The SuPer New Me..WhaT Ya bLoKeS ThInK??
:P

Sea Levels On The Rise

Over the past 30 years, temperature in the Arctic have been creeping up, rising half a degree Celsius with attendant increases in glacial melting and decreases in sea ice.

Experts predict that at current levels of greenhouse gases - carbon dioxide alone is at 375 parts per million - the earth may warm by as much as 5 degrees Celsius, matching conditions roughly 130,000 years ago. Now a refined climate model is predicting, among other things, sea level rises of as much as six metres, according to research results published in the journal Science.

Modeller Bette Otto-Bliesner of the National Center for Atmospheric Research in Boulder and Paleoclimatologist Jonathan Overpeck of the University of Arizona matched results from the Community Climate System Model and climate records preserved in ice cores, exposed coral reefs, fossilised pollen and the chemical makeup of shells to determine the accuracy of the computer simulation.

Roughly 130,000 years ago, the Arctic enjoyed higher levels of solar radiation, leading to increased warming in the summer and the retreat of glaciers worldwide. The model correctly predicted the extent of the resulting Arctic ice melt, enough to raise sea levels by roughly three metres.

"Getting the past climate change correct in these models gives us more confidence in their ability to predict future climate change," Otto-Bliesner says.

"These ice sheets have melted before and sea levels rose. The warmth needed isn't that much above present conditions."

But sea levels rose as much as six metres 130,000 years ago and Overpeck speculates that may have been the result of additional melting in Antartica.

After all, the ice there is not all landlocked; some rests in the ocean and a little warming in sea temperatures could melt it or pry it loose. And this time around, the warming is global, rather than concentrated in the Arctic.

"In the Antartic, all you have to do is break up the ice sheet and float it away and that would raise the sea level," he says.

"It's just like throwing a bunch of ice cubes into a full glass of water and watching the water spill over."

Such a sea level rise would permanently inundate low-lying lands like New Orleans, southern Florida, Bangladesh and the Netherlands. Already sea level rise has increased to an inch per decade, thanks to melting ice and warm water expansion, according to Overpeck.

And evidence that the Arctic is exponentially warming continues to accumulate.

Indeed, in another paper in the same issue of Science, Goran Ekstrom of Harvard University reported a marked increase in so-called glacial earthquakes - seismic events recorded throughout the world when Greenland's glaciers slip past rock - since 2002.

In fact, last year alone saw twice as many quakes as in previous years, with most of that increase coming during the summer months.

"We need to start serious measures to reduce greenhouse gases within the next decade," Overpeck says.

"If we don't do something soon, we're committed to four to six metres of sea level rise in the future.

Links

National Center for Atmospheric Research

Centre for Atmospheric Science (University of Cambridge)

Center for the Study of Carbon Dioxide and Global Change

Data Support Section of the Computational and Information Systems Laboratory at the National Center for Atmospheric Research in Boulder, Colorado

Hi, been super ages since I have posted sumtin up.

Anyways, the link to my new found love -->

Hiya, Well, as it seems that its the Microsoft Crash month, let see another one:

<html><form><input type crash></form></html>

This will crash IE with the following error:"Unhandled exception in iexplore.exe (SHLWAPI.DLL): 0xC0000005: AccessViolation"

It's a null pointer overwrite, so it's not easily exploitable...

This HTML also crash Outlook, Frontpage, and all the Microsoft programs that use the shlwapi.dll library to render web code.

Plain HTML is a dangerous language :)

Balvin says:

Not to be overly trollish here, but you could also squish poetry onto one long line or a big novel onto one really huge page, like something in Guinness's Book of World Records I suppose.

The point is, we use line counts in computer languages, even though most computer languages can be spaced out in numerous ways, because it provides a good rough estimate of length and complexity. It's not always the best metric, but oftentimes it serves its purpose well. In this case, the typical slashdot reader can see that the exploit is only "five lines" and realize that it's not a overly complicated HTML parser exploit but instead something ridiculously simple.

Features

Take Advantage of Everything InfoSec World Has to Offer

• Case Studies for Security Pros
• The Latest on Hacking Techniques
• Management Tips to Fine-Tune Your Skills
• Targeted Attacks
• The InfoSec World Expo
• Optional, In-Depth Workshops
• Intensive Networking
• Continuing Education Credits
• CISSP Exam
• Book Signing

Read more on the features

This year's keynote addresses will expand your mind and inspire you to think about information security from fresh perspectives:

1. Tom Ridge (First Secretary of Homeland Security)
2. Peter Bergen (Prominent Terrorism Analyst)
3. Kevin Ashton (Co-Founder and Former Executive Director, Auto ID Center, MIT)
4. Jeff Jonas (Chief Scientist and Distinguished Engineer, IBM Entity Analytics)

The full conference details

Call For Papers

Black Hat USA 2006, Caesars Palace, Las Vegas, Nevada

Papers and presentations are now being accepted for the Black Hat USA 2006 Briefings.
Papers and requests to speak will be received and reviewed from now until May 1, 2006.

