From rforno at infowarrior.org Tue Feb 1 07:52:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Feb 2011 08:52:04 -0500 Subject: [Infowarrior] - Red light camera spinning Message-ID: IIHS is funded by the insurance industry -- does it surprise anyone that those who stand to profit from folks getting into accidents trying to avoid a ticket would find metrics to support such devices? And say what they will, these things are still primarily a municipal money-making machine ... and in this economy, are they going to yank them? Hardly. -- rick Red-light cameras save lives, study says By Ashley Halsey III Washington Post Staff Writer Tuesday, February 1, 2011; 12:14 AM Red-light cameras are saving lives even as they make millions in revenue, according to the first definitive study of the subject. Use of cameras to catch speeders and those who run red lights has proliferated in the past decade, greatly increasing the prospect that drivers in too much of a hurry will get caught. The flash of a camera has become common at District intersections, more than 50 of which are equipped to catch red-light offenders. A study to be released Tuesday by the Insurance Institute for Highway Safety finds that traffic fatalities at those intersections dropped by 26 percent over a five-year period, slightly more than the average decline in 13 other camera-equipped cities. "We're hopeful this will stop some of the backlash against cameras," said Adrian Lund, president of the insurance foundation. "Much of the attention to victims of the camera has been paid to people who received tickets. Hopefully, this will return the focus to the people who have been killed or injured by red-light running." < -- > http://www.washingtonpost.com/wp-dyn/content/article/2011/02/01/AR2011020100021_pf.html From rforno at infowarrior.org Tue Feb 1 08:22:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Feb 2011 09:22:22 -0500 Subject: [Infowarrior] - London Stock Exchange 'under major cyberattack' during Linux switch Message-ID: <4055ACC9-F6DF-4552-9D27-B1CF397693C7@infowarrior.org> London Stock Exchange 'under major cyberattack' during Linux switch Published: 31 January 11, 11:29 GMT http://www.computerworlduk.com/news/open-source/3258808/london-stock-exchange-under-major-cyberattack-during-linux-switch/?print The London Stock Exchange's new open source trading system may have been hacked last year, according to a report. The alleged attack came as the LSE began the switch over to the Linux-based systems, according to the dates referred to in the Times newspaper. The continued threat of cyber attack has resulted in the LSE keeping a close dialogue with British security services, which this year branded cyber attacks as one of the biggest threats to the country. There were major problems on the exchange on 24 August, when stock prices of five large companies collapsed. Most notably, BT shares lost ???968 million, and the LSE was forced to halt trading for the day. The exchange blamed an incorrectly entered price on a large number of stock orders. But the trading system was also thrown offline last November in what the LSE called ???suspicious circumstances???. So far, the official explanation is human error, but it is understood that the police have been drawn into investigations. Unlike US exchanges, the LSE platform is not based on the internet, and therefore is less vulnerable to general cyber attacks. However, cyber attacks on exchanges are becoming more advanced, according to security experts, and this poses new threats. The LSE declined to comment on the events, ongoing investigations or possible motives for any attacks. The new Linux system, based in a C++ environment, is already live on the LSE???s Turquoise, or anonymous, trading venue. As the concern and speculation deepens around the LSE outages, the exchange is due to switch on the new Linux systems on its main exchange in two weeks??? time, with dress rehearsals over the coming two weekends. The system replaces a Microsoft .Net architecture. From rforno at infowarrior.org Tue Feb 1 08:23:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Feb 2011 09:23:44 -0500 Subject: [Infowarrior] - The State Department's School for Revolutionary Bloggers Message-ID: The State Department's School for Revolutionary Bloggers http://news.yahoo.com/s/dailybeast/20110201/ts_dailybeast/12188_thestatedepartmentsschoolforrevolutionarybloggers NEW YORK ? An Egyptian political activist, a Bush-appointed diplomat, and Obama campaign staffers met in New York in 2008 to talk about revolution?of the social media kind. And now the Internet is buzzing. Plus, full coverage of the Egypt revolt. In December 2008, a prominent Egyptian opposition activist walked through the crowded airport in Cairo. When packing, he had been careful not to leave any evidence of where he was going among his belongings, and in the departure hall, he walked up to a security desk and told the guard to search him. ?I am on your watch list,? he said. ?So please get this over with so I don?t miss my plane.? He didn?t. Three days later, the Egyptian sat in a room on the campus of Columbia?s Law School in Upper Manhattan, listening to presentations from three key staffers from Barack Obama?s social media team: Joe Rospars, Scott Goodstein and Sam Graham-Felsen. Given that the three had just helped the first black man get elected U.S. president, there was a buzz in the air. After all, the three staffers represented the revolutionary potential of new social media tools, and, as Graham-Felsen puts it now, their speeches revolved around how to give ?ordinary people the power to connect.? In the last week, since the eruption of protests in Egypt and the release of more State Department cables by Wikileaks, much has been made of this 2008 meeting, and how it points to ?America?s secret backing? of Egyptian ?rebel leaders.? While all sides involved have an interest in either downplaying or emphasizing the political significance of the summit, this was hardly a covert effort. For one thing, organizers openly advertised the summit?s program as well as its keynote speakers who, in addition to Obama?s young social media staff and an outgoing official from George W. Bush?s State Department, also included Whoopi Goldberg, the ABC morning show host?and an unlikely person to invite, if the organizers wanted to fly underneath the radar. (At the time, the conference organizers did protect the activist?s identity to guard against retribution from Egypt?s police state.) Although the NGO that organized the summit?the Alliance for Youth Movements?did receive funding from the State Department, the event was squarely focused on the power of social media and other connective technology like SMS as an organizing tool?and carried no one particular political agenda, beyond ?pushing against repression, oppression, and violent extremism,? according to Stephanie Rudat, a cofounder of AYM. State Department officials did not return calls for comment. The Egyptian activist (who requested anonymity for fear of reprisal from the Mubarak regime) listened to the presentation alongside about two-dozen agitators from around the world, some wearing business casual, others sporting t-shirts with the slogans of their causes. It was a young but motley crew. Among them was a Colombian who successfully used Facebook to mobilize a 12-million-strong march against the country?s brutal Marxist guerillas known as the FARC, as well as a Venezuelan activist, who had organized ?No Maz Chavez??a popular student-organized protest aimed at President Hugo Chavez. But not everyone in the crowd had political motives. One activist, for example, was fighting HIV/Aids in Sri Lanka and others came from such diverse groups as the Genocide Intervention Network, the Burma Global Action Network, and a London-based campaign against knife crimes. Facebook co-founder Dustin Moskovitz gave a talk called ?Origins and Tools for Social Change.? Jason Liebman, CEO of Howcast was there. Present were also a number of people from the State Department, among them, James Glassman, the Undersecretary of State for Public Diplomacy during the administration of George W. Bush, whose idea it was to hold the conference, along with Jared Cohen, a member of Glassman?s staff who specialized in technology and innovation. In a telephone conversation this week, Glassman described the event as ?public diplomacy 2.0.? ?My dream when I got to the State Department was always how we could help to develop an anti-violence movement around the world,? said Glassman, who is now the director of the George W. Bush Center in Dallas. He had been on a trip to Colombia when he discovered Morales, and, impressed by his work in the social media realm, asked Cohen, now at Google, to find other people doing similar work around the world. Glassman says he knew that bringing over someone from Egypt?s April 6 Movement, which had taken a very public stand against the Egyptian government, would be controversial, given the American administration?s support of Mubarak?s regime, which includes significant financial and military aid. But the event fit into an ?overall strategy in Egypt, which was to support civil society and to encourage people to promote democracy as much as they could,? he said, adding: ?My job was public diplomacy, which means communicating with the public.? In other words, Glassman said, his job was to help people like the Egyptian activist?and he had no qualms about letting Egyptian officials know about the conference. In fact, he was furious when another Egyptian he had invited was prevented from boarding his flight at the Cairo airport, and called in the Egyptian ambassador for a stern dressing down. ?I was very blunt with him,? Glassman said. The Egyptian activist who did make it through said the conference was of limited value. ?I taught?more than I learned,? he said?an assessment shared by other attendees. To him, though, the value of the event lay in networking and bonding with other activists during coffee-and-cigarette-fuelled philosophical discussions, and he said he left feeling motivated, ?with ideas in my head.? After the conference, he also had contact with State Department and congressional staffers in Washington and, later, the American Embassy in Cairo?meetings much discussed on the web after Wikileaks leakead cables, detailing the talks. Asked about those meetings, the Egyptian said he felt mostly like he was being humored. ?I was trying to talk with them about democracy in Egypt, but they were only polite, without really listening much.? He said he would ask, ??why are you covering for this regime and covering for their crimes?? And they would talk nonsense, like ?we have to keep bridges open. There is too much at stake.?? To which he responded: ??But Egypt is at stake.?? On the plane back home, he worried he would get in trouble for the trip??I?m breathing my last air of freedom,? he thought to himself. But although he was thoroughly searched and security guards confiscated his notes from the conference, he wasn?t arrested initially. Later, though, as he continued his democracy work, police arrested him multiple times, most recently during last week?s protests, when he was thrown in jail and beaten up, he said. He knew that bringing over someone from Egypt?s April 6 Movement, which had taken a very public stand against the Egyptian government, would be controversial. Shortly after last week?s protests, the Egyptian government cut off access to the Internet. But when told about the cables and the Internet attention that they got, the activist scoffed. ?This is so ridiculous,? he said. ?They are going to try to [portray this as] an American conspiracy, and so forth.? The intent of the April 6 movement was never a secret, and the idea that the U.S. was somehow behind the efforts, was almost laughable, he said. What had begun as a Facebook page was now ?in the hands of the people,? he said. ?And it?s happening. It?s happening.? Mike Giglio is a reporter at Newsweek. From rforno at infowarrior.org Tue Feb 1 12:14:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Feb 2011 13:14:01 -0500 Subject: [Infowarrior] - TSA debuts new full-body scanners Message-ID: TSA debuts new full-body scanners By Ashley Halsey III The TSA demonstrates a new full-body scanner at Reagan National Airport. (By Ashley Halsey III / The Post) http://voices.washingtonpost.com/dr-gridlock/2011/02/tsa_debuts_new_full-body_scann.html?hpid=topnews New airport security scanners designed to be less intrusive than machines that captured near-naked images will debut at the Las Vegas airport Tuesday. They'll look just like the controversial scanners that were introduced last fall, but instead of sending a revealing image to be examined in a private security booth, new software will project a non-gender-specific silhouette on a small screen attached to the booth. If the passenger is carrying any contraband items a red box will appear on the screen. Otherwise it will flash a green okay. The new technology was put on display by Transportation Security Administration head John S. Pistole at Reagan National Airport Tuesday. The new scanners will be coming to Reagan National and Hartsfield-Jackson Atlanta International Airport next. That will happen "in the coming weeks," TSA spokesman Greg Soule said. The images produced by the current machines led to an uproar over privacy concerns. Pistole had said in the fall that he wanted to see modifications, but the technology that was being tested yielded too many false positives. Many passengers found the alternative, "enhanced" pat-downs by TSA agents even more disturbing. In the demonstration at Reagan National Airport Tuesday, "passengers" filed through the scanners, some of them producing gray silhouettes with green "okay" screens, others producing the same silhouettes with red boxes where the machine detected something hidden. From rforno at infowarrior.org Tue Feb 1 12:18:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Feb 2011 13:18:31 -0500 Subject: [Infowarrior] - Apple Moves to Tighten Control of App Store Message-ID: <691BF66B-DD27-4998-8055-F99B09248278@infowarrior.org> February 1, 2011 Apple Moves to Tighten Control of App Store By CLAIRE CAIN MILLER and MIGUEL HELFT https://www.nytimes.com/2011/02/01/technology/01apple.html?_r=3&pagewanted=print SAN FRANCISCO ? Apple is further tightening its control of the App Store. The company has told some applications developers, including Sony, that they can no longer sell content, like e-books, within their apps, or let customers have access to purchases they have made outside the App Store. Apple rejected Sony?s iPhone application, which would have let people buy and read e-books bought from the Sony Reader Store. Apple told Sony that from now on, all in-app purchases would have to go through Apple, said Steve Haber, president of Sony?s digital reading division. The move could affect companies like Amazon.com and others that sell e-book readers that compete with Apple?s iPad tablet and offer free mobile apps so customers can read their e-book purchases on other devices. An iPad owner, for instance, has not needed to own a Kindle to read Kindle books bought from Amazon. That may now change. ?It?s the opposite of what we wanted to bring to the market,? Mr. Haber said. ?We always wanted to bring the content to as many devices as possible, not one device to one store.? Apple and Amazon declined to comment. The change may signal a shift for Apple. The company has made more money selling hardware than music, e-books or apps. If people could have access to more content from more sources on their iPhones and iPads, the thinking went, then they would buy more devices. The move is also surprising, as Apple has indicated recently that it would be more collaborative, not less, with magazine publishers and other content producers that want more control over how to distribute content on the iPad. ?This sudden shift perhaps tells you something about Apple?s understanding of the value of its platform,? said James L. McQuivey, a consumer electronics analyst at Forrester Research. ?Apple started making money with devices. Maybe the new thing that everyone recognizes is the unit of economic value is the platform, not the device.? From rforno at infowarrior.org Tue Feb 1 13:42:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Feb 2011 14:42:36 -0500 Subject: [Infowarrior] - Arabic language channel reports Mubarak to step down at election time Message-ID: Posted on Tuesday, February 1, 2011 http://www.mcclatchydc.com/2011/02/01/107869/arabic-language-channel-reports.html Arabic language channel reports Mubarak to step down at election time By Hannah Allam and Shashank Bengali | McClatchy newspapers CAIRO_Embattled Egyptian president Hosni Mubarak is expected to announce Tuesday he will step down at elections scheduled for later this year, according to Al Arabiya Arabic language satellite channel. The channel reported that the speech was already recorded and is expected to be delivered shortly. It was unclear whether the opposition will accept his purported offer, after eight days of protests demanding his immediate resignation. Read more: http://www.mcclatchydc.com/2011/02/01/107869/arabic-language-channel-reports.html#ixzz1Cjowpzd5 From rforno at infowarrior.org Tue Feb 1 19:45:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Feb 2011 20:45:21 -0500 Subject: [Infowarrior] - Fwd: Text message blows up Moscow suicide bomber by accident References: <4D48B53E.4070307@inetassoc.com> Message-ID: "Oopsie!" --- rick Begin forwarded message: > From: DS > > http://www.vancouversun.com/story_print.html?id=4172993 > > > Text message blows up Moscow suicide bomber by accident > > By Andrew Osborn > The Daily Telegraph > January 26, 2011 > A "Black Widow" suicide bomber planned a terrorist attack in central Moscow on New Year's Eve but was killed when an unexpected text message set off her bomb too early, according to Russian security sources. > > The unnamed woman, who is thought to be part of the same group that struck Moscow's Domodedovo airport on Monday, intended to detonate a suicide belt near Red Square on New Year's Eve in an attack that could have killed hundreds. > > Security sources believe a message from her mobile phone operator wishing her a happy new year received just hours before the planned attack triggered her suicide belt, killing her at a safe house. > > Islamist terrorists in Russia often use mobile phones as detonators. The bomber's handler, who is usually watching their charge, sends the bomber a text message in order to set off his or her explosive belt at the moment when it is thought they can inflict maximum casualties. > > The dead woman has not been identified, but her husband is apparently serving time in jail for being a member of a radical Islamist terror group. > > Security sources believe the New Year's Eve bomber and the airport bombers may have been members of a suicide squad trained in Pakistan's al-Qaida strongholds which was sent to target the Russian capital's transport system. > > Nobody has been arrested in connection with Monday's bombing, which left 35 people dead. Police are trying to identify the severed head of a male suicide bomber recovered from the scene. > From rforno at infowarrior.org Wed Feb 2 08:25:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Feb 2011 09:25:43 -0500 Subject: [Infowarrior] - Fed passes China in Treasury holdings Message-ID: Fed passes China in Treasury holdings By Michael Mackenzie in New York Published: February 2 2011 00:01 | Last updated: February 2 2011 00:01 http://www.ft.com/cms/s/0/120372fc-2e48-11e0-8733-00144feabdc0.html The Federal Reserve has surpassed China as the leading holder of US Treasury securities even though it has yet to reach the halfway mark in its latest round of quantitative easing, according to official figures. Based on weekly data released on Thursday, the New York Fed?s holdings of Treasuries in its System Open Market Account, known as Soma, total $1,108bn, made up of bills, notes, bonds and Treasury Inflation Protected Securities, or Tips. According to the most recent US Treasury data on foreign holders of US government paper, China holds $896bn and Japan owns $877bn. ?By June [the Fed] will have accumulated some $1,600bn of Treasury securities, likely to be in the vicinity of China and Japan?s combined holdings,? said Richard Gilhooly, a strategist at TD Securities. ?The New York Fed surpassed China in the past month as the largest holder of US Treasury securities,? he noted. The Fed is buying Treasury debt under two programmes. The largest is QE2, which began in November and is scheduled to involve $600bn of purchases by June. It is also buying $30bn of Treasuries a month as it reinvests principal payments from its large holdings of mortgage debt and debt issued by government housing agencies ? a programme dubbed QE lite. By the end of June, the Fed plans to buy $800bn in Treasury debt under both programmes. Since November, the Fed has purchased $284bn of Treasuries. The Fed has devoted 67 per cent of its QE2 purchases to Treasuries with a maturity of four-and-a-half to 10 years. That has helped pull back yields in that part of the yield curve from their highs of December. By contrast, just 5 per cent of the Fed?s buying has been for Treasury debt longer than 17 years. Last Friday, the yield on 30-year bonds briefly rose to its highest level since last April. ?The end of QE2 will be a big test as rates are likely to rise once the Fed stops buying large amounts of Treasuries,? said David Ader, a strategist at CRT Capital. ?We don?t know if that means a rise of 20, 30 or even 50 basis points for key yields.? In total, foreign central banks hold $2,604bn of Treasuries, according to the Fed. After rising from $2,250bn at the end of last June, foreign central banks have stayed at about $2,600bn since mid-November, when the Fed began QE2. This indicates the Fed has stepped up as other central banks have scaled back their Treasuries purchases. Before the financial crisis, the Fed held $775bn of Treasuries in Soma. That was reduced by $300bn during the first half of 2008, when the Fed sold Treasuries and focused on supporting the financial system. The first QE program, which began in 2009, saw the Fed buy $300bn of Treasuries. Copyright The Financial Times Limited 2011. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web. From rforno at infowarrior.org Wed Feb 2 08:34:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Feb 2011 09:34:36 -0500 Subject: [Infowarrior] - Senators decry link between Egypt, 'kill switch' bill Message-ID: <5767FB2D-A021-4BF6-855B-9B9F396B4CA3@infowarrior.org> February 2, 2011 4:30 AM PST Senators decry link between Egypt, 'kill switch' bill by Declan McCullagh http://news.cnet.com/8301-31921_3-20030332-281.html?part=rss&subj=news&tag=2547-1_3-0-20 Three U.S. senators who want to give the president emergency powers over the Internet are protesting comparisons with the "kill switch" highlighted by Egypt's Net disconnection. In a statement yesterday, the politicians said their intent was to allow the president "to protect the U.S. from external cyber attacks," not to shut down the Internet, and announced that they would revise their legislation to explicitly prohibit that from happening. "Some have suggested that our legislation would empower the president to deny U.S. citizens access to the Internet," said the statement from Joseph Lieberman (I-Conn.), Susan Collins (R-Maine), and Senator Tom Carper, (D-Del.). "Nothing could be further from the truth." Lieberman, an independent who caucuses with Democrats, is chairman of the Homeland Security and Governmental Affairs Committee. Internet kill switch Should the president of the United States be allowed to turn off Internet access or Web sites in a "cybersecurity emergency?" They said, however, that they'll make sure their forthcoming legislation "contains explicit language prohibiting the president from doing what President [Hosni] Mubarak did." Egypt restored Internet service to the country at 11:29 a.m. today Cairo time after a five-day blackout that was intended to quell anti-government protests. The latest public version of their Internet emergency legislation, S.3480, was approved by Lieberman's committee in December but was not voted on in the full Senate. Their so-dubbed "Protecting Cyberspace as a National Asset Act" would hand the president power over privately owned computer systems during a "national cyber emergency" and prohibit review by the court system. CNET reported last week that it will be reintroduced in the new Congress. If the president declares a "cyber emergency," according to a summary prepared by Lieberman's committee, the Department of Homeland Security could "issue mandatory emergency measures necessary to preserve the reliable operation of covered critical infrastructure." Although the term "kill switch" appears nowhere in the legislation, those "mandatory" measures could include ordering "critical" computers, networks, or Web sites disconnected from the Internet. It also includes controversial new language--which did not appear in the initial version introduced last summer--saying that the federal government's designation of vital Internet or other computer systems "shall not be subject to judicial review." Perhaps more than any other section of the legislation, that part has drawn significant criticism from industry representatives and civil libertarians. After Egypt's decision to banish its Internet connection, the odds of the Lieberman-Collins-Carper bill being enacted have fallen, said Jim Harper, director of information policy studies at the Cato Institute. "It's part of growing recognition that centralizing control of communications infrastructure with government is poor civic hygiene," he said. For the senators proposing this legislation, the timing was unfortunate. Less than 24 hours after Senate Majority Leader Harry Reid and other Democrats sent out a press release last Wednesday outlining their rather vague plans for future legislation to "safeguard" the Internet, Egypt went offline. (Reid's placeholder bill is S.21.) By the following afternoon, almost all Egyptian Internet providers ceased to publish information about electronic routes to their networks, making them unreachable worldwide. On Monday, the one apparently unaffected network, the Noor Group, followed suit and vanished around 12:46 p.m. PT. Noor's client list included ExxonMobil, Toyota, Hyatt, Coca-Cola, the American University in Cairo, and the Egyptian stock exchange. Yesterday's statement from the three senators said that their forthcoming legislation features safeguards, including a requirement that any measures ordered by the president be "the least disruptive means feasible" and that the White House notify Congress after a "cyber security emergency" has been declared. They also argue that a 1934 law (PDF) creating the Federal Communications Commission already gives the president broad powers and that theirs would be narrower. That law says in wartime, or if a "state of public peril or disaster or other national emergency" exists, the president may "authorize the use or control of any such station or device." But the latest public draft of the Lieberman-Collins-Carper bill does not repeal that portion of existing law--it merely gives the executive branch additional authority. Earlier versions of similar legislation have been more direct. A draft Senate proposal that CNET obtained in August 2009 authorized the White House to "declare a cybersecurity emergency," and another from Sens. Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) would have explicitly given the government the power to "order the disconnection" of certain networks or Web sites. House Democrats also have been active on the topic, although a bill (H.R. 174) introduced last month by Rep. Bennie Thompson (D-Miss.) is not as far-reaching. It would hand Homeland Security the power to "establish and enforce" security requirements for important "private sector computer networks." Missing, however, is any language granting the president new emergency authority. Updated at 5:45 a.m. PT to reflect the end of Egypt's Internet ban. From rforno at infowarrior.org Wed Feb 2 12:01:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Feb 2011 13:01:44 -0500 Subject: [Infowarrior] - America Might Be a More Gilded Cage than Egypt ... But It Still Looks Like a Cage Message-ID: <1FE5CFF3-0562-4726-BFC9-FAE28006BA3A@infowarrior.org> True.....and disturbing/sad. -- rick America Might Be a More Gilded Cage than Egypt ... But It Still Looks Like a Cage http://www.washingtonsblog.com/2011/02/us-might-be-much-more-gilded-cage-than.html From rforno at infowarrior.org Wed Feb 2 12:11:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Feb 2011 13:11:13 -0500 Subject: [Infowarrior] - Feds seize sports sites Message-ID: Feds seize sports sites http://www.politico.com/news/stories/0211/48692.html The websites are said to illegally provide access to content from the NFL. | AP Photo Close By JENNIFER MARTINEZ | 2/2/11 12:53 PM EST The federal government has seized the Web addresses of ten websites that allegedly livestream sporting and Pay-per-View events online, shutting them down just days before one of the biggest televised sporting events of the year: the Super Bowl. The U. S. Attorney?s Office of the Southern District of New York, working in conjunction with the Immigrations and Customs Enforcement agency, seized the Web addresses Tuesday. The seizure affidavit was unsealed Wednesday. The websites affected, which include Channelsurfing.net and Spain-based Rojadirecta.org, were said to illegally provide access to content from the major professional sports organizations, namely the National Football League, National Basketball Association and the National Hockey League. The sites do not host the pirated sporting content themselves, but instead provided links to other places on the Web where people could illegally access it. Government officials argue that the sites are not only illegally distributing pirated content, but in the process are also denting the revenues of the professional sports leagues and broadcasters as well as negatively impact viewers. ?The illegal streaming of professional sporting events over the Internet deals a financial body blow to the leagues and broadcasters who are forced to pass their losses off to fans by raising prices for tickets and pay-per-view events,? said Preet Bharara, the U.S. Attorney in Manhattan. ?With the Super Bowl just days away, the seizures of these infringing websites reaffirm our commitment to working with our law enforcement partners to protect copyrighted material and put the people who steal it out of business.? Fans have increasingly abandoned watching sports games on their television sets, opting to watch them on their computers via the Web instead. The shift has jolted the professional sports organizations, who are grappling with how to control the growing problem of illegal streaming of sports games online in real-time. The organizations copyright the content of its sports games ? from the audio, video, text and images ? and restrict others from distributing the content without prior written approval. The federal government launched a similar campaign in November that shut down 82 websites that offered counterfeit goods and digital music and movie content. U.S. Attorney General Eric Holder and ICE Director John Morton had warned that the two agencies were committed to going after more websites that illegally offered copyrighted content. Morton repeated that message during Wednesday?s operation. ?This swift action by our Homeland Security Investigations New York special agents and analysts sends a clear message to website operators who mistakenly believe it?s worth the risk to take copyrighted programming and portray it as their own,? Morton said. ?(W)e will continue to aggressively investigate this type of crime with our law enforcement partners.? From rforno at infowarrior.org Wed Feb 2 17:51:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Feb 2011 18:51:46 -0500 Subject: [Infowarrior] - RAND Report: What Should Be Classified? Message-ID: <39D15BAE-1C4A-41FD-A5CF-7A2868611C49@infowarrior.org> What Should Be Classified? A Framework with Application to the Global Force Management Data Initiative ? by ? Martin C. Libicki, ? Brian A. Jackson, ? David R. Frelinger, ? Beth E. Lachman, ? Cesse Ip, ? Nidhi Kalra http://www.rand.org/pubs/monographs/MG989.html For its operational planning and budget programming, the Department of Defense (DoD) needs frequent access to current, detailed data on authorized force structures for all the services. Having users aggregate this information themselves was difficult, time consuming, and error prone. Hence, DoD launched the Global Force Management Data Initiative (GFM DI). While most of the data from the GFM DI are unclassified, the fact that it facilitates data aggregation raised concerns about what a potential adversary might be able to do with access to it and whether it would be better to classify such data and store it exclusively on the secure network. The authors address this question by looking at why material should or should not be classified, concluding that classification is warranted only (1) if it reduces the amount of information available to adversaries, (2) if the information kept from adversaries would tell them something they did not know, (3) if they could make better decisions based on this information, and (4) if such decisions would harm the United States. Using this framework, the authors balance the risks GFM DI poses against the costs to DoD of not having this information readily available to its own analysts. The authors conclude that overall classification is not necessary but suggest that some limited subsets may warrant additional protection. From rforno at infowarrior.org Wed Feb 2 20:32:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Feb 2011 21:32:01 -0500 Subject: [Infowarrior] - Judge rebukes 'World's No. 1 Hacker' Message-ID: Three add'l items: 1) Evans is debunked further by the good folks at Attrition.Org : http://attrition.org/errata/charlatan/gregory_evans/ 2) Some in the security community are taking him to task for his actions/reputation today, including posting an alleged torrent archive of his corporate email account (http://archives.neohapsis.com/archives/fulldisclosure/current/0015.html) Judge rebukes 'World's No. 1 Hacker' Quashes 'extremely troubling' subpoenas By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 31st January 2011 23:03 GMT http://www.theregister.co.uk/2011/01/31/ligatt_security_subpoena_quashed/ A judge in Georgia has scolded a controversial security figure for improperly subpoenaing Yahoo! and Twitter in an attempt to get user names and passwords belonging to some 25 researchers. Gregory D. Evans, CEO of Ligatt Security and the self-proclaimed "World's No. 1 Hacker", sought the the highly personal information in a lawsuit he brought last year accusing the researchers of bashing his company's penny stock. Over the past year, shares have fallen from about $2.80 to $0.0004, public information shows. Most of that precipitous drop happened prior to claims that surfaced in June that huge chunks of an e-book purportedly written by Evans were lifted from other hacking manuals without the original authors' permission. The suit named Chris John Riley, Ben Rothke, and other security professionals who publicly claimed their works were plagiarized. Shortly after it was filed, attorneys for Evans subpoenaed Yahoo! and Twitter for information that included the defendants' usernames, passwords, emails sent and received, and blog postings. Last week, the judge hearing the case squashed the subpoenas and said they violated several provisions of Georgia law. ?The court finds it extremely troubling that plaintiffs issued and served subpoenas to which plaintiffs' counsel had no access for such a long period of time,? Karen E. Beyers, superior court judge for Georgia's Gwinnett County wrote. Under the Official Code of Georgia Annotated, she said, Randolph Morris and the 24 other people named in the suit were entitled to copies. She also uncovered other legal deficiencies, including their inclusion of the wrong case number and failure to notify plaintiffs that two subpoenas had been filed rather than just one. What's more, Beyers said the subpoenas were ?overbroad? because they sought passwords and emails. ?This is exceedingly overbroad, and is also wholly inconsistent with the representations of plaintiffs' counsel regarding the scope of the subpoenas,? she wrote. Beyers went on to dismiss Morris from the lawsuit because she found the California resident had no ties to Georgia. She scheduled a hearing for March 1 to decide how much Evans should pay in sanctions for the improper subpoenas. Shortly after filing his lawsuit in July, Evans cast himself as the aggrieved party. ?We are sure that once this total investigation is over we will find that not only were these people bashers, but they were also day traders and market makers,? Evans was quoted in a press release. ?We are prepared to go after them due to the fact that they took part in manipulating the stock,? says Evans. Evans has regularly appeared as a security expert on Fox News, Bloomberg TV, and CNN. From rforno at infowarrior.org Thu Feb 3 06:17:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Feb 2011 07:17:56 -0500 Subject: [Infowarrior] - [ISN] Cloud services could bolster national cyber security In-Reply-To: References: Message-ID: Umm, yeah, okay. What happens when you can't reach the cloud? Mission Fail. What happens when the cloud provider drops the ball on security or other operational requirements? Mission Fail. What happens when you want to switch cloud providers for a better price? Gonna be hard I bet. Just remember how many organisations didn't switch away from Microsoft because "we spent too much on it already" and ended up suffering through tons of more-costly infosec and operational problems as a result. Yay, lock-in! The IT community is so infatuated with the potential benefits of All Things Cloud(tm) that it is losing sight of the potential, if not probable, real risks associated with it. It willingly seeks now to lock itself into a walled garden environment controlled by a third party that perhaps offers greater convenience and cost-savings but at the expense of resiliency and a greater control over its ability to function during adversity. Yay, Cloud! (And yay, warped sense of priorities for networks/services allegedly deemed 'critical'.) Cyber-adveraries are salivating at what the future holds for them in Cloud-Based America. Yay, Cloud! Mark my words: the cloud will be uber-awesome, until it breaks or you can't reach it. -- rick infowarrior.org On Feb 3, 2011, at 02:51 , InfoSec News wrote: > http://www.networkworld.com/news/2011/020211-cloud-services-cyber-security.html > > By Tim Greene > Network World > February 02, 2011 > > The shift to cloud computing offers an opportunity to better secure the > national digital infrastructure by concentrating the burden of cyber > security among a relatively small number of service providers rather > than thousands of individual businesses, according to a report by a > foreign policy think tank. > > "Cloud computing has weaknesses, but it also offers the opportunity to > aggregate and automate cyber defense," according to a new report by the > Center for Strategic and International Studies. The report, > "Cybersecurity Two Years Later," is a follow-up to "Securing Cyberspace > for the 44th Presidency," which the group issued in 2008. > > "Much of the burden of security will shift from consumers and businesses > to service providers that may be better equipped to meet advanced > challenges," the new report says. "The move to the cloud is not a silver > bullet that will solve all cybersecurity problems, but it is part of a > larger move to a more mature infrastructure that includes the automation > of security practices and monitoring -- such as the Security Content > Automation Protocol (SCAP) -- particularly if we find a better way for > service providers to work more effectively with government agencies." > > In the two years since the foreign-policy think tank issued its first > report the Obama administration has fallen short of implementing > measures that would protect the U.S. from cyber attacks, the new report > says. > > [...] From rforno at infowarrior.org Thu Feb 3 18:51:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Feb 2011 19:51:49 -0500 Subject: [Infowarrior] - US cables reveal: ACTA was far too secret Message-ID: (Secret) US cables reveal: ACTA was far too secret By Nate Anderson | Last updated about an hour ago http://arstechnica.com/tech-policy/news/2011/02/secret-us-cables-reveal-acta-was-far-too-secret.ars US government cables published by WikiLeaks show us that it wasn't just "the usual blogger-circles" (as the US Embassy in Sweden called them) complaining about the secrecy of the Anti-Counterfeiting Trade Agreement (ACTA). French digital rights group La Quadrature du Net has compiled a list of relevant WikiLeaks cables regarding ACTA. In one, a top intellectual property official in Italy told the US that "the level of confidentiality in these ACTA negotiations has been set at a higher level than is customary for non-security agreements." He added that it was "impossible for member states to conduct necessary consultations with IPR stakeholders and legislatures under this level of confidentiality." In Sweden, the EU's top negotiator on ACTA told the US embassy there that "the secrecy issue has been very damaging to the negotiating climate in Sweden? The secrecy around the negotiations has led to that the legitimacy of the whole process being questioned." The inevitable result of such secrecy was leaks and rumors. When the US proposals for the Internet section of ACTA leaked, the head of Sweden's Justice Ministry had "to go public earlier this month to appease the storm of critics by assuring them that the Swedish government will not agree to any ACTA provision that would require changes to current Swedish laws." And the EU negotiator added a criticism of his own: "the European Commission is concerned that the USG [US government] has close consultation with US industry, while the EU does not have the same possibility to share the content under discussion in the negotiations." The "gold standard" The cables note that critics wanted ACTA to take place before an existing body like WIPO, where processes were in place for transparency and for the involvement of public interest groups. But cables from the US embassy in Japan make clear that the US pushed back against this approach, in large part because it knew other nations wouldn't go along with what it wanted: "a plurilateral, TRIPS-plus Anti-Counterfeiting Trade Agreement (ACTA) which would aim to set a 'gold standard' for IPR enforcement among a small number of like-minded countries, and which other countries might aspire to join." US Trade Representative official Stan McCoy "stressed that this should be a freestanding agreement, not related to any international grouping such as the G-8 or OECD, which might make it more difficult to construct a high-standards agreement." In other words, what we got was a "coalition of the willing" bent on creating tough new enforcement rules that they would slowly seek to impose on other countries. As a Japanese trade official noted, "we should move as fast as possible and keep in mind that the intent of the agreement is to address the IPR problems of third-nations such as China, Russia, and Brazil, not to negotiate the different interests of like-minded countries. The new agreement could serve as a yardstick for measuring the market economy status of countries such as China and Russia." From rforno at infowarrior.org Fri Feb 4 14:21:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Feb 2011 15:21:17 -0500 Subject: [Infowarrior] - Cyber war Geneva Conventions call Message-ID: <3E1723ED-6B26-4A52-AF6A-3EC1291DEB45@infowarrior.org> Cyber war Geneva Conventions call By Susan Watts BBC Newsnight Science editor http://news.bbc.co.uk/2/hi/programmes/newsnight/9386445.stm The world needs cyber war "Rules of Engagement" to cope with potentially devastating cyber weapons, Russian and US experts will tell world leaders at a security conference on Friday. The cyber proposal, seen exclusively by Newsnight, comes from the influential EastWest Institute in New York. It describes "rendering the Geneva and Hague conventions in cyberspace". Cyber security is on the agenda at the annual Munich Security Conference for the first time this year. Those attending the conference include UK Prime Minister David Cameron, German Chancellor Angela Merkel, US Secretary of State Hillary Clinton and Russian Foreign Minister Sergei Lavrov. The draft document also calls for a fresh definition of "nation state", with new "territories" and players in cyberspace beyond government - such as multinationals, NGOs and citizens. The proposal also says that ambiguity about what constitutes cyber conflict is delaying international policy to deal with it, and that perhaps the idea of "peace" or "war" is too simple in the internet age when the world could find itself in a third, "other than war", mode. Pinpointing attackers The US-Russian team point out that discriminating between military and civilian targets is more difficult in cyberspace, and may require protected, marked, domain names. They say cyber weapons have attributes not previously seen with traditional weapons, nor considered during the development of the current Laws of War: "Cyber weapons can deliver, in the blink of an eye, wild viral behaviours that are easily reproduced and transferred, while lacking target discrimination." Well-placed British government sources say they do not see a need for new international "treaties" for cyberspace, but do concede that there are areas that need discussion, especially on attribution. The nature of cyber space, with its ease of anonymity and use of proxies, makes the attribution of any attack very difficult. This raises the question of proportionality: "How strongly should a state respond to an attack when you do not know who did it, where they did it from or what the intention was? In conventional military terms these questions are easier to answer - not so in the cyber world," these sources pointed out to Newsnight. John Bumgarner, research director for security technology at the US Cyber Consequences Unit, spoke to Newsnight about the kind of threats which exist: "There's things out there that right now that exist that the general public really doesn't know about - stealthy type technologies that can be embedded into systems that can run that you'll never see. Those things already exist." He said that capabilities which currently exist include turning off power grids, disrupting water supplies and manufacturing systems. Business agenda Others, however, say that talk of all out cyber "war" is hype, though useful to defence companies looking for new ways to make money. Nevertheless, there are almost daily reports now of cyber incidents, most recently that Stock Exchanges in Britain and the US were seeking help from the security services after discovering they were victims of attempted cyber attacks. "There's quite a lot in it, but they're also extensively hyped," according to Professor Peter Sommer of the London School of Economics, who wrote a recent Organisation for Economic Co-operation and Development (OECD) report on cyber security. "In terms of the involvement of the big military companies, you have to realise that they are finding it extremely difficult to sell big, heavy equipment of the sort they are used to because the type of wars that we're involved in tend to be against insurgents. "And so they are desperately looking for new product areas - and the obvious product area, they think, is cyber warfare - I'm not so sure about that." And yet, "utterly dependent" is how one well-placed government source describes our relationship with cyberspace. The message is blunt. Ensuring security in cyberspace is vital to our national security, our well being and our prosperity: "Without it we can't have the economy we aspire to." And if that is not enough, the UK government also believes it is vital to maintaining our values as a democracy. Real-time attack data The government is therefore embarking on an ambitious project to forge what it calls a new "dialogue" between the state and commercial companies, for mutual benefit. After all, some 80% of our critical national infrastructure is owned and run by the private sector, and that is before you take account of the tangle of undersea fibre-optic cables that carry over 90% of our internet traffic, with all the physical vulnerabilities to terrorist attack that implies. At the new Cyber Security Operations Centre at GCHQ, the UK's electronic intelligence agency in Cheltenham, the eventual aim is for real-time, open exchange of data from companies about how and when they are suffering attacks on their IT systems from cyberspace. This should give the government early-warning of cyber attacks that could bring down critical national infrastructure. In return, the commercial sector can expect expertise on-tap. This builds on existing trusted relationships with energy and water companies, but will extend to other sectors, such as food distribution, finance and transport. The idea was mooted by Iain Lobban, director of GCHQ, in a rare speech at the International Institute for Strategic Studies (ISS) last October. A substantial chunk of the ?650m allocated to cyber security in the subsequent Strategic Defence and Security Review is now heading in that direction. