Tuesday, June 30, 2009

South Korea: North is Enriching Uranium

Via VOA News -

South Korea's defense minister says North Korea appears to be pushing forward with a uranium enrichment program, raising fears that it may use the material to make atomic weapons.

Addressing a hearing of lawmakers Tuesday, Lee Sang-hee said it is clear that North Korea is moving forward with the program. He added that such a program is far easier to hide than the North's current plutonium-based program.

North Korea has ample supplies of natural uranium, and it could conduct an enrichment program in underground or undisclosed facilities, away from the view of U.S. spy satellites.

Earlier this month, after the United Nations placed more sanctions on North Korea for carrying out its second nuclear test in May, Pyongyang said it would start enriching uranium.

----------------------------

Today, The United States on Tuesday added two more companies to its lists of firms facing sanctions for allegedly aiding North Korea's nuclear and missile programs. One company is in North Korea and the other is described as a North Korean front-company based in Iran.

StopBadware.org, Sunbelt Software Partner to Fight Badware

Via StopBadWare.org -

StopBadware.org, the collaborative initiative to combat viruses, spyware, and other bad software, announced today that Sunbelt Software, developer of the VIPRE anti-malware product line, will participate in the effort as a data partner. Sunbelt Software joins Google in contributing data to the project, which is based at Harvard University’s Berkman Center for Internet & Society. The initiative is funded by Google, PayPal, Mozilla, AOL, and Trend Micro.

[...]

StopBadware.org collects the URLs of these badware websites, whether malicious or compromised, from its data partners. It uses the information to support and encourage site owners and web hosting companies in cleaning up and protecting their sites. The initiative also conducts analysis of infection trends, offers independent reviews of its partners’ findings, and operates a community website, BadwareBusters.org, that provides help to people who have been victims—or wish to avoid becoming victims—of badware.

“We are thrilled that a well-respected anti-malware company like Sunbelt Software has come on board as a data partner,” said Maxim Weinstein, manager of StopBadware.org. “The new data offers us a different view of the badware website landscape and will help us to extend our reach and to provide richer analysis.”

Sunbelt Software’s director of malware research, Eric Howes, has been an advisor to StopBadware.org since early in its development, but the data partnership represents the first time the company has established an official relationship with the project.

“Sunbelt Software has always encouraged a collaborative approach to addressing the malware problem,” said Eric Howes. “We are pleased to formalize our ongoing relationship with StopBadware and support the important work it does in educating the public and the industry.”

Sunbelt will provide research data via ThreatTrack™, a comprehensive array of malicious url and malware data feeds. The data in these feeds is derived from multiple sources including: research from Sunbelt Labs; ThreatNet™, Sunbelt’sVIPRE user community that anonymously sends information on potential threats to Sunbelt Labs; and Sunbelt CWSandbox, the leading automated malware behavior analysis tool for fast and autonomous analysis of large volumes of malware samples.

This morning, StopBadware.org launched a new, richer report interface—integrating the new Sunbelt Software data—to its searchable Badware Website Clearinghouse. The new reports allow security researchers, law enforcement, site owners, and other interested parties to see a site’s current and past badware activity, along with basic information about the site. Future enhancements are expected to provide insight into the concentration of badware sites on particular networks.

Pirate Bay Site Sold, Going to Legal Business Model

Via BBC -

Global Gaming Factory (GGF) has paid 60m kronor (£4.7m) to take over the site from its founders.

Once it has taken control, GGF said it would start paying copyright fees for the movies, music and games linked to via the site.

In April, The Pirate Bay owners were found guilty of promoting copyright infringement, fined 30m kronor and were sentenced to one year in jail.

The four men behind the site, Frederik Neij, Gottfrid Svartholm Warg, Carl Lundstrom and Peter Sunde, said they planned to appeal against the sentence.

The Pirate Bay is one of the most well-known file-sharing sites on the web. Many people use it to find copyrighted material such as TV shows, games and music tracks. The Pirate Bay does not host any of the pirated material itself.

"We feel that we can't take The Pirate Bay any further," Mr Sunde told the Swedish news agency TT. "We're in a bit of a frozen situation where there's not much happening and there are neither people nor money to develop things."

Half the money GGF will pay for the site will be in cash and the remainder in shares in the company.

"We would like to introduce models which entail that content providers and copyright owners get paid for content that is downloaded via the site" said Hans Pandeya, head of GGF in a statement.

"Content creators and providers need to control their content and get paid for it," he said.

GGF has not released details of how it will charge for the content downloaded via the site. The Pirate Bay will be handed over to GGF in August.

It is not clear how the deal affects the Video Bay - a video-sharing site set up by the people behind The Pirate Bay.

GGF specialises in software that helps run and maintain PCs used in cyber cafes and gaming centres.

-----------------------

Check out TorrentFreak for updates...as it could be days (or even longer) before we know what is really going to happen.

China Puts Indefinite Delay on 'Green Dam' Mandate

Via InformationWeek -

China has postponed its requirement that all PCs sold in the country include Web filtering software known as Green Dam.

According to a post on the Web site of the state-controlled news agency Xinhua, China's Ministry of Industry and Information Technology (MIIT) said late Tuesday that the pre-installation requirement would be delayed because computer makers wanted more time for such a massive undertaking.

Although Mindtouch CEO Aaron Fulkerson does a good job listing the major points that his company's namesake product (available as a service too) touches on in this reviewcam, it's also one of those products that's difficult to describe. Three guys, three pints of beer, and random truths about green tech, Web video, telepresence, and avatars InformationWeek's Mitch Wagner demonstrates how to "get good" at Twitter.

Although Mindtouch CEO Aaron Fulkerson does a good job listing the major points that his company's namesake product (available as a service too) touches on in this reviewcam, it's also one of those products that's difficult to describe.

The MIIT had set July 1 as a deadline and some computer manufacturers have already begun complying with the order. Sony has started shipping PCs with Green Dam, accompanied by disclaimer about the risks posed by the software. Acer has reportedly expresses its intent to comply.

No new deadline was disclosed, leaving open the possibility that China might decide to abandon the filtering requirement.

The MIIT said that it would continue to provide Green Dam as a free download for users who wanted it, and would install the software on computers in schools and public Internet cafes. It intends to "keep on soliciting opinions to perfect the pre-installation plan," the Xinhua News Agency said.

Exploiting MS Advisory 971778 - QuickTime DirectShow Vulnerability

Via Tipping Point DVLabs (Aaron Portnoy) -

On May 28th, 2009 Microsoft released MS Security Advisory 971778 titled Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution. This vulnerability should be considered high-risk as it allows for remote code execution through a browser using the Windows Media Player ActiveX control. In this blog post I provide a brief walk through of details of this issue and touch upon how it can be exploited in a reliable fashion.

This vulnerability manifests itself within the quartz.dll module located within the \Windows\System32 directory. This DLL is part of Microsoft's DirectShow multimedia framework and is responsible for parsing various media formats and handing data off to appropriate installable compressors and decompressors. Frequently, vulnerabilities in media formats exist within these installable compressors (see TPTI-09-01 and TPTI-09-02 for recent examples), however, in this case the problematic code is located within quartz itself. It should be noted that Quicktime does NOT need to be installed for this issue to be exposed.

--------------------------

Check out the full post by Aaron to get all the juicy 0-day details...

ATM Vendor Halts Researcher’s Talk on Vulnerability

Via Wired.com -

An ATM vendor has succeeded in getting a security talk pulled from the upcoming Black Hat conference after a researcher announced he would demonstrate a vulnerability in the system.

Barnaby Jack, a researcher with Juniper Networks, was to present a demonstration showing how he could “jackpot” a popular ATM brand by exploiting a vulnerability in its software.

Jack was scheduled to present his talk at the upcoming Black Hat security conference being held in Las Vegas at the end of this month.

