Cigarette and Tobacco Smuggling Finances Terrorism Worldwide

Via SecurityManagement.com -

A new report from the Center for Public Integrity, an investigative journalism outfit, details how terrorists and insurgencies the world over have smuggled cigarettes to finance their organizations and their missions.

CPI's investigation concentrates on seven groups which range from Marxist insurgencies to jihadist terrorists and from republican terrorists to profit-driven Congolese rebels.

After crackdowns on fundraising following the 9/11 attacks, terrorist groups worldwide have increasingly turned to criminal rackets, officials say. And smuggling cigarettes — either untaxed or counterfeit — has proved a particularly lucrative, low-risk way to fund operations.

Hezbollah, the Taliban, and al-Qaeda are involved in smuggling cigarettes; so are the Real Irish Republican Army (Real IRA) and the Kurdistan Workers’ Party (PKK). Terrorist financing through cigarette smuggling is “huge,” says Louise Shelley, a transnational crime expert at George Mason University and an adviser to the World Economic Forum on illicit trade. “Worldwide — it’s no exaggeration… No one thinks cigarette smuggling is too serious, so law enforcement doesn’t spend resources to go after it.”

“Cigarettes are easy to smuggle, easy to buy, and they have a pretty good return on the investment,” adds David Cid, a former FBI counterterrorism agent and deputy director of the Memorial Institute for the Prevention of Terrorism in Oklahoma City. “Drug dogs don’t alert on your car if it’s full of Camels.” And, he notes, “The other advantage is you don’t go to jail for 50 years.”

Trafficking stolen and counterfeit cigarettes has unwittingly become a lucrative venture for terrorist and militant organizations because of the hefty taxation on tobacco, such as in the state of New York. According to CPI, it costs $100,000 to produce 10 million cigarettes in China, which can reap revenues as high as $2 million in the United States. When you consider the relative cheapness of terrorist operations, 9-11 only cost Al Qaeda about $500,000 to pull off, profit margins like these are enormously attractive to terrorists and militant groups.

But stopping the nexus between cigarette smuggling and terrorist financing is possible, reports CPI.

“You need to ensure that the products are being sold through legitimate channels through legitimate distributors — that they’re not committing willful blindness,” Larry Johnson, a terrorism and criminal finance investigator for BERG Associates, told CPI. “The contraband is fairly easy to deal with because it’s in the power of the distributors and producers to control the process. This is actually one of those few problems that is fixable.”

For more on the report and the relationship between terrorism financing and tobacco smuggling, see this article from the Agence France Presse.

For a short film on how taxes created an explosion in black market cigarettes in New York, watch the below from the CPI.

http://www.youtube.com/watch?v=5e9ZBcSexyw

South Korea: North is Enriching Uranium

Via VOA News -

South Korea's defense minister says North Korea appears to be pushing forward with a uranium enrichment program, raising fears that it may use the material to make atomic weapons.

Addressing a hearing of lawmakers Tuesday, Lee Sang-hee said it is clear that North Korea is moving forward with the program. He added that such a program is far easier to hide than the North's current plutonium-based program.

North Korea has ample supplies of natural uranium, and it could conduct an enrichment program in underground or undisclosed facilities, away from the view of U.S. spy satellites.

Earlier this month, after the United Nations placed more sanctions on North Korea for carrying out its second nuclear test in May, Pyongyang said it would start enriching uranium.

----------------------------

Today, The United States on Tuesday added two more companies to its lists of firms facing sanctions for allegedly aiding North Korea's nuclear and missile programs. One company is in North Korea and the other is described as a North Korean front-company based in Iran.

StopBadware.org, Sunbelt Software Partner to Fight Badware

Via StopBadWare.org -

StopBadware.org, the collaborative initiative to combat viruses, spyware, and other bad software, announced today that Sunbelt Software, developer of the VIPRE anti-malware product line, will participate in the effort as a data partner. Sunbelt Software joins Google in contributing data to the project, which is based at Harvard University’s Berkman Center for Internet & Society. The initiative is funded by Google, PayPal, Mozilla, AOL, and Trend Micro.

[...]

StopBadware.org collects the URLs of these badware websites, whether malicious or compromised, from its data partners. It uses the information to support and encourage site owners and web hosting companies in cleaning up and protecting their sites. The initiative also conducts analysis of infection trends, offers independent reviews of its partners’ findings, and operates a community website, BadwareBusters.org, that provides help to people who have been victims—or wish to avoid becoming victims—of badware.

“We are thrilled that a well-respected anti-malware company like Sunbelt Software has come on board as a data partner,” said Maxim Weinstein, manager of StopBadware.org. “The new data offers us a different view of the badware website landscape and will help us to extend our reach and to provide richer analysis.”

Sunbelt Software’s director of malware research, Eric Howes, has been an advisor to StopBadware.org since early in its development, but the data partnership represents the first time the company has established an official relationship with the project.

“Sunbelt Software has always encouraged a collaborative approach to addressing the malware problem,” said Eric Howes. “We are pleased to formalize our ongoing relationship with StopBadware and support the important work it does in educating the public and the industry.”

Sunbelt will provide research data via ThreatTrack™, a comprehensive array of malicious url and malware data feeds. The data in these feeds is derived from multiple sources including: research from Sunbelt Labs; ThreatNet™, Sunbelt’sVIPRE user community that anonymously sends information on potential threats to Sunbelt Labs; and Sunbelt CWSandbox, the leading automated malware behavior analysis tool for fast and autonomous analysis of large volumes of malware samples.

This morning, StopBadware.org launched a new, richer report interface—integrating the new Sunbelt Software data—to its searchable Badware Website Clearinghouse. The new reports allow security researchers, law enforcement, site owners, and other interested parties to see a site’s current and past badware activity, along with basic information about the site. Future enhancements are expected to provide insight into the concentration of badware sites on particular networks.

Pirate Bay Site Sold, Going to Legal Business Model

Via BBC -

Global Gaming Factory (GGF) has paid 60m kronor (£4.7m) to take over the site from its founders.

Once it has taken control, GGF said it would start paying copyright fees for the movies, music and games linked to via the site.

In April, The Pirate Bay owners were found guilty of promoting copyright infringement, fined 30m kronor and were sentenced to one year in jail.

The four men behind the site, Frederik Neij, Gottfrid Svartholm Warg, Carl Lundstrom and Peter Sunde, said they planned to appeal against the sentence.

The Pirate Bay is one of the most well-known file-sharing sites on the web. Many people use it to find copyrighted material such as TV shows, games and music tracks. The Pirate Bay does not host any of the pirated material itself.

"We feel that we can't take The Pirate Bay any further," Mr Sunde told the Swedish news agency TT. "We're in a bit of a frozen situation where there's not much happening and there are neither people nor money to develop things."

Half the money GGF will pay for the site will be in cash and the remainder in shares in the company.

"We would like to introduce models which entail that content providers and copyright owners get paid for content that is downloaded via the site" said Hans Pandeya, head of GGF in a statement.

"Content creators and providers need to control their content and get paid for it," he said.

GGF has not released details of how it will charge for the content downloaded via the site. The Pirate Bay will be handed over to GGF in August.

It is not clear how the deal affects the Video Bay - a video-sharing site set up by the people behind The Pirate Bay.

GGF specialises in software that helps run and maintain PCs used in cyber cafes and gaming centres.

-----------------------

Check out TorrentFreak for updates...as it could be days (or even longer) before we know what is really going to happen.

China Puts Indefinite Delay on 'Green Dam' Mandate

Via InformationWeek -

China has postponed its requirement that all PCs sold in the country include Web filtering software known as Green Dam.

According to a post on the Web site of the state-controlled news agency Xinhua, China's Ministry of Industry and Information Technology (MIIT) said late Tuesday that the pre-installation requirement would be delayed because computer makers wanted more time for such a massive undertaking.

Although Mindtouch CEO Aaron Fulkerson does a good job listing the major points that his company's namesake product (available as a service too) touches on in this reviewcam, it's also one of those products that's difficult to describe. Three guys, three pints of beer, and random truths about green tech, Web video, telepresence, and avatars InformationWeek's Mitch Wagner demonstrates how to "get good" at Twitter.

Although Mindtouch CEO Aaron Fulkerson does a good job listing the major points that his company's namesake product (available as a service too) touches on in this reviewcam, it's also one of those products that's difficult to describe.

The MIIT had set July 1 as a deadline and some computer manufacturers have already begun complying with the order. Sony has started shipping PCs with Green Dam, accompanied by disclaimer about the risks posed by the software. Acer has reportedly expresses its intent to comply.

No new deadline was disclosed, leaving open the possibility that China might decide to abandon the filtering requirement.

The MIIT said that it would continue to provide Green Dam as a free download for users who wanted it, and would install the software on computers in schools and public Internet cafes. It intends to "keep on soliciting opinions to perfect the pre-installation plan," the Xinhua News Agency said.

Exploiting MS Advisory 971778 - QuickTime DirectShow Vulnerability

Via Tipping Point DVLabs (Aaron Portnoy) -

On May 28th, 2009 Microsoft released MS Security Advisory 971778 titled Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution. This vulnerability should be considered high-risk as it allows for remote code execution through a browser using the Windows Media Player ActiveX control. In this blog post I provide a brief walk through of details of this issue and touch upon how it can be exploited in a reliable fashion.

This vulnerability manifests itself within the quartz.dll module located within the \Windows\System32 directory. This DLL is part of Microsoft's DirectShow multimedia framework and is responsible for parsing various media formats and handing data off to appropriate installable compressors and decompressors. Frequently, vulnerabilities in media formats exist within these installable compressors (see TPTI-09-01 and TPTI-09-02 for recent examples), however, in this case the problematic code is located within quartz itself. It should be noted that Quicktime does NOT need to be installed for this issue to be exposed.

--------------------------

Check out the full post by Aaron to get all the juicy 0-day details...

ATM Vendor Halts Researcher’s Talk on Vulnerability

Via Wired.com -

An ATM vendor has succeeded in getting a security talk pulled from the upcoming Black Hat conference after a researcher announced he would demonstrate a vulnerability in the system.

Barnaby Jack, a researcher with Juniper Networks, was to present a demonstration showing how he could “jackpot” a popular ATM brand by exploiting a vulnerability in its software.

Jack was scheduled to present his talk at the upcoming Black Hat security conference being held in Las Vegas at the end of this month.

But on Monday evening, his employer released a statement saying it was canceling the talk due to the vendor’s intervention.

“Juniper believes that Jack’s research is important to be presented in a public forum in order to advance the state of security,” the statement read. “However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack’s presentation until all affected vendors have sufficiently addressed the issues found in his research.”

In the description of his talk on the conference web site, Jack wrote that, “The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. This presentation will retrace the steps I took to interface with, analyze, and find a vulnerability in a line of popular new model ATM’s. The presentation will explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM.”

Jack did not disclose the ATM brand or discuss whether the vulnerability was found in the ATM’s own software or in its underlying operating system. Diebold ATMs, one of the most popular brands, runs on a Windows operating system, as do some other brands of ATMs.

Diebold did not respond to a call for comment.

Earlier this year, Diebold released an urgent alert (.pdf) announcing that Russian hackers had installed malicious software on several of its Opteva model ATMs in Russia and Ukraine. A security researcher at SophosLabs uncovered three examples of Trojan horse programs designed to infect the ATMs and wrote a brief analysis of them. Last month another security research lab, Trustwave’s SpiderLabs, provided more in-depth analysis of malware used to attack 20 ATMs in Russia and Ukraine of various brands.

According to SpiderLabs, the attack required an insider, such as an ATM technician or anyone else with a key to the machine, to place the malware on the ATM. Once that was done, attackers could insert a control card into the machine’s card reader to trigger the malware and give them control of the machine through a custom interface and the ATM’s keypad.

The malware captured account numbers and PINs from the machine’s transaction application and then delivered it to the thief on a receipt printed from the machine in an encrypted format or to a storage device inserted in the card reader. A thief could also instruct the machine to eject whatever cash is inside the machine. A fully loaded ATM can hold up to $600,000.

It’s unclear if the talk Jack was scheduled to give addresses the same vulnerability and malware or a new kind of attack.

--------------------------

Weak sauce. This event shall now be known as ATMGATE!

But this move is not totally unexpected...after having beers with one of my friends @ Juniper several weeks ago...it sounded like the ATM vendor was starting to give the cold legal shoulder to Juniper....thus this being the outcome was not totally unforeseen.

Social Network Phishing Attacks Up More Than 240%

Via Dark Reading -

Social networks are increasingly becoming a favorite method of attack for phishers as they look for more efficient ways to reach potential victims, according to a newly released report.

Overall, phishing attacks rose 36 percent in the first quarter of this year compared to the same period in 2008, according to a sampling of banking brands used in MarkMonitor's Brandjacking Index report for January through April 2009. And more than 500 organizations worldwide were phished in the first quarter of this year, up 14 percent from the fourth quarter of last year, according to MarkMonitor.

Phishing attacks on social networking sites increased more than 240 percent compared to the same time last year, just behind attacks on payment services, which jumped a whopping 285 percent versus the first quarter of '08. "They exploit the trust one user has with another [on a social network]. There's a tendency to open up something from one of your 'friends' on these sites," says Frederick Felman, chief marketing officer at MarkMonitor. "This is the biggest innovation in phishing attacks since RockPHISH, and it's more social than technical exploitation. RockPHISH was an infrastructure play, but this is using someone else's infrastructure to spread the badness."

Blind Hacker Sentenced to 11 Years in Prison

Via Wired.com -

A legally blind Massachusetts phone hacker was sentenced Friday to over 11 years in federal prison, following his guilty plea on computer intrusion and witness intimidation charges earlier this year.

Matthew Weigman, 19, was sentenced in Dallas by U.S. District Judge Barbara M.G. Lynn, according to the U.S. Attorney’s Office there. There is no parole in the federal system, and little time off for good behavior, so the 135 month term will likely keep Weigman behind bars until 2018.

Known in the telephone party-line scene as “Li’l Hacker,” Weigman is widely considered one of the best phone hackers alive. Relying on an ironclad memory and detailed knowledge of the phone system, the teenager is known for using social engineering to manipulate phone company workers and others into divulging confidential information, and into entering commands into computers and telephone switching equipment on his behalf.

The FBI had been chasing Weigman since he was 15 years old, at times courting him as an informant. He was finally arrested last May, less than two months after celebrating his 18th birthday.

Pakistan Places Bounties on Senior Taliban Leaders

Via The Long War Journal -

The Pakistani government has put out bounties for the capture or death of Pakistani Taliban leader Baitullah Mehsud and 10 of his senior commanders operating in the lawless tribal agencies. Three senior Taliban leaders in North and South Waziristan were noticeably excluded, indicating that the government does not intend to take on these warlords.

The government announced the bounties in an advertisement in Pakistani newspapers.

Baitullah Mehsud, the leader of the Tehrik-e-Taliban, or the Movement of the Taliban in Pakistan, topped the list at an estimated price tag of $615,000.

Faqir Mohammed, the leader of the Taliban in Bajaur, came in second at $181,000.

Hakeemullah Mehsud and Qari Hussain Mehsud of South Waziristan, Omar Khalid and Qari Shakeel of Mohmand, and Commander Tariq Afridi of Darra Adam Khel each command a $123,000 bounty.

Qari Zia Rahman and Waliur Rahman of Bajaur, Fazal Saeed Utezai of Kurram, and Mufti Ilyas of Darra Adam Khel rounded out the list at $61,500 each.

The bounties for Baitullah and his deputies come a month after the government issued bounties for Swat Taliban leader Mullah Fazlullah, his deputy Shah Doran, spokesman and military commander Muslim Khan, and 18 other leaders from the region. So far, those bounties have not led to the arrest or capture of the leaders.

Both Fazlullah and Shah Doran are rumored to have been killed, but the reports have not been confirmed. The government has arrested Falzullah's family.

Siraj Haqqani, Hafiz Gul Bahadar, and Mullah Nazir are absent from the wanted list.

---------------------

Check out the CT blog's great Swat Analysis series of blogs for more information.

Crash Course in Nuclear Safety & Iran's Nuclear Program

http://www.voanews.com/english/iran_nuclear_safety.cfm

VOA News has built a series of 5 videos, each with a different theme.

Very informative stuff.

Invisibility Cloak Could Hide Buildings from Quakes

Via NewScientist.com -

Borrowing from the physics of invisibility cloaks could make it possible to hide buildings from the devastating effects of earthquakes, say physicists in France and the UK.

The "earthquake cloak" idea comes from the team led by Stefan Enoch at the Fresnel Institute in Marseille, France. They were the first to show that the physics of invisibility cloaks could have other applications – designing a cloak that could render objects "invisible" to destructive storm waves or tsunamis.

The seismic waves of an earthquake fall into two main groups: body waves that propagate through the Earth, and surface waves that travel only across the surface.

Although Enoch's team have calculated that controlling body waves would be too complex, controlling surface waves is within the ability of conventional engineering, they say. Fortunately, it is surface waves that are more destructive, says team member Sebastien Guenneau at the University of Liverpool in the UK.

The new theoretical cloak comprises a number of large, concentric rings made of plastic fixed to the Earth's surface. The stiffness and elasticity of the rings must be precisely controlled to ensure that any surface waves pass smoothly into the material, rather than reflecting or scattering at the material's surface.

When waves travel through the cloak they are compressed into tiny fluctuations in pressure and density that travel along the fastest path available. By tuning the cloak's properties, that path can be made to be an arc that directs surface waves away from an area inside the cloak. When the waves exit the cloak, they return to their previous, larger size.

[...]

"The outer rings remain nearly still, but the pair of rings tuned to the frequency of the wave move like crazy, bending up and down and twisting," says Guenneau. "For each small frequency range, there's one pair of rings that does most of the work." The team has simulated cloaks containing as many as 100 rings, says Guenneau, although fewer would be needed to protect against the most common kinds of earthquake surface waves.

When it comes to installing them into buildings, they could be built into the foundations, Guenneau suggests. It should be possible to make concrete structures with the right properties. To protect a building 10 metres across, each ring would have to be about 1 to 10 metres in diameter and 10 centimetres thick.

The concentric ring design can also be scaled down, and could offer a way to control vibration in cars or other machinery, he adds.

Police Chief & 91 Officers Detained in Pachuca, Mexico

Via Yahoo! News (AFP) -

A police chief and 91 officers were detained in a sweep on a city in central Mexico suspected of sheltering one of the country's most violent drug gangs, federal police said.

The police chief of Pachuca, capital of Hidalgo state, and the police officers were suspected of offering protection to the Zetas, the armed wing of the powerful Gulf drug cartel, federal police intelligence coordinator Luis Cardenas told reporters.

The Zetas carried out kidnappings and extortion in liaison with local police around Pachuca, some 120 kilometers (75 miles) from Mexico City, Cardenas said.

The original Zetas were elite Mexican Special Forces soldiers trained to find and detain drug lords. A group of deserters formed the group when they instead went to work for the drug lords in the late 1990s.

In recent weeks, a dozen army soldiers and police officers have been arrested in at least four Mexican districts for allegedly harboring organized crime, especially drug trafficking.

More than 10,000 people have died in suspected drug violence since President Felipe Calderon launched a nationwide military crackdown on the nation's powerful cartels two and a half years ago.

FBI: Al-Kini Group Behind Bombing Incidents in Pakistan

Via Dawn.com (Pakistan) -

The US Federal Bureau of Investigation (FBI) has informed Pakistan that Al-Qaeda's network known as ‘Al-Kini group’ was behind a series of bombing incidents in the country, including last year's deadly suicide attack on Islamabad's Marriot hotel.

In its latest communication to Pakistan's Federal Investigating Agency (FIA), the FBI has described the Al-Kini Group to be not only involved in the Marriot bombing, but its various terror cells were also involved in a suicide attack that had killed an army surgeon general, Lt. Gen Mushtaq Baig, in Rawalpindi and the bomb attack on a police station in Sargodha.

Usama al-Kini, also known as Azmarai, was Al-Qaeda's Pakistan chief until he was killed in one of the drone attacks in North Waziristan last year.

Its not clear who heads the Al-Qaeda network in Pakistan, but FBI's correspondence suggest terror-cells of those loyal to Al-Kini were still operating as a separate group, and carrying out attacks within Pakistan.

Perhaps the deadliest of the known attacks by the group was a dumper-truck bomb that caused mass destruction at Islamabad's Marriot hotel in September last year, killing 53 people and injuring dozens of others.

According to the FBI three US nationals were among those killed in the attack.

A highly informed source said the FBI has asked the FIA and Islamabad Capital Territory police to share their investigations they had carried out so far which may help them in apprehending three people described as absconders, including a person identified as Ibrar-ud-Din Syed.

A joint investigation team (JIT) headed by former director general FIA Tariq Pervez had carried out an investigation into the Marriot Hotel bombing and compiled a report.

Dr Muhammad Usman, a resident of Hayat Abad Peshawar, Rana Illyas Ahmed a resident of Sumanderi Faisalabad and Muhammad Hameed Afzal a resident of Toba Tek Sing were arrested by Pakistani security agencies for involvement in the Marriot Hotel bombing and are being tried in the ATC.

The source said in line with the FBI's request, the director general FIA has sought permission from the federal government to share their investigation with the US agency for the apprehension of individual involved in the bombing as three Americans had been killing in the terrorist attack on the hotel.

The Pakistan's federal investigating agency have also been requested to allow the FBI to carry out some forensic tests in their laboratories on left over pieces of the explosive laden vehicle, frame parts, the engine and its shrapnel which were seized by the Pakistani agencies.

The FBI believes that the relevant forensic testing on residue samples, found from the scene of the terrorist attack, would help the Pakistani authorities in their investigation.

The source said information collected from one of the arrested members of al-Kini group, Omar Farouk, revealed that the group had financed two terrorist attacks in Pakistan in 2007, including the attack on Sarghoda police station in 2007.

The FBI has stepped up its efforts to collect further information in close liaison with the FIA and other security agencies in Pakistan to tighten the noose around the Al-Kini network, which many believe had remained the most effective al-Qaeda wing within Pakistan.

Pentagon Creates U.S. Cyber Command, Will Work with NSA

Via The Register UK (June 24th) -

The long wrangle among the US military about who gets to be in charge of cyber warfare and who gets all the resulting pork appears to have been settled. Questions remain, however, regarding the level of America's readiness to take offensive military cyber action against enemies presumably overseas.

Reuters reports that the main decisions on the US military cyber command were announced yesterday at the Pentagon. Defense Secretary Robert Gates signed an order to create the new organisation, intended to be based at Fort Meade outside Washington and subordinated to the head of the US National Security Agency (NSA), widely believed to be the most powerful crypto, intercept and eavesdropping agency in the world.

The news wire quotes Department of Defense (DoD) spokesman Bryan Whitman, responding to questions about "offensive" as opposed to "defensive" cyber warfare by the US forces, as remaining noncommital.

