report was commissioned by the previous government—which apparently makes it a bit suspect. A live trial of the filtering system has been delayed into January, but it is still going ahead.

"The Government is aware of technical concerns raised in the report, and that is why we are conducting a pilot to put these claims to the test," said Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy.

The lengthy report was commissioned by the Howard Government back in 2007 and was conducted by the Internet Industry Association. Not that the current government wants you to take the report's points too seriously; Conroy points out that "the report methodology was a literature review of existing studies as well as interviews and surveys. It involved no empirical testing of filtering technology."

-----------------------------------

Also this week, Australia's Broadband Minister, Stephen Conroy and his team as removing their blog and all public comments....Way to communicate with the people indeed.

DHS Considers Looking For Terrorism Clues on the Internet

Via FCW -

The Homeland Security Department might soon start searching the Internet for blogs and message boards that terrorists are using to plan attacks in the United States, USA Today reports.

Researchers say terrorists are increasingly using the Internet to plan operations and spread propaganda, according to a DHS statement. The newspaper reports that the department is looking for companies that can help it find relevant information online.

-----------------------

I am a little surprised they haven't been doing this for years already...

CastleCops Fries the Last Phish

http://www.castlecops.com/

Greetings Folks,

You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created.

With respect to the server marathon, by March 17 2009 CastleCops will refund contributions made through PayPal that were specifically designated for servers. Unfortunately, server donations made via check cannot be returned because we do not have the addresses for the donating entity. Unless instructed otherwise, CastleCops will re-allocate these funds as a donation to the Internet Systems Consortium (ISC.org). This organization sponsored our hosting environment for approximately the past 2 years. Please contact us [cc at laudanski dot com] before March 17, 2009, if you would like a return of your server marathon donation. Otherwise, we would like to thank the ISC for their unfettered support.

We thank everyone in creating our unique footprint and memories in time.

Love, Best Wishes and Happy Holidays, CastleCops

--------------------------------------

I would like to give thanks and best wishes with everyone @ Castlecops.

It was a personal pleasure to help work on the PIRT team shortly after it was created...the friendships that were formed will have a lasting impression in my life....an impression that will always be a part of me.

Wednesday, December 24, 2008

Researchers Seek Advanced Network Prioritization

Via Network World -

Researchers are looking to build self-configuring network technology that would identifying traffic, let the network infrastructure prioritize it down to the end user, reallocate bandwidth between users or classes of users, and automatically make quality of service decisions. The system will have a minimum of 32 levels of prioritization. These prioritization levels will be configurable and changeable at the system level in an authenticated method. Data with a higher priority will be handled more expeditiously than traffic with a lower priority.

If that sounds like a major undertaking, it is, but consider who wants to develop such a beast: the Defense Advanced Research Projects Agency (DARPA).

This advanced prioritization system is part of DARPA's Military Networking Protocol (MNP) program which is looking to develop an authenticated and attributable identification system for packet based, military and government data networks, the agency said. Military or government data sent with the MNP will be compatible with normal Internet equipment to allow MNP traffic to pass through legacy network or encryption equipment, DARPA said.

Not only should the prioritization scheme be radically advanced, the system should be extremely difficult to spoof or inject false traffic into, DARPA said.

Yes, Virginia, There Will Be More Attacks

Via DarkReading -

This is the time of year when the editor of a publication usually issues a warm and fuzzy holiday message that's supposed to make you want to gather around the fire with your family for a group hug.

Unless, of course, your publication has to do with information security.

When you spend your days dealing with DDOS attacks and SQL injections, there aren't too many warm and fuzzy messages you can issue. "May all your patches be operational?" "May your vulnerabilities go unnoticed and unexploited in 2009!" Not exactly Hallmark card stuff.

If there is good news for security pros in 2009, however, it's probably the general consensus that IT security will remain a top priority for corporations and government agencies. We've seen a lot of predictions since the economic downturn began, and a lot of reports and surveys on organizational plans. Not one of them suggests IT security will take huge cuts, or become less important, in the new year.

Of course, the main reason for that continued emphasis is a general rise in computer crime. Virtually every projection we've seen indicates that attacks will continue to rise in frequency and sophistication in the coming year. As the economy drops, the crime wave rises, both inside the company and out.