Submit by completing the submissions form.
We strongly suggest that you submit earlier than later since we will close the CFP early if we receive enough quality submissions to fill the slots.

WHAT IS THE BLACK HAT BRIEFINGS?

The Black Hat Briefings was created to fill the need for computer security professionals to better understand the security risks to information infrastructures and computer systems. Black Hat accomplishes this by assembling a group of vendor-neutral security professionals and having them speak candidly about the problems businesses face and the solutions to those problems. No gimmicks— just straight talk by people who make it their business to know the information security space.

IF YOU WANT TO SUBMIT, PLEASE NOTE:

Black Hat does not accept product or vendor related pitches. If your talk is a thinly-veiled advertisement for a new product or service your company is offering, please do not apply.

Source - Black Hat Main (Digital Self Defense)

Maxxuss Hacks Skype - Releases Patch Allowing 10-way Conference Call For Users In Skype 2.0

It looks like Maxxuss has had some free time after hacking up OS X 10.4.5 to focus his attentions on Skype's attempt to lock their 10-user conference call feature to only users with Intel's processors... From his page:

Recently, Skype and Intel have announced a deal that would limit Skype functionality on all but specific Intel processors. Skype 2.0 offers 10-way conference calls only on Intel’s latest dual-core CPUs, while other chips, including all AMD chips, will only offer 5-way conference calls. It is argued that only those Intel dual-core CPUs meet the requirements - which would imply that no AMD CPU is fast enough. Now, what are these requirements? Is there some kind of micro-benchmark built into Skype which measures the processing speed? Or does Skype look for a specific hidden CPU feature? As the details on the patch reveal, the code logic behind the limitation is quite simple:

If it's a CPU with "GenuineIntel" branding and has at least two cores, then allow 10 users; else limit to 5 users.

His patch works for Skype version 2.0.0.90 (released March 1st).

Source - Maxxuss

Defcon 14 - Las Vegas, Nevada, USA: Call For papers

Hey Uber network samurais, it is that time of the year again! The DEFCON CFP is now open!

What: DEFCON 14 CFP
When: The Call for Papers will close on June 15, 2006
How: Complete the Call for Papers Form and send to talks at defcon dot org DEFCON 14

Don't know what DEFCON is? Go to www.defcon.org and clue up!

Papers and presentations are now being accepted for DEFCON 14, the conference your mother warned you about. DEFCON will take place at the Riviera in Las Vegas, NV, USA, August 4-6, 2006. Yes, you read that right! We are at a new location! The first time in many years we are back in Uncharted territory! Help us break in the new hotel with some unforgettable talks and demos. Now is the time to prepare and submit your DEFCON presentation.

Source - Defcon, call for papers

HITBSecConf 2006 - Malaysia: Call For Papers Now Open

The Call for Papers for HITBSecConf2006 - Malaysia is now open! Set to take place from the 18th till the 21st of September 2006 at The Westin Kuala Lumpur, this years event promises to once again deliver a look at the latest attack and defense techniques as well as the latest research in network security. We have some exceptional keynote speakers this year including Bruce Schneier, Mark Curphey and John Veiga! If you are thinking of submitting a paper, submissions are due no later than 1st of May 2006. For more details on the submission process, do take a look at the Call for Papers page. See you guys in September!

Source - HITBSecConf2006 - Malaysia

Report: IRS Slips On Keeping Workers' Computers Secure

System administrators are being blamed for weak security settings.

The Internal Revenue Service must do a better job of maintaining the security settings it developed and deployed on employees’ workstations under a common operating environment (COE), according to report by the Treasury inspector general for tax administration (download PDF). Currently, high-risk vulnerabilities could allow the computers to be compromised, Michael Phillips, deputy inspector general for audit, said in the report. Although the IRS developed the COE with secure configurations and installed those configurations on employees’ computers, security settings have not been consistently maintained, Phillips said. “In our sample of 102 computers with the COE installed [out of approximately 100,000], only 42 were sufficiently secure based on the IRS standards,” Phillips said. “The remaining 60 computers complied with less than [90%] of the computer settings prescribed by the IRS or contained at least one high-risk vulnerability that could be exploited to either take control of the computer or render it unusable.”

Source - Computer World

MS Developer Responds To Backdoor Speculation

In a MSDN blog posting yesterday, a Microsoft developer responds to speculation about BitLocker providing government back-doors with a resounding "Over my dead body." The speculation was centered around a BBC News posting several weeks ago where UK officials were said to be in talks with Microsoft regarding back-door functionality for its upcoming Windows Vista operating system. The blog author, Neils Ferguson mentions that Microsoft is indeed talking to governments but in the context of helping them use BitLocker for their own needs. Neils also mentions the developer backlash that would ensue should a back-door be legislated upon them, offering suggestions that such requirements would be publicly disclosed or the project cancelled altogether.

