Tuesday, August 31, 2010
Monday, August 30, 2010
Dead UK Codebreaker Was Linked to NSA Intercept Case
Kim Zetter writes on Threat Level:
A top British codebreaker found mysteriously dead last week in his flat had worked with the NSA and British intelligence to intercept e-mail messages that helped convict would-be bombers in the U.K., according to a news report.More here.
Gareth Williams, 31, made repeated visits to the U.S. to meet with the National Security Agency and worked closely with British and U.S. spy agencies to intercept and examine communications that passed between an al Qaeda official in Pakistan and three men who were convicted last year of plotting to bomb transcontinental flights, according to the British paper the Mirror.
Williams, described by those who knew him as a “math genius,” worked for the Government Communications Headquarters (GCHQ) helping to break coded Taliban communications, among other things. He was just completing a year-long stint with MI6, Britain’s secret intelligence service, when his body was found stuffed into a duffel bag in his bathtub. He’d been dead for at least two weeks. His mobile phone and a number of SIM cards were laid out on a table near the body, according to news reports. There were no signs of forced entry to the apartment and no signs of a struggle.
Initial news stories indicated Williams had been stabbed, but police have since disputed that information, noting that — other than being stuffed into a duffel bag — there were no obvious signs of foul play. A toxicology report is expected Tuesday.
Does NSA's Cyber Security Mission Extend to the dot.Com Domain?
William Jackson writes on FCW.com:
The National Security Agency appears to be suffering a case of mission creep.More here.
For years, NSA, the Defense Department’s lead agency for information gathering and protection, has said that it has its hands full with protecting military networks and has no interest in networks outside the .mil domain. The .gov domain is the responsibility of Homeland Security, NSA said, and the .com and other private-sector domains are the responsibility of the private sector, with DHS help.
Of course, NSA would also be willing to lend a hand if needed, but it has no direct responsibility for non-military networks.
These statements have been taken with a grain of salt by many in the security world, especially with the revelation of wholesale illegal wiretaps that were discovered sweeping up traffic from commercial networks during the Bush administration. Now, DOD is admitting the obvious by saying that its interests extend beyond .mil.
Alessandra Ambrosio wallpapers HD
Sunday, August 29, 2010
Pentagon Considers Preemptive Strikes as Part of Cyber-Defense Strategy
Ellen Nakashima writes in The Washington Post:
Note: This is such a bad idea, I can't even muster the words to describe the level ofidiocy poor judgment. -ferg
The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary's computer network overseas - but it is still wrestling with how to pursue the strategy legally.More here.
The department is developing a range of weapons capabilities, including tools that would allow "attack and exploitation of adversary information systems" and that can "deceive, deny, disrupt, degrade and destroy" information and information systems, according to Defense Department budget documents.
But officials are reluctant to use the tools until questions of international law and technical feasibility are resolved, and that has proved to be a major challenge for policymakers. Government lawyers and some officials question whether the Pentagon could take such action without violating international law or other countries' sovereignty.
Some officials and experts say they doubt the technology exists to use such capabilities effectively, and they question the need for such measures when, they say, traditional defensive steps such as updating firewalls, protecting computer ports and changing passwords are not always taken.
Note: This is such a bad idea, I can't even muster the words to describe the level of
Emotional Atyachaar
(Glossary: Atyachar is hindi for “harassment”)
For the uninitiated this is yet another reality show where real-life couples take the help of the crew members of the serial to do a loyalty test on their partners.
Frankly speaking, almost all couples featured are insecure, desperate to get on TV and ultra dramatic. Nevertheless, the loyal viewership that the program boasts of is quite understandable. One, the whole detective angle leading to the climax is outrageously hilarious and two, you are like – thank god I am not stuck with this crazy guy/girl.
A relationship, in which either of the partners feels the need for a fidelity test, is already doomed irrespective of the outcome of the test.
You trust your partner or you don’t – how will your partner’s reaction to a planted bait salvage your already faithless bond?
On TV or offline, I would never do a loyalty check on my partner – Would you?
Thursday, August 26, 2010
U.S. Military Wants to Exert Influence Over Private Cyber Infrastructure
Tim Greene writes on NetworkWorld:
Note: Considering how the U.S. Military can't even protect it's own networks against well-known USB malware, I find this suggestion laughable. - ferg
The U.S. military wants to exert more influence over the protection of power grids, transportation networks and financial network systems, a Pentagon official says in a broad-ranging essay published in Foreign Affairs.More here.
To do so the Pentagon is urging that its defense expertise be put in play beyond the .mil domain to include .gov and .com and wants policy makers to figure out how best to do that.