"This command is going to focus on the protection and operation of DoD's networks," he said. "This command is going to do what is necessary to be able to do that."

The Pentagon has previously stated on many occasions that its networks and those of the US government in general are nowadays constantly subject to cyber attacks, most of which appear to emanate from abroad. China is the foreign country most often mentioned in this context, but Deputy SecDef William Lynn has recently stated that "more than 100" foreign intelligence organisations have tried to penetrate the US military's cyber grid on various occasions.

"There is simply no exaggerating our military dependence on our information networks: the command and control of our forces, the intelligence and logistics on which they depend, the weapons technologies we develop and field – they all depend on our computer systems and networks,” said Lynn earlier this month. “Indeed, our 21st century military simply cannot function without them.”

[...]

As for the matter of the US taking the cyber offensive (as opposed to defensive) this would seem to be a foregone conclusion. The very meaning of the word "Defence" in modern English has now changed to mean "activities formerly carried out by ministries or offices of War - including attack and offence as required". It's a universally acknowledged military truism that defence of one's own territory is often best conducted on someone else's.

If that wasn't enough, it should also be noted that the US military is at present engaged in building a cyber firing range - in effect a Matrix-esque virtual world - in which to test the effects of cyber weapons.

The new command's subordination to the NSA makes sense - the NSA is already hugely expert in crypto and other useful subjects. Not everyone remembers that it is a military organisation, but unlike the CIA it is indeed "a Combat Support Agency of the Department of Defense".

The cyber command is due to kick off in October, and reportedly will be fully up and running a year later.

Algeria: Taking the Pulse of AQIM

Via Stratfor (Security Weekly) -

Late in the evening of June 17, 2009, militants affiliated with al Qaeda in the Islamic Maghreb (AQIM) detonated two improvised explosive devices (IEDs) against a convoy near Bordj Bou Arreridj, Algeria, which is located in a mountainous area east of Algiers that has traditionally been an Islamist militant stronghold. The convoy consisted of Algerian paramilitary police vehicles escorting a group of Chinese workers to a site where they were building a new highway to connect Bordj Bou Arreridj with Algiers. After disabling the convoy using IEDs, the militants then raked the trapped vehicles with small-arms fire. When the ambush was over, 18 policemen and one Chinese worker had been killed. Another six gendarmes and two Chinese workers were wounded in the attack.

[...]

By design, AQIM incorporated the GSPC with elements of Morocco’s Islamic Combatant Group, Libya’s Islamic Fighting Group, several Tunisian groups, most notably the Tunisian Combatant Group, and jihadists in Mali, Niger and Mauritania. However, in practice, the vast majority of the group’s infrastructure came from the GSPC, and attacks since the founding of AQIM in 2006 have reflected this. Indeed, in spite of the many high-profile Libyan and Moroccan militants who serve as part of the al Qaeda core leadership, Libya and Morocco have been extremely calm since the emergence of AQIM, and the group has remained an Algeria-based phenomenon.

[...]

The attacks in Mauritania have shown rudimentary tactics with poor planning, and the militants associated with AQIM in Mauritania simply have not displayed the ability to mount a large-scale, coordinated attack. The group’s activities in Mali and Niger are also mainly constrained to low-level attacks against government or military outposts and foreign mining sites and personnel in the northern stretches of those countries. AQIM also conducts training and engages in smuggling and kidnappings for ransom in this deserted region.

This means that, in the end, in spite of all the hype associated with the AQIM name, the group is essentially a rebranded GSPC and not some sort of revolutionary new organization. It has adapted its target set to include foreign interests, and it did add suicide bombing to its repertoire, but aside from that there has been very little movement toward AQIM’s becoming a truly regional threat.

[...]

Perhaps the AQIM militants got lucky or the Algerian gendarmes targeted in the attack made a fatal mistake. However, the increased death toll could also have been a result of superior IED design, or superior planning by the operational leader of the ambush. Such a shift could indicate that an experienced operational commander or bombmaker has come to AQIM from someplace like Iraq or Pakistan. It will be very important to watch the next few AQIM attacks to see if the June 17 attack was indeed just an anomaly or if it was the beginning of a new and deadly trend.

NRO: 2006 Satellite Failure Remains a Mystery

Via FAS Secrecy Blog -

In February 2008, the U.S. fired a missile at an inoperable U.S. intelligence satellite that had failed shortly after launch in December 2006. The satellite was destroyed reportedly in order to prevent an intact reentry of its toxic hydrazine fuel tank. But do we know why or how it failed in the first place?

“No,” the director of the National Reconnaissance Office told Congress last year, in newly disclosed responses (pdf) to questions for the record (p.89).

“After an exhaustive formal failure investigation, and three different independent review team investigations, the cause of the failure and what failed was not determined,” said Scott Large, then-director of the NRO. “Our exhaustive analysis of the spacecraft design and test program did not identify the root cause of the failure,” Mr. Large said. His remarks appeared in the record of a March 5, 2008 hearing before the House Armed Services Committee that was published this month.

“The era of Acquisition Reform is over,” Mr. Large also told Congress. “It has left the NRO in a fragile state with a poor history of performance.”

On June 12, Secretary of Defense Robert Gates, with concurrence of the DNI, appointed retired Air Force Gen. Bruce Carlson as the 17th director of the National Reconnaissance Office.

Blue Chip FTP Logins Found on Cybercrime Server

Via The Register UK -

Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server.

Jacques Erasmus, CTO at security tools firm Prevx, stumbled across a site where a Trojan is uploading FTP login credentials captured from compromised machines. So far, Erasmus has found logins for ftp.bbc.co.uk, ftp.cisco.com, ftp.amazon.com, ftp.monster.com and, even security sites including ftp.mcafee.com and ftp.symantec.com along the extensive list of more than 68,000.

Other login credentials refer to the Bank of America, one of the few organisations PrevX has had time to notify directly at the time of writing.

Initial investigations suggest the logins were swiped during the last two weeks and that at least some remain valid. The breach therefore opens the door for hackers to upload drive-by download scripts and other nasties onto compromised sites. PrevX is running scans to detect rogue iFrames on potentially vulnerable sites, and is yet to see any evidence that this has actually happened.

Erasmus explained that the FTP login data is getting uploaded by a variant of the zbot Trojan onto a server hosted in China, where they are stored in plain text and thus potentially open to all and sundry to find and abuse. PrevX has filed an abuse complaint against the site with the hosting provider.

"The data is harvested from users' machines, when they get infected," Erasmus explained. "A typical scenario might be that a web designer for one of the organisations gets infected, his stored ftp login details gets compromised, and so the attacker in this case is able to log in to the ftp site and compromise the website pages."

"It's the biggest compromise of its type I've seen," Erasmus told El Reg.

Blu-Ray Laser Keychain

Via HackaDay.com -



[Jay] hacked a Blu-Ray laser diode into a keychain enclosure. He found a heavy brass keychain light from Lowe’s and stuffed the diode and a larger battery inside. The existing batteries weren’t powerful enough, so he drilled out the endcap to fit a 200mAh 3.6v lithium battery inside. He also modded the power button to only momentarily turn on the diode. With the larger battery, the laser can run for about an hour between charges. In addition to a Blu-Ray lasers, he also has versions with a 200mW red diode.

Related: Laser projector zippo

Massachusetts Worker Accused in ID Theft Scheme

Via DarkReading -

A Massachusetts woman was indicted earlier this week for allegedly stealing personal information from the database she worked with and using it to obtain credit cards.

According to a report in the Boston Globe, Desiree Gordon was indicted on 67 counts of credit card fraud, larceny, and identity theft crimes for stealing the personal information of at least 34 people, many of whom were physicians, according to the Middlesex district attorney's office.

The district attorney's office believes the defendant had access to a database of healthcare professionals that contained personal data through her employment at a medical cost-management firm. The name of that firm was not released.

Gordon, 38, was indicted by a Middlesex grand jury on 21 counts of larceny, 22 counts of identity fraud, 20 counts of credit card fraud, two counts of forgery, and for being a common and notorious thief, said District Attorney Gerry Leone, in a statement.

Victims of the alleged crimes came from around the country, including Massachusetts, Texas, Pennsylvania, and Illinois, according to a spokesman for Leone's office.

Gordon's alleged scheme was brought to the attention of state police in December, when one of the victims reported her personal information had been compromised and used to obtain a credit card that was sent to a post office box in Lowell, Leone said.

Postal inspectors learned the box was rented by Gordon and that multiple credit cards in other victims' names had been sent to that box, as well as to the defendant's home address, Leone said. Charges made to those credit cards could be traced to the defendant, he added.

Gordon is scheduled for arraignment July 1 in Woburn Superior Court.

Alleged ETA Terror Members Arrested in Paris Gathering Intel

Via Google (AFP) -

Two alleged senior members of the armed Basque separatist organisation ETA accused of gathering intelligence on future targets were arrested near Paris on Thursday, officials said.

Javier Arruabarrena Carlos, 37, and Ohiane Garmendia Marin, 32, were arrested at Charenton-le-pont, a southeastern suburb of Paris, and officers were carrying out a search of their home, a police source said.

The suspects -- a man and a woman -- were described as "two main members of ETA's intelligence wing," by Spanish Secretary of State for the Interior Antonio Camacho who praised the "effective collaboration" between the French and Spanish authorities which led to the arrests.

Interior Minister Alfredo Perez Rubalcaba told parliament the pair were responsible for gathering intelligence on future targets.

He said, however, that it was "unlikely" that they were involved in a car bomb which killed a police inspector last Friday in Spain's Basque region.

French investigators had seized computers during their search of the suspects' home, said Rubalcaba, adding that it had been a "good week" for security forces battling the organisation.

Three other alleged ETA members were on Monday taken in for questioning in the Basque region accused of possessing 75 kilos (165 pounds) of explosives.

ETA, considered a terrorist organisation by the European Union and the United States, is blamed for the deaths of 825 people in its 40-year campaign to carve a Basque homeland out of northern Spain and southwestern France.

Australia's Great Firewall to Censor Video Games

Via theage.com.au -

The [Australian] Federal Government has now set its sights on gamers, promising to use its internet censorship regime to block websites hosting and selling video games that are not suitable for 15 year olds.

Separately, the Communications Minister, Stephen Conroy, has been nominated by the British ISP industry for its annual "internet villain" award, competing alongside the European Parliament and French President Nicolas Sarkozy.

Australia is the only developed country without an R18+ classification for games, meaning any titles that do not meet the MA15+ standard - such as those with excessive violence or sexual content - are simply banned from sale by the Classification Board, unless they are modified to remove the offending content.

So far, this has only applied to local bricks-and-mortar stores selling physical copies of games, but a spokesman for Senator Conroy confirmed that under the filtering plan, it will be extended to downloadable games, flash-based web games and sites which sell physical copies of games that do not meet the MA15+ standard.

This means that even Australians who are aged above 15 and want to obtain the adult-level games online will be unable to do so. . It will undoubtedly raise the ire of gamers, the average age of which is 30 in Australia, according to research commissioned by the Interactive Entertainment Association of Australia.

Colin Jacobs, spokesman for the online users' lobby group Electronic Frontiers Australia, said the Government clearly went far beyond any mandate it had from the public to help parents deal with cyber-safety.

He said Australians would soon learn this the hard way when they find web pages mysteriously blocked.

"This is confirmation that the scope of the mandatory censorship scheme will keep on creeping," said Mr Jacobs.

"Far from being the ultimate weapon against child abuse, it now will officially censor content deemed too controversial for a 15-year-old. In a free country like ours, do we really need the government to step in and save us from racy web games?"

Senator Conroy's spokesman said the filter would cover "computer games such as web-based flash games and downloadable games, if a complaint is received and the content is determined by ACMA to be Refused Classification". All games that exceed MA15+ are deemed to be RC.

The filtering could also block "the importation of physical copies of computer games sold over the internet which have been classified RC", the spokesman said.

Ron Curry, chief executive of the IEAA, said the move highlighted the "unacceptable situation" of not having an R18+ classification for video games. The industry has been fighting for changes to classification laws for years.

"It's through the introduction of an R18+ classification that adults will have access to age appropriate material and parents will have the full tool kit to understand the suitability of content for their children," he said.

Mark Newton, an ISP engineer and internet filtering critic, said the move to extend the filtering to computer games would place a cloud over online-only games such as World of Warcraft and Second Life, which aren't classified in Australia due to their online nature.

He said the online distribution of such games has historically been exempt from customs controls on RC material because they have only ever covered physical articles.

"That exemption is the only reason why multi-player games with user-generated environments are possible in this country; without it, it'd only take one game user anywhere in the world to produce objectionable content in the game environment to make the Australian Government ban the game for everyone," said Newton.

Nine ISPs are trialling the web censorship plan, which will block all content that has been "refused classification" by ACMA. Results of the trials are due to be published in July.

North Korea Vows Nuke Attack if Provoked

Via Military.com -

Punching their fists into the air and shouting "Let's crush them!" some 100,000 North Koreans packed Pyongyang's main square Thursday for an anti-U.S. rally as the communist regime promised a "fire shower of nuclear retaliation" for any American-led attack.

Several demonstrators held up a placard depicting a pair of hands smashing a missile with "U.S." written on it, according to footage taken by APTN in Pyongyang on the anniversary of the day North Korean troops charged southward, sparking the three-year Korean War in 1950.

North Korean troops will respond to any sanctions or U.S. provocations with "an annihilating blow," one senior official vowed - a pointed threat as an American destroyer shadowed a North Korean freighter sailing off China's coast, possibly with banned goods on board.

A new U.N. Security Council resolution passed recently to punish North Korea for conducting an underground nuclear test in May requires U.N. member states to request inspections of ships suspected of carrying arms or nuclear weapons-related material.

In response to the sanctions, the North pulled out of nuclear talks and has ramped up already strident anti-American rhetoric. And the isolated regime may now be moving to openly flout the resolution by dispatching a ship suspected of carrying arms to Myanmar.

While it was not clear what was on board the North Korean-flagged Kang Nam 1, officials have mentioned artillery and other conventional weaponry. One intelligence expert suspected missiles.

The U.S. and its allies have made no decision on whether to request inspection of the ship, Pentagon press secretary Geoff Morrell said Wednesday in Washington, but North Korea has said it would consider any interception an act of war.

If permission for inspection is refused, the ship must dock at a port of its choosing so local authorities can check its cargo. Vessels suspected of carrying banned goods must not be offered bunkering services at port, such as fuel, the resolution says.

A senior U.S. defense official said the ship had cleared the Taiwan Strait. He said he didn't know whether or when the Kang Nam may need to stop in some port to refuel, but that the Kang Nam has in the past stopped in Hong Kong's port.

Another U.S. defense official said he tended to doubt reports that the Kang Nam was carrying nuclear-related equipment, saying information seems to indicate the cargo is banned conventional munitions. Both officials spoke on condition of anonymity in order to talk about intelligence.

North Korea is suspected to have transported banned goods to Myanmar before on the Kang Nam, said Bertil Lintner, a Bangkok-based North Korea expert who has written a book about leader Kim Jong Il.

Pyongyang also has been helping the junta in Yangon build up its weapons arsenal, a South Korean intelligence expert said. He spoke on condition of anonymity because of the sensitivity of the issue.

The two countries have not always been on good terms. Ties were severed in 1983 after a fatal bombing during the South Korean president's visit to Myanmar blamed on North Korean commandoes.

They held secret talks in Bangkok in the 1990s to discuss the lone survivor among the three North Korean commandos involved in the bombing, and since have forged close relations.

The two regimes, among Asia's most repressive, restored diplomatic ties in 2007. Not long after that, in April 2007, the Kang Nam docked at Thilawa port saying it needed shelter from bad weather.

But one expert said reports show the weather was clear then, and two local journalists working for a foreign news agency who went to write about the unusual docking were arrested.

"The Kang Nam unloaded a lot of heavy equipment in 2007," Lintner said. "Obviously, the ship was carrying something very sensitive at that time as well."

North Korea has also helped Myanmar dig tunnels in recent years, said Lintner, adding that the cash-strapped North may have received rice, rubber and minerals in return for its military and other assistance.

"North Korea appears to have exported conventional weapons to Myanmar in exchange for food," another expert said.

Pyongyang is believed to have transported digging equipment to Myanmar, which is seeking to make its new capital a fortress with vast underground facilities, he said, speaking on condition of anonymity to discuss intelligence.

[...]

On Thursday, Pyongyang vowed to enlarge its atomic arsenal and warned of a "fire shower of nuclear retaliation" if provoked by the U.S.

North Korea's "armed forces will deal an annihilating blow that is unpredictable and unavoidable, to any 'sanctions' or provocations by the US," Pak Pyong Jong, first vice chairman of the Pyongyang City People's Committee, told the crowd gathered for the Korean War anniversary rally.

In Seoul, some 5,000 people - mostly American and South Korean veterans and war widows - also commemorated the anniversary at a ceremony.

South Korean President Lee Myung-bak said the nation is prepared to counter any type of threat or provocation.

"The South Korean government is firmly determined to defend the lives and wealth of its people and will do its utmost to find the remains of troops killed in the Korean War," he said at the ceremony.

The two Koreas technically remain in a state of war because the conflict ended in a truce, not a peace treaty.

Good Genetic Male Beetle Make Bad Fathers

Via Physorg.com -

In almost all animals, females mate with several different males, despite the fact that a single mating is often sufficient to fertilize her eggs. Multiple mating also carries costs to females, such as the risk of catching sexually transmitted diseases.

One commonly held belief is that this behaviour may allow females to choose the sperm of the male with highest genetic quality to fertilize her eggs. Professor Göran Arnqvist from the Department of Ecology and Evolution, Uppsala University and associate professor Trine Bilde from the Department of Biological Sciences, University of Aarhus, have tested this possibility directly for the first time and shown that it is not true.

Their study on seed beetles shows that, contrary to predictions, males of low genetic quality are more successful in fertilizing eggs. Males who gained the highest share of paternity were actually males with low genetic quality. These males also fathered offspring that did less well.

"The results support the suggestion that genes that are good for males may often be bad for their mates. Therefore, in beetles at least, multiple mating does not award females with genetic benefits," says Göran Arnqvist.

Source: Uppsala University (news : web)

U.S. Trade Officials Say China Web Filter Breaks WTO Rules

Via WSJ.com -

Senior U.S. trade officials have called on China to revoke an order for all personal computers in China to be shipped with Web-filtering software, saying the requirement could conflict with China's obligations under the World Trade Organization.

According to a U.S. government official familiar with the matter, U.S. Trade Representative Ron Kirk and Commerce Secretary Gary Locke urged the Chinese government to reverse its decision in joint letters submitted to two Chinese ministries on Wednesday. It was the highest-level U.S. complaint so far against the software rules, due to take effect on July 1, and escalated a dispute over a plan that has already angered free-speech advocates.

The letters, sent separately to China's Ministry of Industry and Information Technology and the Ministry of Commerce, said the Chinese move raises "fundamental questions about regulatory transparency and compliance with a number of WTO rules," the official said.

U.S. technology industry groups warn that the filtering software could depress sales of PCs in China, the world's second largest PC market in terms of shipments.

The software, which the government says was designed to filter out pornography and other content inappropriate for children, has been found by researchers both inside and outside China to be capable of filtering political content as well. It would add an extra layer to China's already wide-reaching methods of regulating the Internet.

The researchers say the software has major security flaws, even after its Chinese creator, Jinhui Computer System Engineering Co., made alterations to it last week. They also say that parts of the program were copied from software produced in the U.S.—an allegation that Jinhui has denied.

WTO rules include agreements that are meant to prevent governments from erecting protectionist barriers to trade.

MIIT spokesman Wang Lijian declined to comment. "We don't have any updates on Green Dam for now," he said.

The U.S. letters "expressed that the U.S. government is seriously concerned about the Green Dam [requirement], including wide-ranging concerns about the scope of the measure, the censorship implications, trade impact and security flaws which create serious problems for the IT industry and Chinese consumers," the U.S. official said.

The official indicated that concerns over the past several weeks have been magnified by the Chinese government's unwillingness to explain the intent and scope of the new measure, which was introduced at short notice. Earlier, U.S. officials from the State and Commerce departments, as well as USTR officials based in Beijing, met with officials from MIIT and the Ministry of Commerce to express concerns that Green Dam would restrict access to the Internet and infringe on "internationally recognized rights to freedom of expression."

Separately, Japanese officials met with MIIT officials on Wednesday to express concern about Green Dam, according to a Japanese embassy official, who asked not to be identified. "The Japanese government also has a very big concern about this problem," the Japanese official said.

Apple Broke the Law By Lying About Steve Jobs Health

Via Cult of Mac -

Apple broke the law by lying about Steve Jobs health, says a top marketing professor.

But whether the Security and Exchange Commission has the “balls” to prosecute is unclear.

Paul Argenti, Professor of Corporate Communication at Tuck School of Business at Dartmouth, says that Apple’s communications about its CEO’s health violated the SEC’s full disclosure regulations.

The SEC’s Regulation FD requires “full and fair disclosure by public companies,” but Apple has done neither, says Argenti. At first, Apple said Jobs had a “nutritional imbalance,” but on Friday the Wall Street Journal disclosed that he has undergone a liver transplant.

“The difference between a nutritional imbalance and a liver transplant is huge,” said Prof. Argenti to CoM by phone. “If this is not a legal issue and a Regulation FD issue, I don’t know what is.”

Argenti said Apple clearly knew months ago that Jobs would have to undergo life-saving surgery and had a legal obligation to disclose that.

“The law is very clear — full disclosure of material information,” said Argenti. “If a CEO’s liver transplant isn’t material, what is? But whether the SEC has the balls to do something about it, we’ll see.”

The SEC is reportedly already looking into the company’s handling of Jobs’s health disclosures.

Experts argue that shareholders are legally entitled to information that has material effect on company — and that a CEO’s health is material, especially one as closely tied to the company as Jobs is.

In December, Jobs said he was suffering from an easily treatable hormone imbalance; less than a week later, he said he was taking six months medical leave because his medical issues were “more complex.”

Argenti said the biggest issue is the ethics and the reputation of the company. Apple has severely damaged its trustworthiness and credibility.

“Clearly, this is going to affect not only Apple’s customers but employees that were lied to or kept in the dark about what was going on,” Argenti said. “Apple is one of the most admired companies in America and this is how they deal with this kind of news? It’s unacceptable, unethical and irresponsible to all constituents.”

Argenti said Apple’s miscommunication about Jobs undercuts its slick marketing and hurts its reputation with consumers and investors. “As a communications strategy, it makes no sense.”

“It’s going to be a big issue in the next few days, I guarantee it.”

Jobs was diagnosed with pancreatic cancer in 2004, which appeared to have been successfully treated until 2008, when Jobs lost weight rapidly. On Friday, the Wall Street Journal reported that he had received a liver transplant, suggesting that the cancer had metastasized to the liver.