But on Monday evening, his employer released a statement saying it was canceling the talk due to the vendor’s intervention.

“Juniper believes that Jack’s research is important to be presented in a public forum in order to advance the state of security,” the statement read. “However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research.”

In the description of his talk on the conference web site, Jack wrote that, “The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. This presentation will retrace the steps I took to interface with, analyze, and find a vulnerability in a line of popular new model ATM’s. The presentation will explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM.”

Jack did not disclose the ATM brand or discuss whether the vulnerability was found in the ATM’s own software or in its underlying operating system. Diebold ATMs, one of the most popular brands, runs on a Windows operating system, as do some other brands of ATMs.

Diebold did not respond to a call for comment.

Earlier this year, Diebold released an urgent alert (.pdf) announcing that Russian hackers had installed malicious software on several of its Opteva model ATMs in Russia and Ukraine. A security researcher at SophosLabs uncovered three examples of Trojan horse programs designed to infect the ATMs and wrote a brief analysis of them. Last month another security research lab, Trustwave’s SpiderLabs, provided more in-depth analysis of malware used to attack 20 ATMs in Russia and Ukraine of various brands.

According to SpiderLabs, the attack required an insider, such as an ATM technician or anyone else with a key to the machine, to place the malware on the ATM. Once that was done, attackers could insert a control card into the machine’s card reader to trigger the malware and give them control of the machine through a custom interface and the ATM’s keypad.

The malware captured account numbers and PINs from the machine’s transaction application and then delivered it to the thief on a receipt printed from the machine in an encrypted format or to a storage device inserted in the card reader. A thief could also instruct the machine to eject whatever cash is inside the machine. A fully loaded ATM can hold up to $600,000.

It’s unclear if the talk Jack was scheduled to give addresses the same vulnerability and malware or a new kind of attack.

--------------------------

Weak sauce. This event shall now be known as ATMGATE!

But this move is not totally unexpected...after having beers with one of my friends @ Juniper several weeks ago...it sounded like the ATM vendor was starting to give the cold legal shoulder to Juniper....thus this being the outcome was not totally unforeseen.

Monday, June 29, 2009

Social Network Phishing Attacks Up More Than 240%

Via Dark Reading -

Social networks are increasingly becoming a favorite method of attack for phishers as they look for more efficient ways to reach potential victims, according to a newly released report.

Overall, phishing attacks rose 36 percent in the first quarter of this year compared to the same period in 2008, according to a sampling of banking brands used in MarkMonitor's Brandjacking Index report for January through April 2009. And more than 500 organizations worldwide were phished in the first quarter of this year, up 14 percent from the fourth quarter of last year, according to MarkMonitor.

Phishing attacks on social networking sites increased more than 240 percent compared to the same time last year, just behind attacks on payment services, which jumped a whopping 285 percent versus the first quarter of '08. "They exploit the trust one user has with another [on a social network]. There's a tendency to open up something from one of your 'friends' on these sites," says Frederick Felman, chief marketing officer at MarkMonitor. "This is the biggest innovation in phishing attacks since RockPHISH, and it's more social than technical exploitation. RockPHISH was an infrastructure play, but this is using someone else's infrastructure to spread the badness."

Blind Hacker Sentenced to 11 Years in Prison

Via Wired.com -

A legally blind Massachusetts phone hacker was sentenced Friday to over 11 years in federal prison, following his guilty plea on computer intrusion and witness intimidation charges earlier this year.

Matthew Weigman, 19, was sentenced in Dallas by U.S. District Judge Barbara M.G. Lynn, according to the U.S. Attorney’s Office there. There is no parole in the federal system, and little time off for good behavior, so the 135 month term will likely keep Weigman behind bars until 2018.

Known in the telephone party-line scene as “Li’l Hacker,” Weigman is widely considered one of the best phone hackers alive. Relying on an ironclad memory and detailed knowledge of the phone system, the teenager is known for using social engineering to manipulate phone company workers and others into divulging confidential information, and into entering commands into computers and telephone switching equipment on his behalf.

The FBI had been chasing Weigman since he was 15 years old, at times courting him as an informant. He was finally arrested last May, less than two months after celebrating his 18th birthday.

Pakistan Places Bounties on Senior Taliban Leaders

Via The Long War Journal -

The Pakistani government has put out bounties for the capture or death of Pakistani Taliban leader Baitullah Mehsud and 10 of his senior commanders operating in the lawless tribal agencies. Three senior Taliban leaders in North and South Waziristan were noticeably excluded, indicating that the government does not intend to take on these warlords.

The government announced the bounties in an advertisement in Pakistani newspapers.

Baitullah Mehsud, the leader of the Tehrik-e-Taliban, or the Movement of the Taliban in Pakistan, topped the list at an estimated price tag of $615,000.

Faqir Mohammed, the leader of the Taliban in Bajaur, came in second at $181,000.

Hakeemullah Mehsud and Qari Hussain Mehsud of South Waziristan, Omar Khalid and Qari Shakeel of Mohmand, and Commander Tariq Afridi of Darra Adam Khel each command a $123,000 bounty.

Qari Zia Rahman and Waliur Rahman of Bajaur, Fazal Saeed Utezai of Kurram, and Mufti Ilyas of Darra Adam Khel rounded out the list at $61,500 each.

The bounties for Baitullah and his deputies come a month after the government issued bounties for Swat Taliban leader Mullah Fazlullah, his deputy Shah Doran, spokesman and military commander Muslim Khan, and 18 other leaders from the region. So far, those bounties have not led to the arrest or capture of the leaders.

Both Fazlullah and Shah Doran are rumored to have been killed, but the reports have not been confirmed. The government has arrested Falzullah's family.

Siraj Haqqani, Hafiz Gul Bahadar, and Mullah Nazir are absent from the wanted list.

---------------------

Check out the CT blog's great Swat Analysis series of blogs for more information.

Sunday, June 28, 2009

Crash Course in Nuclear Safety & Iran's Nuclear Program

http://www.voanews.com/english/iran_nuclear_safety.cfm

VOA News has built a series of 5 videos, each with a different theme.

Very informative stuff.

Saturday, June 27, 2009

Invisibility Cloak Could Hide Buildings from Quakes

Via NewScientist.com -

Borrowing from the physics of invisibility cloaks could make it possible to hide buildings from the devastating effects of earthquakes, say physicists in France and the UK.

The "earthquake cloak" idea comes from the team led by Stefan Enoch at the Fresnel Institute in Marseille, France. They were the first to show that the physics of invisibility cloaks could have other applications – designing a cloak that could render objects "invisible" to destructive storm waves or tsunamis.

The seismic waves of an earthquake fall into two main groups: body waves that propagate through the Earth, and surface waves that travel only across the surface.

Although Enoch's team have calculated that controlling body waves would be too complex, controlling surface waves is within the ability of conventional engineering, they say. Fortunately, it is surface waves that are more destructive, says team member Sebastien Guenneau at the University of Liverpool in the UK.

The new theoretical cloak comprises a number of large, concentric rings made of plastic fixed to the Earth's surface. The stiffness and elasticity of the rings must be precisely controlled to ensure that any surface waves pass smoothly into the material, rather than reflecting or scattering at the material's surface.

When waves travel through the cloak they are compressed into tiny fluctuations in pressure and density that travel along the fastest path available. By tuning the cloak's properties, that path can be made to be an arc that directs surface waves away from an area inside the cloak. When the waves exit the cloak, they return to their previous, larger size.

[...]

"The outer rings remain nearly still, but the pair of rings tuned to the frequency of the wave move like crazy, bending up and down and twisting," says Guenneau. "For each small frequency range, there's one pair of rings that does most of the work." The team has simulated cloaks containing as many as 100 rings, says Guenneau, although fewer would be needed to protect against the most common kinds of earthquake surface waves.