The reasons are that the military relies on these networks to deal with suppliers and that these networks could become military targets, says William J. Lynn III, undersecretary of defense, in the essay called "Defending a New Domain."
"Protecting those networks and the networks that undergird critical U.S. infrastructure must be part of Washington's national security and homeland defense missions," Lynn says.
Because the military relies on these networks, the expertise it has developed should be made available to them, he says, but he doesn't describe exactly how that would happen in practice.
Note: Considering how the U.S. Military can't even protect it's own networks against well-known USB malware, I find this suggestion laughable. - ferg
Wednesday, August 25, 2010
Charlie Miller: EU Cyber Assault Would Cost €86 Million
Andrew Rettman writes on EUObserver.com:
A malicious foreign power could - given €86 million, 750 people and two years to prepare - launch a devastating cyber attack on the EU, a US security expert has said.More here.
The assault would begin with a member of staff at, say, the London Stock Exchange or the French electricity grid operator, RTE, opening a PDF attachment in an email which looks as if it had been sent by a colleague.
The PDF would contain software enabling a hacker on a different continent to silently take over his computer. Over time, the hacker would monitor the employees' keystrokes, sniff out passwords, and use the information to take over computers higher up the command chain, eventually putting him in a position to switch off the target's firewalls, leaving it open to DOS (Denial of Service) attacks, and to install RATs (Remote Administration Tools), which control its hardware.
Around 18 to 21 months down the line, with enough targets compromised, the assault could take place.
The EU 27 countries would wake up to find electricity power stations shut down; communication by phone and Internet disabled; air, rail and road transport impossible; stock exchanges and day-to-day bank transactions frozen; crucial data in government and financial institutions scrambled and military units at home and abroad cut off from central command or sent fake orders.
Normal life could be restarted in a few days' time. But the damage done to administrative capacity, consumer confidence and the economy by loss of vital data would last years.
New Secrecy Battle: China Bars Banks, Other Companies From Using Foreign Security Technology
An AP newswire article by Joe McDonald, via Canadian Business Online, reports:
China has ordered its banks and other major companies to limit use of foreign computer security technology, setting up a possible trade clash with the United States and Europe while adding to strains over high-tech secrecy as some nations threaten to curtail BlackBerry service.More here.
Beijing's restrictions cite security concerns but are also consistent with its efforts to build up Chinese technology industries by shielding them from competition and pressing global rivals to hand over know-how.
The United States and the European Union have raised questions in the World Trade Organization about the rules. An American industry group is criticizing them as an attempt to shut competitors out of a promising market. Authorities are inspecting companies to enforce the restrictions and some have been told to replace foreign technology.
"These are legitimate security concerns, but the Chinese are going way too far," said Steven Kho, a trade lawyer for law firm Akin Gump in Washington. "You cannot say from the outset, `All foreign products are a security risk.'"
Tuesday, August 24, 2010
U.S. DoD Official Discloses Cyber Attack
Ellen Nakashima writes in The Washington Post:
Now it is official: The most significant breach of U.S. military computers was caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008.More here.
In an article to be published Wednesday discussing the Pentagon's cyberstrategy, Deputy Defense Secretary William J. Lynn III says malicious code placed on the drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military's Central Command.
"That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," he says in the Foreign Affairs article.
"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary."
Lynn's decision to declassify an incident that Defense officials had kept secret reflects the Pentagon's desire to raise congressional and public concern over the threats facing U.S. computer systems, experts said.
Slogan T’s!!!
Now, let me start with a disclaimer - am not much of a fashion whiz and so am hardly ever consciously aware of the latest trends or the outdated fads.
However, I have always had a huge soft corner for smart short T shirts with witty one liners!
While I mostly shy away from wearing something that screams too outrageously wild, here are a few of my all time favorites (I have not necessarily owned all of these) from school and college days:
- Coffee, Chocolate, Men - Some things are best rich!!!
- If I don’t find true love, I will settle for a lot of money!
- I was born this way, what’s your excuse?
When I started working, the T’s in my wardrobe reduced – so forget slogans on T’s! For some strange reason, very recently, I have begun to revive my fetish for these.
Tantra and People Tree are some places in India that I have checked out and find to be quite good!
Here are the few that I now own:
(Before you ask, yes, I wore this one to work already :D)
I hate to say this but there is a much more varied range when it comes to the men’s sizes!
My hubby wears awesome screen printed Ts picked up mostly at rock concerts or Hard Rock Cafés he frequents – Not really slogan T's – but nice!
My bro is also very particular about the kind of Ts he wears – and sometimes I have to really convince him to wear slogan Ts – And come to think of it, half the world proclaims women are finicky about their clothes!!!
