Sunday, May 31, 2009

Mexico Seizes Five Members of La Familia Cartel

Via BBC -

Mexican police have arrested five alleged members of one of the country's most powerful drugs cartels.

Authorities say the five belong to the La Familia cartel, which controls drugs trafficking in the state of Michoacan.

They were arrested in a raid on a restaurant in a Pacific coastal town in the southern state of Guerrero.

The arrests come three days after 27 officials, including 10 mayors, from Michoacan were arrested for alleged links to La Familia.

The cartel infiltrating local police "above all" police spokesman Rodolfo Cruz Lopez told the AFP news agency.

"It is also starting to permeate higher levels."

Mexico's security ministry said the latest raid took place in the small town of Petacalco, which authorities say is a strategic drugs trafficking site being close to the Pacific ports of Lazaro Cardenas and Zihuatanejo.

---------------------------------------

According to this October 2007 CRS Report for Congress titled "Mexico's Drug Cartels"....
The Zetas also trained the Michoacán-based "La Familia" enforcer gang which has carried out numerous executions in that state. The Familia maintains close ties to the Zetas, but are a smaller entity.

Red Cross Alarmed by Situation in Pakistani War Zone

Via VOA News -

Red Cross officials have completed their first assessment of the humanitarian needs of people in Pakistan's Swat Valley, where they say the situation is alarming.

The International Committee of the Red Cross stated Sunday that it is gravely concerned about the plight of civilians in Swat, where the Pakistani military is waging war against Taliban fighters.

Red Cross worker Daniel O'Malley said people have been blocked in the battleground for weeks. He said food is scarce, and that there is no running water, electricity or fuel for generators.

O'Malley led the Red Cross team on its first visit to Swat since the army began its offensive there last month.


Pakistani Defense Secretary Syed Athar Ali said Sunday the offensive could be over within two or three days.

The military launched the offensive in the Swat Valley and surrounding districts last month after militants violated a peace deal by advancing close to the capital, Islamabad.

The United Nations says more than 2.5 million people have fled their homes since the fighting began.

Meanwhile, Pakistani intelligence officials said Sunday the military has killed at least 40 Taliban militants along the Afghan border. The officials said at least two government soldiers died in the fighting in South Waziristan.

Roxana Saberi Forced into False Spy Confession

Via VOA News -

U.S. journalist Roxana Saberi is back home after an Iranian appeals court May 11 cut her prison sentence to a suspended two-year term. Saberi had been held in Tehran's Evin prison since January after she was arrested for working in Iran without valid press credentials. She was later accused of spying and convicted in a closed-door trial that her father said lasted less than an hour. Saberi, who gave Voice of America an exclusive Farsi interview, talked about the ordeal in a TV broadcast to Iran over the Persian News Network.

Since Iran's 1979 Islamic revolution, human rights organizations and foreign governments have accused Iran of holding, and in some cases, mistreating political prisoners. Iran denies the practice.

Saberi said she was released only after she falsely confessed that she was a US spy. "They promise to release you if you confess. One thing they do is they record the confession and they video recorded my confession," Saberi said. "Now I want to say here that if one day they decide to show that video, it's all a lie," she said.

Saberi said she was not physically tortured in the prison but she was always under tremendous mental pressure.

"At first I was in solitary for two weeks," she explained. "Then they transferred me to a jail with three, four other women who changed constantly. But they were all political prisoners in ward 209 of the prison," she said.

Saturday, May 30, 2009

Pakistan Army Regains Control of Mingora in Swat Valley

Via BBC -

The Pakistani army says it is preparing to flush "hardcore" Taliban rebels out of the Swat valley after regaining control of the main city, Mingora.

"We are going after the leadership and we are going to take care of all the militants in the valley," spokesman Maj Gen Athar Abbas told the BBC.

Clashes continued outside Mingora but its centre was under control, he said.

Essential services were being restored to the city, he added, which was home to 300,000 people before the fighting.

Doctors had arrived to re-open the main hospital, gas had been restored and mobile generators would help restore the water system, the general said.

But he suggested it would take at least two weeks to restore the electricity network. Local defence committees would be set up eventually to stop militants returning, he added.

With journalists barred from the area, it is impossible to verify the situation in the city independently.

Some 2.5 million people have fled their homes since military operations began in Swat more than a month ago.

"We have been able to block the major routes and the entries, exit points of the valley," said Gen Abbas.

"So we are in a better position to flush out, to eliminate the main militants, the hardcore militants of the valley."

Troops now have Charbagh, a Taliban stronghold 32km (20 miles) north of the valley, in their sights, the BBC's Humphrey Hawksley reports.

xkcd - Know Your Vines



--------------------------

http://xkcd.com/443/

Hard Drive Lost By National Archives Contained SSNs

Via DarkReading.com -

When the National Archives lost a hard drive containing records from the Clinton administration, they also realised more than 100,000 social security numbers were missing.

The 2TB Western Digital MY BOOK external hard drive was found to be missing from the National Archive's complex in College Park, Maryland, on March 24th.

According to congressional officials, it contains political records, logs of social events and other gatherings, information about Secret Service and White House operating procedures and the names, phone numbers and Social Security numbers of White House staff members and visitors.

One of the individuals who has had her social security number potentially exposed? Former Vice President Al Gore's daughter.

Embarrassingly for the Archives, they acknowledge that at least 100 people had access to the area where the hard drive was left unsecured, including janitors and visitors.

And now, the administration is offering a reward of up to $50,000 for information leading to the return of the missing drive. Hmm. $50,000 for 100,000 social security numbers? My gut feeling is that if the data fell into the wrong hands that it could be a worth a lot more than that.

There would be a lot fewer red faces if proper full disk encryption had been used on the drive - meaning that even if lost or stolen, no-one would have been able to make any sense of the contents of the drive.

More and more organizations are recognizing the need for proper encryption security on their disk media in case devices are accidentally lost or deliberately stolen - one would hope that this was a lesson that the body charged with handling some of the most sensitive secrets of past presidencies would also learn.

Those with information about the missing hard disk are invited to call the Secret Service at 202-406-8800.

-----------------------------

Check out my May 20th blog entry for more background information....

Identity Theft Ring Busted in New York

Via SC Magazine -

Using financial information purchased from crooked bank insiders, a ring of thieves compromised the checking accounts of nearly 350 New York-based corporations, religious institutions, hospitals and schools, as well as city and state government agencies, to steal millions of dollars, prosecutors said this week.

In an indictment unsealed Wednesday, the District Attorney's office charged 18 people, including alleged ringleaders Jasper Grayson, 25, and James Malloy, 26.

All were said to have been involved in operating an identity theft and bank fraud scheme that cashed more than a thousand counterfeit payroll checks, which were created to look exactly like those for the accounts of the victims, Manhattan District Attorney Robert Morgenthau said.

The defendants, according to the indictment, used information obtained from bank employees, often tellers, who had access to bank computer systems and to checks processed during legitimate customer transactions. The purloined information included names, Social Security numbers, account numbers and account balances of nearly 500 identity theft victims.

The gang recruited “soldiers” who were named as payees on the counterfeit checks, which had been forged using specialized computer software, scanners, printers, check stock, magnetic ink and company logos found on the internet, authorities said. The soldiers would go to various bank branches to cash or deposit the checks – and funds from the deposits were quickly withdrawn.

The money was split among the participants, with ringleaders Grayson and Malloy getting the largest share, prosecutors said.

“The investigation continues into additional bank employees working at different banks in Manhattan who are known to have compromised customers' accounts and made unauthorized money transfers under the direction of members of this group of defendants,” Morgenthau said in a statement announcing the indictments.

Palestinian Terrorist Flees Iraq to Lebanon, FBI Confirms

Via AP News -

A master bomb maker who once targeted commercial airliners and was suspected of aiding the Iraq insurgency has fled to Lebanon, an FBI official has confirmed.