When it comes to installing them into buildings, they could be built into the foundations, Guenneau suggests. It should be possible to make concrete structures with the right properties. To protect a building 10 metres across, each ring would have to be about 1 to 10 metres in diameter and 10 centimetres thick.

The concentric ring design can also be scaled down, and could offer a way to control vibration in cars or other machinery, he adds.

Police Chief & 91 Officers Detained in Pachuca, Mexico

Via Yahoo! News (AFP) -

A police chief and 91 officers were detained in a sweep on a city in central Mexico suspected of sheltering one of the country's most violent drug gangs, federal police said.

The police chief of Pachuca, capital of Hidalgo state, and the police officers were suspected of offering protection to the Zetas, the armed wing of the powerful Gulf drug cartel, federal police intelligence coordinator Luis Cardenas told reporters.

The Zetas carried out kidnappings and extortion in liaison with local police around Pachuca, some 120 kilometers (75 miles) from Mexico City, Cardenas said.

The original Zetas were elite Mexican Special Forces soldiers trained to find and detain drug lords. A group of deserters formed the group when they instead went to work for the drug lords in the late 1990s.

In recent weeks, a dozen army soldiers and police officers have been arrested in at least four Mexican districts for allegedly harboring organized crime, especially drug trafficking.

More than 10,000 people have died in suspected drug violence since President Felipe Calderon launched a nationwide military crackdown on the nation's powerful cartels two and a half years ago.

FBI: Al-Kini Group Behind Bombing Incidents in Pakistan

Via Dawn.com (Pakistan) -

The US Federal Bureau of Investigation (FBI) has informed Pakistan that Al-Qaeda's network known as ‘Al-Kini group’ was behind a series of bombing incidents in the country, including last year's deadly suicide attack on Islamabad's Marriot hotel.

In its latest communication to Pakistan's Federal Investigating Agency (FIA), the FBI has described the Al-Kini Group to be not only involved in the Marriot bombing, but its various terror cells were also involved in a suicide attack that had killed an army surgeon general, Lt. Gen Mushtaq Baig, in Rawalpindi and the bomb attack on a police station in Sargodha.

Usama al-Kini, also known as Azmarai, was Al-Qaeda's Pakistan chief until he was killed in one of the drone attacks in North Waziristan last year.

Its not clear who heads the Al-Qaeda network in Pakistan, but FBI's correspondence suggest terror-cells of those loyal to Al-Kini were still operating as a separate group, and carrying out attacks within Pakistan.

Perhaps the deadliest of the known attacks by the group was a dumper-truck bomb that caused mass destruction at Islamabad's Marriot hotel in September last year, killing 53 people and injuring dozens of others.

According to the FBI three US nationals were among those killed in the attack.

A highly informed source said the FBI has asked the FIA and Islamabad Capital Territory police to share their investigations they had carried out so far which may help them in apprehending three people described as absconders, including a person identified as Ibrar-ud-Din Syed.

A joint investigation team (JIT) headed by former director general FIA Tariq Pervez had carried out an investigation into the Marriot Hotel bombing and compiled a report.

Dr Muhammad Usman, a resident of Hayat Abad Peshawar, Rana Illyas Ahmed a resident of Sumanderi Faisalabad and Muhammad Hameed Afzal a resident of Toba Tek Sing were arrested by Pakistani security agencies for involvement in the Marriot Hotel bombing and are being tried in the ATC.

The source said in line with the FBI's request, the director general FIA has sought permission from the federal government to share their investigation with the US agency for the apprehension of individual involved in the bombing as three Americans had been killing in the terrorist attack on the hotel.

The Pakistan's federal investigating agency have also been requested to allow the FBI to carry out some forensic tests in their laboratories on left over pieces of the explosive laden vehicle, frame parts, the engine and its shrapnel which were seized by the Pakistani agencies.

The FBI believes that the relevant forensic testing on residue samples, found from the scene of the terrorist attack, would help the Pakistani authorities in their investigation.

The source said information collected from one of the arrested members of al-Kini group, Omar Farouk, revealed that the group had financed two terrorist attacks in Pakistan in 2007, including the attack on Sarghoda police station in 2007.

The FBI has stepped up its efforts to collect further information in close liaison with the FIA and other security agencies in Pakistan to tighten the noose around the Al-Kini network, which many believe had remained the most effective al-Qaeda wing within Pakistan.

Pentagon Creates U.S. Cyber Command, Will Work with NSA

Via The Register UK (June 24th) -

The long wrangle among the US military about who gets to be in charge of cyber warfare and who gets all the resulting pork appears to have been settled. Questions remain, however, regarding the level of America's readiness to take offensive military cyber action against enemies presumably overseas.

Reuters reports that the main decisions on the US military cyber command were announced yesterday at the Pentagon. Defense Secretary Robert Gates signed an order to create the new organisation, intended to be based at Fort Meade outside Washington and subordinated to the head of the US National Security Agency (NSA), widely believed to be the most powerful crypto, intercept and eavesdropping agency in the world.

The news wire quotes Department of Defense (DoD) spokesman Bryan Whitman, responding to questions about "offensive" as opposed to "defensive" cyber warfare by the US forces, as remaining noncommital.

"This command is going to focus on the protection and operation of DoD's networks," he said. "This command is going to do what is necessary to be able to do that."

The Pentagon has previously stated on many occasions that its networks and those of the US government in general are nowadays constantly subject to cyber attacks, most of which appear to emanate from abroad. China is the foreign country most often mentioned in this context, but Deputy SecDef William Lynn has recently stated that "more than 100" foreign intelligence organisations have tried to penetrate the US military's cyber grid on various occasions.

"There is simply no exaggerating our military dependence on our information networks: the command and control of our forces, the intelligence and logistics on which they depend, the weapons technologies we develop and field – they all depend on our computer systems and networks,” said Lynn earlier this month. “Indeed, our 21st century military simply cannot function without them.”

[...]

As for the matter of the US taking the cyber offensive (as opposed to defensive) this would seem to be a foregone conclusion. The very meaning of the word "Defence" in modern English has now changed to mean "activities formerly carried out by ministries or offices of War - including attack and offence as required". It's a universally acknowledged military truism that defence of one's own territory is often best conducted on someone else's.

If that wasn't enough, it should also be noted that the US military is at present engaged in building a cyber firing range - in effect a Matrix-esque virtual world - in which to test the effects of cyber weapons.

The new command's subordination to the NSA makes sense - the NSA is already hugely expert in crypto and other useful subjects. Not everyone remembers that it is a military organisation, but unlike the CIA it is indeed "a Combat Support Agency of the Department of Defense".

The cyber command is due to kick off in October, and reportedly will be fully up and running a year later.

Algeria: Taking the Pulse of AQIM

Via Stratfor (Security Weekly) -

Late in the evening of June 17, 2009, militants affiliated with al Qaeda in the Islamic Maghreb (AQIM) detonated two improvised explosive devices (IEDs) against a convoy near Bordj Bou Arreridj, Algeria, which is located in a mountainous area east of Algiers that has traditionally been an Islamist militant stronghold. The convoy consisted of Algerian paramilitary police vehicles escorting a group of Chinese workers to a site where they were building a new highway to connect Bordj Bou Arreridj with Algiers. After disabling the convoy using IEDs, the militants then raked the trapped vehicles with small-arms fire. When the ambush was over, 18 policemen and one Chinese worker had been killed. Another six gendarmes and two Chinese workers were wounded in the attack.

[...]

By design, AQIM incorporated the GSPC with elements of Morocco’s Islamic Combatant Group, Libya’s Islamic Fighting Group, several Tunisian groups, most notably the Tunisian Combatant Group, and jihadists in Mali, Niger and Mauritania. However, in practice, the vast majority of the group’s infrastructure came from the GSPC, and attacks since the founding of AQIM in 2006 have reflected this. Indeed, in spite of the many high-profile Libyan and Moroccan militants who serve as part of the al Qaeda core leadership, Libya and Morocco have been extremely calm since the emergence of AQIM, and the group has remained an Algeria-based phenomenon.

