Monday, May 31, 2010

A Bill of Privacy Rights for Social Network Users

Via EFF Deeplinks -

Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connections with loved ones, family, friends and colleagues. They have access to extremely sensitive information, including data gathered over time and from many different individuals.

Here at EFF, we've been thinking a lot recently about what specific rights a responsible social network service should provide to its users. Social network services must ensure that users have ongoing privacy and control over personal information stored with the service. Users are not just a commodity, and their rights must be respected. Innovation in social network services is important, but it must remain consistent with, rather than undermine, user privacy and control.

Al-Qaeda's Third In Command Reportedly Killed

Via CNN -

Al Qaeda says its No. 3 man and commander of its operations in Afghanistan has died, according to a group that monitors Islamist websites.

Al Qaeda announced the death of Mustafa Abu Yazid in a message posted on such websites on Monday, the Maryland-based SITE Intelligence Group said. While the message didn't detail the circumstances of Yazid's death, it did say his wife, three of his daughters, a granddaughter and others were killed, according to SITE.

Yazid, an Egyptian national, is believed to be a financial manager for al Qaeda, as well as a co-founder of the terrorist group, according to SITE.

In the past, Yazid has made numerous statements on jihadist websites and in video releases from al Qaeda's media arm, al Sahab.

Most recently, he announced that Al Qaeda took responsibility for a December 30 attack on a base in eastern Afghanistan that killed seven CIA officers and consultants and a Jordanian army captain. He said the attack avenged the death of Baitullah Mehsud, leader of the Taliban in Pakistan who was killed in a missile strike last August, and al Qaeda operatives Saleh al-Somali and Abdullah al-Libi.


According to MSNBC....
One senior U.S. official speaking on condition of anonymity told NBC News that Saeed was killed in an attack by a missile-carrying Predator drone aircraft. The strike was said to have happened last week.

"In some respects, Sheik Saeed's death is more important for al-Qaida operations than if bin Laden or Zawahiri was killed," said Roger Cressey, former deputy chief for counterterrorism at the National Security Council and now an NBC News consultant. "Any al-Qaida operation of any consequence would run through him."

For a dossier on the life of Shaykh Mustafa Abu al-Yazid -

Sunday, May 30, 2010

“Dr. Death” – Head of South Africa’s Biological and Chemical Weapons Program

Via FAS Biosecurity Blog -

The South African chemical and biological warfare program, called “Project Coast,” was established in 1981 under the apartheid regime, violating the Biological Toxins and Weapons Convention of 1972. The project’s researchers studied Bacillus anthracis (anthrax), Vibrio colerae (cholera), salmonella and Botulinum toxin, in addition to a variety of chemical agents, such as MDMA (ecstasy), PCP, muscle relaxants and nerve agents. Unlike the chemical agents, the biological agents were not produced on a large scale and were neither weaponized nor meant for combat. Instead, the program focused on using biological agents for assassination of those who challenged the government. The agents produced were used by the South African Defense Force and police. The secretive Project Coast had no civilian and extremely limited military oversight. Only the former head of Project Coast, Dr. Wouter Basson, knew the agents being studied, how they were used and how much they cost. Dr. Basson was nicknamed “Dr. Death,” and allegedly arranged the killing of many political dissidents. In one case, he arranged for the South West African People’s Organization’s (SWAPO) water supply to be contaminated with V colerae, killing 200 people. Court testimonies indicate that Dr. Basson directed work on contraceptives, with the intent to deliver them to unknowing individuals. Project Coast ended in 1993 due to diplomatic pressure from the United States and the United Kingdom.

The South African Truth and Reconciliation Commission’s investigation of Project Coast in 1998, alongside Dr. Basson’s separate criminal trial, shed light on Dr. Basson’s covert activities with, and the corrupt nature of this program. Dr. Basson was acquitted on all 64 criminal charges made against him due, in part, to a general amnesty and jurisdictional issues. The charges included several counts of drug trafficking (MDMA), theft, fraud and 12 counts of murder. Dr. Basson is currently a private practice cardiologist in Cape Town, South Africa and is under investigation by the Health Professions Council of South Africa (HPCSA). Dr. Basson claimed the council was biased against him, but South African Pretoria High Court recently found the claim to be unjustified, prompting the continuation of the investigation. If the HPCSA’s investigation concludes that Dr. Basson’s conduct, as director of Project Coast, was unethical, he could lose his license to practice medicine. Pretoria News reports that council’s allegations against him include that his work with Project Coast went beyond defensive measures with the creation of “…cigarettes contaminated with anthrax and milk tainted with botulism,” and that “it was unethical for a medical doctor to be involved in a chemical and biological warfare programme[sic], without the association’s approval.”

The activities of Project Coast remind us that too much secrecy and compartmentalization of activities under one individual without real oversight, can lead to massive corruption and immoral activities. This helps us recognize the importance of transparency and collaboration between government scientific institutions.

Sami Al-Mutairi: Al-Qaida's Mother of All Spy Manuals

Via -

"The spy shall not be concerned about any of his friends. If he knows about the existence of an important target at a certain place and time, and he relays information about this to his commanders who have decided to carry out an attack there - for example to blow up a hotel where the target is lodging - it is to be expected that the spy will be inclined to tell one of his journalist friends to avoid going there. In doing so, he will reveal that the operation is about to occur."

This instruction, actually, has a precedent in the life of the Prophet Mohammed. But Sami al-Matiri, who is known as Abdullah al-Hajj, cites it at length in his instruction manual for people working for Al-Qaida.

Matiri is a Kuwaiti citizen who began his career as a leftist in the movement known as Democratic Center; he later changed his spots and embraced radical Islam. He was convicted of the murder of an American citizen in Kuwait in 2002, and after spending a few years in prison was released and became a prominent Al-Qaida commander in the Arabian Peninsula. According to documents obtained by Haaretz, he is in charge of coordinating Al-Qaida activities in Palestine.

Matiri's instruction manual for intelligence agents is part of a series of documents he has written. These include pointers on explosives, building an organization and recruiting agents. There are also explanations about Islam's enemies.

In his writings, Matiri comes across as someone who knows what he is talking about. He cites studies and conclusions from the experiences of other intelligence agencies, and he discusses methods used by Al-Qaida.

Thus, for example, in the chapter on codes, Matiri says the code word for Al-Qaida's retreat from Kandahar, Afghanistan, in 2001 was an expression in colloquial Egyptian Arabic meaning "to assemble the public." This was a mistake, writes Matiri, because Western intelligence services have many people who know various languages and dialects, including Egyptian, Yemenite and Iraqi. In the event, the convoy from Kandahar was exposed and bombarded.

He also tells about a far more successful experience. Ramzi Binalshibh, who helped coordinate the 2001 attacks on New York and Washington, and Mohamed Atta, who was responsible for the whole operation, had a close relationship. They understood each other by the merest hint. The two conversed in German via a chat program on the Internet; the conversation is quoted in full in the instruction manual.


Matiri covers a variety of topics in the 42 pages of his instruction manual, among them advice on how the religious spy can get out of uncomfortable situations. He suggests that "Jewish meals" be ordered on airline flights - kosher meals that do not contain pork. They are marked with the letters U or K.


One of the most difficult issues is collecting the names and job descriptions of the enemy's intelligence officers. To overcome this problem, Matiri suggests that spies join human rights organizations and even establish such groups to gather testimonies from people who have been interrogated or tortured by enemy intelligence officers. They should be asked to give the names of these officers, so the spy can build up his file.

As an example of a successful operation, Matiri discusses the activities of a certain spy who gained the trust of the Arab Commission for Human Rights in Paris. He learned its ways and established a branch in a country where he hoped to gather intelligence.


Matiri also suggests establishing an academy at which people from radical organizations would study espionage work and learn how to use the intelligence operative's "tools." He cites the Mossad, where he says veteran spies teach young spies how to operate. In his opinion, this should be the working method for radical organizations.

Saturday, May 29, 2010

Blizzard Boss: DRM is a Waste of Time

Via -

Blizzard founder, Frank Pearce reckons that fighting piracy with DRM is a losing battle.

His company - which is responsible for the biggest videogame of all time, the worryingly-addictive online fantasy role player World of Warcraft - is to release Starcraft 2 on July 27th and Pearce has told Videogamer that the title won't be hobbled with the kind of crazy copy protection schemes which have made Ubisoft very unpopular in gaming circles of late.

