Thursday, September 30, 2010

Mark Fiore: Tradition



More Mark Fiore brilliance.


Via The San Francisco Chronicle.

Enjoy.

- ferg

Brussels Calls for Tougher Laws on Cyber-Crime

A DPA newswire article, via Monster & Critics, reports:

The European Union's executive on Thursday called for tougher EU laws on cyber-crime as it warned that hijacked computer networks had already caused major security problems in a number of member states.


EU law already covers computer offences such as hacking and spreading viruses. But remote-controlled attacks, which take over innocent computers and use them to launch raids on information systems, are not yet dealt with at an EU level.


The European Commission is therefore proposing that EU states update the rules by outlawing remote attacks - the so-called 'robot nets' or 'botnets' - and the creation of the software which runs them, and imposing a maximum jail term of two years on offenders.


'With the help of malicious software, it is possible to take control over a large number of computers and steal credit card numbers, find sensitive information or launch large-scale attacks. It is time for us to step up our efforts against cyber crime,' the EU's commissioner for home affairs, Cecilia Malmstrom, said.


More here.

UK: Police Surveillance of Muslims Set Up With 'No Regard For Law'

Paul Lewis writes on the Guardian.co.uk:

A secret police operation to place thousands of Muslims living in Birmingham under permanent surveillance was implemented with virtually no consultation, oversight or regard for the law, a report found today.


Project Champion was abandoned in June after an investigation by the Guardian revealed police had misled residents into believing that hundreds of counter-terrorism cameras installed in streets around Sparkbrook and Washwood Heath were to be used to combat vehicle crime and antisocial behaviour.


In fact, the £3m project was being run from the West Midlands police counter-terrorism unit with the consent of security officials at the Home Office and MI5.


The network of CCTV and automatic number plate reading (ANPR) cameras, which were weeks away from being switched on, were intended to monitor people entering and leaving the predominantly Muslim suburbs.


More here.

Hackers Blamed in Texas Water Utility Banking Theft

Colin McDonald writes on MySanAntonio.com:

A breach of security while an employee was online at the Bexar Metropolitan Water District allowed hackers to steal $25,000 from one of the utility's Bank of America accounts, according to the private investigation that concluded this week.


It is not known whether BexarMet can recover the missing money, but security measures are being taken to prevent another attack.


“Since no employee was involved, there are no employee disciplinary measures related to the breach,” said spokesman Hernan Rozemberg in an e-mail.


According to BexarMet staff and board members, malware, short for malicious software program, was inadvertently downloaded onto a new computer at the utility while an unidentified employee in the accounting department was on the Internet.


According to board members, it is unclear whether the computer had the latest antivirus software and the utility was adhering to its policy of having two managers sign off on all wire transfers.


More here.

Stuxnet Trojan Attacks Could Serve as Blueprint for Future Crimeware

Robert Westervelt writes on SearchSecurity:

The Stuxnet Trojan remains a danger to a small minority of firms that run specialized control equipment, but security experts say it could serve as a guide for copycat malware writers, who can reproduce parts of its processes and take better aim at other companies.


"How do you know that the software you are using to support sophisticated manufacturing processes, ranging from uranium centrifuges to automobiles, is not being targeted by some cyberweapon, throwing off your tolerances and measurements?" asked Paul B. Kurtz, managing partner at Arlington, Va.-based GoodHarbor Consulting LLC. "It's something that can be very costly to private industry and ultimately very disruptive to economies."


The worm surfaced in July when it was discovered exploiting a Microsoft Windows file sharing zero-day vulnerability, spreading using the AutoPlay feature for USB sticks and other removable drives. Microsoft issued an emergency update to close the hole, but researchers discovered several other methods used by Stuxnet, including a printer sharing vulnerability, which was patched this month by Microsoft.


Stuxnet was unique in that it contains code that could identify Siemens' Supervisory Control and Data Acquisition (SCADA) software and then inject itself into programmable logic controllers, which automate the most critical parts of an industrial facility's processes -- temperature, pressure and the flow of water, chemicals and gasses. Kurtz, who served in senior positions on the White House's National Security and Homeland Security Councils under Presidents Bill Clinton and George W. Bush, is convinced that the Trojan's end game is to wreak havoc or even destroy critical infrastructure facilities by altering their vital processes.


More here.

Zeus Defendants Denied Bail in U.K. Court

Jeremy Kirk writes on ComputerWorld:

Eleven Eastern Europeans arrested earlier this week for their alleged involvement in a computer hacking and money laundering scheme were denied bail in the U.K. on Thursday.


The U.K. actions were mirrored in the U.S. where the Department of Justice said it had also made arrests in connection with the Zeus botnets.


District Judge Alan Baldwin of Camberwell Green Magistrates' Court in London said some of the defendants were flight risks. Their cases have been referred to Southwark Crown Court.


More serious criminal cases are referred to crown courts rather than held in magistrates' courts in the U.K.


More here.

U.S. Charges 37 Alleged Mules and Others in Online Bank Fraud Scheme

Kim Zetter writes on Threat Level:

Thirty-seven people are being charged in the U.S. for their alleged role in an international fraud ring based in East Europe that stole more than $3 million from bank accounts belonging primarily to small businesses and municipalities, according to indictments released Thursday.


The sophisticated ring included a multitude of East Europeans who entered the U.S. on student visas and fake passports to operate as so-called “money mules,” laundering funds stolen from U.S. accounts and sending the money overseas.


Hackers believed to be in East Europe ran a botnet that used variants of the Zeus malware delivered to victims via e-mail. Zeus infected the victims’ computers to steal bank login credentials. The hackers then took over the accounts to initiate illegal bank transfers to other accounts controlled by the mules.


Last January, for example, about $130,000 was siphoned from the California bank account of a hospital.


The charges, filed in the Southern District of New York, are the culmination of a year-long investigation, dubbed Operation ACHing mules. “ACH” refers to Automated Clearing House, the system under which funds can be electronically transferred from one financial account to another.


More here.

