Monday, November 30, 2009

Tritium Leak at India's Kaiga Nuclear Plant - Possible Inside Job

Via BBC -

A "disgruntled" worker could be behind the leak of a radioactive substance into drinking water at an atomic power plant in southern India, police say.

Preliminary investigations suggested it was an "inside job", a senior police officer told the BBC.

Police have moved into the Kaiga plant on the west coast of India, 450km (280 miles) from the city of Bangalore.

Fifty-five workers needed medical help for exposure to radiation after tritium contaminated a water cooler.


Both central and state agencies are investigating the matter. A list of people who were on duty on the day the incident took place has been given to the investigators," plant director JP Gupta said.

Inspector general of police Gopal Hosur told the BBC that there was no terror link to the incident.

"If that was the case the magnitude would have been bigger."


Officials suspect that an employee had mixed the radioactive substance into a drinking water cooler meant for staff.

Chairman of the Indian Atomic Energy Commission Anil Kakodkar has called it a "malevolent act".

Although officials say the leak poses no risk to public safety, there is an element of panic in and around Kaiga.

Tritium, also known as Hydrogen-3, is used in research, fusion reactors and neutron generators.


In geological timescales, Tritium has a relative short half-life of 12.33 years. It decays into helium-3 by beta decay. Unlike Gamma radiation, beta particles emitted by the decay of tritium have relatively low energy and are unable to pass through the dead layer of human skin.

Therefore, Tritium is dangerous if inhaled, ingested or absorbed through pores in the skin leading to cell damage and increased chance of cancer.

AQIM Supected in Kidnapping of Three Aid Workers in Mauritania

Via BBC -

Spain says al-Qaeda's North African cell is likely to be responsible for the apparent kidnapping of three aid workers in Mauritania.

Interior Minister Alfredo Perez Rubalcaba said "everything suggests" al-Qaeda in the Maghreb was involved.

Mauritanian police said the workers, from Barcelona Accion Solidaria, were attacked on a road linking the capital Nouakchott to the city of Nouadhibou.

Two men and a woman were snatched by armed men.

The three aid workers were in a four-wheel drive vehicle at the back of a convoy when they were attacked.

Julia Tabernejo, from Barcelona Accion Solidaria, told the Associated Press: "I think the others heard shooting, and when they stopped, the car was empty. Those three were no longer in it."


The kidnapping happened near the town of Chelkhett Legtouta.

"Though we can say absolutely nothing for sure at the moment, everything would seem to indicate that it was a kidnapping," said Mr Rubalcaba.

"If that's the case, as I fear it is, everything suggests that it is an AQIM [al-Qaeda in the Islamic Maghreb] kidnapping."

Analysts say Mauritania has generally been a peaceful country - but several attacks linked to the al-Qaeda cell have rocked the status quo.

An American teacher was killed in June, with al-Qaeda later claiming it had killed him for spreading Christianity.

Large Hadron Collider Breaks Fermilab's Proton Acceleration Record

Via Google News (AP) -

The world's largest atom smasher on Monday broke the record for proton acceleration previously held by a U.S. lab, sending beams of the particles at 1.18 trillion electron volts around the massive machine.

The Large Hadron Collider eclipsed the previous high of 0.98 1 TeV held by Fermilab, outside Chicago, since 2001, the European Organization for Nuclear Research, also known as CERN, said.

The latest success, which came early in the morning, is part of the preparation to reach even higher levels of energy for significant experiments next year on the make-up of matter and the universe.

It comes on top of a rapid series of operating advances for the $10 billion machine, which underwent extensive repairs and improvements after it collapsed during the opening phase last year.

CERN Director-General Rolf Heuer said early advances in the machine located in a 17-mile (27-kilometer) tunnel under the Swiss-French border have been "fantastic."

"However, we are continuing to take it step by step, and there is still a lot to do before we start physics in 2010," Heuer said in a statement. "I'm keeping my champagne on ice until then."

The organization hopes the next major step will be to collide the proton beams at about 1.2 TeV before Christmas for an initial look at the tiny particles and what forces might be created.


Physicists also hope the collider will help them see and understand other suspected phenomena, such as dark matter, antimatter and supersymmetry.

The level reached Monday isn't significantly higher than what Fermilab has been doing, and real advances are not expected until the LHC raises each beam to 3.5 TeV during the first half of next year.


Attempts to make new discoveries at the LHC are scheduled for the first quarter of 2010, at a collision energy of 7 TeV (3.5 TeV per beam).


It may take several years before the LHC can make the discovery of the elusive Higgs boson, the particle or field that theoretically gives mass to other particles. That is widely expected to deserve the Nobel Prize for physics.

The LHC operates at nearly absolute zero temperature, colder than outer space, which allows the superconducting magnets to guide the protons most efficiently.

Sunday, November 29, 2009

24 of Top 100 HTTPS Sites Now Safe From TLS Renegotiation Attacks

Via -

24 of the 100 most popular HTTPS websites appear to be safe from the recently documented TLS renegotiation flaws. Meanwhile, the other 76 sites are still vulnerable to renegotiation attacks, which allow a man-in-the-middle attacker to inject data into secure communication streams. To demonstrate the seriousness of the issue, Anil Kurmus published details of an attack scenario that showed how the flaw could be used to steal passwords from vulnerable sites such as Twitter.

Among the top 100 HTTPS websites, there are several banks and commerce companies that remain vulnerable. A few of these sites give the appearance of being intermittently vulnerable, as client requests are load balanced among a mixture of vulnerable and non-vulnerable machines.

Ben Laurie of Google was working on the renegotiation flaw around six weeks before it was made public, so it is perhaps unsurprising that 7 of the 24 safe sites are owned by Google. A further 7 sites are running Microsoft IIS 6.0, which is currently believed not to be vulnerable.

Since discovering the renegotiation problem, PhoneFactor has created a Status of Patches list, showing which vendors have already responded to the problem. A few were quick to act by disabling renegotiation support in their products, and some vendors have already implemented Eric Rescorla's proposed fix.

Netcraft's November SSL Survey found 1,217,395 distinct valid third-party SSL certificates in use on the web.


Eariler this month, Thierry Zoller released a draft paper that attempts to explain the vulnerability to a broader audience and summarizes the information that is currently available. He plans to release updates as needed. For example, on the 18th, he added the SMTP over TLS attack scenario.

Microsoft Releases Password Attack Data, Captured From FTP Honeypot

Via SecurityFocus -

Microsoft released data collected from an FTP-server honeypot, showing that attempts to guess passwords continue to focus on the low-hanging fruit: passwords with an average length of eight characters, with "password" and "123456" being the most common.

The data is part of a project to monitor attacks that everyday users might encounter on a regular basis. Most of the attacks attempted to log into the administrator account on English and French computers -- "Administrator" and "Administrateur" were, by far, the two most popular usernames -- using a variety of passwords. The attackers were typically compromised computer that were part of a botnet, Microsoft researchers stated on the company's Malware Protection Center blog.

"You should take care of what user name and password you're choosing," the researchers wrote. "If your account has no limit on the number of login attempts, then knowing the user name is like having half the job done."

In one case, an attacker made more than 400,000 attempts to guess a user name password combination.

The most common passwords were password, 123456, #!comment:, changeme and an expletive.