Starcraft 2 will require a single online activation using the company's servers, after which players will be allowed to play the single-player game to their hearts' content, without being forced to have a persistent Internet connection.


The Blizzard boss is resigned to the fact that, how ever many people and man-hours you throw at anti-piracy measures, it can never be enough. "If you start talking about DRM and different technologies to try to manage it, it's really a losing battle for us, because the [cracking] community is always so much larger, and the number of people out there that want to try to counteract that technology, whether it's because they want to pirate the game or just because it's a curiosity for them, is much larger than our development teams."

And the pragmatic game designer's final words on the matter is a mantra which many other game houses would do well to adopt: "We need our development teams focused on content and cool features, not anti-piracy technology."

Mexico Offers Rewards for 33 Drug Gang Suspects

Via (AP) -

Mexico's government unveiled a list of 33 wanted drug suspects Friday, including three men allegedly tied to a cartel responsible for much of the bloodshed in the northern border city of Ciudad Juarez.

The Attorney General's Office did not specify the criminal bands affiliated with each suspect.

However, a security official in the northern state of Chihuahua, where Ciudad Juarez is located, said the three at the top of the list belong to La Linea, a gang tied to the Juarez cartel. Rewards of $1.1 million (15 million pesos) were offered for each.

One of the three, Juan Pablo Ledezma, is believed to be the head of La Linea, said the official, who is with the joint army and police operation in charge of security in Chihuahua. He agreed to discuss the list only on condition of not being quoted by name, because he was not authorized to speak publicly about the matter.

A turf battle between the Juarez and Sinaloa drug cartels has turned Ciudad Juarez into one of the world's deadliest cities. More than 4,300 people have been killed over the past three years in the city, which lies across the border from El Paso, Texas.


The Attorney General's Office offered rewards of $387,000 (5 million pesos) each for five other suspects on the list. The other 25 had $232,000 (3 million peso) bounties on their heads.

Officials at the Attorney General's Office did not responded to requests for more information on the suspects.

Last year, the government issued a list of its most-wanted drug traffickers. It offered rewards of $2 million for the leaders of Mexico's six major cartels and $1 million for their lieutenants.

Ledezma also appeared on last year's list, described as a lieutenant of the Juarez cartel. It was unclear if the Attorney General's Office is offering an additional $1 million reward for Ledezma because of his inclusion in both lists.

Several kingpins named on the list released last year have been caught or killed, including Arturo Beltran Leyva, who died in a gunbattle with marines in December.


Authorities have not said whether rewards were given for any of the drug lords captured or killed.

Robbers Use Tea to Sell $5.5 Million From Iraqi Bank

Via CNN -

Robbers stole $5.5 million from a southern Iraqi state bank after giving guards tea laced with a sleeping drug, the Interior Ministry said on Saturday.

No shots were fired during the incident Friday at a bank near Najaf, the Interior Ministry said. The money is the equivalent of 6.5 billion Iraqi dinars.

In recent months, there has been a spike of similar incidents and authorities believe that insurgents were behind them to fund their military operations

Earlier this week, 15 people died in southwestern Baghdad after a brazen series of jewelry store heists on Tuesday in which bandits made off with gold and money.

In this latest incident, robbers had an associate among the bank's guard force give drugged tea to the guards, officials said.
After the guards passed out, the robbers entered the bank and made off with the money.

Two people were arrested, but police were not able to recover any of the money. The Interior Ministry said it appears the two are poor people trying to make money and are not part of a terrorist organization.

Members of the bank's guard force are being investigated, the Interior Ministry said.

Russia Assists US in Hunt for Osama Bin Laden

Via -

Moscow is assisting the US in the search for Al-Qaeda head, Osama Bin Laden, and wants Washington’s help against Russia's most-wanted terrorist, Chechen militant Doku Umarov, a senior Russian official has said.

“I definitely know that we assisted and continue to provide concrete assistance in the search for and capture of Osama Bin Laden. Specifically in the search,” special presidential representative for international cooperation in the fight against terrorism and transnational organized crime Anatoly Safonov told Itar-Tass. No further details, however, were disclosed.

As for the assistance from the American side, Safonov said that the US had several times informed Moscow about terrorist acts planned on Russian soil. “That is a reality, which is not one-time and fragmentary. It is developing into an ongoing practice,” he said.

Safonov is currently in Washington co-chairing a meeting of the Russia-US working group on fighting terrorism.

Friday, May 28, 2010

North Korea 'is Exporting Nuclear Technology'

Via -

International efforts to avert a full-blown crisis on the Korean peninsula were given greater urgency today after a leaked UN report claimed that North Korea is defying UN sanctions and using front companies to export nuclear and missile technology to Iran, Syria and Burma.

The report, by a panel that monitors sanctions imposed after Pyongyang conducted nuclear weapons tests in 2006 and 2009, said the regime was using shell companies and overseas criminal networks to export the technology.

The revelations came just hours before the Chinese premier, Wen Jiabao, arrived in South Korea for a three-day visit certain to be dominated by mounting tensions between Seoul and Pyongyang.

At a meeting today, Wen told the South Korean president Lee Myung-bak that China would not "harbour" anyone over the sinking of a South Korean warship in March, in which 46 soldiers died.

But he added that China has not yet concluded that North Korea was responsible. Pyongyang has denied involvement

According to a South Korean official, Wen said: "China objects to and condemns any act that destroys the peace and stability of the Korean peninsula."

China, the North's closest ally and main benefactor, has so far refused to condemn the Pyongyang regime after a multinational investigation concluded that a North Korean torpedo sank the Cheonan.


The sanctions report, leaked to journalists in New York, said UN bans on nuclear and ballistic missile technology, and on all arms exports and most imports, were having an effect. But it conceded the North had found ways to circumvent sanctions using companies and individuals who are not subject to asset freezes and travel bans.

The 47-page report contains a long list of sanctions violations reported by UN member states, including four cases of arms exports.

Pyongyang, the panel said, had used "a number of masking techniques," including falsely labelling the contents of shipping containers and giving inaccurate information about their origin and destination.

North Korea was using "multiple layers of intermediaries, shell companies and financial institutions" to get around sanctions, it added.

An unnamed western diplomat based at the UN said: "The details in the report are not entirely surprising. Basically it suggests that North Korea has exported nuclear and missile technology with the aid of front companies, middlemen and other ruses."

The report said the regime had tried to conceal arms exports by sending items in kit form to be built at their destination, and called on recipient countries of North Korean cargo to act with "extra vigilance".

Pyongyang is also suspected of using overseas criminal groups to transport and distribute "illicit and smuggled cargoes", possibly including parts for weapons of mass destruction.

Thursday, May 27, 2010

Air Force 'Hypersonic' Jet Sets New Speed Records

Via -

An experimental aircraft has set a record for hypersonic flight.

The Air Force says the X-51A Waverider flew at six times the speed of sound for more than 3 minutes yesterday morning after being released from a B-52 off the southern California coast.

Its scramjet engine accelerated the vehicle to Mach 6, and it flew autonomously for 200 seconds before losing acceleration. At that point the test was terminated.

The Air Force says the previous record for a hypersonic scramjet burn was 12 seconds.

Charlie Brink, an X-51A program manager with the Air Force Research Laboratory at Wright-Patterson Air Force Base, Ohio, says researchers equate the leap in engine technology "as equivalent to the post-World War II jump from propeller-driven aircraft to jet engines."


Boeing X-51

X-51 Scramjet Engine Demonstrator - WaveRider (SED-WR)
An X-51A Waverider flight-test vehicle successfully made the longest supersonic combustion ramjet-powered hypersonic flight May 26 off the southern California Pacific coast. The more than 200 second burn by the X-51's Pratt & Whitney Rocketdyne-built air breathing scramjet engine accelerated the vehicle to Mach 6. The previous longest scramjet burn in a flight test was 12 seconds in a NASA X-43. Air Force officials called the test, the first of four planned, an unqualified success. The flight is considered the first use of a practical hydrocarbon fueled scramjet in flight.