In Passing: Tony Curtis


June 3, 1925 – September 29, 2010

Wednesday, September 29, 2010

In Passing: Greg Giraldo


December 10, 1965 – September 29, 2010


States Unable to Protect Citizens' Personal, Health Data From Cyber Thieves

Byron Acohido writes on The Last Watchdog:

This should come as no surprise. State government agencies aren’t devoting nearly enough resources to protect citizens’ sensitive data from hackers and data thieves.


Some 49 out of 50 states report that a lack of budget is crippling efforts to manage cybersecurity effectively. One state chose not to participate.


That’s the upshot of a survey titled “State Governments at risk: A Call to Secure Citizen Data and Inspire Public Trust” conducted by consulting firm Deloitte & Touche and the National Association of State Chief Information Officers.


The study found most state CISOs lack the capabilities to adequately protect vital data, including personal and health information of their constituents, especially when compared to their counterparts in private sector enterprises.


More here.

Gaps In International Cyber Law Could Hamper Mariposa Case

Paul Roberts writes on Threat Post:

The take down of the Mariposa botnet is a cyber law enforcement success story - but gaps in international cyber law could make it difficult to prosecute those behind the botnet.


A researcher involved in the analysis and dismantling of the Mariposa botnet said that gaps in cyber crime laws in the countries from which the botnet was operated may make it difficult to prosecute those accused of operating the scheme.


Pedro Bustamante, a senior researcher at Panda Security in Spain said that those alleged to be behind the Mariposa botnet, which netted more than €20,000 a month at its height, may never see jail time because of lax cyber crime laws in Spain that, among other things, don't consider it a crime to operate a botnet.


In a presentation at the Virus Bulletin Conference in Vancouver, British Columbia, Bustamante said the take down of the Mariposa botnet, which controlled close to 13 million computers at one point, was an example of the benefits of close cooperation between IT security and anti malware firms and law enforcement.


More here.

Despite Clinton Pledge, State Dept. to Pay Out Billions More to Mercs

Spencer Ackerman writes on Danger Room:

Get ready to meet America’s new mercenaries. They could be the same as the old ones.


A new multi-billion dollar private security contract to protect U.S. diplomats is “about to drop” as early as this week, say two State Department sources, who requested anonymity because the contract is not yet finalized and they are not authorized to speak with the press.


So much for Secretary of State Hillary Rodham Clinton’s one-time campaign pledge to ban “private mercenary firms.”


Neither source would say which private security firms have won the four-year contract or how much it will ultimately be worth. The last Worldwide Protective Services contract, awarded in 2005, went to Blackwater, Triple Canopy and DynCorp. Rough estimates place that contract’s value at $2.2 billion.


This one is likely to be even more lucrative. That’s because this time, the reduction and forthcoming withdrawal of U.S. troops in Iraq is causing the State Department to splurge on private security. In June, a senior department official told the congressional Wartime Contracting Commission that the department requires “between 6,000 and 7,000 security contractors” in Iraq, up from its current 2,700 armed guards. And that doesn’t even take into account those needed to guard the expanded U.S. civilian presence in Afghanistan. Mo’ mercs, mo’ money. And mo’ danger: this year, for the first time, U.S. contractor deaths in Iraq and Afghanistan exceeded troop deaths, ProPublica found.


More here.

Tuesday, September 28, 2010

Police Quiz 19 Over £6M Online Banking Fraud

Via Mirror.co.uk.

Hi-tech crime police were today questioning 19 people suspected of orchestrating a multimillion-pound attack on British bank accounts.


Up to £6 million has been taken from online accounts in just three months by a gang of computer hackers.


They used a virus known as "zeus" to infect computers and capture the passwords and other sensitive details of banking customers.


Their money was then transferred into bogus accounts created by the crooks to help them launder the profits.


Detective Chief Inspector Terry Wilson, of the Metropolitan Police, said the amount of money stolen is likely to "increase considerably" as the investigation continues.


 More here.

Targeted Malware Used in Florida Restaurant PoS Breach

Lucian Constantin writes on Softpedia Security News:

A $200,000 credit card fraud is suspected to have resulted from hackers compromising the Point-of-Sale (POS) system at a Florida restaurant with malware specifically designed for it.


Dave Wendland, the owner of Julie's Place, a Tallahassee eating house dating back to 1978, began learning from his customers of fraudulent out-of-state charges on their credit cards back in July.


Soon afterward he was contacted by the Leon County Sheriff's Office Financial Crimes Unit, which was investigating a $200,000 fraud involving over 100 payment cards, that were all used at his business.


The investigation is still underway, but a technician with the company that installed the Point-of-Sale system at the restaurant has found evidence that hackers penetrated its firewall and deployed malware specifically targeting that model of card terminals.


The terminals are called Aloha and are manufactured by Radiant Systems, one of the largest providers of such systems in the country.


According to BankInfoSecurity, a Radiant representative stressed that the company's product is not vulnerable and blamed the restaurant for not employing enough security layers, as required under PCI.


More here.

After Committing to 'Net Neutrality', Rep. Waxman Pushes Bill to Kill It

Stephen C. Webster writes on The Raw Story:


Legislative text put forward by Rep. Henry Waxman (D-CA) under the banner of mandating network neutrality would instead prevent the government from requiring broadband providers to treat all Internet traffic equally.


Waxman, who has vowed that he would support the so-called 'Net Neutrality' policy proposals favored by most Democrats and progressives, has instead put forward an as-yet-unsettled legislative framework that explicitly prohibits the Federal Communications Commission from regulating broadband Internet under Title II of the Communications Act: a caveat key to implementation of what's been called the Internet's First Amendment.


Should the president sign a bill containing Waxman's language, it would effectively kill 'Net Neutrality' efforts and make key parts of a hotly contested proposal by Google and Verizon the law of the land.


More here.

Monday, September 27, 2010

CIA Allegedly Bought Flawed Software for Drone Attacks

Elinor Mills writes on C|Net News:

The CIA allegedly purchased flawed targeting software for drone missile attacks on suspected terrorists--software it knew was faulty, and that could misdirect attacks by as much as 39 feet--according to a report in The Register based on claims made in a lawsuit.


The suit, filed by a Massachusetts-based company called Intelligent Integration Systems (IISI), involves another Massachusetts company, Netezza, The Register said in its report today. Netezza, a data warehousing company IBM has made a bid to buy, allegedly got a $1.18 million purchase order from the CIA last year to provide data warehouse appliances for use in drones, according to The Register. When combined with IISI's "Geospatial" software, the devices can be used to track movement of cell phones and pinpoint peoples' exact locations in real time, The Register said.