There is information that 73-year-old Abu Ibrahim was reportedly in Tripoli, a city in northwest Lebanon, the official said earlier this week. The official spoke on the condition of anonymity because the investigation continues.

The Palestinian terrorist is accused of bombings in the 1980s. He was indicted in the 1982 bombing of Pan Am Flight 830. The explosion killed a 16-year-old boy and wounded more than a dozen passengers as the plane headed to Honolulu from Tokyo.

The FBI has been looking to catch Ibrahim for decades and has recently increased its efforts to arrest him. In April, an FBI committee recommended Ibrahim be placed on agency's list of most wanted terrorists.

The FBI is also trying to tap a State Department reward program to boost the bounty for his capture to millions of dollars. Ibrahim's real name is Husayn al-Umari.

Ibrahim has remained out of reach for decades while living in Baghdad. With the help of the Iraqi Intelligence Service, Ibrahim ran a feared terrorist organization called "15 May," according to federal court documents and terrorism experts. The group is named for the date Israel was founded.

Ibrahim, a devout Sunni who was born in Tripoli, is suspected of carrying out more than two dozen attacks on mainly American, Israeli and Jewish targets in a career that spans decades.

The Iraqi government also used him to conduct terrorism operations against Syria and Iran. In his book, former CIA spy master Duane R. Clarridge wrote that Ibrahim had a "talent for constructing ingenious machines of death, such as refrigerator trucks whose cooling pipes were filled with liquid explosives."

He's accused of training a slew of operatives in the art of bomb making whose expertise metastasized across the Middle East, including Mohammed Rashed and Abu Zyad. Rashed is behind bars at the Supermax maximum-security prison in Florence, Colo. He's scheduled to be released in less than four years.

Some still remain unaccounted for, like Zyad.

Zyad, 60, was born in the West Bank city of Bethlehem. He assisted Ibrahim in Baghdad in the early 1980s, according to CIA investigative notes obtained by The Associated Press. The notes say Zyad lived in Sudan for two years before leaving for Algiers, Algeria, in 1989. His current whereabouts are unknown.

A former senior CIA official who was stationed in Baghdad after the Iraqi invasion in 2003 said there were serious suspicions that Ibrahim had helped the insurgency.

The official said Ibrahim had recently slipped into Lebanon through Syria after coalition forces began to increase efforts to drive insurgents out of the Mosul area and the Saladin Province in Iraq, where Ibrahim had been operating.

The former CIA official, who spoke on the condition of anonymity because he still works in the Middle East, said that Ibrahim had also gone to Tripoli. Ibrahim's second wife, Selma, is from Tripoli.

"He's got a lot of resources there," the official said.

Ibrahim's family also has connections to the Badawi Palestinian refugee camp on the northern fringes of Tripoli, according to the CIA notes.

The U.S. does not have an extradition treaty with Lebanon.

Venezuela Reports First Swine Flu Case

Via physorg.com -

Venezuela's health ministry is reporting the country's first swine flu case: a 22-year-old man who arrived on a flight from Panama earlier this week.

The ministry says the man is receiving the proper treatment and has been temporarily confined to his home. Officials did not identify him.

The flu victim arrived on a Copa Airlines flight from Panama late Monday. Ministry officials say the other 79 passengers on the flight are being contacted to determine their condition.

The ministry also announced on Thursday that six other people who had close contact with the patient are being closely monitored.

--------------------------

It will be interesting to see what happens in the Southern Hemisphere in the coming months. They are heading into winter, which naturally brings the highest peaks of influenza activity.

Friday, May 29, 2009

Toy Emissions (My Friends All Drive Porsches)

Toy Emissions (My friends all drive Porsches) from HeHe on Vimeo.

----------------

http://eyebeam.org/research/urban-research

A consistent thread through work produced at Eyebeam has been Urban Research and Urban Interventions. As a result The Urban Research Group was created to engage in a discussion on the functions of public space, demonstrate new forms of urban communication, and develop innovative street art that identifies and exploits pre-existing structures, systems and public infrastructure of the city.

FBI Hit By Virus Planned in Malicious E-mail Attachments

Via ComputerWorld -

A virus has reportedly disrupted Web-based e-mail services at the FBI.

The FBI confirmed today that it had been forced to shut down its Internet-facing unclassified network, but disputed a report that the incident had left the agency unable to e-mail counterparts in other intelligence and law enforcement agencies.

"The external, unclassified network was shut down by the FBI as a precautionary measure," the FBI said in a statement. "Within 48 hours of identifying the issue and mitigating risks, e-mail traffic was largely restored to the external, unclassified network."

FBI agents can send e-mail on the agency's more secure internal network or via BlackBerry, but many use this unclassified network to send messages via a Web-based e-mail system, said a source familiar with the situation. That webmail service was down throughout the week and continued to be unavailable for some users, the source said.

"We can e-mail to anyone ... and [we] have Internet access. We also have a secure e-mail system that connects all 400+ offices around the country and 60 offices overseas," FBI spokesman Paul Bresson said in an e-mail message.

The FBI did not provide details on the security incident, but it looks as though hackers may have used maliciously encoded file attachments to hack into the network. In its statement, the FBI said it was now blocking users from sending or receiving attachments on the unclassified network "to give our technicians time to scan all the attachments that came into the e-mail system to make sure we have identified and mitigated all threats to the network."

Malicious attachments are a constant security threat for computer users.

----------------

Yesterday, I blogged about a possible virus attack against the FBI...this is most likely the same incident.

Anti-U.S. Hackers Infiltrate Army Servers

Via InformationWeek -

A known computer hacking clan with anti-American leanings has successfully broken into at least two sensitive Web servers maintained by the U.S. Army, InformationWeek has learned exclusively.

Department of Defense and other investigators are currently probing the breaches, which have not been publicly disclosed.

he hackers, who collectively go by the name "m0sted" and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in McAlester, Okla., and at the U.S. Army Corps of Engineers' Transatlantic Center in Winchester, Va.

The breach at the McAlester munitions plant occurred on Jan. 26, according to records of the investigation obtained by InformationWeek. On that date, Web users attempting to access the plant's site were redirected to a Web page that featured a protest against climate change.

On Sept. 19, 2007, the same hackers electronically broke into Army Corps of Engineers' servers. That hack sent Web users to www.m0sted.net. The page, at the time, contained anti-American and anti-Israeli rhetoric and images, records show. It currently appears to be an Internet landing spot that features airline reservation links.

Beyond the redirects, it's not clear whether the group was able to obtain sensitive information from the Army's servers.

The hacks are the subject of an ongoing criminal investigation by Defense Department officials and members of the U.S. Army's Judge Advocate General's Office and Computer Emergency Response Team. Investigators have executed records search warrants against Microsoft, Yahoo, Google, and other Internet service and e-mail providers as part of their efforts to unmask the hackers' true identities.

Investigators believe the hackers used a technique called SQL injection to exploit a security vulnerability in Microsoft's SQL Server database to gain entry to the Web servers. "m0sted" is known to have carried out similar attacks on a number of other Web sites in the past -- including against a site maintained by Internet security company Kaspersky Lab.

The hacks are troubling in that they appear to have rendered useless supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches. The department and its branches spend millions of dollars each year on pricey security and antivirus software and employ legions of experts to deploy and manage the tools.

Equally troubling is the fact that the hacks appear to have originated outside the United States. Turkey is known to harbor significant elements of the al-Qaida network. It was not clear if "m0sted" has links to the terrorist group.

Defense Department officials did not immediately return calls seeking comment on the case.

Twin Cities Man Pleads to Helping Al-Qaida

Via twincities.com -

A terror suspect arrested in the Twin Cities and held in solitary confinement for more than five years pleaded guilty Wednesday to conspiring to provide support and resources to al-Qaida.