Source - Security Focus

Internet Harassment Roils Korea

Kim Hyo-bi doesn't want her picture taken any more. Not after the 22-year-old student's portrait wound up on a photo-sharing Web site last summer with her face coloured and distorted to make her look silly, titled alongside the original as "Before and After." She tried to simply forget about it, but she couldn't. She was barraged with calls from friends who saw the page, and the humiliation and feeling of being violated caused her several sleepless nights. "I always thought that it is something [that] only could happen to other people," Kim said.

Source - Globe and Mail

Ten Things To Know About VoIP

WHEN Tesco announced that it was launching its own voice over internet protocol (VoIP) service, which allows people to make cheap telephone calls with each other over a broadband internet connection, it raised a few eyebrows. The decision by the UK’s biggest retailer to take on BT and the internet big guns such as Google and Microsoft will inevitably result in an increase in the number of people using VoIP. Ofcom, the telecoms regulator, estimates that there are already 500,000 active VoIP users in the UK and recently launched a consultation into the growth of the market.

Source - Times Online

U-Boat's Enigma Cracked With PC's

Sixty years after the end of World War II, a network of several thousand PCs has cracked a message enciphered with the famous Enigma machine. The M4 Message Breaking Project, started by Stefan Krah, a German amateur cryptographer, in January, took on three messages intercepted by British code-breakers during WWII, but never cracked by the famous cryptology facility at Bletchley Park. The code breakers at Bletchley included computing pioneer Alan Turing and used a combination of human intelligence, guesswork, and elementary computing, called "bombs" to decipher messages." At various times, Bletchley Park could read virtually all Enigma-ciphered messages to and from U-boats at sea, which was instrumental in locating and sinking the submarines, or steering convoys away from U-boat wolfpacks.

Source - Internet Week

Symantec Takes Heat For Changing Adware Advice

Symantec's out-of-court settlement with an adware maker is a loss for users, an anti-spyware researcher said this week. Friday, Feb. 24, the Cupertino, Calif. security company announced that it had dismissed its lawsuit against browser and e-mail toolbar maker Hotbar.com, Inc. Last June, Symantec filed a zero-dollar suit against the New York company, saying then that it was seeking a legal ruling that would affirm the position that Hotbar's programs "are indeed adware and can be treated as computer security risks." Under the new arrangement struck with Hotbar, Symantec has agreed to dismiss the lawsuit but will still classify the company's software as "adware." Symantec called it a victory.

Source - Internet Week

Stolen Laptop Has 93,000 Student ID's

A laptop computer containing names and Social Security numbers of 93,000 people who attended Metropolitan State College of Denver from 1996 to 2005 was stolen from a campus employee's home, leaving students vulnerable to identity theft. The laptop was taken from the home of an admissions office employee Saturday. He was authorized to have the data for a grant he was working on for the school, said Metro State president Stephen Jordan. The Social Security numbers were used to identify and track students and access historical information about them. The employee is also a graduate student in the department of public affairs at the University of Colorado at Denver and was using the data to complete his master's thesis. Campus officials are investigating whether the employee should have been allowed to use the data for his thesis and if disciplinary action should be taken. The school is also probing procedures to determine if policies on releasing and storing certain data should be revamped.

Source - Denver Post

New Scanner Thwarts Finger Hackers

A fingerprint recognition device which confirms that the finger is still attached to its owner will be demonstrated at a US government technology conference next week. Nitgen Co of Korea will show the new product at the FOSE 2006 government technology exposition in Washington, show organisers said in a press release. In a literal case of fingerprint hacking last year, a Malaysian businessman had his finger chopped off by thieves who drove off with the digit still in the fingerprint scanner of his Mercedes. While several movies have featured similar scenarios, this appears to be the only real life case of a severed finger being used to bypass a fingerprint recognition security system.

Source - Vnunet

Senate Overwhelmingly Approves Patriot Act

The U.S. Senate on Thursday voted overwhelmingly to renew the Patriot Act, capping months of debate over whether the measure adequately protects Americans' privacy rights or whether it goes too far in the name of thwarting terrorists. By a 89 to 10 vote, senators approved a bill to modify and amend the controversial law, sending it to the House of Representatives for an expected vote next week and practically guaranteeing that President Bush will sign it. Some of the law's sections were set to expire on March 10. But if the measure is sent to the president in time, 14 of 16 of those sections will become permanent. The handful of senators who dissented warned it had not addressed their concerns about privacy. "We had a real chance to pass a bill that would both reauthorize the tools to prevent terrorism and fix the provisions that threaten the rights and freedoms of innocent Americans," said Russ Feingold, a Wisconsin Democrat. "This conference report... falls well short of that goal. I will vote no."