[...]

The attacks in Mauritania have shown rudimentary tactics with poor planning, and the militants associated with AQIM in Mauritania simply have not displayed the ability to mount a large-scale, coordinated attack. The group’s activities in Mali and Niger are also mainly constrained to low-level attacks against government or military outposts and foreign mining sites and personnel in the northern stretches of those countries. AQIM also conducts training and engages in smuggling and kidnappings for ransom in this deserted region.

This means that, in the end, in spite of all the hype associated with the AQIM name, the group is essentially a rebranded GSPC and not some sort of revolutionary new organization. It has adapted its target set to include foreign interests, and it did add suicide bombing to its repertoire, but aside from that there has been very little movement toward AQIM’s becoming a truly regional threat.

[...]

Perhaps the AQIM militants got lucky or the Algerian gendarmes targeted in the attack made a fatal mistake. However, the increased death toll could also have been a result of superior IED design, or superior planning by the operational leader of the ambush. Such a shift could indicate that an experienced operational commander or bombmaker has come to AQIM from someplace like Iraq or Pakistan. It will be very important to watch the next few AQIM attacks to see if the June 17 attack was indeed just an anomaly or if it was the beginning of a new and deadly trend.

Friday, June 26, 2009

NRO: 2006 Satellite Failure Remains a Mystery

Via FAS Secrecy Blog -

In February 2008, the U.S. fired a missile at an inoperable U.S. intelligence satellite that had failed shortly after launch in December 2006. The satellite was destroyed reportedly in order to prevent an intact reentry of its toxic hydrazine fuel tank. But do we know why or how it failed in the first place?

“No,” the director of the National Reconnaissance Office told Congress last year, in newly disclosed responses (pdf) to questions for the record (p.89).

“After an exhaustive formal failure investigation, and three different independent review team investigations, the cause of the failure and what failed was not determined,” said Scott Large, then-director of the NRO. “Our exhaustive analysis of the spacecraft design and test program did not identify the root cause of the failure,” Mr. Large said. His remarks appeared in the record of a March 5, 2008 hearing before the House Armed Services Committee that was published this month.

“The era of Acquisition Reform is over,” Mr. Large also told Congress. “It has left the NRO in a fragile state with a poor history of performance.”

On June 12, Secretary of Defense Robert Gates, with concurrence of the DNI, appointed retired Air Force Gen. Bruce Carlson as the 17th director of the National Reconnaissance Office.

Blue Chip FTP Logins Found on Cybercrime Server

Via The Register UK -

Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server.

Jacques Erasmus, CTO at security tools firm Prevx, stumbled across a site where a Trojan is uploading FTP login credentials captured from compromised machines. So far, Erasmus has found logins for ftp.bbc.co.uk, ftp.cisco.com, ftp.amazon.com, ftp.monster.com and, even security sites including ftp.mcafee.com and ftp.symantec.com along the extensive list of more than 68,000.

Other login credentials refer to the Bank of America, one of the few organisations PrevX has had time to notify directly at the time of writing.

Initial investigations suggest the logins were swiped during the last two weeks and that at least some remain valid. The breach therefore opens the door for hackers to upload drive-by download scripts and other nasties onto compromised sites. PrevX is running scans to detect rogue iFrames on potentially vulnerable sites, and is yet to see any evidence that this has actually happened.

Erasmus explained that the FTP login data is getting uploaded by a variant of the zbot Trojan onto a server hosted in China, where they are stored in plain text and thus potentially open to all and sundry to find and abuse. PrevX has filed an abuse complaint against the site with the hosting provider.

"The data is harvested from users' machines, when they get infected," Erasmus explained. "A typical scenario might be that a web designer for one of the organisations gets infected, his stored ftp login details gets compromised, and so the attacker in this case is able to log in to the ftp site and compromise the website pages."

"It's the biggest compromise of its type I've seen," Erasmus told El Reg.

Blu-Ray Laser Keychain

Via HackaDay.com -



[Jay] hacked a Blu-Ray laser diode into a keychain enclosure. He found a heavy brass keychain light from Lowe’s and stuffed the diode and a larger battery inside. The existing batteries weren’t powerful enough, so he drilled out the endcap to fit a 200mAh 3.6v lithium battery inside. He also modded the power button to only momentarily turn on the diode. With the larger battery, the laser can run for about an hour between charges. In addition to a Blu-Ray lasers, he also has versions with a 200mW red diode.

Related: Laser projector zippo

Massachusetts Worker Accused in ID Theft Scheme

Via DarkReading -

A Massachusetts woman was indicted earlier this week for allegedly stealing personal information from the database she worked with and using it to obtain credit cards.

According to a report in the Boston Globe, Desiree Gordon was indicted on 67 counts of credit card fraud, larceny, and identity theft crimes for stealing the personal information of at least 34 people, many of whom were physicians, according to the Middlesex district attorney's office.

The district attorney's office believes the defendant had access to a database of healthcare professionals that contained personal data through her employment at a medical cost-management firm. The name of that firm was not released.

Gordon, 38, was indicted by a Middlesex grand jury on 21 counts of larceny, 22 counts of identity fraud, 20 counts of credit card fraud, two counts of forgery, and for being a common and notorious thief, said District Attorney Gerry Leone, in a statement.

Victims of the alleged crimes came from around the country, including Massachusetts, Texas, Pennsylvania, and Illinois, according to a spokesman for Leone's office.

Gordon's alleged scheme was brought to the attention of state police in December, when one of the victims reported her personal information had been compromised and used to obtain a credit card that was sent to a post office box in Lowell, Leone said.

Postal inspectors learned the box was rented by Gordon and that multiple credit cards in other victims' names had been sent to that box, as well as to the defendant's home address, Leone said. Charges made to those credit cards could be traced to the defendant, he added.

Gordon is scheduled for arraignment July 1 in Woburn Superior Court.

Alleged ETA Terror Members Arrested in Paris Gathering Intel

Via Google (AFP) -

Two alleged senior members of the armed Basque separatist organisation ETA accused of gathering intelligence on future targets were arrested near Paris on Thursday, officials said.

Javier Arruabarrena Carlos, 37, and Ohiane Garmendia Marin, 32, were arrested at Charenton-le-pont, a southeastern suburb of Paris, and officers were carrying out a search of their home, a police source said.

The suspects -- a man and a woman -- were described as "two main members of ETA's intelligence wing," by Spanish Secretary of State for the Interior Antonio Camacho who praised the "effective collaboration" between the French and Spanish authorities which led to the arrests.

Interior Minister Alfredo Perez Rubalcaba told parliament the pair were responsible for gathering intelligence on future targets.

He said, however, that it was "unlikely" that they were involved in a car bomb which killed a police inspector last Friday in Spain's Basque region.

French investigators had seized computers during their search of the suspects' home, said Rubalcaba, adding that it had been a "good week" for security forces battling the organisation.

Three other alleged ETA members were on Monday taken in for questioning in the Basque region accused of possessing 75 kilos (165 pounds) of explosives.

ETA, considered a terrorist organisation by the European Union and the United States, is blamed for the deaths of 825 people in its 40-year campaign to carve a Basque homeland out of northern Spain and southwestern France.

Australia's Great Firewall to Censor Video Games

Via theage.com.au -

The [Australian] Federal Government has now set its sights on gamers, promising to use its internet censorship regime to block websites hosting and selling video games that are not suitable for 15 year olds.

Separately, the Communications Minister, Stephen Conroy, has been nominated by the British ISP industry for its annual "internet villain" award, competing alongside the European Parliament and French President Nicolas Sarkozy.