Mohammed Abdullah Warsame's guilty plea, announced by U.S. Attorney Frank Magill Jr., comes about two weeks after Warsame's attorneys asked for his release while awaiting trial on charges that also included lying to the FBI.

As part of a plea agreement, Warsame, 35, a naturalized Canadian citizen of Somali descent, admitted to a single count of conspiring to support al-Qaida. Under the agreement, the other charges will be dismissed.

Warsame remains in federal custody. It wasn't immediately clear whether he will be released or be required to serve more time after his July 9 sentencing.

His lead attorney, David Thomas, and Peter Erlinder, a William Mitchell College of Law professor helping the defense, did not immediately return phone calls seeking comment Wednesday.

Warsame faces a statutory maximum sentence of 15 years in prison and a $250,000 fine. However, federal sentencing guidelines often result in lighter sentences. The U.S. attorney's office said Warsame agreed to be deported to Canada after he serves his sentence.

Authorities have said that before Warsame settled in Minneapolis, he spent time in Afghanistan, meeting Osama bin Laden, fighting with the Taliban and teaching English to members of al-Qaida.

Warsame stressed to the FBI agents that he had not intended to travel to Afghanistan to attend a training camp but ended up enrolling in such a camp in Kabul. During the months-long camp, he "engaged in a variety of military training."

Warsame told investigators he saw bin Laden on several occasions and even sat next to him "on the floor" for a meal.

"The defendant stated that bin Laden was very inspirational," according to court documents, which also stated that Warsame knew bin Laden was a fugitive sought by several governments in connection with alleged terrorist attacks.

Warsame said that after two months in the second camp, he traveled to an al-Qaida guesthouse near Kandahar. While there, he worked as a guard and taught English.

By early 2001, Warsame told a senior al-Qaida official in Kandahar of his plans to remain in Afghanistan and that he needed money to send for his wife and daughter, still living in Minneapolis. But the official told Warsame to return to North America and provided $1,700 for his travel, prosecutors said Monday.

He returned to Toronto in April 2001 and joined his family in the Twin Cities in 2002 and began school. But authorities say he has kept in touch with fellow camp attendees and even wired money to them through a bank account in Pakistan.

Under the plea agreement, Warsame admitted to conspiring with others to provide al-Qaida with personnel, training and currency starting in March 2000.

Warsame has been in custody since Dec. 8, 2003. He was first held as a material witness, then indicted six weeks later.

North Korea Warns South of Military Strike, No Longer Bound by 1953 Truce

Via debka.com -

Pyongyang announced early Wednesday, May 27, that its withdrawal from the truce that ended the Korean War in 1953 means that "the Korean peninsulas will go back to a state of war." Thousands of US troops are deployed in the buffer zone since the war ended.

US spy planes reported that the plutonium separation plant at Yongbyon had been reactivated.

North Korea repeated that Seoul's decision to joint the US-led Proliferation Security Initiative was tantamount to a declaration of war. "Any hostile acts against our republic, including the stopping and searching of our peaceful vessels... will face an immediate and strong military strike in response," the North Korean statement said from the North's military representative at the border truce village of Panmunjom.

Firing another short-range missile in Japan's direction, its sixth since conducting a nuclear test Monday, Pyongyang said it could not guarantee the safety of shipping off its west coast. The test was unanimously condemned by the UN Security Council.

The White House then announced that US president Barack Obama and South Korean president Lee Myung-bak and Japanese prime minister Taro Aso had agreed to work together to support the Security Council resolution with concrete measures to curtail North Korea's nuclear and missile activities. To Aso, the US president pledged "unequivocal commitment to the defense of Japan and to maintaining peace and

Monday, DEBKAfile's military sources disclosed that North Korea and Iran are closely and secretly coordinated on their military nuclear programs.

Most of the missile guidance technology which gave the long-range Seijl 2 surface missile tested by Iran Wednesday, May 20, its bull's-eye accuracy came from Pyongyang. Iran's long-range missile test was carried out less than a month after North Korea's own internationally condemned missile test launch on April 5. Tehran may therefore be expected to be not far behind its nuclear partner in conducting its own first nuclear test.

Not surprisingly, therefore, Iran's president Mahmoud Ahmadinejad ruled out negotiations on its nuclear program.

U.S. Treasury Designates 'Abd Al Menhem Qubaysi' As Global Terrorist Group

Via NEFA Foundation -

U.S. Treasury Department Press Release: Specially Designated Global Terrorist
(Added 5/29/09)

In designating Abd Al Menhem Qubaysi, the U.S. Treasury Department stated that "Qubaysi is a Cote d'Ivoire-based Hizballah supporter and is the personal representative of Hizballah Secretary General Hassan Nasrallah. Qubaysi communicates with Hizballah leaders and has hosted senior Hizballah officials traveling to Cote d'Ivoire and other parts of Africa to raise money for Hizballah. Qubaysi plays a visible role in Hizballah activities in Cote d'Ivoire, including speaking at Hizballah fundraising events and sponsoring meetings with high-ranking members of the terrorist organization. Qubaysi also helped establish an official Hizballah foundation in Cote d'Ivoire which has been used to recruit new members for Hizballah's military ranks in Lebanon."

At the same time, Treasury designated Kassim Tajideen, identifying him as "an important financial contributor to Hizballah who operates a network of businesses in Lebanon and Africa. He has contributed tens of millions of dollars to Hizballah and has sent funds to Hizballah through his brother, a Hizballah commander in Lebanon. In addition, Kassim Tajideen and his brothers run cover companies for Hizballah in Africa. In 2003, Tajideen was arrested in Belgium in connection with fraud, money laundering, and diamond smuggling."

------------------------

More information can be found over on the Counterterrorism Blog.

North Korea Fires Another Short-Range Missile Off East Coast

Via Yonhap News (Korea) -

SEOUL, May 29 (Yonhap) -- North Korea has launched a short-range missile from its Musudan-ri rocket launch site on the country's east coast, a South Korean government official said Friday.

"What the North has launched this time appears to be different from what it had launched (previously)," the official said. "It is a new type of a land-to-air missile," the official said.

North Korea launched the missile, with an estimated range of 160 km, into the East Sea at around 6:12 p.m., according to the official.

The North has been firing a series of missiles since Monday, when it said it successfully conducted its second nuclear test.

--------------------

This is the sixth short-range missile North Korea has test-fired since Monday's nuclear test.

Western and South Korean sources put the yield of Monday's North Korean nuclear test at four or less kilotons - far below the 10 to 20 kiloton yield estimate given by the Russian defense ministry.

According to FoxNews....
U.S. officials say there are new signs North Korea may be planning even more missile launches... there are indications of increased activity at a site used to fire long-range missiles.

The Taliban's Continued Foreign Support

Via CT Blog -

Little noticed in the discussion of the Pakistan/Afghanistan Taliban issues are the points raised recently by Gen. David Petraeus about the continued use of charities and other external support for the radical Islamist group.

While there has been considerable attention paid to the revenue generated from opium trafficking in the Taliban's financial structure, little has been relatively little attention paid to the continuing role of charities in skimming off money that benefits the Taliban and others.

"You have funds generated locally, funds that come in from the outside, and funds that come from the illegal narcotics business," he said. "It's a hotly debated topic as to which is the most significant and it may be that they are all roughly around the same level."

Gen. Petraeus estimated that the Taliban raise a total of "hundreds and hundreds of millions of dollars" each year from the three sources, and said the U.S. doesn't have precise figures.

Charities, as we learned right after 9/11 are not only valuable for the money they can raise and distribute virtually undetected, but for the identification cards and travel facilities they offer radical operatives to move around with official cover.

(This was shown by both the Benevolence International trial and the recent Holy Land Foundation trial, where principals received stiff sentences because of their charitable support for Hamas.) My full blog is here.

