| |
| "The future masters of technology will have to be lighthearted and intelligent. The machine easily masters the grim and the dumb." -- Marshall McLuhan, 1969 |
|
AP Source: FBI formally closes anthrax case | TPM News Pages |
|
|
|---|
| Topic: War on Terrorism |
1:57 pm EST, Feb 19, 2010 |
The FBI has decided with finality that a government researcher acted alone in the deadly 2001 anthrax mailings and is closing its long-running investigation, a person familiar with the case said Friday. The anthrax case was one of the most vexing and costly investigations in U.S. history until officials announced in 2008 that the lone suspect was Dr. Bruce Ivins, who killed himself as authorities prepared to indict him. The move Friday seals that preliminary investigative conclusion.
AP Source: FBI formally closes anthrax case | TPM News Pages |
|
2 Chinese Schools Said to Be Linked to Online Attacks - NYTimes.com |
|
|
|---|
| Topic: Computer Security |
12:51 pm EST, Feb 19, 2010 |
A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation. The Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School, according to several people with knowledge of the investigation who asked for anonymity because they were not authorized to discuss the inquiry. Jiaotong has one of China’s top computer science programs. Just a few weeks ago its students won an international computer programming competition organized by I.B.M. — the “Battle of the Brains” — beating out Stanford and other top-flight universities. Lanxiang, in east China’s Shandong Province, is a huge vocational school that was established with military support and trains some computer scientists for the military. The school’s computer network is operated by a company with close ties to Baidu, the dominant search engine in China and a competitor of Google. “We have to understand that they have a different model for computer network exploit operations,” said James C. Mulvenon, a Chinese military specialist and a director at the Center for Intelligence Research and Analysis in Washington. Rather than tightly compartmentalizing online espionage within agencies as the United States does, he said, the Chinese government often involves volunteer “patriotic hackers” to support its policies.
2 Chinese Schools Said to Be Linked to Online Attacks - NYTimes.com |
|
|
|---|
| Topic: Military Technology |
10:37 am EST, Feb 16, 2010 |
James Fallows: Retired Admiral Mike McConnell argues that we now suffer from a conspiracy of secrecy about the scale of cyber risks. No credit-card company wants to admit how often or how easily it is cheated. No bank or investment house wants to admit how close it has come to being electronically robbed. As a result, the changes in law, regulation, concept, or habit that could make online life safer don't get discussed. Sooner or later, the cyber equivalent of 9/11 will occur -- and, if the real 9/11 is a model, we will understandably, but destructively, overreact.
Tom Cross via Andy Greenberg: Internet-related companies need to be more transparent about their lawful intercept procedures or risk exposing all of their users. There are a lot of other technology companies out there that haven't published their architecture, so they can't be audited. We can't be sure of their security as a result.
Rattle: Paranoia about the conspiracy is always justified. It's just usually misplaced.
Rebecca Brock: She tells me she's ready. She may be small, she says, but she's mean. She outlines her plans for fending off terrorists. She says, "I kind of hope something happens, you know?" She wears an American flag pin on the lapel of her blazer. She sits on the jump seat, waiting for her life to change.
Decius: Wow, life is boring.
Cyber Warriors |
|
Microsoft Patch Tuesday for February 2010: 13 bulletins |
|
|
|---|
| Topic: Computer Security |
1:59 pm EST, Feb 5, 2010 |
Holy crap, the next Patch Tuesday is going to be major. # Bulletin 1: Critical (Remote Code Execution), Windows
# Bulletin 2: Critical (Remote Code Execution), Windows
# Bulletin 3: Critical (Remote Code Execution), Windows
# Bulletin 4: Critical (Remote Code Execution), Windows
# Bulletin 5: Critical (Remote Code Execution), Windows
# Bulletin 6: Important (Remote Code Execution), Office
# Bulletin 7: Important (Remote Code Execution), Office
# Bulletin 8: Important (Remote Code Execution), Windows
# Bulletin 9: Important (Denial of Service), Windows
# Bulletin 10: Important (Elevation of Privilege), Windows
# Bulletin 11: Important (Remote Code Execution), Windows
# Bulletin 12: Important (Denial of Service), Windows
# Bulletin 13: Moderate (Elevation of Privilege), Windows
Microsoft Patch Tuesday for February 2010: 13 bulletins |
|
Google China insiders may have helped with attack | InSecurity Complex - CNET News |
|
|
|---|
| Topic: Computer Security |
11:18 am EST, Jan 20, 2010 |
Google is looking into whether employees in its China office were involved in the attacks on its network that led to theft of intellectual property, according to CNET sources. Sources familiar with the investigation told CNET last week that Google was looking into whether insiders at the company were involved in the attacks, but additional details were not known at the time.
Google China insiders may have helped with attack | InSecurity Complex - CNET News |
|
Twitter / WikiLeaks: Several rumours from google ... |
|
|
|---|
| Topic: Computer Security |
6:31 pm EST, Jan 14, 2010 |
Decius :Several rumours from google sources that China accessed google's US-gov intercept system which provides gmail subjects/dates
This was my suspicion when I read that the attackers had accessed "subject lines" from emails but not the content. It sounds like they got access to a system designed for use by law enforcement when they have "trap and trace" authority but not a warrant. Personally, I think email subject lines are not "routing information" and should require a warrant, but the matter hasn't been litigated to my knowledge and of course, law enforcement disagrees. This is somewhat relevant to my Blackhat DC talk on lawful intercept vulnerabilities, but of course even if this is true, a totally different technology was involved...
Twitter / WikiLeaks: Several rumours from google ... |
|
Google China cyberattack part of vast espionage campaign, experts say - washingtonpost.com |
|
|
|---|
| Topic: Computer Security |
11:27 am EST, Jan 14, 2010 |
I'm glad to see this is finally getting some attention. As bad as these articles make the extent of the ongoing Chinese espionage sound, it's actually worse... Human rights groups as well as Washington-based think tanks that have helped shape the debate in Congress about China were also hit.
sigh... "Usually it's a group using one type of malicious code per target," said Eli Jellenc, head of international cyber-intelligence for VeriSign's iDefense Labs, a Silicon Valley company helping some firms investigate the attacks. "In this case, they're using multiple types against multiple targets -- but all in the same attack campaign. That's a marked leap in coordination."
The division of labor is what I think stands out the most. "This is a big espionage program aimed at getting high-tech information and politically sensitive information -- the high-tech information to jump-start China's economy and the political information to ensure the survival of the regime," said James A. Lewis, a cyber and national security expert at the Center for Strategic and International Studies. "This is what China's leadership is after. This reflects China's national priorities."
Google China cyberattack part of vast espionage campaign, experts say - washingtonpost.com |
|
Black Hat Technical Security Conference: DC 2010 // Briefings |
|
|
|---|
| Topic: Miscellaneous |
8:50 am EST, Jan 5, 2010 |
Exploiting Lawful Intercept to Wiretap the Internet Many goverments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides. This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks. //BIO: Tom Cross
Black Hat Technical Security Conference: DC 2010 // Briefings |
|
Heady Internet freedom in China as Great Firewall falls -- briefly - latimes.com |
|
|
|---|
| Topic: Surveillance |
4:39 pm EST, Jan 4, 2010 |
Web users reported an outage of China's strict Internet controls, known as the Great Firewall, for several hours this morning, allowing them brief access to banned websites such as YouTube, Facebook and Twitter. But by the time many woke up, strict restrictions had returned. Error messages once again flashed across computer screens for sites blocked by the nation's censorship filter.
Heady Internet freedom in China as Great Firewall falls -- briefly - latimes.com |
|