However, the IISI software does not run on the latest version of the Netezza appliance, which the CIA was purchasing, and when IISI said it couldn't port its software to Netezza's next-generation device fast enough for the CIA, Netezza allegedly met the CIA's demands on its own, with an "illegally and hastily reverse-engineered" version of IISI's code, The Register said. Despite knowing of flaws in the hacked software, the CIA acquired it, the news site reported the lawsuit as saying.


"My reaction was one of stun, amazement that they want to kill people with my software that doesn't work," IISI Chief Technology Officer Richard Zimmerman is quoted as saying in a deposition. The Register said Zimmerman was responding to an alleged comment by the CIA that it would accept untested IISI code in chunks.


More here.

Stuxnet Attack Exposes Inherent Problems In Power Grid Security

Kelly Jackson Higgins writes on Dark Reading:

While the Stuxnet worm attack has raised the bar for targeted attacks on the critical infrastructure, it's not the first time the power grid has been in the bull's eye. Attacks against these systems are actually quite common -- it's just that they are mostly kept under wraps and rarely face public scrutiny like Stuxnet has.


Nearly 60 percent of critical infrastructure providers worldwide, including oil and gas, electric, and telecommunications, say they have been targeted by "representatives" of foreign governments, according to a study published earlier this year by The Center for Strategic and International Studies and commissioned by McAfee. More than half of the respondents had experienced a targeted, stealthy attack akin to the Aurora attacks that hit Google, Adobe, and nearly 30 other companies earlier this year. In addition, nearly 90 percent of the respondents said their networks had been infected with malware, and more than 70 percent had been hit with low-level DDoS attacks and vandalism, insider threats, leakage of sensitive data, and phishing or pharming.


As reported last week, Stuxnet has shed light on just how vulnerable their control systems really are, and as the first known malware attack to target power plant and factory floor systems, it has been a wake-up call for the potential damage that could be inflicted on a power plant and the potential consequences to the physical world.

More here.

DRM Library From Microsoft Opens Your Computer to Attacks

Alessondra Springmann writes on PC World:

Microsoft has been a proponent of DRM (digital rights management) for some time now, and has built in a number of protections to every level of its operating system.


The msnetobj.dll library, an ActiveX Network Object, is no exception: according to BoingBoing, msnetobj.dll “is intended to prevent the owner of a computer from saving or viewing certain files except under limited circumstances, and to prevent the computer's owner from disabling” the library.


Aside from mandating what sort of files you can and can’t open on your computer, msnetobj.dll is susceptible to three different types of attacks: denial of service, buffer overflow, and integer overflow. Exploit Database notes that “this issue is triggered when an attacker convinces a victim user to visit a malicious website” and that a hacker could then exploit these holes to run malicious code on your system.
More here.

In Passing: George Blanda


September 17, 1927 – September 27, 2010

Money Transfers Could Face Anti-Terrorism Scrutiny

Ellen Nakashima writes in The Washington Post:


The Obama administration wants to require U.S. banks to report all electronic money transfers into and out of the country, a dramatic expansion in efforts to counter terrorist financing and money laundering.


Officials say the information would help them spot the sort of transfers that helped finance the al-Qaeda hijackers who carried out the Sept. 11, 2001, attacks. They say the expanded financial data would allow anti-terrorist agencies to better understand normal money-flow patterns so they can spot abnormal activity.


Financial institutions are now required to report to the Treasury Department transactions in excess of $10,000 and others they deem suspicious. The new rule would require banks to disclose even the smallest transfers.


Treasury officials plan to post the proposed regulation on their Web site Monday and in the Federal Register this week. The public could comment before a final rule is published and the plan takes effect, which officials say will probably not be until 2012.


More here.

Sunday, September 26, 2010

U.S. Is Working to Ease Wiretaps on the Internet

Charlie Savage writes in The New York Times:

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.


Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.


The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally.


James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” — including its decentralized design.


More here.

French Police Dismantle Mobile Phone Hacking Ring

An AFP newswire article, via The Sydney Morning Herald, reports:

French police have busted a network of mobile phone hackers, a fraud worth millions of euros, and arrested nine people, including employees of cellular phone companies, investigators said Sunday.


Three people were still in custody Sunday following the arrests across the country that came after a year-long investigation into the network, which had been operating for a decade and is the first of its kind in France, according to officials in an investigative unit of the Marseille gendarmerie.


Investigators explained that fraudsters purchased codes to unlock SIM cards for three euros (four US dollars) each from high-ranking phone company employees, who had access to company databases.


The network subsequently sold the codes on the Internet for 30 euros. The money earned from these sales were put into tax-free overseas bank accounts.


More here.

Google Details Government Requests for User Data

Mark Long writes on Enterprise Security Today:

A new online transparency report introduced by Google on Tuesday shines the spotlight on the actions that governments around the world have been taking to control the flow of information. Among other things, the report delineates the number of government inquiries for information about users as well as the number of requests that Google has received pertaining to the removal of specific web content.


Google said it believes its responsibilities include ensuring that the company maximizes transparency around the flow of information related to Google tools and services. "We hope this step toward greater transparency will help in ongoing discussions about the appropriate scope and authority of government requests" as well as "help facilitate studies about service outages and disruptions," Google said.


According to Google, the United States ranked number one during the first half of 2010 among nations requesting information about individual web surfers. The search giant said it complied with nearly 83 percent of the more than 4,200 data requests issued by U.S. courts.


Ranking second, Brazil issued 2,435 requests for data concerning individual Internet users during the first six months of this year. The other top nations requesting user data were India (1,430), the United Kingdom (1,343), and France (1,017).


One glaring omission in Google's transparency report is the lack of any data on user-information requests from China. "Chinese officials consider censorship demands as state secrets, so we cannot disclose that information at this time," Google explained.


More here.

Saturday, September 25, 2010

Proposed Secure Network for Critical Infrastructure Draws Fire

Henry Kenyon writes on GCN.com:

The leader of the U.S. Cyber Command wants to develop a secure computer network to defend civilian government agencies and critical civilian infrastructure and industries.