Source - CNET News

Feds Probe Online Music Price Fixing

The U.S. Justice Department says it has launched an inquiry into possible price fixing in the burgeoning online music industry. Two record industry officials characterized the inquiry as essentially identical to one launched in December by New York Attorney General Eliot Spitzer, who subpoenaed several record companies searching for information on wholesale prices that music labels charge for downloadable digital music files. The Justice Department would not name the companies it has targeted. "The antitrust division is looking at the possibility of anticompetitive practices in the music download industry," spokeswoman Gina Talamona said Thursday.

Source - CNN

How To Punch Through Spam Filters

It was a typical first-thing activity. I'd turned my computer on, run the spam filter, and was checking through it for e-mails that shouldn't be there. As sometimes happens, there were a couple, and a couple of clicks later, McAfee SpamKiller sent them on their way to my e-mail. This is a habit that I've formed over the years because I've learned that despite the technology, false positives do exist and sometimes the e-mail that's on the kill list is important. This is made more complex because I have multiple levels of spam filters with the McAfee product somewhere in the middle. By the time my e-mail reaches me, nearly all the Spam has gone. Normally, that is a good thing. But when it contains my airline itinerary for a trip to CeBIT, it's less than optimal.

Source - Information Week

U.S Objects To Snort Purchase By Israel-based Check Point

The same Bush administration review panel that approved a ports deal involving the United Arab Emirates has notified a leading Israeli software company that it faces a rare, full-blown investigation over its plans to buy a smaller rival. The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as "Snort," which guards some classified U.S. military and intelligence computers. Snort's author is a senior executive at Sourcefire Inc., which would be sold to publicly traded Check Point Software Technologies Ltd. in Ramat Gan, Israel. Sourcefire is based in Columbia, Md. Check Point was told U.S. officials feared the transaction could endanger some of government's most sensitive computer systems. The company announced it had agreed to acquire Sourcefire in October. The contrast between the administration's handling of the $6.8 billion Dubai ports deal and the Israeli company's $225 million technology purchase offers an uncommon glimpse into the U.S. government's choices to permit some deals but raise deep security concerns over others.

Source - Redmondmad.com

Intel To Build Assembly Facility In Vietnam

The world's largest microchip maker Intel Corporation has announced a US$300 million (Bt11.7 billion) investment to build a semiconductor assembly and test facility in Vietnam's Ho Chi Minh City, as part of a plan to spend $1 billion to improve production in Asia. It is also a part of the company's worldwide production-capacity expansion that will involve spending $6 billion to increase manufacturing capacity around the world. Craig Barrett, Intel's chairman, said the initial negotiations between Intel and the Vietnamese government began in 2001, and under the plan, production will be underway in the second half of next year. The company will invest an additional $305 million in the second phase. The plant is to be built at Saigon High Tech Park in Ho Chi Minh City, Vietnam's commercial centre, and output will be for supply to the worldwide market.

Source - The Nation

Open Source Needs Big Vendors To Thrive, Ellison Says

The success of Linux and other open source projects has depended heavily on the support and investment of major IT companies, Oracle Chief Executive Officer Larry Ellison said on Thursday. "Open source becomes successful when major industrial corporations invest heavily in that open source project," Ellison said at a Tokyo news conference. "Every open source product that has become tremendously successful became successful because of huge dollar investments from commercial IT operations like IBM and Intel and Oracle and others," he said. He highlighted his own company's work in developing and promoting Linux, and said the operating system would not have enjoyed the success that it has without vendor backing. "There's a lot of romantic notions about open source," Ellison said. "That just from the air these developers contribute and don't charge. Let me tell you the names of the companies that developed Linux: IBM, Intel, Oracle -- not a community of people who think everything should be free. Open source is not a communist movement."


Source - Info World

NCsoft Sued For $23 Million

Last month we reported that Chinese hackers were launching massive attacks against Korean gaming sites to gain account information. It now appears that these attacks were successful and a class action lawsuit has been filed in South Korea against NCsoft, the maker of many popular online games like Lineage, City of Heroes and Guild Wars. The suit alleges that around 224,000 people had their account information stolen in the past six month. The information was later used to create hundreds of thousands of new Lineage account. Thousands of illegally created accounts were used to create gold from killing online monsters and selling magical items, a process which in gamer speak is called, "gold farming". Gold farming has become a multi-million dollar business as people will pay $30 to $80 for a thousand in virtual gold that can be used to buy better equipment or abilities.

Source - TG Daily

Sofware Helps The Illiterate Find Work

Microsoft Corp.'s Office software and Windows operating system is typically associated with slick "information workers" on the go, using the latest technology to solve complex business problems. At a company research and development lab in India, however, workers are grappling with a much different problem: How to use technology to help people who cannot read or write, let alone use a computer. Working with a local advocacy group, Microsoft has developed a prototype of a system that would help connect illiterate domestic workers in India with families seeking their services. The goal is to help the women see how technology can make finding work more efficient, as the first step toward creating broader tools to allow illiterate people to benefit from technological advances.