It's hardly a warm and fuzzy message, but if you're a security pro, it at least gives you a mild sense of job security. Yes, Virginia, attacks will continue in 2009. In fact, they'll likely get worse.

So, dear readers, it's time to gather around the firewall, pour a cup of Red Bull, and toast the new year. Because we know that what's coming down our chimneys this holiday season is a lot more likely to be naughty than nice.

Happy holidays!

Zimbabwe Rights Activist Accused in Plot

Via AP -

A Zimbabwean human rights activist missing for three weeks was taken to court Wednesday, and state media said she was accused in a plot to overthrow President Robert Mugabe.

Nobel Peace Prize winner Desmond Tutu joined the growing international pressure on the longtime leader to give up power. Asked during a British Broadcasting Corp. interview if Mugabe should be removed by force, Tutu said there should "certainly be the threat of it."

Tutu, the retired archbishop of Cape Town, also said he is ashamed of South Africa's handling of the Zimbabwe issue at the U.N. Security Council, where China and Russia in July vetoed a U.S.-sponsored resolution that proposed worldwide sanctions against Mugabe and 13 officials.

Former South African president Thabo Mbeki mediated the power-sharing deal between Mugabe and opposition leader Morgan Tsvangirai, and South Africa reiterated this week it saw the deal as the only way forward, despite new U.S. and British opposition to it.

"We have betrayed our legacy, how much more suffering is going to make us say, 'No, we have given Mr. Mugabe enough time,'" Tutu told the BBC.

The court appearance of Jestina Mukoko came days after Tsvangirai threatened to withdraw from talks on implementing the power sharing deal unless at least 42 missing activists and opposition officials were released or charged.

Zimbabwe police officials had denied holding Mukoko, who had not been seen since being taken from her home Dec. 3, the day activists held nationwide protests against the country's deepening economic and health crises.

Mukoko and eight other activists were remanded to custody after appearing briefly in Harare Magistrate Court and were due to appear again on Monday, said Andrew Makoni, a lawyer representing them.

Pakistan Blames 'Lashkar-e-Jhangvi' for Marriott Hotel Attack

Via CT Blog -

Pakistan's interior Affairs advisor Rehman Malik has blamed the anti Shia, Al-Qaeda affiliate terrorist group Lashkar- e- Jhangvi for the Marriott hotel suicide attack in Islamabad, that killed over sixty people including Czech ambassador, couple of US Soldiers and many foreigners on September 20. Nearly 200 others were injured in the attack. According to earlier reports, the suicide bomber detonated a truck packed with around 600 kg of explosives (RDX) at the Marriott.

Soon after the attack in September last, a lesser known group Fidayeen-e-Islam had claimed responsibility while warning for more such attacks on Westerners. One spokesman identified himself as Ahmad Shah Abdali, reportedly told Al Arabiya TV in Islamabad over phone about the outfit’s involvement and put some condition to stop attacks against the US interests in Pakistan, including an end to the Pak-US cooperation. The initial suspicion was on another Al Qaeda affiliate terror group, Harkatul Jehad-ul Islami. However, Malik has said in the parliament on Dec 22 that the investigating agencies have completed their investigation into Marriott incident which was planned and executed by the LeJ.

-----------------------------

More information on LeJ..
http://en.wikipedia.org/wiki/Lashkar-e-Jhangvi
http://www.satp.org/satporgtp/countries/pakistan/terroristoutfits/Lej.htm

New York Office Building Used by Iranian Regime, Seized by Feds

Via CT Blog -

The US Government seized control last Wednesday of a New York City office building partially owned by a company with ties to the Iranian government. The Treasury and Justice Departments move is aimed to end a flow of cash used to help Iran's program of nuclear weapons. The seizure is raising troubling questions.

The tower, situated on New York's Fifth Avenue, was built by an Iranian non-profit group in the 1970s. Federal officials say that the ownership of the building has evolved in an attempt to hide the stake held by an Iranian state-owned bank. The US alleges that Assa Corporation, which owns the building, is a front for Bank Melli, which facilitates the funding of nuclear materials for the Iranian regime. US authorities say that Bank Melli is involved in the Assa Corp. management of the Fifth Avenue facility. According to reports, rental income was sent back to Iran. But the designation does not interfere with the business and other activities of the tenants of 650 Fifth Avenue. In 2007, the Bush Administration froze Bank Melli's assets in the United States. The FBI seized two Assa's bank accounts holding $3.1 million.