So far, Apple has neither confirmed or denied the Journal report.

Photo of the Day - Stunning Volcano Eruption Seen From Space

(Photo Credit: NASA)

Sarychev Peak, one of the most active volcanoes in the world, had been sitting quietly in the Kuril Island chain near Japan for 20 years, when it suddenly sprang to life on June 12.

Fortuitously, the International Space Station was flying overhead at the time, and managed to capture this spectacular image of the ash-cloud tearing through the atmosphere, sending clouds scattering in its wake in a perfect circle.

Manchester Council Breaches UK's Data Protection Act

Via v3.co.uk (formerly vnunet.com) -

Manchester City Council has lost two unencrypted laptops containing personal details on at least 1,754 employees at local schools.

The Information Commissioner's Office (ICO) confirmed that the council had breached the Data Protection Act, and that it will have to conform to higher standards.

Manchester City Council chief executive Howard Bernstein signed a formal undertaking (PDF) that the council will ensure that all laptops and other removable devices are encrypted and secured, and that only essential personal information is downloaded to mobile devices.

Bernstein also promised to implement an improved training programme covering the security of personal information.

"Organisations must implement appropriate safeguards to ensure that personal details are handled securely and do not fall into the wrong hands," said Sally-Anne Poole, head of enforcement and investigations at the ICO, in a statement.

"We urge all councils and their executive teams to take responsibility for treating data protection as a corporate governance issue affecting the entire organisation. They have to make sure that safeguarding the personal information of staff is embedded in organisational culture."

Taliban Fighters Avert Attacks with Special Infrared Patches

Via Washington Times -

Some Taliban fighters have been able to ward off attacks by U.S. aircraft by wearing special infrared patches on their shirts that signal that they are friends rather than foes.

The patches, which can also help suicide bombers get close to U.S. targets, are supposed to be the property of the U.S. government alone, but can be easily purchased over the Internet for about $10 each. Also available online: night-vision goggles and military-grade communications systems like the ones used by the terrorists who attacked the Indian city of Mumbai last year.

While stealing uniforms is as old as warfare itself, the Internet has made purchases of military equipment much easier and increased the risk to U.S. forces in Iraq and Afghanistan.

Some of the patches have been stolen during raids on U.S. resupply convoys in Afghanistan and Pakistan. But they can also be purchased in the United States and sent overseas with little detection.

In a recent investigation, the U.S. Government Accountability Office (GAO) bought patches using fake names and a front company with only a valid credit card. The patches reveal an American flag when looked at with an infrared light and were designed to avoid friendly fire during nighttime battles.

Jonathan Meyer, assistant director of forensic audits and special investigations for the GAO, told The Washington Times, "Based on our conversations with the Department of Defense, terrorists have used U.S. uniforms and the infrared patches to get close to U.S. and allied forces on the battlefield and at bases. This is more of a potential suicide-bomber risk."

Mr. Meyer helped lead the GAO investigation, which concluded that few regulatory controls exist for dual-use and military technology sold domestically.

Rep. Bart Stupak, Michigan Democrat, who chairs the House Energy and Commerce oversight and investigations subcommittee, said the infrared patches are also made in China.

"It is rather simple technology," he said. "We not only sell this to domestic people here, and they sell them to anybody, but you can get them from China, and the Chinese will sell them to others.

"They have been used by the enemy in the war. It's of grave concern because you don't know who is friendly or not," Mr. Stupak added.

Newsweek magazine first reported in 2007 that 4,800 such patches had been sold inadvertently in 2006 to 23 U.S. and Canadian companies by an Arizona-based company, Government Liquidation. The patches were still sewn onto uniforms that were sent out.

The GAO was able to purchase the patches from a New York-based military-supply dealer, but did not identify the seller's name.

"An enemy fighter wearing these [infrared] flags could potentially pass as a friendly service member during a night combat situation, putting U.S. troops at risk," the June 4 report said. "Nevertheless, these items are completely legal to buy and sell within the United States."

The report followed up on a 2008 GAO study that exposed the fact that military-surplus items, such as spare parts for fighter jets, could be purchased on eBay and Craigslist. That same year, an NBC team also was able to procure the infrared patches and have them sent to a mailing address in Amman, Jordan. Earlier, the Associated Press reported that F-14 spare parts had found their way to Iran from U.S. suppliers after the Pentagon sold the equipment to military wholesalers.

[...]

"Since the beginning of warfare, people have been dressing up as the enemy to infiltrate," he said. "We certainly have done this in the past to our enemies, and our enemies have done this to us."

Mr. Keane, who played a key role in developing the counterinsurgency strategy for Iraq, added, "There are other safeguards in addition to [these patches]. A visual identification and other identification is in the soldier's possession. There are multiple things that are being checked. When it comes to the tactical situation, infrared certainly helps identify where we are, but there is also a dialogue that is taking place describing the situation."

But "it would seem to me that something we are using to help identify ourselves should not be available to the general public, and it should be something that is only acquired through military channels," Mr. Keane said.

DHS to Kill Domestic Satellite Spying Program

Via Yahoo! News (AP) -

Homeland Security Secretary Janet Napolitano plans to kill a program begun by the Bush administration that would use U.S. spy satellites for domestic security and law enforcement, a government official said Monday.

Napolitano recently reached her decision after the program was discussed with law enforcement officials, and she was told it was not an urgent issue, said the official, who spoke on condition of anonymity because he was not authorized to talk about it.

The program was announced in 2007 and was to have the Homeland Security Department use overhead and mapping imagery from existing satellites for homeland security and law enforcement purposes.

The program, called the National Applications Office, has been delayed because of privacy and civil liberty concerns.

The program was included in the Obama administration's 2010 budget request, according to Rep. Jane Harman, a California Democrat and House homeland security committee member who was briefed on the department's classified intelligence budget.

Harman said Monday she had not been given final word that the program would be killed. She said she would talk to Napolitano on Tuesday.

Harman has been outspoken about her concerns that the program is unnecessary, far reaching and open-ended.

"I thought this was just an invitation to huge mischief," Harman said. Of killing the program, she said, "It shows real leadership on the part of Janet Napolitano."

Homeland Security spokeswoman Amy Kudwa said Napolitano began looking at the program shortly after she became secretary. Kudwa said the department expects to announce the results of that review soon.

Rep. Peter King, R-N.Y., said he hoped the department wasn't canceling the program.

"If it is true, it's a very big mistake," said King, who is the top Republican on the House Homeland Security Committee. "This is definitely a step back in the war on terror."

For years, domestic agencies such as the Federal Emergency Management Agency and Interior Department have had access to this satellite imagery for scientific research, to assist in response to natural disasters like hurricanes and fires, and to map out vulnerabilities during a major public event like the Super Bowl.

Since 1974 the agency's requests satellite imagery have been made through the federal interagency group, the Civil Applications Committee.

The Bush administration, however, decided to funnel the requests through the Homeland Security Department and expand their use for homeland security and law enforcement purposes.

After receiving a letter from Los Angeles Police Chief William Bratton, Napolitano decided the program should be canceled.

Bratton, in his role as head of the Major City Chiefs Association, wrote on June 21 that the program, as envisioned by the Bush administration, is not an urgent need for local law enforcement.

Instead, Bratton said, Homeland Security should focus on the fusion centers across the country and improving information-sharing with state and local officials to improve the domestic intelligence picture.

Bratton said he was unaware whether police chiefs has been consulted by Bush administration officials about the satellite program.

"To my knowledge, this is the first opportunity major law enforcement organizations have had to participate in this significant and complex initiative," he said in the letter.

How Printers Can Breach Our Privacy: Acoustic Side-Channel Attacks on Printers

Medical data is generally considered private, and there are good reasons for it: Your medical records may reveal if you're suffering from from contagious diseases (your friends are probably interested in this), if you have genetic conditions increasing your risk for certain forms of illnesses (your health insurance company might be interested in this), if you were really having a severe cold this week's Monday right after your vacations (your employer might be interested in this), and if you're suffering from sexual diseases or if you receive Methadone as a substitute for illegal drugs (you simply think nobody should be interested in this).

All this kind of data is regularly printed in a doctors practice. Now these printers are typically placed such that nobody can see what is printed, and you might believe that your data is secure. However, this belief is not justified. In this study we showed that printed text can be reconstructed from a previously taken recording of the sound emitted by the printer. A majority of the doctors' practices use dot-matrix printers for printing (see below for the results of a survey we commissioned on the usage of dot-matrix printers), and in some cases they are even required to do so.

In effect this means that any person sitting in the reception area of the doctor can record the sound of the printer and can reconstruct the printed text. Our novel attack takes as input a sound recording of a dot-matrix printer processing text, and recovers up to 72% of printed words. After an upfront training phase, the attack is fully automated and uses a combination of machine learning, audio processing and speech recognition techniques, including spectrum features, Hidden Markov Models and linear classification; moreover, it allows for feedback-based incremental learning.

---------------------------

http://www.infsec.cs.uni-sb.de/projects/printer-acoustic/

Verified Identity Pass Closes Clear Operations - No More Clear Lanes @ Airports

http://www.flyclear.com/

At 11:00 p.m. PST on June 22, 2009, Clear will cease operations. Clear’s parent company, Verified Identity Pass, Inc. has been unable to negotiate an agreement with its senior creditor to continue operations.

What will happen to my personal information?

Applicant and Member data is currently secured in accordance with the Transportation Security Administration’s Security, Privacy and Compliance Standards. Verified Identity Pass, Inc. will continue to secure such information and will take appropriate steps to delete the information.

Will I receive a refund for membership in Clear?

At the present time, because of its financial condition, Verified Identity Pass, Inc. cannot issue refunds.

Clear's Privacy Policy

Clear's Online Privacy Policy

University of Toronto's Supercomputer Goes Online

Via Wikinews.org -

The University of Toronto SciNet Consortium went online yesterday with the IBM System x iDataPlex Supercomputer.

U of T's IBM System x is now the fastest computer outside of the United States, the largest Intel processor based IBM installation internationally and the twelfth most powerful globally. It will be used for a wide variety of operations, such as analysing climate change models, aerospace, astrophysics, genetics, bioinformatics, chemical physics, medical imaging research and other highly calculation-intensive tasks.

The C$50 million dollar supercomputer can perform 300 trillion calculations per second and uses the equivalent amount of energy which would power 4,000 homes. The supercomputer will be cooled by outdoor winter air assisted by a water based cooling system during warmer summer months.

The computer will provide computations for the Large Hadron Collider (LHC) that started preliminary experiments on September 10, 2008 at CERN in Geneva, Switzerland. The LHC will produce cataclysmic collisions that will mimic the conditions that existed shortly after the beginning of time. The IBM System x's 30,240 Intel 5500 series 2.53 GHz processor cores — arranged in 45 file-like stacks — will examine the results of the particle collisions.

Faster Actions Needed Against Phishing Domains

Via Netcraft.com -

Criminals often register their own domain name to perform phishing attacks. Unlike the other common phishing site scenarios (including hacked servers, open redirects, and abuse of free webhosting), phishing sites that have their own domain name can be harder to remove, because the website owner and domain owner is the fraudster. Only the hosting and DNS providers and the domain registrar are able to take the site down and also likely to cooperate.

The operation of top-level domains is generally split between a registry, which operates the infrastructure that answers DNS queries, and registrars, which sell domain names and provide the process for owners to maintain their records. Registries generally are not directly involved in removing phishing domains, and refer those to the registrar through which the domain was registered.

However, it is relatively easy to become a registrar, so large numbers of hosting companies, web design firms and domain name resellers are able to handle registrations. Registrars may not all respond quickly to abuse complaints. And in unusual cases registrars themselves may be involved in illegal activity.

There is a particular problem with so-called fast flux phishing attacks. Here the attacker uses a large pool of compromised hosts — often personal computers on DSL connections — and from these randomly chooses a number to act as web servers to host the phish (and also some to act as DNS servers for the phishing domain). The set of hosts used to support the phishing site is changed regularly, so efforts to contact the owner of one hacked system would at best cause the phishing site to be temporarily unavailable. ICANN (which hands out the contracts to operate generic top level domains including .com) published a report earlier this year looking at whether it should intervene to encourage adoption of more effective policies by registrars to prevent the abuse of fast-flux setups; but it seems reluctant to compel registrars to stop a practice that may also have some legitimate uses.

The one common point for any phishing attack is the URL sent to victims. In the case of fast-flux attacks, the owner of the domain will not cooperate and there are too many hacked systems hosting the phish for contacting the hosting provider to be effective. The only place where the attack can be quickly stopped is for the registrar or registry to suspend its domain name.

The policies of the DNS registry for the top-level-domain containing the site are therefore important. The most practical indication of the relative success of these policies is to look and see which top-level-domains (TLDs) are most often used for whole-domain phishing attacks:

[...]

The high placement of .tk is unsurprising, given that it is possible to register .tk domains for free that redirect to any URL, completely anonymously. .com is the most common TLD for phishing domains, perhaps due to the ease of registering .com domains, and because the large number of registrars for .com domains gives an opportunity for fraudsters to look for registrars with weak checks or that respond slowly to abuse reports.

Finding an efficient escalation process in the case where the registrar is slow to cooperate will be the key to reducing the number of domains registered for phishing. The system that was designed to deal with domain disputes around ownership and trademarks is now looking too cumbersome when dealing with the problem of phishing attacks, where fast responses are essential to minimising fraud.

China's Green Dam Quietly Patched; Still Vulnerable

http://www.cse.umich.edu/~jhalderm/pub/gd/#add1

Following our initial analysis, the makers of Green Dam have released at least one security update and two filter updates. These updates address the original web filtering security vulnerability we described above, disable certain blacklists that were copied from the CyberSitter program, and bring the software into compliance with the OpenCV license.

Unfortunately, we have discovered an additional remotely-exploitable security vulnerability in the patched version. Even with the updated version installed, any web site a user visits can exploit this problem to take control of the computer. We continue to recommend that users protect themselves by uninstalling Green Dam immediately.

While Green Dam's developers have patched the software quickly, the program's continuing vulnerability suggests that its security problems run deep. We fear that the deeper problems cannot be resolved in time for the July 1 deadline for PC makers to distribute Green Dam on all new PCs sold in China.

Wikipedia Gets Ready for a Video Upgrade

Via MIT Technology Review -

The organization behind Wikipedia is close to launching an editable online video encyclopedia to enhance the current textual one. The hope is to revolutionize the popular reference site and goad content providers--from public broadcasters to the music industry--into allowing more video to enter the public domain.

Within two to three months, a person editing a Wikipedia article will find a new button labeled "Add Media." Clicking it will bring up an interface allowing her to search for video--initially from three repositories containing copyright-free material--and drag chosen portions into the article, without having to install any video-editing software or do any conversions herself. The results will appear as a clickable video clip embedded within the article.

Later, Wikipedia plans to offer ways for users to search the entire Web for importable videos, and plans to provide tools to edit, add to, and reorganize the clips within the Wikipedia website, just as is now done with text.

"To have people be able to go in and annotate your video, edit your video, and improve upon it--in the same way people have been doing to your text posts--is pretty outstanding, and will create an audio-visual representation of our world that will rapidly become as definitive and collaborative as Wikipedia is in the textual world," says Peter Kaufman, executive producer at Intelligent Television, a documentary production company in New York City that works with cultural and educational institutions, helping them bring their works online. "That may just be the holy grail."

The initial video repository tapped by the new tool will be the Internet Archive, which holds nearly 200,000 videos, including documentaries, interviews, and oddities such as 1950s educational clips. Another source will be Wikimedia Commons, a database of more than four million media files, including many videos. (The database is maintained by the Wikimedia Foundation, which also created Wikipedia.) The third source, Metavid, is a repository of Congressional speeches and hearings. The closed-captioning text that accompanies such videos serves as a handy tagging system, and users can search for words or phrases and find the right section of a speech to import.

Key to Wikipedia's video effort--funded partly by the Mozilla Foundation, makers of the open-source Firefox browser--is Wikipedia's insistence that any video passing into its pages be based on open-source formats. In the future, the offerings behind the "Add Media" button will include a search function for scouring the Web for video content. The hope is that this requirement will force content holders--motivated by the desire for exposure on Wikipedia--to put their material into the public domain. "Once people see how open-source video will get much more visibility on the open Web, it will motivate the content providers to jump on board--or miss the ship," says Michael Dale, a software engineer from Kaltura, a video startup based in New York City that is collaborating with Wikimedia on the effort.

DISA Plans Presidential Network that can Survive a Nuclear Attack

Via NextGov.com -

The Defense Information Systems Agency plans to install a presidential network in the Washington area this year that will be able to survive an attack by a nuclear weapon that generates a high-altitude electromagnetic pulse (HEMP), which can burn out circuit boards and other electronic devices, according to budget documents.

The agency started work on the network in 2008 and plans to install communications equipment resistant to damage by a high-altitude electromagnetic pulse. The network was developed at the direction of the "National Security Presidential Directive on Survivable Senior Leadership Communications in a HEMP Environment." It features Promina network switches from Network Equipment Technologies Inc. and manage communications over a specially designed and deployed Voice over Internet Protocol network.

DISA developed the HEMP system, which includes upgrades to a UHF network serving senior leadership in the Washington area, as part of a National Emergency Action Decision Network to serve the president, secretary of Defense and other senior leaders. John Garing, DISA chief information officer and director of strategic planning, said the network supports radio systems on helicopters and feeds into the HEMP network. Funding for all systems in the National Emergency Action Decision Network is pegged at less than $1 million.

The systems will be installed in ground installations and executive aircraft, including Air Force One, four VIP Boeing 757s and two VIP Boeing 737 aircraft.

DISA also asked for $49.5 million in its fiscal 2010 budget for the Crisis Management System, a "high-performance, closed network that provides classified multimedia teleconferencing for the president, Cabinet secretaries, designated agency directors and their staffs," budget documents noted.

A HEMP attack potentially could disrupt or damage electronic systems over much of the United States, William Graham, chairman of the Commission to Assess the Threat to the United States From Electromagnetic Pulse Attack, told a hearing of the House Armed Services Committee in July 2008.

Senior Al Qaeda & Afghan Taliban Leaders Meet with Baitullah Mehsud

Via The Long War Journal -

Senior al Qaeda and Afghan Taliban leaders are reported to have met with Pakistani Taliban leader Baitullah Mehsud to advise him to move his group's operations into Afghanistan and halt attacks against the Pakistani state.

Several meetings were said to have been held last week after an 11-man delegation of al Qaeda and Taliban heavy hitters arrived in Waziristan to deliver a request from Mullah Omar, the Amir al Mumineen, or the leader of the faithful in Pakistan and Afghanistan, according to a report in The Nation.

The Taliban dispatched Sirajuddin Haqqani, the powerful military commander of the Haqqani Network, and Abdul Hakeem Sharaee and Mir Ahmad Jan Hashemi, two senior deputies of Mullah Abdullah Zakir, the Taliban's senior-most military commander in southern Afghanistan who was released from Guantanamo Bay.

Al Qaeda sent Abu Yahya Al Libi, one of al Qaeda's senior ideologues and a representative of the religious committee, and Abdul Haq Turkistani, the leader of the Eastern Turkistan Islamic Party, an al Qaeda-linked group that is made up of Uighurs who fight the Chinese government. Abdul Haq serves on al Qaeda's Shura Majlis, or executive council.

The joint Taliban and al Qaeda delegation reportedly advised Baitullah to halt the Pakistani Taliban's attacks against the military and government and to focus his energy in Afghanistan. The leaders believe Baitullah's terror attacks against the Pakistani state are putting undue pressure on the Taliban in both Pakistan and Afghanistan and threaten to damage the overall Taliban movement.

The Taliban and al Qaeda leadership are concerned that even a limited Pakistani military offensive in the tribal areas will put their training camps and safe houses throughout the border regions at risk as the Afghan Taliban is gearing up for a major fight with Coalition and Afghan forces.

Baitullah was reportedly advised to dodge the nascent Pakistani Army offensive in South Waziristan and move the bulk of his forces into Afghanistan to carry out attacks against Afghan and Coalition forces.

The Taliban and al Qaeda delegation was also reported to have advised North Waziristan Taliban leader Hafiz Gul Bahadar to provide safe passage for Baitullah and his Taliban army.

Baitullah is said to have rejected the request from Mullah Omar, responding, "Mullah Omar is our Amir but like Afghanistan, they [the Pakistani Taliban] are determined to continue resistance in Pakistan."

Baitullah also met with the shura of the United Mujahideen Council, the alliance with South Waziristan Taliban warlord Mullah Nazir and powerful North Waziristan leader Hafiz Gul Bahadar. Nazir, who is being pressured by the Pakistani government to sit out the operation against Baitullah, is said to have not attended, according to the Islamabad Ausaf, a pro-jihadi Urdu-language newspaper. Bahadar offered Baitullah safe passage through to Afghanistan, as advised by the al Qaeda and Taliban delegation.

------------------------------

All the while, the Pakistani military is continuing ground operations in its South Waziristan offensive against Baitullah's forces.

Heavy fighting has broken out in South Waziristan as the Pakistani Army and paramilitary Frontier Corps have begun moving ground forces forward into tribal areas run by Taliban chieftain Baitullah Mehsud.

More than 30 Taliban fighters have been reported killed in separate engagements in South Waziristan. Pakistani forces, backed by Air Force F-16 fighter-bombers, attack helicopters, and artillery, have begun to engage Baitullah's forces in earnest.

The clashes "should be read as the formal launch of an offensive against Baitullah," Pakistani intelligence officials told AFP.

Read more about the ongoing offensive here.

Tools of the Trade - Tentacled Snake Uses Fish's C-Start in Predictive Attack

Forget the old folk tales about snakes hypnotizing their prey. The tentacled snake from South East Asia has developed a more effective technique. The small water snake has found a way to startle its prey so that the fish turn toward the snake's head to flee instead of turning away. In addition, the fish's reaction is so predictable that the snake actually aims its strike at the position where the fish's head will be instead of tracking its actual movement.

-----------------------

On to the tools....

On June 20th, Foxit Reader 3.0.1817 was released. Foxit Reader is a free PDF document viewer, with incredible small size, breezing-fast launch speed and rich feature set.

On June 17th, Rsnake released the Slowloris HTTP DoS tool. Slowloris helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. SANS Internet Center has a blog entry describing possible mitigation techniques.

On June 16th, Irfan Skiljan released IrfanView 4.25. IrfanView is a very fast, small, compact and innovative Freeware (for non-commercial use) graphic viewer for Windows. I have been using this viewer on my personal Windows boxes for many years. This release fixes a serious integer overflow vulnerability in the 1BPP Image resampling, so this is a recommended update for all users. Check out the version history for all the other details.