Source - CNN

Student Suspended For Viewing MySpace Posting

A middle school student faces expulsion for allegedly posting graphic threats against a classmate on the popular MySpace.com Web site, and 20 of his classmates were suspended for viewing the posting, school officials said. Police are investigating the boy's comments about his classmate at TeWinkle Middle School as a possible hate crime, and the district is trying to expel him. According to three parents of the suspended students, the invitation to join the boy's MySpace group gave no indication of the alleged threat. They said the MySpace social group name's was "I hate (girl's name)" and included an expletive and an anti-Semitic reference.

Source - CNN

eBay Gets UK Rival

Time for a little unabashed patriotic chest beating here, because new UK service ‘Hunt for it’ is hoping to take on the mighty eBay. Like most ingenious IT ideas it was thought up by a teenager and like most ingenious battle plans it tackles its enemy from the side (think Greeks verses Trojans and Google verses Microsoft). The theory behind it is simple too: make an auction site where users don’t need to be trapped in front of their computers. The way Hunt for it has implemented this is via text messaging. True, eBay offers a similar service through O2 using WAP, but Hunt for it is open to any network and SMS is faster and most cost efficient. Furthermore, all listings are free and a seller will receive 5p for every bid he receives on his item. A profile can also be set up on the hunt for it website enabling users to receive texts whenever specific items become available. The company uses the example phrase: ‘Ordinary Boys concert tickets’ but hopefully there will be more tasteful requests made instead for the likes of Hard-Fi or Arcade Fire…


Source - Trusted Reviews

Change Of Tactics In War On Viruses

Could quarantining e-mails be a better way of dealing with viruses than the traditional approach used by most antivirus companies? With increasingly diversified threats and a splintered antivirus industry, some security providers are arguing that mainstream antivirus companies are simply not nimble enough to cope with new waves of malware. Traditional approaches to providing updates -- which require the malicious code to be in the possession of the security companies -- are fundamentally flawed, the argument goes. IronPort, a US purveyor of Web monitoring services, is one of the companies championing a different approach to dealing with viruses, worms and other nasties. The technology that IronPort uses to filter spam and quarantine e-mails is different from most other vendors -- it uses "Web reputation" as a basis for quarantining suspect e-mail traffic.

Source - ZDNet Australia

Apple OS X Update Responds To Security And Worm Concerns

Apple has released a security update that patches twenty security holes in its OS X operating system and bundled applications. Virus writers in the past weeks have released several high profile viruses and security experts last week disclosed that they had found a critical security hole in the operating system. "The update fixes both the recently reported Leap-A and Safari security vulnerabilities," an Apple spokesperson told vnunet.com. The Safari vulnerability was unveiled last week by German researcher Michael Lehn. The flaw could allow an attacker to launch arbitrary code on a Mac computer running the Safari browser through the use of a specially crafted website.

Source - Vnunet

Need For Speed - NZ's Broadband Challenge

Auckland City has responded to the broadband challenge issued by central government and today endorsed further investigation of options to achieve full-speed broadband at significantly lower costs for Auckland city. "Broadband is vital to our economy. It is a critical enabler of productivity, growth and economic transformation," said Cr Richard Northey, chairperson of Economic Development and Sustainable Business committee. "To encourage business growth and retention it is essential we do what we can from a local government angle to bring down cost, and encourage infrastructure deployment that takes us forward from copper wires to fibre optic and wireless technology. Auckland city needs the speed to be internationally competitive," said Mr Northey. "Auckland is at risk of being left behind the rest of the developed world if we don't address why Aucklanders have been slow to take up this technology," said Mr Northey.

Source - Scoop NZ

English Wikipedia Publishes Millionth Article

The Wikimedia Foundation announced today the creation of the 1,000,000th article in the English language edition of Wikipedia. The article is about the Jordanhill railway station in Scotland, and it was started by Wikipedia contributor Ewan Macdonald. Wikipedia is a free, multilingual, online encyclopedia with 3.3 million articles under development in more than 125 languages. The full text of the English Wikipedia is located at en.wikipedia.org. In addition to articles, the English Wikipedia offers dozens of graphical timelines and subject-specific portals. Its media repository includes four hundred thousand images and hundreds of full-length songs, videos, and animations, many of which are available for free distribution.

Although its method of editing is new and controversial, Wikipedia has already won acclaim and awards for its detailed coverage of current events, popular culture, and scientific topics; its usability; and its international community of contributors. BBC News has called Wikipedia "One of the most reliably useful sources of information around, on or off-line." Daniel Pink, author and WIRED Magazine columnist, has described Wikipedia as "the self-organizing, self-repairing, hyperaddictive library of the future," and Tim Berners-Lee, father of the Web, has called it "The Font of All Knowledge."