Australia is the only developed country without an R18+ classification for games, meaning any titles that do not meet the MA15+ standard - such as those with excessive violence or sexual content - are simply banned from sale by the Classification Board, unless they are modified to remove the offending content.

So far, this has only applied to local bricks-and-mortar stores selling physical copies of games, but a spokesman for Senator Conroy confirmed that under the filtering plan, it will be extended to downloadable games, flash-based web games and sites which sell physical copies of games that do not meet the MA15+ standard.

This means that even Australians who are aged above 15 and want to obtain the adult-level games online will be unable to do so. . It will undoubtedly raise the ire of gamers, the average age of which is 30 in Australia, according to research commissioned by the Interactive Entertainment Association of Australia.

Colin Jacobs, spokesman for the online users' lobby group Electronic Frontiers Australia, said the Government clearly went far beyond any mandate it had from the public to help parents deal with cyber-safety.

He said Australians would soon learn this the hard way when they find web pages mysteriously blocked.

"This is confirmation that the scope of the mandatory censorship scheme will keep on creeping," said Mr Jacobs.

"Far from being the ultimate weapon against child abuse, it now will officially censor content deemed too controversial for a 15-year-old. In a free country like ours, do we really need the government to step in and save us from racy web games?"

Senator Conroy's spokesman said the filter would cover "computer games such as web-based flash games and downloadable games, if a complaint is received and the content is determined by ACMA to be Refused Classification". All games that exceed MA15+ are deemed to be RC.

The filtering could also block "the importation of physical copies of computer games sold over the internet which have been classified RC", the spokesman said.

Ron Curry, chief executive of the IEAA, said the move highlighted the "unacceptable situation" of not having an R18+ classification for video games. The industry has been fighting for changes to classification laws for years.

"It's through the introduction of an R18+ classification that adults will have access to age appropriate material and parents will have the full tool kit to understand the suitability of content for their children," he said.

Mark Newton, an ISP engineer and internet filtering critic, said the move to extend the filtering to computer games would place a cloud over online-only games such as World of Warcraft and Second Life, which aren't classified in Australia due to their online nature.

He said the online distribution of such games has historically been exempt from customs controls on RC material because they have only ever covered physical articles.

"That exemption is the only reason why multi-player games with user-generated environments are possible in this country; without it, it'd only take one game user anywhere in the world to produce objectionable content in the game environment to make the Australian Government ban the game for everyone," said Newton.

Nine ISPs are trialling the web censorship plan, which will block all content that has been "refused classification" by ACMA. Results of the trials are due to be published in July.

Thursday, June 25, 2009

North Korea Vows Nuke Attack if Provoked

Via Military.com -

Punching their fists into the air and shouting "Let's crush them!" some 100,000 North Koreans packed Pyongyang's main square Thursday for an anti-U.S. rally as the communist regime promised a "fire shower of nuclear retaliation" for any American-led attack.

Several demonstrators held up a placard depicting a pair of hands smashing a missile with "U.S." written on it, according to footage taken by APTN in Pyongyang on the anniversary of the day North Korean troops charged southward, sparking the three-year Korean War in 1950.

North Korean troops will respond to any sanctions or U.S. provocations with "an annihilating blow," one senior official vowed - a pointed threat as an American destroyer shadowed a North Korean freighter sailing off China's coast, possibly with banned goods on board.

A new U.N. Security Council resolution passed recently to punish North Korea for conducting an underground nuclear test in May requires U.N. member states to request inspections of ships suspected of carrying arms or nuclear weapons-related material.

In response to the sanctions, the North pulled out of nuclear talks and has ramped up already strident anti-American rhetoric. And the isolated regime may now be moving to openly flout the resolution by dispatching a ship suspected of carrying arms to Myanmar.

While it was not clear what was on board the North Korean-flagged Kang Nam 1, officials have mentioned artillery and other conventional weaponry. One intelligence expert suspected missiles.

The U.S. and its allies have made no decision on whether to request inspection of the ship, Pentagon press secretary Geoff Morrell said Wednesday in Washington, but North Korea has said it would consider any interception an act of war.

If permission for inspection is refused, the ship must dock at a port of its choosing so local authorities can check its cargo. Vessels suspected of carrying banned goods must not be offered bunkering services at port, such as fuel, the resolution says.

A senior U.S. defense official said the ship had cleared the Taiwan Strait. He said he didn't know whether or when the Kang Nam may need to stop in some port to refuel, but that the Kang Nam has in the past stopped in Hong Kong's port.

Another U.S. defense official said he tended to doubt reports that the Kang Nam was carrying nuclear-related equipment, saying information seems to indicate the cargo is banned conventional munitions. Both officials spoke on condition of anonymity in order to talk about intelligence.

North Korea is suspected to have transported banned goods to Myanmar before on the Kang Nam, said Bertil Lintner, a Bangkok-based North Korea expert who has written a book about leader Kim Jong Il.

Pyongyang also has been helping the junta in Yangon build up its weapons arsenal, a South Korean intelligence expert said. He spoke on condition of anonymity because of the sensitivity of the issue.

The two countries have not always been on good terms. Ties were severed in 1983 after a fatal bombing during the South Korean president's visit to Myanmar blamed on North Korean commandoes.

They held secret talks in Bangkok in the 1990s to discuss the lone survivor among the three North Korean commandos involved in the bombing, and since have forged close relations.

The two regimes, among Asia's most repressive, restored diplomatic ties in 2007. Not long after that, in April 2007, the Kang Nam docked at Thilawa port saying it needed shelter from bad weather.

But one expert said reports show the weather was clear then, and two local journalists working for a foreign news agency who went to write about the unusual docking were arrested.

"The Kang Nam unloaded a lot of heavy equipment in 2007," Lintner said. "Obviously, the ship was carrying something very sensitive at that time as well."

North Korea has also helped Myanmar dig tunnels in recent years, said Lintner, adding that the cash-strapped North may have received rice, rubber and minerals in return for its military and other assistance.

"North Korea appears to have exported conventional weapons to Myanmar in exchange for food," another expert said.

Pyongyang is believed to have transported digging equipment to Myanmar, which is seeking to make its new capital a fortress with vast underground facilities, he said, speaking on condition of anonymity to discuss intelligence.

[...]

On Thursday, Pyongyang vowed to enlarge its atomic arsenal and warned of a "fire shower of nuclear retaliation" if provoked by the U.S.

North Korea's "armed forces will deal an annihilating blow that is unpredictable and unavoidable, to any 'sanctions' or provocations by the US," Pak Pyong Jong, first vice chairman of the Pyongyang City People's Committee, told the crowd gathered for the Korean War anniversary rally.

In Seoul, some 5,000 people - mostly American and South Korean veterans and war widows - also commemorated the anniversary at a ceremony.

South Korean President Lee Myung-bak said the nation is prepared to counter any type of threat or provocation.

"The South Korean government is firmly determined to defend the lives and wealth of its people and will do its utmost to find the remains of troops killed in the Korean War," he said at the ceremony.

The two Koreas technically remain in a state of war because the conflict ended in a truce, not a peace treaty.

Good Genetic Male Beetle Make Bad Fathers

Via Physorg.com -

In almost all animals, females mate with several different , despite the fact that a single mating is often sufficient to fertilize her eggs. Multiple mating also carries costs to females, such as the risk of catching sexually transmitted diseases.

One commonly held belief is that this behaviour may allow females to choose the of the male with highest genetic quality to fertilize her eggs. Professor Göran Arnqvist from the Department of Ecology and Evolution, Uppsala University and associate professor Trine Bilde from the Department of Biological Sciences, University of Aarhus, have tested this possibility directly for the first time and shown that it is not true.

Their study on seed beetles shows that, contrary to predictions, males of low genetic quality are more successful in fertilizing eggs. Males who gained the highest share of paternity were actually males with low genetic quality. These males also fathered offspring that did less well.