Anti-Clickjacking Defenses 'Busted' In Top Websites

Via -

Turns out the most common defense against clickjacking and other Web framing attacks is easily broken: researchers were able to bypass frame-busting methods used by all of the Alexa Top 500 websites.

The new research from Stanford University and Carnegie Mellon University's Silicon Valley campus found that frame busting, a popular technique that basically stops a website from operating when it's loaded inside a "frame," does not prevent clickjacking. Clickjacking attacks use malicious iFrames inserted into a Web page to hijack a user's Web session.

"There are so many different ways to do frame-busting, and that's a problem with it," says Collin Jackson, one of the lead researchers in the project and assistant research professor at CMU-Silicon Valley. "All it's doing is saying it detects an iframe, refuses the function, and moves the user to a site where it will function again. Our big observation [in the research] is that it's not sufficient to just move a user into a functional [area]."

Jackson says he had suspected that frame-busting was weak since it was mainly an "ad-hoc" solution. "But we didn't know the magnitude of the problem," he says. "We had trouble finding any sites that were secure against all the attacks we identified."


CMU's Jackson and fellow researchers Rydstedt, Elie Bursztein, Dan Boneh -- all from Stanford -- say the best defense today against clickjacking and related attacks is a JavaScript-based defense using frame-busting JavaScript code they wrote and included in their
report, or the NoScript browser plug-in.

The best long-term solution, they say, is to adopt the new X-Frame-Options found in Microsoft's IE 8 and in the latest versions of most browsers. X-Frame-Options, a special HTTP header, was created by Microsoft to stop clickjacking attacks. "The website has to opt in to using the X Frame Options," Jackson says. "Unfortunately, a very small number of websites in our study were using it. But that's not surprising since it's so new."


IE8 Security Part VII: ClickJacking Defenses

Britain Discloses Size of Nuclear Stockpile

Via FAS Strategic Security Blog -

The new British government today followed the French and U.S. examples by disclosing its total military stockpile of nuclear weapons.

Foreign Secretary William Hague
told the House of Commons that “the total number of warheads” in the “overall stockpile” will not exceed 225. Of those, “up to 160” are “operationally available” for deployment on Trident II missiles on British ballistic missile submarines.

The Royal Navy possesses four Vanguard-class nuclear-powered ballistic missile submarines (SSBNs), each of which can carry up to 16 U.S.-supplied Trident II long-range ballistic missiles. Each missile is thought to carry up to three UK-produced warheads
closely resembling the U.S. 100-kt W76 warhead.

Whereas the United States declassified its entire stockpile history, the British government has only disclosed the current size of its stockpile, and only in the somewhat cryptic way: “the overall stockpile…will not exceed 225 warheads.”

That presumably means the stockpile actually contains 225 warheads, not that it might be smaller but “not exceed 225 warheads” even in the future.

That is 25 warheads more than the 200 Robert Norris and I have
estimated in the past.

Wednesday, May 26, 2010

Bulgarian Crime Ring Busted in Las Vegas

Via Las Vegas Journal Review -

Federal authorities allege that two cells of Bulgarian organized criminals defrauded Las Vegas and Phoenix area car dealers out of $1.6 million and stole at least $700,000 from bank ATMs around the valley.

In all, 11 people were charged in three separate indictments unsealed last week in federal court after a two-year FBI investigation that involved the use of court-approved wiretaps. The FBI declined to comment Monday as agents continued to search for some of the defendants.

At a hearing Monday, Assistant U.S. Attorney Kathleen Bliss said the FBI had obtained information from authorities in Bulgaria that one of the alleged ringleaders, 58-year-old Dimitar Dimitrov, was an associate of organized crime figures in that country.

Dimitrov, a U.S. citizen who lives in Las Vegas, was charged in all three indictments, including one that accuses him and his wife, Viarka Dimitrova, of unlawfully obtaining a 9 mm pistol during the criminal investigation.


Another indictment charges Dimitrov and five other men with conspiracy, wire fraud and transportation of stolen property in a scheme to unlawfully acquire vehicles from car dealers and ship them coast to coast and to Eastern Europe. The others named in the indictment are Dragomir Taskov, Boyan Gueorguiev, Rossen Daskalov, Yuliyan Milushe and Nikolay Mladenov.

The ring would send in straw buyers claiming to be employed by phony companies at lucrative salaries in an effort to obtain financing for the vehicles, the indictment charges.

The buyers sought to take possession of the cars before the dealers and their loan companies had fully verified the financial information.


In another indictment, Dimitrov and four other men are charged with trafficking in counterfeit access devices and aggravated identity theft in a scheme in spring 2009 to steal bank account numbers and PIN numbers from customers.

Bliss said in court that the defendants would then unlawfully withdraw at least $700,000 from ATMs with that information.

The four others named in the indictment are Angel Iordanov, Danail Tchanev, Brian Johnson and Stefan Georgiev.

The ring stole the information with the help of a scanning device or a small camera secretly installed at an ATM, where customers withdraw money, the indictment alleges.

After obtaining the bank information, ring members allegedly encoded it onto a blank plastic card with a magnetic strip, allowing them to withdraw the cash from the ATMs.

Scientist Claims to Be 'Infected' with Computer Virus

Via -

A British scientist claims to be the first human to have been infected with a computer virus after he contaminated an electronic chip which was inserted into his hand.

Dr Mark Gasson, of the University of Reading, said the device was programmed with a virus which could transfer itself to other electronic systems it came in contact with.

Any other chips that interacted with the infected systems would also contract the virus, he said, raising the possibility that in the future, advanced medical devices such as pacemakers could become vulnerable to cyber attacks.


Personally I wanna see more details on the 'virus' in his RFID chip...

Tuesday, May 25, 2010

Botnet Rentals Cheap for Less-Skilled Individuals

Via ZDNet UK -

Botnets are available for hire for as little as $8.94 per hour, emphasising how little financial muscle or technical expertise is needed to carry out attacks, according to VeriSign iDefense.

The cybersecurity intellgence arm of VeriSign said on Monday that it carried out an online investigation into 25 botnet operators in February, targeting botnet services advertised on three web forums. The study found that hourly botnet rental pricing started at $8.94 (£6.04), while the average price for a 24-hour rental — the sample mean of the highest and lowest advertised prices — was $67.20.

The services advertised a number of attack vectors, including ICMP, SYN, UDP, HTTP, HTTPS and Data. The botnet operators plied their wares via the same techniques as legitimate businesses, such as via forums and banner ads. One botnet operator offered a pricing structure for the takedown of sites that had anti-attack measures installed.

While those masterminding criminal operations involving botnets have in the past often been technical experts, the trend is towards the hiring of botnet services by less-skilled individuals, according to VeriSign. This allows a wider range of cybercriminals to launch attacks designed to shut down a targeted company's systems or to spread malicious software, it noted.

"While these attacks are becoming increasingly sophisticated, the criminals targeting your business may not be," said VeriSign iDefense director of intelligence Rick Howard in a statement.

That trend surfaced in March with the arrest of three men accused of operating the massive Mariposa botnet. Unlike many underground hackers, the alleged ringleaders of the operation were not skilled programmers, but had contacts who were, authorities said.

The Mariposa botnet, believed to have been composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1000 companies and more than 40 banks.


The world's largest botnet, Zeus, had its traffic disrupted by repeated disconnections of a Kazakhstani ISP in March, but a series of reconnections revived its activity, security researchers have said. The botnet mainly pushes out the Zeus banking Trojan, an information-stealing keylogger that relays sensitive data back to its controllers.

Xtreme Burger Eating @ Five Guys

Last Friday started out like many before - work, then drinks with friends later in the evening....except this Friday was a little different.

One of my friends was on a mission. A mission to eat a Bacon Cheeseburger @ Five Guys.

That isn't extreme!?

True, but when you replace the standard bun for two Bacon Grilled Cheese become something else entirely.

Now comes the math...

Bacon Cheeseburger = 920 calories
Two Grilled Cheese Sandwiches = 470 x 2 = 940 calories
Two Sides of Bacon (for the Grilled Cheeses) = 80 x 2 = 160 calories
Total = 2,020 calories (128 grams of Fat)

Luckily my friend skipped on the fries....

Check out the CSPI's 2010 Xtreme Eating Awards for other tasty things that you most likely should never eat.