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/programmes/newsnight/9386445.stm Published: 2011/02/03 16:25:47 GMT ? BBC 2011 From rforno at infowarrior.org Fri Feb 4 17:15:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Feb 2011 18:15:37 -0500 Subject: [Infowarrior] - DHS Tries And Fails To Explain Why Seized Domains Are Different From Google Message-ID: <156ADB4F-76DC-4369-BD53-B4B4DC40E365@infowarrior.org> Homeland Security Tries And Fails To Explain Why Seized Domains Are Different From Google from the keep-trying dept http://www.techdirt.com/articles/20110203/22422912958/homeland-security-tries-fails-to-explain-why-seized-domains-are-different-google.shtml The Marketplace radio show from American Public Media spoke to Special Agent James Hayes from Homeland Security, who was apparently in charge of the "raids" (if you can call them that) that involved the seizing of domain names under the legally questionable theory that linking to infringing material is, by itself, criminal copyright infringement. I've yet to find any legal expert who seems to believe that the law actually says this anywhere. In the interview, John Moe asked Agent Hayes a very simple question: given that these domains were all seized based solely on the fact that they link to infringing content hosted elsewhere, and all of the same content is also linked from Google, will the Feds seize Google's domain name? Well, more specifically, Moe asks if ICE could seize Google's domain name. Amusingly, right after being asked, Hayes conveniently gets cut off, but he does call back and the question is asked again. You can hear the whole thing here: However, once he gets back, he tries to tap dance around this issue. Hayes says "no" that ICE will not seize Google's domain name and that's because it's only targeting sites that "don't do due diligence" to make sure that the content they're linking to isn't infringing. There's a pretty serious problem with this claim in that it's wrong on both sides of the equation. First off, Google, as a search engine, does no due diligence to check that links only go to non-infringing content. Second, in at least some of the cases (specifically in the case of dajaz1), we know that it was actually Homeland Security and folks like Special Agent Hayes who "failed to do their due diligence," so the songs named in the ICE affidavit were, in fact, provided by the labels or representatives of the musicians. In other words, according to Special Agent Hayes' own criteria, Google is more of a criminal operation that Dajaz1. Hayes then goes on to repeat the long-debunked talking points of the industry -- insisting that anyone watching a PPV event without paying represents lost revenue. Apparently all the studies that say this isn't the case don't matter, so long as someone who directly financially benefits from Hayes' actions tells him otherwise. On top of that Hayes claims that this leads to lost tax revenue and jobs. Of course, this has also been debunked, since the money "not spent" on these events doesn't disappear, but is still spent in the market and, quite conceivably, ends up going to fund more jobs and industries with higher tax rates. Also amusing is that Hayes uses this massively tenuous link to "tax revenue" to answer the question so many people have been asking: what the hell does Immigration and Customs have to do with a foreign website? The answer, apparently, is that ICE's mission is to protect the US Treasury and one part of that is to protect tax revenue. Of course, that argument makes no sense. By that same reasoning, when Henry Ford first started mass producing cars, Customs should have shut him down because it killed off jobs in the horse carriage industry, thus decreasing the tax base from that industry. Of course, everyone who thinks this through realizes that's silly, because the money didn't disappear, it shifted elsewhere -- to a more efficient arena, which actually resulted in economic growth and greater taxes. What Hayes and ICE are doing here is the opposite. They're holding back more efficient distribution systems, stifling speech and hindering economic growth, which actually will result in a smaller tax base. Moe pushes back a little and asks Hayes if he thinks that linking is the same as hosting the content. Hayes doesn't answer, but simply says that they're targeting the sites that "get a lot of traffic," to which Moe reasonably shoots back: "Well, Google gets a lot of traffic." Hayes then makes stuff up about how a search engine is different, but that's based on nothing factual. He makes an artificial distinction and then finally states "well, it's a difference in our mind." Great, so because ICE is technically clueless and thinks there's a difference, it's all fine and dandy? Moe then asks Hayes if he links to a site that has infringing content from his Public Radio blog, will ICE shut down the site. And Hayes makes a really weird remark that makes no sense, sayings that if Moe "gets advertising funds from a site that provides unauthorized content" then he might have to shut them down. But that's something new. We've seen no assertions or evidence that the sites that have been take down received ads from the other sites that were hosting the content. Is Hayes totally making stuff up now? It sounds like Hayes doesn't even understand what he's talking about. Finally, Moe asks: if a site links and embeds to all the same content, but does not profit from it (i.e., does not have advertising), is it criminal? Hayes totally punts and says he'd have to check the law. Yes, really. So the guy is not an expert on the technology and admits he's not an expert on the law in question. So what is he an expert in and why is he leading these questionable seizures? On a separate note, it's nice to see that Homeland Security is willing to chat with the press again after telling us that it will not speak about these issues because it's an "ongoing investigation before court." Apparently, Homeland Security was also lying to me (though, we knew that already). What's scary about this is that every time someone from Homeland Security speaks on this issue, they display some pretty serious ignorance of the technical issues and of the specific details of the questions people are asking. They seem to get around these with wishful thinking about how -- in their minds -- these sites are "different." From rforno at infowarrior.org Fri Feb 4 17:24:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Feb 2011 18:24:11 -0500 Subject: [Infowarrior] - WL: US agrees to tell Russia Britain's nuclear secre Message-ID: <90C2141E-EC19-41DD-BA5F-832287F93CAF@infowarrior.org> WikiLeaks cables: US agrees to tell Russia Britain's nuclear secrets The US secretly agreed to give the Russians sensitive information on Britain?s nuclear deterrent to persuade them to sign a key treaty, The Daily Telegraph can disclose. http://www.telegraph.co.uk/news/worldnews/wikileaks/8304654/WikiLeaks-cables-US-agrees-to-tell-Russia-Britains-nuclear-secrets.html# By Matthew Moore, Gordon Rayner and Christopher Hope 9:25PM GMT 04 Feb 2011 Information about every Trident missile the US supplies to Britain will be given to Russia as part of an arms control deal signed by President Barack Obama next week. Defence analysts claim the agreement risks undermining Britain?s policy of refusing to confirm the exact size of its nuclear arsenal. The fact that the Americans used British nuclear secrets as a bargaining chip also sheds new light on the so-called ?special relationship?, which is shown often to be a one-sided affair by US diplomatic communications obtained by the WikiLeaks website. Details of the behind-the-scenes talks are contained in more than 1,400 US embassy cables published to date by the Telegraph, including almost 800 sent from the London Embassy, which are published online today. The documents also show that: ? America spied on Foreign Office ministers by gathering gossip on their private lives and professional relationships. ? Intelligence-sharing arrangements with the US became strained after the controversy over Binyam Mohamed, the former Guant?namo Bay detainee who sued the Government over his alleged torture. ? David Miliband disowned the Duchess of York by saying she could not ?be controlled? after she made an undercover TV documentary. ? Tens of millions of pounds of overseas aid was stolen and spent on plasma televisions and luxury goods by corrupt regimes. A series of classified messages sent to Washington by US negotiators show how information on Britain?s nuclear capability was crucial to securing Russia?s support for the ?New START? deal. Although the treaty was not supposed to have any impact on Britain, the leaked cables show that Russia used the talks to demand more information about the UK?s Trident missiles, which are manufactured and maintained in the US. Washington lobbied London in 2009 for permission to supply Moscow with detailed data about the performance of UK missiles. The UK refused, but the US agreed to hand over the serial numbers of Trident missiles it transfers to Britain. Professor Malcolm Chalmers said: ?This appears to be significant because while the UK has announced how many missiles it possesses, there has been no way for the Russians to verify this. Over time, the unique identifiers will provide them with another data point to gauge the size of the British arsenal.? Duncan Lennox, editor of Jane?s Strategic Weapons Systems, said: ?They want to find out whether Britain has more missiles than we say we have, and having the unique identifiers might help them.? While the US and Russia have long permitted inspections of each other?s nuclear weapons, Britain has sought to maintain some secrecy to compensate for the relatively small size of its arsenal. William Hague, the Foreign Secretary, last year disclosed that ?up to 160? warheads are operational at any one time, but did not confirm the number of missiles. From rforno at infowarrior.org Fri Feb 4 17:25:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Feb 2011 18:25:41 -0500 Subject: [Infowarrior] - TSA: Screeners can unionise Message-ID: February 4, 2011 Unions Can Bargain on Behalf of Airport Security By ERIC LIPTON http://www.nytimes.com/2011/02/05/us/05unionize.html?_r=2&pagewanted=print WASHINGTON ? Seeking to end a debate that has brewed for nearly a decade, the director of the Transportation Security Administration announced on Friday that a union would be allowed to bargain over working conditions on behalf of the nation?s 45,000 airport security officers, although certain issues like pay will not be subject to negotiation. The question of whether unions can negotiate on behalf of airport security workers has been a repeated topic of partisan debate on Capitol Hill, at times threatening to hold up major pieces of legislation or even the Senate confirmation of the agency?s director. John S. Pistole, the former deputy director of the Federal Bureau of Investigation who has served as head of the transportation agency since last June, announced Friday that he would used the power granted to him by Congress to authorize collective bargaining by airport security personnel on a limited set of topics, including rules governing who gets priorities for vacation time and shift assignments, how workplace transfers take place and how employees are recognized for commendable work. The negotiations will take place on a national level, not with state or local union affiliates. The nation?s security officers are tentatively scheduled to vote in early March for one of two unions that have competed for the right to represent them, or not to have a union at all. But if they choose a union, they will not be able to turn to it to bargain on their behalf for such traditionally negotiated topics as pay, retirement benefits, job qualification rules, disciplinary standards or issues related to security procedures, like what security equipment they must use or when and where they are deployed. This would allow the agency ? a division of the Department of Homeland Security ? to rapidly reassign security officers in response to a particular threat or to change security procedures or equipment without having to consult collective bargaining rules, an agency official said. The security officers are also not allowed to strike or have any work-related slowdowns as a form of union demonstration. There will be set limits on how long negotiations on topics subject to union bargaining can drag on. And the officers will not be required to join a union or pay dues. The security officers already have the right to join a union, and about 13,000 are dues-paying members of the American Federation of Government Employees or the National Treasury Employees Union, the two unions competing for the exclusive right to represent them this spring. But these unions cannot now collectively bargain on behalf of the workers, representing them instead only as individuals, in certain situations, like if an employee is subject to a disciplinary action. The question of whether a union should be allowed to bargain on the workers? collective behalf continues to roil Congress, with Senator Roger Wicker, Republican of Mississippi, as recently as this week introducing legislation ? as other Republicans have before ? that would formally prohibit such a step. Reaction from lawmakers came along predictable party lines, with Democrats, along with union leaders, praising Mr. Pistole?s decision, while Republican lawmakers condemned the move, suggesting that they will push ahead with efforts to legislatively terminate the collective bargaining rights. ?This will be President Obama?s biggest gift to organized labor,? Representative John L. Mica, Republican of Florida, the chairman of the House Transportation Committee said in a statement, adding that it was ?all bad news for the traveler, the taxpayer and aviation security,? because it would limit the flexibility of the agency, despite assurances from Mr. Pistole that it would not. The transportation agency has traditionally ranked low in surveys of federal workers that assess morale and job satisfaction, a ranking that Mr. Pistole hopes will improve if the workers are allowed to join a union that bargains on their behalf, even if the power of the union is strictly controlled. From rforno at infowarrior.org Fri Feb 4 20:40:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 4 Feb 2011 21:40:07 -0500 Subject: [Infowarrior] - Totally OT: Sign that the Apocalypse is Near? Message-ID: <9309EF59-AC98-4601-BBC0-BF1126B864AA@infowarrior.org> *stunned* (Why did Captain Kirk sing the metal....because he can!" --- rick) William Shatner Is Recording Star-Studded Metal Album in L.A.: We Got the Details By Diamond Bodine-Fischer, Thu., Feb. 3 2011 @ 9:39AM http://blogs.laweekly.com/westcoastsound/2011/02/william_shatner_is_recording_s.php William Shatner is back in the studio working on yet another great big pile of Shat-mazing, Incredibly Strange music. It's been over a week since Shatner first formally proclaimed Zakk Wylde's mad skills via Twitter ("Best, Bill"), but our sources on the scene confirm that some big metal heavy-hitters have been engaged to play backup to Captain Kirk. Peter Frampton and Mike Inez (who will be playing "Iron Man" with fellow Ozzy alum, Zakk Wylde) are definitely participating and our source claims artists slated to perform (but who haven't done their parts yet) include Steve Howe of Yes, Ian Paice of Deep Purple and the god among men, Brian May of Queen. Supposedly it's only a matter of scheduling that prevents confirmation (come on May, make this happen!). Finally, it wouldn't be a space themed album without the space man and his self proclaimed Space Bass, Bootsy Collins! (Caveat: some of these people might not appear on the final album. Reportedly, Shatner runs a loose (space)ship and sessions are fun and chaotic, nobody knowing how or when they're gonna happen. Picture session musicians standing next to their iPhones waiting for the "Bill is ready RIGHT NOW" text.) There are almost 20 songs slated for inclusion so far and all are to have a "space" or "flying in space" theme. Um, ok, that is EXACTLY the same as before, but who would want anything else from Captain Kirk? Track list currently includes "Bohemian Rhapsody" (which May will not be playing on-no joke), a Byrds song, "Space Odyssey," "Iron Man," "Learn to Fly" and... wait for it... "SHE BLINDED ME WITH SCIENCE"! Brace for impact, that one's got a chance of replacing "Rocket Man" as all time greatest Shatner moment. From rforno at infowarrior.org Sat Feb 5 08:14:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Feb 2011 09:14:29 -0500 Subject: [Infowarrior] - UK Immigration Officer Puts Wife on the No-Fly List Message-ID: UK Immigration Officer Puts Wife on the No-Fly List http://www.schneier.com/blog/archives/2011/02/uk_immigration.html A UK immigration officer decided to get rid of his wife by putting her on the no-fly list, ensuring that she could not return to the UK from abroad. This worked for three years, until he put in for a promotion and -- during the routine background check -- someone investigated why his wife was on the no-fly list. Okay, so he's an idiot. And a bastard. But the real piece of news here is how easy it is for a UK immigration officer to put someone on the no-fly list with absolutely no evidence that that person belongs there. And how little auditing is done on that list. Once someone is on, they're on for good. That's simply no way to run a free country. From rforno at infowarrior.org Sat Feb 5 08:39:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Feb 2011 09:39:17 -0500 Subject: [Infowarrior] - Hackers Penetrate Nasdaq Computers Message-ID: <28D6713C-C1C7-4321-92D3-144CD582F992@infowarrior.org> ? TECHNOLOGY ? FEBRUARY 5, 2011 Hackers Penetrate Nasdaq Computers By DEVLIN BARRETT http://online.wsj.com/article/SB10001424052748704709304576124502351634690.html?mod=googlenews_wsj Hackers have repeatedly penetrated the computer network of the company that runs the Nasdaq Stock Market during the past year, and federal investigators are trying to identify the perpetrators and their purpose, according to people familiar with the matter. The exchange's trading platform?the part of the system that executes trades?wasn't compromised, these people said. However, it couldn't be determined which other parts of Nasdaq's computer network were accessed. Investigators are considering a range of possible motives, including unlawful financial gain, theft of trade secrets and a national-security threat designed to damage the exchange. The Nasdaq situation has set off alarms within the government because of the exchange's critical role, which officials put right up with power companies and air-traffic-control operations, all part of the nation's basic infrastructure. Other infrastructure components have been compromised in the past, including a case in which hackers planted potentially disruptive software programs in the U.S. electrical grid, according to current and former national-security officials. "So far, [the perpetrators] appear to have just been looking around," said one person involved in the Nasdaq matter. Another person familiar with the case said the incidents were, for a computer network, the equivalent of someone sneaking into a house and walking around but?apparently, so far?not taking or tampering with anything. A spokesman for Nasdaq declined to comment. A probe into the matter was initiated by the Secret Service and now includes the Federal Bureau of Investigation. The mystery surrounding the hackers and their motives is worrying investigators, who remain unsure whether they have been able to plug all potential security gaps?especially since invaders typically seek new ways to breach systems. The case involving New York-based Nasdaq OMX Group Inc. is part of what cyber-crime authorities see as a broader problem of hackers nosing around corporate computer networks, with varying degrees of success. U.S. companies are a continual target, and sometimes their public websites are vandalized. It is rarer for perpetrators to penetrate internal systems. Such breaches rarely come to light because companies fear that acknowledging them would alarm customers or encourage copycats. Tom Kellermann, a former computer security official at the World Bank who now works at a firm called Core Security Technologies, said the most advanced hackers in the world are increasingly targeting financial institutions, particularly those involved in trading. "Many sophisticated hackers don't immediately try to monetize the situation; they oftentimes do what's called local information gathering, almost like collecting intelligence, to ascertain what would be the best way in the long term to monetize their presence,'' he said. People familiar with the Nasdaq matter said the Secret Service first began investigating last year. Investigators have informed White House officials of the case, according to the people familiar with the situation, who said that such a move is typical in hacking investigations, particularly in the early stages of the probes. Authorities haven't yet been able to follow the trail to any specific individual or country. Those familiar with the case said that some evidence points toward Russia, but the person or people responsible could be almost anywhere, perhaps using computers in Russia merely as a conduit. The case poses two concerns for authorities: preserving the stability and reliability of computerized trading, and ensuring that investors have full faith in that system. Stock exchanges know they are frequently targets for hackers. "We take any potential threat seriously and we are continually working to ensure that our systems operate at the highest levels of security and integrity," said Ray Pellecchia, a spokesman for NYSE Euronext, which operates the New York Stock Exchange. He declined to discuss any specific instances of computer-hacking attempts against that exchange. In 1999, hackers vandalized Nasdaq's publicly accessible website. In that incident, a group of hackers quickly claimed responsibility for defacing the site, as well as major media websites. Nasdaq officials at that time said the company's internal network wasn't affected. Computer hacking is a problem for many countries. In recent years, U.S. authorities have dealt with cyberattacks linked to computers in Russia, China and Eastern Europe. Hackers can use geography as a foil. Prosecutors said Albert Gonzalez, perhaps the most renowned hacker, perpetrated his biggest theft with help from computers in Eastern Europe even though he lived in Miami. According to a 2009 federal indictment, he used computers located in the U.S., Latvia and Estonia, in a conspiracy that netted more than 100 million stolen credit-card numbers. The case is considered the largest hacking crime in U.S. history. Mr. Gonzalez eventually pleaded guilty and was sentenced to 20 years in prison. Write to Devlin Barrett at devlin.barrett at wsj.com From rforno at infowarrior.org Sun Feb 6 15:30:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Feb 2011 16:30:00 -0500 Subject: [Infowarrior] - Feds in Cyberspace - What's the Value Proposition? Message-ID: Feds in Cyberspace - What's the Value Proposition? http://1raindrop.typepad.com/1_raindrop/2011/02/feds-in-cyberspace-whats-the-value-proposition.html There is a good debate to be had on federal involvement in cyberspace, arguments on both sides are being made around the various privacy tradeoffs. But one thing that I think is important is absent from the conversation, in tradeoff there should be gains and losses, right? Well what is the gain that Feds would provide to cybersecurity? Are we supposed to believe that the secrets of the lost cybersecurity ark, the keys to this knowledge actually exist just not in the private sector? That is pretty hard to swallow. Recall the BP/Macondo oil leak. At the time it happened there was a tremendous engineering effort where all the oil majors cooperated and sent their best engineers with specific expertise to deal with the horrible situation. In the end it was an impressive engineering effort. At the same time there was hue and cry that the US Navy would help address the well, because there are only a few organizations on the planet that can operate at a mile below sea level. Here is the problem though - its not the same Use Case. The ability to operate stealthily, listen to things and launch torpedos does not help plug oil wells! Let's leave aside, for now, that there is no evidence that major players understand how to secure a website, and instead focus on the practical matters. The Flash Crash is a good example: The May 6, 2010 Flash Crash[1] also known as The Crash of 2:45, the 2010 Flash Crash or just simply, the Flash Crash, was a United States stock market crash on May 6, 2010 in which the Dow Jones Industrial Average plunged about 900 points only to recover those losses within minutes. It was the second largest point swing, 1,010.14 points,[2] and the biggest one-day point decline, 998.5 points, on an intraday basis in Dow Jones Industrial Average history Procter & Gamble (as blue a blue chip as there is) went $60-63/share to under $40 in a matter of minutes. I should point out that PG is $180B company, so losing 1/3 value is in effect $60B market swing! Of all people, the voice of reason that day and in fact that minute was none other Jim Cramer, saying "if PG is trading there, you just go and buy it. That is not a real price." Here is the thing - it was the right call in real time. It was made in the context of the decision making timeframe and available domain information. There are reports of hackers in various markets, what should we do to defend against that? I have some ideas, but to the question who should do the work? Let's look back at the Flash Crash, who is the best person to determine whether PG selling for $39/share is accurate? Answer- someone with domain knowledge. Abstract security knowledge does not help unless its integrated into the domain that uses it. No amount of knowledge about security protocols substitutes. Subs don't plug oil wells, oil engineers do. Network security monitors don't clear trades, traders do. Any tradeoff discussion needs to include an argument about the purported efficacy gains of non-domain specific knowledge; and accurately reflect the real limitations of that non-domain specific knowledge. From rforno at infowarrior.org Sun Feb 6 19:32:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Feb 2011 20:32:23 -0500 Subject: [Infowarrior] - OT: Dear NFL .... Message-ID: <70C652DB-1932-47B6-A3C5-1170EBDAA7CD@infowarrior.org> Dear NFL: Please invite Jar-Jar Binks to perform at next year's Superbowl halftime. It will be a vast improvement to the spectacle we saw this evening. Also please ensure your singer knows the correct words to the national anthem when opening the festivities. Thanks for your attention. --- rick From rforno at infowarrior.org Mon Feb 7 11:21:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Feb 2011 12:21:31 -0500 Subject: [Infowarrior] - Accessing WikiLeaks Violates Espionage Act, USAF Says Message-ID: Accessing WikiLeaks Violates Espionage Act, USAF Says February 7th, 2011 by Steven Aftergood http://www.fas.org/blog/secrecy/2011/02/accessing_wikileaks.html Americans who have accessed the WikiLeaks web site may have violated the Espionage Act, under an extreme interpretation of the law advanced by Air Force officials last week. Many government agencies have instructed their employees not to download classified materials from the WikiLeaks web site onto unclassified computer systems. The government?s position is that although the material is in the public domain, its classification status is unaffected. Therefore, to preserve the integrity of unclassified systems, the leaked classified information should not be accessed on such systems. If it is accessed, it should be deleted. But on February 3, Air Force Materiel Command (AFMC) at Wright-Patterson Air Force Base issued startling new guidance stating that the leaked documents are protected by the Espionage Act and that accessing them under any circumstances is against the law, not simply a violation of government computer security policy. ?According to AFMC?s legal office, Air Force members ? military or civilian ? may not legally access WikiLeaks at home on their personal, non-governmental computers, either. To do so would not only violate the SECAF [Secretary of the Air Force] guidance on this issue,? it would also subject the violator to prosecution for violation of espionage under the Espionage Act,? the AFMC legal office said. Then, in an astounding interpretive leap, the AFMC went on to say that similar prohibitions apply to the relatives of Air Force employees. ?If a family member of an Air Force employee accesses WikiLeaks on a home computer, the family member may be subject to prosecution for espionage under U.S. Code Title 18 Section 793.? This is a breathtaking claim that goes far beyond any previous reading of the espionage statutes. ?That has to be one of the worst policy/legal interpretations I have seen in my entire career,? said William J. Bosanko, director of the Information Security Oversight Office, by email. If taken seriously for a moment, the AFMC guidance raises a host of follow-on questions. What if a family member accessed WikiLeaks on a computer outside the home? What if a non-family member accessed WikiLeaks on the home computer? What if one learns that a neighbor has accessed WikiLeaks in the neighbor?s home? Is the Air Force employee obliged to intervene or to report the violation to authorities? And how could any of this possibly be constitutional? Since the AFMC guidance is not based in existing case law or past practice, these questions have no immediate answers. Last December, a Department of Homeland Security official complained to Secrecy News that government policy on WikiLeaks produced the incongruous result that ?my grandmother would be allowed to access the cables but not me.? But if the new Air Force guidance can be believed, this is incorrect because the official?s grandmother would be subject to prosecution under the Espionage Act. In reality, there does not seem to be even a remote possibility that anyone?s grandmother would be prosecuted in this way. Instead, ironically enough, the real significance of the new AFMC guidance could lie in its potential use as evidence for the defense in one of the pending leak prosecutions under the Espionage Act. Defendants might argue that if the Espionage Act can be seriously construed by Air Force legal professionals to render a sizable fraction of the American public culpable of espionage, then the Act truly is impermissibly broad, vague and unconstitutional. For a standard view of the general subject see ?The Protection of Classified Information: The Legal Framework? (pdf), Congressional Research Service, January 10, 2011. From rforno at infowarrior.org Mon Feb 7 14:59:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Feb 2011 15:59:57 -0500 Subject: [Infowarrior] - FCC: Presidential emergency alerts to be tested Message-ID: FCC: Presidential emergency alerts to be tested February 7, 2011 - 9:17am Lisa Fowlkes, Deputy Chief, Public Safety and Homeland Security Bureau, FCC http://www.federalnewsradio.com/index.php?nid=15&sid=2262066 Everybody has heard the national Emergency Alert System (EAS). Those familiar "duck calls" that reassure listeners "THIS is a test...this is ONLY a test..." The FCC is planning an upgrade to the tests by including presidential announcements in the system. Lisa Fowlkes, deputy chief of the Public Safety and Homeland Security Bureau of the FCC, explained to the Federal Drive the Presidential Alert isn't new. "The primary goal is to provide the President with a mechanism to communicate with the American public during times of national emergency," said Fowlkes. The change, she said, is that prior to last week's order there was no rule in place to call for or allow a test from top to bottom. Fowlkes said, "There's never been a test from top to bottom where it's issued by FEMA and it goes straight down to all the different levels of EAS to the American public. So this is a way for us to glean, okay, if there were an actual emergency and the federal government needed to activate the Presidential EAS, making sure that it actually works the way it's designed to." Now that there's a rule in place, the next challenges are going to be working with all the stakeholders on timing of the test and to reach out to the public so they understand it's a test and not a real emergency, Fowlkes said. "We want to make sure that it works the way it's designed to," Fowlkes said. "If there are things that work well, great. If there are things that don't work well, we can work with EAS participants and with state and local governments as well as our federal partners to correct or improve what doesn't work." At the same time, said Fowlkes, the FCC is looking at how wireless broadband could also enhance the EAS as part of a recommendation that was in the FCC's National Broadband Plan from last year. The idea is to leverage broadband and the Internet for emergency alerting with the "Commercial Mobile Alert System (CMAS) being developed by FEMA and the wireless industry." CMAS would allow three kinds of text messaging or wireless alert to be sent, said Fowlkes: ? Presidential Alerts - "Which would be the same as what the president might issue or FEMA might issue through the EAS system, ? Imminent Threat Alerts - Which Fowlkes said would warn when "there's a hurricane coming or a tornado coming," and then the ? Child Abduction Emergency/AMBER Alerts - Alerts related to missing or endangered children due to an abduction or runaway situation. Fowlkes said the CMAS is slated to begin deployment in April 2012. From rforno at infowarrior.org Mon Feb 7 15:10:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Feb 2011 16:10:14 -0500 Subject: [Infowarrior] - FCC redirects its $8.7B in phone bill fees Message-ID: <38658BA7-8D3E-402C-91BF-72EA5FB05DB0@infowarrior.org> From voice to broadband: FCC redirects its $8.7B in phone bill fees By Matthew Lasar | Last updated about an hour ago http://arstechnica.com/telecom/news/2011/02/fcc-will-remake-87-billion-program-for-world-that-no-longer-exists.ars Can the Federal Communications Commission save a huge government program that overpays carriers to provide old school phone service, overtaxes subscribers to subsidize it, discourages modernization, and doesn't even offer broadband to the low income and rural consumers it purports to serve? Yes it can, insists FCC Chair Julius Genachowski. The Commission's $8.7 billion Universal Service Fund and Intercarrier Compensation system was designed "for a world that no longer exists," Genachowski told the Information Technology and Innovation Foundation on Monday. The USF was created "for a world with separate local and long-distance telephone companies; a world of traditional, landline telephones before cell phones or Skype; a world without the Internet." "Some say if USF is broken, we should eliminate it altogether," he continued. "I reject that idea. While the world has changed, the importance of universal service to our connectivity and competitiveness has not." Tomorrow the FCC will propose massive changes to the USF program at its Open Commission meeting. Here are the details, along with our interview with Genachowski about the USF's future. Millions bypassed The Universal Service Fund tithes your phone service and uses the money in a variety of ways, subsidizing low income consumers and rural carriers, and providing schools and libraries with money for network connectivity. But the program does all this with breathtaking inefficiency. It taxes consumers for "long distance" telephone calls, still presumed to be more expensive than local service, even though IP telephony has made this distinction irrelevant. As subscribers make fewer, old-school copper wire long distance calls, the USF must hike its base percentage to compensate for the shortfall in revenues. And thanks to a bizarre funding formula, in some areas USF pays $20,000 a year for households to get phone service. The USF's "high cost" fund puts millions of dollars into regions where non-subsidized carriers already provide connectivity. Or the system subsidizes multiple carriers to provide service to the same areas, such as a region of Mississippi where, in 2009, no less than 13 carriers all received high cost cash. Mostly importantly, the USF doesn't subsidize broadband service, to which every form of electronic communication is now migrating?something noted in the heartstring-pulling section of Genachowski's speech. "We simply can't let millions of Americans be bypassed by the broadband revolution," he declared. "Americans like the 17-year-old girl in Alachua County, Florida who's doing her homework in the parking lot of the local library at night, because her family can't get broadband at home and the library's hot spot is her only option." The big fix Most agree it would be a grand thing if the USF were rerouted towards broadband?enticing the estimated 30 million Americans who can't or don't go online to explore the joys and necessities of cyberspace. So last year the FCC's National Broadband Plan outlined some key reforms. First was the creation of a "Connect America Fund" to support broadband providers for poor and rural regions. The CAF will only subsidize providers in zones "where there is no private sector business case to provide broadband and high-quality voice-grade service." The program will only fund one provider per area. Its recipients will be adequately audited (one