Gen. Keith Alexander, who has dual responsibilities as commander of the Cyber Command and director of the National Security Agency, testified Sept. 23 before the House Armed Services Committee about the new command’s role in defending federal and commercial networks. He suggested the creation of a restricted network that would allow the government to provide greater protection to vital online operations and critical infrastructure — such as financial networks, commercial aviation systems and the national power grid — from Internet-based attacks.


The New York Times reported that the proposed network, which Alexander referred to as “a secure zone, a protected zone,” would provide essential civilian government and commercial networks with protection similar to secret military and diplomatic communications networks. However, he did not say where the boundaries between this new secure network and the Internet would be or how appropriate user access would be granted. He added that the White House is working on a policy review to determine the best approach and whether it will require Congress to grant new powers.


But Alexander's proposal skimps on specifics, said Martin Libicki, a senior management scientist at Rand Corp.


More here.

Has marriage killed the girl in you?

When The Bald Guy () posted this tag on his blog, I immediately added it to my list of must-do’s, and after a sort of hectic week I finally get the time to take this head on.

The above question and a host of associated questions, including those below (reproduced from TBG’s tag), are ones that I have asked and answered so may a times myself.
Asked less, answered more than a trillion times – friends, relatives, colleagues, and even random strangers!
I think my replies have varied only slightly based on my mood and disposition at that moment in time. Here I make a conscious effort to introspect, retrospect, and ummm, well, to be honest.

Before I bring on the volley of Qs, some basic facts – Well into my 20’s, I have been married to the love of my life for more than three and a half years - and, oh boy, you could pass me as “well married”!

The Qs…
  • Are you more programmed, more regulated in your thoughts and deeds?
A definite yes! I have learned to think twice before I speak and act (in most situations I try to restrict my tongue-in-cheek responses to myself or to a close circle of dear ones), and coming from me, believe me, that takes a huge effort!

I am definitely more politically correct, diplomatic, and conforming to established institutions than I was a couple of years back.
This programming manifests itself in subtle ways – I am more patient with relatives and extended family, I try to think from the other’s point of view (however I dumb it may be to start with :D), I have learnt to make allowances for nosey, pesky people around :p: :p.

  • Or are you simply calmer? Assuaged?
If I take this as a continuation of the previous question, my actions and reaction are definitely more controlled and in line with expectations, but somehow, (even though it may sound contradictory) the raving lunatic in me is not cured.

Assuaged? My husband will do a double somersault laughing his head off if I respond in the affirmative.

I am still the crazy person my friends and family swore on way back! My idiosyncrasies remain intact (touch wood) irrespective of the waves of time that keep crashing in!
I am still bonkers enough to break into a dance in the middle of the road, have ice cream for three meals a day, make inappropriate comments in public and then laugh out loud in an “unlady-like” fashion, threaten my husband with a call to 911 if he tries waking me up early in the morning (in India, can’t threaten him with 100 coz - it's seldom answered), and make him blow balloons and decorate the cake-knife with a fancy ribbon to celebrate my birthday!

  • Are you still in love?
With whom? :D

Ok, honestly, a resounding YES - Am still very much in love (phew, thank god!) – with the person I married, with the wonderful family and friends I share my life with, and with the blessed life god has bestowed on me.

  • Or are you simply loving? Caring, fond and loyal..?
I wonder why this question begins with an ‘or’. Am I in love or am I simply loving?

Hell yeah, I am in love and I am loving to those who love me back!
I am no angel or saint; I care for people who matter to me.
I am fond of all the people I willingly include in my everyday life.
I am fiercely loyal to my loved ones - friends and family.

Marriage has not changed a thing or the intensity when it comes to love and loyalty. I was always the way I am now!

  • What does marriage do to you?
Lots :D!

Marriage makes you fall in love with your beloved all over again. Nothing like waking up to the brightest sunshine in your life.

Marriage convinces you that you made the best decision ever, coz there would be no other man in the whole world who would bring back the entire medical store for a slight cut.

Marriage makes you hate the guy you married when all his promises of love and never ending support are sacrificed at the altar of a stupid cricket match!

Marriage exasperates the life out of you when good-for-nothing relatives and well-wishers are waiting for the ever elusive “good news”.

Marriage makes you believe in the K-serials when you disagree with your MIL on the color of the curtains.

Marriage provides the much needed privacy from the ever-so-curious world outside. Finally, you can be there for each other, always, without having to explain your relationship status.

Marriage makes you independent and responsible and secure. People suddenly start taking you more seriously.

Marriage makes you dependent – this one person controls your emotional and mental well being – almost completely.

Marriage teaches you that life is not perfect as the Mills & Boons and Yash Chopras of the world will have us believe. There are tiffs, and there are misunderstandings, and it takes a lot of hard work to keep it all together for the sake of love.
But as in the end of all love stories, it is always well worth the effort you put in!

  • And finally the big one: Has marriage killed the girl in you?
NO! I would never let that happen. Vish would never let that happen. Though he would be happy if the girl in me grew up a bit in-keeping with my age, I still choose to believe he’d rather I stay the person he fell in love with – it is the complete package you get, as we both often joke!

Having said that, life has its own way of moulding you into a more mature and understanding being.

With marriage comes a new chapter in your life, with new characters, new story lines, new plots, never-before-been-in situations, not-trained-for experiences but the individual that is you remains and must remain essential to the core – whatever be the story!

Dreams don’t come true by making wishes on shooting stars, but don’t stop dreaming.

Love is also about you taking the first step forward no matter how huge your ego is, but don’t stop loving.

He seems to suffer from the most incurable form of amnesia when it comes to dates – your first date, the date he proposed, your parents’ birthdays! But don’t stop celebrating (kick him, for sure!)

Miracles don’t happen always as per expectations, but don’t stop believing in them.
Faith and hope make the world go round!

Marriage is about accommodating, including and sharing, but don’t compromise the individuality and the uniqueness that define you.

Marriage is about being the doting wife, the responsible daughter-in-law and eventually the loving mother, but don’t let the girl in you die.
She should be the beautiful, inimitable foundation on which you build your life.