Microsoft recommended that users create passwords consisting of letters, numbers and special characters using a combination of lower and upper case. The average length of the password attacks was eight characters, so users should focus on longer passwords, the researchers stated.

Saturday, November 28, 2009

Terrorist Attack Derails Russian Train; 30 People Killed

Via -

Russia’s domestic intelligence service has said that the train derailment that killed about 30 people and injured nearly 100 was caused by a bomb.

The Nevsky Express traveling from Moscow to St. Petersburg came off the tracks late at night on November 27. A number of people are still unaccounted for.

In a televised meeting with President Dmitry Medvedev, the head of the FSB security service, Alexander Bortnikov, said that “criminal experts say that based on preliminary findings, a bomb equivalent to 7 seven kilograms of TNT was detonated.”

A spokesman for investigators, Vladimir Markin, said they had found elements of an explosive device at the crash site.

"A crater was discovered, 1.5 meters in diameter and 0.7-meters deep, as well as fragments of an explosive device," Markin said. "We can say with certainty that this was a terrorist act. Therefore an investigation has been opened on two counts -- terrorism and illegal arms trafficking."

"The investigation is in progress now; it will take a certain amount of time,” said Vladimir Yakunin, the head of Russia’s national railway company. “Our forces are working at full scale, we are waiting for the permission to evacuate the wagons that are still on the rails, the locomotive has been put back on the rails, and after we have finished the work around the crater, we will start evacuating the wagons that were most severely damaged."

Russian transport officials said trains were being diverted along alternate lines on one of the country's busiest routes.

The derailment was Russia's worst train crash in years.

In 2007, 30 people were injured when a train operating on the same line was derailed after an explosion damaged the rail track.

The men accused of the 2007 attack are suspected of having links to Chechen rebels.

U.S. Muslims Are Americans Too

Via CNN (h/t All Things CT) -

The serendipitous occurrence of this year's Thanksgiving holiday on the same evening as the Muslim Eid-ul-Adha is a festive occasion to reflect on the place of Islam in American collective consciousness and on Muslims as Americans.

On the same evening that millions of Americans gather around their Thanksgiving dinner to celebrate this most American of holidays, even more millions of Muslims around the globe, including the growing number of American Muslims, will do the same -- celebrating as well one of the most definitive moments of their faith -- Prophet Abraham's willingness to sacrifice his son for his God.


The distinguished New York Times columnist David Brooks, one of the most consistently militant warriors in his take on American involvements in Afghanistan and Iraq, takes Islam -- and Islam alone -- to task for having a diabolic roughness on its fringes. But even if so, Islam is not alone in this failure to curtail murderous instincts.

The same Hinduism that produced Mahatma Gandhi and his non-violent theory of civil disobedience has also produced Hindu fundamentalists who sliced and skewered pregnant Muslim women alive in Gujarat.

The same Christianity that produced Saint Francis of Assisi and Mother Theresa also produced children's crusades and Spanish conquistadors who burned native Americans alive 13 at a time (according to the 16th-century Spanish Dominican priest, Bartolomé de las Casas) in honor of the Twelve Apostles and Jesus Christ. It also produced American Seung-Hui Cho who killed 32 students and himself at Virginia Tech and American John Wayne Gacy, Jr., who raped and murdered 33 young men and boys in Chicago, Illinois, in the 1970s.

The same Judaism that produced Martin Buber, Emanuel Levinas, or Primo Levi also produced the Stern Gang, Meir Kahane and Baruch Goldstein.

But the knee jerk reaction of blaming Islam and Muslims, in general, or looking for delusional links to "al Qaeda," for the horrific murders at Fort Hood points to something far more fundamental, overdue, and urgent -- namely something of a psychological barrier for Americans to accept the Islamic component of their own society, culture, and history.


Americans are Christians, Jews, Hindus, agnostics, atheists, and anything else in between -- but Americans are also Muslims, millions of them, and Islam has now become integral to what the distinguished American sociologist Robert Bellah termed our "civil religion."

It is only apt that this particular Thanksgiving, Americans think about Eid-ul-Adha, as precious to Muslim-Americans as the occasion that has gathered us all "at the table." Let's make room for Muslims "at the table" because -- to quote Langston Hughes -- they "too, sing America."

Photo of the Day - Eid al-Adha Festival on 4th Day of Hajj

Photo: AFP

Muslims around the world are celebrating the festival of Eid al-Adha, including more than two million pilgrims taking part in annual Hajj rituals in Saudi Arabia.

Pilgrims in the Saudi holy city of Mecca threw stones at three pillars representing Satan, a ritual that began Friday and continues until Sunday. No major incidents were reported Friday, the third day of the pilgrimage.

But on Saturday, Saudi authorities reported that a 70-year old Pakistani man taking part in the Hajj had died of the H1N1 swine flu virus. He is the fifth pilgrim to die of swine flu since the days leading up to the pilgrimage. Experts have warned that swine flu could spread among pilgrims.

Eid al-Adha, or "Festival of Sacrifice," is considered one of the most important days on the Islamic calendar. Muslims mark the festival by slaughtering cattle to commemorate a belief that God gave the prophet Abraham a ram to sacrifice in place of his son.

Virology Lectures

Via -

Each year I teach basic virology to medical, dental, and nursing students here at Columbia University Medical Center. Here are videocasts of my three lectures for 2009: Introduction to Virology I and II, and Viral Pathogenesis.


I just finished the second virology intro video. Dr. Racaniello makes a point to focus on influenza in several sections, which is really cool.

For example, the cell receptor for influenza is sialic acid (SA). During budding, the newly created virons would normally stick to the outside of the cell (again by connecting to SA), but NA is used to counter this connection by stripping SA off the outside of the cell.

Oseltamivir (Tamiflu) and Zanamivir (Relenza) are neuraminidase inhibitors which bind with SA and stop NA from stripping it off, causing the newly created flu viron to stick the the outside of the cell....thus stopping the spread of the virus.

Friday, November 27, 2009

The Most Wanted Taliban Commanders in South Waziristan

Via The Long War Journal -

Pakistani security forces recently detained a mid-level Taliban commander who was wanted by the government.

Abdullah Shah Mehsud, who was number 17 on the list of 20 most-wanted Taliban commanders from South Waziristan, was captured by Pakistani forces in the district of Tank. He is an "active member of Hakeemullah Mehsud Group from Shaktoi village near Razmak" in North Waziristan, the Pakistani military said in a press release. The military paid "head money," a sum of about $120,000, to the informer who turned Abdullah Shah in.


On Nov. 2, the military released a list of 20 most-wanted Taliban leaders. The bounties are to be paid for information leading to the death or capture of the senior leaders of the Movement of the Taliban in Pakistan.


Rewards of $600,000:
1. Hakeemullah Mehsud: The overall leader of the Movement of the Taliban in Pakistan. Considered a dangerous and effective leader, he led Taliban forces in Arakzai, Kurram, and in regions in Khyber and Peshawar before assuming the top job after Baitullah Mehsud, his cousin, was killed in a US Predator strike on Aug. 5.
2. Waliur Rehman Mehsud: The overall commander of the Taliban in South Waziristan. Waliur was competing with Hakeemullah for the top spot in the Movement of the Taliban in Pakistan. He is considered an able commander with strong ties to outside Taliban groups.
3. Qari Hussain Mehsud: The notorious trainer of child suicide bombers and an effective military commander. He is credited with masterminding some of the most deadly suicide strikes in Pakistan.