Here are a few classics from my bro’s wardrobe:
- This T shirt turns green in the company of morons (It’s obviously a green T :))
- Beer is cheaper than fuel. Drink, Don't Drive.
- You don’t have to be crazy to work here, They'll train you. (He begins his first job soon and I wonder if he will get to wear it to work!)
What are u fav slogans for T’s?
And let me know where you shop for them!
Labels:
clothes,
fashion,
Slogan T Shirts,
T shirts,
things i like,
things I own,
things I wear
Windows DLL Load Hijacking Exploits Go Wild
Gregg Keizer writes on ComputerWorld:
Less than 24 hours after Microsoft said it couldn't patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company's software.More here.
Also on Tuesday, a security firm that's been researching the issue for the past nine months said 41 of Microsoft's own programs can be remotely exploited using DLL load hijacking, and it named two of them.
On Monday, Microsoft confirmed reports of unpatched -- or zero-day -- vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.
Microsoft also declined to reveal whether any of its own applications contain bugs that attackers could exploit, saying only that it is investigating.
Ad Firm Sued for Allegedly Re-Creating Deleted Cookies
Ryan Singel writes on Wired's Epicenter:
Specificmedia, one of the net’s largest ad-serving and tracking companies, has been hit with a federal lawsuit accusing the company of violating computer intrusion laws by secretly re-creating cookies deleted by users.More here.
The lawsuit [.pdf], filed in California’s Central District federal court last Wednesday, is the third such suit filed this month by privacy attorney Joseph Malley. The first “zombie” cookie suit targeted sites ranging from MTV to Scribd that used technology from a company called Quantcast, while the second suit went after Disney and Demand Media for their use of similar tech from Clearspring Technologies.
At issue is the use of Adobe Flash to keep copies of a user’s browser cookies in order to re-spawn cookies after users clear them. The lawsuits allege that the companies did not explain to users how they were using Flash and that using the storage capabilities of Flash for this purpose violates federal privacy and computer security laws.
The practice first came to light a year ago after privacy researchers at Berkeley produced a report showing that 54 of the top 100 websites used Flash cookies, some of which were used to track users, while others simply set the default volume for streaming videos.
Monday, August 23, 2010
Compliment of The Week
I've been told by my contacts in the Russian Underground that at least one person has said "I hate that guy" when referring to me.
That is positive traction in my business.
That is good news.
- ferg
That is positive traction in my business.
That is good news.
- ferg
Former TSA Employee Charged with Stealing Laptop Computers Lost at Newark Airport
Via FBI.gov.
A Bayonne, New Jersey woman surrendered today to face charges that she stole laptops from a Transportation Security Administration (TSA) lost and found facility and made false statements to effectuate her thefts, United States Attorney Paul J. Fishman announced.More here.
Jennifer Steplight, 40, is charged by Complaint with one count of embezzlement by a government employee and one count of false statements, and is scheduled to make an initial appearance this afternoon before United States Magistrate Judge Patty Shwartz in Newark federal court.
Steplight was employed by TSA as a Master Transportation Security Officer-Coordination Center Officer and was responsible for maintaining records for the TSA lost and found facility that services Newark Liberty International Airport. From December 2009 through January 2010, Steplight stole four laptop computers from the lost and found facility and entered false information into TSA claim forms and inventory records to conceal her thefts.
If convicted, Steplight faces a maximum potential penalty of one year in prison and a maximum fine of $100,000 on the embezzlement charge, and a maximum potential penalty of five years in prison and a maximum fine of $250,000 on the false statement charge.
Hacker’s Arrest Offers Glimpse Into Crime in Russia
Andrew E. Kramer writes in The New York Times:
On the Internet, he was known as BadB, a disembodied criminal flitting from one server to another selling stolen credit card numbers despite being pursued by the United States Secret Service.More here.
And in real life, he was nearly as untouchable — because he lived in Russia.
BadB’s real name is Vladislav A. Horohorin, according to a statement released last week by the United States Justice Department, and he was a resident of Moscow before his arrest by the police in France during a trip to that country earlier this month.
He is expected to appear soon before a French court that will decide on his potential extradition to the United States, where Mr. Horohorin could face up to 12 years in prison and a fine of $500,000 if he is convicted on charges of fraud and identity theft. For at least nine months, however, he lived openly in Moscow as one of the world’s most wanted computer criminals.
The seizing of BadB provides a lens onto the shadowy world of Russian hackers, the often well-educated and sometimes darkly ingenious programmers who pose a recognized security threat to online commerce — besides being global spam nuisances — who often seem to operate with relative impunity.