Friday, September 24, 2010

Nine Years After 9/11, Intelligence Sharing Is Still Hobbled

Mark Hosenball writes on Newsweek.com:


More than nine years after 9/11, America’s intelligence-sharing system continues to be impeded by legal and technical difficulties. As a result, important intelligence reports may be slow to reach those officials who could to take action on them. One such problem surfaced in Congress earlier this week: a glitch in the wording of the Freedom of Information Act.


The trouble is that when frontline agencies like the CIA and National Security Agency transfer “operational” files to the national intelligence director’s office—or to the National Counterterrorism Center (NCTC), a branch of the intelligence czar’s office created to ensure greater sharing of intelligence on terror threats—those files are more vulnerable to FOIA disclosure than they were before they left the originating agency.


More here.

FBI Targets Anti-War Protesters as Part of Terrorism Probe

Via CNN.com.

Political and anti-war activists in the Midwest said they were the target Friday of searches the FBI called part of an investigation into the "material support of terrorism."


Warrants led to the search of five residences and one office in Minneapolis, Minnesota, said FBI spokesman Steve Warfield, who said there were no arrests. Two other searches were conducted in Chicago, Illinois.


Activist Tom Burke in Chicago said he and others in Minnesota, Illinois and Michigan were served subpoenas to testify before a grand jury. He also said computer hard drives were taken from locations in both cities, as well as a cell phone in Minneapolis.


Warfield would not comment on that statement or provide details of the searches.


He also would not discuss the investigation, other than indicating it is the work of a joint task force on terrorism.


More here.

Cyber Fraud Ring Dismantled in Ukraine

Lucian Constantin writes on Softpedia Security News:


A group of five hackers were arrested by Ukrainian authorities this month under suspicion of stealing millions from the bank accounts of foreign companies.


The cyberfraud ring was operating out of Odessa, a city in Southern Ukraine, and according to the investigators its members were raking up between 300 and 500 thousand dollars per month.


The hackers allegedly used malware to obtain unauthorized access to the bank accounts of foreign companies, organizations or institutions and siphon cash out.


The arrests were the result of a joint operation between the Ukrainian police, the Anti-Corruption Bureau of the General Directorate of Combating Organized Crime and the Ministry of Internal Affairs (MIA).


HostExploit reports that local authorities believe the group might be responsible for stealing $1 million from the accounts of Sony Europe alone.


When raiding the hackers' hideout, the police seized servers, computers, printers, stamps, forms, credit cards, fake documents, fake passports and 350 thousand dollars.


More here.

Debate Heats Up Over Police Access to Data in The Cloud

Aliya Sternstein writes on NextGov.com:

Law enforcement officials told Congress on Thursday that restricting data in the cloud from surveillance would jeopardize public safety.


Authorities "must have reasonably expeditious access to stored information that may constitute evidence of a crime committed, or about to be committed, regardless of the technology platform on which it resides or is transferred," said Kurt F. Schmid, executive director of the Chicago High-Intensity Drug Trafficking Area, which is part of the Office of National Drug Control Policy. "Without these constitutionally tested authorities, the safety of the public is put at significant risk." Schmid testified at a hearing of the House Constitution, Civil Rights and Civil Liberties Subcommittee.


His warning comes at a time when the House and Senate are considering updating the 1986 Electronic Communications Privacy Act, which extends wiretapping restrictions to electronic communications such as e-mails. The current law protects communications from interception by law enforcement only when they are stored on computers, not when they are stored on the Internet.


Lawmakers argue the rise of Web mail and other cloud computing services -- applications third-parties provide to users online and on-demand -- has created uncertainty and confusion among law enforcement, the business community and U.S. consumers about the privacy of Web-based transactions. Justice Department officials contend that before the advent of the cloud, the law helped authorities find drug traffickers, child predators, terrorists and other criminals. Privacy advocates say it now fails to adequately protect huge amounts of personal information.


More here.

Man Gets 10 Years for VoIP Hacking

Robert McMillan writes on ComputerWorld:

A Venezuelan man was sentenced to 10 years in prison Friday for stealing and then reselling more than 10 million minutes of Internet phone service.


Edwin Pena, 27, was convicted in February of masterminding a scheme to hack into more than 15 telecommunications companies and then reroute calls to their networks at no charge. He must also pay more than $1 million in restitution, and will be deported once his sentence is served.


Pena was sentenced by Judge Susan Wigenton in U.S. District Court for the District of New Jersey on computer hacking and wire fraud charges.


The scam cost his victims, including VoIP sellers Net2Phone, NovaTel and Go2Tel, more than $1.4 million in losses.


More here.

Thursday, September 23, 2010

Software Vulnerabilities Reaching 'Unacceptable' Levels

Shaun Nichols writes on v3.co.uk:

Developers are failing to meet industry security standards when creating new software, according to testing firm Veracode.


Data collected on 2,900 applications by the company's security verification service suggests that more than half of tested applications contain " unacceptable" levels of vulnerabilities.


Financial sector applications had the lowest vulnerability levels, and mission-critical applications in general were found to be less vulnerable.


Web-based applications were found to be particularly vulnerable, however. More than 80 per cent of submitted web applications contained errors listed in the Open Web Application Security Project's Top 10 risk list.


Sam King, vice president of product marketing at Veracode, told V3.co.uk that the high number of vulnerabilities in web applications could be down to the skill of the developer and heightened interest in testing web applications.


More here.

Here We Go Again: Proposed Bill Would Give President Emergency Cyber-Superpowers

Via Government Technology.

The bad guys who troll America’s digital infrastructure looking for networks to attack may have some problems coming their way if a proposed bill circulating through Capitol Hill goes through. The legislation would give the president the power to declare a national cyber-emergency if a huge network attack happened.


Reuters reported Tuesday, Sept. 21, that the presidential declaration, in case of an imminent threat to critical things like the electrical grid or water supply, could require companies to shut down temporarily or take certain steps, like enhancing their cyber-defenses. The declaration would last for 30 days, though the president could renew it, it couldn’t go longer than 90 days without congressional action.


The legislation in its current form merges two other cyber-security bills that came before. A spokesperson for Senate Majority Leader Harry Reid said backers in Congress hope to pass it before year’s end.