Rewards of $300,000:

4. Azam Tariq: The chief spokesman for the Movement of the Taliban in Pakistan. His real name is Mohammad Raees Khan Mehsud.
5. Maulvi Azmatullah Mehsud: The military commander of Taliban forces in the Barvand region. Formerly a close aide to Baitullah.
6. Mufti Noor Wali Mehsud: Commander of a Taliban training camp in the Gargaray region.
7. Mufti Noor Saeed: Military commander in South Waziristan.
8. Maulvi Shameem Mehsud: Military commander in South Waziristan.
9. Ameerullah Mehsud: Military commander in South Waziristan.
10. Naseeruddin Mehsud: Military commander in South Waziristan.
11. Shah Faisal Mehsud: Military commander in South Waziristan.
12. Sher Azeem Mehsud: Military commander in South Waziristan.
13. Jaleel Mehsud: Military commander in South Waziristan.
14. Mohammad Ismael Mehsud: Military commander in South Waziristan.

Rewards of $120,000:

15. Asmatullah Bhittani: Military commander in the towns of Jandola and Tank in the district of Tank. He is also known as Shaheen.
16. Arfeshaheen: Military commander in South Waziristan.
17. Abdullah Shah Mehsud: Military commander in the Shaktoi region in South Waziristan.
18. Mohammad Anwar Kandapur: Military commander in the district of Dera Ismail Khan.
19. Maulvi Abdul Wali: Military commander in South Waziristan.
20: Khan Saeed Mehsud: Military commander in South Waziristan.

Russia Destroys 45% of Chemical Weapon Stockpiles

Via RIA Novosti -

Russia has destroyed 45% of its chemical weapon stockpiles one month ahead of a deadline under an international pact, the Foreign Ministry said on Friday.

The ministry said in a statement: "As of November 26, the Russian Federation has completed the destruction of 17,998.205 [metric] tons, or 45.03% of its chemical weapon stockpiles," in line with its obligations under the Chemical Weapons Convention.

The ministry said Russia is committed to destroying its entire declared arsenal (39,966 tons) "within a timeframe established by the Convention."

Russia signed the Chemical Weapons Convention banning the development, production, stockpiling, transfer, and use of chemical arms in 1993, and ratified it in 1997. The country is set to destroy its entire arsenal by 2012.

Russia destroyed 1% of its chemical weapon stockpiles in 2003 and 20% by 2007.

The country has allocated $7.18 billion from the federal budget for the implementation of the program, and has so far built five chemical weapon destruction plants - in Gorny (Saratov Region), Kambarka (Republic of Udmurtia), Nizhny Novgorod, the Maradykovo complex (Kirov Region), and Siberia's Kurgan Region. Another two are under construction.

Western nations pledged at the 2002 Kananaskis G8 summit to help Russia financially and technologically to destroy or convert its chemical weapons and production facilities as part of the Global Partnership against the Proliferation of Weapons and Materials of Mass Destruction.

The United States has contributed over $1 billion for the construction of the Shchuchye facility in the south Urals.

Secret Service Agent Didn't Check White House Dinner Crashing Couple

Via MSNBC News -

A Secret Service employee stationed at the first checkpoint at the White House state dinner last Tuesday did not verify the names of a couple allowed in even though they were not on the guest list, a senior law enforcement official told NBC News on Friday.

The source also confirmed what two White House staff sources earlier told NBC News, that Tareq and Michaele Salahi were not "waved in" or had their names manually entered into the White House computer to gain entry.

The Secret Service, for its part, said Friday that it might begin a criminal investigation against the Virginia couple.

Agency spokesman Jim Mackin said the possible turn toward criminal charges is one reason the Secret Service has kept mum about what happened when the Salahis arrived at the security checkpoint. They were not on the guest list for the dinner honoring Indian Prime Minister Manmohan Singh.

Nobody disputes that the two, candidates for a reality TV show, were allowed through security. The Secret Service acknowledges that its procedures weren't followed.

Still unknown is the story that the uninvited guests spun to the security officers that persuaded them to allow the couple through. That likely would play a role in any criminal charges.

"As this moves closer to a criminal investigation there's less that we can say," Mackin said. "I don't want to jeopardize what could be a criminal investigation. We're not leaving any option off the table at this point."


Any couple involved in the "The Real Housewives of D.C." should be jailed on pure principle anyways, IMO.

Thursday, November 26, 2009

UK Charges Schizophrenic for Refusal to Decrypt Files (Section 53 of RIPA Part III)

Via The Register UK -

The first person jailed under draconian UK police powers that Ministers said were vital to battle terrorism and serious crime has been identified by The Register as a schizophrenic science hobbyist with no previous criminal record.

His crime was a persistent refusal to give counter-terrorism police the keys to decrypt his computer files.

The 33-year-old man, originally from London, is currently held at a secure mental health unit after being sectioned while serving his sentence at Winchester Prison.


His given reason for not cooperating with CTC - the fact that a section 49 notice overrides the right to silence - echoes the original debate over RIPA and encryption. When the law was drafted at the end of the last decade it sparked protests from civil liberties groups and security experts.

In September 2001, shortly after his stint as Home Secretary, when he had introduced RIPA, Jack Straw took to the airwaves to defend the powers.

"It was government trying to put in place increased powers so that we could preserve and sustain our democracy against this new kind of threat," he said in a Radio 4 interview.

"We needed to take powers so that we could de-encrypt commercially encrypted e-mails and other communications. Why? Because we knew that terrorists were going to use this."

News that the first person jailed for the offence of not talking in a police interview has been judged no threat to national security and suffers from a mental condition associated with paranoia and a fear of authorities is unlikely to win RIPA Part III new supporters.


Does that sound like innocent until proven guilty to you?

Couple Slips Though Security to Crash White House State Dinner

Via Yahoo! News -

Crashing a state dinner at the White House apparently takes a security breakdown as well as some kind of nerve.

The Secret Service is looking into its own security procedures after determining that a Virginia couple, Michaele and Tareq Salahi, managed to slip into Tuesday night's state dinner at the White House even though they were not on the guest list, agency spokesman Ed Donovan said.

President Barack Obama was never in any danger because the party crashers went through the same security screening for weapons as the 300-plus people actually invited to the dinner honoring Indian Prime Minister Manmohan Singh, Donovan said.

Donovan confirmed the identities of the couple. The Washington Post, which first reported on their evening out, said the Salahis were well-known in the Virginia horse-country set and were being considered for the Bravo reality TV show "Real Housewives of D.C."

In an interview with the "CBS Early Show" in September, Michaele Salahi said, "President Obama has made it very accessible for anyone to visit the White House, so that's like a big thing right now."

The CBS interview was part of a segment on potential candidates for "Real Housewives of D.C." but never was aired.

The Secret Service learned about the security breach Wednesday after a media inquiry prompted by the Salahis' online boasts about having attended the private event, Donovan said.

One of the many photos from the dinner posted on Michaele Salahi's Facebook page shows the couple with a smiling Vice President Joe Biden. In other photos, they appear alone or together with White House chief of staff Rahm Emanuel, Washington Mayor Adrian Fenty, CBS News anchor Katie Couric, Rep. Ed Royce, R-Calif., and three Marines in their dress blues.