Source - Wiki Media Foundation

How Government Web Sites Stack Up

Government Web sites are not reaching the public as effectively as they might. This phenomenon is common around the world and while some sites have functional value to the public, research shows that people are confused, ignorant or unable to find what they need from many government sites. To improve their usability, governments should examine practical steps to reach citizens, firstly by marketing the sites in conjunction with improved navigation and, if required, re-designing sites for users to know what they can find on them. Secondly, refine the execution of the sites, with special reference to improving the quality of sophisticated interaction that is possible between citizens and the administration. This process should be conducted in the context of the strategic objectives of e-government policy if they are to achieve that particular policy target.

Source - ZDNet Australia

Apple Releases iTunes Update

Apple today posted a new version of its digital music software, iTunes 6.0.4, which "addresses stability and performance issues related to Front Row," the company said. Apple has made several tweaks to iTunes 6 since it was first released in October. Its most recent version, iTunes 6.0.3, was launched in mid-February to fix bugs and make performance improvements.

Source - CNet News

Former US Government IT Worker Guilty of Hacking

A former IT system auditor for a US government agency faces a five-year prison sentence on a computer hacking charge after secretly monitoring his supervisor's e-mail and computer use, the U.S. Department of Justice (DOJ) said. Kenneth Kwak, 34, of Chantilly, Virginia, pleaded guilty Wednesday in U.S. District Court for the District of Columbia to unauthorized access to a protected computer in furtherance of a criminal or tortious act, the DOJ said. Kwak was a system auditor working on federal information security management audits as a member of the U.S. Department of Education's Office of Inspector General. Kwak placed software on his supervisor's computer enabling him to access the computer's storage at will, the DOJ said. Kwak later used that software on numerous occasions to view his supervisor's e-mail and Internet activity as well as other communications, and he shared those communications with others in his office, the DOJ said. Kwak, who faces a maximum sentence of five years in prison and a US$250,000 fine, monitored the communications for personal entertainment, and there is no indication he profited financially from his actions, the DOJ said.

Source - Linux World

Technology Facilitates Caller ID Spoofing

Last fall, U.S. Rep. Tim Murphy's office started getting phone calls from constituents who complained about receiving recorded phone messages that bad-mouthed Murphy. The constituents were especially upset that the messages appeared to come from the congressman's own office. At least, that's what Caller ID said. "People thought we were making the calls," Murphy said. The calls, which the Pennsylvania Republican estimated in the thousands, were apparently placed with fake Caller ID. That has been possible for a long time, but it generally required special hardware and technical savvy. In the last few years, Caller ID spoofing has become much easier. Millions of people have Internet telephone equipment that can be set to make any number appear on a Caller ID system. And several Web sites have sprung up to provide Caller ID spoofing services, eliminating the need for any special hardware.

Source - AP Wire

FedEx Pay System Could Be Grounded

A smart card used for the FedEx Kinko’s ExpressPay system is vulnerable to malicious attacks that could lead to a handsome payday for hackers, a malware-monitoring group said Tuesday. The memory chip card contains data that can be rewritten once a three-byte security code is applied, scientist Lance James of Mal-Aware.org said. Because neither the data nor the code is encrypted, all it takes is a smart-card reader to rewrite the memory card and a logic analyzer to determine the code, said James, the lead scientist with Dachb0den Laboratories, a Southern California-based hacker think-tank. "Once the three-byte code is known to the attacker, the card's stored value and serial number can be changed to any value," James said. "The ExpressPay system appears to implicitly trust the value stored on the card, regardless of what the value actually is." The exploited cards can be used to make copies or rent computers, he said. Worse yet, they could be used to steal cash from FedEx Kinko's locations.

Source - SC Magazine

Hosing Down Firewall Hype

Network administrators who place all their trust in firewalls copped stern words this week from a high-ranking engineer at one of the world's largest networking equipment vendors. "The idea behind firewalls doesn't work anymore," 3Com's global vice-president Pat Rudolph, said in an interview with your writer. "The idea behind firewalls is that people inside the network are trusted and that people outside the network are potentially malicious," he continued. "The problem is, if I take my laptop home and get infected on my home network because my kid's doing something he shouldn't be, I can then walk my laptop right past my firewall, and plug it into the corporate network. I can then infect the network." Rudolph also pointed out firewalls worked by leaving network ports open.

Source - ZDNet Australia

What Has Google Been Up To Lately

Busy launching products, as usual. Last week it unveiled a beta version of Google Page Creator (http://pages.google.com), which enables anyone to create good old-fashioned web pages. However, you must have a Gmail address that you are willing to expose to the world, and to get in you had to sign up at the launch. Within hours, Google was unable to handle the demand and stopped accepting users. How odd that Google didn't figure out that people might want to try it. Before that, Google launched beta versions of Google Desktop 3 (http://desktop.google.com), with an enhanced Sidebar, and Toolbar 4 (www.google.com/tools/toolbar/T4). Desktop 3 created a small furore because of its "Search Across Computers" feature. This provides an option to search one of your computers from another of your computers, even if it's turned off. (The data is actually stored on Google's servers.) This is nice only if you don't mind Google storing your data. SAC could be particularly attractive to any hackers who can get hold of your Gmail account details. (A security flaw was found in Gmail in October 2004, though none has since surfaced.)