According to Government sources Bank Melli handles funds for the Iranian Revolutionary Guards (Pasdaran) and its Qods Forces, which in turn fund Hezbollah, Hamas and Palestinian Islamic Jihad as well as some activities of the Taliban in Afghanistan.

PGP Desktop PGPwded.sys Denial of Service

PGP Desktop 's PGPweded.sys Driver does not sanitize user supplied input (IOCTL) and this lead to a Driver Collapse that propagates on the system with a BSOD.

Credit:
The information has been provided by evil fingers.
The original article can be found at:
http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.pdf

------------------------------

http://www.securiteam.com/windowsntfocus/6N00L0UNFU.html

Google Chrome Browser (ChromeHTML://) Remote Parameter Injection PoC

Google Chrome Browser (ChromeHTML://) remote parameter injection POC
by Nine:Situations:Group::bellick&strawdog

Site: http://retrogod.altervista.org/
tested against: IE 8 beta 2, Google Chrome 1.0.154.36, Microsoft Windows XP SP3

List of command line switches:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc

Original url: http://retrogod.altervista.org/9sg_chrome.html

http://www.milw0rm.com/exploits/7566

Navy Lab Thief Gets 18 Months in Prison

Via WashingtonPost -

Victor Papagno had two loves, federal prosecutor say: computers and stealing.

For the Navy, it was a devastating combination.

Over 10 years, authorities said, the computer technician with obsessive-compulsive disorder ran one of the biggest computer theft scams in local history. He stole more than 19,000 pieces of computer equipment from the offices of the Naval Research Laboratory in Southwest Washington.

The loot took up so much space that Papagno built a 2,775-square-foot garage to store it all. It cost the Navy more than $150,000 to inventory the stash of keyboards, monitors, floppy disks, hard drives, cables, batteries and a device to make security badges. When investigators came to haul the equipment away from Papagno's Charles County home, they needed an 18-wheeler.

He got away with stealing computer components from a secure Navy facility by walking out the front door with the booty in boxes -- an average of five items a day over a decade. The Navy never caught on. The tip that brought him down last year came from his estranged wife, authorities said.

The 40-year-old computer specialist, who pleaded guilty in October to theft of government property, was sentenced yesterday to 18 months in prison by U.S. District Judge Paul L. Friedman. The judge said he was disturbed by the "quantity, the value and the sensitivity" of the stolen items and ordered Papagno to repay the $159,000 it cost the Navy to retrieve and inventory the goods.

World Bank Admits Indian Tech Vendor Debarred for 8 Years

Via FoxNews -

For months, the World Bank has been stonewalling and denying a series of FOX News reports on a variety of in-house scandals, ranging from the hacking of its most sensitive financial data to its own sanctions against suppliers found guilty of wrongdoing.

But last week the world's most important anti-poverty organization suddenly came clean — sort of — in its tough sanctions against a vitally important computer software service supplier that has been linked not only to financial wrongdoing but also to the ultrasensitive data heists.

A top bank official, FOX News has learned, has admitted that a leading India-based information technology vendor named Satyam Computer Services was barred last February from all business at the bank for a period of eight years — and that the ban started in September.

The admission confirms what FOX News reported from its own bank sources on October 10 — a report the World Bank officially disparaged at the time.

The World Bank's revelation of the ban on Satyam comes at a watershed moment for the $2 billion (sales) outsourcing giant, which boasts more than 100 Fortune 500 companies as clients and which trades on the New York Stock Exchange. Last week, India's securities commission announced that it would investigate Satyam.

New Attack Patterns Emerge in 2009

Via Arbor Networks -

Botnets were just the beginning. The bad guys will continue to use these to try and steal your data, but more sophisticated attacks over the application layer and targeted network attacks are on the way. In this Network World Podcast, Danny McPherson from Arbor Networks discusses the new ways that hackers will be trying to get into (and steal information) from your network in 2009.

Tuesday, December 23, 2008

India Will Not Act Unilaterally Against the Extremist in Pakistan

Via LATimes.com -

India's prime minister signaled Tuesday that his government would not act unilaterally against the extremist networks allegedly behind last month's Mumbai terrorist attacks, attempting to ease tensions over accusations that Pakistan is not hunting down the militants on its territory.