Donovan would not comment on whether the couple had been contacted by the Secret Service, how long they were on the White House grounds or other details of the investigation.

The Post said uninvited guests who got in could face a potential trespassing charge unless someone from inside the White House staff slipped them in.

Donovan would not comment on possible legal violations.

The agency's Office of Professional Responsibility was reviewing what occurred. An initial finding indicated that a checkpoint did not follow proper procedures to ensure the two were on the guest list, Donovan said.

"It's important to note that they went through all the security screenings — the magnetometer screening — just like all the other guests did," Donovan said. And, he added, Obama and others under Secret Service protection had their usual security details with them at the dinner.


Michaele Salahi & Joe Biden

I think the Secret Service has some serious explaining to do. Even invited guest are subject to physical security checks...that isn't the point.

Who are these people and how did uninvited / unknown people get access to the White House (not to mention physical access to the Joe Biden and other high level officials)??

Wednesday, November 25, 2009

McAfee Virtual Criminology Report 2009

Is the age of cyber war at hand? This year, the fifth annual McAfee Virtual Criminology Report contemplates this question and others prompted by the fact that nation-states are arming themselves for the cyberspace battlefield.

Highlights from the McAfee Virtual Criminology Report:
  • The number of reports of cyber attacks and network infiltrations that appear to be linked to nation-states and political goals continue to increase.

  • There is active debate as to when a cyber attack reaches the threshold of damage and disruption to warrant being categorized as cyber warfare.

  • With critical infrastructure as likely targets of cyber attacks, and private company ownership of many of the information systems in these sectors, private companies will likely be caught in the crossfire.

  • The private sector needs to prepare for cyber attacks, and those businesses that can weather the storm better than their competitors could be in a position to gain considerable market share.

Al-Shabaab Recruiters Indicted in Minnesota

Via US Department of Justice (h/t Shimron Letters) -

Terrorism charges have been unsealed today in the District of Minnesota against eight defendants. According to the charging documents, the offenses include providing financial support to those who traveled to Somalia to fight on behalf of al-Shabaab, a designated foreign terrorist organization; attending terrorist training camps operated by al-Shabaab; and fighting on behalf of al-Shabaab.

Thus far, 14 defendants have been charged in the District of Minnesota through indictments or criminal complaints that have been unsealed and brought in connection with an ongoing investigation into the recruitment of persons from U.S. communities to train with or fight on behalf of extremist groups in Somalia. Four of these defendants have previously pleaded guilty and await sentencing.

The charges were announced today by David Kris, Assistant Attorney General for National Security; B. Todd Jones, U.S. Attorney for the District of Minneapolis; and Ralph S. Boelter, Special Agent in Charge of the Minneapolis field office of the Federal Bureau of Investigation.

"The recruitment of young people from Minneapolis and other U.S. communities to fight for extremists in Somalia has been the focus of intense investigation for many months," Assistant Attorney General Kris said. "While the charges unsealed today underscore our progress to date, this investigation is ongoing. Those who sign up to fight or recruit for al-Shabaab’s terror network should be aware that they may well end up as defendants in the United States or casualties of the Somali conflict."

College Swine Flu Rates Drop 37% as Infections Peak

Via -

Swine flu infection rates at U.S. colleges and universities fell 37 percent last week, adding more evidence that the second wave of pandemic flu has peaked.

The drop followed a similar decline a week earlier, according to a survey of 243 college and universities by the American College Health Association. In the latest report, the attack rate decreased to 13.4 cases per 10,000 students from 21.3 cases, the group said in an e-mail today. The proportion of colleges with outbreaks fell to 90 percent from 95 percent.

The Centers for Disease Control and Prevention said on Nov. 20 that H1N1 infection rates had declined in all U.S. populations for the third consecutive week. It was the first sustained drop since children and college students returned to school in August. The next few days may test the retreat as families gather for the Thanksgiving holiday.

“The peak clearly has passed,” said Ira Longini, a University of Washington statistician who advises the U.S. government on flu, in an interview yesterday. “The real question now is have enough children been infected such that they’re immune, and there’s not enough susceptibility to sustain a third wave.”

The H1N1 strain disproportionately attacks children and young adults, according to the Atlanta-based CDC. About 90 percent of deaths occurring among those younger than 64, according to the CDC. By contrast, the majority of deaths from seasonal flu are among people older than 80.


Check out the Virology Blog for more info on this 2nd H1N1 peak..

Dr. Racaniello points out that despite some predictions, there is no evidence from any influenza pandemic that viral mutants of increased virulence in humans have emerged in successive cycles of infection.

Iraq Gov Launches Channel on YouTube

Via BBC -

The Iraq government has followed in the footsteps of the Queen and the Pope and set up its own YouTube channel.

The channel has been set up to promote transparency and allows people to watch speeches and behind-the-scenes footage.

The country's Prime Minister, Nouri al-Maliki, said it was aimed at "people both at home and abroad".

In an opening address on the channel he said it was also an opportunity to show the world what Iraq had been through during the war.

"The government sees in this video technology an opportunity to show our achievements," said Mr al-Maliki.

"The world has not seen what the Iraqi government has been able to achieve in regard to security, economy, politics and building."

He said it was also a "showcase potential investment opportunities" and would be used to show the world the "vigorous war and terror" that Iraq had been through.

Mr al-Maliki said the channel was "one of the methods" that the government would use to "connect with people globally".

However, the first video published on the channel had a key feature disabled, meaning that viewers could not leave comments.

In addition, the web service may be of limited value to many of Iraq's citizens.

The UN estimates that just one in every hundred of the population has access to the internet. It has no figures of the number of people who have broadband subscriptions.

Man Pleads Guilty to Selling Fake Chips to US Navy

Via -

A 32-year-old California man has pleaded guilty to charges that he sold thousands of counterfeit chips to the U.S. Navy.

In a plea agreement reached on Friday, Neil Felahy of Newport Coast, California, pleaded guilty to conspiracy and counterfeit-goods trafficking for his role in an alleged chip-counterfeiting scam that ran between 2007 and 2009. Felahy, his wife Marwah Felahy, and her brother Mustafa Abdul Aljaff operated several microchip brokerage companies that imported chips from Shenzhen, in China's Guangdong province.

They would buy counterfeit chips from China or else take legitimate chips, sand off the brand markings and melt the plastic casings with acid to make them appear to be of higher quality or a different brand, the U.S. Department of Justice said in a press release.

According to court filings, the accused imported more than 13,000 fake chips, worth more than US$140,000. They sold counterfeit Intel, Fujitsu, Via, National Semiconductor and Analog Devices chips, filings state.

The three operated companies under a variety of names including MVP Micro, Red Hat Distributors, Force-One Electronics and Pentagon Components.

The counterfeit chips were allegedly sold to Naval Sea Systems Command, the Washington, D.C., group responsible for maintaining the U.S. Navy's ships and systems, as well as an unnamed vacuum-cleaner manufacturer in the Midwest. The U.S. Department of Defense did not respond to requests for comment about the incident.

Felahy faces up to 51 months in prison and millions of dollars in fines. He is expected to be sentenced next year in U.S. District Court for the District of Columbia. He entered his guilty plea on the condition that charges would be dropped against his wife, but he has agreed to cooperate with the government, which is still pressing charges against his brother-in-law, Aljaff.