Some companies worry the bill would give the government too much power over their businesses, since it could give the public sector power to designate whether a company’s — or industry’s — technology operations would be shut down or altered, or just certain portions. Private-sector opposition could make it difficult for the bill to get through Congress before the year is over.

Link.

Google Warning Gmail users on China Spying Attempts

Paul Roberts writes on ThreatPost:

Google is using automated warnings to alert users of its GMAIL messaging service about wide spread attempts to access personal mail accounts from Internet addresses in China. The warnings may indicate wholesale spying by the Chinese government a year after the Google Aurora attacks or simply random attacks. Victims include one leading privacy activist.


Warnings appeared when users logged onto Gmail, encountering a red banner reading "Your account was recently accessed from China," and providing a list of IP addresses used to access the account. Users were then encouraged to change their password immediately. Based on Twitter posts, there doesn't seem to be any pattern to the accounts that were accessed, though one target is a prominent privacy rights activist in the UK who has spoken out against the Chinese government's censorship of its citizens.


A Google spokesman declined to comment on the latest warnings specifically. The company has been issuing similar warnings since March when it introduced features to identify suspicious account activity.


Alexander Hanff of Privacy International in the UK said he saw the warning when he accessed a GMAIL account Thursday morning. Hanff set up the personal account, which he created in 2005 when he operated the Torrent Web site DVDR-Core, an early target of the Motion Picture Association of America in its battle to stop copyright piracy. Hanff said he immediately changed the password, at Google's suggestion, and said the attempts to access his account from China were recent - occurring within the past couple months.


He only rarely accesses the account and does not use it for e-mail related to his work for Privacy International. Still, he said the account is easily discoverable online for those looking to contact him via e-mail, which might have made it a target.


More here.

The Great Firewall of... America?

Milton Mueller writes on The Internet Governance Project Blog:

Frustrated with the contradiction between the limits of jurisdictional authority and the Internet’s globalized access to information, more and more governments are instituting measures to block access to web sites which are deemed illegal in their territory but are located outside their jurisdiction. A bill introduced in the U.S. Senate on Monday would start to put into place an infrastructure for maintaining a black list of censored domain names. The purpose is not political censorship but blocking in the name of copyright and brand protection. The proposed bill is called the Combating Online Infringement and Counterfeits Act (COICA). It’s a radical change in internet policy masquerading as a strengthening of copyright enforcement


Keep in mind those words “block access... in their territory.” In debating this issue, we must never lose sight of the fact that COICA and similar measures are not designed to identify and catch the perpetrators of crimes or even, primarily, to take down the illegal web site or content. No, they are designed to prevent ordinary users of the internet from being able to connect to or transact with the infringing sites. In other words, they substitute regulation of the general public’s internet access for prosecution of crimes committed by specific people in specific locations.

That’s why it is not unfair to call it “censorship” – it manages and restricts what all of us can see instead of pursuing and catching the law-breakers. This trade off is becoming increasingly common around the world, and it is a huge mistake. The effect is to re-territorialize communications access; as such it strikes serious blows against the great social, economic and political advances created by the globalization of communications access and the ability to “innovate without permission” that went along with it. If the Internet as a global system sustains collateral damage, well, the copyright interests don’t care, and as long as that powerful lobby is satisfied, neither do the legislators. The process of carving up the Net into 200 separate fiefdoms is well underway, and now, alas, the U.S. is joining in on it.


More here.

Wednesday, September 22, 2010

Mark Fiore: Cashocracy



More Mark Fiore brilliance.

Via The San Francisco Chronicle.

Enjoy.

- ferg

Krista Allen sexy gallery 2010

Krista Allen sexy gallery 2010krista allen sex scene



Krista Allen sexy gallery 2010Krista Allen



Krista Allen sexy gallery 2010Krista Allen 912x1160



Krista Allen sexy gallery 2010One Krista Allen half-nude



Krista Allen sexy gallery 2010File:Krista Allen 2.jpg



Krista Allen sexy gallery 2010Krista Allen « Klondike



Tuesday, September 21, 2010

Cyberwar Risk Poses Specter Of Cyberwar Crimes

Tom Gjelten writes on NPR.org:

It may come as a surprise to some war victims, but there actually is a body of international law that establishes when and how nations can legally engage in armed conflict.

Various treaties — the United Nations Charter, and the Hague and Geneva conventions — distinguish between victims and aggressors, and put forward combat guidelines that, when honored, provide some protection to civilians. Professional militaries train with the rules of war in mind, recognizing that abiding by them works to their benefit as much as to the enemy's.

It is no surprise, then, that many legal experts, diplomats and military commanders around the world are now debating how to extend the law of war to cyberspace. The emergence of electronic and cyberwar-fighting capabilities is the most important military development in decades, but it is not yet clear how existing treaties and conventions might apply in this new domain of conflict.

We don't know when or if a cyberattack rises to the level of an 'armed attack.'

Uncertainty about the legal and ethical limits of state behavior in cyberspace could have disastrous consequences.

More here.

Lindsay Lohan new gallery

Lindsay Lohan new galleryLindsay Lohan Sober Living



Lindsay Lohan new galleryLindsay Lohan



Lindsay Lohan new galleryLindsay Lohan's father thinks



Lindsay Lohan new gallery1.lindsay lohan



Lindsay Lohan new galleryDay, Lindsay Lohan



Lindsay Lohan new galleryMore about: Lindsay Lohan



Monday, September 20, 2010

Kari Wuhrer images HD

Kari Wuhrer images HDKari Wuhrer poster Z1G117329



Kari Wuhrer images HDKari Wuhrer



Kari Wuhrer images HDKari-Wuhrer-31.jpg



Kari Wuhrer images HDKari Wuhrer



Kari Wuhrer images HDKari Wuhrer Online :Much Love



Kari Wuhrer images HDKari Wuhrer Picture 19



Sunday, September 19, 2010

eNom to Begin Screening Bogus Drug Sales

Joe Menn writes in The Financial Times:

In a victory for the fight against criminal networks distributing counterfeit and adulterated drugs over the internet, the world’s second-biggest seller of website addresses is to begin screening customers for unapproved drug sales.