"The results support the suggestion that that are good for males may often be bad for their mates. Therefore, in beetles at least, multiple mating does not award with genetic benefits," says Göran Arnqvist.

Source: Uppsala University (news : web)

Wednesday, June 24, 2009

U.S. Trade Officials Say China Web Filter Breaks WTO Rules

Via WSJ.com -

Senior U.S. trade officials have called on China to revoke an order for all personal computers in China to be shipped with Web-filtering software, saying the requirement could conflict with China's obligations under the World Trade Organization.

According to a U.S. government official familiar with the matter, U.S. Trade Representative Ron Kirk and Commerce Secretary Gary Locke urged the Chinese government to reverse its decision in joint letters submitted to two Chinese ministries on Wednesday. It was the highest-level U.S. complaint so far against the software rules, due to take effect on July 1, and escalated a dispute over a plan that has already angered free-speech advocates.

The letters, sent separately to China's Ministry of Industry and Information Technology and the Ministry of Commerce, said the Chinese move raises "fundamental questions about regulatory transparency and compliance with a number of WTO rules," the official said.

U.S. technology industry groups warn that the filtering software could depress sales of PCs in China, the world's second largest PC market in terms of shipments.

The software, which the government says was designed to filter out pornography and other content inappropriate for children, has been found by researchers both inside and outside China to be capable of filtering political content as well. It would add an extra layer to China's already wide-reaching methods of regulating the Internet.

The researchers say the software has major security flaws, even after its Chinese creator, Jinhui Computer System Engineering Co., made alterations to it last week. They also say that parts of the program were copied from software produced in the U.S.—an allegation that Jinhui has denied.

WTO rules include agreements that are meant to prevent governments from erecting protectionist barriers to trade.

MIIT spokesman Wang Lijian declined to comment. "We don't have any updates on Green Dam for now," he said.

The U.S. letters "expressed that the U.S. government is seriously concerned about the Green Dam [requirement], including wide-ranging concerns about the scope of the measure, the censorship implications, trade impact and security flaws which create serious problems for the IT industry and Chinese consumers," the U.S. official said.

The official indicated that concerns over the past several weeks have been magnified by the Chinese government's unwillingness to explain the intent and scope of the new measure, which was introduced at short notice. Earlier, U.S. officials from the State and Commerce departments, as well as USTR officials based in Beijing, met with officials from MIIT and the Ministry of Commerce to express concerns that Green Dam would restrict access to the Internet and infringe on "internationally recognized rights to freedom of expression."

Separately, Japanese officials met with MIIT officials on Wednesday to express concern about Green Dam, according to a Japanese embassy official, who asked not to be identified. "The Japanese government also has a very big concern about this problem," the Japanese official said.

Apple Broke the Law By Lying About Steve Jobs Health

Via Cult of Mac -

Apple broke the law by lying about Steve Jobs health, says a top marketing professor.

But whether the Security and Exchange Commission has the “balls” to prosecute is unclear.

Paul Argenti, Professor of Corporate Communication at Tuck School of Business at Dartmouth, says that Apple’s communications about its CEO’s health violated the SEC’s full disclosure regulations.

The SEC’s Regulation FD requires “full and fair disclosure by public companies,” but Apple has done neither, says Argenti. At first, Apple said Jobs had a “nutritional imbalance,” but on Friday the Wall Street Journal disclosed that he has undergone a liver transplant.

“The difference between a nutritional imbalance and a liver transplant is huge,” said Prof. Argenti to CoM by phone. “If this is not a legal issue and a Regulation FD issue, I don’t know what is.”

Argenti said Apple clearly knew months ago that Jobs would have to undergo life-saving surgery and had a legal obligation to disclose that.

“The law is very clear — full disclosure of material information,” said Argenti. “If a CEO’s liver transplant isn’t material, what is? But whether the SEC has the balls to do something about it, we’ll see.”

The SEC is reportedly already looking into the company’s handling of Jobs’s health disclosures.

Experts argue that shareholders are legally entitled to information that has material effect on company — and that a CEO’s health is material, especially one as closely tied to the company as Jobs is.

In December, Jobs said he was suffering from an easily treatable hormone imbalance; less than a week later, he said he was taking six months medical leave because his medical issues were “more complex.”

Argenti said the biggest issue is the ethics and the reputation of the company. Apple has severely damaged its trustworthiness and credibility.

“Clearly, this is going to affect not only Apple’s customers but employees that were lied to or kept in the dark about what was going on,” Argenti said. “Apple is one of the most admired companies in America and this is how they deal with this kind of news? It’s unacceptable, unethical and irresponsible to all constituents.”

Argenti said Apple’s miscommunication about Jobs undercuts its slick marketing and hurts its reputation with consumers and investors. “As a communications strategy, it makes no sense.”

“It’s going to be a big issue in the next few days, I guarantee it.”

Jobs was diagnosed with pancreatic cancer in 2004, which appeared to have been successfully treated until 2008, when Jobs lost weight rapidly. On Friday, the Wall Street Journal reported that he had received a liver transplant, suggesting that the cancer had metastasized to the liver.

So far, Apple has neither confirmed or denied the Journal report.

Photo of the Day - Stunning Volcano Eruption Seen From Space


(Photo Credit: NASA)

Sarychev Peak, one of the most active volcanoes in the world, had been sitting quietly in the Kuril Island chain near Japan for 20 years, when it suddenly sprang to life on June 12.

Fortuitously, the International Space Station was flying overhead at the time, and managed to capture this spectacular image of the ash-cloud tearing through the atmosphere, sending clouds scattering in its wake in a perfect circle.

Tuesday, June 23, 2009

Manchester Council Breaches UK's Data Protection Act

Via v3.co.uk (formerly vnunet.com) -

Manchester City Council has lost two unencrypted laptops containing personal details on at least 1,754 employees at local schools.

The Information Commissioner's Office (ICO) confirmed that the council had breached the Data Protection Act, and that it will have to conform to higher standards.

Manchester City Council chief executive Howard Bernstein signed a formal undertaking (PDF) that the council will ensure that all laptops and other removable devices are encrypted and secured, and that only essential personal information is downloaded to mobile devices.

Bernstein also promised to implement an improved training programme covering the security of personal information.

"Organisations must implement appropriate safeguards to ensure that personal details are handled securely and do not fall into the wrong hands," said Sally-Anne Poole, head of enforcement and investigations at the ICO, in a statement.

"We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of staff is embedded in organisational culture."

Taliban Fighters Avert Attacks with Special Infrared Patches

Via Washington Times -

Some Taliban fighters have been able to ward off attacks by U.S. aircraft by wearing special infrared patches on their shirts that signal that they are friends rather than foes.

The patches, which can also help suicide bombers get close to U.S. targets, are supposed to be the property of the U.S. government alone, but can be easily purchased over the Internet for about $10 each. Also available online: night-vision goggles and military-grade communications systems like the ones used by the terrorists who attacked the Indian city of Mumbai last year.

While stealing uniforms is as old as warfare itself, the Internet has made purchases of military equipment much easier and increased the risk to U.S. forces in Iraq and Afghanistan.

Some of the patches have been stolen during raids on U.S. resupply convoys in Afghanistan and Pakistan. But they can also be purchased in the United States and sent overseas with little detection.

In a recent investigation, the U.S. Government Accountability Office (GAO) bought patches using fake names and a front company with only a valid credit card. The patches reveal an American flag when looked at with an infrared light and were designed to avoid friendly fire during nighttime battles.

Jonathan Meyer, assistant director of forensic audits and special investigations for the GAO, told The Washington Times, "Based on our conversations with the Department of Defense, terrorists have used U.S. uniforms and the infrared patches to get close to U.S. and allied forces on the battlefield and at bases. This is more of a potential suicide-bomber risk."