New IE 6/7 CSS Exploit Added to Metasploit

Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue.

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.

The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.


exploit coverage for the new IE 6/7 CSS flaw added to metasploit: [ msf> use exploit/windows/browser/ie_style_getelementsbytagname ]


Microsoft Internet Explorer Style getElementsByTagName Memory Corruption
This module exploits a vulnerability in the getElementsByTagName function as implemented within Internet Explorer.

In order to execute code reliably, this module uses the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. This method is used to create shellcode in memory at a known location.

Since the .text segment of the .NET DLL is non-writable, a prefixed code stub is used to copy the payload into a new memory segment and continue execution from there.

Tuesday, November 24, 2009

Eastern Syria Becoming a New Al-Qaeda Haven

Via The Long War Journal -

US intelligence officials are concerned that Syria is becoming an al Qaeda haven, as the terror group becomes increasingly intertwined with Ba’athist groups operating from Iraq's neighbor to the west.

Al Qaeda has refocused its efforts to build an infrastructure in eastern Syria after its network in Iraq was decimated by Iraqi and US security forces from 2007 to 2009, and now the organization is partnering with former Ba’athists from Saddam Hussein’s regime.

"A major concern is that eastern Syria will begin to look like northwestern Pakistan," where al Qaeda has joined forces with the Taliban and directs attacks to destabilize Afghanistan, a senior US military intelligence official told The Long War Journal.

In late 2008, the situation in eastern Syria came to a head when US special operations forces struck at al Qaeda's facilitation network in the town of Sukkariya near Abu Kamal in eastern Syria, just five miles from the Iraqi border. US troops killed Abu Ghadiya, al Qaeda's senior facilitator, and his senior staff during the October 2008 raid.

After Ghadiya was killed, al Qaeda sent a senior ideologue from Pakistan to Syria to partner with a dangerous operative who runs the network that funnels foreign fighters, cash, and weapons into western Iraq. Sheikh Issa al Masri is thought to have entered Syria in June 2009, where he paired up with Abu Khalaf, a senior al Qaeda operative who has been instrumental in reviving al Qaeda in Iraq's network in eastern Syria and directing terror operations in Iraq, a US intelligence official told The Long War Journal.

Sheikh Issa is believed to be based in Damascus and is protected by the Mukhabarat, Syria's secret intelligence service. The two al Qaeda leaders are thought to be behind some of the most deadly attacks in Iraq, including the deadly bombings in Baghdad in August and October that targeted government ministries and killed more than 230 Iraqis and wounded nearly 1,000 more.

The Iraqi government has implicated both al Qaeda and former Ba’athists as being responsible for these suicide attacks. Just one week after the August bombings, the Iraqi government asked Syria to turn over senior Ba'athists Sattam Farhan and Mohammad Younis al Ahmed, who were accused of ordering the attacks.

Al Qaeda claimed responsibility for both the August and the October attacks in statements released on the Internet.

US Army to Conduct Live Hellfire Test From MQ-1C Sky Warrior UAV

Via (Nov 23, 2009) -

The US Army's General Atomics Aeronautical Systems MQ-1C Sky Warrior unmanned aerial vehicle (UAV) is expected to conduct a live-fire test of a Hellfire air-to-ground missile for the first time during a flight scheduled for 22 November, according to a senior army official.

The Sky Warrior Quick Reaction Capability-2 (QRC-2) aircraft will release the laser-guided missile during a test at Naval Air Weapons Station China Lake, California, according to Lieutenant Colonel Kevin Messer, the army's Product Manager for the Medium-Altitude Endurance Product Office at Redstone Arsenal in Huntsville, Alabama.

Sky Warrior QRC-2 UAVs can each carry a total of four Hellfire missiles – two under each wing – but it will likely carry just two missiles and fire only one during the first test, Col Messer said.

The army is starting the Hellfire flight tests with an eye towards the deployment of the first Hellfire-armed QRC-2 Sky Warriors to Iraq or Afghanistan in August 2010. The QRC-2 aircraft package consists of four UAVs and two ground stations.

Lt Col Messer said the army plans to conduct a total of 10 Hellfire missile firings from QRC-2 aircraft during December.


The General Atomics MQ-1C Warrior (also called Sky Warrior by General Atomics) is an Extended-Range Multi-Purpose (ERMP) unmanned aerial vehicle (UAV) under development by General Atomics (GA), funded by United States Army. It is an upgrade of the MQ-1 Predator.

Nozzle: A Defense Against Heap-spraying Code Injection Attacks

Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe applications. In a heap-spraying attack, an attacker coerces an application to allocate many objects containing malicious code in the heap, increasing the success rate of an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms of attack, spraying has been used in many recent security exploits. Spraying is especially effective in web browsers, where the attacker can easily allocate the malicious objects using JavaScript embedded in a web page. In this paper, we describe NOZZLE, a runtime heap-spraying detector. NOZZLE examines individual objects in the heap, interpreting them as code and performing a static analysis on that code to detect malicious intent. To reduce false positives, we aggregate measurements across all heap objects and define a global heap health metric.

SHODAN - Computer Search Engine

SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well.


Talk about a botnet builder....

Clearly, this type of service could be used for very bad purposes. Now the question is, if the community detects malware using this engine automatically....will SHODAN react to minimize this?

Search for servers reporting PHP 5.1.2

Search for server reporting Telnet....

Search for server running FTP on IIS 5.0

There is already some pretty active chatter on Twitter regarding this search engine (#shodan)

Employees Willing To Steal Data

Via Dark Reading -

Employees know it's illegal to steal company data, but they're prepared to do it anyway. Companies know their employees are a chief threat to their data, but most aren't doing much about it.

These are the takeaways from two separate studies published today by security vendors Cyber-Ark and Actimize. Taken together, the studies paint a sobering picture of the state of trust and security within the corporate walls.

In its study, Cyber-Ark surveyed some 600 workers in the financial districts of New York and London and found that most workers are not shy about taking work home -- and keeping it for their own use.

Eighty-five percent of the respondents to the Cyber-Ark survey said they know it is illegal to download company data for personal use, but 41 percent said they already have taken sensitive data with them to a new position. About a third of respondents said they would share sensitive information with friends or family in order to help them land a job.

Almost half of the respondents (48 percent) admitted if they were fired tomorrow they would take company information with them, Cyber-Ark says. Thirty-nine percent of people would download company/competitive information if they got wind that their job were at risk. A quarter of workers said the recession has made them feel less loyal toward their employers.

Of those who plan to take competitive or sensitive corporate data, 64 percent said they would do so "just in case" the data might prove useful or advantageous in the future. Twenty-seven percent said they would use the data to negotiate their new position, while 20 percent plan to use it as a tool in their new job.

Customer and contact lists were the top priority for employees to steal, registering 29 percent of the respondents. Plans and proposals were next (18 percent), with product information bringing up the rear (11 percent). Thirteen percent of savvy thieves said they would take access and password codes so they could get into the network once they've left the company and continue downloading information and accessing data.