On June 15th, Wireshark 1.2.0 was released. This version has many fixes and improvements, including a Windows 64-bit installer and improved support for OS X. Check out the release notes.

On June 15th, TrueCrypt 6.2a was released. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted drive. Check the version history for change details.

On June 12th, Nmap 4.8.5 BETA 10 was released. This tool needs no introduction and this beta, like most Nmap betas, is pretty stable. Check out the changelog for all the details.

On June 6th, KeePass 1.16 was released. KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). Check the news release for details on the new version.

On May 31th, OfficeMalScanner was released by Frank Boldewin on OffensivieComputing.com. OfficeMalScanner is a Microsoft office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams. It supports disassembly and hexview as well as an easy brute force mode to detect encrypted files.

On May 29th, Java JRE 6 Update 14 was released. Check out the release notes for all the details.

On May 29th, Kismet-2009-05-RC2 was released. Kismet-2009-05-RC2 fixes a 1-character bug which led to corrupted logfile names and bad kismet_server launching.

On May 29th, VirtualBox v2.2.4 was released. VirtualBox is a powerful x86 virtualization product for enterprise as well as home use. Check the changelog for all the details.

On May 28th, Technitium MAC Address Changer v5 R3 has been released. Technitium MAC Address Changer allows you to change Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. Release 3 adds support for Microsoft Windows Vista/Server 2008 Service Pack 2.

On May 28th, CCleaner v2.20.920 was released. CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. Check out the version history for all the details.

On May 27th, Cain & Abel v4.9.31 was released. This version includes:

• SIPS Man-in-the-Middle Sniffer (TCP port 5061; successfully tested with Microsoft Office Communicator with chained certificates).
• Added support for RTP G726-64WB codec (Wengo speex replacement ) in VoIP sniffer.
• X509 certificate's extensions are now preserved in chained fake certificates generated by Certificate Collector.
• Extended ASCII characters support for SSID in Passive Wireless Scanner.
• Some bugs in Cain's Traceroute fixed.

CERN - Large Hadron Collider Restart Delayed Till October

Via Physorg.com -

The Large Hadron Collider was meant to restart in late September, but that will probably be pushed back two to three weeks, a spokesman for the European Organization for Nuclear Research said.

"We're pretty confident about the dates," James Gillies told The Associated Press, adding that scientists believe they understand the error that happened last year and how to prevent it occurring again.

An electrical fault caused by a faulty splice in the wiring shut down the giant machine on Sept. 19, nine days after it was started up with great fanfare.

The 20-nation operator, known as CERN, expects repairs and additional safety systems to cost about 40 million Swiss francs ($37 million) over the course of several years, Gillies said.

Once it is running, scientists will use the machine to smash together protons from hydrogen atoms inside a 27-kilometer (17-mile) circular tunnel under the Swiss-French border near Geneva. By recording what particles are produced by the collisions they hope to better understand the makeup of the universe and everything in it.

Sunbelt: Green Dam = Spyware

Via Sunbelt Blog -

Sunbelt Software has added detections to its products to find and remove Green Dam-Youth Escort, the Internet filtering (and spyware) software that the Chinese government requires on all new computers sold in the country after July 1.

We classify it as a surveillance tool with a rating of “moderate risk” and we recommend that CounterSpy™ and VIPRE® users quarantine it.

We’re going to be reading a lot about Green Dam-Youth Escort in coming weeks (months? years?) The government of China mandated that it be installed on new machines to protect its citizens from obscene and harmful content. Computer users are allowed to uninstall it.

The Chinese Ministry of Industry and Information Technology bought the rights to the application for one year through a no-bid $6 million purchase from Jinhui Computer System Engineering Co. of Zhengzhou. Jinhui also stands to make a mountain of money after one year since users will be required to pay for updates. It was estimated recently that there are 253 million Internet users in China.

Most observers assume it also is to prevent Chinese Internet users from seeing content critical of the government. The Chinese government already operates a “Great Firewall” to filter Internet content (including politically sensitive sites) but it can be bypassed.

Politics aside, there are some serious problems with Green Dam:
-- It has the capacity to monitor keystrokes.
-- It logs the URLs of sites the user has attempted to reach.
-- It uses unencrypted data transfer from clients to company servers.
-- OpenNet Initiative said Green Dam can monitor activities in addition to Web browsing and can shut down applications.
-- The black-list update process is vulnerable to compromise
-- Exploit code has been posted that compromises Internet Explorer on computers running Green Dam. It uses a stack overflow in the browser process triggered by an overly long URL. It works on Microsoft’s latest Vista operating system too.
-- Solid Oak Software Inc. of Santa Barbara, Calif., is bringing a legal action in China, claiming that Jinhui used code from its CyberSitter filtering software. Jinhui denies the allegation.

There have been reports from testers that Green Dam slows browsers and doesn’t filter properly. It uses color-tone filtering to spot pornographic images, but there are reports that it misses images of dark-skinned people and mistakenly filters images of pigs.

The Green Dam black list

Bloggers familiar with China who have read through the Green Dam black list of words to be filtered found that it contains about 2,700 words related to pornography and about 6,500 “politically sensitive” words.

The political blacklist includes:

June 4th (Date of military attack on Tiananmen Square protestors that left 2,500 dead)
democracy
liberty
essence (?)
fallacies and heresies

The porn-related words include:

Cat-III (Hong Kong film industry “adult” rating)
Naked
Homosexuality

And, nobody-knows-what, maybe a typo or a new euphemism for a sex act:

Fanyu (originally a little known word found in a few Buddhist scriptures)

For more, see here.
Or here.

Exploit code here.

iPhone 3.0 PwnageTool & redsn0w Released

Via HackaDay.com -

The iPhone dev-team has released an updated version of PwnageTool. It supports jailbreaking iPhones using the 3.0 firmware. This update does not include the much easier to use QuickPwn, but it should be coming soon. The release also doesn’t include the UltraSn0w unlock which will be coming via Cydia.

----------------------------

Via Dev-Team Blog -

redsn0w is an easy to use, multi-platform, multi-device jailbreaking and unlocking (iPhone 2G only) tool for the iPhone 2G (original iPhone), the iPhone 3G (but not the 3GS) and also the iPod touch (first and second generation). Currently it is available for Windows and Mac OS X (there are some issues using redsn0w with OS X PPC, please use an Intel Mac until we have this problem resolved).

El Chapo: The Most Wanted Man in Mexico

Via News Week International -

The guards at the city club mall in downtown Culiacán refused to talk about the bullet holes in the parking lot. Or about the cross stuck into the pavement, inscribed with three pairs of initials and a melancholy tribute in Spanish: WE WILL LOVE YOU ALWAYS. But almost anyone in this city of 1 million could tell you what happened here a little before 9 p.m. on May 8, 2008: how three men climbed unawares into their white SUV after shopping at the mall; how three other cars zoomed up then unleashed a fusillade of AK-47 gunfire and a single blast from a bazooka. All three men were killed, two of them body-guards for the third, a hulking 22-year-old named Edgar Beltrán Guzman—the son of Joaquín Guzman Loera, better known as El Chapo ("Shorty"), the most wanted man in Mexico.

Culiacán is the bare-knuckle state capital of Sinaloa, laid out between the Pacific Ocean and the Sierra Madre mountains, about 350 miles northwest of Mexico City. I'd come here, as journalists do, in search of El Chapo. If I hung around long enough, I'd been told, I might catch him at one of his famous restaurant drop-bys. (His bodyguards sweep the room, confiscating all mobile phones before his dramatic entrance; he picks up everyone's tab afterward.) But when I arrived in town in early April, El Chapo hadn't been seen in public since his son's murder. He'd gone underground, thanks in part to President Felipe Calderón's all-out war on the drug cartels—2,500 troops were now based in Culiacán and carrying out daily raids—but also because of a bloody feud with a former close ally and boyhood friend, Alfredo Beltrán Leyva, nicknamed Mochomo ("Redhead").

Earlier this month a shootout between Mexican police and Mochomo's gang left 18 people dead in Acapulco. The same gang allegedly killed El Chapo's son—revenge, it's said, after El Chapo betrayed Mochomo to federal authorities. (Javier Valdez, an investigative reporter who looked into Mochomo's arrest for the respected local newsweekly Rio Doce, believes that the federales talked Guzman into giving up his onetime ally. "The government was saying, 'We need somebody, we want somebody,' so to lower the pressure, El Chapo turned in Mochomo," he says.) In revenge, hundreds of narcotraficantes in Culiacán were killed. Victims were found shot dead in parked cars, decapitated, burned, rolled up in bloody blankets and dumped on the roadside. The satirical monthly La Locha ran a helpful glossary of drug-related terminology, including encobijado (a body wrapped up a blanket), ladrillo (a kilo brick of cocaine) and encajuelado (a corpse stuffed in a trunk).

Matters got so bad that at the end of last year, a state official reportedly trekked up to a ranch in Durango state, deep in the eastern Sierra Madre, and got the jefe and Mochomo's men to agree to a truce. (Government officials acknowledge a peace deal but deny any role in it.) Guzman was said to have gone to ground, holed up at one of his tightly guarded haciendas in the mountains. The Sierra is "wild country, the natural place for El Chapo," says Ismael Bojórquez Perea, the editor of Rio Doce. "He feels good and secure up there."

Culiacán's economy has since gone into a tailspin. Nightclubs, discos and restaurants that had catered to the narcos shut down. The downtown street where chirrines—Mexican horn-and-string bands—once waited to be hired for spontaneous fiestas were dark and deserted. Nobody, I was told, felt much like celebrating. And nobody wanted to talk about El Chapo.

-------------------------

There is much more to the article...good read passed to me by a friend.

Spacebook: NASA's Internal Facebook

Via FCW.com -

NASA’s Goddard Space Flight Center has developed a homegrown social-networking application that provides all NASA employees with the types of features found in Facebook but in a secure environment.

Spacebook, which offers user profiles, group collaboration tools and social bookmarking, is available through NASA’s intranet, according to Linda Cureton, Goddard’s chief information officer, who announced the launch, appropriately enough, on her blog.

CIOs are eager to take advantage of the collaboration technologies available through commercial social-networking sites, such as Facebook and Myspace, but they have valid security concerns, Cureton writes. “Launching capabilities like this on internal networks reduces those barriers of entry.”

NASA’s Ames Research Center and Kennedy Space Center have developed their own social-networking applications based on SharePoint, she notes. At some point, the space agency might integrate those with Spacebook.

“One of the most amazing things about these Web 2.0 technologies, and the greatest value to NASA, is the ability to help us create a culture of engagement and collaboration that makes each individual employee much more effective,” Cureton writes.

Somalia Seeks Emergency Military Help

Via VOA News -

Somalia's beleaguered U.N.-supported government says the country is in danger of being taken over by Islamist militants with ties to al-Qaida. It has sent out an appeal for neighboring countries to intervene militarily in Somalia within the next 24 hours.

Speaking to reporters in the capital Mogadishu Saturday, Somali Parliament Speaker Sheik Aden Mohamed Nur "Madobe" made a startling appeal.

The speaker says the government has been weakened by rebel forces and now needs military intervention from Somalia's neighbors - Djibouti, Ethiopia, Kenya, and Yemen - in the next 24 hours.

Echoing remarks made by Somali President Sheik Sharif Sheikh Ahmed in recent days, Madobe says the government is fighting al-Qaida, which has established bases in Somalia and is determined to take over the country.

Reports say two days of heavy fighting in north Mogadishu between government and pro-government forces and Islamist insurgent groups, led by al-Qaida-linked al-Shabab and its ally Hisbul Islam, have prompted thousands of people to flee from the area. The neighborhoods currently under siege once provided refuge for residents fleeing violence in other parts of the capital. Both warring sides are claiming victory, but there has been no independent confirmation.

Late Friday, gunmen kidnapped and killed Mohamed Hussein Adow, a lawmaker close to President Sharif. He was the third government official to be killed violently in as many days. On Thursday, the country's security minister, Omar Hashi Aden, died in a suicide bombing at a hotel in Beletweyne near the border with Ethiopia.

[...]

Despite repeated denials from the government in Addis Ababa, Ethiopia is believed to have already deployed hundreds of troops back into Somalia in recent weeks to counter the growing military strength of al-Shabab. Ethiopia is also said to have given training to pro-government militias now fighting on the frontlines.

Meanwhile, the Somali government and the United States charge that Ethiopia's arch enemy in the region, Eritrea, is fanning violence by providing arms and weapons to Somali extremists as part of a continuing proxy war against Ethiopia.

On Friday, Kenya, which suffered two al-Qaida-related terrorist attacks on its soil in 1998 and 2002, indicated that it was willing to consider sending troops to Somalia. Kenya's Foreign Minister Moses Wetangula said the threat posed by Somali militants was too great to ignore.

"We will not sit back and watch the situation in Somalia deteriorate beyond where it is. We have a duty - a constitutional duty as a country and as a government - to protect our strategic interests including our security," he said.

Horn of Africa analysts and observers have long warned that the conflict in Somalia had the potential to trigger a wider regional war.

BackTrack Pre Final – Public Release and Download

Via offensive-security.com -

The Remote Exploit Team is ecstatic to announce the public release of BackTrack 4 Pre Final (codename “pwnsauce“). A VMWare Image of BT4 will be released in a few days. We have major changes in BackTrack, and have tried to document and summarize them as best as possible. See the BackTrack Guide PDF for more info.

Check out our BackTrack Videos and Resources, our BackTrack PDF, and our Introduction to BackTrack 4” movie.

We’ve opened up new subforums for this release. Please report bugs and suggestions!

As usual, we ask that you do not link directly to our mirrored ISOs. We are trying to get a rough download count for BT4pf.

If you would like to link to our iso, please use :

http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-prefinal-iso

md5sum and sha256sum can be found here, here and here. The Remote Exploit Website News page will be soon updated.

Enjoy!

Remote Exploit Team

One Reason the Taliban Should Hate Linux

Via theinquirer.net -

The recent Paris Air Show revealed a new range of UAVs, which apparently have been using Linux based operating systems to power missions to blow up mostly women, children and old people in Afghanistan and the tribal lands of Pakistan, and occasionally a few Taliban terrorist camps.

According to Flight Global, a look under the bonnet of a Raytheon surveillance KillerBee UAV revealed that the whole beast was under the control of a heavy fuel engine with a Linux-based computer control system.

Raytheon is offering its KillerBee-4 version to the US military with still more open sauce killer goodness.

Clearly whoever designed the code for the KillerBee-4 had no problem finding the right drivers.

It has some impressive requirements. It can track objects both during the day and after dark by using a system of live video and infrared sensors.

It can also fire precision guided munitions by using an on-board laser for target designation.

Either way, there are going to be parts of Afganistan and Pakistan where GLP is going to listed alongside barber shops and music stores as something never to be seen

CDC: Novel H1N1 Flu Situation Update

http://www.cdc.gov/h1n1flu/update.htm?s_cid=tw_flu26

United States H1N1 Flu Update 6/19/09
21,449 Confirmed & Probable Cases of novel H1N1 flu, 87 deaths, 53 states/territories affected

On June 11, 2009, the World Health Organization (WHO) raised the worldwide pandemic alert level to Phase 6 in response to the ongoing global spread of the novel influenza A (H1N1) virus. A Phase 6 designation indicates that a global pandemic is underway.

More than 70 countries are now reporting cases of human infection with novel H1N1 flu. This number has been increasing over the past few weeks, but many of the cases reportedly had links to travel or were localized outbreaks without community spread. The WHO designation of a pandemic alert Phase 6 reflects the fact that there are now ongoing community level outbreaks in multiple parts of world.

WHO’s decision to raise the pandemic alert level to Phase 6 is a reflection of the spread of the virus, not the severity of illness caused by the virus. It’s uncertain at this time how serious or severe this novel H1N1 pandemic will be in terms of how many people infected will develop serious complications or die from novel H1N1 infection. Experience with this virus so far is limited and influenza is unpredictable. However, because novel H1N1 is a new virus, many people may have little or no immunity against it, and illness may be more severe and widespread as a result. In addition, currently there is no vaccine to protect against novel H1N1 virus.

In the United States, most people who have become ill with the newly declared pandemic virus have recovered without requiring medical treatment, however, CDC anticipates that there will be more cases, more hospitalizations and more deaths associated with this pandemic in the coming days and weeks. In addition, this virus could cause significant illness with associated hospitalizations and deaths in the fall and winter during the U.S. influenza season.

Ex-aide Claims Taliban Chief Behind Bhutto Assassinatio

Via CNN -

A close aide to Pakistan's Taliban chief Baitullah Mehsud said he is breaking ties with him and confirmed reports that Mehsud was behind the assassination of former Prime Minister Benazir Bhutto.

Qari Turkestan Bhitaini, a self-proclaimed right-hand man of Mehsud, said Mehsud was behind the December 27, 2007, assassination of Bhutto, Pakistan's Express TV reported.

Bhitaini said he is breaking ties with Mehsud because he blames the Taliban chief for killing scores of innocent Muslims in recent attacks in Lahore.

The Pakistani government and CIA officials have said in the past that Mehsud was responsible for Bhutto's death.

Bhutto, 54, was heading the opposition to then-President Pervez Musharraf when she was assassinated during a campaign rally in Rawalpindi ahead of parliamentary elections.

The Pakistani government, who has struggled to control terrorism, is waging a military offensive against the Taliban in the country's North West Frontier Province.

Terror Groups Looking to Recruit Computer Experts

Via MSNBC.com -

Terrorist groups that have long used the Internet to spread propaganda are increasingly tapping the Web to teach Islamic extremists how to be hackers, recruit techies for cyberwarfare and raise money through online fraud, U.S. officials say.

A senior defense official said intelligence reports indicate extremist groups are seeking computer experts, including those capable of breaching government or other sensitive network systems.

The official, who spoke on condition of anonymity to discuss sensitive information, said the extent and success of those recruiting efforts are unclear.

But jihadists' interest in hacking is evident in forums across the Internet. Law enforcement officials say terrorists are branching out into Internet fraud to raise money for their operations.

One Internet forum, the Mujahedeen Electronic Net, offers hacking instructions in a number of postings. A lengthy posting markets a weekly course and limits it to regular contributors to the Web site who confirm they are committed to Islam. The author of the offer claims the course will be taught by "experts in the electronic jihad," according to a translation of the posting.

Last week, U.S. and Italian authorities broke up an international telephone fraud ring that had roots in Italy and employed hackers in the Philippines. The operation is believed to have funneled thousands of dollars to terrorist groups in Southeast Asia.

Italian officials drew a fragile link to Osama bin Laden. They said one of the men charged with financing the hacking scheme had close ties to members of the International Islamic Efforts Foundation, a Philippines-based group linked to an Islamic charity organization once headed by one of bin Laden's brothers-in-law, Muhammad Jamal Khalifa. Khalifa was reported killed in 2007 during a burglary in Madagascar, where he had a sapphire business.

To date, experts say extremists largely have engaged in "sport hacking" — defacing or taking down Web sites belonging to groups they consider enemies, such as sites featuring Shiite, Jewish or Christian beliefs.

"It's more for propaganda value than for tactical value," said Jarret Brachman, a former West Point researcher who is an expert on jihadist groups.

[...]

But some recent activity suggests there may be an aggressive push among extremists for expertise such as engineering and technical backgrounds that could be used against the U.S. government or other vital systems.

A senior counterterrorism official, who also requested anonymity in order to speak on the sensitive matter, said al-Qaida is known to seek out followers with scientific knowledge, and computer ability is a logical step.

Adam Raisman, a senior analyst at the Washington-based SITE group, an organization that monitors militant Web sites, said he has seen pitches for people adept at photo or flash video programs that can be used to build propaganda Web sites or take down sites considered offensive.

But, he added, "It's very difficult to gauge what they will do if they have the ability to penetrate a network and realize the damage they can create."

Brachman described a growing network of people in the U.S. who go online and "cheer from the sidelines. They will never do anything violent, but they have the skill sets to do low-level hacking and this is a way they can play."

[...]

Terrorist groups lack the skills to match the abilities of sophisticated governments such as the U.S., China and Russia in launching widespread Web attacks, but they could hire someone who does, Steven Chabinsky, assistant deputy director of cyberissues for the Obama administration's director of national intelligence, recently told a technology conference.

Reaching out to hackers with equipment and expertise could enable those groups to transmit viruses or worms to take over computers and direct them to send spam, carry out identity-theft or take down Web sites.

Some officials contend that extremists don't have to take down a critical network or system to have an impact. Even the ability to penetrate and deface a well-trafficked Web site could shake public confidence in the government.

Minor Safari Cross Domain Bug

Via The Spanner UK -

I found this while writing Astalanumerator. Safari allows you to overwrite top and parent with native code and maybe other stuff (I haven’t tried). This allows you to define something on domain A and call it on domain B using the top and parent. I’d email Apple about it but the last time I reported XSS on the Apple store they ignored me.

You could use this in dom based XSS situations when you have control over a link. The attack would work like this:-

PHPIDS

But the remote site would include a iframe to the target page and refining parent/top as setTimeout or eval. You could also use “name” in this instance to provide a XSS payload.

Here is the POC for the cross domain in action, I use subdomains in this instance but any domain could be used:-

Safari poc

BBC Enlisting New Satellites to Broadcast in Iran

Via Google (AP) -

The BBC is using two extra satellites to broadcast its Farsi-language service after days of jamming it blamed on Iran.

The British state-run news organization said the move was meant to help it reach its Iranian audience as the crisis over their country's disputed election deepens. It is also a challenge to Iran's religious government, which has accused foreign broadcasters of stirring unrest, singling out the BBC in particular.

"This is an important time for Iran," BBC World Service Director Peter Horrocks said in a statement. "We hope that by adding more ways to access BBC Persian television, Farsi-speaking audiences can get the high quality news, analysis and debate they clearly desire."

As huge protests have followed the re-election of hardline President Mahmoud Ahmadinejad, Iran has moved to deprive people of independent sources of news.

BBC Farsi, Facebook, Twitter and other sites have been blocked. Text messaging has been cut off for the past week, and cell phone service in Tehran is frequently down. The BBC said the Hot Bird 6 satellite — which it and other broadcasters use to broadcast to the Middle East, North Africa, and Europe — has been subject to aggressive interference.

Even before the presidential election, Iran's supreme leader, Ayatollah Ali Khamenei, blasted foreign broadcasters for their coverage of the campaign, accusing them of demoralizing voters and trying to drive down turnout. Shortly after Ahmadinejad's victory, he accused international media of waging a "psychological war" against the country.

The BBC has covered the protests extensively. Its Farsi service, like that of U.S. broadcaster Voice of America, is followed by many Iranians and has often carried news of clashes with police, attacks on demonstrators and arrests of opposition activists.

Ahmadinejad has bristled at the coverage: His supporters were shown earlier this week wielding signs with "BBC" crossed out in red. The U.K.'s ambassador was summoned to hear complaints from Iranian officials. In a nationally broadcast speech Friday, Khamenei accused Western broadcasters stirring up chaos.