Mr. Meyer helped lead the GAO investigation, which concluded that few regulatory controls exist for dual-use and military technology sold domestically.

Rep. Bart Stupak, Michigan Democrat, who chairs the House Energy and Commerce oversight and investigations subcommittee, said the infrared patches are also made in China.

"It is rather simple technology," he said. "We not only sell this to domestic people here, and they sell them to anybody, but you can get them from China, and the Chinese will sell them to others.

"They have been used by the enemy in the war. It's of grave concern because you don't know who is friendly or not," Mr. Stupak added.

Newsweek magazine first reported in 2007 that 4,800 such patches had been sold inadvertently in 2006 to 23 U.S. and Canadian companies by an Arizona-based company, Government Liquidation. The patches were still sewn onto uniforms that were sent out.

The GAO was able to purchase the patches from a New York-based military-supply dealer, but did not identify the seller's name.

"An enemy fighter wearing these [infrared] flags could potentially pass as a friendly service member during a night combat situation, putting U.S. troops at risk," the June 4 report said. "Nevertheless, these items are completely legal to buy and sell within the United States."

The report followed up on a 2008 GAO study that exposed the fact that military-surplus items, such as spare parts for fighter jets, could be purchased on eBay and Craigslist. That same year, an NBC team also was able to procure the infrared patches and have them sent to a mailing address in Amman, Jordan. Earlier, the Associated Press reported that F-14 spare parts had found their way to Iran from U.S. suppliers after the Pentagon sold the equipment to military wholesalers.

[...]

"Since the beginning of warfare, people have been dressing up as the enemy to infiltrate," he said. "We certainly have done this in the past to our enemies, and our enemies have done this to us."

Mr. Keane, who played a key role in developing the counterinsurgency strategy for Iraq, added, "There are other safeguards in addition to [these patches]. A visual identification and other identification is in the soldier's possession. There are multiple things that are being checked. When it comes to the tactical situation, infrared certainly helps identify where we are, but there is also a dialogue that is taking place describing the situation."

But "it would seem to me that something we are using to help identify ourselves should not be available to the general public, and it should be something that is only acquired through military channels," Mr. Keane said.

DHS to Kill Domestic Satellite Spying Program

Via Yahoo! News (AP) -

Homeland Security Secretary Janet Napolitano plans to kill a program begun by the Bush administration that would use U.S. spy satellites for domestic security and law enforcement, a government official said Monday.

Napolitano recently reached her decision after the program was discussed with law enforcement officials, and she was told it was not an urgent issue, said the official, who spoke on condition of anonymity because he was not authorized to talk about it.

The program was announced in 2007 and was to have the Homeland Security Department use overhead and mapping imagery from existing satellites for homeland security and law enforcement purposes.

The program, called the National Applications Office, has been delayed because of privacy and civil liberty concerns.

The program was included in the Obama administration's 2010 budget request, according to Rep. Jane Harman, a California Democrat and House homeland security committee member who was briefed on the department's classified intelligence budget.

Harman said Monday she had not been given final word that the program would be killed. She said she would talk to Napolitano on Tuesday.

Harman has been outspoken about her concerns that the program is unnecessary, far reaching and open-ended.

"I thought this was just an invitation to huge mischief," Harman said. Of killing the program, she said, "It shows real leadership on the part of Janet Napolitano."

Homeland Security spokeswoman Amy Kudwa said Napolitano began looking at the program shortly after she became secretary. Kudwa said the department expects to announce the results of that review soon.

Rep. Peter King, R-N.Y., said he hoped the department wasn't canceling the program.

"If it is true, it's a very big mistake," said King, who is the top Republican on the House Homeland Security Committee. "This is definitely a step back in the war on terror."

For years, domestic agencies such as the Federal Emergency Management Agency and Interior Department have had access to this satellite imagery for scientific research, to assist in response to natural disasters like hurricanes and fires, and to map out vulnerabilities during a major public event like the Super Bowl.

Since 1974 the agency's requests satellite imagery have been made through the federal interagency group, the Civil Applications Committee.

The Bush administration, however, decided to funnel the requests through the Homeland Security Department and expand their use for homeland security and law enforcement purposes.

After receiving a letter from Los Angeles Police Chief William Bratton, Napolitano decided the program should be canceled.

Bratton, in his role as head of the Major City Chiefs Association, wrote on June 21 that the program, as envisioned by the Bush administration, is not an urgent need for local law enforcement.

Instead, Bratton said, Homeland Security should focus on the fusion centers across the country and improving information-sharing with state and local officials to improve the domestic intelligence picture.

Bratton said he was unaware whether police chiefs has been consulted by Bush administration officials about the satellite program.

"To my knowledge, this is the first opportunity major law enforcement organizations have had to participate in this significant and complex initiative," he said in the letter.

How Printers Can Breach Our Privacy: Acoustic Side-Channel Attacks on Printers

Medical data is generally considered private, and there are good reasons for it: Your medical records may reveal if you're suffering from from contagious diseases (your friends are probably interested in this), if you have genetic conditions increasing your risk for certain forms of illnesses (your health insurance company might be interested in this), if you were really having a severe cold this week's Monday right after your vacations (your employer might be interested in this), and if you're suffering from sexual diseases or if you receive Methadone as a substitute for illegal drugs (you simply think nobody should be interested in this).

All this kind of data is regularly printed in a doctors practice. Now these printers are typically placed such that nobody can see what is printed, and you might believe that your data is secure. However, this belief is not justified. In this study we showed that printed text can be reconstructed from a previously taken recording of the sound emitted by the printer. A majority of the doctors' practices use dot-matrix printers for printing (see below for the results of a survey we commissioned on the usage of dot-matrix printers), and in some cases they are even required to do so.

In effect this means that any person sitting in the reception area of the doctor can record the sound of the printer and can reconstruct the printed text. Our novel attack takes as input a sound recording of a dot-matrix printer processing text, and recovers up to 72% of printed words. After an upfront training phase, the attack is fully automated and uses a combination of machine learning, audio processing and speech recognition techniques, including spectrum features, Hidden Markov Models and linear classification; moreover, it allows for feedback-based incremental learning.

---------------------------

http://www.infsec.cs.uni-sb.de/projects/printer-acoustic/

Verified Identity Pass Closes Clear Operations - No More Clear Lanes @ Airports

http://www.flyclear.com/

At 11:00 p.m. PST on June 22, 2009, Clear will cease operations. Clear’s parent company, Verified Identity Pass, Inc. has been unable to negotiate an agreement with its senior creditor to continue operations.

What will happen to my personal information?

Applicant and Member data is currently secured in accordance with the Transportation Security Administration’s Security, Privacy and Compliance Standards. Verified Identity Pass, Inc. will continue to secure such information and will take appropriate steps to delete the information.

Will I receive a refund for membership in Clear?

At the present time, because of its financial condition, Verified Identity Pass, Inc. cannot issue refunds.

Clear's Privacy Policy

Clear's Online Privacy Policy

Monday, June 22, 2009

University of Toronto's Supercomputer Goes Online

Via Wikinews.org -

The University of Toronto SciNet Consortium went online yesterday with the IBM System x iDataPlex Supercomputer.

U of T's IBM System x is now the fastest computer outside of the United States, the largest Intel processor based IBM installation internationally and the twelfth most powerful globally. It will be used for a wide variety of operations, such as analysing climate change models, aerospace, astrophysics, genetics, bioinformatics, chemical physics, medical imaging research and other highly calculation-intensive tasks.

The C$50 million dollar supercomputer can perform 300 trillion calculations per second and uses the equivalent amount of energy which would power 4,000 homes. The supercomputer will be cooled by outdoor winter air assisted by a water based cooling system during warmer summer months.