English Shell Code Could Make Security Harder

Via -

An anonymous reader writes to tell us that finding malicious code might have just become a little harder. Last week at the ACM Conference on Computer and Communications Security, security researchers Joshua Mason, Sam Small, Fabian Monrose, and Greg MacManus presented a method they developed to generate English shell code [PDF]. Using content from Wikipedia and other public works to train their engine, they convert arbitrary x86 shell code into sentences that read like spam, but are natively executable.
"In this paper we revisit the assumption that shell code need be fundamentally different in structure than non-executable data. Specifically, we elucidate how one can use natural language generation techniques to produce shell code that is superficially similar to English prose. We argue that this new development poses significant challenges for in-line payload-based inspection (and emulation) as a defensive measure, and also highlights the need for designing more efficient techniques for preventing shell code injection attacks altogether."

Monday, November 23, 2009

New Worm Targeting Jailbroken iPhones Can Act Like Botnet

Via BBC -

A second worm to hit the iPhone has been unearthed by security company F-Secure.

It is specifically targeting people in the Netherlands who are using their iPhones for internet banking with Dutch online bank ING.

It redirects the bank's customers to a lookalike site with a log-in screen.

The worm attacks "jail-broken" phones - a modification which enables the user to run non-Apple approved software on their handset.

The handsets at risk also have SSH (secure shell) installed.

Many people use SSH so other programs can remotely connect to an iPhone and, among other things, transfer files. It comes with a default password, "alpine" which should be changed.

Users who have installed SSH and not changed the password are especially at risk.

The new worm is more serious than the first because it can behave like a botnet, warns F-Secure.

This enables the phone to be accessed or controlled remotely without the permission of its owner.

"It's the second iPhone worm ever and the first that's clearly malicious - there's a clear financial motive behind it," F-Secure research director Mikko Hypponen told the BBC.

"It's fairly isolated and specific to Netherlands but it is capable of spreading."

He added although the number of infected phones was thought to be in the hundreds rather than thousands, the worm could jump from phone to phone among owners using the same wi-fi hotspot.

Sunday, November 22, 2009

IE6 and IE7 0-Day Reported


According to VUPEN security:

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the "getElementsByTagName()" method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.

We have not verified this claim, but would like to know if any of our readers have. Please use our contact form to reply, or add your comments below.

Jack wrote to tell us that Symantec has verified the bug:

November 21, 2009 - "A new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future... To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft."


While the bug above doesn't seem to affect IE8, it isn't out of the woods....The Register UK reported this week that IE8 had a bug that allows the exploitition of XSS vulnerabilities in safe websites.

China’s Noisy Nuclear Submarines

Via FAS Strategic Security Blog -

China’s new Jin-class ballistic missile submarine is noisier than the Russian Delta III-class submarines built more than 30 years ago, according to a report produced by the U.S. Navy’s Office of Naval Intelligence (ONI).

The report, which was first posted on the FAS Secrecy News Blog and has since been removed from the ONI web site, is to my knowledge the first official description made public of Chinese and Russian modern nuclear submarine noise levels.

Saturday, November 21, 2009

Islamabad Police Capture 'Ghazi Force' Commander

Via The Long War Journal -

Islamabad police recently captured a senior operational leader in a shadowy Taliban group behind several high-profile attacks in the capital.

Police say the suspect, Jamshed, who is also known as Tahir, is the mastermind of four of the five suicide attacks that took place in Islamabad this year, including the Oct. 5 attack at the World Food Programme office that killed five employees.

Jamshed is a senior commander in a little-known Taliban group called the Ghazi Force. He is said to have scouted the attack on the World Food Programme office and provided the suicide vest to the bomber. Police said Jamshed was involved in the four suicide attacks in Islamabad that have been attributed to the Ghazi Force.

The Ghazi Force is named after Ghazi Abdul Rasheed, the brother of former Red Mosque leader Maulana Abdullah Aziz. Ghazi was killed when Pakistani troops assaulted the Red Mosque in July 2007 after he and his brother led an insurrection in the capital.

The Ghazi Force was founded and is currently led by Maulana Niaz Raheem, a former student at the Red Mosque.

The Ghazi Force runs a terror training camp in Guljo in the district of Hangu, and is also based in the tribal agency of Arakzai. At the Guljo camp, attendees are trained in the making explosives, ambushing military units, and light and heavy weapons usage.

A Taxonomy of Social Networking Data

Via Schneier on Security -

At the Internet Governance Forum in Sharm El Sheikh this week, there was a conversation on social networking data. Someone made the point that there are several different types of data, and it would be useful to separate them. This is my taxonomy of social networking data.
  1. Service data. Service data is the data you need to give to a social networking site in order to use it. It might include your legal name, your age, and your credit card number.
  2. Disclosed data. This is what you post on your own pages: blog entries, photographs, messages, comments, and so on.
  3. Entrusted data. This is what you post on other people's pages. It's basically the same stuff as disclosed data, but the difference is that you don't have control over the data -- someone else does.
  4. Incidental data. Incidental data is data the other people post about you. Again, it's basically same same stuff as disclosed data, but the difference is that 1) you don't have control over it, and 2) you didn't create it in the first place.
  5. Behavioral data. This is data that the site collects about your habits by recording what you do and who you do it with.

Different social networking sites give users different rights for each data type. Some are always private, some can be made private, and some are always public. Some can be edited or deleted -- I know one site that allows entrusted data to be edited or deleted within a 24-hour period -- and some cannot. Some can be viewed and some cannot.

And people should have different rights with respect to each data type. It's clear that people should be allowed to change and delete their disclosed data. It's less clear what rights they have for their entrusted data. And far less clear for their incidental data. If you post pictures of a party with me in them, can I demand you remove those pictures -- or at least blur out my face? And what about behavioral data? It's often a critical part of a social networking site's business model. We often don't mind if they use it to target advertisements, but are probably less sanguine about them selling it to third parties.

As we continue our conversations about what sorts of fundamental rights people have with respect to their data, this taxonomy will be useful.

Proposed Law Seeks To Ban P2P Networks By Federal Workers

Via Dark Reading -

Following a leaked document that disclosed ethics investigations of members of Congress on a file sharing network, the chairman of the House Oversight and Government Affairs Committee has introduced a bill that would ban the use of public peer-to-peer networks by federal employees.

The Secure Federal File Sharing Act, introduced by Rep. Edolphus Towns, D-N.Y., would require the Office of Management and Budget to prohibit the use of P2P software like BitTorrent or Limewire on government computers and networks and to set policies on home use by federal employees who telework or remotely access government networks.

P2P programs are a popular way to share music, movies, and other digital content. Part of the problem is that, when not properly configured, they can also expose personal documents stored on PCs and laptops, making the documents widely available to anyone on the P2P network. (See "Your Data And The P2P Peril.")

Under the bill, in order to use file-sharing networks, an agency head or CIO would have to make a special request to use P2P software. The bill would ban software that accesses P2P networks in which "access is granted freely, without limitation or restriction, or there are little or no security measures in place."

Agencies will have to establish P2P use policies, require that employees and contractors comply with them, and create security mechanisms to detect and remove prohibited software. OMB will be required to inventory P2P use in government and justify every use to Congress.

The possibility of a bill banning federal government use of public P2P networks has been building. The House last year passed a bill that would have required agencies to set security policies around P2P use, but the bill was never passed by the Senate. Towns first called for a ban this summer, after P2P monitoring company Tiversa testified that it discovered the location of a Secret Service safe house for the First Family on Limewire.