US Cyber Command Fact Sheet

Via -

The US Department of Defense has published its official version of what US Cyber Command is and what it does [doc, via DoD Cyber Security page]

DARPA Looks for Stealthier Internet Access

Via -

The Defense Advanced Research Projects Agency is seeking technologies to enable safe and anonymous access to the Internet by the military.

In particular, DARPA is interested in technologies that “allow anonymous Internet communications to bypass techniques that suppress, localize and/or corrupt information.”

The technologies the Defense Department is interested in circumventing include IP-address filtering or "blocking," which can deny user access; Domain Naming Service hijacking, which redirects a user to a different Web site or service from what the user intended; and content filtering, which captures and analyzes the content of the user's network traffic through deep packet inspection.

The Safer Warfighter Communications (SAFER) program (DARPA-BAA-10-69) covers applications such as instant messaging, electronic mail, social networking, streaming video, voice over IP and video conferencing. DARPA’s particular technical areas of interest include measurement, circumvention and testbed and evaluation support.

Tabnabbing: New Tabbed Browsing Phishing Attack Exploits User Trust

Aza Raskin, Creative Lead for Firefox @ Mozilla, has outlined a new type of phishing attack that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in a tab to change the content of that tab after a period of inactivity. This "behind your back" switch could trick a user into giving up important information to a malicious site.

Some media outlets has reported this to be a "cross-tab manipulation type attack", but in reality the "malicious" tab is only changing itself after a period of inactivity....thus it *is not* changing a completely different tab. This is a very important distinction.

Users that commonly open a large number of tabs could easily lose track of where that "Gmail" tab was...and thus fall victim to this type of attack.

Moral of the Story: Watch your tabs and always check URLs

Hat-tip to


Original Researcher's Blog

Video Demo of the Attack

Monday, May 24, 2010

Nominations for Pwnie Awards 2010

  • Best Server-Side Bug
  • Best Client-Side Bug
  • Mass 0wnage
  • Most Innovative Research
  • Lamest Vendor Response
  • Most Overhyped Bug
  • Best Song
  • Most Epic FAIL
  • Lifetime Achievement Award

All vulnerabilities and research published between July 1, 2009 and June 30, 2010 are eligable. The call for nominations will close on Wed, July 15.


Jul 15 : nominations deadline
Jul 21 : nominees announced

Pentagon and U.N. Chief Put New Pressure on North Korea

Via NYTimes -

Pressure on North Korea over the sinking of a South Korean warship intensified Monday as the United States announced it would conduct joint naval exercises with South Korea and the top United Nations official said the Security Council would need to take some action against the North.

A Defense Department spokesman in Washington, Bryan Whitman, said the naval exercises would be conducted “in the near future” and would be aimed at improving the ability of South Korea and the United States to detect enemy submarines and halt banned shipments of nuclear materials. The announcement was the Pentagon’s first concrete response in the escalating tensions between North and South Korea over what South Koreans have called the deliberate sinking by the North of one of their warships two months ago.

At the United Nations, Ban Ki-moon, the secretary general, told a news conference that “there must be some measures taken,” though he stopped short of saying what those measures should be.

“The evidence is quite compelling,” he said. “ There is no controversy. Therefore it is the responsibility of the international community to address this issue properly.”

Mr. Ban, a former foreign minister of South Korea, said that he tried to separate his own personal feelings from his duties as secretary general but that the attack on the ship compelled him to respond.

Hours earlier, the South Korean president, Lee Myung-bak, said that his nation would sever nearly all trade with North Korea, deny North Korean merchant ships use of South Korean sea lanes and ask the United Nations Security Council to punish the North.


According to the BBC, measures announced by South Korea included:
  • Stopping inter-Korean trade
  • Banning North Korean ships from using South Korean waterways or shortcuts
  • Resuming "psychological warfare" - loudspeaker broadcasts, propaganda radio broadcasts and leaflets dropped by balloon
  • Referring the case to the UN Security Council

U.S. Destroyer Shadows Ship Under Pirate Control

Via CNN -

A U.S. destroyer is shadowing a ship off the coast of Somalia after it was taken over by 50 pirates, authorities said.

The M/V Iceberg was identified last week after the USS McFaul conducted a 36-hour surveillance mission, the multi-national Combined Maritime Forces said in a statement. The USS McFaul began shadowing the Panamanian-flagged vessel May 19 before the M/V Iceberg reversed course and began heading toward the Somali coast.

"We cannot be sure what the pirates' plan was if they had not been interrupted," said Rear Adm. Beom Rim Lee, commander of the Combined Maritime Forces task force.

"The vessel may have been on its way to either assist other pirates in distress, or look for another merchant vessel to attack," he said.

The M/V Iceberg was last been seen off the coast of the Somali town of Garacaad, a known pirate haven, but its exact location was unknown until USS McFaul positively identified it. "Further investigation showed the name of the ship had been crudely painted over" in an effort to disguise it, which caused confusion in identifying it, the Combined Maritime Forces statement said.

The USS McFaul had initially requested to board the ship to check on the crew. The M/V Iceberg denied it had been taken over, saying it was having mechanical difficulties. Eventually, crew members radioed back saying they had been taken hostage by heavily armed pirates, officials said.

The M/V Iceberg has a crew of 24 from Yemen, India, Ghana, Sudan, Pakistan and the Philippines, officials said.

Secret US Spaceplane Spotted in Orbit by Hobbyists

Via The Register UK -

Amateur astronomers believe they have located the X-37B US military unmanned spaceplane, which was launched into orbit on a classified mission a month ago.

According to the authoritative skygazers' site Heavens-Above, the X-37B is in an orbit angled up 40 degrees from the Equator, meaning that it passes regularly over all nations between southern Europe and South Africa and corresponding portions of south Asia, Australia, Latin America and much of the USA. The little spaceplane is at a height of approximately 400km above Earth.

The X-37B is operated by the US Air Force and its mission, budget and other particulars are classified, or "black". Nonetheless, various facts about the project are known as it began life as a NASA programme.

The X-37B takes off inside a fairing atop a normal disposable launch stack, in this case an Atlas V from Cape Canaveral a month ago. It is much smaller than a space shuttle, but like the shuttle has delta-shaped wings which should offer similar "cross range" abilities during re-entry - that is the X-37B could potentially make a landing somewhere well off its orbital track.

Another difference from the Shuttle is that the little robot wingship has a deployable solar array rather than fuel cells for electric power generation, and the air force has stated that it can remain in orbit for up to 270 days. The planned duration of the current mission hasn't been revealed.

Then the X-37B also has a powerful thruster and substantial propellant tanks, which indicates that it may be intended to change orbit quickly and/or frequently - it will certainly be no surprise if at some point the sky-watchers lose track of it again.

The US air force has refused to discuss the X-37B's mission in any detail, though spokesmen have emphasised its usefulness as a testbed for developing space technologies and also for trying out rapid-response and quick turnarounds with runway-landing spacecraft. A second X-37B has already been ordered.


Sunday, May 23, 2010

US Actively Seeking American-Born Terrorist Anwar al-Awlaki

Via -

White House spokesman Robert Gibbs says the U.S. government is actively pursuing American-born terrorist Anwar al-Awlaki.

White House Press Secretary Robert Gibbs says the Obama administration is making every effort to track down American-born Anwar al-Awlaki, who is reportedly hiding in a remote mountainous region of Yemen's Shabwa Province.

"We are actively trying to find him and many others throughout the world that seek to do our country, and to do our interests, great harm," Gibbs said.

Al-Awlaki, who is the son of a prominent Yemeni politician, is calling for the killing of American citizens in a new video posted Sunday on the internet. The Yemeni branch of a group that calls itself al-Qaida in the Arabian Peninsula released the video.

Speaking on the CBS television news' "Face the Nation" program, Gibbs says al-Awlaki advocates killing and violence.

"…despite telling the world that he is a cleric, you see on a video tape that he supports al-Qaida's agenda of murder and violence," Gibbs said. "In fact, in recent video tapes, he has said he is a member of al-Qaida in the Arabian peninsula, who has an agenda just like al-Qaida to strike targets in Yemen, throughout the world, including here in the United States."