hopes). And, of course, they will have to provide broadband. Second, the FCC wants Congress to authorize a "mobility fund" to help various states get up to speed in 3G wireless. The Connect America Fund will be subsidized in part by a reform of the FCC's Intercarrier Compensation system, in which the big carriers pay smaller providers to complete phone calls to rural areas. Per-minute calling compensation rates will be dropped?reducing carrier incentives to stay with old technology. Shenanigans like "traffic pumping"?offering chat room services or other gimmicks that "stimulate" calling to a rural region in order to get intercarrier comp cash?will be stopped. Much of this money will be gradually transitioned to ISP services. It would help, the NBP noted, if Capitol Hill could kick in some "optional public funding" for the Connect America program, "such as a few billion dollars per year over a two to three year period" to smooth out the process. Whether that can happen with this hyperpolarized Congress is unclear. But the FCC says it wants to get this whole business done by 2020, with reforms of High Cost and disbursements from Connect America both beginning in 2012. On Tuesday the FCC will vote to implement these new programs, launching the Connect America fund and tackling all these tough High Cost and Intercarrier Comp issues. Bring us your proposals We had the chance to speak briefly with FCC Chair Genachowski this morning about the plan. Ars Technica: In your speech, you challenged critics who call for USF ISPs to provide "the highest speeds technically possible" to "bring us your proposals." Would you expect USF ISPs to offer speeds adequate enough to watch, say, Netflix on Apple TV? Julius Genachowksi: It's a good question. It's something that we thought about in the context of the National Broadband Plan. At the time the definition of broadband was 768Kbps. Other countries that have looked at this for purposes of broadband funding have said 1Mbps or 2Mbps. And we looked at it and we looked at the kinds of functionalities in the near term that should be included?video conferencing for businesses and distance learning and remote diagnostics. And that's what informed the 4/1 proposal [4Mbps download/1Mbps upload] in the National Broadband Plan for what the initial minimum speed for the purposes of USF and so it does reflect that kind of thinking. Ars Technica: Is that a yes for Netflix and similar offerings? Genachowski: Well, they'd be able to do what you can do with 4Mbps down and 1Mbps up. And the things that we focused on in the National Broadband Plan were things that small businesses can do and students can do and doctors and patients can do. A lot of it involves having basic video over broadband. Ars Technica: Do you think that wholesale broadband line sharing would help accomplish some of the goals outlined in your USF plan? Genachowski: That's not something that we are taking up tomorrow. Ars Technica: Yes, but do you think it would? Genachowski: That's not something that I'm going to comment on today. Ars Technica: What do you say to critics who question whether there really is looming spectrum shortage for wireless carriers, as the FCC asserts? Genachowski: I think that the data speaks for itself. And the data says that the demand is very rapidly outstripping the supply, not by a little bit, but by a lot. And if we don't act, we'll run into a spectrum wall. Obviously it takes a little bit of time from the time that you start doing spectrum reform to the time that it becomes available. So running out of spectrum tomorrow isn't the issue. We're looking at trends over the coming years. And the trend is very worrisome, and I think that there's broad agreement about that. And the idea of incentive auctions is about bringing market incentives into the use of existing spectrum. And if we can do that, ultimately the market will be the judge of appropriate spectrum allocation. Ars Technica: You argue that the FCC needs to discourage "traffic pumping." At least one former FCC economist argues that access stimulation is a good way fund telecom services in remote areas. Genachowski: I think that our policies to promote Universal Service in remote areas should be transparent, efficient, and market based. I think there's widespread agreement that traffic pumping isn't a transparent way to support it in rural areas. Ars Technica: Do you think that Congress will help the FCC with the Connect America fund? Any optimism here? It's a pretty tough Congress, I'd imagine you'd agree. Genachowski: As I said in my speech, we're really open to all ideas that would speed this transition. From rforno at infowarrior.org Mon Feb 7 16:20:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Feb 2011 17:20:21 -0500 Subject: [Infowarrior] - Maryland Cyber Challenge & Conference Message-ID: <24E24202-A686-43FA-9A24-AD54CE7C645B@infowarrior.org> (Disclosure: I am on the event steering committee. --- rick) http://www.prnewswire.com/news-releases/saic-and-umbc-launch-inaugural-cyber-challenge-and-conference-115473354.html SAIC and UMBC Launch Inaugural Cyber Challenge and Conference Competition to Further Establish Maryland as a Leader in Cybersecurity Innovation BALTIMORE, Feb. 7, 2011 /PRNewswire/ -- Science Applications International Corporation (SAIC) (NYSE: SAI) and the University of Maryland, Baltimore County (UMBC) today announced plans for a statewide cyber competition and conference designed to attract more students and young professionals to pursue careers in cybersecurity. The Maryland Cyber Challenge and Conference (MDC3), to be held Oct. 21-22, 2011, will strengthen Maryland's position as a cybersecurity leader by bringing teams of current and prospective cybersecurity professionals together to develop the skills and techniques needed to protect vital information systems. Founders of the event include SAIC, UMBC, the National Cyber Security Alliance (NCSA), the Maryland Department of Business and Economic Development (DBED), and the Tech Council of Maryland (TCM). "I am so proud to join in celebrating the first-ever Maryland Cyber Challenge and Conference," said Maryland Governor Martin O'Malley. "Our State is poised to lead the way in cybersecurity. From our world-class facilities, federal agencies and military commands that are engaged in cybersecurity work to our vibrant and growing private sector and talented universities, we are uniquely positioned to lead the way to protect and defend the nation's digital infrastructure. I'd like to thank SAIC and UMBC for recognizing the importance of preparing the next generation for the jobs of the future." Orientation sessions for teams in each of three divisions ? high school, collegiate and industry and government professionals ? will be held at UMBC in March and April. Two qualifying rounds will be conducted online using SAIC's Cyber Network Exercise System (CyberNEXS), a scalable training, exercise and certification system. "SAIC is thrilled to be a co-founder of the inaugural MDC3," said Larry Cox, SAIC senior vice president and business unit general manager. "This is an opportunity to attract students and young professionals to cyber-oriented degree programs and careers, expanding Maryland's reach as a leader in cybersecurity innovation." The final rounds of the challenge will be held at the conference as part of Maryland's activities to recognize National Cyber Security Awareness Month. High school teams will compete in a cyber defense challenge, while collegiate and professional teams will go head-to-head in a "capture the flag" scenario. Winners of each division will receive their trophies and awards at a formal ceremony at UMBC. "Maryland colleges and universities have a critical role to play in preparing students for careers in cybersecurity and related fields," said UMBC President Freeman Hrabowski. "This event will support those efforts by encouraging the development of valuable cybersecurity skills in a competitive setting." The October cyber conference will feature exhibitor booths, keynote speeches and workshops conducted by nationally recognized industry leaders. "NCSA is proud to be a co-founder of this event," said Michael Kaiser, NCSA executive director. "The nation is in need of a new generation of cybersecurity professionals. This challenge is an excellent way to inspire young people to pursue careers, and perhaps ignite a new passion, for protecting our valuable digital assets." During MDC3, students and young professionals will have an opportunity to network with cybersecurity leaders while learning about careers in cyber technology. The conference agenda will be oriented toward students, parents, and professionals from academia, industry and government. "DBED is pleased to team with SAIC and UMBC to prepare today's students for tomorrow's jobs," said Maryland Secretary of Business & Economic Development Christian S. Johansson, adding, "We launched CyberMaryland last year to position our state as the epicenter for cybersecurity and this effort demonstrates that everything cyber happens right here in Maryland." "For more than a year, the Tech Council of Maryland (TCM) has been engaged with the cybersecurity industry, our members and our partners in Maryland to produce a series of events and conversations through the CyberMaryland Forum," said Renee M. Winsky, TCM CEO. "Working with SAIC and others on MDC3 only furthers the breadth and opportunity for Maryland's bourgeoning cybersecurity industry." For more information on MDC3, please visit www.saic.com/cyber-challenge. About UMBC UMBC (http://www.umbc.edu/) is a dynamic public research university integrating teaching, research, and service. An Honors University with enrollment of 12,800, UMBC ranks fourth among U.S. research universities in the production of IT degrees and certificates, and it is the largest producer of such graduates among research universities in Maryland, Washington, D.C., and Virginia. The campus offers a master's degree and a graduate certificate in cybersecurity, and it is rated a Center of Excellence in information assurance education and research. For the second year in a row, U.S. News & World Report America's Best Colleges Guide has named UMBC the #1 up-and-coming national university. About SAIC SAIC is a FORTUNE 500? scientific, engineering, and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. The company's approximately 45,000 employees serve customers in the U.S. Department of Defense, the intelligence community, the U.S. Department of Homeland Security, other U.S. Government civil agencies and selected commercial markets. Headquartered in McLean, Va., SAIC had annual revenues of $10.8 billion for its fiscal year ended January 31, 2010. For more information, visit www.saic.com. SAIC: From Science to Solutions? Statements in this announcement, other than historical data and information, constitute forward-looking statements that involve risks and uncertainties. A number of factors could cause our actual results, performance, achievements, or industry results to be very different from the results, performance, or achievements expressed or implied by such forward-looking statements. Some of these factors include, but are not limited to, the risk factors set forth in SAIC's Annual Report on Form 10-K for the period ended January 31, 2010, and other such filings that SAIC makes with the SEC from time to time. Due to such uncertainties and risks, readers are cautioned not to place undue reliance on such forward-looking statements, which speak only as of the date hereof. SAIC Contact: Melissa Koskovich Laura Luke (703) 676-6762 (703) 676-6533 koskovichm at saic.com laura.luke at saic.com UMBC Contact: Anthony Lane (410) 455-5793 alane at umbc.edu From rforno at infowarrior.org Mon Feb 7 16:47:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Feb 2011 17:47:41 -0500 Subject: [Infowarrior] - Support Grows for Tiered Risk System at Airports Message-ID: <12029674-B94D-4160-A1DD-4ADDD6949CD8@infowarrior.org> February 7, 2011 Support Grows for Tiered Risk System at Airports By SUSAN STELLIN http://www.nytimes.com/2011/02/08/business/08security.html?_r=1&hp=&pagewanted=print One reason airport security measures frustrate travelers is that screening procedures tend to treat all passengers the same: as potential terrorists. But in the wake of the furor last fall over pat-downs and body scanners, several industry organizations are working on proposals to overhaul security checkpoints to provide more or less scrutiny based on the risk profile of each traveler. While the proposals are in the early stages, they represent a growing consensus around a concept that has the support of John S. Pistole, the head of the Transportation Security Administration: divide travelers into three groups ? trusted, regular or risky ? and apply different screening techniques based on what is known about the passengers. ?Today we have T.S.A. agents looking at TV screens, but they don?t know anything about the person going through the system,? said Steve Lott, a spokesman for the International Air Transport Association. ?The idea is to take data that the government and the airlines are already collecting about passengers and bring it to the checkpoint.? A crucial part of the group?s ?checkpoint of the future? proposal, and similar plans under discussion by other industry organizations, is creating a trusted traveler program that would allow passengers to undergo a background check to gain access to an expedited security lane at the airport. These trusted travelers would probably pay a fee for the vetting, much like the $100 application fee for the Global Entry program operated by United States Customs and Border Protection. After submitting to an interview, a background check and a fingerprint scan to join Global Entry, members can clear customs using a kiosk instead of waiting to speak with an agent. ?Our security apparatus has already acknowledged that we can create trusted traveler programs,? said Geoff Freeman, executive vice president of the U.S. Travel Association. ?Let?s expand on that.? The association, a trade group, plans to release its own proposal for ways to improve security checkpoints next month, but many of its core concepts overlap with ideas presented by the International Air Transport Association at an industry conference last year. Both groups envision three screening lanes with different security procedures based on varying levels of risk. Trusted travelers would undergo lighter screening, perhaps passing through a metal detector with their shoes on and laptops in their bags, whereas anyone flagged as potentially risky would receive more intensive scrutiny, using technology like the body scanners and interviews with officers trained in behavioral analysis. Although many of the procedural details are still just proposals, the idea is to determine who may present a risk based on better use of government intelligence and watch lists as well as suspicious behaviors like checking in for a one-way international flight with no luggage. Travelers in the middle group ? neither vetted nor risky ? would receive an intermediate level of screening, but ideally the process would be quicker than current procedures because suspicious passengers would be diverted to a separate lane. Making the screening process more efficient is the major goal of both trade associations, based on concerns that as the economy improves and passenger traffic increases, security lines will slow down, deterring people from traveling. Whether more invasive procedures like pat-downs and body scanners are discouraging air travel is open to debate, but there is a growing consensus that 10 years after the Transportation Security Administration was created, it is time to re-evaluate the agency?s strategy. In remarks to the American Bar Association in January, Mr. Pistole expressed a need to formulate a vision for transportation security, mentioning a trusted traveler program as an option under consideration and expressing an openness to other suggestions. ?If people have ideas, he wants to hear them because he?s looking at ways to make changes,? a T.S.A. spokesman, Nicholas Kimball, said. In response to concerns about the body scanners, the agency last week demonstrated software it was testing at Las Vegas McCarran International Airport that allowed the machines to display a generic outline of a human figure rather than the graphic images some passengers view as a privacy invasion. The agency has also responded to pilots? concerns about escalating security measures by expediting the screening process for crew members, based on their trusted status and the background checks they undergo as a condition of their employment. The Air Line Pilots Association is also calling for a more risk-based approach to screening, not just for the crew but also for passengers. There is growing support for this type of approach, even on a global level. The International Civil Aviation Organization, a United Nations body that helps establish aviation policies for 190 member countries, has convened a working group to make recommendations about security screening procedures. A trusted traveler program is one idea on the table, said Jim Marriott, head of the organization?s aviation security branch. While there is support for more standardized practices around the world ? rather than a hodgepodge of rules about liquids and laptops ? Mr. Marriott cautioned that countries had different security needs, capabilities and resources. ?There are also some hard realities that we have to recognize in the security world about the protection of personal information and sensitivities to individual rights,? he said. Another issue is the cost of escalating security measures, and how much taxpayers and travelers are willing to spend to feel safe in the air. ?We need strong high-level leadership that levels with the public and says, ?Look, you cannot expect perfection out of any security system,? ? said Robert Poole, director of transportation policy at the Reason Foundation. For years, Mr. Poole has advocated for a more risk-based approach to aviation security, including some type of trusted traveler program. Now there finally seems to be more support to make it happen, he said. ?For the first time since 9/11, I think we have the conditions where it might be politically possible to have a serious debate about it,? he said. From rforno at infowarrior.org Tue Feb 8 07:54:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Feb 2011 08:54:25 -0500 Subject: [Infowarrior] - Sony Lawyers Expand Dragnet, Targeting Anybody Posting PlayStation 3 Hack Message-ID: <408DDB54-6683-423C-BF50-75B95F21E238@infowarrior.org> Ummm, yeah. HDCP, Blu-Ray, and what else was 'disclosed' and how well did the vendors/industry succeed in getting that genie back in the bottle? Good luck. --- rick Sony Lawyers Expand Dragnet, Targeting Anybody Posting PlayStation 3 Hack ? By David Kravets ? February 7, 2011 | ? 4:58 pm | ? Categories: Censorship, Digital Millennium Copyright Act http://www.wired.com/threatlevel/2011/02/sony-lawsuit-factory/ Sony is threatening to sue anybody posting or ?distributing? the first full-fledged jailbreak code for the 4-year-old PlayStation 3 gaming console. What?s more, the company is demanding that a federal judge order Google to surrender the IP addresses and other identifying information (.pdf) of those who have viewed or commented about the jailbreak video on a private YouTube page. The game maker is also demanding that Twitter provide the identities of a host of hackers who first unveiled a limited version of the hack in December. Sony?s aggressive pretrial discovery demands come in its lawsuit against George Hotz. The 21-year-old New Jersey hacker, who is well known in the jailbreaking community, published the finished PlayStation 3 code and a how-to YouTube video last month. The code enables the Playstation 3 to play pirated and homebrewed games. Sony wants the information ?to determine the identities of third parties hosting and distributing the circumvention devices? so Sony can send them a DMCA notice to remove the material ?and, if necessary, seek appropriate relief from this court.? (.pdf) ?The discovery they call for in my opinion is overbroad,? Hotz? attorney, Stewart Kellar, said in a telephone interview. Sony declined to comment. A hearing is tentatively set for Wednesday. Sony filed its documents about 7:30 p.m. PST on Friday. U.S. District Judge Susan Illston ordered Hotz to remove the YouTube video and the code from his personal website ? orders with which Hotz complied with last week. Ahead of an unscheduled trial in which Sony is seeking unspecified damages from Hotz, Illston had concluded that Hotz likely breached the Digital Millennium Copyright Act. He did so by publishing or ?distributing? a hack designed to circumvent software meant to protect copyrighted material, the judge said. Hotz, by order of Illston, is also scheduled to surrender his computer gear to Sony by Thursday. Kellar is trying to convince Judge Illston to back away from allowing Sony to examine his drives and other devices. Sony is also trying to haul into court the so-called ?fail0verflow hacking team.? But first, Sony needs to learn the identities and whereabouts of the group?s members. They are accused of posting a rudimentary hack in December. It was refined by Hotz weeks later when he accessed the console?s so-called ?metldr keys,? or root keys that trick the system into running unauthorized programs Toward getting the fail0verflow defendants to appear into court, Sony is demanding that Twitter divulge the personal account information (.pdf) behind the usernames of @KaKaRoToKS, @gnihsub, @pytey, @bl4sty, @marcan42 and @fail0verflow. Sony claims the hacks will eat into game sales for the 41 million PS3 units sold. The DMCA makes it either a civil or criminal offense to traffic in wares meant to circumvent devices protecting copyrighted works. Ironically, performing a similar hack on a mobile phone is lawful. Last summer, the U.S. Copyright Office exempted cell phone jailbreaking from being covered by the DMCA. The decision means consumers may run the apps of their choice on mobile phones without fear of being civilly or criminally liable for a DMCA breach. From rforno at infowarrior.org Tue Feb 8 07:57:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Feb 2011 08:57:51 -0500 Subject: [Infowarrior] - WH will propose new digital copyright laws Message-ID: <055CA7B3-435D-4E24-A04C-85B96FC424FC@infowarrior.org> (Somehow I don't think this won't be "change you can believe in" -- unless you're the entertainment cartel, that is. --- rick) February 7, 2011 10:11 PM PST White House will propose new digital copyright laws by Declan McCullagh http://news.cnet.com/8301-31921_3-20030956-281.html?part=rss&subj=news&tag=2547-1_3-0-20 The Obama administration has drafted new proposals to curb Internet piracy and other forms of intellectual property infringement that it says it will send to the U.S. Congress "in the very near future." It's also applauding a controversial copyright treaty known as the Anti-Counterfeiting Trade Agreement, or ACTA, saying it will "aid right-holders and the U.S. government to combat infringement" once it enters into effect. Those disclosures came from a report released today by Victoria Espinel, whom President Obama selected as the first intellectual property enforcement coordinator and was confirmed by the Senate in December 2009. There's no detail about what the proposed law would include, except that it will be based on a white paper of "legislative proposals to improve intellectual property enforcement," and it's expected to encompass online piracy. The 92-page report (PDF) reads a lot like a report that could have been prepared by lobbyists for the recording or movie industry: it boasts the combined number of FBI and Homeland Security infringement investigations jumped by a remarkable 40 percent from 2009 to 2010. Nowhere does the right to make fair use of copyrighted material appear to be mentioned, although in an aside on one page Espinel mentions that the administration wants to protect "legitimate uses of the Internet and... principles of free speech and fair process." The usual copyright hawks in Congress applauded the Obama administration's report. "I'm committed to strengthening the laws that promote investment, innovation and creativity at home," said Rep. Bob Goodlatte, a Virginia Republican who chairs the House subcommittee that writes copyright law. "I share the view that our criminal and IP laws need to be modernized to ensure that legitimate online commerce is not crippled by rampant piracy and counterfeiting, much of which originates overseas." In October 2008, President Bush signed into law the so-called Pro IP ACT, which created Espinel's position and increased penalties for infringement, after his administration expressed its opposition to an earlier version. Unless legislative proposals--like one nearly a decade ago implanting strict copy controls in digital devices--go too far, digital copyright tends not to be a particularly partisan topic. The Digital Millennium Copyright Act, near-universally loathed by programmers and engineers for its anti-circumvention provisions, was approved unanimously in the U.S. Senate. At the same time, Democratic politicians tend to be a bit more enthusiastic about the topic. No less than 78 percent of political contributions from Hollywood went to Democrats in 2008, broadly consistent with the trend for the last two years, according to OpenSecrets.org. From rforno at infowarrior.org Tue Feb 8 13:53:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Feb 2011 14:53:23 -0500 Subject: [Infowarrior] - Columbia Law's Tim Wu to Advise FTC Message-ID: Columbia Law's Tim Wu to Advise FTC By SPENCER E. ANTE And THOMAS CATAN http://online.wsj.com/article/SB10001424052748703313304576132310943386724.html Silicon Valley has a new fear factor. Columbia University Law School professor Tim Wu, an influential academic and author who popularized the term "net neutrality," has been appointed senior advisor to the Federal Trade Commission. Mr. Wu, 38, will start his new position on Feb. 14 in the FTC's Office of Policy Planning, and will help the agency to develop policies that affect the Internet and the market for mobile communications and services. The FTC said Mr. Wu will work in the unit until July 31. Mr. Wu, who is taking a leave from Columbia, said that to work after that date he would have to request a further leave from the university. In Mr. Wu's view, which he laid out in a book published last year called The Master Switch, new information technologies follow a predictable cycle in which open and free systems eventually become controlled by a single corporation or cartel. Mr. Wu believes the Internet may follow a similar pattern, as a few companies emerge to dominate key sectors: Google in the online search market, Amazon.com in retail, Apple in digital media and Facebook in social networking. "There is a sense that the Internet is becoming more consolidated," said Mr. Wu. Mr. Wu, an offbeat academic who has attended the popular Burning Man festival several times, says the next big technology policy issue is figuring out the rules of the road for these emerging platforms, and that is what he will focus on. "I would be satisfied with getting together the rules for the Internet platform," he said. A Harvard Law School graduate who clerked for Supreme Court Justice Stephen G. Breyer, Mr. Wu has had a surprisingly large influence on telecom policy on Capitol Hill. In 2006, he was invited by the FCC to help draft the first-ever net neutrality rules that were attached to the merger of AT&T and BellSouth. They required the company for 30 months to allow consumers to access any content or service of their choice, while barring AT&T from providing faster service to any content or service provider. In 2007, the FCC adopted two of Mr. Wu's proposals for an upcoming auction of wireless airwaves. The rules required network operators to support any device or application on the spectrum they buy. At the FTC, Mr. Wu will help carry out its mission to regulate consumer protection, antitrust and privacy issues. The agency is jointly responsible with the Justice Department for enforcing federal antitrust laws. One company is likely to take a keen interest in news of Mr. Wu's appointment is Google Inc., where Mr. Wu briefly worked as an unpaid fellow in 2008. Both sides of the FTC have investigated Google practices in recent years. FTC officials have suggested that they intend to scrutinize Google closely for any signs of anticompetitive behavior. The FTC's consumer protection bureau has probed Google's collection of wifi data through its Street View cars. It's also taken a keen interest in internet privacy issues, including "tracking" by advertisers and the use of personal data by social networks. It recently proposed a "do not track" system to allow people to opt-out of having their actions monitored online, prompting objections from the online-advertising industry. The FTC has also handled competition issues relating to Google and other Silicon Valley firms. It performed an exhaustive review of Google's acquisition of mobile ad network AdMob, and before that, its purchase of DoubleClick. It ultimately cleared both transactions. The agency has investigated whether Apple's tight control of applications sold through its App Store acts as a restraint on competition, according to people familiar with the matter. And it has probed whether the existence of interlocking boards at several Silicon Valley companies broke antitrust laws, prompting among others the resignation of Google's Steve Schmidt from Apple's board. It isn't clear how much Mr. Wu will be focusing on Google at the FTC, but in recent comments he's expressed some concern about its growing grip over the Internet. Discussing his book at Google's Washington offices in November, Mr. Wu said the search giant was close to a tipping point in which, he argues, "information empires" move from being benign monopolies to being anticompetitive impediments to innovation. "I don't think anyone can deny that Google has a monopoly over the search engine market," he said, sitting on stage next to a Google executive on the day that the European Union launched an antitrust inquiry into the company. "It is reminiscent in my mind of AT&T in the 1920s." AT&T, he said, later suppressed inventions like the tape recorder for fear that it would challenge its telephone business. The company was eventually broken up by the Justice Department in a landmark antitrust suit. From rforno at infowarrior.org Tue Feb 8 19:45:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Feb 2011 20:45:23 -0500 Subject: [Infowarrior] - House rejects Patriot Act provisions extension Message-ID: <6142FE89-B5DB-41BB-B7E5-9D7549285F10@infowarrior.org> *stunned* t 12:20 PM ET, 02/ 8/2011 House rejects measure that would extend key Patriot Act provisions through December By Felicia Sonmez Updated: 7:15 p.m. http://voices.washingtonpost.com/44/2011/02/ahead-of-patriot-act-vote-some.html?hpid=topnews A measure to extend key provisions of the Patriot Act counterterrorism surveillance law through December failed the House Tuesday night, with more than two-dozen Republicans bucking their party to oppose the measure. The House measure, which was sponsored by Rep. Jim Sensenbrenner (R-Wis.) and required a two-thirds majority for passage, failed on a 277-to-148 vote. Twenty-six Republicans voted with 122 Democrats to oppose the measure, while 67 Democrats voted with 210 Republicans to back it. Ten members did not vote. The measure would have extended three key provisions of the Patriot Act that are set to expire on Monday, Feb. 28, unless Congress moves to reauthorize them. One of the provisions authorizes the FBI to continue using roving wiretaps on surveillance targets; the second allows the government to access "any tangible items," such as library records, in the course of surveillance; and the third is a "lone wolf" provision of the Intelligence Reform and Terrorist Prevention Act that allows for the surveillance of targets who are not connected to an identified terrorist group. The vote came as several tea party-aligned members of the new freshman class had been expressing doubts about the measure. Kentucky Republican Sen. Rand Paul, who highlighted his opposition to the law during his upstart 2010 Senate campaign, signaled Monday that he may vote ultimately vote against an extension when the measure comes up in the Senate, likely later this month. "I've had a lot of reservations about the Patriot Act," Paul said when asked whether he's leaning toward voting for an extension. "We're reviewing it and we're going over it, and we will have something out probably in the next couple of days," he added. "We won't be shy about it when it comes out." Paul's father, Rep. Ron Paul (R-Texas), was among the trio of Republican lawmakers who opposed the Patriot Act when the House approved it in October 2001. Some young conservative lawmakers, including Rep. Jason Chaffetz (R-Utah), had not yet decided how they would vote ahead of Tuesday night; Chaffetz later said in an interview after the vote that he had indeed decided to support the measure. A spokesperson for Chaffetz's Utah colleague, conservative freshman Sen. Mike Lee (R), did not immediately respond to a request for comment. Meanwhile, one of the Senate's newly-elected moderate Republicans, Sen. Mark Kirk (Ill.), said Monday that he's likely to vote in favor of extending the Patriot Act provisions, adding that "it would be smart" for the Senate to back a three-year extension. "Having it disappear is not the right answer," Kirk said. Some Democrats opposed to the Patriot Act had seized on Tuesday's vote as an opportunity to question tea-party-backed lawmakers' reverence for the Constitution. Ohio Democratic Rep. Dennis Kucinich, who voted against the measure in 2001, released a statement Monday calling Tuesday's House vote "the tea party's first test." "The 112th Congress began with a historic reading of the U.S. Constitution," Kucinich said. "Will anyone subscribe to the First and Fourth Amendments tomorrow when the PATRIOT Act is up for a vote? I am hopeful that members of the Tea Party who came to Congress to defend the Constitution will join me in challenging the reauthorization." The Patriot Act has long been an issue that has not divided neatly along party lines. Former Wisconsin Democratic Sen. Russ Feingold was the only senator to originally vote against the measure in 2001 and was among the law's most outspoken opponents. But as portions of the law have come up for reauthorization over the years, its opponents have often included both Republican and Democratic members. The White House on Tuesday said in a statement that it "does not object" to extending the three Patriot Act provisions until December 2011 although it "would strongly prefer" an extension until December 2013, noting that the longer timeline "provides the necessary certainty and predictability" that law enforcement agencies require while at the same time ensuring congressional oversight by maintaining a sunset. In addition to the House legislation, the Senate is considering three competing timelines, including proposals that would permanently extend the three provisions or extend them through 2013. Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.), both of whom have introduced competing proposals, said Monday that committee members continue to work toward an agreement but declined to speculate as to the end result. "We're working on that this week," Leahy said. "It's got to be done. ... I don't want it to be a situation where none of them go through." From rforno at infowarrior.org Tue Feb 8 20:30:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Feb 2011 21:30:44 -0500 Subject: [Infowarrior] - Forgiveness via iPhone: Church approves confession app Message-ID: Forgiveness via iPhone: Church approves confession app http://www.newscientist.com/blogs/onepercent/2011/02/confession-app-approved-by-chu.html 16:30 8 February 2011 Apps Technology Niall Firth, technology editor Even for the most ardent Catholic, it can sometimes be tricky making the time to confess your sins. So the Church, as part of a new technology-friendly push, has now approved an iPhone app that lets busy Catholics admit their wrongdoings while on the move. Selling for $1.99, "Confession: A Roman Catholic App" was developed as an aid "for those who frequent the sacrament and those who wish to return," according to Little iApps, the firm behind the idea. Its makers insist it is not a replacement for confessing in person with a priest, but instead helps to keep track of all the evil things you have done since the last time you confessed by ticking off some of the most common failings. Deviants get the opportunity to add their own, bespoke, sins as they go. The app offers a step-by-step guide to the different ways in which the user might have sinned and offers them seven acts of contrition - ways in which they can atone for their sins. The app was given the Church's official seal of approval, the imprimatur, by Bishop Kevin Rhoades of Fort Wayne-South Bend in Indiana. But while it is the first to have been officially sanctioned by the Church, there are a host of other apps available for the digital-savvy churchgoers. iBreviary, iMass and iMissal are all iPad apps that contain the entire service of mass for Catholics and other Christians. And the Catholic Quiz app, marshalled by a fearsome-sounding digital nun called Sister Crack-Your-Knuckles, lets users brush up on their knowledge of all things Catholic. Meanwhile, the Holy Rosary app is a graphical way for Catholics to keep track of their prayers, while the Patron Saints and Candles app contains a list of 75 patron saints and a digital candle that can be lit during prayers. "Our desire is to invite Catholics to engage in their faith through digital technology," Little iApps' Patrick Leinen told Reuters. The Confession app's approval forms part of a broader move by the Church to embrace new technology, following Pope Benedict's speech earlier this year at World Communications Day in which he said that Catholics should make "good use of their presence in the digital world." In 2009 the Vatican launched its own YouTube channel, which shows video and text of the Pope's addresses. From rforno at infowarrior.org Wed Feb 9 07:40:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Feb 2011 08:40:22 -0500 Subject: [Infowarrior] - 2011 National Military Strategy Message-ID: <031A7687-4783-4CE0-AB39-5C86E5718E53@infowarrior.org> (from a USAF friend) The 2011 National Military Strategy was just released today. Here is the link to the full document: http://graphics8.nytimes.com/packages/pdf/world/atwar/NMS-110208.pdf Disclaimer: I believe the document is unclassified, but all AF personnel and their kids should use discretion before clicking on the link above since it is after all provided by NY Times, ;) From rforno at infowarrior.org Wed Feb 9 08:31:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Feb 2011 09:31:57 -0500 Subject: [Infowarrior] - Magnetic Polar Shifts Causing Massive Global Superstorms Message-ID: Salem-News.com (Feb-04-2011 00:50) Magnetic Polar Shifts Causing Massive Global Superstorms http://www.salem-news.com/articles/february042011/global-superstorms-ta.php Terrence Aym Salem-News.com Superstorms can also cause certain societies, cultures or whole countries to collapse. Others may go to war with each other. (CHICAGO) - NASA has been warning about it?scientific papers have been written about it?geologists have seen its traces in rock strata and ice core samples? Now "it" is here: an unstoppable magnetic pole shift that has sped up and is causing life-threatening havoc with the world's weather. Forget about global warming?man-made or natural?what drives planetary weather patterns is the climate and what drives the climate is the sun's magnetosphere and its electromagnetic interaction with a planet's own magnetic field. When the field shifts, when it fluctuates, when it goes into flux and begins to become unstable anything can happen. And what normally happens is that all hell breaks loose. Magnetic polar shifts have occurred many times in Earth's history. It's happening again now to every planet in the solar system including Earth. The magnetic field drives weather to a significant degree and when that field starts migrating superstorms start erupting. The superstorms have arrived The first evidence we have that the dangerous superstorm cycle has started is the devastating series of storms that pounded the UK during late 2010. On the heels of the lashing the British Isles sustained, monster storms began to lash North America. The latest superstorm ? as of this writing ? is a monster over the U.S. that stretched across 2,000 miles affecting more than 150 million people. Yet even as that storm wreaked havoc across the Western, Southern, Midwestern and Northeastern states, another superstorm broke out in the Pacific and closed in on Australia. The southern continent had already dealt with the disaster of historic superstorm flooding from rains that dropped as much as several feet in a matter of hours. Tens of thousands of homes were damaged or destroyed. After the deluge tiger sharks were spotted swimming between houses in what was once a quiet suburban neighborhood. Shocked authorities now numbly concede that much of the water may never dissipate and have wearily resigned themselves to the possibility that region will now contain a new inland sea. But then only a handful of weeks later another superstorm; the megamonster cyclone Yasi, struck northeastern Australia. The damage it left in its wake is being called by rescue workers a war zone. The incredible superstorm packed winds near 190mph. Although labeled as a category-5 cyclone, it was theoretically a category-6. The reason for that is storms with winds of 155mph are considered category-5, yet Yasi was almost 22 percent stronger than that. A cat's cradle Yet Yasi may only be a foretaste of future superstorms. Some climate researchers, monitoring the rapidly shifting magnetic field, are predicting superstorms in the future with winds as high as 300 to 400mph. Such storms would totally destroy anything they came into contact with on land. The possibility more storms like Yasi or worse will wreak havoc on our civilization and resources is found in the complicated electromagnetic relationship between the sun and Earth. The synergistic tug-of-war has been compared by some to an intricately constructed cat's cradle. And it's in a constant state of flux. The sun's dynamic, ever-changing electric magnetosphere interfaces with the Earth's own magnetic field affecting, to a degree, the Earth's rotation, precessional wobble, dynamics of the planet's core, its ocean currents and?above all else?the weather. Cracks in Earth's Magnetic Shield The Earth's northern magnetic pole was moving towards Russia at a rate of about five miles annually. That progression to the East had been happening for decades. Suddenly, in the past decade the rate sped up. Now the magnetic pole is shifting East at a rate of 40 miles annually, an increase of 800 percent. And it continues to accelerate. Recently, as the magnetic field fluctuates, NASA has discovered "cracks" in it. This is worrisome as it significantly affects the ionosphere, troposphere wind patterns, and atmospheric moisture. All three things have an effect on the weather. Worse, what shields the planet from cancer-causing radiation is the magnetic field. It acts as a shield deflecting harmful ultra-violet, X-rays and other life-threatening radiation from bathing the surface of the