In October, Tiversa provided the House Oversight and Government Reform committee with evidence that secret military documents on P2P networks had been downloaded in China and Pakistan and that personally identifiable information on U.S. soldiers was widely available. Earlier this year, Tiversa discovered the electronic schematics of Marine One, the President's helicopter, on computers in Iran, after being leaked over P2P by a defense contractor. Tiversa and others testified to similar findings, including leaks of classified and secret data, in a hearing in 2007.

The risks of file sharing over P2P resurfaced last month when a source provided the Washington Post with a confidential House ethics committee report that had been exposed on a P2P network by a staffer who has since been fired. Late last month, Speaker Nancy Pelosi, D-Calif., and House Minority Leader John Boehner, R-Ohio, ordered a review on Congressional storage of confidential data.

"We can no longer ignore the threat to sensitive government information that insecure peer-to-peer networks pose," Towns said in a statement. "Voluntary self-regulations have failed, so now is the time for Congress to act."


Better late than never....

Helix 3 Pro: First Impressions

Via SANS Computer Forensics -

I have used several versions of Helix over the recent years. I enjoy the tool set and recommend it to forensics colleagues, sysadmins, and even family members.

Quite a substantial ruckus was raised this year when e-fense announced that Helix 3 would no longer be free to download. Instead, would-be users must pay to register as a forum user to get access to Helix 3 Pro updates for a year.

I took the plunge and purchased my forum membership. Here are the first things I noticed:

  • Some of the highlights…
    • The forum allows access to the Helix 3 software the member applies a registration token.
    • After adding the token, I was able to download not only Helix 3 Pro, but also Helix 3, and contributed tools.
    • Helix 3 Pro is really nothing like the 1.8 and 1.9 versions that came before it. Although it still provides a bootable live CD as well as executables that can be run in Windows in Linux, the interfaces for all the modes of use have been made more consistent and seamless. Also, a Mac OS X set of tools have been added.
    • The Helix 3 Pro CD also provides a set of cell phone forensics tools (that I will cover in a follow-on posting).
    • One of e-fense’s goals with the Helix 3 release was to provide a forensics tool that did not touch the host computer in any way. I have not tried to verify this yet, although I intend to do so soon.
  • And the lowlights…
    • On my Dell D630 laptop (and few other systems), the boot process generated a number of errors and — in some cases — would not detect a graphical interface mode correctly, leaving me with an unusable Helix environment.
    • The majority of the tools that made previous versions of Helix useful are just completely gone. This is apparently done so that the Helix Pro 3 image can be trusted. I spoke to a sales representative at e-fense who told me that several customers were using Helix 3 Pro in environments where open source software of questionable origins is, well, frowned upon.
    • Static binaries formerly found on the Helix 1.x CDs are now separate downloads. They are still available through the Helix forums.

This is the first in a series of blog postings I plan to publish on Helix 3 Pro.

Large Hadron Collider (LHC) Back in Business - For Now

Via Discover Magazine (Nov 20, 2009) -

Like many of my colleagues, I’ve been eagerly awaiting word that the LHC has successfully threaded the proton beam around the whole ring. In recent days they have gotten it half way around the 27 km circumference, and within hours, they should be able to circulate it and I assume “capture” it with the RF, which creates stable bunches in the synchrotron. Everything has gone very smoothly to this point, so I expect success shortly!

Once beam has circulated stably in both rings, some time next week the LHC team will attempt to collide protons at the injection energy of 450 GeV (a total center of mass energy of 900 GeV). While this is much less than the Tevatron is colliding presently, it could provide some sorely needed initial data for the detectors to do timing and calibration of the various subsystems. There will even hopefully be a few collision events recorded with clear “dijet” structure – collisions where quarks and/or gluons inside the protons hit head on and effectively bounce sideways into the detector, giving two back-to-back collimated sprays of particles. Pictures of such events will be great to see, at long last!


CERN LHC Links...

Wednesday, November 18, 2009

The Six Greatest Threats to U.S. Cybersecurity

Via -

It’s not a very good day when a security report concludes: Disruptive cyber activities expected to become the norm in future political and military conflicts. But such was the case today as the Government Accountability Office today took yet another critical look at the US federal security systems and found most of them lacking.

From the GAO: “The growing connectivity between information systems, the Internet, and other infrastructures creates opportunities for attackers to disrupt telecommunications, electrical power, and other critical services. As government, private sector, and personal activities continue to move to networked operations, as digital systems add ever more capabilities, as wireless systems become more ubiquitous, and as the design, manufacture, and service of information technology have moved overseas, the threat will continue to grow. “

Within today’s report, the GAO broadly outline the groups and types of individuals considered to be what it called key sources of cyber threats to our nation’s information systems and cyber infrastructures. From the GAO:

Foreign nations: Foreign intelligence services use cyber tools as part of their information gathering and espionage activities. According to the Director of National Intelligence, a growing array of state and nonstate adversaries are increasingly targeting—for exploitation and potential disruption or destruction—information infrastructure, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries.

Criminal groups: There is an increased use of cyber intrusions by criminal groups that attack systems for monetary gain.

Hackers: Hackers sometimes crack into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus, attack tools have become more sophisticated and easier to use.

Hacktivists: Hacktivism refers to politically motivated attacks on publicly accessible Web pages or e-mail servers. These groups and individuals overload e-mail servers and hack into Web sites to send a political message.

Disgruntled insiders:The disgruntled insider, working from within an organization, is a principal source of computer crimes. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a victim system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes contractor personnel.

Terrorists: Terrorists seek to destroy, incapacitate, or exploit critical infrastructures to threaten national security, cause mass casualties, weaken the U.S. economy, and damage public morale and confidence. However, traditional terrorist adversaries of the United States have been less developed in their computer network capabilities than other adversaries. The Central Intelligence Agency believes terrorists will stay focused on traditional attack methods, but it anticipates growing cyber threats as a more technically competent generation enters the ranks.

Maersk Alabama Evades Second Pirate Attack

Via -

The Maersk Alabama, the American-flagged ship captured briefly by pirates in April, came under fire again early Tuesday morning off Somalia's coast, but evaded the attackers.

Four men in a skiff sped within 300 yards of the container ship, firing automatic weapons in an attempt to board it, according to the U.S. Navy's Fifth Fleet. A security team aboard the Alabama fired back and managed to fend off the attack, the Navy said.

The onboard security detail was a private contractor, not a military detachment, according to a Fifth Fleet spokesman. A U.S. P-3 surveillance aircraft established radio communications with the ship's captain Wednesday, and the ship reported all aboard were safe, and the ship was proceeding to its next port of call.

In the attack, the Alabama's crew also took evasive maneuvers and used a new technique to repel pirates: deploying a so-called long-range acoustic device, which emits high-pitched sounds painful to the human ear.

Speaking by phone from Xaradheere, a pirate stronghold in Somalia, a Somali claiming to represent the pirates said the U.S.-flagged vessel narrowly escaped capture. His account matched details provided by U.S. and European military officials, lending credence to his claims of speaking for the pirates.

"We have attacked a ship with an American flag -- we tried to throw our ladders for climbing (but) it sped and (has) gone away," said Abdullahi Nor, who identified himself as a pirate spokesman.