The computer will provide computations for the Large Hadron Collider (LHC) that started preliminary experiments on September 10, 2008 at CERN in Geneva, Switzerland. The LHC will produce cataclysmic collisions that will mimic the conditions that existed shortly after the beginning of time. The IBM System x's 30,240 Intel 5500 series 2.53 GHz processor cores — arranged in 45 file-like stacks — will examine the results of the particle collisions.

Faster Actions Needed Against Phishing Domains

Via Netcraft.com -

Criminals often register their own domain name to perform phishing attacks. Unlike the other common phishing site scenarios (including hacked servers, open redirects, and abuse of free webhosting), phishing sites that have their own domain name can be harder to remove, because the website owner and domain owner is the fraudster. Only the hosting and DNS providers and the domain registrar are able to take the site down and also likely to cooperate.

The operation of top-level domains is generally split between a registry, which operates the infrastructure that answers DNS queries, and registrars, which sell domain names and provide the process for owners to maintain their records. Registries generally are not directly involved in removing phishing domains, and refer those to the registrar through which the domain was registered.

However, it is relatively easy to become a registrar, so large numbers of hosting companies, web design firms and domain name resellers are able to handle registrations. Registrars may not all respond quickly to abuse complaints. And in unusual cases registrars themselves may be involved in illegal activity.

There is a particular problem with so-called fast flux phishing attacks. Here the attacker uses a large pool of compromised hosts — often personal computers on DSL connections — and from these randomly chooses a number to act as web servers to host the phish (and also some to act as DNS servers for the phishing domain). The set of hosts used to support the phishing site is changed regularly, so efforts to contact the owner of one hacked system would at best cause the phishing site to be temporarily unavailable. ICANN (which hands out the contracts to operate generic top level domains including .com) published a report earlier this year looking at whether it should intervene to encourage adoption of more effective policies by registrars to prevent the abuse of fast-flux setups; but it seems reluctant to compel registrars to stop a practice that may also have some legitimate uses.

The one common point for any phishing attack is the URL sent to victims. In the case of fast-flux attacks, the owner of the domain will not cooperate and there are too many hacked systems hosting the phish for contacting the hosting provider to be effective. The only place where the attack can be quickly stopped is for the registrar or registry to suspend its domain name.

The policies of the DNS registry for the top-level-domain containing the site are therefore important. The most practical indication of the relative success of these policies is to look and see which top-level-domains (TLDs) are most often used for whole-domain phishing attacks:

[...]

The high placement of .tk is unsurprising, given that it is possible to register .tk domains for free that redirect to any URL, completely anonymously. .com is the most common TLD for phishing domains, perhaps due to the ease of registering .com domains, and because the large number of registrars for .com domains gives an opportunity for fraudsters to look for registrars with weak checks or that respond slowly to abuse reports.

Finding an efficient escalation process in the case where the registrar is slow to cooperate will be the key to reducing the number of domains registered for phishing. The system that was designed to deal with domain disputes around ownership and trademarks is now looking too cumbersome when dealing with the problem of phishing attacks, where fast responses are essential to minimising fraud.

China's Green Dam Quietly Patched; Still Vulnerable

http://www.cse.umich.edu/~jhalderm/pub/gd/#add1

Following our initial analysis, the makers of Green Dam have released at least one security update and two filter updates. These updates address the original web filtering security vulnerability we described above, disable certain blacklists that were copied from the CyberSitter program, and bring the software into compliance with the OpenCV license.

Unfortunately, we have discovered an additional remotely-exploitable security vulnerability in the patched version. Even with the updated version installed, any web site a user visits can exploit this problem to take control of the computer. We continue to recommend that users protect themselves by uninstalling Green Dam immediately.

While Green Dam's developers have patched the software quickly, the program's continuing vulnerability suggests that its security problems run deep. We fear that the deeper problems cannot be resolved in time for the July 1 deadline for PC makers to distribute Green Dam on all new PCs sold in China.

Sunday, June 21, 2009

Wikipedia Gets Ready for a Video Upgrade

Via MIT Technology Review -

The organization behind Wikipedia is close to launching an editable online video encyclopedia to enhance the current textual one. The hope is to revolutionize the popular reference site and goad content providers--from public broadcasters to the music industry--into allowing more video to enter the public domain.

Within two to three months, a person editing a Wikipedia article will find a new button labeled "Add Media." Clicking it will bring up an interface allowing her to search for video--initially from three repositories containing copyright-free material--and drag chosen portions into the article, without having to install any video-editing software or do any conversions herself. The results will appear as a clickable video clip embedded within the article.

Later, Wikipedia plans to offer ways for users to search the entire Web for importable videos, and plans to provide tools to edit, add to, and reorganize the clips within the Wikipedia website, just as is now done with text.

"To have people be able to go in and annotate your video, edit your video, and improve upon it--in the same way people have been doing to your text posts--is pretty outstanding, and will create an audio-visual representation of our world that will rapidly become as definitive and collaborative as Wikipedia is in the textual world," says Peter Kaufman, executive producer at Intelligent Television, a documentary production company in New York City that works with cultural and educational institutions, helping them bring their works online. "That may just be the holy grail."

The initial video repository tapped by the new tool will be the Internet Archive, which holds nearly 200,000 videos, including documentaries, interviews, and oddities such as 1950s educational clips. Another source will be Wikimedia Commons, a database of more than four million media files, including many videos. (The database is maintained by the Wikimedia Foundation, which also created Wikipedia.) The third source, Metavid, is a repository of Congressional speeches and hearings. The closed-captioning text that accompanies such videos serves as a handy tagging system, and users can search for words or phrases and find the right section of a speech to import.

Key to Wikipedia's video effort--funded partly by the Mozilla Foundation, makers of the open-source Firefox browser--is Wikipedia's insistence that any video passing into its pages be based on open-source formats. In the future, the offerings behind the "Add Media" button will include a search function for scouring the Web for video content. The hope is that this requirement will force content holders--motivated by the desire for exposure on Wikipedia--to put their material into the public domain. "Once people see how open-source video will get much more visibility on the open Web, it will motivate the content providers to jump on board--or miss the ship," says Michael Dale, a software engineer from Kaltura, a video startup based in New York City that is collaborating with Wikimedia on the effort.

DISA Plans Presidential Network that can Survive a Nuclear Attack

Via NextGov.com -

The Defense Information Systems Agency plans to install a presidential network in the Washington area this year that will be able to survive an attack by a nuclear weapon that generates a high-altitude electromagnetic pulse (HEMP), which can burn out circuit boards and other electronic devices, according to budget documents.

The agency started work on the network in 2008 and plans to install communications equipment resistant to damage by a high-altitude electromagnetic pulse. The network was developed at the direction of the "National Security Presidential Directive on Survivable Senior Leadership Communications in a HEMP Environment." It features Promina network switches from Network Equipment Technologies Inc. and manage communications over a specially designed and deployed Voice over Internet Protocol network.

DISA developed the HEMP system, which includes upgrades to a UHF network serving senior leadership in the Washington area, as part of a National Emergency Action Decision Network to serve the president, secretary of Defense and other senior leaders. John Garing, DISA chief information officer and director of strategic planning, said the network supports radio systems on helicopters and feeds into the HEMP network. Funding for all systems in the National Emergency Action Decision Network is pegged at less than $1 million.

The systems will be installed in ground installations and executive aircraft, including Air Force One, four VIP Boeing 757s and two VIP Boeing 737 aircraft.

DISA also asked for $49.5 million in its fiscal 2010 budget for the Crisis Management System, a "high-performance, closed network that provides classified multimedia teleconferencing for the president, Cabinet secretaries, designated agency directors and their staffs," budget documents noted.

A HEMP attack potentially could disrupt or damage electronic systems over much of the United States, William Graham, chairman of the Commission to Assess the Threat to the United States From Electromagnetic Pulse Attack, told a hearing of the House Armed Services Committee in July 2008.