Kismet-Newcore - Kismet-2009-05-RC2 Released

http://www.kismetwireless.net/

Wed May 29 2009 - In a moment of short-lived glory, Kismet-2009-05-RC2 is now out, again on the download page. Downloads for RC1 have been redirected to RC2. 2009-05-RC2 fixes a 1-character bug which led to corrupted logfile names and bad kismet_server launching.

Giant Laser Reactor Unveiled in California

Via FoxNews.com -

Dignitaries and top scientists gathered near San Francisco Friday for the formal opening of a massive new facility that they hope will accomplish what was once thought impossible — nuclear fusion, the Holy Grail of energy sources.

The National Ignition Facility at Lawrence Livermore National Laboratory will focus 192 laser beams on a hydrogen pellet the size of a bead, heating it to incredible temperatures in an attempt to recreate the power of the sun.

California Gov. Arnold Schwarzenegger, Sen. Dianne Feinstein and Energy Secretary Steven Chu were scheduled to appear at the ceremony, which began at 10:30 a.m. PDT.

Nuclear fusion would create huge amounts of energy from tiny amounts of fuel. It would produce far less radioactive waste than conventional nuclear reactors. But it takes huge amounts of energy to trigger, and so far humans have managed to do so only by detonating atomic bombs.

"We have this big ball, right?" Ed Moses, program director of the National Ignition Facility, explained to Fox News. "And we hold our little targets inside of there, and the light focuses on there, and that's where all the action happens."

The "action" aims to trigger a tiny thermonuclear explosion inside the huge target chamber, a blast sparked by the lasers, which bounce off a series of lenses and mirrors, intensifying and multiplying with each pass.

"Pretty soon you have a lot of 'em," says Moses, "and we have enough energy to drive our targets, to a point where they get to over 100 million degrees and it's a pretty warm day."

Eventually turning ultraviolet, the beams push a million miles an hour toward the tiny hydrogen-fuel pellet in the center.

The resulting burst of energy should be so powerful, it could light up the entire country — but for only a split second.

Nuclear fusion has never been achieved on Earth, and critics argue the facility's $3.5 billion price tag is a waste of taxpayer money.

"We don't need this machine to solve our energy problems," says Dr. Arjun Makhijani of the Institute for Energy and Environment Research in Takoma Park, Md. "The main thing the National Ignition Facility has accomplished so far is to burn a hole in the taxpayers' pocketbook."

[...]

But researchers here are confident their efforts will pay off — and be the game changer for meeting the world's energy needs.

"It would change how we look at global warming. It would change pollution," says Moses. "It would change all of those things. This is a small investment for that great payback."

Already, the NIF has produced 25 times more energy than any other laser system — even enough to power 10,000 light bulbs for a second.

Serious ignition experiments are due to begin next year.

Microsoft Update Quietly Installs Firefox Extension

Via WashingtonPost -

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser.

Earlier this year, Microsoft shipped a bundle of updates known as a "service pack" for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows.

The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or interfered with third-party programs -- and not finding any that warranted waving readers away from this update -- I told readers not to worry and to go ahead and install it.

'm here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult -- if not dangerous -- to remove, once installed.

Annoyances.org, which lists various aspects of Windows that are, well, annoying, says "this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC." I'm not sure I'd put things in quite such dire terms, but I'm fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.

Big deal, you say? I can just uninstall the add-on via Firefox's handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the "uninstall" button on the extension. What's more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up.

When I first learned of this, three thoughts immediately flashed through my mind:

1) How the %#@! did I miss this?

2) The right way would have been to just publish the add-on at Mozilla's Add Ons page.

3) This kind of makes you wonder what else MS is installing without your knowledge.

Then I found that I wasn't the only one who had these ideas. Microsoft has heard these criticisms from others who long ago commented on this unfortunate development (see the comments underneath this post).

Anyway, I'm sure it's not the end of the world, but it's probably infuriating to many readers nonetheless. Firstly -- to my readers -- I apologize for overlooking this..."feature" of the .NET Framework security update. Secondly -- to Microsoft -- this is a great example of how not to convince people to trust your security updates.

Thursday, May 28, 2009

Face-Off: Who Should Be in Charge of US Cybersecurity?

Recent attacks on the power grid, stolen fighter jet plans, and SCADA system security woes have thrust national cybersecurity into the limelight. The reaction has been as expected: Congress is asking tough questions, and the White House has reviewed federal networks and security processes. One key question remains unanswered: Which government agency should be running the show? Many have called for a newly created White House position to oversee cybersecurity and report directly to the president, while others wonder what role intelligence agencies such as the National Security Agency (NSA) will play in leading the country's cybersecurity efforts. Security experts Bruce Schneier, CTO of BT Global Services, and Marcus Ranum, CTO at Tenable Network Security, debate all sides of the issue in this Face-Off, a recorded version of their popular point-counterpoint columns published regularly in Information Security magazine.

Microsoft Warns of Dangerous DirectShow Flaw & Attacks

Via ThreatPost -

Microsoft today warned that hackers are using rigged QuickTime media files to exploit an unpatched vulnerability in DirectShow, the APIs used by Windows programs for multimedia support.

The company has activated its security response process to deal with the zero-day attacks has issued a pre-patch advisory with workarounds and a one-click "fix it" feature to enable the mitigations.

From the advisory:

Microsoft is aware of limited, active attacks that use this exploit code. While our investigation is ongoing, our investigation so far has shown that Windows 2000 Service Pack 4, Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not vulnerable.

An entry on the MSRC blog provides more details:

The vulnerability is in the QuickTime parser in Microsoft DirectShow. An attacker would try and exploit the vulnerability by crafting a specially formed video file and then posting it on a website or sending it as an attachment in e-mail. While this isn’t a browser vulnerability, because the vulnerability is in DirectShow, a browser-based vector is potentially accessible through any browser using media plug-ins that use DirectShow. Also, we’ve verified that it is possible to direct calls to DirectShow specifically, even if Apple’s QuickTime (which is not vulnerable) is installed.

Interestingly, the vulnerable component was removed from Windows Vista and later operating systems but is still available for use in the Microsoft Windows 2000, Windows XP, and Windows Server 2003 operating systems.

Vulnerable Windows users should immediately consider disabling QuickTime parsing to thwart attackers. This KB article provides fix-it button that automatically enables the workaround.

It also provides detailed instructions on using a managed script deployment for Windows shops.

Also see the Security Research and Defense blog for more information.

FBI & U.S. Marshalls Service Networks Hit By Virus

Via strategypage.com (May 26th, 2009) -

On May 21st, FBI and U.S. Marshalls Service networks were hit with a particularly aggressive computer virus. Both agencies shut down their external (connected to the Internet, which was how the virus got in) networks down, and began looking into what the virus was up to, and where it came from. Both agencies are targets for hackers working for criminal gangs and foreign intelligence agencies. The U.S. Marshalls Service runs the Witness Protection program, and many gangsters, and foreign intel agencies, would pay big money to know where people who had testified against them, were being hidden. The FBI has even more enemies. Actually, the FBI is hated by the entire criminal hacker community. That's because the FBI has been increasingly successful at revealing and disrupting hacker operations, as well as finding, arresting and prosecuting a growing number of hackers.

-------------------------------

I haven't seen much news about this in other sources.

At this point, it is not clear what types of virus was found or if it is even a targeted attack.

They may have just become roadkill for one of the many viruses making the rounds on the interweb...just like everyone else.

More Than 80% Of Phishing Attacks Use Hijacked, Legitimate Websites

Via DarkReading.com -

It used to be that researchers could sometimes track a phishing exploit by the notorious cybercrime ring behind it, like the Rock Phish gang, but no more: New research from the Anti-Phishing Working Group (APWG) has found that most phishers are setting up shop on legitimate Websites to be inconspicuous when they steal valuable information from victims.