Al-Awlaki is alleged to have been a mentor of Fort Hood shooter, Major Nidal Malak Hasan, who killed 13 people at the Texas base. He is also alleged to have been in contact with Umar Farouk Abdulmutallab, who tried unsuccessfully to blow up a Detroit-bound airliner on Christmas Day.


The exact relationship between Anwar Al-Awlaki and the AQAP isn't exactly known, but his use in a video released by the group is telling of current (or growing) ties.

MEMRI has the full video with English subtitles....

More info on the video over at The Jawa Report...

The video was produced by the media arm of al-Qaida in the Arabian Peninsula, though the exact nature of al-Awlaki's ties with the group and possible direct role in it are unclear. The U.S. says he is an active participant in the group, though members of his tribe have denied that. [It's called Taqiyya ― Islamic Principle of Lying for the Sake of Allah]

For its part, al-Qaida appears to be trying to make use of his recruiting power by putting him in its videos. Its media arm said Sunday's video was its first interview with the cleric.

Saturday, May 22, 2010

Survey Shows Most Flaws Sold For $5,000 Or Less

Via -

A new survey, which may be the first of its kind, has looked at the relative trustworthiness and responsiveness of the various organizations that buy vulnerabilities and found that TippingPoint's Zero Day Initiative is rated by researchers as the most trustworthy and is the preferred buyer.

The survey, posted by Unsecurity Research, asked researchers who have sold vulnerabilities to the public buyers as well as through private sales to rate the buyers on their trustworthiness, how quickly they paid, how much they paid and several other criteria. ZDI fared the best on trustworthiness, scoring a 3.5 out of 5, barely edging out SecuriTeam, which rated 3.3. However, ZDI also took the longest to actually make an offer to buy a vulnerability and was among the slower groups when it came time to pay.

Among the more interesting data in the survey's results is the amount of money that these organizations, which also include VeriSign's iDefense unit, iSight, Netragard and others. The data shows that across all of the organizations, the vast majority of vulnerabilities, both client-side and server-side, are being sold for less than $5,000.


There is no identifying information posted about the researchers who responded to the survey, which makes it somewhat difficult to gauge the quality of the data. The sample size of the survey also appears to be fairly small, around 30 respondents or so.

Organized vulnerability-purchasing programs such as those run by ZDI, iDefense and others are still relatively new, having popped up in the middle part of the last decade. However, private sales between researchers and vendors or researchers and government agencies have been going on for much longer. Researchers say that those private sales tend to be far more lucrative, but also can be more difficult to negotiate and complete.

Friday, May 21, 2010

Scientists Create Synthetic Organism

Via -

Heralding a potential new era in biology, scientists for the first time have created a synthetic cell, completely controlled by man-made genetic instructions, researchers at the private J. Craig Venter Institute announced Thursday.

"We call it the first synthetic cell," said genomics pioneer Craig Venter, who oversaw the project. "These are very much real cells."

Created at a cost of $40 million, this experimental one-cell organism, which can reproduce, opens the way to the manipulation of life on a previously unattainable scale, several researchers and ethics experts said. Scientists have been altering DNA piecemeal for a generation, producing a menagerie of genetically engineered plants and animals. But the ability to craft an entire organism offers a new power over life, they said.

The development, documented in the peer-reviewed journal Science, may stir anew nagging questions of ethics, law and public safety about artificial life that biomedical experts have been debating for more than a decade.

"This is literally a turning point in the relationship between man and nature," said molecular biologist Richard Ebright at Rutgers University, who wasn't involved in the project. "For the first time, someone has generated an entire artificial cell with predetermined properties."

David Magnus, director of the Stanford University Center for Biomedical Ethics, said, "It has the potential to transform genetic engineering. The research is going to explode."


The new cell, a bacterium, was conceived solely as a demonstration project. But several biologists said they believed that the laboratory technique used to birth it would soon be applied to other strains of bacteria with commercial potential.

"I think this quickly will be applied to all the most important industrial bacteria," said biologist Christopher Voigt at the University of California, San Francisco, who is developing microbes that help make gasoline.

Several companies are already seeking to take advantage of the new field, called synthetic biology, which combines chemistry, computer science, molecular biology, genetics and cell biology to breed industrial life forms that can secrete fuels, vaccines or other commercial products.

Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers

Browse Facebook, and you wouldn't expect Facebook's advertisers to learn who you are. After all, Facebook's privacy policy and blog posts promise not to share user data with advertisers except when users grant specific permission. For example, on April 6, 2010 Facebook's Barry Schnitt promised: "We don't share your information with advertisers unless you tell us to (e.g. to get a sample, hear more, or enter a contest). Any assertion to the contrary is false. Period."

My findings are exactly the contrary: Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user ID. With default privacy settings, the advertiser can then see almost all of a user's activity on Facebook, including name, photos, friends, and more.

In this article, I show examples of Facebook's data leaks. I compare these leaks to Facebook's privacy promises, and I point out that Facebook has been on notice of this problem for at least eight months. I conclude with specific suggestions for Facebook to fix this problem and prevent its reoccurrence.


According to WSJ...

The practice, which most of the companies defended, sent user names or ID numbers tied to personal profiles being viewed when users clicked on ads. After questions were raised by The Wall Street Journal, Facebook and MySpace moved to make changes. By Thursday morning Facebook had rewritten some of the offending computer code.

Advertising companies were given information that could be used to look up individual profiles, which, depending on the site and the information a user has made public, include such things as a person's real name, age, hometown and occupation.

Several large advertising companies identified by the Journal as receiving the data, including Google Inc.'s DoubleClick and Yahoo Inc.'s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven't made use of it.

Thursday, May 20, 2010

Jamaican Imam Said To Inspire Times Square Suspect

Via NPR -

The man accused in the failed Times Square bombing attempt has been talking to authorities for more than two weeks. And one of the things he told them, according to people close to the case, is that he was inspired to act by two Internet clerics — one in Yemen and another in Jamaica.


The first cleric Shahzad cited is a familiar name: Anwar al-Awlaki. He's the American-born imam who has been linked to an al-Qaida group in Yemen — the same imam who allegedly blessed the Fort Hood shootings and the botched Christmas Day bombing attempt of a U.S. airliner by a young man carrying explosives in his underpants.

The other cleric is a less familiar figure.

His name is Abdullah Faisal, a 46-year-old convert to Islam who is from Jamaica.


More information on the CT Blog....
Shaykh Abdullah al-Faisal [is] a Jamaican-born Islamic convert and religious leader now serving a lengthy prison sentence for inciting young Muslims to kill Jews and Hindus. Faisal's indoctrination into fundamentalism took place in Saudi Arabia, where he studied at an Islamic university and became a firm devotee of extreme Salafist clerics in the Kingdom. After completing his studies in Saudi Arabia, Faisal later told UK police that "he was sent to the United Kingdom to preach by Sheikh Rajhi"--an apparent reference to the wealthy and powerful Saudi Al-Rajhi family that has been repeatedly accused of supporting international terrorism. Settling in Brixton, al-Faisal regularly surfaced to deliver sermons to his followers at the local town hall--but also traveled and spoke before other audiences in Manchester, Worthing, Bournemouth, Cardiff, Swansea, and Birmingham.

Russia's Slick Internet Repression Makes China's Look Clumsy By Comparison

Via (Firewall Blog) -

China may be one of the world's most Internet-repressive regimes. But its Great Firewall is a clumsy and ineffective tool compared with the subtle information control techniques developed over the last few years by Russia and many of the former Soviet states.

That's one of the conclusions of Access Controlled, a new book out from the Open Net Initiative, a consortium of academics focused on free speech and government interactions with the Internet. A sequel to Access Denied, the Open Net Initiative's 2008 report on the state of global Internet censorship, one of the book's theses is that government control of the Internet has shifted from directly blocking sites to slicker ways of repressing dissidents online.

Those newer tactics include regulations that subtly induce censorship while seeming to focus on security or crime, timely cyberattacks that mysteriously take down target Web sites at key moments, or drowning dissidents in a sea of online propaganda and astroturf campaigns.

Wednesday, May 19, 2010

South Korea Foreign Minister: North Korea Sank Cheonan Warship

Via Christian Science Monitor -

South Korea's foreign minister bluntly blamed the March sinking of the Cheonan warship and the death of 46 sailors on North Korea Wednesday

“We have the evidence,” Foreign Minister Yu Myung-hwan told the Monitor. Asked how South Korea would respond, Mr. Yu promised “very firm action” but avoided specifics.