Sunday, August 22, 2010
Nokia Siemens to Defend Iran Spying Claims
Liam Tung writes on SC Magazine Australia:
Nokia Siemens Networks has released a statement claiming that it has been wrongly accused of helping the Iranian government spy on its citizens as it faces new litigation in a US court.More here.
Last week, Iranian journalist, Isa Saharkhiz and his son Mehdi filed proceedings against Nokia Siemens Networks in a US court, alleging human rights abuses by the company for supplying Iran with telecommunications interception technology.
Isa Saharkhiz was arrested after Iran's highly-charged 2009 elections, following government intercepts placed on his mobile phone.
Saharkhiz has reportedly been tortured by Iranian authorities since his arrest.
Lawyers acting for Saharkhiz want Nokia Siemens Networks to cease the "unlawful support of intercepting centres of the Iranian government", hoping the US judicial system will hold the company accountable to its activities in Iran.
WikiLeaks Founder: Pentagon Behind Rape Claim
An AFP newswire article, via The Guardian, reports:
The founder of WikiLeaks, Julian Assange, was himself the subject of a rapidly spreading online story when news cascaded across the internet for several hours at the weekend mistakenly saying he was being sought in Sweden on rape charges.More here.
Before Stockholm's chief prosecutor made clear on Saturday afternoon that Assange was in fact neither charged with rape nor due to be arrested, the story had spread, generating more than 1,200 articles, available through internet news search, that received more than 1m hits.
"It was 7am when a friend who is Swedish and has been out on the net told me about the allegations," Assange told Stockholm daily newspaper Aftonbladet, which has hired him as a columnist : "It was shocking. I have been accused of various things in recent years, but nothing so serious as this."
India: Electronic Voting Researcher Arrested Over Anonymous Source
J. Alex Halderman writes on Freedom to Tinker:
About four months ago, Ed Felten blogged about a research paper in which Hari Prasad, Rop Gonggrijp, and I detailed serious security flaws in India's electronic voting machines. Indian election authorities have repeatedly claimed that the machines are "tamperproof," but we demonstrated important vulnerabilities by studying a machine provided by an anonymous source.More here.
The story took a disturbing turn a little over 24 hours ago, when my coauthor Hari Prasad was arrested by Indian authorities demanding to know the identity of that source.
At 5:30 Saturday morning, about ten police officers arrived at Hari's home in Hyderabad. They questioned him about where he got the machine we studied, and at around 8 a.m. they placed him under arrest and proceeded to drive him to Mumbai, a 14 hour journey.
The police did not state a specific charge at the time of the arrest, but it appears to be a politically motivated attempt to uncover our anonymous source. The arresting officers told Hari that they were under "pressure [from] the top," and that he would be left alone if he would reveal the source's identity.
Saturday, August 21, 2010
$9 Here, 20 Cents There and a Credit Card Lawsuit
Randall Stross writes in The New York Times:
It's easier to steal a million dollars a dollar at a time than a million dollars once. So goes an old saying.More here.
If the allegations in a civil case filed in a federal court in Chicago hold up, you can even haul off $10 million if you stick to $9 here or 20 cents there.
The suit, filed in March by the Federal Trade Commission, contends that over at least four years, scammers placed more than $10 million in bogus charges on consumers’ credit and debit cards. Then, the suit says, they moved the money to bank accounts in Lithuania, Estonia, Latvia, Bulgaria, Cyprus and Kyrgyzstan. The suit was filed in United States District Court for the Northern District of Illinois.
The scammers evaded detection by keeping each charge under $10 and stealing from each cardholder only once, spreading the theft across more than a million cardholders, the suit says.
The identity of defendants has not been discovered; it may have been only a single “John Doe.” All the F.T.C. says it currently knows are the names of shell companies.
“No one has appeared to defend the companies,” said Steven M. Wernikoff, a trade commission staff lawyer overseeing the case.
When the commission filed a motion to seize the United States assets of the companies, less than $100,000 was recovered. It hopes to recover sums transferred abroad, but Mr. Wernikoff says that “it’s going to take some time.”
Friday, August 20, 2010
ICANN Asks Demand Media for Answers After Report
Robert McMillan writes on ComputerWorld:
The group responsible for managing the Internet's domain name system is asking Demand Media's eNom division for answers following complaints from Internet security groups.More here.
ENom, the world's second-largest domain name registrar, came under fire last week in a report from HostExploit, a volunteer-run anti-malware research group. According to HostExploit, eNom is host to an unusually large number of malicious websites and is a preferred domain name registrar for pharmaceutical spammers.