In the second half of 2008, roughly 57,000 phishing attacks worldwide targeted a specific brand or organization, up from around 47,300 in the first half of 2008, according to a newly released report (PDF) from the APWG. The attacks were waged on 30,454 different domain names, only 5,591 of which were domains the phishers set up themselves. The rest were from legitimate Websites they had hijacked to carry out their exploits.

The average amount of time a phishing site was up: 52 hours, according to the report.

Phishers used their own malicious domains in 13 percent of attacks, according to the report, while 11 percent used subdomain registration services, some of which offer free hosting as well as DNS services that let you redirect your domain name at any time. These services are notorious for making the taking down of malicious sites difficult, according to the report. Around 6,340 subdomain accounts were used for phishing purposes in the second half of last year, up from 4,512 in the first half of the year.

"When we used to talk about the Rock Phish Group, phishers were segmented, and you could tell what sites they were setting up. But we're seeing more groups now, and it's harder to say, 'Here's one site by one particular group,'" says Laura Mather, chair of the Antiphishing Working Group's Internet Policy Committee. "They are obfuscating what they are doing...making it harder to specifically group them...Now they are more creative, agile, and flexible."

Phishers also are paying close attention to what users fall and don't fall for. Interestingly, phishers are using fewer unique IP address-based attacks -- only 2,809 in the second half of the year versus 3,389 in the first half of the year. That has been a gradual downward trend since early 2007.

Putting a brand name in the URL to fool victims isn't necessarily effective, Mather says. "Consumers don't know how to look at URLs to tell where they are going, so it doesn't even matter," she says.

Meanwhile, the APWG also recently released an advisory with detailed tips (PDF) about what to do if phishers compromise your Website for their exploits. It's aimed at helping small to midsize organizations take the proper steps when they discover or are notified that their site is being abused to host phishing operations. Among the recommendations:

  • verify the third party that alerts you that your site was compromised;
  • report the phishing URL to the APWG (reportphishing@antiphishing.org), which ensures that word gets out to security vendors;
  • restore the site to its uncompromised state; and
  • conduct a postmortem to prevent future compromises.

Suicide Attack, Market Blasts Hit Peshawar

Via Guardian UK -

Militants detonated two bombs in a busy market and attacked two police checkpoints in northern Pakistan on Thursday, killing at least 14 people, wounding scores more and testing the resolve of the government as it takes on the Taliban in the Swat Valley.

The attacks in Peshawar and Dera Ismail Khan happened within two hours of each other and a day after an assault on security forces in the eastern city of Lahore killed around 30 people. That strike was claimed by the Pakistani Taliban, which warned of further attacks unless the government called off the Swat offensive.

"Our targets are security forces, who are killing innocent people in Swat and other adjoining areas," said Hakimullah Mehsud, a deputy to Pakistani Taliban chief Baitullah Mehsud. "We regret that some innocent people were also killed in the Lahore attack, we did not want that."

Two bombs in Peshawar were mounted on motorcycles and exploded within seconds of each other, tearing off walls and shattering windows of a row of small shops at a popular market, police and witnesses said.

"It was a sudden blast and then there was fire all around, a cloud of smoke filled the sky," said Khair Uddin, a shopkeeper whose hands and chest were left bloodied by shrapnel from the blast.

Officer Zarman Shah Khan said six people were killed; a doctor at a local hospital said 80 people were wounded.

Commando units rushed to the scene and engaged in a gunfight with suspected militants who holed up in a building near the market, local police chief Malik Naveed said. Two gunmen were shot dead and at least one other was arrested.

Less than half an hour later, a suspected suicide bomber blew up a police checkpoint on the outskirts of the city, killing four police and the attacker, said police officer Yaseen Khan.

Illinois Man Dies From Swine Flu

Via Washington Post -

A 42-year-old Illinois man has died from complications of swine flu.

Officials with the Kane County Health Department say the man died Thursday.

Health officials say the victim had other medical problems. They say no further information will be released because of privacy concerns.

The man is the third person to die in the state from the swine flu.

The virus has sickened more than 13,000 people in 48 countries and been linked to more than a 100 deaths worldwide, with the majority of the fatalities in Mexico.

RIM Warns of BlackBerry PDF Vulnerability

Via itnews.com.au -

Research In Motion (RIM) has released details of a flaw in its BlackBerry Attachment Service that could allow hackers to remotely execute code and gain control of a BlackBerry Enterprise Server.

The firm said in a security advisory that multiple vulnerabilities with a Common Vulnerability Scoring System score of 9.3 have been found in the PDF distiller of the Attachment Service.

"These vulnerabilities could enable a malicious individual to send an email containing a specially crafted PDF file which, when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service," said the advisory.

RIM has issued an interim software update that fixes these issues in the affected versions of the BlackBerry Enterprise Server and BlackBerry Professional Software.

The firm advised users to disable PDF file processing on the server until these patches are rolled out, and said that users should only open attachments from trusted sources.

Graham Cluley, senior technology consultant at security vendor Sophos, said in a blog post that hackers are increasingly exploiting PDFs to deliver malware to unsuspecting business users.

"As PDFs are so widely used and shared in business most people wouldn't think twice about clicking on them, making it imperative that corporations keep their security patches and anti-malware defences up to date," he said.

Lost Laptop Exposes Thousands of UK Pension Records

Via The Register UK -

A lost laptop containing the personal data of 109,000 Pensions Trust's members has sparked the latest in a growing list of information security breach alerts.

The missing machine was stolen from the offices of NorthgateArinso, suppliers of the Pensions Trust's computerised pensions administration system, where it was was being used "as a database for development, training and performance testing".

Data on the drive was not encrypted but it was password protected - as if that provides much in the way of reassurance. Data held on the laptop included name, address, date of birth, NI number, name of employer, salary details, name of and relationship to nominees and, for those drawing a pension, bank account details.

Members of six of the Pension Trust's 39 schemes were affected by the breach. The records potentially exposed data from May 2007.

The Pensions Trust sent out letters this week informing affected members that their personal details have potentially been exposed as a result of the breach.

Scans of the letter in factsheets on the breach can be found here.

--------------------------------

DataLossDB tags this as
Incident 2021.

Wednesday, May 27, 2009

It's Time for the FTC to Investigate Mac Security

Via MacWorld.com -

When I read the headline about a security researcher who had published proof-of-concept code for a vulnerability, I was upset. To disseminate proof-of-concept code is to basically say, “Here is a way to attack computers for those of you who can’t figure out how to do it yourselves.” The analogy that comes to mind is to throw a gun on a playground and let kids figure out how to load it.

By the time I had finished reading the article, though, my attitude had changed.

The purpose of stunts such as this one is to embarrass a vendor into fixing problems and writing better software. The problem with that scheme is that even when it works exactly as planned, it is users who get hurt, not the vendor. A significant number of users just do not implement fixes when they are available. These people are the ones who suffer (along with all those innocent third parties who pay the price when the PCs belonging to inattentive users are compromised and added to a botnet).

What influenced my change of heart in this case was the fact that the vendor in question was Apple, which has been feckless on the topic of security for a long time. Apple gives people the false impression that they don’t have to worry about security if they use a Mac. And perhaps because the company is invested in fostering that impression, Apple is grossly negligent in fixing problems. The proof-of-concept code in this case is proof that Apple has not provided a fix for a vulnerability that was identified six months ago. There is no excuse for that.

Apple has exuberantly criticized Microsoft for the security vulnerabilities of its products. The fact is, though, that that criticism is grossly misplaced. For its part, Microsoft has been extremely disciplined in ignoring Apple’s advertisements.

The current Mac commercials specifically imply that Windows PCs are vulnerable to viruses and Macs are not. I can’t disagree that PCs are frequent victims of viruses and other attacks, but so are Macs. In fact, the first viruses targeted Macs. Apple itself recommended in December 2008 that users buy antivirus software. It quickly recanted that statement, though, presumably for marketing purposes.