Yu's comments came a day before the release of the results of an inquiry into the sinking of the Cheonan. But with Seoul already making it clear that North Korea fired the torpedo that sank the Cheonan the question is: What will the South do about it?

“To release the outcome of the investigation is easy,” says Kim Tae-woo, senior North Korea analyst at the Korea Institute. “What to do after that is the most difficult part.”

Seoul is now likely to seek international action, perhaps by asking for tougher sanctions on North Korea from the United Nations Security Council.

South Korean defense officials are confident they have sufficient evidence to convince skeptics who have accused the government here of rushing to judgment against the North. Defense officials say investigators discovered the propeller blade of a torpedo with a North Korean serial number on it as well as traces of an explosive used in North Korean torpedoes discovered off the west coast seven years ago.

Remote Phone Wiping Thwarts Secret Service

Via -

Smartphones that offer the ability to "remote wipe" are great for when your device goes missing and you want to delete your data so that someone else can't look at it, but not so great for the United States Secret Service (USSS).

The ability to "remote wipe" some smartphones such as BlackBerry and iPhone was causing havoc for law enforcement agencies, according to USSS special agent Andy Kearns, speaking yesterday on mobile phone forensics at the AusCERT 2010 security conference.

The problem is that accomplices can remotely wipe the phones if the agencies don't remember to remove the battery or turn off smartphones before sending them off to the forensics laboratory, he said.

"So if you've got a suspect and you take the cell phone away from him, and he's got somebody on the outside that can help get on the [remote wipe] website to get his phone wiped, all your evidence is gone before you get a chance to examine," he said.

Kearns said he'd never personally faced the situation, but he knew other examiners who had.

"Sometimes you'll get a cellphone that comes in that is wiped, [but] it's not all that common," he said. Agents were trained to incapacitate devices, but Kearns cautioned that not all enforcement agencies had the same knowledge.

"Hopefully our officers are putting the cell phones in a Faraday bag that is shielded, pulling the battery [out] and turning them off [before] getting them into the shielded laboratory."

Facebook Fixes CSRF Vulnerability (Sorta)

Via -

Facebook is fixing a Web programming bug that could have allowed hackers to alter profile pages or make restricted information public.

The flaw was discovered last week and reported to Facebook by M.J. Keith, a senior security analyst with security firm Alert Logic.

The bug has to do with the way that Facebook checked to make sure that browsers connecting with the site were the ones they claimed to be. Facebook's servers use code called a "post_form_id" token to check that the browser trying to do something -- liking a group, for example -- was actually the browser that had logged into the account.

Facebook's servers check this token before making any changes to the user's page, but Keith discovered that when he simply deleted the token from messages, he could change many settings on any Facebook account.


Facebook worked with Alert Logic to fix the bug, known as a cross-site request forgery (CSRF), Facebook spokesman Simon Axten confirmed in an e-mail message. "It's now fixed," he said. "We're not aware of any cases in which it was used maliciously."

But as of late Tuesday afternoon, Pacific time, after Axten sent his e-mail, Facebook had not completely fixed the issue. For testing purposes, Keith created a Web page with an invisible iFrame HTML element that he programmed in Javascript. When the IDG News Service clicked on this page while logged into Facebook, it made the Facebook user automatically "like" several pages with no further interaction.

That's pretty much how an attack would have worked, Keith said. A victim would need to be tricked into clicking on a malicious Web site that contained the Javascript code that exploited the CSRF flaw.

Research: 1.3 Million Malicious Ads Viewed Daily

Via (Zero Day Blog) -

New research released by Dasient indicates that based on their sample, 1.3 million malicious ads are viewed per day, with 59 percent of them representing drive-by downloads, followed by 41 percent of fake security software also known as scareware.

The attack vector, known as malvertising, has been increasingly trending as a tactic of choice for numerous malicious attackers, due to the wide reach of the campaign once they manage to trick a legitimate publisher into accepting it.

More findings from their research:
  • The probability of a user getting infected from a malvertisement is twice as likely on a weekend and the average lifetime of a malvertisement is 7.3 days
  • 97% of Fortune 500 web sites are at a high risk of getting infected with malware due to external partners (such as javascript widget providers, ad networks, and/or packaged software providers)
  • Fortune 500 web sites have such a high risk because 69% of them use external Javascript to render portions of their sites and 64% of them are running outdated web applications
The research’s findings are also backed up by another recently released report by Google’s Security Team, stating that fake AV is accounting for 50 percent of all malware delivered via ads. Hacked, Data Exposed

Via (hat tip -, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forum’s users as well as countless passwords and credit card accounts swiped from unsuspecting victims.

The breach involves at least three separate files being traded on The largest is a database file containing what appear to be all of the communications among nearly 5,000 forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of forum users.

A third file — which includes what appear to be Internet addresses assigned to the various users when those users first signed up as members — also features a breezy explanation of how the forum was compromised. The top portion of this file — which is accompanied by an ASCII art picture of a cat — includes an oblique reference to the party apparently responsible for the site compromise, noting that the file is the inaugural issue of Owned and Exposed, no doubt the first of many such “e-zines” to come from this group.

Ironically, the anonymous authors of the e-zine said they were able to compromise the criminal forum because its operators had been sloppy with security. Specifically, they claimed, the curators of had set insecure filesystem permissions on the Web server, which essentially turned what might have been a minor site break-in into a total database compromise.

Tuesday, May 18, 2010

HTML5 Security in a Nutshell

Lots of people have been asking us for opinions on HTML5 security lately. Chris and I discussed the potential attack vectors with the Veracode research team, most notably Brandon Creighton and Isaac Dawson. Here’s some of what we came up with. Keep in mind that the HTML5 spec and implementations are still evolving, particularly with respect to security concerns, so we shouldn’t assume any of this is set in stone.

Monday, May 17, 2010

Iraq Forces: Al-Qaida Plot on World Cup Uncovered

Via Yahoo! News (AP) -

Iraqi security forces have detained an al-Qaida militant suspected of planning an attack targeting the World Cup in South Africa next month, an official said Monday.

Maj. Gen. Qassim al-Moussawi, a spokesman for Baghdad security services, said Abdullah Azam Saleh al-Qahtani was an officer in the Saudi army. He is suspected of planning a "terrorist act" in South Africa during the World Cup beginning June 11, al-Moussawi told a news conference in Baghdad.

He said al-Qahtani entered Iraq in 2004 and is suspected in several attacks in the capital and elsewhere in the country.

In South Africa, a police spokesman said Iraq has not notified them of the arrest.

"We have not received any official reports from them," Vish Naidoo told The Associated Press. "Whatever arrest they made there, they know, we don't know anything about it."


According to
The arrest of Saudi army officer in Iraq on Monday in connection with an alleged al-Qaeda terror plot to disrupt the FIFA World Cup in South Africa follows a warning by a an expert South Africa last week that al-Qaeda was targeting the football tournament. Professor Hussein Solomon, head of the International Institute for Islamic Studies at Pretoria University, told The Citizen newspaper in Johannesburg on May 13 that he believed Al Qaeda had every intention of committing wholesale slaughter during the World Cup. He said al-Qaeda suspects in many parts of the world had been found to have South African passports. - Facebook Privacy Scanner

This website provides an independent and open tool for scanning your Facebook privacy settings. The source code and its development will always remain open and transparent.
  1. Drag this link to your web browser bookmarks bar: Scan for Privacy
  2. Log in to and then click that bookmark
  3. You will see a series of privacy scans that inspect your privacy settings and warn you about settings that might be unexpectedly public.

Sunday, May 16, 2010

Google to Offer Encrypted Search Next Week

Via -

Google will begin letting users run encrypted searches on its flagship search site starting next week, the company said in a blog post Thursday.

Allowing users to search using https - the web security system which many associate with online banking and shopping — would mark a first for a major search engine, and could begin a move by web services such as social networks to begin offering encryption for more than just log-ins. Such increased adoption would cut down on network eavesdropping and also have the added benefit of preventing some online attacks.