"Some of our enemies in different parts of the world intended to depict this absolute victory, this definitive victory, as a doubtful victory," Khamenei said. "It is your victory. They cannot manipulate it."

The BBC said it was making its Farsi-language service available on satellite Eutelsat W2M, which it said Iranians could tune into by making a small adjustment to their satellite dishes. The BBC also said the service would soon be available on Egyptian satellite Nilesat and it was increasing the length of its Farsi radio program.

U.S.-funded Radio Free Europe/Radio Liberty, based in central Europe, is also working to step up its satellite program, according to spokesman Julian Knapp. He said interference had increased "on all fronts" but said the service used a variety of ways to stream content into the country, including stepping up shortwave broadcasting.

The Voice of America, based in the Washington, did not immediately return a call seeking comment.

U.S.S. John McCain Prepares To Intercept North Korean Ship

Via FoxNews.com -

The U.S. military is planning to intercept a flagged North Korean ship suspected of proliferating weapons material in violation of a U.N. Security Council resolution passed last Friday, FOX News has learned.

The USS John McCain, a navy destroyer, will intercept the ship Kang Nam as soon as it leaves the vicinity off the coast of China, according to a senior U.S. defense official. The order to inderdict has not been given yet, but the ship is getting into position.

The ship left a port in North Korea Wednesday and appears to be heading toward Singapore, according to a senior U.S. military source. The vessel, which the military has been tracking since its departure, could be carrying weaponry, missile parts or nuclear materials, a violation of U.N. Resolution 1874, which put sanctions in place against Pyongyang.

The USS McCain was involved in an incident with a Chinese sub last Friday - near Subic Bay off the Philippines.

The Chinese sub was shadowing the destroyer when it hit the underwater sonar array that the USS McCain was towing behind it.

That same navy destroyer that was being shadowed by the Chinese is now positioning itself for a possible interdiction of the North Korean vessel.

This is the first suspected "proliferator" that the U.S. and its allies have tracked from North Korea since the United Nations authorized the world's navies to enforce compliance with a variety of U.N. sanctions aimed at punishing North Korea for its recent nuclear test.

The ship is currently along the coast of China and being monitored around-the-clock by air.

The apparent violation raises the question of how the United States and its allies will respond, particularly since the U.N. resolution does not have a lot of teeth to it.

The resolution would not allow the United States to board the ship forcibly. Rather, U.S. military would have to request permission to board -- a request North Korea is unlikely to grant.

North Korea has said that any attempt to board its ships would be viewed as an act of war and promised "100- or 1,000-fold" retaliation if provoked.

The U.S. military may also request that the host country not provide fuel to the ship when it enters its port. North Korean merchant ships usually need fuel as they approach Singapore and the ports of eastern India. When tipped off, Indian port authorities are stringent enforcers of UN sanctions against ships carrying contraband.

The U.S. Navy does not need to enforce the sanctions. Instead, it could "poison the host," a move that entails working behind the scenes with Indian Ocean port authorities to inspect and confiscate illegal cargos.

This move worked last year when U.S. officials reportedly warned Indian officials in advance of a North Korean transport aircraft that had requested permission to fly through Indian airspace on the way to Iran after stopping in Burma to refuel. The Indians refused to allow the aircraft to fly through their airspace. The aircraft reportedly was carrying gyroscopes for ballistic missiles.

The Kang Nam is known to be a ship that has been involved in proliferation activities in the past -- it is "a repeat offender," according to one military source. The ship was detained in October 2006 by authorities in Hong Kong after the North Koreans tested their first nuclear device and the U.N. imposed a subsequent round of sanctions.

NY Poly Institute: Penetration Testing & Vulnerability Analysis Course

Dan Guido (@dguido) posted all the materials from his Penetration Testing and Vulnerability Analysis currently taught at the Polytechnic Institute of New York University.

----------------------

http://pentest.cryptocity.net/

This is the course website for Penetration Testing and Vulnerability Analysis currently taught at the Polytechnic Institute of New York University. The course aims to introduce techniques and skills for identifying, analyzing, and exploiting software vulnerabilities. This course is offered as part of:

• E-Poly's Cyber-Security certificate,
• E-Poly's MS in Cyber-Security,
• and through the university proper.

$134 Billion In Seized US Bonds Are Fakes

Via National Terror Alert -

U.S. government bonds found in the false bottom of a suitcase carried by two Japanese travelers attempting to cross into Switzerland are fake, a Treasury spokesman said.

“They’re clearly fakes,” Stephen Meyerhardt, a spokesman for the U.S. Bureau of the Public Debt in Washington, said yesterday. “That’s beyond the fact that the face value is far beyond what’s out there.”

Italy’s financial police last week said they asked the U.S. Securities and Exchange Commission to authenticate the seized bonds, with a face value of $134 billion. Colonel Rodolfo Mecarelli of the Guardia di Finanza in Como, Italy, said the securities, seized in Chiasso, Italy, were probably forgeries.

Meyerhardt said Treasury records show an estimated $105.4 million in bearer bonds have yet to be surrendered. Most matured more than five years ago, he said. The Treasury stopped issuing bearer bonds in 1982, Meyerhardt said.

Had the notes been genuine, the pair would have been the U.S. government’s fourth-biggest creditor, ahead of the U.K. with $128 billion of U.S. debt and just behind Russia, which is owed $138 billion.

Source

$134 Billion U.S. Bond Mystery Continues In Italy

2 Japanese Carrying $134 Billion In U.S. Bonds Detained In Italy

Danger Room What’s Next in National Security CSI Somalia: Interpol Targets Pirates

Via Wired.com -

The war on Somali pirates has moved to the bargaining table,to the crime labs, and to Somalia’s white beaches. With the beginning of East Africa’s stormy monsoon season, hijackings at sea are down, giving the coalition of pirate-fighting nations a chance to counter-attack. Their weapons: fingerprints, grassroots anti-piracy leagues… and 500 Somali men, in shorts and t-shirts.

The U.S. Navy, NATO and the other military forces patrolling East African waters, say it’s not hard to fight pirates, once you identify them. But Somali sea bandits blend in with innocent fishermen and toss their weapons over-board when they’re caught, so that nobody can prove they were up to no good. Piracy is a “complex legal issue linked to national law, international law and the law of the high seas,” NATO General Karl-Heinz Lather said, in May. Without good evidence, NATO has been releasing captured pirate suspects on the nearest Somali beach.

Interpol, the international police force, is hoping to change that, by collecting fingerprints of pirate suspects. “Without systematically collecting photographs, fingerprints and DNA profiles of arrested pirates and comparing them internationally, it is simply not possible to establish their true identity or to make connections that would otherwise be missed,” Interpol executive director Jean-Michel Louboutin said yesterday.

Meanwhile, on land in Somalia, the U.S.- and U.N.-backed “transitional government” has recruited 500 men to fill the ranks of an anti-piracy force. The men began training last week, in their “simple uniforms of shorts and white T-shirts.” The force is riding a rising wave of popular opposition to pirates, whose crimes have disrupted international efforts to stabilize Somalia. Some reports have pirate bosses pleading for leniency from incensed imams and elders.

U.S. Navy Tracking Possible North Korean Nuke Shipment

Via NavyTimes.com (h/t National Terror Alert) -

The Navy is tracking a North Korean cargo ship suspected of carrying illegal weapons, equipment or nuclear fissile material that North Korea has been prohibited from transporting by the U.N. Security Council, top U.S. defense officials said Thursday.

Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, told reporters at the Pentagon that “clearly, we intend to vigorously enforce the U.N. Security Council Resolution 1874,” although the Navy cannot use force to stop or board the vessel suspected of carrying the contraband.

A U.S. warship could hail the North Korean ship and ask to search it, and if the ship’s crew didn’t comply, the U.S. sailors could order the vessel to sail to the nearest port and request officials in that port to do the search — although the U.S. ship couldn’t use force for that, either.

“The resolution does not include an option for an opposed boarding or a noncompliant boarding,” Mullen said. “If we get to that point with a vessel we suspect has material which is unauthorized — that’s a report that goes back to the U.N.”

Mullen, who briefed reporters with Defense Secretary Robert Gates, gave few details about how the Navy was tracking the North Korean ship — whether U.S. warships or aircraft were shadowing it — and what led U.S. officials to believe it was carrying contraband material.

The U.N. Security Council voted to place additional strictures on North Korea after the country detonated a nuclear bomb May 25 and launched ballistic missiles into the ocean off Southeast Asia. One of the restrictions was that North Korean ships suspected of carrying nuclear material would be interdicted at sea, but the North has said it would consider the boarding of any of its ships as an act of war.

Intellipedia - Towards Living / Purple Intelligence

http://www.youtube.com/watch?v=nbgQ1V2BLEs

The United States Intelligence Community's wiki, Intellipedia, has been a media darling. Its very existence in such a bureaucratic and secret world inspired many. Intellipedia is now in its fourth year and the dominate view of its role can aptly be described as "good for collaboration but not the product." Each intelligence agency still vets and generates "their" products and Intellipedia is largely viewed as an adjunct of generic information compared to the official process. The living intelligence model aims to reduce parallel product creation by moving the review process into the same place where the collaboration takes place. This would create a central and transparent vetting system that replaces legacy processes. This is a key lesson for all Enterprise 2.0 endeavors--it must replace something. Living intelligence has also been referred to as purple intelligence.

---------------------

Chris Rasmussen is a social-software knowledge manager at the National Geospatial-Intelligence Agency (NGA), but he prefer the title "Purple Intelligence and Mashup Evangelist".

City in Montana Requires Job Applicants to Give Up Social Network Logins & Passwords

Via boingboing.net -

Cliff sez, "Bozeman City, Montana now asks all applicants for jobs to 'Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.,' the City form states. There are then three lines where applicants can list the Web sites, their user names and log-in information and their passwords."

The anonymous viewer emailed the news station recently to express concern with a component of the city's background check policy, which states that to be considered for a job applicants must provide log-in information and passwords for social network sites in which they participate.

The requirement is included on a waiver statement applicants must sign, giving the City permission to conduct an investigation into the person's "background, references, character, past employment, education, credit history, criminal or police records."

Bozeman City job requirement raises privacy concerns (Thanks, Cliff!)

9/11, Information Sharing, and “The Wall”

Via FAS Secrecy News -

The rise of “the wall” between intelligence and law enforcement personnel that impeded the sharing of information within the U.S. government prior to September 11, 2001 was critically examined in a detailed monograph (pdf) that was prepared in 2004 for the 9/11 Commission. It is the only one of four staff monographs that had not previously been released. It was finally declassified and disclosed earlier this month.

In April 2004, Attorney General John Ashcroft testified (pdf) that the failure to properly share threat information in the summer of 2001 could be attributed to Justice Department policy memoranda that were issued in 1995 by the Clinton Administration. That is an erroneous oversimplification, the staff monograph contends: “A review of the facts… demonstrates that the Attorney General’s testimony did not fairly and accurately reflect” the meaning or relevance of those 1995 policy documents. For one thing, those policies did not even apply to CIA and NSA information, which could have been shared with law enforcement without any procedural obstacles.

But if Attorney General Ashcroft was misinformed, he was not alone. The 1995 procedures governing information sharing between law enforcement and intelligence “were widely misunderstood and misapplied” resulting in “far less information sharing and coordination… than was allowed.” In fact, “everyone was confused about the rules governing the sharing and use of information gather in intelligence channels.”

“The information sharing failures in the summer of 2001 were not the result of legal barriers but of the failure of individuals to understand that the barriers did not apply to the facts at hand,” the 35-page monograph concludes. “Simply put, there was no legal reason why the information could not have been shared.”

The prevailing confusion was exacerbated by numerous complicating circumstances, the monograph explains. The Foreign Intelligence Surveillance Court was growing impatient with the FBI because of repeated errors in applications for surveillance. Justice Department officials were uncomfortable requesting intelligence surveillance of persons and facilities related to Osama bin Laden since there was already a criminal investigation against bin Laden underway, which normally would have preempted FISA surveillance. Officials were reluctant to turn to the FISA Court of Review for clarification of their concerns since one of the judges on the court had expressed doubts about the constitutionality of FISA in the first place. And so on. Although not mentioned in the monograph, it probably didn’t help that public interest critics in the 1990s (myself included) were accusing the FISA Court of serving as a “rubber stamp” and indiscriminately approving requests for intelligence surveillance.

In the end, the monograph implicitly suggests that if the law was not the problem, then changing the law may not be the solution. The document, which had been classified Secret, was released with some small though questionable redactions. See “Legal Barriers to Information Sharing: The Erection of a Wall Between Intelligence and Law Enforcement Investigations,” 9/11 Commission Staff Monograph by Barbara A. Grewe, Senior Counsel for Special Projects, August 20, 2004.

Trade Sanctions and Web 2.0: Are US Regulations Hurting Free Speech in Iran?

Via EFF -

For the past few days, Iranians have been taking advantage of US-hosted communication services like Twitter and Facebook to communicate with each other about their contested election, uncover and compare facts, and convey their experiences to the rest of the world. They've done that despite apparent attempts to block these sites by the Iranian authorities.

For those watching and listening, it's been a bracing demonstration of the power of the Internet — and the latest Web 2.0 services — to enhance free speech, wherever you live.

But EFF has also been watching with concern the blocking of Web 2.0 sites in countries like Iran. This new threat doesn't come from foreign governments: it appears to be coming from the ambiguity of the United States own exports' regulations, and how they should be applied to new web sites and services.

The problem, as is so often the case in the clash between new technology and the law, lies in the mismatch between the language of the old regulations and the new world of the Internet. The United States' export law bans much US trade with counties like Cuba, Iran, the Sudan and Syria: but those strict sanctions have long had explicit free speech exceptions carved out for the transmission of "information" and "information materials", as well as transactions involved in the "publishing and marketing of manuscripts, books, journals and newspapers ... in paper or electronic format."

The aim of such language is obvious: free speech across borders shouldn't be chilled by our export policies. Similarly the U.S. should actively support access by those suffering under repressive regimes to the modern tools of free speech like Facebook, Twitter and LinkedIn. Yet it seems that the regulations are, at best, unclear.

As a result we've seen evidence that corporate lawyers advising Web 2.0 companies may be acting defensively to protect their Internet clients from prosecution under the export laws. Earlier this year, LinkedIn appeared to deliberately block its Sudanese and Syrian users from its website, presumably out of fear that their site be classed outside of the law's free speech exceptions. And ComputerWorld last week quoted two export lawyers who thought that websites like Twitter and Facebook would be affected by sanction regulations because they provide "services" rather than simply information materials. "If you ask any lawyer who regularly practices in this area, they would say don't offer the service [to sanctioned countries]," one lawyer is reported to have said. Iran is, of course, one of those countries currently under stiff sanctions from the U.S.

Hopefully, the amazing role of Web 2.0 companies in protests in Iran and other countries will demonstrate the important role that these tools play in supporting freedom of expression, and has made obvious that companies like Facebook should never be blocked by US export regulations from being used for political organizing and speech in these countries.

EFF is looking for more evidence about the chilling effect of the export restrictions on digital tools of free expression. In addition, it seems time for the Obama administration pro-actively clarify that the Web 2.0 free speech tools do not require affirmative licensing under the export regulations.

Iranian net users have fought so hard to access and use the Web to push for freedom and democracy. It would be a tragedy if American companies blocked them out of a fear of the U.S. government's rules.

Slowloris = HTTP Equivalent of a SYN Flood

NAME
Slowloris

VERSION
Version 0.7 Beta

DATE
06/17/2009

AUTHOR
RSnake with threading from John Kinsella

ABSTRACT
Slowloris both helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time (once the program is killed), and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don't die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons.

AFFECTS
Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, Squid, others...?

NOT AFFECTED
IIS6.0, IIS7.0, lighthttpd, others...?

DESCRIPTION
Slowloris is designed so that a single machine (probably a Linux/UNIX machine since Windows appears to limit how many sockets you can have open at any given time) can easily tie up a typical web server or proxy server by locking up all of it's threads as they patiently wait for more data. Some servers may have a smaller tolerance for timeouts than others, but Slowloris can compensate for that by customizing the timeouts. There is an added function to help you get started with finding the right sized timeouts as well.

As a side note, Slowloris does not consume a lot of resources so modern operating systems don't have a need to start shutting down sockets when they come under attack, which actually in turn makes Slowloris better than a typical flooder in certain circumstances. Think of Slowloris as the HTTP equivalent of a SYN flood.

------------------

Slowloris HTTP DoS Tool
http://www.milw0rm.com/exploits/8976

More Slowloris information from Rsnake
http://ha.ckers.org/blog/20090617/slowloris-http-dos/

Camouflaged Gunmen Open Fire On Arizona Fish And Game Employees

Via nogalesinternational.com (h/t National Terror Alert) -

The Arizona Game and Fish Department is reviewing procedures on work near the Mexico border after three government employees were fired on east of Arivaca Lake last week.

Two Game and Fish employees and an employee with Pima County Natural Resources, Parks and Recreation, were fired at Thursday by a group of men while scouting for a land access project.

“This is the first time in recent history that our employees have been fired at on the border,” said Leonard Ordway, supervisor for Game and Fish’s Southern Arizona region.

The incident happened about eight miles east of Interstate 19 just south of Tumacacori, and about 15 miles north of the U.S.-Mexico border. None of the agency employees was injured.

According to Game and Fish, the three were riding all-terrain vehicles through a small canyon area about four miles east of Arivaca Lake when they came across at least four Hispanic males dressed in camouflage.

Ordway said two of the men in camouflage fled a short distance up a hill and dropped down in the grass after the groups met, while the agency employees backed out of the area.

The three agency employees left and notified Game and Fish, which notified the Border Patrol, Pima County Sheriff’s Office and the Arizona Department of Public Safety.

About 30 to 40 law enforcement personnel and three helicopters were on site within 45 minutes, Ordway said. They men were not found, but officials recovered several fresh 9mm casings.

He said the department is reviewing its operating procedures in borderland areas.

Mexico Report: 9,758 Migrants Abducted in 6 Months

Via Yahoo! News (AP) -

A survey by Mexico's National Human Rights Commission shows that thousands of mainly Central American migrants crossing the country to reach the United States are kidnapped for ransom every year.

The commission says an estimated 9,758 migrants were kidnapped in Mexico between September and February, mainly by drug gangs but some migrants reported that authorities were involved.

The survey presented Monday said the victims were released in exchange for ransoms ranging from $1,500 to $5,000. Based on the number of cases, the report estimated that total ransom payments would amount to about $25 million over that six months.

The commission surveyed migrants at shelters and detention centers.

Mexico: Cartels Use Frozen Sharks to Smuggle Cocaine in Yucatan

Via SkyNews.com (UK) -

Military pressure is forcing drug gangs to go to greater lengths to conceal narcotics bound for the United States.

Navy officers cut open more than 20 shark carcasses filled with slabs of cocaine after checking a container ship in a port in the southern Mexico state of Yucatan.

X-ray machines and sniffer dogs had helped uncover the drugs.

"We are talking about more than a ton of cocaine that was inside the ship," Navy Commander Eduardo Villa told reporters.

"Those in charge of the shipment said it was a conserving agent but, after checks, we confirmed it was cocaine."

Gangs have been hiding drugs in sealed beer cans, religious statues and furniture, as Mexico's military cracks down on the cartels moving South American narcotics north.

President Felipe Calderon has sent 45,000 troops and federal police across Mexico to try to crush powerful smuggling organisations.

But traffickers armed with a huge arsenal of grenades and automatic weapons are far from defeated, worrying Washington as violence spills over into US states, such as Arizona.

Some 2,750 people have died in drug violence in Mexico this year, a pace similar to that of 2008, when 6,300 were killed.

Led by Mexico's most wanted man, Joaquin 'Shorty' Guzman, smugglers from the Pacific state of Sinaloa are fighting a turf war with rivals.

Guzman seeks to control Mexican and Central American smuggling routes into the US.

Texas Dept of Transportation Toll Payment Glitch Affects Hundreds

Via kuve.com (Austin) -

Some Central Texas drivers are finding out that money they put into their toll road accounts is simply not there. TxDOT blames the problem on a computer glitch that began a month ago.

Michael Miller points out his attempt at the beginning of the month to reload his toll tag, "there it is, right there, Texas Tag 30 bucks."

Miller's bank account reflected the charge, but it did not register with TxDOT.

"Then where is the money? They're not able to clearly define where the money is at. I don't know what to do at this point. It's very frustrating. I thought it's probably not just happening to me, it's happening to a number of people,” he said.

He was right. TxDOT Spokesperson Kelli Petras says a computer glitch has affected 360 transactions in Central Texas in the past month. Some customers are getting charged double while for others, the charge goes through on the bank end, but shows “invalid transaction” on the Tx Tag account.

"We're taking time to review all of the transactions for that day that paid with a debit or credit card and making sure that their account balance is correct,” Petras said.

If an error is found, Petras says customer service will contact the account holder. It's such a time consuming process that those affected must wait ten days before getting a refund.

"We're actively figuring out what's wrong with the software so we can fix this,” she said.

Tuesday was day eleven for Miller.

"I use the toll ways every day coming to and from work and it's been a big hassle,” he said.

There is a chance you will find the error before TxDOT does. Petras advises to check your account and if there are problems, call the customer service line at 1-888-GO-TX-TAG or 468-9824. Out of 12 thousand dollars in failed transactions, eight thousand have been refunded.

New Strain of Swine Flu Discovered in Brazil

Via breitbart.com (AFP) -

Brazilian scientists have identified a new strain of the H1N1 virus after examining samples from a patient in Sao Paulo, their institute said Tuesday.

The variant has been called A/Sao Paulo/1454/H1N1 by the Adolfo Lutz Bacteriological Institute, which compared it with samples of the A(H1N1) swine flu from California.

The genetic sequence of the new sub-type of the H1N1 virus was isolated by a virology team lead by one of its researchers, Terezinha Maria de Paiva, the institute said in a statement.

he mutation comprised of alterations in the Hemagglutinin protein which allows the virus to infect new hosts, it said.

It was not yet known whether the new strain was more aggressive than the current A(H1N1) virus which has been declared pandemic by the World Health Organization.

The genetic make-up of the H1N1 virus and its subvariants are important for scientists.

Pharmaceutical companies are working to mass produce a vaccine against the current A(H1N1) flu.

There are fears though that it could mutate into a deadly strain, much in the same way as the 1918 Spanish flu -- also an A(H1N1) virus type -- did when it killed tens of millions around the planet.

According to the WHO, 36,000 people in 76 countries have been infected with the H1N1 virus, causing 163 deaths.

iPhone Hackers Get a Break

Via MIT Technology Review -

In March, the organizers of a computer-security conference called CanSecWest challenged attendees to break into any one of five smart phones, among them Apple's popular iPhone. The perceived difficulty of the task--especially breaking into the iPhone--meant that few researchers made any attempt to hack the devices, and none succeeded.