Earth. With the field weakening and cracks emerging, the death rate from cancer could skyrocket and mutations of DNA can become rampant. Another federal agency, NOAA, issued a report caused a flurry of panic when they predicted that mammoth superstorms in the future could wipe out most of California. The NOAA scientists said it's a plausible scenario and would be driven by an "atmospheric river" moving water at the same rate as 50 Mississippi rivers flowing into the Gulf of Mexico. Magnetic field may dip, flip and disappear The Economist wrote a detailed article about the magnetic field and what's happening to it. In the article they noted: "There is, however, a growing body of evidence that the Earth's magnetic field is about to disappear, at least for a while. The geological record shows that it flips from time to time, with the south pole becoming the north, and vice versa. On average, such reversals take place every 500,000 years, but there is no discernible pattern. Flips have happened as close together as 50,000 years, though the last one was 780,000 years ago. But, as discussed at the Greenland Space Science Symposium, held in Kangerlussuaq this week, the signs are that another flip is coming soon." Discussing the magnetic polar shift and the impact on weather, the scholarly paper "Weather and the Earth's magnetic field" was published in the journal Nature. Scientists too are very concerned about the increasing danger of superstorms and the impact on humanity. Superstorms will not only damage agriculture across the planet leading to famines and mass starvation, they will also change coastlines, destroy cities and create tens of millions of homeless. Superstorms can also cause certain societies, cultures or whole countries to collapse. Others may go to war with each other. A Danish study published in the scientific journal Geology, found strong correlation between climate change, weather patterns and the magnetic field. "The earth's climate has been significantly affected by the planet's magnetic field, according to a Danish study published Monday that could challenge the notion that human emissions are responsible for global warming. "'Our results show a strong correlation between the strength of the earth's magnetic field and the amount of precipitation in the tropics,' one of the two Danish geophysicists behind the study, Mads Faurschou Knudsen of the geology department at Aarhus University in western Denmark, told the Videnskab journal. "He and his colleague Peter Riisager, of the Geological Survey of Denmark and Greenland (GEUS), compared a reconstruction of the prehistoric magnetic field 5,000 years ago based on data drawn from stalagmites and stalactites found in China and Oman." In the scientific paper "Midday magnetopause shifts earthward of geosynchronous orbit during geomagnetic superstorms with Dst = -300 nT" the magnetic intensity of solar storms impacting Earth can intensify the effects of the polar shift and also speed up the frequency of the emerging superstorms. Pole reversal may also be initiating new Ice Age According to some geologists and scientists, we have left the last interglacial period behind us. Those periods are lengths of time?about 11,500 years?between major Ice Ages. One of the most stunning signs of the approaching Ice Age is what's happened to the world's precessional wobble. The Earth's wobble has stopped As explained in the geology and space science website earthchangesmedia.com, "The Chandler wobble was first discovered back in 1891 by Seth Carlo Chandler an American astronomer. The effect causes the Earth's poles to move in an irregular circle of 3 to 15 meters in diameter in an oscillation. The Earth's Wobble has a 7-year cycle which produces two extremes, a small spiraling wobble circle and a large spiraling wobble circle, about 3.5 years apart. "The Earth was in October 2005 moving into the small spiraling circle (the MIN phase of the wobble), which should have slowly unfolded during 2006 and the first few months of 2007. (Each spiraling circle takes about 14 months). But suddenly at the beginning of November 2005, the track of the location of the spin axis veered at a very sharp right angle to its circling motion. "The track of the spin axis began to slow down and by about January 8, 2006, it ceased nearly all relative motion on the x and y coordinates which are used to define the daily changing location of the spin axis." And the Earth stopped wobbling?exactly as predicted as another strong sign of an imminent Ice Age. So, the start of a new Ice Age is marked by a magnetic pole reversal, increased volcanic activity, larger and more frequent earthquakes, tsunamis, colder winters, superstorms and the halting of the Chandler wobble. Unfortunately, all of those conditions are being met. From rforno at infowarrior.org Wed Feb 9 09:40:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Feb 2011 10:40:44 -0500 Subject: [Infowarrior] - Data Shows Disastrous GPS Jamming from FCC-Approved Broadcaster Message-ID: <75F8444B-1892-4C60-90B0-167EC1B69181@infowarrior.org> Data Shows Disastrous GPS Jamming from FCC-Approved Broadcaster February 1, 2011 Representatives of the GPS industry presented to members of the Federal Communications Commission clear, strong laboratory evidence of interference with the GPS signal by a proposed new broadcaster on January 19 of this year. The teleconference and subsequent written results of the testing apparently did not dissuade FCC International Bureau Chief Mindel De La Torre from authorizing Lightsquared to proceed with ancillary terrestrial component operations, installing up to 40,000 high-power transmitters close to the GPS frequency, across the United States. The document describing the testing states that the Lightsquared initiative ?will have a severe impact on the GPS band? and ?will create a disastrous interference problem for GPS receiver operation to the point where GPS receivers will cease to operate (complete loss of fix) when in the vicinity of these transmitters.? On January 26, the FCC waived its own rules and granted permission for the potential interferer to broadcast in the L Band 1 (1525 MHz?1559 MHz) from powerful land-based transmitters. This band lies adjacent to the GPS band (1559?1610 MHz) where GPS and other satellite-based radio navigation systems operate. The company, Lightsquared, has stated that it will work with the GPS industry to see which GPS equipment needs "filtering so that they don't look into our band." The FCC wants to start the testing process on February 25 and have it completed by June 15, 2011. "It's a fast process," noted Lightsquared executive vice president for regulatory affairs and public policy Jeff Carlisle. Prior to the decision, representatives of the U.S. GPS Industry Council and two prominent GPS manufacturers, Garmin and Trimble, presented a report, ?Experimental Evidence of Wide Area GPS Jamming That Will Result from LightSquared?s Proposal to Convert Portions of L Band 1 to High Power Terrestrial Broadband,? to five members of the FCC?s Office of Engineering and Technology, including its chief, two members of the FCC International Bureau, one from the Public Safety and Homeland Security Bureau, and two from the Wireless Telecommunications Bureau. Click on the following link for a full PDF of the Experimental Evidence of Wide Area GPS Jamming. The document conveys results of testing on a common portable consumer automotive navigation device and on a common general aviation receiver. The consumer GPS device began to be jammed at a power level representing a distance of 3.6 miles (5.8 kilometers) from the simulated LightSquared transmitter. The consumer device lost a fix at 0.66 miles (1.1 kilometers) from the transmitter. < -- > http://www.gpsworld.com/gnss-system/news/data-shows-disastrous-gps-jamming-fcc-approved-broadcaster-11029 From rforno at infowarrior.org Wed Feb 9 09:43:10 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Feb 2011 10:43:10 -0500 Subject: [Infowarrior] - MD court says officers are liable for speeding even on duty Message-ID: No break for cops caught on camera Court says officers are liable for speeding even on duty http://www.baltimoresun.com/news/maryland/crime/bs-md-hermann-police-tickets-20110201,0,4411652,full.story It's a widely held assumption, true or not, that cops give other cops breaks on traffic infractions. A quick flash of the badge, a union sticker on the bumper, a patch on the dashboard are the same as a wink and a nod, and a look the other way. But the growing number of cameras set up to catch speeders and red-light runners in Baltimore and elsewhere has become the great equalizer for traffic scofflaws ? unbiased enforcers of bad driving habits. Police officers are getting caught, and are crying foul. The camera doesn't care whether a cop is off-duty and going shopping in his personal pickup truck or is on duty and speeding to a bank robbery in a marked police cruiser, lights flashing and siren blaring. Available now -- get the new Baltimore Sun Android app! Go through a red light ($75 fine) or speed ($40 fine) and the camera snaps a picture. There's an official record, and it takes more than a wink and a nod to extend "officer courtesy" to a fellow cop. Even on-duty officers in marked patrol cars aren't getting out of paying the fines. Many Maryland jurisdictions are holding officers and other emergency workers personally liable for the tickets, unless they can prove they were responding to legitimate emergencies at the time. Four Montgomery County police officers sued their department over speeding tickets and lost before the state's highest court, in a decision issued late last month. The ruling from the Maryland Court of Appeals was on a technical issue ? whether the county had given the officers enough time to contest the tickets ? but the effect of the decision holds police throughout the state accountable for following what the judges called "the rules of the road" like any other licensed driver. Just how many police officers get caught by the many red light and speed cameras popping up at intersections in Baltimore and elsewhere could not be ascertained. Police officials said statistics were not available. The policy for Baltimore police is the same for most other jurisdictions when a marked emergency vehicle is captured on camera speeding or running a red light. Department spokesman Anthony Guglielmi said officials review dispatch records and if the driver wasn't responding to an emergency, "they are issued tickets and are responsible for paying them." Police union leaders say that rules requiring lights and sirens when responding to emergencies aren't always practical, or prudent. For example, cops don't speed to bank robberies or burglary calls with lights flashing and siren wailing, to avoid alerting the criminals they're coming, but they still need to get there fast. Robert F. Cherry, the president of the Baltimore Fraternal Order of Police union, said he hasn't heard many complaints from officers ? driving either marked or unmarked cars ? about getting hit with tickets from traffic cameras. But the former homicide detective recalls getting nailed by the cameras while responding to murder scenes in his unmarked Chevy Lumina, and going to court to plead his case. He said most officers simply pay the fines rather than risk an internal investigation and questions about driving techniques that if not illegal, don't always conform to the letter of departmental rules. Cherry said that an officer might blow a light or speed without using lights and sirens for a variety of reasons, such as to investigate a tip that a guy on the next block had a gun or was selling drugs. In cases like these, the "emergencies" aren't always on dispatchers' official records. "Maybe there's a reason why the officer wasn't going to a call, still went through a red light and was still doing his job," Cherry said. "The last thing we want to do is Monday-morning quarterback from headquarters or from the courts. I don't want to limit our front-line officers in making decisions when their goal is to make the public safe." Some officers appear to have come up with creative ways to stay red-light-camera-shy. Last year, city police accused two officers of putting stolen license plates on their unmarked cars. The investigation continues, but police sources said at the time that the officers either wanted to prevent drug dealers from recognizing their cars or wanted to avoid getting tickets from the cameras. Tragedy is also a part of the debate. In October, Officer Thomas Portz Jr. was killed on U.S. 40 when his cruiser hit the back of a stopped fire engine. He wasn't responding to a call, and police concluded that he was distracted by a film crew on the other side of the road and was speeding at 71 mph before the crash. Baltimore police commanders have for years expressed concern about the way officers drive, and have tried various crackdowns ? from fines for failing to buckle up to writing traffic citations for minor accidents. The city department is one of the few in the state that make officers pay for damage to their cruisers in accidents deemed their fault. In January, Baltimore officers reported 41 accidents, 21 of which were ruled their fault. That's down from the same month last year, in which 56 police accidents occurred, again with 21 ruled the officer's fault. Recent yearly statistics were not immediately available. But the 41 accidents in January, while down 27 percent from last year, put the department on a course for more than 490 crashes in 2011. That is down from a high of 554 in 1995 but much higher than the 255 in 1998. Police academy recruits take a rigorous driving course administered by the Maryland State Police, and officers involved in preventable accidents are required to take remedial training. Police note that officers in Baltimore respond to about 1.2 million calls each year, and are driving in a compact and crowded urban environment. The issue of police driving practices became a vital component of the Maryland Court of Appeals in rendering its decision in the Montgomery County case. Even though the judges ruled on a technicality involving due process, the judges called "police officers and the rules of the road ? integral to the resolution of this case." In Maryland, the court said, drivers of emergency vehicles can violate traffic laws in "precisely three circumstances" ? responding to an emergency call, pursing a suspect and racing to a fire alarm. State law requires the drivers to slow at stop signs and red lights and exceed speed limits "only so long as the driver does not endanger life or property." Just how serious Baltimore police take safe driving ? at least in their rules ? can be seen in the department's general orders, which state: "The operation of a motor vehicle requires the same care and caution as that required in the use of your firearm." Rules for Baltimore police are more restrictive than state law, requiring that officers stop at all red lights and stop signs before going through and going no faster than 10 mph over the speed limit, which is 20 to 30 mph on most city streets (It should be noted that drivers have to exceed the limit by at least 12 mph to trigger the speed cameras). None of the Montgomery County officers were responding to an emergency. The appellate judges concluded that whether fighting bureaucracy or crime, cops need to adhere to the law like everyone else. In navigating the cumbersome system, the judges wrote, "the officers were no worse off than a regular citizen." peter.hermann at baltsun.com From rforno at infowarrior.org Wed Feb 9 12:51:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Feb 2011 13:51:16 -0500 Subject: [Infowarrior] - 'Inexcusable' delay on TSA body-scanner safety reports Message-ID: 'Inexcusable' delay on TSA body-scanner safety reports Updated 2h 22m ago | Comments 36 | Recommend 3 E-mail | Save | Print | Reprints & Permissions | By Alison Young, USA TODAY http://www.usatoday.com/travel/flights/2011-02-09-tsa09_ST_N.htm The Transportation Security Administration has told members of Congress that more than 15 million passengers received full-body scans at airports without any malfunctions that put travelers at risk of an excessive radiation dose. Despite the reassurance, however, the TSA has yet to release radiation inspection reports for its X-ray equipment ? two months after lawmakers called for them to be made public following USA TODAY's requests to review the reports. TSA spokesman Kristin Lee says that the agency is still trying to ensure that the reports don't contain any "sensitive security or privacy-protected information" and that she expects they will be released "within the next few weeks." TSA: Agency unveils 'generic' body scans The chairman of a House oversight committee on homeland defense calls the delays "inexcusable." "The public has a right to know, and there isn't something so sensitive that requires holding it back," said Rep. Jason Chaffetz, R-Utah. Chaffetz has sponsored legislation to limit the use of full-body scans. The TSA's increased use of full-body X-ray scanners sparked traveler concerns last fall about radiation safety. The TSA says the radiation dose is tiny ? equivalent to what a person receives during two minutes inside an airplane at cruising altitude. Fueling concerns about the potential for scanner malfunctions and the TSA's ability to identify problems: a 2008 report by the Centers for Disease Control and Prevention that found the TSA and its contractors had failed in the past to detect when some baggage X-ray machines were emitting excessive levels of radiation or had safety features that were missing or disabled. The TSA says that it has made improvements since then and that all of its X-ray scanners ? for people and luggage ? have passed recent inspections by contractors. The agency in January asked the CDC to repeat its luggage X-ray study "to confirm the progress TSA has made," Lee says. The Department of Homeland Security's inspector general is investigating the adequacy of the TSA's X-ray inspection program at the request of Rep. Ed Markey, D-Mass., Markey spokeswoman Giselle Barry says. TSA Administrator John Pistole told Markey in a January letter that there have been no full-body scanner malfunctions that resulted in "an actual or potential additional radiation exposure." The agency has more than 400 full-body scanners at airports. About half use X-rays. The others use electromagnetic waves. The TSA, in a recent letter responding to questions by Rep. John Dingell, D-Mich., didn't say how many of the 15 million passengers went through each type of machine. The passengers were screened between Oct. 1, 2009, and Sept. 30, 2010. From rforno at infowarrior.org Wed Feb 9 17:38:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Feb 2011 18:38:40 -0500 Subject: [Infowarrior] - Internet role in Egypt's protests Message-ID: <9B58B0C6-9CD2-4BFF-BC60-BCF62ECB8E97@infowarrior.org> 9 February 2011 Last updated at 01:00 ET Internet role in Egypt's protests By Anne Alexander University of Cambridge http://www.bbc.co.uk/news/world-middle-east-12400319?print=true A few days after the fall of Tunisian President Zine al-Abidine Ben Ali, a Jordanian newspaper printed a joke apparently doing the rounds in Egypt: "Why do the Tunisian youth 'demonstrate' in the streets, don't they have Facebook?" Only six days later, protests across Egypt co-ordinated by a loose coalition of opposition groups - many of which are very largely organised through Facebook - seemed to prove this cynicism wrong. Certainly, the Egyptian government reacted quickly: blocking social media sites and mobile phone networks before pulling the plug on Egypt's access to the internet. This act of censorship was spectacularly unsuccessful. Friday 28 January saw literally millions take control of the streets in an epic "Day of Rage". Nor did the blackout cut off news of the demonstrations and stop protesters communicating with each other. Protest leaders had already agreed to call for demonstrations starting from key mosques, and marchers rallied at Friday prayers before heading for the city centres and key government buildings. Satellite channels - particularly al-Jazeera - broadcast live coverage all day, constantly updated by telephone reports filed from landlines by its network of correspondents across Egypt. Broad spectrum The events of 28 January are particularly important, because they contain crucial clues to understanding the broader relationship between the media - both "new" and "old" - and the mass movement for change which has developed in Egypt over the past few weeks. Firstly, the fact that an internet and mobile phone blockade failed shows clearly that this movement is not based on the web. In fact, the movement which erupted on 25 January has brought together many groups who have taken to the streets over the past 10 years. Protesters have been using a range of different media - including Twitter - for communication They are varied socially and politically, ranging from workers to bloggers and democracy campaigners, to senior judges, to members of the Muslim Brotherhood and Coptic Christians. This is the first time they have all demonstrated together, and the first time they have been joined by millions of their fellow citizens. But it is important to understand that this movement builds on a legacy of protest by many different activist networks, most of which are not primarily organised online. Secondly, it is clear that the protesters use a range of different media to communicate with each other and to get their message across. I was in Tahrir Square on Sunday: everywhere you look there are mobile phones, hand-written placards, messages picked out in stones and plastic tea cups, graffiti, newspapers and leaflets, not to mention al-Jazeera's TV cameras which broadcast hours of live footage from the square everyday. When one channel of communication is blocked, people try another. Every mass movement needs spaces where political alternatives can be debated and organisation can take place. In the 1940s, the last time that Egypt saw mass protests on a similar scale, radical bookshops, underground newspapers and illegal trade union meetings played this role. For the current generation some of these spaces have been online. I asked Ahmed, a socialist activist in Tahrir Square, what role he thought the internet was playing in mobilising protest. "Online organising is very important because activists have been able to discuss and take decisions without having to organise a meeting which could be broken up by the police," he said. 'Offline' political action Online networks are only relatively "safer" from repression: Khaled Said was dragged out of an internet cafe and beaten to death by policemen last summer. Tuesday's protest was boosted by the appearance of Wael Ghonim, a young Egyptian who works for Google The Egyptian security forces reportedly recently set up a special unit to monitor internet activists. But in Egypt today, there are vast numbers of people online, making it far more difficult for the state to track them all. Even in poor urban and rural areas people can access the internet through shared connections. The Facebook group set up to protest at Khaled Said's death is "liked" by nearly 600,000 people and was a key organising centre for the current protests. Mobile phone use has grown exponentially in the past few years, reaching around 80% of the population according to recent figures. Now footage of protests and police repression filmed on mobile phone cameras is being broadcast back to millions of Egyptians by the satellite channels. Online organising does not automatically bring people onto the streets. In 2008, a Facebook group calling for a general strike attracted tens of thousands of members but only relatively small street protests took place in Cairo, largely on the university campuses. Ahmed believes that Egyptian activists have developed sophisticated ways of knowing when online protest will generate offline political action. "People learn quickly. They look at who is calling for a protest, and if it is someone they know and trust they are much more likely to take part." They also learn by example. The fall of Mr Ben Ali showed people across the Arab world, and not just political activists, that popular protests could bring down a dictator. It is that hope, and not the internet, which is driving this movement forward. From rforno at infowarrior.org Wed Feb 9 21:27:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Feb 2011 22:27:18 -0500 Subject: [Infowarrior] - Data intelligence firms proposed a systematic attack against WikiLeaks Message-ID: Data intelligence firms proposed a systematic attack against WikiLeaks http://www.thetechherald.com/article.php/201106/6798/Data-intelligence-firms-proposed-a-systematic-attack-against-WikiLeaks From rforno at infowarrior.org Wed Feb 9 21:54:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Feb 2011 22:54:13 -0500 Subject: [Infowarrior] - House to re-vote on 'Patriot' Act tomorrow Message-ID: <90696643-BFAC-4538-9D8A-AFED98350388@infowarrior.org> (Yep, that's the Congressional way: if at first you don't succeed getting what you want, try using a different set of rules. It was nice to think the House had come to its senses about this idiotic law, but alas, that likely was a short-lived delusion. Silly me. Now if it somehow fails a second time, that would be a 'good thing' but I doubt it. --- rick) Patriot Act extension to be brought up again on Thursday By Felicia Sonmez http://voices.washingtonpost.com/44/2011/02/patriot-act-extension-to-be-br.html?hpid=topnews The House on Thursday will again take up a bill that would extend until December key provisions of the Patriot Act counterterrorism surveillance law, two days after the measure fell seven votes short of the super-majority required for passage under fast-track rules. The bill will be brought up again under a "closed rule," meaning that no amendments can be offered. It will need only a simple majority to pass instead of the two-thirds that was required on Tuesday. That means that the bill will likely be approved. On Tuesday, 277 lawmakers supported the measure, well more than half of the chamber's members. Lawmakers will vote on Thursday on the rules governing debate on the measure. That will be followed by debate and a vote on the measure itself, which has yet to be scheduled. A House Republican leadership aide said that GOP leaders are working with members to address any concerns they might have and that they expect the bill to move forward "in the coming days." The timeline facing lawmakers could be tricky. The three provisions that would be extended by the bill are set to expire on Feb. 28 unless Congress acts. Even if the House passes its version of the legislation well before then, the Senate - which is in recess until next week - still has to sign off. And the Senate is debating three different timelines, any of which would extend the Patriot Act provisions beyond the December date called for in the House bill. Key members of the Senate Judiciary Committee have indicated that Feb. 17 is the target date by which the upper chamber must act in order for the provisions to be extended. The failure on Tuesday of the Patriot Act extension was one of several unexpected turns on the House floor in recent days. Earlier Tuesday, over objections from conservatives, GOP leaders pulled a bill that would have assisted U.S. workers hurt by overseas competition. And on Wednesday, a measure to take back $180 million in funds the U.S. has already given to the United Nations also fell short of a two-thirds super-majority. The bill, which had been fast-tracked, failed on a 259-to-169 vote. It had been sponsored by House Foreign Affairs Committee Chairman Ileana Ros-Lehtinen (R-Fla.) but was opposed by House Homeland Security Committee Chairman Peter King (R-N.Y.), who was one of two Republicans to vote against it Wednesday. Democrats charged that the failed votes indicate that the GOP is in "disarray." "I don't know why the leadership would call votes on issues that they don't have any idea of what the outcome's likely to be," said Rep. Dennis Kucinich (D-Ohio), one of the most oustpoken opponents of the Patriot Act. "This is twice in a row. I'm not really sure what the strategy is. ... It's not working for them." From rforno at infowarrior.org Thu Feb 10 08:21:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Feb 2011 09:21:27 -0500 Subject: [Infowarrior] - Brookings: Cybersecurity and Cyber Freedom: The Future of Digital Surveillance Technology Message-ID: <626B2C35-BA09-4B85-9564-39C6BC4EFADA@infowarrior.org> Cybersecurity and Cyber Freedom: The Future of Digital Surveillance Technology Advances in communications technologies have enabled countless new opportunities for business growth, and have increased the ability of citizens and advocacy groups to promote change in this country and across the globe. At the same time, criminals and terrorists can use Internet technologies to organize and expand their operations. Internet-based platforms have also become a new target for cyber attacks and espionage as business and government use increases. While information technology allows law enforcement and national security organizations new levels of surveillance in the fight against malicious actors, these systems bring their own risks to both online freedom and cybersecurity. On February 14, the Center for Technology Innovation at Brookings will host a panel discussion on the future of digital surveillance. http://www.brookings.edu/events/2011/0214_cybersecurity.aspx From rforno at infowarrior.org Thu Feb 10 08:27:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Feb 2011 09:27:59 -0500 Subject: [Infowarrior] - USAF Rescinds New Guidance on WikiLeaks Message-ID: Air Force Rescinds New Guidance on WikiLeaks http://www.fas.org/blog/secrecy/2011/02/af_rescinds_guidance.html February 9th, 2011 by Steven Aftergood Secrecy News reported Monday on strange new guidance from the Air Force Materiel Command declaring that Air Force employees and even their family members could be prosecuted under the Espionage Act for accessing the WikiLeaks web site. On Monday night that new guidance was abruptly withdrawn. Lt. Col. Richard L. Johnson of Air Force Headquarters released this statement: ?Air Force Materiel Command (AFMC) recently published an internal news story that discussed the implications of downloading presumed classified information from WikiLeaks. The release was not previously coordinated with Headquarters Air Force and has been removed from the AFMC website. The Air Force has provided guidance to military members and employees to avoid downloading what could be classified information into Air Force unclassified networks and reminded them that publication of information does not itself constitute declassification of such information. The Air Force guidance did not address family members who are not Air Force members or employees. The Air Force defers to the Department of Justice in all non-military matters related to WikiLeaks.? A copy of the withdrawn release is archived here. See also ?US air force backtracks over WikiLeaks ban? by Ewen MacAskill, The Guardian, February 8, and ?No espionage charges for airmen on Wikileaks? by Scott Fontaine, Air Force Times, February 8. http://www.fas.org/blog/secrecy/2011/02/af_rescinds_guidance.html From rforno at infowarrior.org Thu Feb 10 20:46:42 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Feb 2011 21:46:42 -0500 Subject: [Infowarrior] - OpEd: Scary Night Dragons Fall from Sky Message-ID: <9B611FD1-3FDC-4C0B-9F56-1AA4BE7C868B@infowarrior.org> Scary Night Dragons Fall from Sky Author: Marc Maiffret Date: February 10th, 2011 Categories: General, Network Security http://blog.eeye.com/general/scary-night-dragons-fall-from-sky Reading the headlines today one could not help but notice the latest installment of ?scary Chinese hacker press? making the headlines. And who can blame the news media for latching on to this story as it has all the right ingredients: foreign governments targeting U.S. interests, catchy nicknames like Night Dragon, connections to a previous scary threat ?Operation Aurora? and a timely announcement leading up to one of the security industry?s biggest conferences in San Francisco next week, RSA. Wait, what? Some of you might be experiencing d?j? vu when you read about this latest series of Chinese attacks targeting U.S. Oil and Gas companies. You may recall that it was in January of 2010 that news actually broke about the FBI investigating extensive targeted attacks that took place against Oil and Gas companies during the 2008 and 2009 timeframe. The attacks described then are not much different than the attacks described now. I will leave the debate to others on whether the attacks in 2008 and 2009 are different attacks or if some security companies are just now getting around to shedding extra technical light on years old attacks. Either way, the answer would be uninteresting, but I digress? Night Dragon might remind you of another series of attacks, Operation Aurora, which if you do not remember, was the series of attacks that became public around this same time last year. In the case of Aurora, it was a series of targeted attacks against a variety of organizations, but most notably against Google. The thing that made Operation Aurora unique was not the technical aspect of the attack itself, but Google coming forward to talk openly about the breach they suffered. In the case of Night Dragon, the attacks were of varying levels of sophistication. In some cases public attack tools, which have been known for many years, were used by the attackers behind Night Dragon. Over five months ago, eEye research was monitoring conversations on an Iranian message board which is hosted in the United Kingdom. On the message board, hackers openly discuss the usage of one of the attack tools that was used within Night Dragon. This was of course not interesting because the attack tool is well known and commonly used to attack systems throughout the world. Nor is it interesting that the discussion was taking place on an Iranian message board. Attacks happen all the time to many organizations and countries. Today even the most straightforward attacks are considered sophisticated when contrasted against the outdated approach organizations and governments take to protect their systems. Not to mention that tracing back the origin of an attack is far from an exact science and one that allows for attackers to easily manipulate the attribution of whom is behind an attack. Another example of how old and known components of Night Dragon are is in the case of the malware components that were being embedded on systems. Anti-virus companies have been detecting these malware components for more than 5-6 months, most of which have been protecting generically for these classes of malware long before that. This is another stark contrast to Operation Aurora, which even after Google went public, was still lacking detection by most anti-virus companies. More importantly, the fact that so many components within the Night Dragon attacks are publicly available and known in hacking circles, it makes it even harder to really say with any authority which attacks were related or not. This is again very different than the extremely targeted and customized nature of Operation Aurora or even more so Stuxnet. There are however things similar about Operation Aurora and Night Dragon. Both of them made their big splash in the beginning of the year only weeks ahead of the security industry?s largest conference, RSA. Both of them also, like most attacks covered in the news, were simply more of the same in that they did nothing to further our dialogue on what to do about these attacks but rather only serve some security company?s interests in product sales and continue a crippling effect on what policy the United States, and other countries, might enact to combat a most clear and present danger. You see it is not that Operation Aurora or Night Dragon are not problems; they very much are. But they are simply the tip of a massive iceberg which any modern country is quickly sailing into in a way that makes the Titanic disaster seem minor. Given the political deadlock in Washington at the moment, it is unlikely that we will see government step forward to solve this problem for us and in a lot of ways they are probably not the ones that should have to solve it. The role of government should not be to have to do the job that corporations should be doing themselves in trying to prevent the theft of intellectual property, but rather to do as law enforcement and our military have done since their inception: to identify criminals and those who would threaten our freedom to prosper and either bring them to justice or draw a line in the sand of what will no longer be tolerated without facing retribution. If China is the aggressor that it appears to be in cyberspace, then it is time to elevate this conversation and debate to one of substantial action, instead of wielding it as another weapon of fear for security industry sales and budget increase requests. As the security industry gathers in San Francisco for RSA next week, let?s hope we can for once shift the conversation beyond the latest scary threat and the new silver bullet technology to solve the problem. We should engage in a serious conversation about what it will take at a policy level to make lasting improvements that impact the future security of our technology-engrained way of life. The answer will not be the latest desktop security software for $44.99. Signed, Marc Maiffret Co-Founder/CTO eEye Digital Security From rforno at infowarrior.org Fri Feb 11 10:48:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Feb 2011 11:48:35 -0500 Subject: [Infowarrior] - Mubarak resigns as leader Message-ID: <69A9373C-8EF5-4E58-99F2-470872819A85@infowarrior.org> http://www.bbc.co.uk/news/world-middle-east-12433045 11 February 2011 Last updated at 11:13 ET Egypt crisis: President Hosni Mubarak resigns as leader Hosni Mubarak has decided to step down as president of Egypt. Vice-President Omar Suleiman made the announcement in a brief statement on state TV. It came as thousands massed in Cairo and other Egyptian cities for an 18th day of protest to demand Mr Mubarak's resignation. Protesters responded by cheering, waving flags, embracing and sounding car horns. "The people have brought down the regime," they chanted. From rforno at infowarrior.org Fri Feb 11 19:33:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Feb 2011 20:33:21 -0500 Subject: [Infowarrior] - Justice Department assertion: FBI can get phone records without oversight Message-ID: http://www.miamiherald.com/2011/02/11/v-print/2062565/justice-department-assertion-fbi.html Posted on Fri, Feb. 11, 2011 Justice Department assertion: FBI can get phone records without oversight By MARISA TAYLOR McClatchy Newspapers The Obama administration's Justice Department has asserted that the FBI can obtain telephone records of international calls made from the U.S. without any formal legal process or court oversight, according to a document obtained by McClatchy Newspapers. That assertion was revealed - perhaps inadvertently - by the department in its response to a McClatchy Newspapers request for a copy of a secret Justice Department memo. Critics say the legal position is flawed and creates a potential loophole that could lead to a repeat of FBI abuses that were supposed to have been stopped in 2006. The controversy over the telephone records is a legacy of the Bush administration's war on terror. Critics say the Obama administration appears to be continuing many of the most controversial tactics of that strategy, including the assertion of sweeping executive powers. For years after the Sept. 11, 2001, attacks, the FBI sought and obtained thousands of telephone records for international calls in an attempt to thwart potential terrorists. The bureau devised an informal system of requesting the records from three telecommunications firms to create what one agent called a "phone database on steroids" that included names, addresses, length of service and billing information. A federal watchdog later said a "casual" environment developed in which FBI agents and employees of the telecom companies treated Americans' telephone records so cavalierly that one senior FBI counterterrorism official said getting access to them was as easy as "having an ATM in your living room." In January 2010, McClatchy Newspapers asked for a copy of the Office of Legal Counsel memo under open records laws after a reference to it appeared in a heavily excised section of a report on how the FBI abused its powers when seeking telephone records. In the report, the Justice Department's inspector general said "the OLC agreed with the FBI that under certain circumstances (word or words redacted) allows the FBI to ask for and obtain these records on a voluntary basis from the providers, without legal process or a qualifying emergency." In its cover letter to McClatchy Newspapers, however, the OLC disclosed more detail about its legal position, specifying a section of a 1978 federal wiretapping law that the Justice Department believes gives the FBI the authority. That section of the law appears to be what was redacted from the inspector general's report and reveals the type of records the FBI would be seeking, experts said. "This is the answer to a mystery that has puzzled us for more than a year now," said Kevin Bankston, a senior staff attorney and expert on electronic surveillance and national security laws for the nonprofit Electronic Frontier Foundation. "Now, 30 years later, the FBI has looked at this provision again and decided that it is an enormous loophole that allows them to ask for, and the phone companies to hand over, records related to international or foreign communications," he said. "Apparently, they've decided that this provision means that your international communications are a privacy-free zone and that they can get records of those communications without any legal process." That interpretation could be stretched to apply to e-mails as well, he said. However, Bankston said, even if the law allows the FBI to ask for the records - an assertion he disagrees with - it would prohibit the telecommunication companies from handing them over. Meanwhile, the refusal to provide to McClatchy Newspapers a copy of the memo is noteworthy because the Obama administration - in particular the OLC - has sought to portray itself as more open than the Bush administration. The decision not to release the memo means the details of the Justice Department's legal arguments in support of the FBI's controversial and discredited efforts to obtain telephone records will be kept from the public. The FBI and Justice Department have refused to comment on the matter. For years, the Bush administration had refused to release the memos that provided the legal underpinning for harsh interrogations of overseas terror suspects, citing national security, attorney-client privilege and the need to protect the government's deliberative process. In April 2009, the Obama administration released four of the Bush-era memos that detailed many of the controversial interrogation methods secretly authorized by the Bush administration - from water-boarding to confining prisoners in boxes with insects. Experts that track government spying and the Freedom of Information Act said the refusal to release the FBI memo to McClatchy Newspapers appears to be improper and contrary to the intent of FOIA. Since the memo appears to be exclusively on the OLC's legal justification for getting the phone records, the Justice Department