Ironically, the announcement of the upcoming change came in a long blog post explaining that the search company had been “mistakenly” eavesdropping and recording what people were doing on unencrypted wi-fi networks as its Street View cars were taking pictures of cities around the world and recording the IDs of wifi networks and routers. That data is used to help geo-locate people using devices without GPS, but the company has said for years it was not collecting session data.

Google turned on encryption — better known as https:// — as a default for Gmail users earlier this year. That encrypts the data sent between a user’s browser and Google’s servers, making it nearly impossible for someone in the middle to read the contents of that e-mail. When not using SSL, a user of a school or corporate network can have their e-mail and web traffic content read by authorities who control the network, while anyone using an open Wi-Fi connection can have their traffic sniffed by a hacker using simple tools.

Saturday, May 15, 2010

"Useable" CVE Security Vulnerability Data

Welcome to This is an effort to provide an easy to use web interface to CVE vulnerability information. You can browse for vendors, products and versions and view cve security vulnerabilities related to each of them. You can view statistics about vendors, products and individual versions of products.

All data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology except vulnerability type information. Vulnerabilities are classified by using keyword matching and cwe numbers if possible, but they are mostly based on keywords. Please see for more details. All CVSS scores listed on this site are "CVSS Base Scores" provided in NVD feeds. Vulnerability data are updated daily.

Tracking Al-Qaida in Iran

Via Yahoo! News (AP) -

It's one of the enduring mysteries of the war on terrorism: What will become of the al-Qaida leaders and operatives who fled into Iran after 9/11 and have been detained there for years?

Their fate has long been a blindspot for U.S. intelligence. Recently, however, some al-Qaida figures have quietly made their way out of Iran, raising the prospect that the country is loosening its grip on the terror group so it can replenish its ranks, former and current U.S. intelligence officials say.

This movement could indicate that Iran is re-examining its murky relationship with al-Qaida at a time when the U.S. is stepping up drone attacks in Pakistan and weakening the group's leadership. Any influx of manpower could hand al-Qaida a boost in morale and expertise and threaten to disrupt stability in the region.

Details about al-Qaida's movements and U.S. efforts to monitor them were outlined to The Associated Press in more than a dozen interviews with current and former intelligence and counterterrorism officials, most of whom spoke on condition of anonymity because they were not authorized to discuss the matter.

Iran's Shiite regime is generally hostile to the Sunni terrorist group, but they have an occasional relationship of convenience based on their shared enemy, the U.S. It's a relationship that intelligence officials don't fully understand.

U.S. intelligence officials have tried wiretapping and satellite imagery to watch the men. The CIA even established a highly classified program — code-named RIGOR — to study whether it could track and kill terrorists such as al-Qaida in Iran. Results have been mixed. Monitoring and understanding al-Qaida in Iran remains one of the most difficult jobs in U.S. intelligence.

"This has been a dark, a black zone for us," former CIA officer Bruce Riedel said. "What exactly is the level of al-Qaida activity in Iran has always been a mystery."


A major concern among U.S. officials is that this movement foreshadows the release of al-Qaida's "management council," including some of al-Qaida's most dangerous figures.

Most recently, the concern focused on Saif al-Adel, an Egyptian-born confidant of Osama bin Laden who is on the FBI's most wanted list in connection with the 1998 bombings of U.S. embassies in Kenya and Tanzania. In the past year or so, intelligence officials circulated a bulletin saying al-Adel, one of al-Qaida's founding fathers, was traveling to Damascus, Syria. The U.S. is offering a $5 million reward for his capture.

The Damascus connection ultimately was disproved but, underscoring the difficulty of monitoring the men, U.S. intelligence officials are divided on whether Saif has been allowed to travel in the region. The senior counterterrorism official said there's no clear evidence Saif has left Iran.


The roster of al-Qaida figures in Iran is something of a who's who for the terror group. One is Abu Hafs the Mauritanian, a bin Laden adviser who helped form the modern al-Qaida by merging bin Laden's operation with Ayman al-Zawahiri's Islamic Jihad. Al-Qaida's longtime chief financial officer, Abu Saeed al-Masri, has been held there. So have bin Laden's spokesman, Suleiman Abu Ghaith, and Mustafa Hamid, an al-Qaida trainer with a terrorism pedigree that spans decades.

Several members of bin Laden's family also have been under house arrest.

All fled into Iran after al-Qaida's core split up after the U.S.-led invasion of Afghanistan in 2001. Bin Laden led some confidants toward the mountainous border with Pakistan. Al-Adel led others into Iran, which has historically allowed al-Qaida members safe passage through the country.

Iran arrested the men in 2003 and has held them as both a bargaining chip with the U.S. and as a buffer against an al-Qaida attack.

Using spy satellites, the U.S. has monitored vehicles in and out of the compound where the al-Qaida operatives have been held. U.S. officials have gleaned some information about the men through intercepted Iranian phone conversations and e-mails. But generally, the U.S. has only limited information about them.

If Iran were to release any of the major al-Qaida figures, it would be a violation of a United Nations resolution. A senior U.S. counterterrorism official said Iran is well aware of U.S. concerns that they not be released.

Since Saad bin Laden left Iran, other al-Qaida figures have followed, current and former officials say. They are suspected to be taking smuggling routes heading toward Saudi Arabia or the tribal areas of northwest Pakistan. Last fall, top CIA officers received intelligence reports suggesting the release of several al-Qaida members from Iran, according to a former CIA official.

One of the men placed a phone call to a relative in Saudi Arabia. The call was made from Baluchistan, a western Pakistan province bordering both Iran and Afghanistan. It is known as a transit point for al-Qaida operatives.

But even when they have known that al-Qaida had traveled, U.S. officials say they have rarely understood the purpose.

The activity comes as Iran allowed Osama bin Laden's daughter Iman to leave the country in March and settle in Syria. Details are murky.

"Clearly, there's something going on on the Iranian front," said Riedel, the former CIA officer who is now a Brookings Institution scholar.

Some experts believe that anyone from al-Qaida freed to leave Iran must be returning to the battlefield. Others believe that, with al-Qaida families left behind, terrorists may actually be working for Iran, gathering intelligence or passing messages before returning to Iran.

Either way, it's being noticed. Clare Lopez, a former CIA officer and a senior fellow at Center for Security Policy, says it's not a good sign.

"Movement like this doesn't augur well," she said.


In related news, Al Qaeda in Iraq (AQI) recently announced the appointment of Nasser al Din Allah Abu Suleiman as the new 'war minister' of the Islamic State of Iraq (ISI) after the group's top two leaders were killed by Iraqi and US forces one month ago. Little is known about Abu Sulieman.

The Islamic State of Iraq was established in October of 2006 to put an Iraqi face on the foreign-led terror group. Al Qaeda has yet to announce a new leader of the Islamic State of Iraq.

Friday, May 14, 2010

Confessed Spy Convicted of Exporting U.S. Crypto Gear to China

Via (Threat Level) -

A Chinese national was convicted this week of smuggling and other charges over his efforts to acquire sensitive military and NSA-encryption gear from eBay and other internet sources.

Chi Tong Kuok, of Macau, told Defense Department and Customs investigators that he had been “acting at the direction of officials for the People’s Republic of China,” according to a government affidavit in the case. “Kuok indicated he and PRC officials sought the items to figure out ways to listen to or monitor U.S. government and military communications.”

Kuok was arrested at the Atlanta International Airport last year en route from Paris to Panama, where he planned to meet an undercover federal agent he believed was going to provide him with military radios. He was transferred to California and indicted (.pdf) for money laundering, conspiracy, smuggling and one count of attempting to export a defense article without a license. On Tuesday, a jury convicted him on all counts.

The U.S. began investigating Kuok in December 2006, when, using the first of many aliases, the man e-mailed a contact in the defense industry in search of software for a VDC-300 airborne data controller, used for secure satellite communications from American military aircraft.

The contact referred Kuok to an undercover agent in San Diego, who began negotiating with Kuok over a shopping list of military technology that eventually grew to at least 43 different items, ranging from a GPS receiver with anti-spoofing defenses, to the NSA-developed AN/CYZ-10 crypto key management device.

Kuok repeatedly expressed fears that he might be dealing with an NSA, CIA or FBI agent, but continued to negotiate with the undercover officer, even cautioning him to avoid referencing the items by model number in e-mail, because “your country has this system to analyze” e-mail for keywords.