ICANN now says that it is looking into the matter, according to Kurt Pritz, senior vice president of services with the Internet Corporation for Assigned Names and Numbers. Typically, ICANN advises people with information on illegal activity to take their complaints to law enforcement. "However, given the serious nature of some of the allegations made in the HostExploit report, we will ask eNom for their response and will follow up as appropriate," Pritz said in a statement, e-mailed to IDG News Service.
HostExploit says that some eNom resellers are violating ICANN rules by allowing customers to provide false Whois database information, not following ICANN deletion policy and generally not complying with their obligations as resellers.
Thursday, August 19, 2010
Memories on a Filmstrip
I was recently going through a friend’s photo stream with no particular reason or intent. Blame it on my aimless days.
But this “just like that” skimming soon became something more emotional. I found pics that told stories – I felt an uncanny relation to them - not the kind you get when you see a pic of a place you have visited but the kind of emotion you feel when the pics focus on the imagery you associate with the place – the unmistakable similarity in the pathetic fallacy of the images captured.
Well, these pics are of places I had also visited – mostly without that friend. Yet, the photographs spoke volumes of the sentiment akin to what I had felt at that same place, at a different moment in time – So many of those thoughts that had relegated to my memory archives came pounding forth, on hardly any provocation – Memories of what happened, what did not happen, what could have happened, and how life progressed from that point onwards – how life’s branches entwined and separated and moved forward – despairing cobwebs grew and they sometimes were comforting too – years fast forwarded, time stood still.
It is strange how so many a times I read so much into a moment, a picture, a memory – not even captured by me but a high-end camera and a sensitive photographer – a gamut of feelings, warmth, nostalgia – a range of reactions, a faint smile, a tug at the heart, a feeble attempt at dismissal by the brain….
Does this happen to you also? Or do I just come across as a hysterical maniac?
Leaving you with an emotion, an experience, a moment that I felt when I captured the following photo at Tuolumne Meadows in California in the fall of 2008. Describing it would ruin it.
A moment in your eyes, forever in your mind.
Wednesday, August 18, 2010
Programming Note: All-Day Meetings Wed. Through Friday
I'll be wrapped up with business meetings all day through the end of this week, so posting to the blog will be virtually nonexistent until the weekend.
Thanks for following, and things should be back to normal (whatever that is) by the weekend.
- ferg
Thanks for following, and things should be back to normal (whatever that is) by the weekend.
- ferg
Tuesday, August 17, 2010
Google CEO: Change Your Name to Escape Our Watchful Eye
Brennon Slattery writes on PC World:
Google is often accused of behaving like Big Brother, and Google's CEO Eric Schmidt isn't doing much to dispel those perceptions. In fact, in an interview with the Wall Street Journal, Schmidt dropped an interesting -- and frightening -- tidbit: perhaps people should change their names upon reaching adulthood to eradicate the potentially reputation-damaging search records Google keeps.More here.
"'I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time,' [Schmidt] says. He predicts, apparently seriously, that every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends' social media sites," the Wall Street Journal reports.
This isn't the first time Schmidt has made parental -- and borderline moralistic -- statements about Internet behavior. Late last year Schmidt told CNBC that "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."
Monday, August 16, 2010
Pentagon Wants to Secure Dot-Com Domains of Contractors
Marc Ambinder writes in The Atlantic:
Hat-tip: InfoSecurity News
To better secure unclassified information stored in the computer networks of government contractors, the Defense Department is asking whether the National Security Agency should begin to monitor select corporate dot.com domains, several officials and consultants briefed on the matter said.More here.
Under the proposal, which is being informally circulated throughout the department and the Department of Homeland Security, the NSA could set up equipment to look for patterns of suspicious traffic at the internet service providers that the companies' networks run through. The agency would immediately notify the Pentagon and the companies if pernicious behavior were detected. The Agency would not directly monitor the content of the data streams, only its meta-data. (A Pentagon spokesperson called later to clarify that it would not be legal for the NSA to "monitor" private networks; rather, "DoD and NSA are seeking to provide technical advice, expertise and information to the defense industrial base.")
The proposal originated in the Office of the Secretary of Defense. Because of the sensitivity associated with NSA internet surveillance and capabilities, the fact of the exploratory tasker, as it is known in Pentagon parlance, and details associated with it are being closely held.
The new program would apply to the companies that make up the Defense Industrial Base (DIB) and only to the parts of those companies that indigenously store and use sensitive information. As the Department reconfigures its network defenses and the internal structure of its information operation, it continues to deal with a large number of aggressive hacker attacks and data penetrations. Classified information is not supposed to be stored on any dot.mil subdomain that is accessible to outside computer networks.
Hat-tip: InfoSecurity News
Subscribe to:
Posts (Atom)