Under pressure from security professionals, the internet governance group ICANN and the White House, the domain-name seller eNom last week quietly retained LegitScript, a company that vets internet pharmaceutical concerns to make sure they are licensed to do business in the US.

While GoDaddy, the world’s biggest seller of domain names, and other registrars have knocked thousands of rogue pharmacies offline, until now eNom, owned by Demand Media of Santa Monica, had refused to act without a court order or law-enforcement directive.

The changed approach was disclosed in an amended securities filing for Demand Media’s planned initial public stock offering. The filing says LegitScript will assist eNom “in identifying customers who are violating our terms of service by operating online pharmacies in violation of US state or federal law”.

eNom came under fire in June, when security research concern KnujOn accused it of handling registrations for 4,000 bogus pharmacies.

More here.

Interpol Chief Has Facebook Identity Stolen

John E. Dunn writes on Techworld.com:

He’s one of the most powerful people in world policing, but on Facebook Interpol chief Ronald K. Noble is just as vulnerable to identity theft as anyone else.

At last week’s inaugural Interpol Information Security Conference in Hong Kong, secretary general Noble revealed that criminals had set up two accounts impersonating him on the networking site during this summer’s high-profile global dragnet, ‘Operation Infra-Red’.

The fraud was discovered only recently by Interpol’s Security Incident Response Team.

“One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra-Red," Noble told delegates.

More here.

De-tanning!

So here I am to fulfill a teeny weenie promise I made in this post: Sun, Sand and Sea.
A first hand account on how to get rid of the awful tan most of us Indians get during our beach vacations – like I mentioned in my referenced post, while the whole world seems to turn flattering shades of blushed pink and glowing golden, we turn horrible tones of brown and black :)!

(P.S. I am no beauty expert, I googled a lot, went back to the proverbial grandma’s book, and finally tried the more convenient options. What I write here may not be the most effective and efficient treatments but they did work for me :))

Okay, first a few things that you must do to ensure that the sun’s darkening effect on your skin melanin is the minimum:
  • Choose a good sunscreen for your face and your body. Most of us are guilty of taking extra care of the face and hardly anything for the rest of the body.
On a day out at the beach, I recommend Neutrogena Ultra Sheer Dry-Touch Sunblock with an SPF of 50+ for the face and body. I used this and the damage to my face was kept to a minimum.
(Note: For the body, I had used Biotique Sandalwood Sunscreen lotion with an SPF of 100, but alas it was not at all effective.)
  • Re-application of sunscreen to all exposed parts every 2-3 hours is a must. I know this seems tough; In the middle of a picturesque cruise, an exciting beach volleyball game or a romantic day out with your significant other the last thing on your mind is messy sunscreen! But girls, it’s all for the greater good!
  • After the day is over and you are back, have a bath with warm water. Then, dip cotton wool in cold (preferably raw) milk and massage all over the exposed areas, including your face. Wash off after five minutes. Splash your face with rose water. Before sleeping, massage your body and face with a good oil-free moisturizer or skin milk (if you feel your skin is sticky), or olive oil (if you feel your skin is dry).

If one follows all of the above recommendations, sun-burn will hardly become a cause of worry. However, if you are like me – super lazy, end up doing only the first thing on the list above and then are reduced to fire fighting, welcome to the club and read on.

On an extended vacation, it is very difficult to take time out for skin care and only when you return after the long haul does your skin start begging for attention cure. But, there is good news - it is usually not so late by then.

So I came back with an awful tan – my arms looked like I was wearing a chocolate brown sleeve, my face, though much better, had an unmistakable russet hue to it. And this is a skin care regime I followed for a little less than 3 months to get rid of the vacation baggage on my skin!
Sounds like a lot of time? Actually not! Most of the stuff I wanted to do was restricted to weekends as work left me with little time over weekdays. If you are determinate, and have the time, go ahead and follow this daily to get early results!

(Warning: For your spouse and family, it's going to be Halloween time with all the face and body masks so brace them well beforehand ;))

  • Skin that is badly tanned tends to crinkle and peel off in layers. At all times, ensure that your skin is well moisturized. Use good quality aloe vera gels and crèmes for best results.
  • Continue using a good sunscreen at all times during the day irrespective of the amount of sun exposure.
  • For the face: Apply the following packs every alternate day.
(If after a few days, you feel your skin is dry or stretched, massage your face with Olive oil or Almond oil at night)

Pack 1: Take a full teaspoon of fuller’s earth (multani mitti) and mix it with lemon juice and rose water (for acne-prone skin)/honey (for dry skin). Apply this paste to your face and neck, and leave it on till its dry. Wash off with luke warm water.

Pack 2: Take a full teaspoon of gram flour (besan), a pinch of turmeric, lemon juice, few drops of honey and mix it with milk (for acne prone skin)/curd (for dry skin). Apply this paste to your face and neck, and leave it on till its dry. Wash off with luke warm water.

  • For the body: Do the following every alternate day:
1. Massage your body with olive oil – remember to not use too much oil – apply a quantity that is easily absorbed. Leave on for 1 hour. Then apply lemon juice all over the exposed areas. You can rub in lemon halves too for ease of application. Leave on for 20 minutes and then go for your bath.

2. Make a body pack with gram flour (besan), turmeric, lemon juice, honey, milk/curd and apply it all over your body. Leave on for half an hour till dry and then go for your bath.


Though all this sounds a little tedious and messy, believe me it works! I got rid of my tan without having to subject my skin to the awful chemical bleaching agents!

Let me know if this works for you and also feel free to share your de-tanning secrets :)!

(An aside: I always tell you the sun is upto no good - ever :D)

Why does a Flash Cookie from wildlifecontrolexperts.com keep getting set on my machine?

I use a Firefox Plug-In called Better Privacy, which I check regularly to keep track of -- and delete -- Flash Cookies which secretly try to track my browsing.

I noticed a few days ago that I keep on deleting a Flash cookie from wildlifecontrolexperts.com, but it keeps reappearing.

Anyone have any ideas? This one has me stumped, but I admit I have not spent much time investigating this. It doesn't appear to be overtly malicious... but I would sure love to know what keeps setting it.

Comments appreciated.