It certainly could not have been for real security reasons. A ZDNet summary of 2007 vulnerabilities showed that there were five times more vulnerabilities for Mac OS than for all types of Windows PC operating systems.

How can Apple get away with this blatant disregard for security? Its advertising claims seem comparable to an automobile manufacturer implying that its cars are completely safe and its competitors’ cars are death traps, when we all know that all cars are inherently unsafe. Claims like those would surely draw the wrath of the Federal Trade Commission. Well, guess what: All commercial software has security vulnerabilities.

Why then is there no investigation of Apple’s security claims and inferences? Where is the FTC? The company’s turn-about on antivirus software should be a red flag to federal regulators. Here’s a company that was telling people that its products were secure, then briefly said they were not secure, and then said it had misspoken, and subsequently used the “Macs are safe” stance as a selling point, when in truth the only way they are safer is that Macs are less attractive to virus writers because there are so few of them. That is security through obscurity, which is always short-lived and a truly terrible security practice. Should Apple be allowed to make such claims? Billions of dollars are at stake, not to mention the public’s computing safety.

And so, much as I hate the concept of releasing proof-of concept code, I have to wonder whether this is what we need to make the public see how much they are at risk. The mainstream press really doesn’t cover Mac vulnerabilities, and Apple’s “it’s all good” talk seems to be winning the day. When I made a TV appearance to talk about the Conficker worm, I mentioned that there were five new Mac vulnerabilities announced the day before. Several people e-mailed the station to say that I was lying, since they had never heard of Macs having any problems. (By the way, the technical press isn’t much better in covering Mac vulnerabilities.)

I have come to the conclusion that either the FTC must investigate Apple’s advertising claims with regard to security, or people must begin releasing proof-of-concept code on a regular basis. European Union and Canadian regulators can certainly step in as well. With Apple selling more Macs, its attitude is putting more people at risk. And just to be clear, it is not that Apple’s software has security vulnerabilities that is the problem; all commercial software does. The problem is that Apple is grossly misleading people to believe otherwise.

Tuesday, May 26, 2009

North Korea’s Nuclear Test: Another Fizzle?

Via FAS Strategic Security Blog -

The Korean Central News Agency reportedly has announced that North Korea “successfully conducted one more underground nuclear test on May 25 as part of measures to bolster its nuclear deterrent for self-defense.” Several news media reported that the Russian Ministry of Defense estimating the test had a yield of approximately 10 to 20 kilotons.

Yet the preliminary seismic data published by the U.S. Geological Survey (USGS) shows that the test had a seismic magnitude of 4.7, only slightly more powerful than the 4.3 of the 2006 test.

Was it another fizzle? We’ll have to wait for more analysis of the seismic data, but so far the early news media reports about a “Hiroshima-size” nuclear explosion seem to be overblown.


Update: CTBTO’s initial findings.

Iran Lifts Block on Facebook Access

Via Washington Post -

Iran restored access to Facebook Tuesday, after a block on the social networking Web site last week generated accusations that the government was trying to muzzle one of the main presidential campaign tools of the reformist opposition.

Facebook was cut off Saturday, depriving challengers to President Mahmoud Ahmadinejad of a critical means of reaching out for the youth vote in the June 12 election.

The main pro-reform candidate, Mir Hossein Mousavi, is seeking a strong turnout from young voters and has used Facebook to try to mobilize support.

Authorities have not directly commented on the Facebook outage, and the reason for its return Tuesday was not immediately clear.

It also was not known whether the renewed Facebook access is permanent. Iranian authorities have restored then re-imposed blocks on Web sites in the past.

Iranian authorities often block specific Web sites and blogs considered critical of the Islamic regime. Critics said the shutdown of Facebook forced Iranians to rely on the government for information, depriving the election debate of important independent voices.

North Korea Restarts Yongbyon Nuclear Plant

Via China Confidential Blog -

U.S. spy satellites have detected signs that North Korea has restarted its nuclear plant, according to a South Korean newspaper.The large-circulation Chosun Ilbo is reporting that the the U.S. has detected steam coming from a reprocessing facility at North Korea's main Yongbyon nuclear plant. The paper cited an unnamed South Korean government source.

North Korea recently said it was restarting the reprocessing of spent nuclear fuel rods to harvest weapons-grade plutonium at the Yongbyon plant in response to international criticism of its April 5 rocket launch.

Mexico Detains Ten Mayors for Alleged Drug Ties

Via MSNBC.com -

Federal forces detained 10 mayors and 17 state and municipal officials over alleged drug ties Tuesday in an unprecedented anti-corruption sweep in the Pacific coast state of Michoacan.

Soldiers and officers fanned out across President Felipe Calderon's native state to carry out the operation, including more than 200 federal agents who burst into the state attorney general's office in Morelia to detain three officials.

Most of the mayors are from towns in a mountainous region where there have been numerous beheadings and where federal officials recently seized 22 methamphetamine laboratories. They included the mayor of Uruapan, where gunmen dumped five human heads on a dance floor at a bar in 2006, the federal attorney general's office said in a statement.

State police academy director Mario Bautista and state governor's adviser Citlalli Fernandez, the former public safety secretary, were among those taken in, the federal attorney general's office said in a statement.

Two police chiefs and several commanders were also detained.

Meanwhile the federal Public Safety Department presented 11 suspected members of La Familia drug gang who were detained late Monday and early Tuesday in the states of Michoacan and Mexico, among them a former Michoacan state police officer.

Officials did not say whether those arrests were related to the Michoacan operation.

Red Cross: Zimbabwe Cholera Cases to Top 100,000

Via Yahoo! News (AP) -

The cholera outbreak in Zimbabwe, the worst in Africa in more than 15 years, is slowing but is still expected to reach 100,000 cases this week, the Red Cross said Tuesday.

The Red Cross is appealing to donors, who have responded only reluctantly in the past, for more money to help keep the disease under control.

In a report, the International Federation of Red Cross and Red Crescent Societies said the outbreak of the waterborne disease has killed almost 4,300 people since August 2008.

"We stand now within days of 100,000 cases," said Red Cross spokesman Matthew Cochrane, adding that milestone had appeared unimaginable just a few months ago.

Cochrane said the outbreak 15 years ago killed 12,000 people in camps in what was then Zaire, as refugees fled turmoil following the genocide in Rwanda. What makes Zimbabwe's outbreak stand out, Cochrane said, was that it spread so quickly and was so deadly in a country at peace.

According to figures compiled by the U.N.'s World Health Organization, more than 98,000 cholera cases have been recorded in Zimbabwe since August.

Custodia Mandlhate, head of WHO's Zimbabwe operations, said in an e-mail that the outbreak appeared under control, but added that "our main challenge is now to make sure that preparedness for future epidemics is done."

Cholera is usually easily treated. The scale of Zimbabwe's outbreak is blamed on the collapse of the country's water and health infrastructure following years of violent political impasse.

Kismet Newcore RC1 Released

http://www.kismetwireless.net/

After 5+ years of development, this staging release is to work out any final minor issues before a full release. Kismet-2009-05-RC1 is expected to be fully functional, so please report problems on the forums or via email. Please read the new README and replace your configuration files, as just about everything about configuring Kismet has changed (for the better!) The old Kismet tree also sees a new release as Kismet-old-2009-05-R1, which incorporates minor fixes and support for some of the newer Intel and Ralink cards/driver names. Both are available from the download page.

Gates Says Taliban Have Momentum in Afghanistan

Via PakTribune (Pakistan) -

Defense Secretary Robert Gates has said the momentum in Afghanistan is with the Taliban, who are inflicting heavy U.S. casualties and hold de facto control of swaths of the country.

American public support for the Afghan war will dissipate in less than a year unless the Obama administration achieves "a perceptible shift in momentum," Defense Secretary Robert Gates said in an interview with The Wall Street Journal.