Now two researchers hope to make things considerably easier for would-be iPhone hackers. Next month, Charles Miller, a principal analyst at Independent Security Evaluators, and Vincenzo Iozzo, a student at the University of Milan, in Italy, will present a way to run nonapproved code on Apple's mobile device at the Black Hat Security Conference, in Las Vegas.

Researchers have previously found vulnerabilities in the security of the iPhone; Apple disclosed and issued a patch for a dozen such security holes in the device last November. But it remains tricky to run a nonapproved program once such a flaw has been exploited. Because of the difficulty in running unauthorized code on the iPhone, many security researchers simply refuse to spend much time finding any flaws.

"If you want to attack iPhones, you have to be able to run code to do whatever it is you want to do," Miller says. "Maybe that is grabbing credentials, maybe it is listening into phone calls, maybe it is turning on the microphone. Who knows? But this all requires that you be able to run code."

"Charlie found those particular places where changing permissions is allowed on the factory iPhones," says Sergio Alvarez, a security consultant with Recurity Labs and a fellow iPhone hacker, who is familiar with Miller and Iozzo's research. "[These parts of the phone] make our lives easier and give us more freedom to code generic and reliable second-stage [attacks]."

The challenge for security researchers and malicious attackers is that Apple restricts the data that can be executed in the iPhone's memory and requires that programs for the iPhone be cryptographically signed by Apple. Code signing has security benefits, but it is also a way to control which applications run on the iPhone platform.

"In iPhone 1.0, there was very little security built into it," Miller says. "But when they went to iPhone 2.0--less because they cared about people breaking into phones and more because they wanted to make sure that they wanted to have the App Store and not have people download all sorts of crazy apps--they added a bunch of security."

But Miller found more than one instance in which Apple failed to prevent unauthorized data from executing. This means that a program can be loaded into memory as a nonexecutable block of data, after which the attacker can essentially flip a programmatic switch and make the data executable.

The ability to run any code is significantly different from "jailbreaking" a phone, a term used when the owner of a phone breaks the security locking that device to a particular provider or operating system, because it requires physical access to the device, Miller says. "Jailbreaking is, you have your own phone, you have it in your hand, and you want to do something to make sure you can put nonsigned code on it," he says. "You own the device, so you can do certain things to it."

In fact, at the CanSecWest Conference in March, Miller, Alvarez, and other researchers realized that attacks that work on jailbroken phones would not work on regular (non-jailbroken) iPhones. They had assumed that the attacks they had found on a jailbroken iPhone would work on nonbroken devices. Instead, they found that their attacks would not work.

"Basically, what happened was that everybody made the same mistake, and we all have learned from it," Recurity's Alvarez says. "We used jailbroken iPhones in order to be able to debug."

While the researchers could not come up with any legitimate uses for running unapproved code on the iPhone, Miller stresses that the research is valuable. Like nearly 40 million other people, he carries an iPhone containing work information, personal details, and family pictures. Knowing the limits of the device's security is important, he argues.

"The thing is, I'm pointing out exactly what bad guys can do against the device," he says. "They are likely doing parallel research, except they don't share their results. It is better for everyone to understand the strengths and weaknesses of the security of devices, and make informed decisions about what devices they should use and how they should use them, rather than having only the bad guys know how they work."

Of course, Apple may have already fixed the issue. Later this month, the company will release version 3.0 of the iPhone operating system, and Miller will have to make sure his attack still works.

"With iPhone 3.0 coming out, that might change a lot of this stuff," Miller says.

Vulnerable Smart Meters Open Door to Power-Grid Botnet

Via The Register UK -

New electricity meters being rolled out to millions of homes and businesses are riddled with security bugs that could bring down the power grid, according to a security researcher who plans to demonstrate several attacks at a security conference next month.

The so-called smart meters for the first time provide two-way communications between electricity users and the power plants that serve them. Prodded by billions of dollars from President Obama's economic stimulus package, utilities in Seattle, Houston, Miami, and elsewhere are racing to install them as part of a plan to make the power grid more efficient. Their counterparts throughout Europe are also spending heavily on the new technology.

There's just one problem: The newfangled meters needed to make the smart grid work are built on buggy software that's easily hacked, said Mike Davis, a senior security consultant for IOActive. The vast majority of them use no encryption and ask for no authentication before carrying out sensitive functions such as running software updates and severing customers from the power grid. The vulnerabilities, he said, are ripe for abuse.

"We can switch off hundreds of thousands of homes potentially at the same time," Davis, who has spent the past few months analyzing a half-dozen smart meters, told The Reg. "That starts providing problems that the power company may not be able to gracefully deal with."

To prove his point, Davis and his IOActive colleagues designed a worm that self-propagates across a large number of one manufacturer's smart meter. Once infected, the device is under the control of the malware developers in much the way infected PCs are under the spell of bot herders. Attackers can then send instructions that cause its software to turn power on or off and reveal power usage or sensitive system configuration settings.

The worm, which Davis will demonstrate next month at the Black Hat security conference in Las Vegas, is able to spread quickly. It exploits an automatic update feature in the meter that runs on peer-to-peer technology that doesn't use code signing or other measures to make sure the update is authorized. It uses a routine known as interrupt hooking, which adds additional code to the device's operating system.

UK Government To Launch US-Like Cybersecurity Center

Via ITProPortal.com -

The UK government is gearing up to launch a national cybersecurity centre to deal with soaring threats of hacking attacks from foreign states as well as criminal gangs.

Gordon Brown is likely to announce details of the move sometime around later this month in an attempt to check foreign states and cybercriminals breaking into government and business IT infrastructure, reported The Guardian.

Emulating US President Barack Obama's announcement of a new cybersecurity mechanism to safeguard IT infrastructure in the US, Brown is said to devise a similar strategy tailored to safeguard UK's IT systems against unauthorised intrusions.

The UK government is said to be working with the US and Canada to co-ordinate effectively in operations against online attacks by criminal gangs and foreign states.

The new move, which reportedly forms the centrepiece of the government's updated national Security Strategy, marks a U-turn in its security strategy to handle cybercrime, which until now has been handled by a shadowy group linked to various security agencies and intentionally kept low profile.

Incidentally, the head of MI5 Jonathan Evans has cautioned that several banks, accounting and legal firms in UK are under attack from “Chinese state organisations” since 2007. In addition to China, Western governments further suspect North Korea and Russia for sponsoring cyber attacks against them.

----------------------------------------

Recently, U.S Deputy Defense Secretary William Lynn III outlined the focus of the new DoD Cyber Command...

“Such a command would not represent the militarization of cyberspace,” Lynn said.

DOD will continue to focus on its .mil domain, while primary responsibility for the civilian .gov domain will remain with the Homeland Security Department. The private sector will be responsible for the rest of the country’s Internet infrastructure. He said DOD and the National Security Agency would be available to lend their expertise in cyber defense “in a way that upholds and respects our civil liberties.”

$134 Billion U.S. Bond Mystery Continues In Italy

Via Bloomberg.com (June 12th) -

The seized notes include 249 securities with a face value of $500 million each and 10 additional bonds with a value of more than $1 billion, the police force said on its Web site. Such high denominations would not have existed in 1934, the purported issue date of the notes, Mecarelli said. Moreover, the “Kennedy” classification of the bonds doesn’t appear to exist, he said.

The bonds were seized in Chiasso, Italy. Mecarelli said he expects a determination from the SEC “within a few days.”

-------------------------------

According to another Bloomberg article on the 12th, Consulate General of Japan in Milan still hasn’t been confirmed that the individuals are Japanese.

If the securities are found to be genuine, the individuals could be fined 40 percent of the total value for attempting to take them out of the country without declaring them, the Asahi said.

-------------------------------

Basically either way, these people are in some deep mess...

If the bond are fake (which seems likely), they are in for some huge counterfeit crimes..

If the bonds are real (which seems unlikely), they will be fined under Italian law at 40 percent....which is about $53 billion.

State Dept Asked Social Networks to Keep the Iranian News Flowing

Via AC360 Blog (CNN) -

The halls of Foggy Bottom are ringing with the Tweets coming with Iran and the State Department is working to ensure they keep coming.

Senior officials say the State Department is working with Twitter and other social networking sites to ensure Iranians are able to continue to communicate to each other and the outside world.

By necessity, the US is staying hands off of the election drama playing out in Iran, and officials say they are not providing messages to Iranians or “quarterbacking” the disputed election process.

But they do want to make sure the technology is able to play its sorely-needed role in the crisis, which is why the State Department is advising social networking sites to make sure their networks stay up and running for Iranians to use them and helping them stay ahead of anyone who would try to shut them down.

For example, senior officials say the State Department asked Twitter to refrain for going down for periodic scheduled maintenance at this critical time to ensure the site continues to operate. Bureau’s and offices across the State Department, they say, are paying very close attention to Twitter and other sites to get information on the situation in Iran.

Because the US has no relations with Iran and does not have an embassy there, it is relying on media reports and the State Department’s Iran Watch Offices in embassies around the world. The largest such offices are in Dubai, Berlin and London, all home to large Iranian expat communities.

But officials say the internet, and specifically social networking sites like Twitter and Facebook, are providing the United States with critical information in the face of a crackdown on journalists by Iranian authorities.

“There are lots of people here watching,” one senior official said. “There are some interesting messages going up.”

While officials would not say whether they were communicating with Iranians directly, one senior official noted that the US is learning about certain people being picked up for questioning by authorities through posts on Twitter.

“It is a very good example of where technology is helping,” the official said.

The situation in Iran is a real world example of the State Department’s efforts to increase use of technology in diplomacy, including social networking sites, Web Video and text messages to reach large numbers of people who would otherwise be difficult to reach.

-----------------------------

http://blog.twitter.com/2009/06/down-time-rescheduled.html

A critical network upgrade must be performed to ensure continued operation of Twitter. In coordination with Twitter, our network host had planned this upgrade for tonight. However, our network partners at NTT America recognize the role Twitter is currently playing as an important communication tool in Iran. Tonight's planned maintenance has been rescheduled to tomorrow between 2-3p PST (1:30a in Iran).

China Backs Down Over Controversial Censorship Software (aka Green Dam)

Via Wikileaks.org & The Guardian UK -

The Chinese government appears to have backed down in the face of public opposition to its plans for mandatory installation of censorship software on all new computers.

The Green Dam Youth Escort program, which restricts access to pornography and politically sensitive websites, was due to be compulsorily incorporated in the hard drives of all new machines sold after 1 July, but the state-run media announced today that it would instead be an optional package.

The softening of tone appears designed to head off a wave of criticism about the program, which has brought the government culture of information control into an unusually harsh domestic spotlight.

But it is unlikely to allay suspicions about the developer, Jinhui – a military-backed software firm – and about Green Dam, which tightens government control of the internet at the level of individual computers.

Secret documents published online and investigations by hackers have revealed an embedded blacklist of politically sensitive words in the program, a hole in the system that potentially allows remote users to take control of an individual's computer and a defective pornography algorithm.

Wikileaks has published what it claims is the initial bidding document to develop the software by Jinhui Computer System Engineering. In the April 2008 paper, the Henan-based company promised the ministry of industry and information that it could provide international standards of blocking technology to restrict access to pornography and other "harmful information".

A separate file purportedly contains a coded blacklist of forbidden words, including "Falun Gong", an outlawed spiritual group, and 6.4, the anniversary of the Tiananmen Square crackdown.

Jinhui strengthened suspicions that the primary goal of the new software was to fill holes in the Great Firewall when it boasted that three layers of filtering would be effective "regardless of changing URLs and languages".

Amid growing controversy over the apparent underhand censorship, the state media are now downplaying the compulsory aspect of the software. "PC makers are only required to save the set-up files of the program in the hard drives of the computers, or provide CD-Roms containing the program with their PC packages," the English-language China Daily quoted an official saying yesterday .

"The users have the final say on the installation of the Green Dam Youth Escort, so it is misleading to say the government compels PC users to use the software … The government's role is limited to having the software developed and providing it free."

Chinese language media have yet to make similar reports. In any case, netizens will take a lot of persuading. A survey last week by China's largest portal Sina found more than 80% respondents opposed to Green Dam.

Nominations Open for the Pwnie Awards 2009

http://pwnie-awards.org/2009/

It is time to open the nominations for the Pwnie Awards 2009. We invite all members of the security community to look back at the past year and nominate all great bugs, lame vendors, amazing research and more. The full list of award categories can be found at the nominations page.

The Pwnie Awards ceremony will take place again during the BlackHat USA reception on July 29, 2009. The Pwnie Award organizers thank BlackHat for their generous sponsorship.

Month of Twitter Bugs Coming in July

Via Threat Post -

A security researcher who specializes in browser and Web 2.0 vulnerabilities plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem.

The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff. It will disclose a combination of cross-site scripting (XSS) and cross-site request forgery (CSRF) flaws that put Twitter users at risk of malicious hacker attacks.

Raff writes:

Each day I will publish a new vulnerability in a 3rd party Twitter service on the twitpwn.com web site. As those vulnerabilities can be exploited to create a Twitter worm, I’m going to give the 3rd party service provider and Twitter at-least 24 hours heads-up before I publish the vulnerability.

Raff is hoping to raise awareness for the Twitter API weakness that exposes the popular service to worm attacks if a single third-party Twitter service (like Twitpic) contains a vulnerability.

The [Month of Twitter Bugs] could have been easily converted to any other “Month of Web 2.0 service bugs”, and I hope that Twitter and other Web 2.0 API providers will work closely with their API consumers to develop more secure products.

Raff was among the first group of researchers to launch of a monthly vulnerability release project, partnering with HD Moore and others on the Month of Browser Bugs. Since then, similar projects have targeted security deficiencies in Apple’s Mac OS, the PHP scripting language and ActiveX control issues.

Java for Mac OS X 10.5 Update 4

Java for Mac OS X 10.5 Update 4 delivers improved reliability, security, and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2 on Mac OS X 10.5.7 and later.

This release updates Java SE 6 to version 1.6.0_13, J2SE 5.0 to version 1.5.0_19, and J2SE 1.4.2 to 1.4.2_21.

Please quit all web browsers before installing this update.

For more details on this update, please visit this website :http://support.apple.com/kb/HT3581

US Says N. Korean Nuclear Test Smaller Than First Believed

Via VOA News -

The United States said Monday that a scientific analysis of North Korea's May 25 nuclear test shows it to have had only a fraction of the explosive force first estimated. The U.S. intelligence report came as President Barack Obama prepared for talks Tuesday on the North Korean nuclear program and other issues with South Korean President Lee Myung-bak.

A brief statement from U.S. Director of National Intelligence Dennis Blair said North Korea probably conducted an underground nuclear test on May 25 that had an explosive yield of a few kilotons, the equivalent of a few thousand tons of TNT.

Although it was a sizable explosion, the test was small by nuclear weapon standards and only a fraction of the 10 to 20 kiloton estimate by Russia's Defense Ministry issued a few days after the event.

By contrast, North Korea's first nuclear test, in November 2006, was estimated at just one kiloton and is considered by some experts to have been a partial failure.

Although the statement by the U.S. intelligence chief spoke of a "probable" nuclear test, officials say they do not have serious doubts that the May 25 detonation was nuclear, given the difficulty and cost of simulating a blast of that magnitude with conventional explosives.

The U.N. Security Council voted unanimously last Friday to tighten financial and other sanctions against North Korea because of the test - actions Pyongyang responded to defiantly with vows to build more plutonium bombs and start a new weapons program based on uranium enrichment.

At a news briefing on Monday, State Department Spokesman Ian Kelly called on Pyongyang to end its bellicose threats and return to Chinese-sponsored six-party negotiations on its nuclear program.

"We just passed an extremely tough resolution on Friday that showed incredible unity among the Security Council and with South Korea and Japan," said Ian Kelly. "We're going to be focused on implementing that resolution. And beyond that, North Korea knows what it has to do. North Korea needs to give up all this, all this rhetoric and belligerent actions, and return to the six-party talks unconditionally."

---------------------------------------

This isn't really "new" news...since the size of the blast has been talked about in many groups, but this is confirmation of those low-yield ideas.

Pakistan Army Launches Operation in South Waziristan

Via Yahoo! News (AP) -

Pakistan ordered its army to go after the country's top Taliban commander, a feared militant whose remote stronghold could prove a difficult test for troops but whose demise would be a major blow to the insurgencies here and in Afghanistan.

The announcement Sunday of the operation in South Waziristan, rumored for weeks, came hours after a suspected U.S. missile strike killed five alleged militants there. The move will likely please Washington, which considers the tribal region a particularly troublesome hide-out for al-Qaida and Taliban fighters implicated in attacks on U.S. troops in Afghanistan.

Owais Ghani, the governor of North West Frontier Province, told reporters in Islamabad late Sunday that the government felt it had no choice but to resort to force against Pakistani Taliban chief Baitullah Mehsud and his network. Past army action in the region had usually faltered or ended in truces, strengthening the militants.

"Baitullah Mehsud is the root cause of all evils," Ghani said, noting a slew of suicide bombings that have shaken Pakistan in recent days. "The government has decided that to secure the innocent citizens from terrorists, a meaningful, durable and complete action is to be taken."

[...]

South Waziristan, part of Pakistan's semiautonomous tribal belt, is a rumored hide-out of al-Qaida chief Osama bin Laden. As the military has pursued a separate offensive against Taliban fighters in the northwest's Swat Valley, observers have noted that the Taliban will not be defeated in Pakistan unless they lose their tribal sanctuaries.

The U.S. has frequently targeted South Waziristan with missile strikes. The suspected strike Sunday hit three vehicles and killed five suspected militants. Two Pakistani intelligence officials confirmed the attack on condition of anonymity because they were not authorized to speak to the media.

Neighboring North Waziristan, another militant stronghold and target for U.S. missiles, may also fall under the new Pakistani offensive at some point.

Mehsud is believed to pose a serious internal threat to the Pakistani government, and has been blamed for the killing of former Prime Minister Benazir Bhutto, though he has denied that accusation. The Taliban chief also has been linked to bombings on both sides of the Afghanistan-Pakistan border.

In many ways, a full-scale battle in South Waziristan will be a harder fight than in Swat, where the army claims to have killed hundreds of militants over the past six weeks.

One reason is that the tribal region's porous border with Afghanistan could make it easier for militants to escape to the other side. Because of the tribal belt's semiautonomous nature, the government has long had limited influence, allowing militants to become deeply entrenched.

A new offensive could also mean more displaced civilians in Pakistan, already struggling to deal with more than 2 million who fled their homes in Swat and surrounding districts.

Pakistan's decision comes as public opinion has shifted against the Taliban, who have been blamed or have claimed responsibility for a series of bloody attacks in recent weeks, including one that killed a prominent anti-Taliban cleric and another that devastated a luxury hotel in Peshawar.

BBC Editors to Iran: Stop the Blocking

http://www.bbc.co.uk/blogs/theeditors/2009/06/stop_the_blocking_now.html

BBC audiences in Iran, the Middle East and Europe may be experiencing disruption to their BBC TV or radio services today. That is because there is heavy electronic jamming of one of the satellites the BBC uses in the Middle East to broadcast the BBC Persian TV signal to Iran. Satellite technicians have traced that interference and it is coming from Iran. There has been intermittent interference from Iran since Friday but this is the heaviest yet.

It seems to be part of a pattern of behaviour by the Iranian authorities to limit the reporting of the aftermath of the disputed election. In Tehran John Simpson and his cameraman were briefly arrested after they had filmed the material for this piece.
And at least one news agency in Tehran has come under pressure not to distribute internationally any pictures it might have of demonstrations on the streets in Iran.

However, the availability of witness material from Iran is enabling international news organisations to be able to report the story. Viewers of BBC Persian TV have been in touch (in Farsi) sending videos, stills and providing personal accounts.

It is important that what is happening in Iran is reported to the world, but it is even more vital that citizens in Iran know what is happening. That is the role of the recently launched BBC Persian TV which is fulfilling a crucial role in being a free and impartial
source of information for many Iranians. Any attempt to block this channel is wrong and against international treaties on satellite communication. Whoever is attempting the blocking should stop it now.

Teaching High School Students To Be Intelligence Analysts

Via Sources and Methods -

The Erie City Schools, in cooperation with the Institute Of Intelligence Studies here at Mercyhurst, recently announced that they would begin to offer an intelligence analyst track in one of their high school career academies.

The full news article is here but there is more to this story. This is another one of Bob Heibel's visionary initiatives and it appears to me to be a natural extension of the increasing number of colleges and universities that are offering intelligence courses or even full programs.

While this may sound a bit too visionary for some, let me put it into perspective. We are in the middle of a study that is trying to get at the size, in dollars and people, of the "real" intelligence community. This real community includes all the law enforcement analysts and intelligence professionals in business as well as those in the national security community.

Our initial estimates indicate that there are as many analysts in the US national security community alone as there are petroleum engineers in the entire US (17,000). Our rough estimate suggests that, when you add in all of the law enforcement, competitive intel and other analysts in the business community, the total number of intel analysts in the US doubles. This exceeds the number of chemical engineers (30,000) in the country.

According to the American Institute of Chemical Engineers, the chemical engineering profession, however, has nearly 150 colleges and universities feeding it qualified graduates and STEM programs have become a staple offering in virtually every high school in the country. In contrast, there are only a handful (a growing handful but still a handful...) of colleges and universities offering even introductory intel courses, much less a full four year program.

Nearly 20 years ago, Bob started the Mercyhurt program based on a single insight: If the government can depend on academia to educate its entry level doctors and lawyers, engineers and architects, computer specialists and military officers, why can't it depend on academia to provide entry level education to its intelligence analysts? In this light, extending this vision to the high school level makes it seem less radical -- in fact, it looks downright logical.

T-Mobile USA Issues Security Update

Via Help Net Security -

In light of recent news that T-Mobile USA suffered a security problem, the company released the update below.

Following a recent online posting that someone allegedly accessed T-Mobile servers, the company is conducting a thorough investigation and at this time has found no evidence that customer information, or other company information, has been compromised. Reports to the contrary are inaccurate and should be corrected.

T-Mobile continues to monitor this situation and as a precaution has taken additional measures to further ensure our customers' information and our systems are protected. As is our standard practice, customers can be assured if there is any evidence that customer or system information has been compromised, we would inform those affected as quickly as possible.

Voting Machine Company Agrees to Hand Over Source Code

Via Wired.com (Threat Level) -

Election officials in Washington, DC, are finally going to get source code for voting machines that produced ‘phantom’ votes during the district’s primary election last September.

Sequoia Voting Systems agreed on Friday, after the city threatened a lawsuit, to hand over the proprietary code. Sequoia will also give election officials documentation describing how the source code and machines were created and maintained, according to the Washington Post.