Thursday, May 13, 2010

Cash Couriers Target of Northeast FBI Raids

Via -

Raids by federal agents in Massachusetts, New York and New Jersey on Thursday are focused on a system of "cash couriers" who bring money into the United States from overseas, a source close to the investigation said.

Three people were taken into custody, according to a U.S. official -- two in Massachusetts and a third in Maine. A statement from U.S. Immigration and Customs Enforcement confirmed that three people were taken into custody on alleged immigration violations, but provided no further details.

A second federal law enforcement source said the initial two detained have no direct connection to the Times Square bombing investigation, and their arrests were considered "collateral."

Investigators searched locations in and around Boston, Massachusetts, and in New York and New Jersey, a federal law enforcement source said.

Two locations on Long Island were among the targets of the raids, a federal law enforcement source told CNN. The FBI executed search warrants at both locations in Suffolk County, New York, in eastern Long Island, the source said. Tim Motz, a Suffolk County Police spokesman, said officers from that department were assisting federal agents. No arrests had been made.

Some of the money allegedly ferried by the cash couriers is thought to have been made available to finance operations like the abortive Times Square attack. The source close to the investigation said two individuals have been under surveillance at least since Wednesday, but could not confirm that they were two of the three individuals arrested in the raids.

The source said there is no direct evidence connecting those under surveillance to the Times Square attempted bombing, but they are being investigated for possible links.

"These searches are the product of evidence that has been gathered in the investigation since the attempted Times Square bombing and do not relate to any known immediate threat to the public or active plot against the United States," Attorney General Eric Holder told the House Judiciary Committee on Thursday. "I share that information just to indicate that this is an ongoing investigation and that we are actively pursuing all those who were involved in it."

One of the searches took place in Watertown, Massachusetts, according to a federal law enforcement official. CNN affiliate WCVB-TV reported that two people were taken into custody in Watertown.

Facebook Calls Company-Wide Meeting On Privacy Crisis

Via (Firewall Blog) -

So far, the company line from Facebook during it's current privacy brouhaha has been that all the noise is coming from the media and people who moan about privacy issues for a living – not actual users.

But maybe that's changing.

The AllFacebook blog reports that Facebook will hold a company-wide meeting tomorrow at 4 P.M. PST to discuss privacy issues.

AllFacebook speculates that Facebook will shut down or pause "Instant Personalization," the partnership Facebook announced a couple weeks ago that shares users' data with Yelp, Pandora and

APWG Report Blames 'Avalanche' Group for Most Phishing

Via -

A new report blames a single Eastern European gang for about two-thirds of all phishing attempts conducted in the last half of 2009.

The phishing group -- named Avalanche by security researchers because of the large quantity of attacks it generates -- was blamed for more than 84,000 out of the nearly 127,000 phishing attacks tracked by the Anti-Phishing Working Group (APWG), an organization of companies and law enforcement agencies that tracks phishing activity in its semi-annual reports.


The group has targeted about 40 institutions, including major U.S. and U.K. banks as well as online providers such as Yahoo and Google, said Greg Aaron, director of domain security with Internet infrastructure vendor Afilias, one of the authors of the report. "They were able to ramp up and they became very, very large," he said.

Air Force May Suffer Collateral Damage from PS3 Firmware Update

Via -

When Sony issued a recent PlayStation 3 update removing the device's ability to install alternate operating systems like Linux, it did so to protect copyrighted content—but several research projects suffered collateral damage.

The Air Force is one example. The Air Force Research Laboratory in Rome, New York picked up 336 PS3 systems in 2009 and built itself a 53 teraFLOP processing cluster. Once completed as a proof of concept, Air Force researchers then scaled up by a factor of six and
went in search of 2,200 more consoles (later scaled back to 1,700). The $663,000 contract was awarded on January 6, 2010, to a small company called Fixstars that could provide 1,700 160GB PS3 systems to the government.

Getting that many units was difficult enough that the government required bidders to get a letter from Sony certifying that the units were actually available.


I figure just about anyone running a PS3 cluster is going to have the same problem. Including Dr. Gaurav Khanna's "PS3 Gravity Grid", which he uses for ongoing research projects in physics.

In Oct 2007, Dr. Khanna said the following in a Wired article:
"The interest in the PS3 really was for two main reasons," explains Khanna, an assistant professor at the University of Massachusetts, Dartmouth who specializes in computational astrophysics. "One of those is that Sony did this remarkable thing of making the PS3 an open platform, so you can in fact run Linux on it and it doesn't control what you do."
Sadly, Sony pulled the carpet out from under that

Search Warrants Executed in Times Square Probe

Via -

The FBI says agents have executed search warrants at several locations in the Northeast in connection with the failed Times Square car bombing.

An FBI spokeswoman says the searches were the product of evidence gathered in the investigation and that there is "no known immediate threat to the public or any active plot against the United States."

FBI spokeswoman Gail Marcinkiewicz would not confirm any addresses, but Boston area media reports say one of the raids was in Watertown, a Boston suburb.

She says two people have been taken into custody on alleged immigration violations in connection with the raids.


According to CNN....
A federal law enforcement source says that search warrants are being executed in Boston, New York, and New Jersey.

Wednesday, May 12, 2010

Month of PHP Security (MOPS)

Via H Security -

Information about more than 20 vulnerabilities has been disclosed as part of the "Month of PHP Security" (MOPS) held this May. Eight of the holes are contained in PHP applications, while 12 affect PHP itself. Four articles about PHP security have also been published.

MOPS, which was initiated by PHP security specialist Stefan Esser and is related to the "Month of PHP Bugs" (MOPB) Esser launched in 2007, will offer new information about PHP on a daily basis throughout the month of May. Unlike MOPB, MOPS also offers information provided by the PHP developer community.

The main issues disclosed so far are a code injection hole in Xinha, a WYSIWYG editor that is also part of the Serendipity CMS, and SQL injection holes in the DeluxeBB forum software and in the ClanSphere CMS.

In PHP itself, various functions contain vulnerabilities that, for instance, allow intruders to spy out information or, through uninitialised memory access, execute code. Official patches have so far only been released for some of the applications, rather than for PHP itself. However, the descriptions of the individual vulnerabilities contain information about possible fixes.

Tuesday, May 11, 2010

The Times Square Bomb Plot Videos: a Flashpoint Partners Analysis

Flashpoint Global Partners, a New York-based security consulting firm, has released an exclusive multimedia slideshow tracking the origin and provenance of video recordings produced by Tehrik-e-Taliban Pakistan (the Pakistani Taliban) which appear to claim responsibility for the most recent failed "Times Square" bomb plot in New York. As a result of information documented in the slideshow, Flashpoint Global Partners has reached the following tentative conclusions:
  • The video recordings released by Tehrik-e-Taliban Pakistan (TTP) on May 2, 2010 appear to be legitimate and authentic. Both recordings were apparently produced by the same party, as they carry identical English-language subtitles. Moreover, it is highly unlikely that another party would be capable of producing a fraudulent video of Hakimullah Mehsud, particularly one that clearly matches previous authenticated TTP propaganda material.
  • The video recordings released by Tehrik-e-Taliban Pakistan (TTP) claiming credit for attacks in the United States were originally posted on the Internet via YouTube and the “Ansar al-Mujahideen” English discussion forum.
  • Tehrik-e-Taliban Pakistan (TTP) appears to have had clear foreknowledge that a terrorist attack was to occur in the United States on May 1 or 2. Aside from the recording date given for the Hakimullah Mehsud video, the Taliban YouTube channel itself was first created on April 30 – only hours before the failed execution of the Times Square bomb plot.
  • The same party responsible for creating the English-language subtitles on the TTP videos claiming responsibility for attacks appears to have personally posted these recordings on the Internet, including the Ansar al-Mujahideen English chat forum and the Taliban YouTube channel. The spelling and unusual pattern of capitalization in the English-subtitles match almost exactly the the comments subsequently posted online by users “TalibanNews” and “TehreekeTaliban.”
  • Given the timing of the comments posted on YouTube by “TehreekeTaliban”, it is highly unlikely that the source of the videos was prime suspect Faisal Shahzad. At the time of the last online posting via YouTube—7pm on May 3—Shahzad was already on his way to John F. Kennedy International Airport in New York.