"It narrowly escaped and opened fire on us," Mr. Nor said. "One of our colleagues was injured in the attack," he said. Mr. Nor said he had spoken to the would-be hijackers by satellite phone.

A vessel from the European Union Naval Force Somalia, a mission set up to fight piracy, was dispatched in an attempt to track down the skiff.

The U.S. Navy said that the Maersk Alabama is en route to Mombasa, Kenya, its original destination. It's expected to arrive early Sunday morning.

Tuesday, November 17, 2009

Metasploit Framework 3.3 Released!

Via Metasploit Blog -

We are excited to announce the immediate availability of version 3.3 of the Metasploit Framework. This release includes 446 exploits, 216 auxiliary modules, and hundreds of payloads, including an in-memory VNC service and the Meterpreter. In addition, the Windows payloads now support NX, DEP, IPv6, and the Windows 7 platform. More than 180 bugs were fixed since last year’s release of version 3.2, making this one of the more well-tested releases yet.

Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the Apple® iPhone™. Installers are available for the Windows and Linux platforms, bundling all dependencies into a single package for ease of installation. The latest version of the Metasploit Framework, as well as images, video demonstrations, documentation and installation instructions for many platforms, can be found online at

This release of the Metasploit Framework was driven by numerous key contributors, including James Lee, Yoann Guillot, Steve Tornio, MC, Chris Gates, Alexander Kornbrust, Ramon Carvalle, Stephen Fewer, Ryan Linn, Lurene Grenier, Mike Kershaw, Patrick Webster, Max Moser, Efrain Torres, Alexander Sotirov, Ty Bodell, Joshua Drake, JR, Carlos Perez, Kris Katterjohn and many others.

Monday, November 16, 2009

New IAEA Report on Iran Raises Suspicions

Via The Guardian UK -

The United Nations nuclear watchdog has expressed fears that Iran may have other secret nuclear sites following the discovery of the facility hidden in a mountain near the holy city of Qom.

The International Atomic Energy Agency, in a report published today, said the previously secret site at Fordo was in "an advanced state of construction" and was scheduled to start up in 2011.

The IAEA reprimanded Iran for failing to inform it until September about the site, even though construction had begun at least two years ago.

In a more pointed criticism of Iran than usual, the IAEA says the delay "reduces the level of confidence in the absence of other nuclear facilities under construction and gives rise to questions about whether there were any other nuclear facilities not declared to the agency".

The expression of concern comes at a sensitive moment, with no sign of a peace deal between Iran and the US, backed by Britain, France and Germany. Iran has not yet formally replied to a compromise offered by Barack Obama, who said at the weekend that time was running out.

The IAEA sent inspectors to the Fordo site late last month but today indicated it is to seek clarification on several issues, in particular how long the Fordo site had been planned.

The report said that technicians had moved sophisticated technical equipment into the uranium enrichment facility situated deep inside the mountain. An IAEA official said the facility was designed to produce about a ton of enriched uranium a year, enough for a small warhead.

The report quotes Iran insisting it "did not have any other nuclear facilities that were currently under construction or in operation that had not yet been declared to the agency".

Iran claims it is only intent on using nuclear energy to help meet its electricity needs.

The report is the last by the controversial head of the IAEA, Mohamed ElBaradei, who has been accused by the US of being too soft on Iran. In contrast with the concern expressed in the report, ElBaradei only last week, in an interview with the New York Times, played down the significance of the previously undisclosed site, saying it was "nothing to worry about".

The report may reflect the thinking of the IAEA's inspectors and ElBaradei's political staff, who have tended to be more sceptical about Iran's intentions than their chief.

The US, along with Britain, France and Germany, claims that discovery of the Fordo site puts Iran in breach of its international treaty obligations. Although Iran reported its existence to the IAEA in September, the US said this was to pre-empt an announcement exposing the site.

Iran said work on the site only began in 2007 but the US said it started in 2002-04 and, after a pause, resumed in 2006.

The IAEA reprimanded Iran, saying its "failure to notify the agency of the new facility until September 2009 was inconsistent with its obligations".

Israel has threatened military strikes against Iran's nuclear facilities to prevent it acquiring a nuclear weapons capability.

The report said it was concern about just such an attack that prompted Iran to build the facility inside the mountain, according to a letter from Iran to the IAEA on 28 October. "As a result of the augmentation of the threats of military attacks against Iran, the Islamic Republic of Iran decided to establish contingency centres for various organisations and activities," the report said.

The Federation of American Scientists, which tracks nuclear proliferation, said today: "Of course, there is the question of whether Fordo is simply the only 'secret' facility that we know about. The danger is that there are other facilities that can escape safeguards because the IAEA does not know about them."

It added: "The good news in this story is that the facility is now known and the IAEA kicked in exactly as it should."


This article on DEKAFile was published on Nov 13th and quoted sources close to the IAEA...raising suspicions on the purpose of the planet due to its limited production capability.

DEKAFIle also states that the new report has a section on Syria as well....
With regard to Syria, IAEA inspectors are to visit Damascus on Tuesday, Nov. 17, for clarifications of the conflicting explanations Syria has offered for uranium traces. They will also insist on making return visits to three military sites which Damascus has so far refused, following information received by the agency of clandestine "nuclear activity" there. DEBKAfile's intelligence sources reveal that Israel hit one of three at the same time as its air force bombed the unfinished plutonium plant at Dair Alzour in 2007, although this was never admitted by Israel or Syria.

The 2009 Leonid Meteor Shower

Via ABC News -

This is one of those nights when you come to appreciate how nice it is to live on earth.

Right now it is passing through the trail of debris left by a passing comet called Tempel-Tuttle. Every year at this time it happens -- with tons of ice and rock vaporizing in the earth's protective atmosphere.

The result is the Leonid Meteor Shower, often a pleasant show for connoisseurs of things celestial. The best time to watch is between midnight and dawn. If you happen to be in a place with dark, clear skies, you may see 20 to 30 shooting stars an hour -- and maybe, if luck is with you, many more.

"Meteor showers are now very predictible," said Bill Cooke of NASA's Marshall Space Flight Center, who's worked to create complex computer models of the behavior of comets and the material that escapes from them. "Since the mid-1990s computers have advanced enough that we can now forecast their strength with pretty good accuracy. Forcasters put millions of particles into their models."

This year's Leonid meteor shower peaks on Tuesday, Nov. 17th. If forecasters are correct, the shower should produce a mild but pretty sprinkling of meteors over North America followed by a more intense outburst over Asia. The phase of the Moon will be new, setting the stage for what could be one of the best Leonid showers in years.

"We're predicting 20 to 30 meteors per hour over the Americas, and as many as 200 to 300 per hour over Asia," says Bill Cooke of NASA's Meteoroid Environment Office. "Our forecast is in good accord with independent theoretical work by other astronomers."

Random Hacks of Kindness

It is an initiative that brings together disaster relief experts and software engineers to work on identifying key challenges to disaster relief and developing solutions to these critical issues. These codejams are a series of Random Hacks of Kindness (RHoK) events that will bring the best and brightest together for a "give camp" to solve real world-problems related to Crisis/Disaster Relief.

Microsoft, Google, Yahoo, SecondMuse, NASA and the World Bank are founding sponsors.