Gates said the momentum in Afghanistan is with the Taliban, who are inflicting heavy U.S. casualties and hold de facto control of swaths of the country.

The defense chief has been moving aggressively to salvage the war in Afghanistan, signing off on the deployments of 21,000 American military personnel and recently taking the unprecedented step of firing the four-star general who commanded all U.S. forces there. Gates, speaking in his cabin on an Air Force plane, said the administration is rapidly running out of time to turn around the war.

"People are willing to stay in the fight, I believe, if they think we’re making headway," he said.
"If they think we’re stalemated and having our young men and women get killed, then patience is going to run out pretty fast."


Gates, a Bush administration holdover, also waded into the debate over the Guantanamo Bay prison and Bush-era anti terror tactics. He said critics of the Obama administration’s plans to close Guantanamo and move some prisoners to the U.S. were guilty of "fear-mongering."

"If people begin to absorb the fact that we’ve got several dozen very dangerous terrorists in our jails right now ... maybe a little greater perspective would be brought to the issue," he said.

CDC Prepares for Swine Flu Surge in Fall

Via WebMD.com -

As the U.S. swine flu epidemic eases -- except in the Northeast -- the CDC is shifting its focus to preparing for a surge of cases when flu season returns in the fall.

The count of people who have been infected with the H1N1 swine flu continues to rise. Today's official count is 6,764 cases -- and that number should rise considerably as many state and local health departments did not report new cases over the Memorial Day holiday.

There have been 10 official U.S. swine flu deaths and two new deaths likely caused by the new flu. More than 300 people in the U.S. have been hospitalized, over half of them previously healthy young people.

While swine flu remains widespread in the Northeast, the epidemic seems to be waning in the rest of the country. Nationwide, no more people are seeing doctors for flu-like illness than is usual for this time of year -- a key indicator of flu activity.

It's too soon to say that swine flu has peaked in the U.S., Anne Schuchat, MD, the CDC's interim deputy director for science and health, said at a news conference. While hot spots of swine flu are expected to pop up across the nation throughout the summer, she said, "we are thinking that the warm summer months ahead may give us a little respite."

Accordingly, the CDC is shifting gears.

"Now we are at a transition point where we are entering an area of new focus and new priorities," Schuchat said. "We really are on a fast track for the next eight to 10 weeks to learn as much as we can ... and to strengthen our planning for the surge of illness we expect to see here in the fall."

North Korea Fires Another Missile into East Sea

Via Yahoo! News (AP) -

North Korea has fired off another missile, the latest in a series since its nuclear test two days ago, South Korea's Yonhap news agency said Wednesday.

The North fired a short-range missile into the Sea of Japan (East Sea) overnight, it quoted a Seoul government source as saying.

"Intelligence authorities are now closely monitoring the situation," the source said.

The communist state fired three short-range ground-to-air missiles from locations near its east coast on Monday, the same day it conducted an underground nuclear test that shocked the world.

It launched two more off its east coast on Tuesday, Yonhap news agency reported. South Korea's military says it does not comment on intelligence matters.


------------------------------

According to Yonhap News Agency....
"The North appears to have launched a ground-to-ship missile into the East Sea shortly after 9 p.m. Tuesday," the official said, asking not to be identified....Officials here believe the missile launches are partly aimed at preventing South Korean and U.S. reconnaissance planes from nearing the communist state to verify its claimed nuclear test.

The Science News Cycle


North Korea Fires Two Short-Range Missiles, Other Launches Expected Soon

Via CNN -

North Korea fired two short-range missiles from its east coast Tuesday -- a day after conducting a nuclear test -- South Korea's Yonhap news agency reported, citing a South Korean official.

"The North is continuing its saber-rattling," the unnamed official said.


The firings came a day after the reclusive communist state conducted a nuclear test and fired another short-range missile.

U.S. ambassador to the United Nations Susan Rice said Tuesday the international community would not be intimidated by North Korea's "provocative and destabilizing" missile tests.

"If they want to continue to test and provoke the international community, they're going to find that they will pay a price, because the international community is very clear -- this is not acceptable, it won't be tolerated, and they won't be intimidated," Rice told CNN's "American Morning."

The U.N. Security Council -- which includes North Korea's closest ally, China -- on Monday unanimously condemned Pyongyang's nuclear test as a "clear violation" of international law.

After passing the non-binding statement of criticism, the Security Council is now working on passing "a strong resolution with teeth," Rice said. "Those teeth could take various different forms - they are economic levers, they are other levers that we might pursue," she said.

[...]

Several analysts said the test could be an effort to improve Pyongyang's bargaining position, or a sign of a power struggle within North Korean leader Kim Jong-Il's government.

Han Park, a scholar at the University of Georgia, said North Korea wants normal diplomatic relations and a non-aggression pact with the United States -- and is "angry enough and hungry enough to sell anything they can put their hands on."

"They are a big-time weapons trader," Park said. "If we are going to try to do something about nonproliferation, we have to include diplomatic relations with North Korea."

Analysts say North Korea is years from having a weapon it can put atop a long-range missile like those in the U.S., Chinese or Russian arsenals.


------------------------------

According to The Korea Herald...the two short-range missiles were shot from near Hahmheung, South Hamgyeong Province, above the East Sea.

The two missiles are believed to be ground-to-air and ground-to-ship missiles and had a range of about 130 kilometers.

Other missile launches are expected in the near future, including the suspected launch of a "KN-01" anti-ship cruise missile. KN-01 missiles, upgraded from [Chinese] Silkworms, have an estimated range of up to 160 kilometers.

Monday, May 25, 2009

Boeing Prepares X-51A for Hypersonic Test Flight

Via Jane's Information Group -

The US Air Force (USAF) plans to fly the Boeing Phantom Works X-51A Waverider hypersonic engine research vehicle at up to Mach 6 later this year.

Joseph Vogel, Boeing X-51A programme manager, Advanced Network and Space Systems, and Charles Brink, X-51A programme manager, USAF Research Laboratory, spoke to reporters at Boeing's Huntington Beach facility in southern California on 14 May. They said that the consortium running the programme – USAF, Boeing, DARPA and Pratt & Whitney Rocketdyne – had recently completed testing a "flight-like" ATACMS engine (SJX-61-1) at Mach 4.6 to 5 and that the first of four flight trials of the unmanned vehicle would take place in October or November.

The first flight test X-51A (FTV-1) – which comprises (from front to back) a cruiser vehicle and scramjet engine with a separate stage solid rocket booster with control surfaces – will be dropped from the wing of a B-52 bomber at about 50,000 ft at Mach 0.8 over Naval Air Weapons Station Point Mugu in California. The booster rocket will then fire the vehicle to about Mach 4.7 and 60,000 to 65,000 ft before the scramjet engages. Once the scramjet is engaged, the rocket booster will fall away and the cruiser section will climb to between 80,000 and 85,000 ft before accelerating to Mach 6.

Right-to-Repair Law Is Right On

Via Wired.com -

Computers play an increasingly important role under the hood of our cars, which can make repairing your ride a nightmare. Troubleshooting and repairing problems requires specialized equipment and - more importantly - diagnostic codes that automakers jealously protect. That means you’re usually stuck going to a dealership and paying through the nose for repairs.

Congress wants to change that.

The Right-to-Repair Act would allow independent repair shops to compete for business that currently goes only to franchises and dealer-approved establishments. The bipartisan bill, introduced in the House of Representatives, would drastically increase the number of shops that could service late-model vehicles and make those repairs significantly cheaper.

By limiting the number of shops that can service your car, dealers drive up the cost to owners of those vehicles by 34 percent, according to a study Lang Research conducted for the Automotive After Market Industry Association. The study found consumers pay $11.7 billion in excess costs annually.

That is unacceptable.