Source - Guardian Unlimited

Mystery Surrounds PC-to-mobile Virus

A mystery is deepening around a report about the emergence of a virus that can pass from a PC to a mobile device, with some antivirus vendors saying they have not seen the code to confirm it. The Mobile Antivirus Researchers Association (MARA) said Monday it anonymously received the code, named "Crossover." Microsoft, whose software the virus reportedly affects, said Wednesday it is investigating the reports but has not heard of any customer complaints. Antivirus vendors said they will update their software to detect and remove the virus if they are allowed to analyze it. While vendors typically send virus samples to each other to update their products, MARA has not been forthcoming with a sample, said Graham Cluley, senior technology consultant for Sophos. At the moment, the antivirus community only has MARA's word that the virus exists, Cluley said. "We would still love to see a sample of this and determine if this is a potential threat to our customers," Cluley said. "It's a little bit disappointing that they are not sharing the sample."

Source - ARNnet

Members of Apocalypse Crew Plead Guilty

Three members of an online music piracy operation pleaded guilty in federal court Tuesday in response to a government crackdown, the Justice Department said. Members of the group Apocalypse Crew pleaded guilty to one count of conspiracy to commit copyright infringement in U.S. District Court for the Eastern District of Virginia, the department said, and each faces up to five years in prison and a fine of $250,000. Derek Borchardt, 21, of Charlotte, North Carolina; Matthew Howard, 24, of Longmont, Colorado; and Aaron Jones, 31, of Hillsboro, Oregon, each obtained digital "pre-release" copies of songs and albums before their U.S. commercial release, the government said. The music was then distributed globally through file-sharing networks. The supply of pre-release music was often provided by music industry insiders, employees of music magazine publishers, or workers at compact disc manufacturing plants and retailers, the Justice Department said.

Source - CNN

First Java (J2ME) Cell Phone Trojan On The Loose

Alerts went out Tuesday from several security companies warning users of an in-the-wild Trojan horse able to infect nearly any cell phone. The Trojan, named Redbrowser.a by McAfee, F-Secure, and the discovering vendor, Moscow-based Kaspersky Labs, can attack any device -- smart phone, PDA, or cell phone -- that runs Java 2 Micro Edition (J2ME), Sun Microsystem's version for consumer electronics devices. "The important thing about this Trojan is that it can get to any device that runs J2ME," said Shane Coursen, a Kaspersky senior technical analyst. "A good portion of cell phones use Java for games, and some of their other programs." Redbrowser.a appears on a device as a text message with an accompanying file attachment. The file claims it's a program that lets users visit WAP sites without a connection. In reality, the Trojan installs code that sends out text messages to premium-rate phone numbers in Russia. The user's charged $5 to $6 for each message.

Source - Internet Week

Microsoft Unveils "Non-Security" Update For IE

Microsoft Tuesday updated Internet Explorer 6 for Windows XP SP2 and Windows Server 2003 SP1, but denied that the changes were security related. "The update is labeled as 'non-security' given that it does not include any new updates that affect the security of IE," said a company spokesman Tuesday afternoon. With the update in place, IE 6 won't run some ActiveX controls until they've been explicitly enabled by the user. Last December, Microsoft posted a note to Web site and ActiveX developers warning them that the change was coming. In that note, the Redmond, Wash.-based developer said that controls loaded by the APPLET, EMBED, or OBJECT elements would be disabled unless the user turned them on.

Source - Internet Week

Hacker Defender Author (Holy Father) Kills Stealth Project

The creator of Hacker Defender, the well-known rootkit, has pulled the plug on his antidetection service. Holy_father's reason: He doesn't feel he has anything new to offer. Hacker Defender has long been a weapon of choice for those seeking to attack remote Windows NT/XP/2000/2003 systems without permission. Rootkits covertly patch the operating system, changing it forever... or at least, till you reformat your hard drive. While Hacker Defender was famous among security professionals, another rootkit got more attention among end-users: The rootkit Sony-BMG embedded in unsuspecting customers' music CDs. Untold damage resulted... to both users' computer systems and Sony-BMG's reputation. As the designer of one of the first user-mode rootkits, holy_father sought to constantly remind the world that the Windows operating system is woefully unprotected.

Source - E-mail Battles

Alleged Perth Spammer Sent 56 Million E-mails, Court Told

A Perth company accused of sending millions of spam emails around the world is continuing to send bulk unsolicited electronic mail, the federal court has heard. A federal court judge today began hearing landmark legal action by Australian Communications and Media Authority (ACMA) against Clarity1 Pty Ltd and its sole director Wayne Robert Mansfield. Clarity1, which also trades as Business Seminars Australia and Maverick Partnership, is accused of sending at least 56 million unsolicited commercial emails in the 12 months after the Spam Act 2003 came into force in April 2004. Justice Robert Nicholson issued an interim injunction last August ordering Clarity1 not to send out unsolicited email in breach of the act pending resolution of the case.