During the city’s primary election last September, Sequoia’s optical-scan machines added about 1,500 ‘phantom’ votes to races on ballots cast in one precinct.

Sequoia blamed the problem on “static discharge” or human error.

The city has been demanding a look at the source code to determine the problem. But Sequoia initially wanted a $20 million bond from officials guaranteeing they wouldn’t disclose information about the system. Sequoia agreed on Friday to provide the source code without a bond, though the city has agreed to keep the company’s trade secrets confidential. The city can, however, publish information about vulnerabilities that its experts uncover in the system.

Sequoia’s machines are used in 17 states and the District of Columbia.

It’s not the first time that Sequoia’s source code has been examined by outsiders. The company was required to give it to California in 2007 for a top-to-bottom review the state conducted of voting machines used in that state.

Last year, a judge also ordered New Jersey election officials to give source code for the state’s AVC Advantage touch-screen machines to Princeton University computer scientist Andrew Appel and others for a lawsuit that challenged the integrity of Sequoia’s paperless touch-screen voting machines. Voting activists had sued the state to decommission the machines. It was believed to be the first time a court sided with plaintiffs against election officials withholding source code. Appel’s team found several vulnerabilities with the system.

In a separate examination of voting results from the Sequoia machines in New Jersey, Appel also found a discrepancy between summary tapes printed from Sequoia machines during the state’s primary election in 2008 and totals that were recorded on the machine’s memory cards. Summary tapes from machines in one district showed a phantom vote for then-presidential-candidate Barack Obama that didn’t appear in the memory card totals.

The Sequoia machines in Union County, New Jersey, also showed that Republican presidential candidates received 61 votes when only 60 ballots had been cast in the Republican primary. About 60 machines showed such discrepancies. When Union County election officials announced that they planned to have Princeton academics examine the machines to determine what went wrong, Sequoia threatened a lawsuit.

Sequoia initially blamed the problem on election officials (.pdf) for pushing the wrong buttons, but later claimed it uncovered a problem in its software that was creating the vote errors and announced that it had fixed the issue.

Photo of the Day - Iran Election Sparks Clashes

(Image credit to BBC and AFP)

News that Iran's President Mahmoud Ahmadinejad has been re-elected has sparked angry clashes on the streets of Tehran.

----------------------

See more over @ the BBC gallery...

North Korea Pushes Forward with Nuclear Weaponization, Despite New Sanctions

Via LATimes.com -

North Korea, calling itself a "proud nuclear power," vowed today to forge ahead with its nuclear program in defiance of the latest United Nations sanctions resolution.

In a statement released by the Foreign Ministry, North Korea said it intended to weaponize its remaining stockpile of plutonium and to pursue uranium enrichment.

Bluster is the stock and trade of the Pyongyang government's propaganda machine, but coming on the heels of an apparently successful nuclear test May 25, the threats are chilling. Weapons analysts believe that North Korea, despite its abject poverty and isolation, has made remarkable technical progress in recent years putting together a workable nuclear weapon.

"Some people do believe that their claims are credible," said Daniel Pinkston, a Seoul-based analyst with the think tank International Crisis Group.

Siegfried Hecker, a former director of the Los Alamos National Laboratory who has toured North Korea's nuclear facilities, wrote in a recent article for Foreign Policy magazine's website that North Korea is "on a well-planned trajectory to enhance its nuclear and missile capabilities."

North Korea's latest rhetoric volley was prompted by the unanimous passage Friday by the 15-member U.N. Security Council of a sanctions package that would allow interdictions of North Korean vessels on the high seas.

"It has become an absolutely impossible option for [North Korea] to even think about giving up its nuclear weapons. It makes no difference . . . whether its nuclear status is recognized or not," North Korea said in the statement.

--------------------------

Read more over at the BBC.

U.S. Firm Says China Stole Software for Green Dam Web-Filter

Via WSJ.com -

A California company alleged that an Internet-filtering program being pushed by the Chinese government contains stolen portions of the company's software.

The company, Solid Oak Software Inc., said it will try to stop PC makers from shipping computers with the software.

Solid Oak said Friday that it found pieces of its CyberSitter filtering software in the Chinese program, including a list of terms to be blocked, instructions for updating the software, and an old news bulletin promoting CyberSitter. Researchers at the University of Michigan who have been studying the Chinese program also said they found components of CyberSitter, including the blacklist of terms.

Jinhui Computer System Engineering Co., the Chinese company that made the filtering software, denied stealing anything. "That's impossible," said Bryan Zhang, Jinhui's founder, in response to Solid Oak's charges.

The allegations come as PC makers such as Dell Inc. and Hewlett-Packard Co. are sorting through a mandate by the Chinese government requiring that all PCs sold in China as of July come with the filtering software. Representatives of the two big U.S. companies said they are working with trade associations to monitor new developments related to the Chinese software.

The Chinese software, whose name translates to "Green Dam-Youth Escort," is intended to help parents block access to pornography and other Internet content inappropriate for children, according to Jinhui. Free speech advocates have been examining the program's code because they are concerned that it also could be used to block political Web sites.

Solid Oak's president, Brian Milburn, said he will seek an injunction preventing U.S. companies from shipping computers with the Chinese software.

Mr. Milburn said Solid Oak received an anonymous email Friday stating that Green Dam may contain parts of his company's code. He said engineers at the 15-person software maker, which is based in Santa Barbara, Calif., spent the morning comparing the two programs. Similarities they found include a list of CyberSitter serial numbers and an update that makes the software compatible with an old version of CyberSitter, he said.

"I am 99.99% certain that if not the entire program at least a good proportion of it is stolen CyberSitter code," says Mr. Milburn.

Mr. Zhang insisted that the software is his company's. "How is it possible that my coding is exactly the same as theirs?" he said. "This is unfair to me. Everyone is taking my software apart now. This is illegal ... I can't answer any more of these pointless questions."

Some lawyers said that because the software will only be sold in China, Solid Oak faces an uphill legal battle, even if it targets U.S. companies.

"It's not a violation of U.S. copyright" law if the computers are only sold in China, said Jonathan Zittrain, a professor at Harvard University Law School. "The question would have to be resolved in a Chinese court under Chinese law."

The requirement for computer makers to ship Green Dam was outlined in a notice that was issued by China's Ministry of Industry and Information Technology on May 19, and reported by The Wall Street Journal last Sunday.

The allegation by Solid Oak could add to the outcry over the lack of transparency in the Chinese government's decision to choose this particular program to implement its filtering requirement.

Within China, which has the most Internet users in the world and is the world's second-largest PC market, criticisms of the requirement have filled online forums for days. Some Internet users have taken to mocking it, by using the term "Youth Escort" to get someone to shut up. They use phrases like "Stop talking like that, or I'll 'youth escort' you!"

Warp-Speed Raindrops

Via ScienceMag.com -

It's a rain race out there. In the meteorological equivalent of breaking the light-speed barrier, new research shows that the smaller droplets in a rainstorm often surpass what appears to be the speed limit for rain. The findings should help scientists devise models that could lead to more accurate weather forecasts.

Common sense dictates that larger raindrops should fall to the ground faster than smaller ones because they weigh more and can better overcome wind resistance. But anecdotal meteorology data have shown that when drops land, smaller ones are sometimes going just as fast as the biggest ones. That irregularity had puzzled scientists for many years; they usually attributed it to instrument problems. But now a team of physicists from Michigan Technological University (MTU) in Houghton and the National University of Mexico in Mexico City has found evidence that the phenomenon is real.

Over several years, the team clocked about 64,000 raindrops falling in Mexico City. The researchers measured their sizes and velocities only in extremely calm conditions, so the wind that often accompanies rain could not skew the data. They found that some drops plummeted faster than the so-called terminal velocity for their size--the speed, based on a well-established scale, at which air resistance counteracts the accelerative force of gravity.

Like the speed of light, the terminal velocity should be an absolute limit. But in a paper in press at Geophysical Research Letters, the team reports many observations of so-called superterminal drops, which form when larger drops collide and break up into bunches of small drops. Those smaller drops can then travel for a time as fast as the larger drops. For example, drops with a diameter of 100 micrometers are supposed to be limited to a terminal velocity of about 30 centimeters per second. But the researchers observed such drops hitting the ground at 3 to 4 meters per second.

"What surprised us was not so much seeing the superterminal drops," says physicist and co-author Raymond Shaw of MTU, "but seeing the deeper, compelling patterns." He explains that as rain falls harder, the fraction of superterminal, or speeding, small drops increases. At the same time, the proportion of the bigger drops decreases. That result, Shaw says, is "consistent with the notion that large drops break up to produce a swarm of speeding satellite droplets."

Shaw says there's a practical side to the research. "Weather forecasting models depend on simplified theories of how raindrops grow, [so] the more we understand about the interactions between drops, ... the more we can improve our ability to predict whether it will rain on tomorrow's picnic."

Environmental physicist Ana Barros of Duke University in Durham, North Carolina, says the paper confirms what she and colleagues have discovered about raindrop velocities in lab experiments. "There is a very large uncertainty about rainfall measurements" from sensors, she says.

Peshawar Pearl Continental Hotel Blast Killed 18

Via WikiNews -

Militants in Pakistan launched a truck bomb attack on the Peshawar Pearl Continental hotel, killing 18 and wounding at least 55. Among the dead were two foreign United Nations officials working for the World Food Programme.

According to the BBC, Fidayeen-e-Islam, a relatively obscure Pakistani militant group, claimed responsibility for the blast. The attack follows a threat from the Taliban made on May 27, warning of "major attacks" in Pakistan.

The bombing occurred despite the property being heavily guarded and secure. The militants gained entrance by overcoming the guards with gunfire, and forcing a bomb-laden truck, containing at least 500 kilograms of explosives, through the gates. Police official Liaqat Ali told the Associated Press that the militants "drove the vehicle inside the hotel gates and blew it up on reaching close to the hotel building."

The bomb caused a 15-foot wide crater, and brought down the west wing of the hotel. An injured guest, Jawad Chaudhry, said, "The floor under my feet shook. I thought the roof was falling on me. I ran out. I saw everybody running in panic. There was blood and pieces of glass everywhere."

The hotel is regularly used by businessmen and diplomats, and is located in a secure area of the city. Neighbours include the Peshawar High Court, Provincial Assembly and the official home of the Commander of the Frontier Corps. The perceived security of the neighbourhood makes it a candidate for the location of a planned United States consulate.

Boy Hit by Pea-Size Meteorite in Essen, Germany

Via SkyNews -

Gerrit Blank was on his way to school when he saw a massive fireball heading straight towards him from the sky.

The white-hot meteorite bounced off the schoolboy's hand and hit the ground so hard it left a foot-long crater in the tarmac - as well as a three-inch scar on his hand.

Gerrit, 14, said: "At first I just saw a large ball of light and then I suddenly felt a pain in my hand.

"Then, a split second after that, there was an enormous bang like a crash of thunder."

"The noise that came after the flash of light was so loud that my ears were ringing for hours afterwards.

"When it hit me it knocked me flying and then was still going fast enough to bury itself in the road."

Scientists are now studying the pea-sized meteorite, which crashed to Earth in Essen in Germany.

Chemical tests on the rock have now proved it is from outer space.

Ansgar Korte, director of Germany's Walter Hohmann Observatory, said: "It's a real meteorite, therefore it is very valuable to collectors and scientists."

Chances of being struck by a meteorite are around one in 100 million.

Mr Korte said: "Most meteorites don't actually make it to ground level because they evaporate in the atmosphere.

"Of those that do get through, about six out of every seven of them land in water."

There is only one other known case of a human being surviving a direct hit from a meteor.

A grapefruit-sized meteor crashed through the roof of a house in Alabama, in the USA, in 1954.

After smashing through the top of the building, it bounced off furniture and then hit a woman who was asleep at the time.

-------------------------------------

Can't say I believe the 30,000MPH claim..hehe

Apple Bitten by iTunes Dacker's DoubleTwist Billboard

Via News.com.au -

Apple has been left red-faced after a billboard promoting hacked iTunes tracks was posted outside one of its flagship stores.

The billboard was promoting DoubleTwist, a software company run by famed hacker Jon Lech Johansen – otherwise known as "DVD Jon".

DoubleTwist removes Apple's copy-protection on tracks sold in its iTunes Music Store, which allows the files to be read by non-Apple devices.

The billboard was posted on the side of a subway exit next to Apple's major San Francisco store. It was intended to coincide with Apple's Worldwide Developer's Conference (WWDC) which took place last week.

But Bay Area Rapid Transport (BART), which owns the billboard space, removed the ad because the black background was "too dark", Mr Johansen claimed on his blog.

"How convenient for Apple that our ad won't be back up in time for Monday's keynote," Mr Johansen said on Twitter.

DoubleTwist changed the ad's colour to white, which was rejected, and then finally posted the billboard with a transparent background, after the WWDC had finished.

"Apple is a major BART advertiser (in the past they’ve plastered entire BART stations with iPod ads)," Mr Johansen wrote on his blog.

"Apple’s WWDC conference ends on Friday. It’s pretty obvious what’s going on here… I’m sure our ad will conveniently be back up after WWDC ends."

The Norwegian whiz-kid first gained notoriety when he cracked the DVD region coding system at age 16. This ultimately allowed consumers to buy and watch DVDs from anywhere in the world, rather than in specific regions decided by manufacturers.

Now 25, Mr Johansen has had several run-ins with Apple over efforts to help consumers "liberate" music from iTunes' copy protection regime with his doubleTwist software.

DoubleTwist received an undisclosed amount of funding from Norway's NorthZone Ventures and Geneva-based Index Ventures, which was an early backer of Skype, Last.fm and MySQL before their eventual sale to larger companies.

Green Dam 3.17 (URL) Remote Buffer Overflow Exploit (XP/SP2)

http://www.milw0rm.com/exploits/8938

"Green Dam" is a software used for monitoring and anti-pornography, popularizing by Chinese government. After July 1st, it will be forced to install on all new Chinese PCs.

Now it already has 50 million copies in China.

In order to monitor the URL that user is exploring, Green Dam injected the browser process. When Green Dam is trying to handle a long URL, a stack overflow will occur in the browser process.

This exploit can be used for exploitation on IE, on those computers installed Green Dam. I used the .net binary to deploy shellcode, for it`s more stable than Heap Spray, and able to bypass DEP and ASLR on Vista.

The exploit page contains a .net control, so it should be published on IIS.
---seer[N.N.U]

http://milw0rm.com/sploits/2009-green-dam.zip

Photo of the Day - Iran Poll Fever

(Image credit to AP and BBC)


"A little girl at the rally held up a potato inscribed "We don't want a potato government".

-----------------------

Check out the other photos @ the BBC Galley - Iran Poll Fever

Massive, Elaborate Tunnel Found At Mexican Border

Via FoxNews (h/t National Terror Alert) -

We got tipped off late Wednesday evening and within a few hours we were on a plane and then on the road arriving in Nogales just as the sun peaked over the Sonoran Desert. Our contacts had told us of an elaborate tunnel, one of the best they've ever found, running 45 feet or so on the Mexican side of the border, then extending another 38 feet into the United States.

The location of the tunnel wasn't hard for us to find, even at such an early hour. On the American side two familiar green and white Customs and Border Protection vans sit about a half block down the street from a hole in the street covered by big metal slabs. Nearby I look through the 4 inch slats in the 16-foot high border fence, I see four truckload's of Mexican Federales guarding a one-story white building.

The Mexican Federal Police tell me in Spanish that the tunnel started in an abandoned white house just a few feet from where we are standing. The tunnel then stretches under the border fence about six feet under ground, headed towards a building that had recently lost its tenant on the U.S. side. It is about three feet high and wide with bricks and boards fortifying the sides and metal bars holding the roof. They tell me I could easily crawl through the tunnel with a back back (I am 6'3") and the tunnel was likely being financed and built by the Gulf Cartel, a dangerous gang of thugs who have been terrorizing much of this area.

By mid morning a construction crew has now arrived as have begun to jackhammer the street in a couple of other locations looking for another possible tunnel. CPB agents tell me they had received intelligence in recent weeks that an elaborate tunnel was being built, but it was actually a neighboring business owner who tipped them off when he heard construction sounds, but saw no work. Agents then went inside the nearby building and found two men digging the exit hole which connected to the tunnel meant to likely smuggle drugs, humans and who knows what else.

The tunnel will soon be filled with cement as agents now tell us they have already found 16 tunnels in the Nogales area since last October, that's already more than double all of last year. As I speak with U.S. agents and Federales in spanish, both concede that the powerful and brutal Gulf Cartel is likely behind the tunnels in hopes of securing a route for drugs and people into the United States.

---------------------------------

Video and images....

Two Japanese Detained in Italy with $138 Billion in U.S. Bonds

Via Japan Today -

Two Japanese nationals were detained by Italian financial police last week after trying to enter Switzerland with $134 billion worth of undeclared U.S. bonds, mostly Treasury bonds, an Italian daily said Wednesday. The Japanese consulate general in Milan confirmed that the detention had taken place and said it was trying to confirm with Italian authorities whether the two were indeed Japanese nationals and their identities.

According to the report in il Giornale, two unidentified Japanese in their 50s concealed the bonds, including 249 U.S. Treasury bonds each worth $500 million, in a suitcase with a false bottom that was searched by the Italian authorities June 3 when they were in Chiasso, at the border with Switzerland, about 50 kilometers north of Milan. The daily did not say on what charges they have been detained, but the two may have been detained on suspicion of attempting to take a large amount of securities out of Italy without declaring it because the paper said they had not declared the bonds.

Iranian Election 2009

Voting polls open in about 30 mins...

http://twitter.com/iran09

New Attack Produces Quicker SHA-1 Collisions

Via H-Online.com (h/t Threatpost) -

Australian researchers have described a new and faster way of provoking collisions of the SHA-1 hash algorithm. With their method, a collision can be found using only 252 attempts. This makes practical attacks feasible and could have an impact on the medium-term use of the algorithm in digital signatures.

SHA-1 is used to verify data authenticity in many applications. To reduce the complexity of the collision process, the researchers combined a boomerang attack with the search for differential paths.

[...]

The search for a successor to SHA-1 began in 2005. Algorithms of the SHA-2 family (SHA-224, SHA-256, SHA-384 and SHA-512) were among the suggestions, but they are essentially based on the same algorithm as SHA-1, only requiring longer hash values. As a result, they are probably vulnerable to the same types of attack.

The US National Institute of Standards and Technology (NIST) therefore launched a competition to develop a new hash algorithm. Submissions for the competition closed on the 31st of October 2008 and 51 contenders from 50 developer teams have been entered. The winning entry will be called SHA-3 and become the official security standard in 2012.

Wireless Power Harvesting for Cell Phones

Via Technology Review (MIT) -

A cell phone that never needs recharging might sound too good to be true, but Nokia says it's developing technology that could draw enough power from ambient radio waves to keep a cell-phone handset topped up.

Ambient electromagnetic radiation--emitted from Wi-Fi transmitters, cell-phone antennas, TV masts, and other sources--could be converted into enough electrical current to keep a battery topped up, says Markku Rouvala, a researcher from the Nokia Research Centre, in Cambridge, U.K.

Rouvala says that his group is working towards a prototype that could harvest up to 50 milliwatts of power--enough to slowly recharge a phone that is switched off. He says current prototypes can harvest 3 to 5 milliwatts.

The Nokia device will work on the same principles as a crystal radio set or radio frequency identification (RFID) tag: by converting electromagnetic waves into an electrical signal. This requires two passive circuits. "Even if you are only getting microwatts, you can still harvest energy, provided your circuit is not using more power than it's receiving," Rouvala says.

To increase the amount of power that can be harvested and the range at which it works, Nokia is focusing on harvesting many different frequencies. "It needs a wideband receiver," says Rouvala, to capture signals from between 500 megahertz and 10 gigahertz--a range that encompasses many different radio communication signals.

Historically, energy-harvesting technologies have only been found in niche markets, powering wireless sensors and RFID tags in particular. If Nokia's claims stand up, then it could push energy harvesting into mainstream consumer devices.

Earlier this year, Joshua Smith at Intel and Alanson Sample at the University of Washington, in Seattle, developed a temperature-and-humidity sensor that draws its power from the signal emitted by a 1.0-megawatt TV antenna 4.1 kilometers away. This only involved generating 60 microwatts, however.

Smith says that 50 milliwatts could require around 1,000 strong signals and that an antenna capable of picking up such a wide range of frequencies would cause efficiency losses along the way.

"To get 50 milliwatts seems like a lot," adds Harry Ostaffe, head of marketing for Pittsburgh-based company Powercast, which sells a system for recharging sensors from about 15 meters away with a dedicated radio signal.

Steve Beeby, an engineer and physicist at the University of Southampton, U.K., who has researched harvesting vibrational energy, adds, "If they can get 50 milliwatts out of ambient RF, that would put me out of business." He says that the potential could be huge because MP3 players typically use only about 100 milliwatts of power and spend most of their time in lower-power mode.

Nokia is being cagey with the details of the project, but Rouvala is confident about its future: "I would say it is possible to put this into a product within three to four years." Ultimately, though, he says that Nokia plans to use the technology in conjunction with other energy-harvesting approaches, such as solar cells embedded into the outer casing of the handset.

China's Compulsory 'Green Dam' Software Opens Computers to Attack

Via BBC -

Every PC in China could be at risk of being taken over by malicious hackers because of flaws in compulsory government software.

The potential faults were brought to light by Chinese computer experts who said the flaw could lead to a "large-scale disaster".

The Chinese government has mandated that all computers in the country must have the screening software installed.

It is intended to filter out offensive material from the net.

The Chinese government said that the Green Dam Youth Escort software, as it is known, was intended to push forward the "healthy development of the internet" and "effectively manage harmful material for the public and prevent it from being spread."

"We found a series of software flaws," explained Isaac Mao, a blogger and social entrepreneur in China, as well as a research fellow at Harvard University's Berkman Center for Internet and Society.

For example, he said, tests had shown that communications between the software and the servers at the company that developed the program were unencrypted.

Mr Mao told BBC News that this could allow hackers to "steal people's private information" or "place malicious script" on computers in the network to "affect [a] large scale disaster."

For example, a hacker could use malicious code to take control of PCs using the software.

"Then you have every computer in China potentially as part of a botnet," Colin Maclay, also of Harvard, told BBC News.

A botnet is the name given to a network of hijacked computers that can then be used to pump out spam or launch concerted attacks on commercial or government websites.

No one from Jinhui Computer System Engineering, the company that developed Green Dam, was available for comment.

The software has also caused a backlash amongst privacy experts, academics and some Chinese citizens. It has also raised the scorn of the blogosphere inside the country who feel the system is no match for tech-savvy teenagers.

One blogger posted a screenshot of the software purportedly blocking an attempt to visit a porn site using Microsoft's Internet Explorer.