should be able to release at least portions of it, experts said. "It's wrong that they're withholding a legal rationale that has to do with the authorities of the FBI to collect information that affects the rights of American citizens here and abroad," said Michael German, a former FBI agent of 16 years who now works for the American Civil Liberties Union. "The law should never be secret. We should all understand what rules we're operating under and particularly when it comes to an agency that has a long history of abuse in its collection activities." Sens. Richard Durbin, D-Ill., and Ron Wyden, D-Ore., demanded more than a year ago that Attorney General Eric Holder release a copy of the memo. The Justice Department has responded, Wyden said this week, but he declined to elaborate on the exchange. "I do think the level of secrecy that surrounds the executive branch's interpretation of important surveillance law is a serious problem," he told McClatchy Newspapers, "and I am continuing to press the executive branch to disclose more information to the public about what their government thinks the law means." When President Barack Obama authorized the release of the interrogation memos, he said at the time that he was compelled to release them in part because of an open records lawsuit by the ACLU. "While I believe strongly in transparency and accountability, I also believe that in a dangerous world, the United States must sometimes carry out intelligence operations and protect information that is classified for purposes of national security," he said. Obama said he had concluded the documents could be released because they wouldn't jeopardize national security and because the interrogation techniques described in the memos had been widely reported. By then, the practices were no longer in use. The FBI's activities discussed in the most recent and still secret OLC memo also have been widely publicized. An inspector general report that revealed the existence of the FBI memo was one in a series on the FBI's informal handling of telephone records and it concluded the bureau had committed egregious violations of the law. When revealing the existence of the OLC memo, the inspector general described it as having "significant policy implications that need to be considered by the FBI, the Department, and the Congress." The report also described a "casual" environment in which FBI agents and employees of telecommunications companies treated Americans' telephone records so cavalierly that one senior FBI counterterrorism official said getting access to them was as easy as "having an ATM in your living room." Since 2006, it appears the bureau has refrained from using the authority it continues to assert, according to another heavily redacted section of the inspector general's report. "However, that could change, and we believe appropriate controls on such authority should be considered now, in light of the FBI's past practices and the OLC opinion," the inspector general warned. From rforno at infowarrior.org Fri Feb 11 21:07:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Feb 2011 22:07:46 -0500 Subject: [Infowarrior] - And they wonder why people pirate movies? Message-ID: <17CECCE9-2511-4B87-B3F1-A482534452BB@infowarrior.org> (the table shown at the link below is amusing. -- rick) Amazon already revealed the three different Tron: Legacy Blu-ray & Blu-ray 3D combo packs on the way, from the 2-disc standard edition to the two movie, 5-disc Identity Disc-packaged limited edition but now we know the release date (4/5/11) and info about the extras. On the disc, Blu-ray-only exclusives include the Daft Punk music video for their song Derezzed, plus Launching the Legacy, Disc Roars and The Next Day: Flynn Lives Revealed features (Tron: The Original Classic Special Edition saves a Photo Tronology just for Blu-ray watchers.) If you have an iPad, the Disney Second Screen app that will make its debut alongside Bambi March 1 adds to the action with 360-degree views of the Tron vehicles, interactive progression reels and other information all synced to the movie by the audio track. There's more details including MSRPs ($40 - $80) and the press release after the break. http://www.engadget.com/2011/02/11/tron-legacy-blu-ray-gets-a-release-date-supports-disneys-seco/ From rforno at infowarrior.org Fri Feb 11 21:16:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Feb 2011 22:16:51 -0500 Subject: [Infowarrior] - Hackers Reveal Offers to Spy on Corporate Rivals Message-ID: February 11, 2011 Hackers Reveal Offers to Spy on Corporate Rivals By ERIC LIPTON and CHARLIE SAVAGE http://www.nytimes.com/2011/02/12/us/politics/12hackers.html WASHINGTON ? A fight between a group of pro-WikiLeaks hackers and a California-based Internet security business has opened a window onto the secretive world of private companies that offer to help corporations investigate and discredit their critics. This week, hackers said they had penetrated the computers of HBGary Federal, a security company that sells investigative services to corporations, and posted tens of thousands of what appear to be its internal company e-mails on the Internet. The documents appear to include pitches for unseemly ways to undermine adversaries of Bank of America and the U.S. Chamber of Commerce, like doing background research on their critics and then distributing fake documents to embarrass them. The bank and the chamber do not appear to have directly solicited the spylike services of HBGary. Rather, HBGary offered to do the work for Hunton & Williams, a corporate law firm that has represented them. A Hunton & Williams spokesman did not comment. But spokesmen for Bank of America and the chamber said Friday that they had not known about the presentations and that HBGary was never hired on their behalf. A chamber spokesman characterized the proposal as ?abhorrent.? Since the hacked e-mails appeared on a file-sharing network several days ago, a broad range of bloggers and journalists have been scouring them and discussing highlights on the Internet. The New York Times also obtained a copy of the archive. One document that has received particular attention is a PowerPoint presentation that said a trio of data-related companies ? HBGary, Palantir Technologies and Berico Technologies ? could help attack WikiLeaks, which is rumored to be preparing to release internal e-mails from Bank of America. One idea was to submit fake documents covertly to WikiLeaks, and then expose them as forgeries to discredit the group. It also suggested pressuring WikiLeaks? supporters ? notably Glenn Greenwald of Salon.com ? by threatening their careers. ?Without the support of people like Glenn, WikiLeaks would fold,? the presentation said. Another set of documents proposed similar ways to embarrass adversaries of the Chamber of Commerce for an initial fee of $200,000 and $2 million later. The e-mails include what appears to be an exchange on Nov. 9, 2010, between Aaron Barr, HBGary Federal?s chief executive, and John W. Woods, a Hunton & Williams partner who focuses on corporate investigations. Mr. Barr recounted biographical tidbits about the family of a one-time employee of a union-backed group that had challenged the chamber?s opposition to Obama administration initiatives like health care legislation. ?They go to a Jewish church in DC,? Mr. Barr apparently wrote. ?They have 2 kids, son and daughter.? A week later, Mr. Barr submitted a detailed plan to Hunton & Williams for an extensive investigation into U.S. Chamber Watch and other critics of the chamber, including the possible creation of ?in-depth target dossiers? and the identification of vulnerabilities in their computer networks that might be exploited. Another PowerPoint presentation prepared for Hunton & Williams said the research that HBGary and its partners could do for the law firm on behalf of the Chamber of Commerce would ?mitigate effect of adversarial groups? like U.S. Chamber Watch. The presentation discussed the alleged criminal record of one leader of an antichamber group, and said the goal of its research would be to ?discredit, confuse, shame, combat, infiltrate, fracture? the antichamber organizations. HBGary acknowledged Tuesday in a statement that it had been the victim of a ?criminal cyberattack,? but suggested that documents placed in the public domain might be ?falsified.? The other two businesses referred to in the apparent proposals as planned partners in the corporate investigations put out statements that distanced themselves from HBGary but did not say the documents were fake. The co-founders of Berico, Guy Filippelli and Nick Hallam, confirmed that Berico had been ?asked to develop a proposal to support a law firm? that was helping companies ?analyze internal information security and public relations challenges,? but said their proposal had been limited to ?analyzing publicly available information.? They called efforts to target people ?reprehensible? and said they were breaking all ties to HBGary, a move that Palantir executives also said they were making. The episode traces back to a dispute in December, when corporations including MasterCard, Visa and PayPal severed ties to WikiLeaks, temporarily cutting off its ability to accept donations. WikiLeaks had just begun releasing leaked State Department cables in conjunction with a consortium of news organizations, including The New York Times. Calling the companies? severing of such ties an affront to Internet freedom, a loose-knit group of computer users named Anonymous coordinated attacks on the Web sites of such companies. Mr. Barr apparently began trying to uncover the identities of those involved with Anonymous. But after he boasted of his efforts in a newspaper article, hackers attacked his company?s Web site and made public the e-mails. Jonathan E. Turner, who runs a Tennessee-based business that gathers intelligence for corporate clients, said that companies nationwide relied on investigators to gather potentially damaging information on possible business partners or rivals. ?Information is power,? said Mr. Turner, former chairman of the Association of Certified Fraud Examiners. He estimated that the ?competitive intelligence? industry had 9,700 companies offering these services, with an annual market of more than $2 billion, but said there were limits to what tactics should be used. Bank of America and the Chamber of Commerce distanced themselves on Friday from any effort to embarrass or collect disparaging information about their critics. ?We have not engaged in, nor do we have any plans to engage in, the practices discussed in this alleged presentation by HBGary,? said Lawrence DiRita, a Bank of America spokesman. Tom Collamore, a chamber spokesman, said, ?The leaked e-mails appear to show that HBGary was willing to propose questionable actions in an attempt to drum up business, but the chamber was not aware of these proposals until HBGary?s e-mails leaked.? From rforno at infowarrior.org Sat Feb 12 18:40:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Feb 2011 19:40:47 -0500 Subject: [Infowarrior] - Secret China war plan: trillions in U.S. debt Message-ID: <96981FA8-50E3-403B-913A-D797E9C5A9A2@infowarrior.org> Feb. 8, 2011, 12:01 a.m. EST Secret China war plan: trillions in U.S. debt Commentary: Today an economic battle; later, combat By Paul B. Farrell, MarketWatch http://www.marketwatch.com/story/story/print?guid=48CF7C4C-32BF-11E0-B3F5-00212804637C SAN LUIS OBISPO, Calif. (MarketWatch) ? Yes, Americans love war. Yes, wars cost money. And pile on debt, new taxes. Still, we love war. Why else let the military budget burn 48% of your tax dollars? But why is it ?off the table? when the GOP talks ?deficit cuts?? Why? We love war. We?d rather attack with a macho battle cry like ?damn the torpedoes, full speed ahead!? than listen to a warning from historian Kevin Phillips: ?Most great nations, at the peak of their economic power, become arrogant, wage great world wars at great cost, wasting vast resources, taking on huge debt, ultimately burning themselves out.? Which dominates our Congressional deficit hawks? Which is China?s military strategy? Admit it, we love war. Marine Corps posters grabbed me as a kid. Trained me as an aviation weapons system tech. So I couldn?t resist Erik Sofge?s edgy thriller, ?China?s Secret War Plan,? about a China-U.S. war. Like a fast-paced Tom Clancy thriller. In Popular Mechanics: One of my favorites as a kid working in a small-town magazine store. Yes, war?s popular. Locked in our DNA long ago. Sofge?s thriller was based on war games played by Pentagon generals and Rand Corporation strategists. Americans love war. Can?t resist videogames, war movies: ?Hunt for Red October,? ?Platoon,? ?Dirty Dozen,? ?Star Wars,? ?Terminator.? War turns us on, a testosterone virus in our brains. Our love blinds us to costs, collateral damage, unintended consequences, new debt for our kids. Besides, they?ll grow up loving war. DNA is passed on. Can?t resist. That hot button was pushed recently with ?secret? photos of China?s new stealth bomber exposed during the state visit of China?s President Hu Jintao. Sofge?s thriller begins: Aug. 9, 2015, 0400. China?s war for ?Taiwan starts in the early morning. There are no naval bombardments or waves of bombers ? 1,200 cruise and ballistic missiles rise from heavy vehicles on the Chinese mainland ... Taiwan?s modest missile defense network. a scattered deployment of I-Hawk and Patriot interceptors, slams into dozens of incoming warheads ? a futile gesture. The mass raid overwhelms the defenses as hundreds of Chinese warheads blast the island?s military bases and airports.? Do taxpayers have a choice? Plan for big wars, get bigger deficits? The GOP wants to cut America?s massive debt. But ?off-the-charts? military spending is ?off the table.? Back in the ?40s, WWII consumed 57% of our GDP. Today, war eats up about half America?s budget. We?re sinking under Iraq war debt. Nobel economist Joseph Stiglitz estimates Iraq at $3 trillion, with $2 trillion for future costs, like VA medical. The Afghan war, maybe another $3 trillion. Plus endless terrorist threats. Future wars are ?planned? years, even decades in advance, strategies based on Pentagon-Rand war games. America talks peace. But deep inside our collective brain is a dark monster: We?re little kids who love playing war. Age 10 I had a collection of model fighter planes, played air wars. Age 15, owned three guns for hunting. Then the Corps. Like a moth to the flames, we cannot resist our destiny in war. Sofge brings alive the action in our brains: ?Taiwan?s air force is grounded ? Taiwanese troops mobilize in downtown Taipei and take up positions on the beaches facing China, just 100 miles to the west. But they know what the world knows: This is no longer Taiwan?s fight. This is a battle between an old superpower and a new one.? Games or reality, it?s all in our heads. Or is this how WWIII starts? Between an aging America that loves war, won?t surrender without a fight, and the world?s rapidly emerging superpower, predicted to have a population one billion larger than America?s by 2050. Plus an economy 40% of the world?s GDP, dwarfing America?s GDP predicted to fall to just 14%. Yes, China?s the emerging new superpower, a crafty enemy laughing as we waste our economic resources. Listen as Sofge quotes retired Rear Adm. Eric McVadon, former naval attach? in Beijing: ?They are obsessed with Taiwan. On some given day, it?s entirely possible for people to be standing around a table in the Politburo in Beijing, and someone gets the ball rolling. And when it stops, we?re at war.? Warning: That toxic thinking may well happen again when new neocons, a future Rumsfeld/Cheney team, gets the same paranoid itchings at the same time as China?s generals, all driven by inflated egos, irrational obsessions and a propensity to make the same kind of misjudgments that launched the Iraq War. Warrior mindset sabotages our economy and superpower status ?Right now the Chinese seem to have taken the lead in this new arms race,? warns Sofge: ?When Rand released a report in 2000 describing the potential outcome of a Sino-American conflict over Taiwan, the United States won the war handily. Nine years later, the nonpartisan think tank revised its analysis, accounting for Beijing?s updated air force, its focus on cyber warfare and its ability to use ballistic missiles to take out American satellites. Rand?s new conclusion: The United States would ultimately lose an air war, and an overall conflict would be more difficult and costly than many had imagined.? Warning, just nine years from 2000 to 2009: The Iraq-Afghan Wars were supposed to make America stronger. Wrong. Those nine years are a perfect example of how war distorted America?s collective brain. Our neocon mindset about the Iraq war resulted in what?s now the ?biggest foreign policy blunder? in history. Sofge captures this insanity: ?Ever since 1949, when Nationalist forces retreated to Taiwan following the Communist victory in the Chinese Civil War, Beijing has regarded the island as a renegade province of the People?s Republic. Now, in 2015, only the United States can offer Taiwan protection.? But ?the nearest aircraft carrier is the U.S.S. Nimitz, which had just left the Japanese port of Yokosuka on Tokyo Bay ? at least two days for the carrier to reach the strait ? The closest other carrier group, near Pearl Harbor, is six days out.? Yes, too late: The war?s over in less than 24 hours. Ironically, the Iraq/Afghan wars have not only weakened our economy and weakened our ability to fight future wars, they weakened America?s superpower status by indirectly handing the war-game victory to China. Worse, our irrational, neocon war brain is now demanding Americans ?double down,? insisting defense cuts are ?off the table.? Yes folks, America loves war; in that mindset, we will take on trillions new debt, even go down in flames. Powerful new war strategy: China?s army of ?cyber-attack? hackers Suddenly, Sofge?s thriller exposes China?s fabulous new high-tech strategy: ?Until the Nimitz arrives, it?s up to Kadena Air Base in Okinawa, 400 miles northeast of Taiwan, to defend the island. By 0515 hours, Air Force pilots are taking off in 40 F-15E fighters ? airborne when Kadena comes under attack. Error messages begin popping up on computer screens. Modern air defense systems share sensor information but this connection is going to become a liability. An army of hackers operating throughout China swarms the base?s networks, tying up communications with gibberish and cluttering the digital screens of radar operators with phony and conflicting data.? Future wars: New ?army? of hackers, tech geeks, game players, search-engine geniuses. Today Chinese compete with Google, X-Box, Facebook. Later they?re China?s cyber warriors, trained by China?s war-loving generals. The Pentagon knows: They?ll add trillions to our budgets, taxes and deficits, preparing for future wars. Forget cuts. Hackers score many victories disabling Taiwan: ?Early-warning satellites detect the infrared bloom of 25 ballistic missiles launched from the Chinese mainland. Five detonate in orbit, shredding American communication and imaging satellites ? partially blinds U.S. forces.? So much for all that money wasted on a satellite defense system. The pace of Sofge?s thriller accelerates like the final swift dogfight in ?Top Gun:? China?s ?20 remaining missiles re-enter the atmosphere over Okinawa ? Kadena?s Patriot batteries fire missiles ? but they are off-network ? in disarray. Ten missiles are struck by multiple interceptors ? equal number slip through ? hit Kadena. ? GPS-guided warheads contain bomblets ? crater the base?s two runways ? air-bursts devastating barracks, radar arrays and hangars ? F-15s on the way ? F-22 stealth fighters now cannot land on the bases shattered runways ? Kadena?s satellites gone, the Nimitz and its flotilla of eight escorts ? Aegis-guided missile destroyers ? submarines ? steaming toward an enemy possessing one of the world?s largest submarine fleets ? an arsenal of land-, air- and sea-launched anti-ship missiles.? Want more? Read Sofge?s ?China?s Secret War Plan? thriller in the December 2010 Popular Mechanics. See how America could lose WWIII to China ? in less than a day. But Sofge hedges: ?Chances are that a war between China and the United States will not happen in 2015, or at any other time. Under normal circumstances, a war for Taiwan would simply be too costly for either side to wage, especially given the chance of nuclear escalation. But circumstances are not always normal.? In fact, history tells us wars are never ?normal,? always unpredictable. Imagine this new cyber war, with an ?army of Chinese hackers? beating America?s high-tech and very high-cost military. China vs. USA, WWIII. Too costly? That never stops nations. Especially when leaders on both sides have macho egos, love war, act irrational. Add up China?s new stealth bomber, the deterioration of America ego losing those Pentagon war games and a resurgence of neocon war-loving politicians and you have to conclude that taxpayers will keep spending trillions preparing for the next global war, years in advance. If not with China in 2015, then with some other boogeyman lurking the dark shadows of our collective brains, bad guys that will dominate the thinking of military generals for decades to come, for as the Bush Pentagon put it: ?By 2020, warfare will define human life.? So to be ever-vigilant, we?ll spend trillions, prepare for anything, anyone, anytime. Why? We love war! Copyright ? 2011 MarketWatch, Inc. All rights reserved. From rforno at infowarrior.org Sat Feb 12 20:56:26 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Feb 2011 21:56:26 -0500 Subject: [Infowarrior] - Eighth Circuit declares RAZR a computer under federal law Message-ID: <5B8AED63-B02D-49DC-BCBA-A48AEAA509B8@infowarrior.org> Eighth Circuit declares RAZR a computer under federal law By Michael Gorman posted Feb 12th 2011 9:14PM There's little doubt that today's smartphones are pocketable computers -- they're equally or more powerful than the desktop PCs of yesteryear -- but what about dumbphones? Well, in US v. Kramer, the Eighth Circuit Court of Appeals just held that a Motorola Motorazr V3 fits the federal statutory definition for a computer -- and quoted Woz in the opinion: "Everything has a computer in it nowadays." Seems a bit silly to call a RAZR a computer, but courts can only interpret existing laws, not make new ones -- and US law says a computer is "an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions." Because this was the first time a federal appeals court had ruled on the issue, the Eighth Circuit set a precedent that other courts are likely to follow. And yes, the court is aware such a definition may include microwaves and coffee makers, and informed Congress that it should change the law if it doesn't like it. Regardless of whether you agree, this interpretation added some jail time for a guy who pled guilty to trying to engage in sexual activity with a minor, so the mild absurdity of it all is fine by us. Somewhere Chris Hansen is smiling. http://www.engadget.com/2011/02/12/eighth-circuit-declares-razr-a-computer-under-federal-law/ From rforno at infowarrior.org Sun Feb 13 08:13:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Feb 2011 09:13:58 -0500 Subject: [Infowarrior] - Lost iPhone? Lost Passwords! / Practical Consideration of iOS Device Encryption Security Message-ID: <00297832-5BB6-4783-99C3-1B9AEAF6C50A@infowarrior.org> (c/o MS) Lost iPhone? Lost Passwords! Practical Consideration of iOS Device Encryption Security Jens Heider, Matthias Boll Fraunhofer Institute for Secure Information Technology (SIT) February 9, 2011 Abstract The paper highlights risks that accompany losing a locked iOS device regarding con?dentiality of passwords stored in the keychain. It presents results of hands- on tests that show the possibility for attackers to reveal some of the keychain entries. For the described approach, the knowledge of the user's secret pass- code is not needed, as the protection provided by the passcode is bypassed. http://www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf From rforno at infowarrior.org Sun Feb 13 09:08:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Feb 2011 10:08:15 -0500 Subject: [Infowarrior] - The Dirty Little Secrets of Search Message-ID: <005203CF-0A02-4EE1-A4C1-7CA8CC954E00@infowarrior.org> February 12, 2011 The Dirty Little Secrets of Search By DAVID SEGAL http://www.nytimes.com/2011/02/13/business/13search.html PRETEND for a moment that you are Google?s search engine. Someone types the word ?dresses? and hits enter. What will be the very first result? There are, of course, a lot of possibilities. Macy?s comes to mind. Maybe a specialty chain, like J. Crew or the Gap. Perhaps a Wikipedia entry on the history of hemlines. O.K., how about the word ?bedding?? Bed Bath & Beyond seems a candidate. Or Wal-Mart, or perhaps the bedding section of Amazon.com. ?Area rugs?? Crate & Barrel is a possibility. Home Depot, too, and Sears, Pier 1 or any of those Web sites with ?area rug? in the name, like arearugs.com. You could imagine a dozen contenders for each of these searches. But in the last several months, one name turned up, with uncanny regularity, in the No. 1 spot for each and every term: J. C. Penney. The company bested millions of sites ? and not just in searches for dresses, bedding and area rugs. For months, it was consistently at or near the top in searches for ?skinny jeans,? ?home decor,? ?comforter sets,? ?furniture? and dozens of other words and phrases, from the blandly generic (?tablecloths?) to the strangely specific (?grommet top curtains?). This striking performance lasted for months, most crucially through the holiday season, when there is a huge spike in online shopping. J. C. Penney even beat out the sites of manufacturers in searches for the products of those manufacturers. Type in ?Samsonite carry on luggage,? for instance, and Penney for months was first on the list, ahead of Samsonite.com. With more than 1,100 stores and $17.8 billion in total revenue in 2010, Penney is certainly a major player in American retailing. But Google?s stated goal is to sift through every corner of the Internet and find the most important, relevant Web sites. Does the collective wisdom of the Web really say that Penney has the most essential site when it comes to dresses? And bedding? And area rugs? And dozens of other words and phrases? The New York Times asked an expert in online search, Doug Pierce of Blue Fountain Media in New York, to study this question, as well as Penney?s astoundingly strong search-term performance in recent months. What he found suggests that the digital age?s most mundane act, the Google search, often represents layer upon layer of intrigue. And the intrigue starts in the sprawling, subterranean world of ?black hat? optimization, the dark art of raising the profile of a Web site with methods that Google considers tantamount to cheating. Despite the cowboy outlaw connotations, black-hat services are not illegal, but trafficking in them risks the wrath of Google. The company draws a pretty thick line between techniques it considers deceptive and ?white hat? approaches, which are offered by hundreds of consulting firms and are legitimate ways to increase a site?s visibility. Penney?s results were derived from methods on the wrong side of that line, says Mr. Pierce. He described the optimization as the most ambitious attempt to game Google?s search results that he has ever seen. ?Actually, it?s the most ambitious attempt I?ve ever heard of,? he said. ?This whole thing just blew me away. Especially for such a major brand. You?d think they would have people around them that would know better.? < -- > http://www.nytimes.com/2011/02/13/business/13search.html From rforno at infowarrior.org Mon Feb 14 07:19:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Feb 2011 08:19:21 -0500 Subject: [Infowarrior] - DHS Op-Ed: A Civil Perspective on Cybersecurity Message-ID: Op-Ed: A Civil Perspective on Cybersecurity ? By Jane Holl Lute and Bruce McConnell ? February 14, 2011 | ? 7:00 am | ? Categories: Op-Ed http://www.wired.com/threatlevel/2011/02/dhs-op-ed/all/1 Jane Holl Lute is the Deputy Secretary of Homeland Security. Bruce McConnell is a Senior Counselor at the Department. How important is cyberspace? It is hardly possible to overstate it. The internet is an engine of immense wealth creation, a force for openness, transparency, innovation and freedom. Without it, generators stop turning, phones fall silent, critical goods sit on loading docks. Without confidence in the integrity of financial data or health information, the economy trembles. Without connectivity, tens of thousands of communities disappear from view; a deployed solider cannot see her daughter?s swim victory, a multiple sclerosis patient is unable to confer with others about the latest medications, and first responders face an unknown chemical spill untethered. Cyberspace functions as the very endoskeleton of modern life. So it?s no surprise that when bad actors emerge to exploit or threaten it ? whether profit-driven criminals, electronic saboteurs or international espionage rings ? there?s a temptation to define the threat in the strongest and simplest terms. These days, some observers are pounding out a persistent and mounting drumbeat of war, calling for preparing the battlefield, even saying that the United States is already fully into a ?cyberwar,? that it is, in fact, losing. We disagree. Cyberspace is not a war zone. Conflict and exploitation are present there, to be sure, but cyberspace is fundamentally a civilian space ? a neighborhood, a library, a marketplace, a school yard, a workshop ? and a new, exciting age in human experience, exploration and development. Portions of it are part of America?s defense infrastructure, and these are properly protected by soldiers. But the vast majority of cyberspace is civilian space. We?re not just talking about the internet here. Complicated and vast, cyberspace is a rapidly growing, interconnected array of information and communications technologies (ICT), characterized by distributed ownership, dynamic connectivity, and diverse systems; its shape shifts instantaneously and organically. Though it relies on machines ? e.g., servers ? that are each physically somewhere, connected by communications technology that spans the globe, cyberspace is a place where geography matters differently, the reach of national law is incomplete, and the role of nation-states in its security is an open question. Cyberspace is a new domain of human activity, and vital to the American way of life. For Americans to be able to act with confidence in cyberspace, it must be made more secure ? an urgent outcome that requires a broadly distributed effort. Government must play an appropriate role, the contours of which society is still defining. Given cyberspace?s overwhelmingly civilian nature, the Department of Homeland Security has an important role to play, and we explore that here. Cybersecurity Needs a Distributed Approach No single actor has the capability to secure the largely privately owned virtual world that straddles national boundaries. Nor, for that matter, is such a role desirable. Indeed, considerable cybersecurity expertise exists in every part of the world. For our part, the United States is fortunate to have tremendous cybersecurity capabilities in private industry as well as across the federal government. By law and policy, the Department of Homeland Security (DHS) has two specific roles in U.S. cybersecurity: to protect the federal executive branch civilian agencies (the ?dot-gov?), and to lead the protection of critical cyberspace. And so today, for example, DHS? National Cybersecurity and Communications Integration Center is the hub of daily cyberincident management for the U.S. In addition, the Department of Defense, and in particular, the National Security Agency, is a unique national security resource and an essential participant in national, or global, cybersecurity solutions. Other U.S. government agencies also have significant capabilities. For example, U.S. law enforcement agencies, including the FBI, Immigration and Customs Enforcement, and the Secret Service have considerable experience and expertise in investigating cybercrimes and in identifying, pursuing, capturing and successfully prosecuting cybercriminals. Moreover, U.S. multinational firms operate global computer networks that are equipped to detect and respond to cyberintrusions and attacks. The combined knowledge of what?s happening on these networks is a resource that can inform all network defenders of the current operational picture. If the U.S. is to succeed in securing our identities and our information in cyberspace, it must build a system where the distributed nature of cyberspace is used in its own protection. With this perspective, for example, DHS has launched a national campaign ? ?Stop|Think|Connect? ? to cultivate a collective sense of cyber?civic duty. The message begins with a simple wisdom: to ensure cybersecurity for all of us, each of us must play our part. Beginning with individual users, each of us must take the basic steps necessary to maintain our computers and our cyberlives in safety, just as conscientious drivers maintain their currency with driving laws, keep their tires properly inflated, and pay attention to highway conditions. Nearly everyone practices at least some level of cybersecurity, but these measures must also get easier; they are simply too hard right now. Organizations and enterprises have similar responsibilities. Senior management in each and every office, company and department, whether private or public, must take responsibility for the protection of its own systems and information, by fielding up-to-date security technology, training employees to avoid common vulnerabilities, and reporting cybercrime when it occurs. For its part, the ICT industry must continue to innovate and improve security. Network, software, hardware and related service providers must accept the responsibilities that go with the considerable power they wield in cyberspace. Security must be built in, not added on; products must be shipped with strong security already activated, not disabled or inert; supply chains should be constructed to reduce the risk of product diversion or corruption; and, beyond the ICT industry, critical infrastructure providers must adopt security measures consistent with the threat. The demand for cybersecurity solutions is hardly decreasing; U.S. companies should lead the global market, creating jobs and making money. Defining the Role for Government While America is deeply reliant on cyberspace, the health of this critical ecosystem is itself a work in progress. Indeed, tomorrow?s threats and defensive capabilities have probably not yet been invented. Government must engage: to secure government systems, assist the private sector in securing itself, enforce the law, and lay the policy foundation for future success. Where industry lags, policy change can incentivize key actions. Today?s environment does not, for example, adequately incentivize companies to write secure software. This must change. In addition to taking these kinds of immediate steps, government has a role in the longer-term effort needed to change the structure of the internet and to leverage machines? very capabilities to enable agile, real-time notification, protection, quarantine, and response, subject to human-directed policies and controls. Not everyone agrees with this approach. At one end of the spectrum, some say cybersecurity should be left to the market; that government should abstain from taking a stronger role vis-?-vis the private sector, so as not to stifle innovation or hurt U.S. competitiveness. We disagree. The market will not solve all problems. Indeed, in no other field does the market carry such a burden, nor should it be expected to here. At the other end, you have the clarion call to treat cyberspace as a theater in a war. If only it were so simple. We believe that the integrity, confidentiality and availability of information, systems and identities in such an environment must rest on a framework in which users, industry and government assume shared responsibility. There are no single-point solutions; rather, what is needed is a participatory framework in which the rules are clear, security is practical, and accountability is enforced ? nationally as well as globally. DHS has set out on a path to help build a cyber-environment that supports a secure and resilient infrastructure, enables innovation and prosperity, and protects openness, privacy and civil liberties by design. By bringing together other government agencies ? including at the state and local level ? private sector and non-governmental organizations, and countless individuals, DHS is enhancing today?s cybersecurity and building tomorrow?s. Over the longer term, DHS is focused on changing the entire cyber-ecosystem ? not just technology, but also policy, procedure, practice, and law ? to ensure that everything important in cyberspace is fundamentally more secure. In close partnership with other agencies and the private sector, we are deploying the National Cybersecurity Protection System ? of which the EINSTEIN intrusion detection system is a key component ? to block malicious actors from accessing federal executive branch civilian agencies, while working closely with those agencies to bolster their own defensive capabilities. In doing so, we are creating layers of protection that will detect and avoid damage from a broad spectrum of threats. DHS also leads the effort to protect the nation?s critical information infrastructure ? the systems and networks that support the financial services industry, the electric power industry, and defense industrial base, to name a few. DHS is working with the federal agencies that have primary responsibility for each sector of the economy to ensure that the private sector has access to the technical resources it needs to protect itself, and that the government and industry are collaborating as partners to solve common problems. For example, DHS has spearheaded the development of the first-ever National Cybersecurity Incident Response Plan (NCIRP), for those times when passive defense does not suffice and a more active response is required. This plan, which was recently tested during the CyberStorm III national exercise, enables DHS to coordinate the response of multiple federal agencies, state and local governments, and hundreds of private firms, to incidents of all levels of severity. In all that we do, we are working to develop and leverage the position of the federal government to align incentives with the outcomes we want as a nation. Likewise, to address global shifts in technology and expectations, we believe any rules should set outcomes, not means. Such rules would apply regardless of technology, allow ample space for innovation, be clear, fair and broadly supported, and respect and reflect the richness of our diverse society. Having said this, we do not believe in cumbersome rule-making where the market is capable of acting more speedily and effectively ? few changes would be more profound, for example, than broad adoption of voluntary, interoperable, privacy-enhancing authentication. To build consensus for the future, DHS is working to stimulate and promote a broad public conversation about the nature of security and conflict in cyberspace. Such a national dialogue must consider the future of cyberspace and the role of government in shaping, safeguarding, protecting and preserving rights and freedoms there. How far should government?s role extend? When, if ever, should government actively defend privately owned infrastructure assets? Do companies even need help from the government and, if yes, what do they need? How should government encourage firms to protect themselves and each other? In other words, is more government needed here, or less? In what areas? Questions like these are central to the future, and DHS is reaching out to partners at all levels to focus on them and translate that focus into solutions. Our message is simple: cyberspace is vital to the American way of life, and DHS is positioning itself to do everything it can to build a cyber-ecosystem that is secure. Yet, we know that we cannot do all that needs doing. Responsibility for cybersecurity begins with each individual user and extends out to every business, school, and other civic and private enterprise. We believe in the vision ? indeed, in the imperative, of an open internet. Yet, it cannot be an internet that is open but not secure, and we most assuredly do not want an internet that is secure but not open. We also believe that we ? all of us ? must move now, deliberately and thoughtfully, to realize this vision ? a vision of confidence, not control. The stakes are high. Criminals and hostile governments are putting their very best minds to work here. We must do the same so that cyberspace becomes a safe, secure, and resilient place where the American way of life can thrive. From rforno at infowarrior.org Mon Feb 14 07:28:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Feb 2011 08:28:38 -0500 Subject: [Infowarrior] - French LOPPSI Bill Adopted: The Internet under Control? Message-ID: French LOPPSI Bill Adopted: The Internet under Control? Submitted on 09 February 2011 Paris, February 8th 2011 ? Yesterday afternoon, the French Parliament voted the LOPPSI bill whose 4th article1 enables administrative censorship of the Internet, using child protection as a Trojan horse. Over time, such an extra-judiciary set-up will enable a generalized censorship of all Internet content. Consistent with Nicolas Sarkozy projects for a ?Civilized Internet?, administrative censorship of the Internet opens the door to dangerous abuse while leaving pedophiles and pedo-pornography to prosper. The National Assembly and the Senate have definitely adopted the ultra-securitarian LOPPSI bill, notably its 4th article which implements administrative filtering of the Internet in the guise of fighting online pedopornography. However, blocking access to websites will not prevent in any way criminals producing and distributing these contents to thrive2. This is a false pretense to legitimate administrative filtering of the Internet, and to deploy a technical infrastructure for censorship. Nobody will be able to control the way these filtering processes are set up, not even a judge, and it will be impossible to file a complaint given the fact that the blacklist will be kept secret. As the recent Tunisian and Egyptian events have shown, the role of Freedom of Speech on the Internet is vital to democracy. In both countries, these events have also shown how ineffective targeted filtering is. In Egypt, the ongoing ineffectiveness of filtering pushed the regime to to kill all access to the Internet, a measure on which it had to backtrack a few days later on its own accord. La Quadrature du Net is outraged to see the Parliament follow ? though for other reasons ? the same absurd and dangerous path. http://www.laquadrature.net/en/french-loppsi-bill-adopted-the-internet-under-control From rforno at infowarrior.org Mon Feb 14 18:07:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Feb 2011 19:07:54 -0500 Subject: [Infowarrior] - House passes 'Patriot Act' extension Message-ID: <0F89E80B-AC2A-4A46-8640-C48665CFDE48@infowarrior.org> Tell Your Senators Not to Rubber-Stamp the PATRIOT Act! https://secure.eff.org/site/Advocacy?cmd=display&page=UserAction&id=463 Despite the valiant efforts of liberty-defending congresspersons from both political parties, the