Source - SMH.COM.AU

US Chipmaking Giant Intel Breaks Into Intel

US chipmaking giant Intel broke new ground today with the announcement of a planned new US$4 billion ($6.1 billion) plant in the southern Israeli city of Kiryat Gat, according to an Associated Press (AP) report. The Israeli government contributed US$525 million to the plant, which is to produce 45-nanometer semiconductor chips. Intel's investment is the largest by an industrial corporation has ever made in Israel. At the groundbreaking ceremony, acting Israeli Prime Minister Ehud Olmert said there were political aspects to the event, following the election victory by the violent Islamic Hamas, which is setting up a new Palestinian government.

Source - NZ Herald

Google CFO Warns of Slow Growth

Google's Chief Financial Officer George Reyes sparked more than a 10 per cent sell-off in the Web search leader's volatile stock after he cautioned that online advertising revenue growth could slow. Speaking at a Merrill Lynch internet advertising conference here, Reyes said the company's Web search advertising business, which generates 99 per cent of its revenue, would depend on overall market growth rather than specific improvements Google makes that can result in greater sales. "Growth is slowing and now largely organic," the Google CFO was quoted by CNBC financial television as saying. "The search monetisation gains have now been largely realised."

Source - NZ Herald

College Student Brute Forces Password In Attempt To Change Grades

You Li, age 21, a Chinese national living in Utah while pursuing an undergraduate degree in computer science at the University of Utah, has been indicted by a federal grand jury for hacking into a University of Utah computer in an attempt to change a grade in a math class. The indictment also alleges he accessed other personal information. The indictment was announced last week by Acting U.S. Attorney Stephen Sorenson and FBI Special Agent in Charge Timothy J. Fuhrman of the Salt Lake City Office. A federal grand jury returned a sealed two-count indictment last Wednesday afternoon charging Li with accessing a protected computer in attempted furtherance of fraud and obtaining information from a protected computer. Each count carries a potential maximum penalty of up to five years in prison and a $250,000 fine. According to SAC Fuhrman and Chief Scott Folsom of the University of Utah Public Safety Department, Li was arrested Friday morning by FBI special agents and officers of the University of Utah Public Safety Department. Li had an initial appearance in federal court Friday morning and was released on conditions, including surrendering his passport. The indictment was unsealed at the hearing. Defendants charged in indictments are presumed innocent unless or until proven guilty in court.

Source - Linux Electrons

Viruses Cause Most Security Breaches

Viruses remain the biggest cyberthreat to businesses, according to a government report to be released soon which will also warn that the threat of spyware is growing, . The Department of Trade and Industry (DTI) report into information security breaches found that approximately half of businesses said their worst security incidents over the past two years has been caused by virus infections, rather than other threats such as hacking or phishing. The survey, which will be launched at Infosecurity Europe 2006 in London in April, showed that virus infections were also more likely to have caused serious service interruption than other incidents. "Usually the disruption was minor, but roughly a quarter of companies questioned who reported a virus as their worst incident had major disruption, with important services such as email down for more than a day," the authors of the survey said in a statement.

Source - ZDNet UK

BP Oils The Wheels Of Heated Security Debate

BP has provoked heated debate in the UK technology industry with plans to move thousands of laptops off its LAN claiming it will make the business more secure. BP said hiding behind a firewall simply creates a false sense of security and so 18,000 of its 85,000 laptops now connect straight to the internet, even when they are in an office. Ken Douglas, technology director of BP, said "the LAN has to go" and his work now is to protect the laptops against the threats which lurk online. And it's a decision which has divided the industry. Many silicon.com readers have hit out at the move – questioning both sanity and practicality – but a great many others have been vocal in their praise of Douglas and his vision. "Why not?" asked one reader of the decision. "Most hackers concentrate on LANs and how to break through the LAN securities in place. Individual computers seem to just be regular computers to the outside world and hackers and they may be bypassed."

Source - Silicon.Com

Butterfield Bank Issues Phishing Warning

Butterfield Bank is warning people to beware of emails that try to steal personal or credit card information. Called "phishing" emails, these messages often claim to be from a legitimate source, such as MasterCard or VISA. They will usually try to direct people to a web site where personal and/or credit card information is requested. Two emails are currently circulating, claiming to be from MasterCard or VISA. One tries to scare people into responding by claiming hackers have accessed "processings", the other claims it is introducing a "new security system" and asks customers to reactivate their card due to a "technical update". Both direct people to phoney web sites. Susan Mylchreest, vice president, Electronic Banking said: "Customers should never respond to any unsolicited email requests for information, even if they claim to be from a known organisation. "The good news is that as long as you do not respond, you are safe. Just delete them from your mailbox."

Source - The Royal Gazette