Thanks,

- ferg


Update: Sunday, 19 Sept. 2010, 10:29 PDT: Never mind. I figured it out... :-)

Friday, September 17, 2010

A Loophole Big Enough for a Cookie to Fit Through

Riva Richmond writes in The New York Times:

If you rely on Microsoft’s Internet Explorer’s privacy settings to control cookies on your computer, you may want to rethink that strategy.

Large numbers of Web sites, including giants like Facebook, appear to be using a loophole that circumvents IE’s ability to block cookies, according to researchers at CyLab at the Carnegie Mellon University School of Engineering.

A technical paper [.pdf] published by the researchers says that a third of the more than 33,000 sites they studied have technical errors that cause IE to allow cookies to install, even if the browser has been set to reject them. Of the 100 most visited destinations on the Internet, 21 sites had the errors, including Facebook, several of Microsoft’s own sites, Amazon, IMdb, AOL, Mapquest, GoDaddy and Hulu.

More here.

Thursday, September 16, 2010

Mark Fiore: Back To School



More Mark Fiore brilliance.

Via The San Francisco Chronicle.

- ferg

Man Gets 6 Years in Prison for Laundering $2.5 Million for Carders

Kim Zetter writes on Threat Level:

A California man who served as a lynchpin for transmitting stolen money to hackers and carders in East Europe and elsewhere was sentenced on Thursday to 6 years in prison for conspiring to launder money.

Cesar Carranza, 38, also known as “uBuyWeRush,” ran a legitimate business selling liquidation and overstock merchandise online and from three California stores.

But, according to an indictment [.pdf], he also sold MSR-206’s to carders to encode stolen bank card data onto blank cards, and he served as a conduit to transmit stolen money between mules and carders.

He worked with many of the top carders in the criminal underground between 2003 and 2006, including Maksim “Maksik” Yastremskiy, a Ukrainian carder who allegedly worked with TJX hacker Albert Gonzalez and was considered by authorities to be one of the top sellers of stolen card data on the internet.

In 2003 and 2004, Carranza became an approved and trusted vendor on online criminal forums such as CarderPlanet and Shadowcrew, advertising his goods and services and dispensing advice on the best tools to use for various criminal endeavors.

More here.

Wednesday, September 15, 2010

China Continues Satellite Maneuvers

Alan Boyle writes on MSNBC.com:

Space-watchers say China is still doing whatever it started doing last month with two close-flying satellites in orbit. And that's keeping outside observers worried about the fact that Chinese officials have not yet actually said what it is they're doing.

The maneuvers, which appear to involve rendezvous operations between the SJ-06F satellite and the more recently launched SJ-12 craft, could amount to practice for space station dockings or coordinated satellite observations from orbit. Few folks would have a problem with that. But they also could be aimed at developing the expertise for lurking near someone else's satellite and eavesdropping, or even knocking that satellite out of commission in the event of a crisis. That's the worrisome part.

The formation-flying exercise began in mid-August, and stirred up a significant fuss a couple of weeks ago when some observers speculated that the SJ-12 might have given a nudge to the SJ-06F. China says the satellites in the SJ series (SJ stands for "Shijian," or "Practice" in Chinese) are designed for scientific purposes, but space experts suspect that they actually are being used for military surveillance.

More here.

U.S. Urges NATO to Build 'Cyber Shield'

An AFP article, via PhysOrg.com, reports that:

NATO must build a "cyber shield" to protect the transatlantic alliance from any Internet threats to its military and economic infrastructures, a top US defence official said Wednesday.

Cyber security is a "critical element" for the 28-nation alliance to embrace at its summit of leaders in Lisbon on November 19-20, US Deputy Defence Secretary William Lynn said in Brussels.

"The alliance has a crucial role to play in extending a blanket of security over our networks," Lynn said.

"NATO has a nuclear shield, it is building a stronger and stronger defence shield, it needs a cyber shield as well," he said at a forum hosted by the Security & Defence Agenda think-tank.

The Pentagon's number two called for adopting the Cold War-era strategy of "collective defence" in the cyber arena.

More here.

Note: This seems like a red herring to me -- in fact, I'm still trying to figure out how they think this would work. - ferg

Elisha Cuthbert sexy wallpapers HD

Elisha Cuthbert sexy wallpapers HDBilder på Elisha Cuthbert



Elisha Cuthbert sexy wallpapers HDElisha Cuthbert



Elisha Cuthbert sexy wallpapers HDElisha Cuthbert Maxim Photo



Elisha Cuthbert sexy wallpapers HDElisha Cuthbert Pictures



Elisha Cuthbert sexy wallpapers HDElisha Cuthbert 81 wallpaper



Elisha Cuthbert sexy wallpapers HDElisha Cuthbert:



Tuesday, September 14, 2010

Christina Milian new images

Christina Milian new imagesBiography for Christina Milian



Christina Milian new imagesLabels: Christina Milian, Sexy



Christina Milian new imagesChristina Milian Claims



Christina Milian new imagesChristina Milian | Leicester



Christina Milian new imagesChristina Milian Celebrity



Christina Milian new imagesR&B Tags: christina-milian



Monday, September 13, 2010

Privacy Group Sues to Get Records About NSA-Google Relationship

Ken Dilanian writes in The Los Angeles Times:

The National Security Agency should divulge information about its reported agreement with Google Inc. to help the Internet company defend itself against foreign cyber attacks, according to a lawsuit filed Monday by a privacy group.

The ad hoc and secretive nature of Google's arrangement with the federal spy agency also spotlights what some experts said was the lack of a clear federal plan to deal with the growing vulnerability of U.S. computer infrastructure to cyber intrusions launched from foreign countries. At risk are power grids, banks and other crucial public services.

"We have a faith-based approach, in that we pray every night nothing bad will happen," said James Lewis of the Center for Strategic and International Studies, a Washington think tank.

In January, Google announced that it had been the victim of "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property."

A month later, newspapers reported that Google had begun cooperating with the NSA, the spy agency in charge of defending the U.S. military from such attacks. Google, according to reports, enlisted the NSA, which has a vast electronic surveillance capability and a trove of cyber-warfare experts, to help trace the source of the attack and take steps to prevent future intrusions.

More here.

My Ping in TotalPing.com