House of Representatives just passed an extension of the three USA PATRIOT Act surveillance powers that were set to "sunset" at the end of February by a vote of 275 to 144. Now, the Senate is our last hope to stop PATRIOT renewal and obtain meaningful PATRIOT reform. The Senate will be voting on PATRIOT extensions any day now, so contact your Senators today and urge them to vote NO on the PATRIOT Act! On Monday, February 14, 2011, the House passed H.R. 514 to once again extend the three expiring PATRIOT powers--"lone wolf" wiretapping, "roving" wiretapping, and "Section 215" secret orders for Internet and business records--until December 8, 2011. The last time Congress extended the PATRIOT Act, in February 2010, Congressional leaders justified the decision by saying it would give Congress the time to fully consider a range of PATRIOT reform proposals. But in a sneak attack on your civil liberties, the just-passed PATRIOT extension bill--which doesn't contain a single new reform to protect your rights--was quickly rammed through the House with no hearings, no Committee meetings, no reform amendments allowed, and hardly any debate before the vote. Now, the Senate is our last hope to avoid a rubber-stamp PATRIOT renewal and obtain meaningful PATRIOT reform. Three PATRIOT bills have been introduced in the Senate, and the Senate leadership will have to decide whether one of those bills--or the House bill--will go to the Senate floor for a vote before the end of the month. All of those bills would extend the PATRIOT Act for some period of time, but only one of those bills, S. 193 from Senator Leahy (D-Vt.), also contains important new reforms to provide more oversight and accountability over how the government is using its PATRIOT powers. Meanwhile, Senator Grassley (R-Iowa) has predictably introduced a bill to extend the PATRIOT powers *permanently*, while Senator Feinstein (D-Ca.) has undermined Senator Leahy's reform effort by introducing a bill that contains absolutely no reforms and would extend both PATRIOT *and* the far more dangerous FISA Amendments Act of 2008 until 2013. Particularly in light of continuing revelations about the extent of the government's abuse of its PATRIOT powers, most recently in the EFF "Patterns of Misconduct" report issued late last month, the expiring PATRIOT Act provisions should not be renewed without any new checks and balances to prevent abuse and protect civil liberties. The Senate will be voting on a bill any day, so contact your Senators now to ask them to support the reforms in Senator Leahy's USA PATRIOT Act Sunset Extension Act of 2011 (S.193), and to oppose Senator Feinstein?s S. 289 or any other bill that would extend the PATRIOT Act or the FISA Amendments Act! From rforno at infowarrior.org Mon Feb 14 18:35:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Feb 2011 19:35:00 -0500 Subject: [Infowarrior] - CRS Questions the Open Government Initiative Message-ID: <260491E2-3A29-424E-878B-35C2F842CD42@infowarrior.org> CRS Questions the Open Government Initiative http://www.fas.org/blog/secrecy/2011/02/crs_open_gov.html http://www.fas.org/blog/secrecy/?p=4958 The Congressional Research Service took a decidedly skeptical view of the Obama Administration?s Open Government Initiative in a recently updated report (pdf). The report called into question not only the implementation of the Administration?s transparency policy but also its underlying rationale. ?Arguably, releasing previously unavailable datasets to the public increases transparency,? the report granted. ?The new datasets offer the public more information than was previously available, making the particular issue area more transparent. But this type of transparency does not give Congress or the public much insight into how the federal government itself operates or executes policies,? the CRS report said. Thus, ?the dataset on child safety seats released by the National Traffic Highway Safety Administration (NTHSA), for example, increases public knowledge of child safety seats and may inform a consumer?s future purchases, but it does not affect the general transparency of NHTSA?s operations.? But even bona fide transparency may not be altogether positive, the CRS report suggested. ?Increased transparency and mandatory public participation requirements can slow down government operations by elongating the deliberative process. Increased participation may increase trust in the federal government while concurrently reducing the speed of government action. Additionally, increased government transparency may prompt security and privacy concerns.? In lieu of any conclusion, the CRS report equivocated that ?Congress can decide whether to codify any of the new Obama Administration transparency policies. On the other hand, Congress can decide whether to enact a law prohibiting the implementation of any of the open government policies. Congress could also leave these policy decisions up to the executive branch.? The bulk of the CRS report was written last year, but it was updated last month. See ?The Obama Administration?s Open Government Initiative: Issues for Congress,? January 28, 2011. Last week, the Obama Administration withdrew a pending proposal to enhance federal contract transparency. ?Incredibly, today?s decision would seem to place the Obama Administration in opposition [to] subsequent transparency legislation co-sponsored by then-Senator Obama,? wrote Scott Amey of the Project on Government Oversight. From rforno at infowarrior.org Mon Feb 14 20:54:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Feb 2011 21:54:29 -0500 Subject: [Infowarrior] - U.S. Policy to Address Internet Freedom Message-ID: February 14, 2011 U.S. Policy to Address Internet Freedom By MARK LANDLER http://www.nytimes.com/2011/02/15/world/15clinton.html?pagewanted=print WASHINGTON ? Days after Facebook and Twitter added fuel to a revolt in Egypt, the Obama administration plans to announce a new policy on Internet freedom, designed to help people get around barriers in cyberspace while making it harder for autocratic governments to use the same technology to repress dissent. The State Department?s policy, a year in the making, has been bogged down by fierce debates over which projects it should support, and even more basically, whether to view the Internet primarily as a weapon to topple repressive regimes or as a tool that autocrats can use to root out and crush dissent. Secretary of State Hillary Rodham Clinton, who will lay out the policy in a speech on Tuesday, acknowledged the Internet?s dual role in an address a year ago, and administration officials said she would touch on that theme again, noting how social networks were used by both protesters and governments in the uprisings in Tunisia, Egypt and other Arab countries. The State Department plans to finance programs like circumvention services, which enable users to evade Internet firewalls, and training for human rights workers on how to secure their e-mail from surveillance or wipe incriminating data from cellphones if they are detained by the police. Though the policy has been on the drawing board for months, it has new urgency in light of the turmoil in the Arab world, because it will be part of a larger debate over how the United States weighs its alliances with entrenched leaders against the young people inspired by the events in Tunisia and Egypt. Administration officials say that the emphasis on a broad array of projects ? hotly disputed by some technology experts and human rights activists ? reflects their view that technology can be a force that leads to democratic change, but is not a ?magic bullet? that brings down repressive regimes. ?People are so enamored of the technology,? said Michael H. Posner, the assistant secretary of state for democracy, human rights and labor. ?People have a view that technology will make us free. No, people will make us free.? Critics say the administration has dawdled for more than a year, holding back $30 million in Congressional financing that could have gone to circumvention technology, a proven method that allows Internet users to evade government firewalls by routing their traffic through proxy servers in other countries. Some of these services have received modest financing from the government, but their backers say they need much more to install networks capable of handling millions of users in China, Iran and other countries. A report by the Republican minority of the Senate Foreign Relations Committee, to be released Tuesday, said the State Department?s performance was so inadequate that the job of financing Internet freedom initiatives ? at least those related to China ? should be moved to another agency, the Broadcasting Board of Governors, which oversees Voice of America and Radio Free Europe. ?Certainly, the State Department took an awfully long time to get this out,? said Rebecca MacKinnon, a former CNN correspondent and expert on Internet freedom issues who is now a senior fellow at the New America Foundation. ?They got so besieged by the politics of what they should be funding.? There are other contradictions in the State Department?s agenda: it champions the free flow of information, except when it is in secret cables made public by WikiLeaks; it wants to help Chinese citizens circumvent their government?s Internet firewall, but is leery of one of the most popular services for doing so, which is sponsored by Falun Gong, a religious group outlawed by Beijing as an evil cult. In the long months the government has wrestled with these issues, critics said, the Iranian government was able to keep censoring the Internet, helping it muffle the protests that followed its disputed presidential election in 2009. Mr. Posner, a longtime human rights advocate, acknowledges that the process has been long and occasionally messy. But he contends that over the past year, the administration has developed a coherent policy that takes account of the rapidly evolving role the Internet plays in closed societies. The State Department has received 68 proposals for nearly six times the $30 million in available funds. The department said it would take at least two months to evaluate proposals before handing out money. Among the kinds of things that excite officials are ?circuit riders,? experts who tour Internet cafes in Myanmar teaching people how to set up secure e-mail accounts, and new ways of dealing with denial-of-service attacks. This does not satisfy critics, who say the lawmakers intended the $30 million to be used quickly ? and on circumvention. ?The department?s failure to follow Congressional intent created the false impression among Iranian demonstrators that the regime had the power to disrupt access to Facebook and Twitter,? said Michael J. Horowitz, a senior fellow at the Hudson Institute, who lobbies on behalf of the Global Internet Freedom Consortium, a circumvention service with ties to Falun Gong. Mr. Horowitz has organized demonstrations of the service for legislators, journalists and others. On Jan. 27, the day before the Egyptian government cut off access to the Internet, he said there were more than 7.8 million page views by Egyptians on UltraSurf, one of two consumer services under the umbrella of the Global Internet Freedom Consortium. That was a huge increase from only 76,000 on Jan. 22. The trouble, Mr. Horowitz said, is that UltraSurf and its sister service, Freegate, do not have enough capacity to handle sudden spikes in usage during political crises. That causes the speed to slow to a crawl, which discourages users. The companies need tens of millions of dollars to install an adequate network, he said. Under a previous government grant, the group received $1.5 million. But the experience in Egypt points up the limits of circumvention. By shutting down the entire Internet, the authorities were able to make such systems moot. Administration officials point out that circumvention is also of little value in countries like Russia, which does not block the Internet but dispatches the police to pursue bloggers, or in Myanmar, formerly known as Burma, which has developed sophisticated ways to monitor e-mail accounts. Ron Deibert, the director of the Citizen Lab at the University of Toronto, said that governments had been shifting from blocking the Internet to hacking and disabling it. Even in the United States, he noted, the Senate is considering a bill that would allow the president to switch off the Internet in the event of a catastrophic cyberattack. ?When you create an Internet kill switch,? he said, ?that has implications for people in Egypt, Belarus and other places.? From rforno at infowarrior.org Tue Feb 15 06:31:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Feb 2011 07:31:25 -0500 Subject: [Infowarrior] - More on Gregory Evans Message-ID: <6F08B0AF-96EF-4466-840B-7086929031AC@infowarrior.org> Questions Surface About Computer Security Specialist's Credentials Tough questions for a man who claims to be one of the world's top computer security experts. You may have seen him giving advice on Fox News and CNN. He's even appeared on this station. But a CBS Atlanta investigation has turned up shocking details that may make you think twice before hiring him to protect your computer. http://www.cbsatlanta.com/local-video/index.html?grabnetworks_video_id=4539270 More reading: http://attrition.org/errata/charlatan/gregory_evans/ From rforno at infowarrior.org Tue Feb 15 06:57:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Feb 2011 07:57:51 -0500 Subject: [Infowarrior] - Nine traits of the veteran Unix admin Message-ID: <5FF3E1A0-C873-4D59-88E6-873E335AA3CB@infowarrior.org> (c/o MC) Disclosure: I agree with these (but don't do Angry Birds) however I make no bones about saying I prefer pico/pine to vi, emacs, and such. We all go with what we feel most comfortable with, even if the mere discussion of said preferences ends up looking like a dogmatic religious debate. :) --- rick Nine traits of the veteran Unix admin By Paul Venezia Created 2011-02-14 03:00AM http://www.infoworld.com/print/151276 Last week I briefly departed from reality, thanks to the inexplicable actions of the CRTC [1], but this week, I'm off the drugs and back on terra firma -- sort of. Anyway, to celebrate my return to the land of the sane, I thought I'd tick off a few hallmarks of veteran Unix admins, so you have a better chance of spotting these rare, beautiful creatures in the wild. Here is their song. Veteran Unix admin trait No. 1: We don't use sudo Much like caps lock is cruise control for cool, sudo is a crutch for the timid. If we need to do something as root, we su to root, none of this sudo nonsense. In fact, for Unix-like operating systems that force sudo upon all users, the first thing we do is sudo su - and change the root password so that we can comfortably su - forever more. Using sudo exclusively is like bowling with only the inflatable bumpers in the gutters -- it's safer, but also causes you to not think through your actions fully. [ Also on InfoWorld: Read Paul Venezia's tips on how to become an IT ninja [2]. | Check out Paul Venezia's five-year plan to tackle the 8 problems IT must solve [3]. ] Veteran Unix admin trait No. 2: We use vi, not emacs, and definitely not pico or nano While we know that emacs is near and dear to the hearts of many Unix admins, it really is the Unix equivalent of Microsoft Word. Vi -- and explicitly vim -- is the true tool for veteran Unix geeks who need to get things done and not muck about with the extraneous nonsense that comes with emacs. Emacs has a built-in game of Tetris, for crying out loud. I'll grudgingly admit that the bells and whistles in vim such as code folding and syntax highlighting might be considered fluff, but at the end of the day, real Unix work blends extremely well with vi's modal editing concepts. In addition, its svelte size and universal portability make it the One True Editor. Thanks Bill, thanks Bram. Veteran Unix admin trait No. 3: We wield regular expressions like weapons To the uninitiated, even the most innocuous regex looks like the result of nauseous keyboard. To us, however, it's pure poetry. The power represented in the complexity of pcre (Perl Compatible Regular Expressions) cannot be matched by any other known tool. If you need to replace every third character in a 100,000-line file, except when it's followed by the numeral 4, regular expressions aren't just a tool for the job -- they're the only tool for the job. Those that shrink from learning regex do themselves and their colleagues a disservice on a daily basis. In just about every Unix shop of reasonable size, you'll find one or two guys regex savants. These poor folks constantly get string snippets in their email accompanied by plaintive requests for a regex to parse them, usually followed by a promise of a round of drinks that never materializes. Veteran Unix admin trait No. 4: We're inherently lazy When given a problem that appears to involve lots of manual, repetitive work, we old-school Unix types will always opt to write code to take care of it. This usually takes less time than the manual option, but not always. Regardless, we'd rather spend those minutes and hours constructing an effort that can be referenced or used later, rather than simply fixing the immediate problem. Usually, this comes back to us in spades when a few years later we encounter a similar problem and can yank a few hundred lines of Perl [4] from a file in our home directory, solve the problem in a matter of minutes, and go back to analyzing other code for possible streamlining. Or playing Angry Birds. Veteran Unix admin trait No. 5: We prefer elegant solutions If there are several ways to fix a problem or achieve a goal, we'll opt to spend more time developing a solution that encompasses the actual problem and preventing future issues than simply whipping out a Band-Aid. This is related to the fact that we loathe revisiting a problem we've already marked "solved" in our minds. We figure that if we can eliminate future problems now by thinking a few steps ahead, we'll have less to do down the road. We're usually right. Veteran Unix admin trait No. 6: We generally assume the problem is with whomever is asking the question To reach a certain level of Unix enlightenment is to be extremely confident in your foundational knowledge. It also means we never think that a problem exists until we can see it for ourselves. Telling a veteran Unix admin that a file "vanished" will get you a snort of derision. Prove to him that it really happened and he'll dive into the problem tirelessly until a suitable, sensible cause and solution are found. Many think that this is a sign of hubris or arrogance. It definitely is -- but we've earned it. Veteran Unix admin trait No. 7: We have more in common with medical examiners than doctors When dealing with a massive problem, we'll spend far more time in the postmortem [5] than the actual problem resolution. Unless the workload allows us absolutely no time to investigate, we need to know the absolute cause of the problem. There is no magic in the work of a hard-core Unix admin; every situation must stem from a logical point and be traceable along the proper lines. In short, there's a reason for everything, and we'll leave no stone unturned until we find it. To us, it's easy to stop the bleeding by HUPping a process or changing permissions on a file or directory to 777, but that's not the half of it. Why did the process need to be restarted? That shouldn't have been necessary, and we need to know why. Veteran Unix admin trait No. 8: We know more about Windows than we'll ever let on Though we may not run Windows on our personal machines or appear to care a whit about Windows servers, we're generally quite capable at diagnosing and fixing Windows problems. This is because we've had to deal with these problems when they bleed over into our territory. However, we do not like to acknowledge this fact, because most times Windows doesn't subscribe to the same deeply logical foundations as Unix, and that bothers us. See traits No. 5 and 6 above. Veteran Unix admin trait No. 9: Rebooting is almost never an option Unix boxes don't need reboots. Unless there's absolutely no other option, we'll spend hours fixing a problem with a running system than give it a reboot. Our thinking here is there's no reason why a reboot should ever be necessary other than kernel or hardware changes, and a reboot is simply another temporary approach to fixing the problem. If the problem occurred once and was "fixed" by a reboot, it'll happen again. We'd rather fix the problem than simply pull the plug and wait for the next time. If some of these traits seem antisocial or difficult to understand from a lay perspective, that's because they are. Where others may see intractable, overly difficult methods, we see enlightenment, born of years of learning, experience, and most of all, logic. This story, "Nine traits of the veteran Unix admin [6]," was originally published at InfoWorld.com [7]. Read more of Paul Venezia's The Deep End blog [8] at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter [9]. Source URL (retrieved on 2011-02-15 04:49AM): http://www.infoworld.com/t/unix/nine-traits-the-veteran-unix-admin-276 Links: [1] http://www.infoworld.com/t/regulation/terror-in-the-north-canada-loses-grip-reality-364 [2] http://www.infoworld.com/t/education-and-skills/how-become-certified-it-ninja-962?source=fssr [3] http://www.infoworld.com/d/adventures-in-it/five-year-plan-8-problems-it-must-solve-508?source=fssr [4] http://www.infoworld.com/t/languages-and-standards/whatever-happened-perl-012 [5] http://www.infoworld.com/d/adventures-in-it/best-way-conduct-it-postmortem-221 [6] http://www.infoworld.com/t/unix/nine-traits-the-veteran-unix-admin-276?source=footer [7] http://www.infoworld.com/?source=footer [8] http://www.infoworld.com/d/hardware/blogs?source=footer [9] http://twitter.com/#!/infoworld From rforno at infowarrior.org Tue Feb 15 07:03:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Feb 2011 08:03:38 -0500 Subject: [Infowarrior] - Online Appliance Shop Makes Customers Sign Agreement Threatening Criminal Libel Suits For Negative Reviews Message-ID: Online Appliance Shop Makes Customers Sign Agreement Threatening Criminal Libel Suits For Negative Reviews from the that's-called-lying dept http://www.techdirt.com/articles/20110214/01405713081/online-appliance-shop-makes-customers-sign-agreement-threatening-criminal-libel-suits-negative-reviews.shtml We've seen all sorts of retailers and service providers trying to cope with the fact that anyone can post reviews of their service online. In fact, we've seen doctors try to use contracts that assign the copyright (ahead of time) of any review over to those doctors, so they can issue a DMCA takedown on any review they don't like. Apparently, some others are simply making up laws. The NY Times covers how an online appliance retailer called Full House Appliances, has not only added a long, and legally questionable, terms of service to anyone who makes a purchase, but it also threatens those who make a negative review with felony libel charges. Of course, as the article notes, these terms of service are all bark and no bite. Washington state, where the retailer is located, does not recognize libel as a criminal issue, so there is no "felony libel" there, despite the claims to the contrary. Furthermore, just because you agree to a terms of service like that, it still doesn't make a negative review libel unless there's actually libelous statements in the review. The guy who runs the site (who wouldn't give his real name to the reporter) doesn't seem to care. He's just trying to scare off anyone who writes a negative review. Of course, all that should really do is scare off anyone from bothering to order from him. If someone presents you with a terms of service that threaten you with criminal charges for writing a negative review, it seems that would be a pretty clear sign that it's time to find a different retailer. Those terms seem like a bigger negative review than anything else out there. Of course, I'm also wondering if he's violating the law himself in threatening people with criminal charges based on absolutely nothing... From rforno at infowarrior.org Wed Feb 16 06:03:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 07:03:30 -0500 Subject: [Infowarrior] - Anonymous speaks: the inside story of the HBGary hack Message-ID: Anonymous speaks: the inside story of the HBGary hack By Peter Bright http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/ From rforno at infowarrior.org Wed Feb 16 06:45:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 07:45:33 -0500 Subject: [Infowarrior] - =?windows-1252?q?Egypt_Leaders_Found_=91Off=92_Sw?= =?windows-1252?q?itch_for_Internet?= Message-ID: http://www.nytimes.com/2011/02/16/technology/16internet.html?_r=1&pagewanted=all February 15, 2011 Egypt Leaders Found ?Off? Switch for Internet By JAMES GLANZ and JOHN MARKOFF Epitaphs for the Mubarak government all note that the mobilizing power of the Internet was one of the Egyptian opposition?s most potent weapons. But quickly lost in the swirl of revolution was the government?s ferocious counterattack, a dark achievement that many had thought impossible in the age of global connectedness. In a span of minutes just after midnight on Jan. 28, a technologically advanced, densely wired country with more than 20 million people online was essentially severed from the global Internet. The blackout was lifted after just five days, and it did not save President Hosni Mubarak. But it has mesmerized the worldwide technical community and raised concerns that with unrest coursing through the Middle East, other autocratic governments ? many of them already known to interfere with and filter specific Web sites and e-mails ? may also possess what is essentially a kill switch for the Internet. Because the Internet?s legendary robustness and ability to route around blockages are part of its basic design, even the world?s most renowned network and telecommunications engineers have been perplexed that the Mubarak government succeeded in pulling the maneuver off. But now, as Egyptian engineers begin to assess fragmentary evidence and their own knowledge of the Egyptian Internet?s construction, they are beginning to understand what, in effect, hit them. Interviews with many of those engineers, as well as an examination of data collected around the world during the blackout, indicate that the government exploited a devastating combination of vulnerabilities in the national infrastructure. For all the Internet?s vaunted connectivity, the Egyptian government commanded powerful instruments of control: it owns the pipelines that carry information across the country and out into the world. Internet experts say similar arrangements are more common in authoritarian countries than is generally recognized. In Syria, for example, the Syrian Telecommunications Establishment dominates the infrastructure, and the bulk of the international traffic flows through a single pipeline to Cyprus. Jordan, Qatar, Oman, Saudi Arabia and other Middle Eastern countries have the same sort of dominant, state-controlled carrier. Over the past several days, activists in Bahrain and Iran say they have seen strong evidence of severe Internet slowdowns amid protests there. Concerns over the potential for a government shutdown are particularly high in North African countries, most of which rely on a just a small number of fiber-optic lines for most of their international Internet traffic. A Double Knockout The attack in Egypt relied on a double knockout, the engineers say. As in many authoritarian countries, Egypt?s Internet must connect to the outside world through a tiny number of international portals that are tightly in the grip of the government. In a lightning strike, technicians first cut off nearly all international traffic through those portals. In theory, the domestic Internet should have survived that strike. But the cutoff also revealed how dependent Egypt?s internal networks are on moment-to-moment information from systems that exist only outside the country ? including e-mail servers at companies like Google, Microsoft and Yahoo; data centers in the United States; and the Internet directories called domain name servers, which can be physically located anywhere from Australia to Germany. The government?s attack left Egypt not only cut off from the outside world, but also with its internal systems in a sort of comatose state: servers, cables and fiber-optic lines were largely up and running, but too confused or crippled to carry information save a dribble of local e-mail traffic and domestic Web sites whose Internet circuitry somehow remained accessible. ?They drilled unexpectedly all the way down to the bottom layer of the Internet and stopped all traffic flowing,? said Jim Cowie, chief technology officer of Renesys, a network management company based in New Hampshire that has closely monitored Internet traffic from Egypt. ?With the scope of their shutdown and the size of their online population, it is an unprecedented event.? The engineers say that a focal point of the attack was an imposing building at 26 Ramses Street in Cairo, just two and a half miles from the epicenter of the protests, Tahrir Square. At one time purely a telephone network switching center, the building now houses the crucial Internet exchange that serves as the connection point for fiber-optic links provided by five major network companies that provide the bulk of the Internet connectivity going into and out of the country. ?In Egypt the actual physical and logical connections to the rest of the world are few, and they are licensed by the government and they are tightly controlled,? said Wael Amin, president of ITWorx, a large software development company based in Cairo. One of the government?s strongest levers is Telecom Egypt, a state-owned company that engineers say owns virtually all the country?s fiber-optic cables; other Internet service providers are forced to lease bandwidth on those cables in order to do business. Mr. Cowie noted that the shutdown in Egypt did not appear to have diminished the protests ? if anything, it inflamed them ? and that it would cost untold millions of dollars in lost business and investor confidence in the country. But he added that, inevitably, some autocrats would conclude that Mr. Mubarak had simply waited too long to bring down the curtain. ?Probably there are people who will look at this and say, it really worked pretty well, he just blew the timing,? Mr. Cowie said. Speaking of the Egyptian shutdown and the earlier experience in Tunisia, whose censorship methods were less comprehensive, a senior State Department official said that ?governments will draw different conclusions.? ?Some may take measures to tighten communications networks,? said the official, speaking on the condition of anonymity. ?Others may conclude that these things are woven so deeply into the culture and commerce of their country that they interfere at their peril. Regardless, it is certainly being widely discussed in the Middle East and North Africa.? Vulnerable Choke Points In Egypt, where the government still has not explained how the Internet was taken down, engineers across the country are putting together clues from their own observations to understand what happened this time, and to find out whether a future cutoff could be circumvented on a much wider scale than it was when Mr. Mubarak set his attack in motion. The strength of the Internet is that it has no single point of failure, in contrast to more centralized networks like the traditional telephone network. The routing of each data packet is handled by a web of computers known as routers, so that in principle each packet might take a different route. The complete message or document is then reassembled at the receiving end. Yet despite this decentralized design, the reality is that most traffic passes through vast centralized exchanges ? potential choke points that allow many nations to monitor, filter or in dire cases completely stop the flow of Internet data. China, for example, has built an elaborate national filtering system known as the Golden Shield Project, and in 2009 it shut down cellphone and Internet service amid unrest in the Muslim region of Xinjiang. Nepal?s government briefly disconnected from the Internet in the face of civil unrest in 2005, and so did Myanmar?s government in 2007. But until Jan. 28 in Egypt, no country had revealed that control of those choke points could allow the government to shut down the Internet almost entirely. There has been intense debate both inside and outside Egypt on whether the cutoff at 26 Ramses Street was accomplished by surgically tampering with the software mechanism that defines how networks at the core of the Internet communicate with one another, or by a blunt approach: simply cutting off the power to the router computers that connect Egypt to the outside world. But either way, the international portals were shut, and the domestic system reeled from the blow. The Lines Go Dead The first hints of the blackout had actually emerged the day before, Jan. 27, as opposition leaders prepared for a ?Friday of anger,? with huge demonstrations expected. Ahmed ElShabrawy, who runs a company called EgyptNetwork, noticed that the government had begun blocking individual sites like Facebook and Twitter. Just after midnight on Jan. 28, Mahmoud Amin?s iPhone beeped with an alert that international connections to his consulting company?s Internet system had vanished ? and then the iPhone itself stopped receiving e-mail. A few minutes later, Mr. ElShabrawy received an urgent call telling him that all Internet lines running to his company were dead. It was not long before Ayman Bahaa, director of Egyptian Universities Network, which developed the country?s Internet nearly two decades ago, was scrambling to figure out how the system had all but collapsed between the strokes of 12 and 1. The system had been crushed so completely that when a network engineer who does repairs in Cairo woke in the morning, he said to his family, ?I feel we are in the 1800s.? Over the next five days, the government furiously went about extinguishing nearly all of the Internet links to the outside world that had survived the first assault, data collected by Western network monitors show. Although a few Egyptians managed to post to Facebook or send sporadic e-mails, the vast majority of the country?s Internet subscribers were cut off. The most telling bit of evidence was that some Internet services inside the country were still working, at least sporadically. American University in Cairo, frantically trying to relocate students and faculty members away from troubled areas, was unable to use e-mail, cellphones ? which were also shut down ? or even a radio frequency reserved for security teams. But the university was able to update its Web site, hosted on a server inside Egypt, and at least some people were able to pull up the site and follow the emergency instructions. ?The servers were up,? said Nagwa Nicola, the chief technology officer at American University in Cairo. ?You could reach up to the Internet provider itself, but you wouldn?t get out of the country.? Ms. Nicola said that no notice had been given, and she depicted an operation that appeared to have been carried out with great secrecy. ?When we called the providers, they said, ?Um, hang on, we just have a few problems and we?ll be on again,? ? she said. ?They wouldn?t tell us it was out.? She added, ?It wasn?t expected at all that something like that would happen.? Told to Shut Down or Else Individual Internet service providers were also called on the carpet and ordered to shut down, as they are required to do by their licensing agreements if the government so decrees. According to an Egyptian engineer and an international telecom expert who both spoke on the condition of anonymity, at least one provider, Vodafone, expressed extreme reluctance to shut down but was told that if it did not comply, the government would use its own ?off? switch via the Telecom Egypt infrastructure ? a method that would be much more time-consuming to reverse. Other exchanges, like an important one in Alexandria, may also have been involved. Still, even major providers received little notice that the moves were afoot, said an Egyptian with close knowledge of the telecom industry who would speak only anonymously. ?You don?t get a couple of days with something like this,? he said. ?It was less than an hour.? After the Internet collapsed, Mr. ElShabrawy, 35, whose company provides Internet service to 2,000 subscribers and develops software for foreign and domestic customers, made urgent inquiries with the Ministry of Communications, to no avail. So he scrambled to re-establish his own communications. When he, too, noticed that domestic fiber-optic cables were open, he had a moment of exhilaration, remembering that he could link up servers directly and establish messaging using an older system called Internet Relay Chat. But then it dawned on him that he had always assumed he could download the necessary software via the Internet and had saved no copy. ?You don?t have your tools ? you don?t have anything,? Mr. ElShabrawy said he realized as he stared at the dead lines at his main office in Mansoura, about 60 miles outside Cairo. With the streets unsafe because of marauding bands of looters, he decided to risk having a driver bring $7,000 in satellite equipment, including a four-foot dish, from Cairo, and somehow he was connected internationally again by Monday evening. Steeling himself for the blast of complaints from angry customers ? his company also provides texting services in Europe and the Middle East ? Mr. ElShabrawy found time to post videos of the protests in Mansoura on his Facebook page. But with security officials asking questions about what he was up to, he did not dare hook up his domestic subscribers. Then, gingerly, he reached out to his international customers, his profuse apologies already framed in his mind. The response that poured in astonished Mr. ElShabrawy, who is nothing if not a conscientious businessman, even in turbulent times. ?People said: ?Don?t worry about that. We are fine and we need to know that you are fine. We are all supporting you.? ? From rforno at infowarrior.org Wed Feb 16 07:36:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 08:36:13 -0500 Subject: [Infowarrior] - ABC News: Obama's Media Machine: State Run Media 2.0? Message-ID: (I see this as a 'sign of the times' as opposed to a conspiracy theory ... IMNSHO both partiies involved have brought this situation on themselves. --- rick) Obama's Media Machine: State Run Media 2.0? White House Hones Online Messaging Operation Ahead of 2012 Campaign http://abcnews.go.com/Politics/president-obama-white-house-media-operation-state-run/story?id=12913319&page=2 By DEVIN DWYER WASHINGTON, Feb. 15, 2011 As the 2012 presidential campaign kicks into gear, President Obama's White House media operation is demonstrating an unprecedented ability to broadcast its message through social media and the Internet, at times doing an end-run around the traditional press. The White House Press Office now not only produces a website, blog, YouTube channel, Flickr photo stream, and Facebook and Twitter profiles, but also a mix of daily video programming, including live coverage of the president's appearances and news-like shows that highlight his accomplishments. "Advise the Adviser: Your Direct Line to the White House," the administration's latest online program launched last week, encourages viewers to offer "advice, opinions and feedback on important issues" and promises a response from a senior administration official in return. "We're striving to not just have a passive website where people can read about what's happening but create a method of interaction and feedback," said White House spokesman Josh Earnest. It joins "Open for Questions," a periodic series of live moderated video chats with officials, "West Wing Week," a magazine-style show featuring the president behind the scenes, and other live-streaming events, including an annotated version of the State of the Union address, all intended to more directly disseminate the administration's message. But while these innovative communications tools ostensibly offer greater transparency and openness, critics say they have come at a troublesome expense: less accountability of the administration by the independent, mainstream press. Over the past few months, as White House cameras have been granted free reign behind the scenes, officials have blocked broadcast news outlets from events traditionally open to coverage and limited opportunities to publicly question the president himself. Obama's recent signing of the historic New START treaty with Russia and his post-State of the Union cabinet meeting, for example, were both closed to reporters in a break with tradition. And during a recent question and answer session with the president and visiting Canadian Prime Minister Stephen Harper, the White House imposed an unusual limit of just one question each from the U.S. and Canadian press corps. "The administration has narrowed access by the mainstream media to an unprecedented extent," said ABC News White House correspondent Ann Compton, who has covered seven administrations. "Access here has shriveled." Members of the press have always had quibbles with White House media strategies, calling cut-backs in access an affront to transparency, even as administration officials insist they're simply taking advantage of new technologies. But some say the current dynamic is different, and dangerous. "They're opening the door to kicking the press out of historic events, and opening the door to having a very filtered format for which they give the American public information that doesn't have any criticism allowed," said University of Minnesota journalism professor and political communication analyst Heather LaMarre. LaMarre and other political communication experts say the Obama White House is continuing the policy started by President George W. Bush, who famously vowed to "go over the heads of the filter and speak directly to the people," and capitalizing on new media and social media to do so more easily than ever before. The White House has amassed 1.9 million followers on Twitter, 900,000 fans on Facebook and averages 250,000 visits to its YouTube channel per month. Its website received roughly 1.1 million unique visitors in January, according to ComScore. By contrast, ABC News has 1.2 million followers on Twitter, 150,000 fans on Facebook, and averages 21.7 million unique visitors per month to ABCNews.com, according to ComScore. "What you're seeing on the Internet is transparency at its finest," said Earnest, the White House spokesman. "We are giving citizens across the country direct access to decision makers in the government." Earnest said the effort to build and engage an online audience was intended to supplement the independent press, not supplant it. And while critics might disagree, there's plenty of evidence to suggest that some Americans might not care. "If Nixon had announced he was going to start the 'Nixon channel' and said they were only going to put up stuff he approved of, people would have said, 'Oh my God, this is like Communist Russian state media,'" said David Perlmutter, director of the University of Iowa School of Journalism and Mass Communication. "But now social media have a friendly face on them, so these media tools are not seen by the public -- particularly younger Americans -- as some sort of power grab by the president or government," he said. "They're just modern ways of reaching out and communicating." Perlmutter says what he calls "state run media 2.0" might be just what younger generations, who polls show are disillusioned with the mainstream press, are looking for. And, he said, satisfying their "need to feel connected" could give Obama the edge among tech-savvy voters heading into the next campaign. "They want to ask the questions themselves, post questions on the White House blog, tweet the president or Robert Gibbs directly," he said. "They don't think, 'Oh my gosh, this is bypassing an important filter of information.' They don't care about the filter." ABC News' Peter Roybal contributed to this report. From rforno at infowarrior.org Wed Feb 16 07:38:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 08:38:59 -0500 Subject: [Infowarrior] - =?windows-1252?q?Webcast=3A_U=2ES=2E_Senate_Heari?