Speaking after meeting with India's ambassador corps, Prime Minister Manmohan Singh said he would rely on international pressure to push Pakistan into taking action itself against groups like Lashkar-e-Taiba, which India and its Western allies believe orchestrated the attacks.

"The issue is not war. The issue is terror and territory in Pakistan being used to provoke, to aid and abet terrorism," Singh told reporters. "Nobody wants war."

Singh's comments came after days of increasingly heated rhetoric on both sides and military maneuvers by the Pakistanis. On Monday, Pakistan scrambled fighter jets over several of its major cities, citing the need to step up "vigilance."

The sorties came after India's foreign minister told the same gathering of ambassadors, who are in New Delhi for three days of meetings, that "we will take all measures necessary as we deem fit" to deal with terrorist threats. The statement appeared to put military action back on the table after weeks of insistence that India would rely on diplomacy.

Software Executive Sentenced for Hacking

Via NetworkWorld -

The president of a U.S. software company has been sentenced to probation after pleading guilty to stealing password-protected files from a competitor.

Jay E. Leonard, 61, was sentenced to 12 months supervised probation and a US$2,500 fine after pleading guilty to one count of unauthorized access to a protected computer, a misdemeanor charge.

Leonard is the owner of Boulder, Colorado's Platte River Associates, a company that builds software used in petroleum exploration. He illegally accessed a password-protected area of the Web site belonging to his company's competitor Zetaware, according to a plea agreement filed in the U.S. District Court for the District of Colorado.

One week later, he chaired a company staff meeting in which "a tentative plan was discussed to exploit and to unlawfully utilize the downloaded Zetaware files for the economic gain of Platte River Associates," the plea agreement states.

Zetaware CEO Zhiyong He was tipped off to the intrusion by a confidential source, which he then reported to the U.S. Federal Bureau of Investigation (FBI), court filings state. In an interview Monday, he said he is not sure how Leonard was able to access his Web site, but that he believes that he may have been given a password.

He said that one of Leonard's employees may have turned his boss in. He knew Leonard professionally and was "very surprised" by the incident, he said.

Leonard accessed the Zetaware site from a Sprint wireless network at Houston's George Bush Intercontinental Airport, located near Zetaware's headquarters, the plea agreement states.

In a separate case, Platte River Associates is also facing charges of "trading with the enemy," for allegedly allowing its software to be used to evaluate oil and gas development opportunities off the shore of Cuba, which is under a U.S. trade embargo. "The company has expressed an interest in pleading guilty," in that case, although no plea has been accepted by the judge, according to Jeffrey Dorschner, a spokesman for the United States Attorney's office prosecuting the two cases.

Leonard and his attorney did not return calls seeking comment for this story.

Multicore Doesn't Mean Equal Core

Via GCN -

As anyone who has worked on a group project knows all too well, not all team members contribute equally to the success of a project. And now Virginia Tech researchers have found the same holds true for the cores in multicore processors.

Depending on how your code is distributed across seemingly identical cores, the speed at which that code is executed on a multicore processor can vary by as much as 10 percent.

If you've ever had a program perform slower than expected or perform quickly on one day and not as spritely the next, you might want to examine how that CPU is executing the job.

"The solution to this is to dynamically map processes to the right cores," said Thomas Scogland, a Virginia Tech graduate student who summarized this quirk at the SC08 conference in Austin, Texas, last month. Scogland and fellow researchers, with help from the Energy Department's Argonne National Laboratory, developed prototype software that could one day help balance performance more equally across all cores. DOE also helped fund the work.

[...]

In all fairness, it's not the cores' fault, technically speaking. Although the cores are identical, how a program is distributed among the cores can affect how quickly it runs. And in most cases, the operating system and hardware spread a program across multiple cores rather arbitrarily, which leads to varying performance.

A number of factors contribute to that variance, the researchers said. One factor is how the CPU hardware handles interrupts. In many cases, they could be directed to a single core, which could slow other applications on that core. However, if the interrupts are distributed across all the cores dynamically, there is no guarantee that the core handling the interrupt will be the same one that is running the program for which that interrupt was intended. Therefore, additional communication time is needed between the two cores.