As the Electronic Frontier Foundation notes, the legislation points to a broader problem: How the Digital Millennium Copyright Act makes it difficult to do everything from repair computers to replace your garage door opener. DMCA prohibits bypassing or circumventing “technological protection measures.”

“The issue goes beyond the importance of being able to get independent repair and maintenance services,” EFF writes. “The use of technological ‘locks’ against tinkerers also threatens user innovation - the kinds of innovation that traditionally have come from independent tinkerers - which has increasingly been recognized as an important part of economic growth and technological improvement.”

The EFF is right in saying we need more than a right-to-repair law for cars. We need one for most of the stuff we own.

Student Visa Fraud Reported in Britian

Via NY Times -

Pakistani fraudsters set up a network of fake colleges that helped thousands of Pakistanis enter Britain on student visas, The Times of London reported Thursday. The students at 11 bogus colleges included 8 of the 10 suspects arrested last month in a terrorism inquiry in northwest England, the newspaper said. It said one college sold hundreds of places to men from the North-West Frontier Province, where the Taliban are fighting the Pakistani Army.

Tamil Tigers Admit Leader is Dead

Via BBC -

Sri Lanka's Tamil Tiger rebels have admitted for the first time that their leader Velupillai Prabhakaran is dead.

A statement issued by the Tigers said their "incomparable leader" had "attained martyrdom" and declared a week of mourning.

A spokesman for the group also told the BBC that it would now use non-violent methods to fight for Tamils' rights.

Sri Lanka's army last week released pictures it said showed Prabhakaran's body after its final offensive.

The statement from the Tamil Tigers (LTTE) said he was killed "fighting the military oppression of the Sri Lankan government" last Sunday.

The rebels had made a last stand in the north-east of the island after Sri Lankan troops cornered them in a coastal strip.

The Tigers' defeat brought to an end their 26-year fight for a separate Tamil homeland.

The statement was signed by the defeated group's head of international relations, Selvarasa Pathmanathan.

It said that the LTTE had declared a week of mourning for their dead leader, starting on 25 May.

The statement called on Tamils all over the world to "restrain from harmful acts to themselves or anyone else in this hour of extreme grief".

In a telephone interview with the BBC, Mr Pathmanathan said Prabhakaran had died on 17 May but did not give details of the circumstances.

Mr Pathmanathan said the Tigers would now use non-violent methods to fight for the rights of Tamils.

"We have already announced that we have given up violence and agreed to enter a democratic process to achieve the rights for the Tamil (self) determination of our people," he said.

Most of the Tamil Tigers senior leadership is believed to have been killed in the fighting.

PDFResurrect - PDF Analysis and Scrubbing Utility

http://www.757labs.com/projects/pdfresurrect/#about

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. This tool can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.

This project is released under the GNU GPLv3 license. So have at it!

Many individuals were originally consulted on this and provided suggestions, including Tele, Remad, Derez, Count, and Sunpuke. Special thanks to Brent, not really part of the 757 crew, but aided in proofreading the paper. Thanks guys!

Iran Blocks Facebook in Run-up to June Elections

Via The Inquirer -

Iranian Labour News Agency (ILNA) reported that Iran's government has shut down access to Facebook in the run-up to the country's elections in June.

The report said, "according to certain Internet surfers, the site was banned because supporters of Mir Hossein Mousavi were using Facebook to better disseminate the candidate's positions."

Iran's last prime minister when the position was abolished in 1989, Mr Mousavi is considered a front runner to replace President Ahmadinejad in the June 12 elections, according to the BBC, which said his Facebook page has more than 5,000 supporters.

Juan Cole, writing in his bog on Middle Eastern affairs Informed Comment (which is also blocked in Iran) observed, "The smart thing to do would have been to encourage the other candidates also to use Facebook, thus levelling the playing field."

He added, "Authoritarian regimes cannot imagine that everyone benefits from more peaceful political competition."

Facebook reportedly expressed disappointment upon hearing that Iran has blocked it.

Three Unpatched ActiveX Exploits Added to Metasploit

'AOL Radio AmpX ActiveX Control ConvertFile() Buffer Overflow'
http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/aol_ampx_convertfile.rb?rev=6578

'Autodesk IDrop ActiveX Control Heap Memory Corruption'
http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/autodesk_idrop.rb?rev=6578

'Roxio CinePlayer ActiveX Control Buffer Overflow'
http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/roxio_cineplayer.rb?rev=6578

Gulags, Nukes and a Water Slide: Citizen Spies Lift North Korea's Veil

Via WSJ.com -

In the propaganda blitz that followed North Korea's missile launch last month, the country's state media released photos of leader Kim Jong Il visiting a hydroelectric dam and power station.

Images from the report showed two large pipes descending a hillside. That was enough to allow Curtis Melvin, a doctoral candidate at George Mason University in suburban Virginia, to pinpoint the installation on his online map of North Korea.

Mr. Melvin is at the center of a dozen or so citizen snoops who have spent the past two years filling in the blanks on the map of one of the world's most secretive countries. Seeking clues in photos, news reports and eyewitness accounts, they affix labels to North Korean structures and landscapes captured by Google Earth, an online service that stitches satellite pictures into a virtual globe. The result is an annotated North Korea of rocket-launch sites, prison camps and elite palaces on white-sand beaches.

"It's democratized intelligence," says Mr. Melvin.

More than 35,000 people have downloaded Mr. Melvin's file, North Korea Uncovered. It has grown to include thousands of tags in categories such as "nuclear issues" (alleged reactors, missile storage), dams (more than 1,200 countrywide) and restaurants (47). Its Wikipedia approach to spying shows how Soviet-style secrecy is facing a new challenge from the Internet's power to unite a disparate community of busybodies.

"Here is one of the most closed countries in the world and yet, through this effort on the Internet by a bunch of strangers, the country's visible secrets are being published," says Martyn Williams, a Tokyo-based technology journalist who recently sent Mr. Melvin the locations of about 30 North Korean lighthouses.

[...]

Many updates later, Mr. Melvin and his correspondents have plotted out what they say is much of the country's transportation network and electrical grid, and many of its military bases. They've spotted what they believe are mass graves created in the 1995-98 famine that killed an estimated two million people. The vast complexes of Mr. Kim and other North Korean leaders are visible, with palatial homes, pools, even a water slide.

An official at North Korea's consulate in Hong Kong declined to grant an interview. Its embassy in London didn't respond to a faxed request for comment.

Mr. Melvin says he cross-checks what information he can and adjusts other facts with the help of collaborators. He says he has met only a few of the contributors. Some have identified themselves as former members of the U.S. military who once studied the country professionally. Some have been anonymous.

Joshua Stanton, an attorney in Washington who once served in the U.S. military in South Korea, used Google Earth to look for one of the country's notorious prisons. In early 2007, he read an international news report about a mass escape from Camp 16, which the report mentioned was near the site of a nuclear test conducted the year before.

No pictures of Camp 16 are believed to have been seen outside the country. But Mr. Stanton had pored over defector sketches of it and combed the map for familiar structures. "I realized I had already noticed the guard posts" on Google Earth the previous year for the nuclear test site, he says.

Mr. Stanton traced what he believed is Camp 16's boundary, enclosing nearly 300 square miles, and those of other large North Korean prisons and shared them with Mr. Melvin. The fences aren't easy to follow because they go over mountain ridges, he says. But satellite images often reveal gaps in the vegetation along the fence line, because trees are cleared on either side to prevent people from climbing over.

Last year, Sen. Sam Brownback of Kansas used Mr. Stanton's maps in a floor presentation criticizing the North's human-rights record. "Google has made a witness of all of us," Mr. Brownback said. "We can no longer deny these things exist."

---------------------------------

The file can be downloaded from Mr. Melvin's site...(it is currently loading slow however)

http://www.nkeconwatch.com/north-korea-uncovered-google-earth/

Here is a screenshot of the file loaded into Google Earth...