= =?windows-1252?q?ng_on_seizing_websites_=96_today_2/16?= Message-ID: <05BC994A-10C1-4FDF-A8F1-4D5B48DBE3AE@infowarrior.org> VIA IP.... >> From: Joly > Subject: Webcast: U.S. Senate Hearing on seizing websites ? today 2/16Subject: Webcast: U.S. Senate Hearing on seizing websites ? today 2/16 > > In contrast to yesterday?s Hillary Clinton speech about Internet > Freedom, today, Feb. 16 2011, the United States Senate Committee on > the Judiciary has scheduled a hearing entitled ?Targeting Websites > Dedicated To Stealing American Intellectual Property? at 10:00 am EST > (1500 UTC). This is a followup to last year?s shelving of the COICA > act and the recent DHS-ICE site seizures ? which some consider to be > of dubious legality. Witnesses include representatives of the Authors > Guild, Go Daddy, Verizon, and Visa. There will be a webcast. > > http://www.isoc-ny.org/p2/?p=1767 From rforno at infowarrior.org Wed Feb 16 07:53:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 08:53:56 -0500 Subject: [Infowarrior] - Cable And Hollywood Fight Having Their Gatekeeper Status Taken Away Message-ID: Cable And Hollywood Fight Having Their Gatekeeper Status Taken Away from the inevitable-is-coming dept http://www.techdirt.com/articles/20110214/00060613076/cable-hollywood-fight-having-their-gatekeeper-status-taken-away.shtml Matthew Lasar has a nice writeup about how the big cable lobbyists, NCTA, and movie studio lobbyists, MPAA, are fighting as hard as possible to stop an FCC proposal to create a standard, called AllVid, that would allow any consumer electronics maker to tap into their content (legally, and for those actually subscribed), and display it via the device. Right now, of course, if you get cable TV, you're limited to the hardware they give you, which means if they don't want to let some other manufacturer come in with a more innovative system, you're stuck. Google -- who is pushing its Google TV product, and Sony, who has a variety of plans for set-top boxes, would prefer a standard so that they can sell you the boxes, and you can access the TV content you're already subscribed to, along with wider content from the internet. But, if there's one thing that's become clear over the years, it's that gatekeepers will go to amazing lengths to keep those gates in place. So while the FCC seems very interested in moving forward on such a standard, NCTA has announced that it will pretty much destroy all of civilization: Sony/Google are asking the Commission to ignore copyright, patent, trademark, contract privity, licensing, and other legal rights and limitations that have been thoroughly documented. Of course, almost none of that is actually true, but boy does it sound impressive. Sony and Google aren't asking for any of those things. They're simply asking for a way that they can provide devices that can tap into an account holder's legally authorized content, and add additional services around it. Think of it like a Carterphone for cable TV -- meaning that you no longer have to get your phone from AT&T, but can buy a third party phone. But, of course, even the MPAA is against that, as it's siding with the NCTA with a "but... but... piracy!" argument that also makes no sense: "legitimate MVPD and online content sources will be presented in user interfaces alongside illegitimate sources (such as sites featuring pirated content)," MPAA warns. "In essence, this 'shopping mall' approach could enable the purveyor of counterfeit goods to set up shop alongside respected brand-name retailers, causing consumer confusion." Yes, think about what you're reading for a second, and then shake your head at the level of confusion coming out of the MPAA. They want to block an FCC plan to make it easier to access authorized and legitimate content, because it's also easy to access pirated content. In the MPAA's twisted view of the world, it's better to leave just the pirated content as easy to access, because if the authorized content was just as easy to access, people might think it's legit. Are they really serious over there? Who knows where all of this will lead, but the key thing that becomes clear in all of this is that cable does not want to give up its gatekeeper status. Even though a system that would better integrate cable content with additional internet content would clearly be a benefit to consumers, it would also mean a loss of gates, and we're dealing with yet another industry that incorrectly thinks it needs gates to survive. So, rather than add value to the consumer experience, it's actively fighting against it. From rforno at infowarrior.org Wed Feb 16 07:57:45 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 08:57:45 -0500 Subject: [Infowarrior] - 'Usenet Revolution' predates 'Twitter' / 'Facebook' revolution Message-ID: How a handful of geeks defied the USSR When twenty years ago Gorbatchev was faced with the challenge of a coup, only one channel was able to survive Soviet censorship. This is the story of how Usenet invented online activism. by Olivier Tesquet On February 4, 2011 http://owni.eu/2011/02/04/how-a-handful-of-geeks-defied-the-ussr/ USSR, August 19 1991: While Mikha?l Gorbatchev was on holiday in his datcha located in Crimea, Eight apparatchiks attempted to seize power over the state. Hostile to reforms, the ?Gang of Eight? tried to prevent the Perestoika reforms and the loss of their satellite states. These eight orthodox Communists launched an attempted coup d??tat by installing themselves as The State Committee of the State of Emergency. After Gobatchev returned he tried to restore order and save face, but it was clear that this episode would eventually lead to his downfall. In this well documented event, there is an interesting historically episode which is often overlooked. During the two days of the coup the Russian media was shut down, and thus not covering Boris Yeltsin ranting on top of a tank for the crowd, nor the shock of the international community. All channels were blacked-out except for one; Usenet, which is the grandfather of chat-rooms and is capable or surviving without the Internet. For these precious 48 hours, a few dozen individuals contributed to this last means of communication with the outside world. < -- > Nearly twenty years before the coining of the term ?Twitter revolution,? when the web didn?t really exist and the concept of an Internet connection at home was still in its infancy, Usenet was paving the road for the technology we depend on today. < - > http://owni.eu/2011/02/04/how-a-handful-of-geeks-defied-the-ussr/ From rforno at infowarrior.org Wed Feb 16 08:00:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 09:00:08 -0500 Subject: [Infowarrior] - Clinton: We Love Net Freedom, Unless It Involves WikiLeaks Message-ID: <955008E7-F008-4A40-90F3-865B1368721A@infowarrior.org> Clinton: We Love Net Freedom, Unless It Involves WikiLeaks By Mathew Ingram Feb. 15, 2011, 4:04pm PT 5 Comments http://gigaom.com/2011/02/15/clinton-we-love-net-freedom-unless-it-involves-wikileaks/ Secretary of State Hillary Clinton gave a speech today at George Washington University about Internet freedom, an updated version of the address she gave a year ago calling for more openness and an end to foreign governments repressing their citizens through the ?Net. As it was then, Clinton?s speech was a heart-warming defence of the open Internet and the need for freedom of speech ? with one notable exception: namely, WikiLeaks. While other governments need to be lectured by the U.S. on how to be more open and free, apparently it?s fine for the U.S. government to persecute a web-based publisher that is widely viewed as a journalistic entity, and is run by someone who isn?t even an American citizen. Much of the speech was eminently supportable ? the parts where the Secretary of State called the Internet ?the public space of the 21st century?the world?s town square, classroom, marketplace, coffee-house, and nightclub,? or where she called on foreign governments to ?join us in a bet we have made ? a bet that an open Internet will lead to stronger, more prosperous countries? (there?s a transcript of her address available at Scribd). The former senator even waded into the debate over what role social media tools have played in the uprisings in Iran and Egypt, and provided a summary that could have been written by a social-media skeptic such as Malcolm Gladwell. She said: "Egypt isn?t inspiring because people communicated using Twitter; it is inspiring because people came together and persisted in demanding a better future. Iran isn?t awful because the authorities used Facebook to shadow and capture members of the opposition; it is awful because it is a government that routinely violates the rights of its people." That said, however, the Secretary of State also went out of her way to defend the U.S. government?s approach to WikiLeaks, which has involved not only imprisoning the man who allegedly leaked thousands of diplomatic cables (former Army officer private Bradley Manning), but also going after WikiLeaks founder Julian Assange by any means available. The U.S. Department of Justice has been working on a legal case involving the Espionage Act, despite the fact that publishing classified documents is not actually a crime under U.S. law, Plus, if the DOJ is successful, the same charges would apply to the New York Times and other media outlets who have also published the cables. A Speech on Freedom, and a Court Order for Twitter As part of its case, the government sent a court order to Twitter ? and apparently to other web companies such as Google and Facebook, although they have not admitted as much publicly ? demanding that the company turn over a wide variety of personal information about Icelandic MP and early WikiLeaks supporter Birgitta Jonsdottir, hacker Jacob Appelbaum and a number of others involved with WikiLeaks. The government order covers not just IP addresses, and therefore locations, but also private messages, methods of payment and other materials. Jonsdottir and others named in the order are fighting these demands in a case that, ironically, was heard today. And how did Secretary Clinton justify these moves against WikiLeaks? She said that one of the principles the U.S. upholds is the need for transparency, but that this must be balanced with the need to protect confidentiality, and in particular, government confidentiality. Clinton said this has been a topic of debate because of WikiLeaks, but added that: "It?s been a false debate in many ways. Fundamentally, the Wikileaks incident began with an act of theft. Government documents were stolen, just the same as if they had been smuggled out in a briefcase. Some have suggested that this act was justified, because governments have a responsibility to conduct all of their work out in the open, in the full view of their citizens. I disagree." The Secretary of State argued that by publishing the cables, WikiLeaks exposed diplomats and activists ?to even greater risk? ? despite the fact that no one has made any credible claims that the cables published by either WikiLeaks or media outlets such as the New York Times have put anyone in danger. Clinton said in her speech that denouncing WikiLeaks ?does not challenge our commitment to Internet freedom,? but on that point she is almost certainly wrong. And she seemed unfazed by the fact that her comments about targeting WikiLeaks came right after she censured foreign governments for attacking bloggers instead of upholding their rights to freedom of speech. It?s obvious that while the U.S. government is content to preach to foreign countries like China about how they need to open up, it?s more than happy to go after WikiLeaks using whatever means necessary ? despite that what the organization did isn?t even a crime. That?s called trying to have your cake and eat it too, and it makes all of Secretary Clinton?s stirring talk about freedom difficult to take seriously. From rforno at infowarrior.org Wed Feb 16 08:02:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 09:02:04 -0500 Subject: [Infowarrior] - 'Curveball' publicly admits lying pre-Iraq War Message-ID: <459018B5-4FBA-447F-8729-ED16294286FA@infowarrior.org> (c/o JC) Defector admits to WMD lies that triggered Iraq war ? ? Martin Chulov and Helen Pidd in Karlsruhe ? guardian.co.uk, Tuesday 15 February 2011 12.58 GMT ? Article history http://www.guardian.co.uk/world/2011/feb/15/defector-admits-wmd-lies-iraq-war The defector who convinced the White House that Iraq had a secret biological weapons programme has admitted for the first time that he lied about his story, then watched in shock as it was used to justify the war. Rafid Ahmed Alwan al-Janabi, codenamed Curveball by German and American intelligence officials who dealt with his claims, has told the Guardian that he fabricated tales of mobile bioweapons trucks and clandestine factories in an attempt to bring down the Saddam Hussein regime, from which he had fled in 1995. "Maybe I was right, maybe I was not right," he said. "They gave me this chance. I had the chance to fabricate something to topple the regime. I and my sons are proud of that and we are proud that we were the reason to give Iraq the margin of democracy." The admission comes just after the eighth anniversary of Colin Powell's speech to the United Nations in which the then-US secretary of state relied heavily on lies that Janabi had told the German secret service, the BND. It also follows the release of former defence secretary Donald Rumsfeld's memoirs, in which he admitted Iraq had no weapons of mass destruction programme. The careers of both men were seriously damaged by their use of Janabi's claims, which he now says could have been ? and were ? discredited well before Powell's landmark speech to the UN on 5 February 2003. The former CIA chief in Europe Tyler Drumheller describes Janabi's admission as "fascinating", and said the emergence of the truth "makes me feel better". "I think there are still a number of people who still thought there was something in that. Even now," said Drumheller. In the only other at length interview Janabi has given he denied all knowledge of his supposed role in helping the US build a case for invading Saddam's Iraq. In a series of meetings with the Guardian in Germany where he has been granted asylum, he said he had told a German official, who he identified as Dr Paul, about mobile bioweapons trucks throughout 2000. He said the BND had identified him as a Baghdad-trained chemical engineer and approached him shortly after 13 March of that year, looking for inside information about Saddam's Iraq. "I had a problem with the Saddam regime," he said. "I wanted to get rid of him and now I had this chance." He portrays the BND as gullible and so eager to tease details from him that they gave him a Perry's Chemical Engineering Handbook to help communicate. He still has the book in his small, rented flat in Karlsruhe, south-west Germany. "They were asking me about pumps for filtration, how to make detergent after the reaction," he said. "Any engineer who studied in this field can explain or answer any question they asked." Janabi claimed he was first exposed as a liar as early as mid-2000, when the BND travelled to a Gulf city, believed to be Dubai, to speak with his former boss at the Military Industries Commission in Iraq, Dr Bassil Latif. The Guardian has learned separately that British intelligence officials were at that meeting, investigating a claim made by Janabi that Latif's son, who was studying in Britain, was procuring weapons for Saddam. That claim was proven false, and Latif strongly denied Janabi's claim of mobile bioweapons trucks and another allegation that 12 people had died during an accident at a secret bioweapons facility in south-east Baghdad. The German officials returned to confront him with Latif's version. "He says, 'There are no trucks,' and I say, 'OK, when [Latif says] there no trucks then [there are none],'" Janabi recalled. He said the BND did not contact him again until the end of May 2002. But he said it soon became clear that he was still being taken seriously. He claimed the officials gave him an incentive to speak by implying that his then pregnant Moroccan-born wife may not be able to travel from Spain to join him in Germany if he did not co-operate with them. "He says, you work with us or your wife and child go to Morocco." The meetings continued throughout 2002 and it became apparent to Janabi that a case for war was being constructed. He said he was not asked again about the bioweapons trucks until a month before Powell's speech. After the speech, Janabi said he called his handler at the BND and accused the secret service of breaking an agreement that they would not share anything he had told them with another country. He said he was told not to speak and placed in confinement for around 90 days. With the US now leaving Iraq, Janabi said he was comfortable with what he did, despite the chaos of the past eight years and the civilian death toll in Iraq, which stands at more than 100,000. "I tell you something when I hear anybody ? not just in Iraq but in any war ? [is] killed, I am very sad. But give me another solution. Can you give me another solution? "Believe me, there was no other way to bring about freedom to Iraq. There were no other possibilities." From rforno at infowarrior.org Wed Feb 16 08:27:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 09:27:06 -0500 Subject: [Infowarrior] - IBM's Watson Dominates Jeopardy Competition on Day 2 Message-ID: <160BF0B3-1B26-4237-90F9-6481C80D806F@infowarrior.org> (The PBS NOVA episode this week about Watson's development and learning is well worth an hour of watching. Great stuff!!! Find it online at http://www.pbs.org/wgbh/nova/tech/smartest-machine-on-earth.html. -- rick) IBM's Watson Dominates Jeopardy Competition on Day 2 By Ian Paul, PCWorld Feb 16, 2011 5:58 AM http://www.pcworld.com/article/219778/ibms_watson_dominates_jeopardy_competition_on_day_2.html IBM supercomputer Watson blew away the competition Tuesday night during its Jeopardy showdown with the game show's former champions Ken Jennings and Brad Rutter. The computer was able to answer 13 of the first 15 Jeopardy clues virtually uncontested, with one answer going to Jennings and another problem that all three contestants got wrong. Watson ended the broadcast with $35,734, followed by Rutter at $10,400 and Jennings at $4,800. The competitors will square off again Wednesday night for a final Jeopardy battle. Watson Screams Ahead Again There appeared to be some hope that Rutter and Jennings would be able to compete effectively against Watson during the latter part of Monday's Jeopardy round. Watson started to trip up on more advanced wordplay and ended Monday tied with Rutter at $5,000 each. But Watson and its 13.64 terabytes of memory got the job done quickly during Tuesday's broadcast, and in cutthroat fashion, too. Unlike Monday's show, Watson played aggressively, choosing large-money problems mostly in the Double Jeopardy round. The higher the clue's value, the harder the wordplay tends to be. The first 15 clues were indicative of how the rest of the game, went with Watson dominating the rest of the game. Watson takes a guess? Watson surprised the audience during the second Daily Double clue when the computer wasn't sure of the answer but hazarded a guess anyway. Watson isn't supposed to answer unless its level of certainty passes a threshold (based on a percentage) dubbed Watson's "buzz threshold." The threshold isn't a fixed value and floats depending on the clue's level of difficulty. Watson was 32 percent certain of the correct answer, but that was well below its buzz threshold for that clue. So faced with the prospect of losing money if it didn't answer (only the contestant who picks the Daily Double clue may answer), the computer went with its best guess and it was correct. The Jeopardy clue Watson guessed on was, "The ?Ancient Lion of Nimrud' went missing from this city's national museum in 2003 (along with a lot of other stuff)." The answer was "What is Baghdad?" Back To Google Maps For Watson Watson tripped up again in Final Jeopardy on which the computer wagered just $947. All three contestants were asked to identify a city with two airports: one named after a World War II hero and another named after a World War II battle. The correct answer was Chicago and both human contestants answered correctly. Watson, on the other hand, answered "Toronto" and was highly uncertain of its response. It appears the computer somehow failed to realize that the category, U.S. cities, would help narrow down its choices. You can check out IBM's take on what went wrong on the company's A Smarter Planet blog. Regardless of Watson's shortcomings the IBM super computer has been dominant against its human adversaries. Now, it all comes down to Wednesday night's broadcast when Jennings and Rutter will attempt to battle back and overcome Watson's commanding lead. From rforno at infowarrior.org Wed Feb 16 10:21:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 11:21:33 -0500 Subject: [Infowarrior] - Hacked and now vandalized, HBGary pulls out of RSA Message-ID: <8834C285-1E85-4C3B-82C7-C6147DCF8219@infowarrior.org> Hacked and now vandalized, HBGary pulls out of RSA by Robert McMillan February 16, 2011 ? http://www.itworld.com/print/137213 The California security company that is at the center of a controversy over a plan to discredit WikiLeaks and its supporters abruptly pulled itself out of the RSA security conference in San Francisco this week, citing security concerns. The company's subsidiary, HBGary Federal, also cancelled a talk it had planned to give on the Internet activist group, Anonymous. It was news of this talk that riled Anonymous and precipitated the controversy last week. HBGary has been under fire for several days now after its Web sites, corporate email system and Twitter accounts were hacked, and details of a company business proposal to discredit WikiLeaks were posted to the Internet. The attack was apparently launched by Anonymous in response to HBGary Federal's CEO Aaron Barr's talk, which had been slated for Monday morning. Barr said he had discovered the identities of many of Anonymous's leaders, and had planned to discuss his investigation in a talk at the BSides San Francisco conference, which runs in tandem with RSA. "I was receiving death threats," Barr said in an interview Tuesday. "There was lots of talk that was being made of in the Anonymous IRC channels of harassing us at our booth and sending people to heckle [HBGary speakers at the conference]." The company decided to strike its booth from the RSA conference floor, however, after it was vandalized on Sunday, said Jim Butterworth, HBGary's vice president of services. "We... came back the next morning and it was very apparent that the group responsible for the activities in the news had decided to make another statement," he said. The IDG News Service obtained a photo of HBGary's vandalized booth. Someone had placed a large paper poster on the HBGary booth that read, "Anon... in it 4 the lulz.." Lulz is Internet slang meaning 'laughs.' Instead of a show booth, HBGary's spot on the RSA exhibition floor is now empty, except for a small sign explaining the company's decision to withdraw from the show. HBGary founder Greg Hoglund had been scheduled to speak at RSA, but those talks have now been cancelled too, Barr said. He declined to comment further on the controversy surrounding his work, or the cyber-attacks on his company. But according to the published company emails, Barr knew last month that his talk would make HBGary a target. Clearly, though, he had no idea how bad things would get. HBGary -- a minor but once-well-respected security company -- has now suffered what may be a fatal hit to its reputation. For a security company to suffer such a major breach is embarrassing, but buried in the 67,000 company emails published by Anonymous were even more damaging material such as a proposal to help Bank of America's law firm, Hunton & Williams, discredit WikiLeaks ahead of the expected release of secret bank documents. In the proposal, Barr suggested that HBGary Federal could work with two other security companies -- Palantir and Berico Technologies -- to launch cyberattacks, seed WikiLeaks with fake documents and dig up dirt on its supporters. BofA publicly distanced itself from HBGary following the incident, while Palantir and Berico Technologies have severed ties with the firm. Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan at idg.com From rforno at infowarrior.org Wed Feb 16 16:55:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Feb 2011 17:55:00 -0500 Subject: [Infowarrior] - Don't Read Unless You Want to Know If IBM Won `Jeopardy' Message-ID: <14B98D9A-B62E-46A9-8C8D-C06EECD12BD7@infowarrior.org> Don't Read This Unless You Want to Know If IBM Won `Jeopardy' By Katie Hoffmann - Feb 16, 2011 5:09 PM ET Wed Feb 16 22:09:41 GMT 2011 http://www.bloomberg.com/news/2011-02-16/don-t-read-this-unless-you-want-to-know-if-ibm-won-jeopardy-.html Machine bested man today, as International Business Machines Corp.?s computer beat two former ?Jeopardy!? champions at the TV quiz show. ?Watson,? IBM?s computer named after its founder Thomas J. Watson, finished the three-day tournament with $77,147. Ken Jennings came in second with $24,000, followed by Brad Rutter with $21,600. With a $25,000 lead going into the final match, Watson doubled his advantage by answering questions on subjects from ?The Simpsons? to Bram Stoker accurately. The win gives IBM a highly publicized victory in artificial intelligence -- and a boost as it moves to market the technology to its corporate customers. ?It?s a big win for IBM,? said Paul Saffo, managing director at investment adviser Discern Analytics in San Francisco. ?It?s captured the public?s attention. For their brand, this is phenomenal.? ?Jeopardy? airs at different times across the country, and today?s episode has already been broadcast in some cities. In New York, the show will air at 7 p.m. IBM built Watson to tackle a challenge in artificial intelligence: making a machine that could understand natural human language, as opposed to the keyword searches used in the search engines of Google Inc. or Microsoft Corp. IBM wanted the effort to have real-world applications. ?Jeopardy,? with its word plays, innuendos and penalties for inaccuracy, proved a good test. Watson faced two of the best-known players in the show?s history. Jennings, who won 74 straight games in 2004, holds the record for the number of games won, while Rutter has won more money than any player on Jeopardy and beat Jennings in a tournament in 2005. Avatar Going into today?s final game, Watson led with $35,734, with Rutter at $10,400 and Jennings at $4,800. The first game was played over the first two days of the tournament, which was broadcast from IBM?s lab in Yorktown Heights, New York. Watson, who appears on film as a round avatar on a screen, has a custom-made database created from journals, newspapers and other resources. The computer received questions through typed entries at the same time as host Alex Trebek read them out loud. It scanned the database with algorithms and calculated its degree of confidence in an answer. If its confidence crossed a certain threshold, a mechanical thumb buzzed in and Watson spoke the answer. The computer made some gaffes. In the first round, it repeated an incorrect answer Jennings had given moments before. In yesterday?s Final Jeopardy, the last round of each game that often involves word play, Watson identified Toronto as a U.S. city. Its answer was followed by question marks, indicating how unsure it was of its answer. IBM Pressure IBM, which spends about $6 billion annually on research and development, invested four years developing the technology, with 25 scientists focused on the challenge. Trebek said he saw a researcher crying before the competition, which was taped last month. ?There?s tremendous pressure on the IBM scientists,? Trebek said in an interview last week. ?The pressure they had put on themselves. They?re the ones who decided to try and develop a computer system that can play ?Jeopardy.?? The project built on IBM?s work in artificial intelligence, including the Deep Blue supercomputer that defeated world champion Garry Kasparov in a 1997 match. IBM, the world?s largest computer-services provider, decided to try another challenge that would pique the public?s interest -- and this time with commercial applications. Business Applications The machine has generated interest from businesses in various sectors, especially customer support and health care, Dave Ferrucci, IBM?s lead scientist on the project, said in an interview last year. The computer runs on IBM?s Power 7 server system. ?The Holy Grail here is to create a technology that can understand what you?re asking, the way you?re asking it,? he said. ?People want to do more with all the content we have.? Watson won $1 million for first place. Jennings and Rutter won $300,000 and $200,000, respectively. IBM will donate all its winnings to charity, while Rutter and Jennings plan to give away half. IBM rose 56 cents to $163.40 at 4 p.m. in New York Stock Exchange composite trading. The shares have gained 11 percent this year. To contact the reporter on this story: Katie Hoffmann in New York at khoffmann4 at bloomberg.net To contact the editor responsible for this story: Peter Elstrom at pelstrom at bloomberg.net. From rforno at infowarrior.org Thu Feb 17 08:44:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Feb 2011 09:44:41 -0500 Subject: [Infowarrior] - =?windows-1252?q?USG_Shuts_Down_84=2C000_Websites?= =?windows-1252?q?=2C_=91By_Mistake=92?= Message-ID: <0D0835AB-DF19-4E1A-BA12-792BB6B31CCC@infowarrior.org> Yep - this is the Gang That Couldn't Shoot Straight (in cyberspace). --- rick U.S. Government Shuts Down 84,000 Websites, ?By Mistake? ? Ernesto ? 16/02/2011 http://torrentfreak.com/u-s-government-shuts-down-84000-websites-by-mistake-110216/ The US Government has yet again shuttered several domain names this week. The Department of Justice and Homeland Security?s ICE office proudly announced that they had seized domains related to counterfeit goods and child pornography. What they failed to mention, however, is that one of the targeted domains belongs to a free DNS provider, and that 84,000 websites were wrongfully accused of links to child pornography crimes. As part of ?Operation Save Our Children? ICE?s Cyber Crimes Center has again seized several domain names, but not without making a huge error. Last Friday, thousands of site owners were surprised by a rather worrying banner that was placed on their domain. ?Advertisement, distribution, transportation, receipt, and possession of child pornography constitute federal crimes that carry penalties for first time offenders of up to 30 years in federal prison, a $250,000 fine, forfeiture and restitution,? was the worrying message they read on their websites. As with previous seizures, ICE convinced a District Court judge to sign a seizure warrant, and then contacted the domain registries to point the domains in question to a server that hosts the warning message. However, somewhere in this process a mistake was made and as a result the domain of a large DNS service provider was seized. The domain in question is mooo.com, which belongs to the DNS provider FreeDNS. It is the most popular shared domain at afraid.org and as a result of the authorities? actions a massive 84,000 subdomains were wrongfully seized as well. All sites were redirected to the banner below. The FreeDNS owner was taken by surprise and quickly released the following statement on their website. ?Freedns.afraid.org has never allowed this type of abuse of its DNS service. We are working to get the issue sorted as quickly as possible.? Eventually, on Sunday the domain seizure was reverted and the subdomains slowly started to point to the old sites again instead of the accusatory banner. However, since the DNS entries have to propagate, it took another 3 days before the images disappeared completely. Most of the subdomains in question are personal sites and sites of small businesses. A search on Bing still shows how innocent sites were claimed to promote child pornography. A rather damaging accusation, which scared and upset many of the site?s owners. One of the customers quickly went out to assure visitors that his site was not involved in any of the alleged crimes. ?You can rest assured that I have not and would never be found to be trafficking in such distasteful and horrific content. A little sleuthing shows that the whole of the mooo.com TLD is impacted. At first, the legitimacy of the alerts seems to be questionable ? after all, what reputable agency would display their warning in a fancily formatted image referenced by the underlying HTML? I wouldn?t expect to see that.? Even at the time of writing people can still replicate the effect by adding ?74.81.170.110 mooo.com? to their hosts file as the authorities have not dropped the domain pointer yet. Adding mooo.com will produce a different image than picking a random domain (child porn vs. copyright), which confirms the mistake. Although it is not clear where this massive error was made, and who?s responsible for it, the Department of Homeland security is conveniently sweeping it under the rug. In a press release that went out a few hours ago the authorities were clearly proud of themselves for taking down 10 domain names. However, DHS conveniently failed to mention that 84,000 websites were wrongfully taken down in the process, shaming thousands of people in the process. ?Each year, far too many children fall prey to sexual predators and all too often, these heinous acts are recorded in photos and on video and released on the Internet,? Secretary of Homeland Security Janet Napolitano commented. ?DHS is committed to working with our law enforcement partners to shut down websites that promote child pornography to protect these children from further victimization,? she added. A noble initiative, but one that went wrong, badly. The above failure again shows that the seizure process is a flawed one, as has been shown several times before in earlier copyright infringement sweeps. If the Government would only allow for due process to take place, this and other mistakes wouldn?t have been made. Coverage on previous copyright related seizures can be found here, here and here. From rforno at infowarrior.org Thu Feb 17 09:51:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Feb 2011 10:51:46 -0500 Subject: [Infowarrior] - Senate Bill Would Make Leaks a Felony Message-ID: Senate Bill Would Make Leaks a Felony http://www.fas.org/blog/secrecy/2011/02/cardin_leaks.html Legislation introduced in the Senate this week would broadly criminalize leaks of classified information. The bill (S. 355) sponsored by Sen. Benjamin Cardin (D-MD) would make it a felony for a government employee or contractor who has authorized access to classified information to disclose such information to an unauthorized person in violation of his or her nondisclosure agreement. Under existing law, criminal penalties apply only to the unauthorized disclosure of a handful of specified categories of classified information (in non-espionage cases). These categories include codes, cryptography, communications intelligence, identities of covert agents, and nuclear weapons design information. The new bill would amend the espionage statutes to extend such penalties to the unauthorized disclosure of any classified information. (Another pending bill, known as the SHIELD Act, would specifically criminalize disclosure ? and publication ? of information concerning human intelligence activities and source identities. Both bills were originally introduced at the end of the last Congress, and were reintroduced this month.) ?I am convinced that changes in technology and society, combined with statutory and judicial changes to the law, have rendered some aspects of our espionage laws less effective than they need to be to protect the national security,? said Sen. Cardin. ?I also believe that we need to enhance our ability to prosecute? those who make unauthorized disclosures of classified information.? ?We don?t need an Official State Secrets Act, and we must be careful not to chill protected First Amendment activities,? he said. ?We do, however, need to do a better job of preventing unauthorized disclosures of classified information that can harm the United States, and at the same time we need to ensure that public debates continue to take place on important national security and foreign policy issues.? The bill would replace the Espionage Act?s use of the term ?national defense information? with the broader but more precise term ?national security information.? It would outlaw any knowing violation of an employee?s classified information nondisclosure agreement, ?irrespective of whether [the discloser] intended to aid a foreign nation or harm the United States.? The bill would not criminalize the receipt of leaked information, and it would not apply to whistleblowers who disclose classified information through authorized channels. But it would establish a rebuttable presumption that any information marked as classified is properly classified. (The bill does not distinguish between ?information? and ?records.?) This means that the government would not have to prove that the leaked information was properly classified; the defendant would have to prove it was not. In order to mount a defense arguing ?improper classification,? a defendant would have to present ?clear and convincing evidence? that the original classifier could not have identified or described damage to national security resulting from unauthorized disclosure. Such challenges to original classification are almost never upheld, and so the defendant?s burden of proof would be nearly impossible to meet. The bill does not provide for a ?public interest? defense, i.e. an argument that any damage to national security was outweighed by a benefit to the nation. It does not address the issue of overclassification, nor does it admit the possibility of ?good? leaks. Disclosing that the President authorized waterboarding of detainees or that the government conducted unlawful domestic surveillance would be considered legally equivalent to revealing the identities of intelligence sources, the design of secret military technologies or the details of ongoing military operations. And at a time when an unprecedented number of leak prosecutions are underway, the bill?s premise that an enhanced ability to prosecute leaks is needed seems questionable. In fact, in a 2002 report to Congress, then-Attorney General John Ashcroft said that the laws already on the books were sufficient and that no new anti-leak legislation was required. ?Given the nature of unauthorized disclosures of classified information that have occurred, however, I conclude that current statutes provide a legal basis to prosecute those who engage in unauthorized disclosures, if they can be identified?. Accordingly, I am not recommending that the Executive Branch focus its attention on pursuing new legislation at this time,? Mr. Ashcroft wrote. In 2000, Congress enacted legislation to criminalize all leaks of classified information, but the measure was vetoed by President Clinton. ?There is a serious risk that this legislation would tend to have a chilling effect on those who engage in legitimate activities,? President Clinton wrote in his November 4, 2000 veto message. ?A desire to avoid the risk that their good faith choice of words ? their exercise of judgment ? could become the subject of a criminal referral for prosecution might discourage Government officials from engaging even in appropriate public discussion, press briefings, or other legitimate official activities. Similarly, the legislation may unduly restrain the ability of former Government officials to teach, write, or engage in any activity aimed at building public understanding of complex issues.? ?Incurring such risks is unnecessary and inappropriate in a society built on freedom of expression and the consent of the governed and is particularly inadvisable in a context in which the range of classified materials is so extensive. In such circumstances, this criminal provision would, in my view, create an undue chilling effect,? President Clinton wrote. From rforno at infowarrior.org Sat Feb 19 19:21:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Feb 2011 20:21:28 -0500 Subject: [Infowarrior] - Dubious Deal, Cloaked by National Security Claim Message-ID: Dubious Deal, Cloaked by National Security Claim By ERIC LICHTBLAU and JAMES RISEN http://www.nytimes.com/2011/02/20/us/politics/20data.html?