But, he said, there was no problem accessing the site using the Firefox web browser.

Others have reported that the system only runs on Microsoft Windows, allowing Mac and Linux users to bypass the software.

It is thought that at least 3m computer users have already downloaded the software, opening them up to potential security problems.

Danger Room What’s Next in National Security Army Orders Bases to Stop Blocking Twitter, Facebook, Flickr

Via Wired.com -

The Army has ordered its network managers to give soldiers access to social media sites like Facebook, Flickr, and Twitter, Danger Room has learned. That move reverses a years-long trend of blocking the web 2.0 locales on military networks.

Army public affairs managers have worked hard to share the service’s stories through social sites like Flickr, Delicious and Vimeo. Links to those sites featured prominently on the Army.mil homepage. The Army carefully nurtured a Facebook group tens of thousands strong, and posted more than 4,100 photos to a Flickr account. Yet the people presumably most interested in these sites — the troops — were prevented from seeing the material. Many Army bases banned access to the social networks.

An operations order from the Army’s 93rd Signal Brigade to all domestic Directors of Information Management, or DOIMs, aims to correct that. Issued on May 18th “for official use only,” the document has not been made public until now.

It is “the intent of senior Army leaders to leverage social media as a medium to allow soldiers to ‘tell the Army story’ and to facilitate the dissemination of strategic, unclassified information,” says the order, obtained by Danger Room. Therefore, “the social media sites available from the Army homepage will be made accessible from all campus area networks. Additionally, all web-based email will be made accessible.”

The operations order (OPORD) doesn’t apply to all GI Bases overseas, or those run by the other armed services, which aren’t affected by the decree. Nor does the order overturn the long-standing, military-wide ban on sites like MySpace, YouTube and Pandora. And it’s almost certain some Army posts that still block the now-approved web 2.0 networks. Still, it’s a click in the right direction for the armed service which seems to be making a slow but steady recovery from its lingering hostility towards social media.

Phrack Magazine - Issue #66

http://www.phrack.org/issues.html?issue=66

Welcome to Phrack, by the community, for the community.

Its with an incredible pleasure that we present you our newly released issue :

Phrack Magazine #66

For this release, we are gracious to be interviewing the PaX Team, whose work has made significant evolutionary and revolutionary advances in security. This is a radical change from the Phrack Prophile in issue #65 where the prophile was about the UNIX terrorist.

Some could easily detect in this shift a certain seek for identity from the Phrack staff. As if the identity of Phrack had to be refined at all.

In the previous prophile, we had interviewed probably the most hated "black hat" hacker, and in the current prophile, the most hated "white hat" hacker. Perceived as such. But the reality is more faded and every hacker has this paradoxical identity where each side of the barrier
suddenly become very familiar to the other. And this is where the great hacker shall remain.

Phrack keeps its identity. A magazine for all hackers, by all hackers.

The Hacker culture.

To the very firsts who don't believe in the virtue of the Underground, I answer:

Kill the underground, you won't kill the Hacker culture.

We are mourning one of the best hackers of recent time today. His spirit and contributions will remain part of the Hacker culture. We dedicate this issue of Phrack to Cliph, who left us really too early this year. Cliph did influence all kernel exploit writers in the last 5+ years with his
advances on exploiting the Linux kernel.

U.S. Concerned with Venezuela's SA-24 Missile Purchase

Via LationAmericanPost.com -

Venezuela's recent purchase of the most lethal shoulder-fired anti-aircraft missiles in the Russian arsenal is sharpening U.S. concerns that parts of President Hugo Chávez's massive weapons buildup could wind up in the hands of terrorists or guerrillas in neighboring Colombia.

Washington's unease is well-founded, U.S. government officials say, because of credible evidence that three top Venezuelan officials offered Colombia's FARC rebels weapons, money and contacts to buy anti-aircraft missiles in 2007.

Such missiles in the hands of the FARC would mark a steep escalation of the 45-year-old conflict in Colombia, where government forces in recent years have deployed a fleet of slow-moving ground-attack warplanes and U.S.-built helicopters to deal devastating blows to rebel jungle camps.

"We are concerned about Venezuelan arms purchases that exceed its needs and are therefore potentially destabilizing," State Department spokeswoman Sara Mangiaracina said. "The Man-Portable Air Defense Systems Venezuela have purchased from Russia are sophisticated weapons systems. It is important that these weapons systems be appropriately controlled to avoid the possibility of diversion."

Financed by high oil prices, Chávez has been on a weapons-buying binge since 2006, purchasing more than $4 billion worth of Russian Sukhoi jets, Mi helicopters and 100,000 Kalashnikov assault rifles for what he says is the professionalization of his 62,000-member armed forces and the defense of his "socialist revolution" from U.S. aggression.

U.S. officials have long voiced concerns about the weapons buildup. "I can't imagine what's going to happen to those 100,000 [Kalashnikovs] and I can't imagine that if it did happen, that it would be good for the hemisphere," then-Secretary of Defense Donald Rumsfeld said in 2005.

But the purchase of the SA-24 man-portable missiles -- the most sophisticated version manufactured in Russia -- spiked U.S. anxiety.

The missile and launcher weigh just 42 pounds, can hit targets flying at up to 19,500 feet, employ a "fire and forget" system that is highly resistant to countermeasures, has night-vision capability and is easy to maintain, U.S. military experts said. Previously, Venezuela only had pedestal-mounted Swedish RBS-70 and French Mistral surface-to-air missiles.

Chávez's press office did not respond to faxed requests for comments.

Until last month, Venezuela's purchase of the SA-24s had been mentioned in public only once and briefly, in a November Russian defense industry report noting "plans" for a sale. One former Bush administration official, who requested anonymity to speak about the sensitive issue, said he recalled reports of missiles in Venezuela, but no confirmation.

But on April 19, during the Venezuelan armed forces' annual parade in Caracas, Chávez made a point of halting the march from the reviewing stand to address a unit of about 50 soldiers carrying missiles on their shoulders.

"We have decided to make this brief halt in the parade to highlight the importance that this new unit has for the sovereignty and defense of the country," he declared, identifying the weapons as SA-24s and boasting about their speed and weight. "We are a peaceful country. The revolution is peaceful . . . We do not want war but we are required to be capable of defending ourselves."

Addressing Chávez, the captain who commanded the unit described it as "part of the process of strengthening and transforming our revolutionary, anti-imperialist and socialist" armed forces.

ATM Malware Makes Withdrawals in Russia

Via McAfee Avert Labs Blog -

We frequently encounter password stealers and backdoors in computers after their owners have browsed unsafe websites or opened unknown email attachments. It is more unusual, however, to see these malware directly implemented in banks’ automated teller machines. In these cases, Trojans have to be installed by people who have physical access to the machines. Data collecting and malware removal would need yet another visit or visits. It should seem obvious that such malware installation requires a high level of “cooperation” from the bank staff.

One of the first attacks occurred in Russia more than one year ago. It was announced in January 2009 when Diebold Inc. released a security fix for its Opteva Windows-based ATMs. At that time, the company said some suspects were apprehended. But it seems the gang was not fully dismantled. In May, we heard of new suspicious files discovered in Eastern European ATM machines. The security firm Trustwave published a study concerning this matter. The software had been updated and new virtual robberies had been launched. On June 3, The Register also raised public awareness by covering the story.

When active, the Trojan intercepts transactions and records them on log files. To control an infected ATM, the attacker uses dedicated credit cards that allow him to activate some administrative rules. Via the ATM’s display, he can select various options from the keypad to display statistics (numbers of transactions, cards, keys), print collected data, force the machine to dispense all its cash, uninstall the malware set, and reboot the ATM. Unfortunately, I was unable to test such malware in a real environment (I do not have a spare ATM lying around), but looking at the samples is very instructive. As in the previous attacks, the vulnerable ATMs are equipped with the Diebold Agilis 91x software, and the attacker can examine the registry to display version and statistics.

[...]

Targeted currencies are the U.S. dollar, Russian ruble (RUR), and the Ukrainian Hryvnia (UAH)

[...]

The attacker can also-–through a password-protected routine–control the currency-dispensing ATM cassette

[...]

We are not aware of any such attacks outside Eastern Europe, but we encourage financial institutions to verify the integrity of their ATM systems. Be proactive!

The known versions of this malware are detected by McAfee VirusScan as PWS-BoldDie. Many generic and unclassified versions can be detected under the name Generic Backdoor!bw.

Gadget Lab Hardware News and Reviews T-Mobile Accidentally Posts Secret iPhone 3G S Specs

Via Wired.com -

Apple has flatly refused to tell anyone just what chips lie inside the iPhone 3G S. In fact, while Apple insists that the “s” in 3G S stands for speed, it could equally well stand for secrecy. But T-Mobile in the Netherlands apparently didn’t get the memo, and has gone ahead and posted the hardware specs on the product page for the new models.

The relevant numbers are 256MB RAM for the OS, double that of the 128MB in the original iPhone, and a 600MHz processor, up from the pedestrian 412MHz of the first two models. The added RAM alone probably makes a huge difference — if you have ever added memory to a Mac you’ll know how much OS X loves it some extra gigs to play around in. And that processor neatly leapfrogs the second-gen iPod Touch’s 532MHz. It also shuts up anyone comparing the iPhone to the Palm Pre, which has the exact same number of megahertz: 600.

Of course, this never really mattered — as soon as the iPhone goes on sale it will be torn apart like a gazelle being set upon my hunger-crazed lions and the innards cast across the floor for all to see. We wonder just how long the T-Mobile site will keep this information up.

Product page [T-Mobile]

A Technical Analysis of the Chinese 'Green Dam Youth-Escort' Censorship Software

Green Dam is the informal name given to the expert system from Jinhui Technologies which blocks pornographic images and other "harmful" information.

Stated features: To protect minors from age 10-16 through the filtering of pornographic and violent images and content.

Latent features: To filter political content? To filter circumvention software (such as Wujie)?

Green Dam controls the time minors spend online, using QQ or MSN, and playing games; by preventing overindulgence of the Internet, Green Dam effectively eliminates Internet addiction.

Following evaluation, three applications, XDaemon.exe, XNet2.exe and gn.exe, can be seen to be protecting one another, preventing each process from being deleted or interrupted, a kind of technique used by malware...

Testing has shown that if any word resembling "Falun Gong" is entered into either Notepad or WordPad, the application will shut down; however, typing the same characters into Paint or MSN Messenger bears no response, illustrating the incompleteness of the the program.

It seems that nearly all text editors on the market (EditPlus, UltraEdit, EmEditor), office software suites (WPS, MS Office), e-mail clients, instant messaging clients and browsers, are being monitored.

The Green Dam censorship/spy software is mandated to be installed on all Chinese personal computers sold as of July 1, 2009.

https://secure.wikileaks.org/wiki/A_technical_analysis_of_the_Chinese_%27Green_Dam_Youth-Escort%27_censorship_software

http://wikileaks.org/wiki/Chinese_Green_Dam_Falun_Gong_related_censorship_keywords%2C_June_2009

US Welcomes 'March 14' Coalition Victory in Lebanon

Via VOA News (h/t @royfire for the reminder) -

Both the White House and State Department congratulated the Lebanese people for carrying out a peaceful election.

A senior official who spoke here on terms of anonymity went further, welcoming what he said was an "unambiguous" victory by the March 14 movement and expressing hope that Hezbollah will accept the results and operate within the political system.

Despite pre-election forecasts that the Hezbollah-led opposition might gain seats, the pro-Western March 14 coalition won 71 of the 128 seats in parliament -- picking up one seat -- while the Syrian- and Iranian-backed opposition alliance led by Hezbollah won 57.

In a written statement, President Barack Obama said the Lebanese people had once more demonstrated to the world their courage and the strength of their commitment to democracy.

State Department Spokesman Ian Kelly called the election a critical step toward Lebanon's rightful achievement of true independence and sovereignty, and said the United States will continue to support a sovereign and independent Lebanon.

"With the voting over, the process of forming a government a developing a government program now begins. That is a process for the Lebanese to carry out in accordance with the election results and without outside interference," he said. "We look forward to working with the next government and hope it will continue along the path toward building a sovereign and stable Lebanon that is committed to peace, including full implementation of all United Nations resolutions," Kelly added.

March 14 coalition leader Saad al-Hariri has said he will invite Hezbollah to form a national unity government, but that he will not give the group enough cabinet posts to give it the veto power it holds in the current government.

The senior State Department official here said Hezbollah had made excessive use of its blocking minority since 2005 to hamstring the government, even on relatively mundane domestic issues.

He said Hezbollah now faces a different reality, with voters having handed the governing coalition a clear majority, although not a landslide victory.

He said the outcome was an affirmation that most Lebanese want to see the state in control of all the country's territory and that it undermines Hezbollah's argument that it should be both a political party and an Iranian-armed militia.

The United States has long listed Hezbollah as a terrorist organization for its role in 1980's attacks on U.S. troops and facilities in Lebanon, and other violent acts.

The senior official said the United States would be "happy" to reconsider its position on Hezbollah -- if it were to lay aside its weapons and become "just a normal political party" in Lebanon.

Photo of the Day - Nasir al-Mulk Mosque in Shiraz, Iran

(Photo credit to wreckah - posted on the Pelican Forums)

-----------------------------

Nasir al-Mulk Mosque (Nasir ol molk) is a traditional mosque in Shiraz, Iran. Located in Goade-e-Araban place near the famous Shah Cheragh mausoleum, it was built during the Qajar era, and is still in use, and is protected by Nasir al Mulk's Endowment Foundation. It was built by the order of Mirza Hasan Ali Nasir al Molk, one of the lords of the Qajar Dynasty, in 1876 and was finished in 1888. The disigners were Mohhammad Hassan-e-Memar and Mohhammad Reza Kashi Paz-e-Shirazi.

Iran's Reformers Tap Energy of Political 'Party'

Via Yahoo! News (AP) -

Persian hip-hop thumps from car speakers and young hipsters - men with spiked hair and women in spike heels - dance in the streets.

It's another night and another campaign rally-turned-party for their unlikely hero: a self-styled reformist from the early years of the Islamic Revolution who is now seen as their best hope to defeat hard-line President Mahmoud Ahmadinejad.

But while Mir Hossein Mousavi generates the noise, passion and electricity in Tehran, Ahmadinejad has the backing of the powerful Islamic establishment and deep support in the countryside, leaving Friday's vote too close to call.

Mousavi would appear to have the momentum, drawing staggering crowds and all-night street bashes. But all that noise, fervor and electricity doesn't necessarily add up to a juggernaut, with critical stakes at play, including possible talks with Washington after a nearly three-decade diplomatic estrangement.

The post-midnight raves in Tehran's leafy suburbs are uncorking passions that seem to have caught even Mousavi by surprise. He stood in awe Monday at one end of a nearly 12-mile human chain of supporters along one of Tehran's main thoroughfares, linked by green ribbons and banners in the symbolic color of his campaign.

What's left in the final days before the vote is a flat-out political end game that's fundamentally rewritten the rules of Iranian campaigns. This time, the attacks have been nastier, the crowds wilder and the media war more acute than any previous presidential race.

[...]

"A month ago, I would have said Ahmadinejad was a sure bet," said political analyst Sharif Emam Jomeh. "There was apathy especially with the youth. But now, until 3 a.m., they are out in numbers and they care ... Below the surface, something was boiling."

At stake is the political identity of Iran's highest elected official - and whether the next president will challenge or reinforce clerical influence on the state.

The non-elected clergy around Supreme Leader Aytollah Ali Khamenei hold most keys to power and dictate major decisions over internal security, justice and foreign relations. There is little real possibility to chip away at their constitutional clout. The presidency is the closest the voters can get to altering the direction of the country.

Mousavi's backers are hungry to recapture the energy and possibilities of a decade ago, when Khatami opened the way for greater freedoms that included liberal media voices and a softer touch with outreach to the West.

Influenza Virus in the Toilet

Via virology.ws -

While perusing the cleaning items at the supermarket last night, I spotted the words ‘Kills Flu Virus’ on a bottle of toilet bowl cleaner. Do toilets play a role in transmission of influenza?

Influenza is an infection of the respiratory tract. The virus enters the tract in aerosols or by contact with saliva or other respiratory secretions from an infected individual. Common toilet use is not a risk factor for transmission of influenza, because there is no evidence that the virus replicates in the human intestine. Some avian H5N1 subtypes appear to be able to multiply outside the respiratory tract in humans, but such infections are rare.

It’s more likely that the ‘Kills Flu Virus’ label is a marketing ploy to sell more toilet cleaner. People are in general afraid of influenza, and may be reassured by the idea of eliminating the virus from all areas of their home. The product website indicates that the toilet bowl cleaner ‘kills’ common cold rhinoviruses. Considering that rhinoviruses do not replicate in the alimentary tract, this activity also appears to be superfluous.

If you look closely at the lower left hand part of the bottle, just above the ingredient list (click image for a larger view) you will see the words “Influenza A2″. This is not correct influenza virus nomenclature so I don’t know exactly what Clorox has in mind. However, I would not be surprised if this were replaced with ’swine flu’ in the near future.

I have no doubt that Clorox Toilet Bowl Cleaner will inactivate influenza virus (viruses cannot be killed, as they are not living). The active ingredient is sodium hypochlorite, commonly known as bleach, a widely used disinfectant. In my laboratory, we keep beakers of 5% sodium hypochlorite in our cell culture hoods for inactivating viruses.

There are certainly other microbes that should be removed from our toilets. Examination of the back of the bottle indicates that the product will inactivate rotavirus, a major cause of gastroenteritis. This makes perfect sense, as rotavirus is present in feces. It is well known that toilet flushing produces aerosols that can spread infectious diseases. In the paper cited below, the authors deliberately contaminated a toilet with enteric bacteria (Serratia marcescens) and a virus (bacteriophage MS2). Serratia and MS2 were detected in the air after the first flush. Subsequent flushing also released microorganisms into the air, although the numbers declined after each flush.

[...]

There is evidence that plumbing was responsible for spread of SARS coronavirus during the 2003 epidemic. In contrast to influenza virus, it is clear that the SARS coronavirus can replicate in the human gastrointestinal tract, and that fecal shedding is a significant mechanism of transmission.

It’s good practice to use bleach-containing cleansers to sanitize toilets, but it is not likely to have an impact on transmission of influenza. Unless you routinely sneeze into the toilet.

Barker, J., & Jones, M. (2005). The potential spread of infection caused by aerosol contamination of surfaces after flushing a domestic toilet Journal of Applied Microbiology, 99 (2), 339-347 DOI: 10.1111/j.1365-2672.2005.02610.x

Eleven Believed Killed in Pearl Continental Hotel Attack

Via Yahoo! News (AP) -

Suicide attackers shot their way past guards and set off a massive blast Tuesday outside a luxury hotel where foreigners and well-to-do Pakistanis mixed, killing at least 11 people and wounding 70, officials said. The bombers struck the Pearl Continental Hotel at about 10 p.m., when nightlife was still in swing. The attack reduced a section of the hotel to concrete rubble and twisted steel and left a huge crater in a parking lot.

The blast came a week after Taliban leaders warned they would carry out major attacks in large cities in retaliation for an army offensive to reclaim the nearby Swat Valley region from the militants. No claim surfaced immediately for the bombing in Peshawar, the northwest's largest city with about 2.2 million people.

[...]

Police official Liaqat Ali said witnesses gave vivid accounts of how the bombers carried out their attack.

Three men in a pickup truck approached the hotel's main gate, opened fire at security guards, drove inside and detonated the bomb close to the building, Ali said. A senior police officer, Shafqatullah Malik, estimated it contained more than half a ton of explosives.

[...]

In Washington, two senior U.S. officials said the State Department had been in negotiations with the hotel's owners to either purchase or sign a long-term lease to the facility to house a new American consulate in Peshawar. The officials said they were not aware of any sign that U.S. interest in the compound had played a role in its being targeted.

The officials spoke on condition of anonymity because the negotiations were not public and had not been completed. They said no immediate decision had been made on whether to go ahead with plans to base the consulate on the hotel grounds.

Lou Fintor, spokesman for the U.S. Embassy in Islamabad, said there were no immediate reports of American casualties.

[...]

The U.N. identified a staff member as among the dead: Aleksandar Vorkapic, 44, an information technology specialist from Belgrade, Serbia, who was part of an emergency team from the office of U.N. High Commissioner for Refugees helping with the crisis.

Peshawar district coordination officer Sahibzada Anis said the blast wounded three others working for the U.N. agency — a Briton, a Somali and a German.

Amjad Jamal, spokesman for the World Food Program in Pakistan, said more than 25 U.N. workers were staying at the hotel. He said all seven WFP workers were safe.

U.N. Secretary-General Ban Ki-moon condemned the "heinous terrorist attack" in "the strongest possible terms," U.N. deputy spokeswoman Marie Okabe said at U.N. headquarters in New York.

"Once again, a dedicated staff member of the United Nations is among the victims of a heinous terrorist attack which no cause can justify," Okabe said.

She said Ban was "saddened by the large numbers of dead and wounded" and extends his condolences to the families of the victims and to the government and people of Pakistan.

Dr. Khizar Hayat at Lady Reading Hospital said the hospital received some 70 wounded people, with at least nine in critical condition.

--------------------------------------


(Photo credit to AFP/Getty Images)

More Details on the Pearl Continental Hotel Blast in Peshawar

Via nowpublic.com

An eyewitness told reporters that the assailants came in two cars. While one of them shot through guard post, the second car followed it. The first car is said to have blown off after entering the hotel. He said that there were four occupants in each car. He also told reporters that the police arrested four people. However, the police is yet to confirm this.

[...]

According to the Police, 500 kg of explosives have been used for the blast. Eyewitnesses claim that the explosion was so powerful that it could he heard 15 km away.However, the casualties are expected to be sizeable considering the intensity of the blast. Further details of casualties are being awaited. There is a thick cloud of smoke billowing out of the hotel building.

Police has cordoned off the area near the hotel. Some 30-40 vehicles parked in the hotel have been destroyed. Some rooms have also been damaged. Electricity has been turned off.

-------------------------------------

According to thenews.com.pk....sources indicate the explosion may have centered at the security guard checkpoint.

T-Mobile Says Network Was Not Hacked or Breached

Via CNET -

A T-Mobile spokesman said on Tuesday that data someone posted to a security e-mail list over the weekend was legitimate T-Mobile data but not customer information, and that the phone company's network was not hacked or breached as the poster claimed.

The statement raises more questions than it answers. If indeed there was no network hack, could there have been an inside leak? Or could it have been something as low-tech as dumpster diving, in which records are obtained from trash bins outside a company's offices?

All T-Mobile would say is that it is investigating how the information was obtained.

On Saturday, someone posted to the Full Disclosure e-mail list claiming to have hacked into T-Mobile's computer network.

"We have everything, their databases, confidential documents, scripts and programs from their servers