_r=2&hp=&pagewanted=print WASHINGTON ? For eight years, government officials turned to Dennis Montgomery, a California computer programmer, for eye-popping technology that he said could catch terrorists. Now, federal officials want nothing to do with him and are going to extraordinary lengths to ensure that his dealings with Washington stay secret. The Justice Department, which in the last few months has gotten protective orders from two federal judges keeping details of the technology out of court, says it is guarding state secrets that would threaten national security if disclosed. But others involved in the case say that what the government is trying to avoid is public embarrassment over evidence that Mr. Montgomery bamboozled federal officials. A onetime biomedical technician with a penchant for gambling, Mr. Montgomery is at the center of a tale that features terrorism scares, secret White House briefings, backing from prominent Republicans, backdoor deal-making and fantastic-sounding computer technology. Interviews with more than two dozen current and former officials and business associates and a review of documents show that Mr. Montgomery and his associates received more than $20 million in government contracts by claiming that software he had developed could help stop Al Qaeda?s next attack on the United States. But the technology appears to have been a hoax, and a series of government agencies, including the Central Intelligence Agency and the Air Force, repeatedly missed the warning signs, the records and interviews show. Mr. Montgomery?s former lawyer, Michael Flynn ? who now describes Mr. Montgomery as a ?con man? ? says he believes that the administration has been shutting off scrutiny of Mr. Montgomery?s business for fear of revealing that the government has been duped. ?The Justice Department is trying to cover this up,? Mr. Flynn said. ?If this unravels, all of the evidence, all of the phony terror alerts and all the embarrassment comes up publicly, too. The government knew this technology was bogus, but these guys got paid millions for it.? Justice Department officials declined to discuss the government?s dealings with Mr. Montgomery, 57, who is in bankruptcy and living outside Palm Springs, Calif. Mr. Montgomery is about to go on trial in Las Vegas on unrelated charges of trying to pass $1.8 million in bad checks at casinos, but he has not been charged with wrongdoing in the federal contracts, nor has the government tried to get back any of the money it paid. He and his current lawyer declined to comment. The computer codes he patented ? codes that he claimed, among other things, could find terrorist plots hidden in broadcasts of the Arab network Al Jazeera; identify terrorists from Predator drone videos; and detect noise from hostile submarines ? prompted an international false alarm that led President George W. Bush to order airliners to turn around over the Atlantic Ocean in 2003. The codes led to dead ends in connection with a 2006 terrorism plot in Britain. And they were used by counterterrorism officials to respond to a bogus Somali terrorism plot on the day of President Obama?s inauguration, according to previously undisclosed documents. ?It Wasn?t Real? ?Dennis would always say, ?My technology is real, and it?s worth a fortune,? ? recounted Steve Crisman, a filmmaker who oversaw business operations for Mr. Montgomery and a partner until a few years ago. ?In the end, I?m convinced it wasn?t real.? Government officials, with billions of dollars in new counterterrorism financing after Sept. 11, eagerly embraced the promise of new tools against militants. C.I.A. officials, though, came to believe that Mr. Montgomery?s technology was fake in 2003, but their conclusions apparently were not relayed to the military?s Special Operations Command, which had contracted with his firm. In 2006, F.B.I. investigators were told by co-workers of Mr. Montgomery that he had repeatedly doctored test results at presentations for government officials. But Mr. Montgomery still landed more business. In 2009, the Air Force approved a $3 million deal for his technology, even though a contracting officer acknowledged that other agencies were skeptical about the software, according to e-mails obtained by The New York Times. Hints of fraud by Mr. Montgomery, previously raised by Bloomberg Markets and Playboy, provide a cautionary tale about the pitfalls of government contracting. A Pentagon study in January found that it had paid $285 billion in three years to more than 120 contractors accused of fraud or wrongdoing. ?We?ve seen so many folks with a really great idea, who truly believe their technology is a breakthrough, but it turns out not to be,? said Gen. Victor E. Renuart Jr. of the Air Force, who retired last year as the commander of the military?s Northern Command. Mr. Montgomery described himself a few years ago in a sworn court statement as a patriotic scientist who gave the government his software ?to stop terrorist attacks and save American lives.? His alliance with the government, at least, would prove a boon to a small company, eTreppidTechnologies, that he helped found in 1998. He and his partner ? a Nevada investor, Warren Trepp, who had been a top trader for the junk-bond king Michael Milken ? hoped to colorize movies by using a technology Mr. Montgomery claimed he had invented that identified patterns and isolated images. Hollywood had little interest, but in 2002, the company found other customers. With the help of Representative Jim Gibbons, a Republican who would become Nevada?s governor and was a longtime friend of Mr. Trepp?s, the company won the attention of intelligence officials in Washington. It did so with a remarkable claim: Mr. Montgomery had found coded messages hidden in broadcasts by Al Jazeera, and his technology could decipher them to identify specific threats. The software so excited C.I.A. officials that, for a few months at least, it was considered ?the most important, most sensitive? intelligence tool the agency had, according to a former agency official, who like several others would speak only on the condition of anonymity because the technology was classified. ETreppid was soon awarded almost $10 million in contracts with the military?s Special Operations Command and the Air Force, which were interested in software that Mr. Montgomery promised could identify human and other targets from videos on Predator drones. In December 2003, Mr. Montgomery reported alarming news: hidden in the crawl bars broadcast by Al Jazeera, someone had planted information about specific American-bound flights from Britain, France and Mexico that were hijacking targets. C.I.A. officials rushed the information to Mr. Bush, who ordered those flights to be turned around or grounded before they could enter American airspace. ?The intelligence people were telling us this was real and credible, and we had to do something to act on it,? recalled Asa Hutchinson, who oversaw federal aviation safety at the time. Senior administration officials even talked about shooting down planes identified as targets because they feared that supposed hijackers would use the planes to attack the United States, according to a former senior intelligence official who was at a meeting where the idea was discussed. The official later called the idea of firing on the planes ?crazy.? French officials, upset that their planes were being grounded, commissioned a secret study concluding that the technology was a fabrication. Presented with the findings soon after the 2003 episode, Bush administration officials began to suspect that ?we got played,? a former counterterrorism official said. The C.I.A. never did an assessment to determine how a ruse had turned into a full-blown international incident, officials said, nor was anyone held accountable. In fact, agency officials who oversaw the technology directorate ? including Donald Kerr, who helped persuade George J. Tenet, then the director of central intelligence, that the software was credible ? were promoted, former officials said. ?Nobody was blamed,? a former C.I.A. official said. ?They acted like it never happened.? After a bitter falling out between Mr. Montgomery and Mr. Trepp in 2006 led to a series of lawsuits, the F.B.I. and the Air Force sent investigators to eTreppid to look into accusations that Mr. Montgomery had stolen digital data from the company?s systems. In interviews, several employees claimed that Mr. Montgomery had manipulated tests in demonstrations with military officials to make it appear that his video recognition software had worked, according to government memorandums. The investigation collapsed, though, when a judge ruled that the F.B.I. had conducted an improper search of his home. Software and Secrets The litigation worried intelligence officials. The Bush administration declared that some classified details about the use of Mr. Montgomery?s software were a ?state secret? that could cause grave harm if disclosed in court. In 2008, the government spent three days ?scrubbing? the home computers of Mr. Montgomery?s lawyer of all references to the technology. And this past fall, federal judges in Montana and Nevada who are overseeing several of the lawsuits issued protective orders shielding certain classified material. The secrecy was so great that at a deposition Mr. Montgomery gave in November, two government officials showed up to monitor the questioning but refused to give their full names or the agencies they worked for. Years of legal wrangling did not deter Mr. Montgomery from passing supposed intelligence to the government, according to intelligence officials, including an assertion in 2006 that his software was able to identify some of the men suspected of trying to plant liquid bombs on planes in Britain ? a claim immediately disputed by United States intelligence officials. And he soon found a new backer: Edra Blixseth, a onetime billionaire who with her former husband had run the Yellowstone Club in Montana. Hoping to win more government money, Ms. Blixseth turned to some influential friends, like Jack Kemp, the former New York congressman and Republican vice-presidential nominee, and Conrad Burns, then a Republican senator from Montana. They became minority stakeholders in the venture, called Blxware. New Pitches In an interview, Mr. Burns recalled how impressed he was by a video presentation that Mr. Montgomery gave to a cable company. ?He talked a hell of a game,? the former senator said. Mr. Kemp, meanwhile, used his friendship with Vice President Dick Cheney to set up a meeting in 2006 at which Mr. Kemp, Mr. Montgomery and Ms. Blixseth met with a top Cheney adviser, Samantha Ravich, to talk about expanding the government?s use of the Blxware software, officials said. She was noncommittal. Mr. Flynn, who was still Mr. Montgomery?s lawyer, sent an angry letter to Mr. Cheney in May 2007. He accused the White House of abandoning a tool shown to ?save lives.? (After a falling out with Mr. Montgomery, Mr. Flynn represents another party in one of the lawsuits.) But Mr. Montgomery?s company still had an ally at the Air Force, which in late 2008 began negotiating a $3 million contract with Blxware. In e-mails to Mr. Montgomery and other company officials, an Air Force contracting officer, Joseph Liberatore, described himself as one of the ?believers,? despite skepticism from the C.I.A. and problems with the no-bid contract. If other agencies examined the deal, he said in a December 2008 e-mail, ?we are all toast.? ?Honestly I do not care about being fired,? Mr. Liberatore wrote, but he said he did care about ?moving the effort forward ? we are too close.? (The Air Force declined to make Mr. Liberatore available for comment.) The day after Mr. Obama?s inauguration, Mr. Liberatore wrote that government officials were thanking Mr. Montgomery?s company for its support. The Air Force appears to have used his technology to try to identify the Somalis it believed were plotting to disrupt the inauguration, but within days, intelligence officials publicly stated that the threat had never existed. In May 2009, the Air Force canceled the company?s contract because it had failed to meet its expectations. Mr. Montgomery is not saying much these days. At his deposition in November, when he was asked if his software was a ?complete fraud,? he answered, ?I?m going to assert my right under the Fifth Amendment.? From rforno at infowarrior.org Sun Feb 20 02:45:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Feb 2011 03:45:56 -0500 Subject: [Infowarrior] - =?windows-1252?q?Internet_=91kill_switch=92_bill_?= =?windows-1252?q?revised=2C_still_angers_civil_rights_activists?= Message-ID: Internet ?kill switch? bill revised, still angers civil rights activists ? By: Andrew Couts ? ? February 19, 2011 http://www.digitaltrends.com/computing/internet-kill-switch-bill-revised-still-angers-civil-rights-activists/ The Internet "kill switch" has been removed from legislation intended to soften the blow of a catastrophic cyberattack on the United States, but civil rights activists say nothing's changed. Senators Joe Lieberman (I-CT), Susan Collins (R-Maine) and Tom Calpers (D-DE) introduce a revised version of their cybersecurity bill this week, entitled the ?Cybersecurity and Internet Freedom Act,? which they say prohibits any possibility of an Internet ?kill switch? ? they swear. Like the original bill, which was introduced last month, this version is intended to establish an office within the Executive branch that will handle the ?coordination? of governmental responses to a ?catastrophic? cyber attack against the United States infrastructure, according to a statement by Sen. Collins. ?The emergency measures in our bill apply in a precise and targeted way only to our most critical infrastructure,? Sen. Collins said Thursday. ?We cannot afford to wait for a cyber 9/11 before our government finally realizes the importance of protecting our digital resources.? If passed, the bill would give the president the ability to declare a ?national cyberemergency,? which would give the government the authority to seize privately owned computer systems. What the new bill does not include, however, is the ?authority to shut down the Internet? ? i.e. an Internet ?kill switch.? ?We want to clear the air once and for all,? said Sen. Lieberman in a statement. ?There is no so-called ?kill switch? in our legislation because the very notion is antithetical to our goal of providing precise and targeted authorities to the president. Furthermore, it is impossible to turn off the Internet in this country.? According to civil and technology rights activists, like the ACLU and the Electronic Frontier Foundation (EFF), concerns over the powers granted to the federal government in the bill remain. ?The president would have essentially unchecked power to determine what services can be connected to the Internet or even what content can pass over the Internet in a cybersecurity emergency,? EFF Senior Staff Attorney Kevin Bankston tells CNet about the new bill. ?Our concerns have not changed.? Debate over the bill comes only a short time after the government of Egypt shut down nearly all access to Internet and mobile phone connections amidst anti-government protests in that country. In addition, it was reported this week that the US Department of Justice and the Department of Homeland Security accidentally shut down 84,000 domains as part of an operation to stop the exchange of child pornography and counterfeit goods. From rforno at infowarrior.org Sun Feb 20 17:54:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Feb 2011 18:54:20 -0500 Subject: [Infowarrior] - Westboro Baptist Church v. Anonymous Message-ID: <24B1E568-7485-4A5B-9BAC-9373E2379C83@infowarrior.org> Yeah, this is going to be amusing as anything to watch. Anyone want to bet who wins this one??? (Then again, I'm not sure who is more desparate for the media attention, WBC or certain former politicians from Alaska...you know how much they both hate being out of the limelight for too long.) Westboro Baptist Church replies to Anonymous. http://imgur.com/nh1kR More @ http://www.networkworld.com/community/node/71567 Regards to readers from the most remote city on the planet........ - rick From rforno at infowarrior.org Tue Feb 22 18:23:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Feb 2011 19:23:52 -0500 Subject: [Infowarrior] - =?windows-1252?q?Google_May_Have_Invented_a_Game_?= =?windows-1252?q?to_Get_Kids=92_Social_Security_Numbers?= Message-ID: <9C5E0511-E315-4D9E-B15C-8DF4CF899F19@infowarrior.org> No Big Deal, But Google May Have Invented a Game to Get Kids? Social Security Numbers ? 2/22/11 at 3:10 PM http://nymag.com/daily/intel/2011/02/no_big_deal_but_googles_may_ha.html Okay, just type in the last four digits, and you're done! Wasn't that fun??Photo: iStockPhoto "Doodle-4-Google" is so much more than an art contest. Sure, the game, which received 33,000 entries last year, celebrates "the creativity of young people" by having them send in a drawing under the theme "What I?d like to do someday ?" But, there's another component, as well. It also helps Google collect some very personal data on students K through 12. Along with the submission, the contest's initial Parent Consent Form asked for the child's city of birth (not current city, mind you), date of birth, the last four digits of the child's social security number, as well as complete contact info for the parents. Bob Bowdon, who directed The Cartel, a documentary about corruption in the public-school system explained the significance: You see what Google knows and many parents don't know is that a person's city of birth and year of birth can be used to make a statistical guess about the first five digits of his/her social security number. Then, if you can somehow obtain those last four SSN digits explicitly ? voila, you've unlocked countless troves of personal information from someone who didn't even understand that such a disclosure was happening. If the information Google culled from the contest was linked with other databases to target ads, it could prove lucrative for the company, which enlists promotional help from schools by offering prize money. But Bowdon says he has no evidence that Google has used what it learned for marketing purposes. Not to mention the fact that statistical guessing seems more manpower intensive than the type of passive data collection Google usually prefers (oh, hey there, Street View camera). However, within 26 hours of alerting the FTC, Google updated its consent form eliminating the request for the last four digits of the kid's social security number but leaving in the question about birth city. Okay, class. Who wants to send in a doodle under the theme "Be sort of evil until someone figures it out"? From rforno at infowarrior.org Tue Feb 22 18:26:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Feb 2011 19:26:35 -0500 Subject: [Infowarrior] - Chris Dodd to head MPAA? Message-ID: Chris Dodd Breaking Promise Not To Become A Lobbyist Just Weeks After Leaving Senate; Joining MPAA As Top Lobbyist from the ah,-the-lies-of-politicians-and-hollywood dept http://www.techdirt.com/articles/20110221/14490613193/chris-dodd-breaking-promise-not-to-become-lobbyist-just-weeks-after-leaving-senate-joining-mpaa-as-top-lobbyist.shtml One of the worst kept secrets in DC and Hollywood over the last month or so is the news that former Connecticut Senator and failed Presidential candidate Chris Dodd is set to become the MPAA's new boss (salary: $1.2 million per year). This came after a failed attempt to get former Senator (and failed presidential candidate) Bob Kerrey to take the role last year. Assuming Dodd takes the role, he's already proving himself to be perfect for a Hollywood job, because it makes him a blatant liar. Last summer, Dodd insisted that he would not become a lobbyist. He made this abundantly clear. When asked what he would do, he was explicit: "No lobbying, no lobbying." Yeah, apparently a million dollar plus salary makes you a liar barely a month after leaving the job. Of course, technically, Dodd is also barred from becoming a lobbyist for two years after leaving the Senate, but there's a kind of *wink, wink, nudge, nudge* trick that Dodd and others use to technically claim they're not lobbyists while merely running one of the bigger and most high profile lobbying organizations around. Of course, it'll also be interesting to see if Dodd sells his soul and changes some of his professed principles. For example, he was a big supporter of "net neutrality." But the MPAA has come out against net neutrality, claiming it would hamper its efforts to "fight piracy." He was also against ISP data retention, which the MPAA has supported (again as a way to fight piracy). On copyright he was somewhat non-committal, but did talk about how fair use rights are important. I imagine that will disappear once he takes the role formerly filled by Jack Valenti -- the man who once declared that fair use doesn't exist. Anyway, I guess it shouldn't surprise us that a politician lied and went back on his basic principles in favor of a huge check from industry. It happens all the time. The real question is why anyone would take Chris Dodd seriously in this role going forward after proving that he's in it for nothing more than the check. From rforno at infowarrior.org Wed Feb 23 02:51:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Feb 2011 03:51:04 -0500 Subject: [Infowarrior] - Maryland Corrections Agency Demanding All Social Media Passwords Of Potential Hires Message-ID: Maryland Corrections Agency Demanding All Social Media Passwords Of Potential Hires from the privacy? dept http://www.techdirt.com/articles/20110221/00523513179/maryland-corrections-agency-demanding-all-social-media-passwords-potential-hires.shtml You may recall back in 2009 that we wrote about how the city of Bozeman, Montana was requiring people who applied for jobs with the city to cough up all of their social networking usernames and passwords, so that city employees could log in and look around. Beyond being positively ridiculous, this seemed like a huge invasion of privacy. After an awful lot of public ridicule, the city (wisely) decided to drop the requirement, and claim the whole idea had been a "mistake." Apparently not everyone in local government was paying attention. The ACLU is apparently taking on the case of a Maryland man who applied to be "re-certified" for a job with the Maryland Department of Corrections, after he had taken a brief leave. As a part of the interview process, he was required to hand over his Facebook password. Apparently, the Department of Corrections is now requiring all social media account info, including passwords, as a part of their "background check" process. In at least this case, the guy in question was told not to change his password for a few months -- leading to all sorts of questions about what private info state officials might look into while logged into his account. The ACLU sent a letter (pdf) to the Maryland Corrections Dept. noting that it believed the policy was "a frightening and illegal invasion of privacy," and a clear violation of the Stored Communications Act. The ACLU letter also demanded that the Maryland Department of Corrections rescind this policy. It appears that Maryland's response to all of this has been to totally ignore the letter. The ACLU waited three weeks, and after receiving no response at all, has gone public with the story. I would imagine that a lawsuit will soon follow. From rforno at infowarrior.org Wed Feb 23 06:47:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Feb 2011 07:47:49 -0500 Subject: [Infowarrior] - Feds seek new ways to bypass encryption Message-ID: <439005BF-59BB-4D53-9632-8FFF6AD28DC0@infowarrior.org> February 23, 2011 4:00 AM PST Feds seek new ways to bypass encryption by Declan McCullagh http://news.cnet.com/8301-31921_3-20035168-281.html?part=rss&subj=news&tag=2547-1_3-0-20 SAN FRANCISCO--When agents at the Drug Enforcement Administration learned a suspect was using PGP to encrypt documents, they persuaded a judge to let them sneak into an office complex and install a keystroke logger that recorded the passphrase as it was typed in. A decade ago, when the search warrant was granted, that kind of black bag job was a rarity. Today, however, law enforcement agents are encountering well-designed encryption products more and more frequently, forcing them to invent better ways to bypass or circumvent the technology. "Every new agent who goes to the Secret Service academy goes through a week of training" in computer forensics, including how to deal with encrypted files and hard drives, U.S. Secret Service agent Stuart Van Buren said at the RSA computer security conference last week. One way to circumvent encryption: Use court orders to force Web-based providers to cough up passwords the suspect uses and see if they match. "Sometimes if we can go in and find one of those passwords, or two or three, I can start to figure out that in every password, you use the No. 3," Van Buren said. "There are a lot of things we can find." Last week's public appearance caps a gradual but nevertheless dramatic change from 2001, when the U.S. Department of Justice spent months arguing in a case involving an alleged New Jersey mobster that key loggers were "classified information" (PDF) and could not be discussed in open court. Now, after keystroke-logging spyware has become commonplace, even being marketed to parents as a way to monitor kids' activities, there's less reason for secrecy. "There are times when the government tries to use keystroke loggers," Van Buren acknowledged. As first reported by CNET, FBI general counsel Valerie Caproni told a congressional committee last week that encryption and lack of ability to conduct wiretaps was becoming a serious problem. "On a regular basis, the government is unable to obtain communications and related data," she said. But the FBI did not request mandatory backdoors for police. Also becoming more readily available, if not exactly in common use, is well-designed encryption built into operating systems, including Apple's FileVault and Microsoft's BitLocker. PGP announced whole disk encryption for Windows in 2005; it's also available for OS X. Howard Cox, assistant deputy chief for the Justice Department's Computer Crime and Intellectual Property Section, said he did not believe a defendant could be legally forced--upon penalty of contempt charges, for instance--to turn over a passphrase. "We believe we don't have the legal authority to force you to turn over your password unless we already know what the data is," said Cox, who also spoke at RSA. "It's a form of compulsory testimony that we can't do... Compelling people to turn over their passwords for the most part is a non-starter." In 2009, the Justice Department sought to compel a criminal defendant suspected of having child porn on his Alienware laptop to turn over the passphrase. (A border guard said he opened the defendant's laptop, accessed the files without a password or passphrase and discovered "thousands of images of adult pornography and animation depicting adult and child pornography.") Another option, Cox said, is to ask software and hardware makers for help, especially when searching someone's house or office and encryption is suspected. "Manufacturers may provide us with assistance," he said. "We've got to make all of those arrangements in advance." (In a 2008 presentation, Cox reportedly alluded to the Turkish government beating a passhprase out of one of the primary ringleaders in the TJ Maxx credit card theft investigation.) Sometimes, Van Buren said, there's no substitute for what's known as a brute force attack, meaning configuring a program to crack the passphrase by testing all possible combinations. If the phrase is short enough, he said, "there's a reasonable chance that if I do lower upper and numbers I might be able to figure it out." Finding a seven-character password took three days, but because there are 62 likely combinations (26 uppercase letters, 26 lowercase letters, 10 digits), an eight-character password would take 62 times as long. "All of a sudden I'm looking at close to a year to do that," he said. "That's not feasible." To avoid brute-force attacks, the Secret Service has found that it's better to seize a computer that's still turned on with the encrypted volume mounted and the encryption key and passphrase still in memory. "Traditional forensics always said pull the plug," Van Buren said. "That's changing. Because of encryption...we need to make sure we do not power the system down before we know what's actually on it." A team of Princeton University and other researchers published a paper in February 2008 that describes how to bypass encryption products by gaining access to the contents of a computer's RAM--through a mechanism as simple as booting a laptop over a network or from a USB drive--and then scanning for encryption keys. It seems clear that law enforcement is now doing precisely that. "Our first step is grabbing the volatile memory," Van Burean said. He provided decryption help in the Albert "Segvec" Gonzalez prosecution, and the leaked HBGary e-mail files show he "went through a Responder Pro class about a year ago." Responder Pro is a "memory acquisition software utility" that claims to display "passwords in clear text." Cox, from the Justice Department's computer crime section, said "there are certain exploits you can use with peripheral devices that will allow you to get in." That seems to be a reference to techniques like one Maximillian Dornseif demonstrated in 2004, which showed how to extract the contents of a computer's memory merely by plugging in an iPod to the Firewire port. A subsequent presentation by "Metlstorm" in 2006 expanded the Firewire attack to Windows-based systems. And how to make sure that the computer is booted up and turned on? Van Buren said that one technique was to make sure the suspect is logged on, perhaps through an Internet chat, and then send an agent dressed as a UPS driver to the door. Then the hapless computer user is arrested and the contents of his devices are seized. Read more: http://news.cnet.com/8301-31921_3-20035168-281.html#ixzz1EmmBhWA3 From rforno at infowarrior.org Fri Feb 25 10:45:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 11:45:49 -0500 Subject: [Infowarrior] - Al Jazeera Coverage Enrages Dictators, Wins Global Viewers Message-ID: <541F2CEE-AB0C-4234-B2D8-18F1F5F50745@infowarrior.org> Al Jazeera Coverage Enrages Dictators, Wins Global Viewers By Matthew Campbell - Feb 25, 2011 http://www.bloomberg.com/news/print/2011-02-25/al-jazeera-enrages-dictators-wins-global-viewers-with-coverage-of-unrest.html ?Don?t believe those misleading dog stations,? Libyan leader Muammar Qaddafi said this week. He wasn?t referring to CNN or the BBC. Arab-owned television channels Al Jazeera and Al Arabiya have been denounced by targets of the Middle Eastern revolts, showing they?ve played a pivotal role in the uprisings that have shaken countries from Tunisia and Egypt to Libya and Yemen. Qaddafi called them the ?biggest enemy.? In Egypt, Al Jazeera?s Cairo bureau was shut down at the start of rallies that led to the ouster of 82-year-old president Hosni Mubarak. Beaming images of the protests and interviewing key participants, Al Jazeera in particular has moved from being perceived as a Middle Eastern talk shop to a catalyst for change. Although the Arabic- and English-language broadcaster has sometimes acted like a participant rather than an observer of the uprisings, it is winning praise in Europe and the U.S., which may help it extend its global reach. ?This is a bit of a breakthrough moment? for Al Jazeera, said Charlie Beckett, the director of the Polis media research unit at the London School of Economics. Al Jazeera may gain credibility similar to that won by Time Warner Inc.?s then-novel CNN with its aggressive coverage of the 1991 Gulf War, Beckett said. The channel, together with the Arabic-language only Al Arabiya, has been influential enough to cause Qaddafi, 68, to interrupt his hour-long, rambling televised speech on Feb. 22 to criticize their real-time coverage of his remarks after he was handed a note by an aide. Changing Perceptions Libyan state TV, meanwhile, shows regular footage of pro- Qaddafi protesters denouncing Al Jazeera. Human Rights Watch says at least 300 people have died in the 10 days since the crackdown on protesters began in Libya. Coverage of the protests by Al Jazeera, which is backed by the Emir of Qatar, ?is lifting people?s perceptions out of their tribes and their nations and into the wider context of the Middle East,? said Claire Enders, the founder of London media consultancy Enders Analysis. ?What?s happening now has a galvanizing and very rapid effect.? During the Cairo protests that eventually forced Mubarak from power, Doha-based Al Jazeera?s correspondents routinely said that as many as 2 million demonstrators were gathered in the central Tahrir Square -- an estimate higher than the hundreds of thousands cited by other media outlets. CNN-Like Al Jazeera?s greater role as a key source of information from a region in the spotlight has meant balancing overt support for demonstrators with claims of objectivity and ambitions to displace the British Broadcasting Corp. as the region?s most trusted voice for news. Al Jazeera English, which began in 2006, broadcasts to more than 220 million households in more than 100 countries. The network?s English and Arabic services are gaining ground just as rivals pull back. The U.K.?s state-backed BBC, which has broadcast in Arabic by radio since 1938 and on television since 2008, in January announced it would cut more than 400 jobs in its World Service in response to government austerity measures. Fresh regional competition, however, may arrive next year, as U.K. pay-TV company British Sky Broadcasting Group Plc plans to start an Arabic-language news channel as part of a joint venture with the Abu Dhabi Media Investment Corp. Western Feel Al Jazeera has seized its moment in the spotlight, taking out ads in newspapers in the U.K., U.S. and Canada and dispatching executives to write op-ed columns promoting its coverage. Many of the journalists working for its English service are veterans of the BBC or Canadian Broadcasting Corporation, giving broadcasts a Western feel. The network?s sometimes grisly footage has also found a second life through social networks and Google Inc.?s YouTube. ?That?s what people are cannibalizing on social networks, not CNN,? said the LSE?s Beckett. While they are more independent than the slavishly loyal state TV channels in the Middle East, Al Jazeera and Al Arabiya?s government ties have brought them scrutiny. Dubai-based Arabiya this month suspended a popular news show hosted by Egyptian journalist Hafez al Mirazy after he said he?d use his next episode to discuss the impact of Egypt?s uprisings on Saudi Arabia. The next episode never aired. ?Informal Tool? Meanwhile, U.S. diplomatic cables released by WikiLeaks have suggested that Qatar?s ruling royal family has used Al Jazeera?s Arabic channel as an ?informal tool? of foreign policy, offering to tweak coverage in exchange for favors. Al Jazeera has contested that charge, with the network?s director general, Wadah Khanfar, writing on its website that ?the Qatari government has kept its distance -- it is similar to the kind of model one sees in other publicly funded, arm?s length broadcasters such as the BBC.? Skepticism of its objectivity and allegations of anti- Israeli and American bias have long held back Al Jazeera in the U.S. market, where it?s largely unavailable on cable systems except in a few cities, such as Washington D.C. The network on Feb. 23 delivered 13,000 emails from Comcast Corp. subscribers demanding that the cable provider carry Al Jazeera, part of a wide effort to boost U.S. distribution. Al Jazeera?s English website now features a way for U.S. residents to send a form letter to cable providers. U.S. Challenge Still, Al Jazeera?s increased prominence in covering Arab uprisings ?may not be a fair test? of its ability to penetrate the U.S. market, since they don?t involve the main issues -- Israel and American military action -- on which its coverage has been criticized, said Steve Shepard, the dean of the City University of New York?s graduate school of journalism. For that reason, the network?s difficulties finding U.S. distribution ?are not going to change that quickly,? he said. Even if the uptake of Al Jazeera in the U.S. is gradual, the network?s American reach has come a long way since former Defense Secretary Donald Rumsfeld described its reporting as ?vicious, inaccurate, and inexcusable.? During meetings on the Egyptian uprisings at the White House last month, advisers watched two TV feeds in parallel: CNN and Al Jazeera. To contact the reporter on this story: Matthew Campbell in Paris at mcampbell39 at bloomberg.net. To contact the editor responsible for this story: Vidya Root at vroot at bloomberg.net. ?2011 BLOOMBERG L.P. ALL RIGHTS RESERVED. From rforno at infowarrior.org Fri Feb 25 10:46:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 11:46:54 -0500 Subject: [Infowarrior] - Army Deploys Psy-Ops on U.S. Senators Message-ID: <9583ACD9-73A5-4687-A3E8-2B53A95F715D@infowarrior.org> Another Runaway General: Army Deploys Psy-Ops on U.S. Senators Michael Hastings, Rolling Stone, 23 February 2011 http://www.rollingstone.com/politics/news/another-runaway-general-army-deploys-psy-ops-on-u-s-senators-20110223 The U.S. Army illegally ordered a team of soldiers specializing in "psychological operations" to manipulate visiting American senators into providing more troops and funding for the war, Rolling Stone has learned ? and when an officer tried to stop the operation, he was railroaded by military investigators. The orders came from the command of Lt. Gen. William Caldwell, a three-star general in charge of training Afghan troops ? the linchpin of U.S. strategy in the war. Over a four-month period last year, a military cell devoted to what is known as "information operations" at Camp Eggers in Kabul was repeatedly pressured to target visiting senators and other VIPs who met with Caldwell. When the unit resisted the order, arguing that it violated U.S. laws prohibiting the use of propaganda against American citizens, it was subjected to a campaign of retaliation. "My job in psy-ops is to play with people?s heads, to get the enemy to behave the way we want them to behave," says Lt. Colonel Michael Holmes, the leader of the IO unit, who received an official reprimand after bucking orders. "I?m prohibited from doing that to our own people. When you ask me to try to use these skills on senators and congressman, you?re crossing a line." The list of targeted visitors was long, according to interviews with members of the IO team and internal documents obtained by Rolling Stone. Those singled out in the campaign included senators John McCain, Joe Lieberman, Jack Reed, Al Franken and Carl Levin; Rep. Steve Israel of the House Appropriations Committee; Adm. Mike Mullen of the Joint Chiefs of Staff; the Czech ambassador to Afghanistan; the German interior minister, and a host of influential think-tank analysts. The incident offers an indication of just how desperate the U.S. command in Afghanistan is to spin American civilian leaders into supporting an increasingly unpopular war. According to the Defense Department?s own definition, psy-ops ? the use of propaganda and psychological tactics to influence emotions and behaviors ? are supposed to be used exclusively on "hostile foreign groups." Federal law forbids the military from practicing psy-ops on Americans, and each defense authorization bill comes with a "propaganda rider" that also prohibits such manipulation. "Everyone in the psy-ops, intel, and IO community knows you?re not supposed to target Americans," says a veteran member of another psy-ops team who has run operations in Iraq and Afghanistan. "It?s what you learn on day one." When Holmes and his four-man team arrived in Afghanistan in November 2009, their mission was to assess the effects of U.S. propaganda on the Taliban and the local Afghan population. But the following month, Holmes began receiving orders from Caldwell?s staff to direct his expertise on a new target: visiting Americans. At first, the orders were administered verbally. According to Holmes, who attended at least a dozen meetings with Caldwell to discuss the operation, the general wanted the IO unit to do the kind of seemingly innocuous work usually delegated to the two dozen members of his public affairs staff: compiling detailed profiles of the VIPs, including their voting records, their likes and dislikes, and their "hot-button issues." In one email to Holmes, Caldwell?s staff also wanted to know how to shape the general?s presentations to the visiting dignitaries, and how best to "refine our messaging." Congressional delegations ? known in military jargon as CODELs ? are no strangers to spin. U.S. lawmakers routinely take trips to the frontlines in Iraq and Afghanistan, where they receive carefully orchestrated briefings and visit local markets before posing for souvenir photos in helmets and flak jackets. Informally, the trips are a way for generals to lobby congressmen and provide first-hand updates on the war. But what Caldwell was looking for was more than the usual background briefings on senators. According to Holmes, the general wanted the IO team to provide a "deeper analysis of pressure points we could use to leverage the delegation for more funds." The general?s chief of staff also asked Holmes how Caldwell could secretly manipulate the U.S. lawmakers without their knowledge. "How do we get these guys to give us more people?" he demanded. "What do I have to plant inside their heads?" According to experts on intelligence policy, asking a psy-ops team to direct its expertise against visiting dignitaries would be like the president asking the CIA to put together background dossiers on congressional opponents. Holmes was even expected to sit in on Caldwell?s meetings with the senators and take notes, without divulging his background. "Putting your propaganda people in a room with senators doesn?t look good," says John Pike, a leading military analyst. "It doesn?t pass the smell test. Any decent propaganda operator would tell you that." At a minimum, the use of the IO team against U.S. senators was a misuse of vital resources designed to combat the enemy; it cost American taxpayers roughly $6 million to deploy Holmes and his team in Afghanistan for a year. But Caldwell seemed more eager to advance his own career than to defeat the Taliban. "We called it Operation Fourth Star," says Holmes. "Caldwell seemed far more focused on the Americans and the funding stream than he was on the Afghans. We were there to teach and train the Afghans. But for the first four months it was all about the U.S. Later he even started talking about targeting the NATO populations." At one point, according to Holmes, Caldwell wanted to break up the IO team and give each general on his staff their own personal spokesperson with psy-ops training. It wasn?t the first time that Caldwell had tried to tear down the wall that has historically separated public affairs and psy-ops ? the distinction the military is supposed to maintain between "informing" and "influencing." After a stint as the top U.S. spokesperson in Iraq, the general pushed aggressively to expand the military?s use of information operations. During his time as a commander at Ft. Leavenworth, Caldwell argued for exploiting new technologies like blogging and Wikipedia ? a move that would widen the military?s ability to influence the public, both foreign and domestic. According to sources close to the general, he also tried to rewrite the official doctrine on information operations, though that effort ultimately failed. (In recent months, the Pentagon has quietly dropped the nefarious-sounding moniker "psy-ops" in favor of the more neutral "MISO" ? short for Military Information Support Operations.) Under duress, Holmes and his team provided Caldwell with background assessments on the visiting senators, and helped prep the general for his high-profile encounters. But according to members of his unit, Holmes did his best to resist the orders. Holmes believed that using his team to target American civilians violated the Smith-Mundt Act of 1948, which was passed by Congress to prevent the State Department from using Soviet-style propaganda techniques on U.S. citizens. But when Holmes brought his concerns to Col. Gregory Breazile, the spokesperson for the Afghan training mission run by Caldwell, the discussion ended in a screaming match. "It?s not illegal if I say it isn?t!" Holmes recalls Breazile shouting. In March 2010, Breazile issued a written order that "directly tasked" Holmes to conduct an IO campaign against "all DV visits" ? short for "distinguished visitor." The team was also instructed to "prepare the context and develop the prep package for each visit." In case the order wasn?t clear enough, Breazile added that the new instructions were to "take priority over all other duties." Instead of fighting the Taliban, Holmes and his team were now responsible for using their training to win the hearts and minds of John McCain and Al Franken. On March 23rd, Holmes emailed the JAG lawyer who handled information operations, saying that the order made him "nervous." The lawyer, Capt. John Scott, agreed with Holmes. "The short answer is that IO doesn?t do that," Scott replied in an email. "[Public affairs] works on the hearts and minds of our own citizens and IO works on the hearts and minds of the citizens of other nations. While the twain do occasionally intersect, such intersections, like violent contact during a soccer game, should be unintentional." In another email, Scott advised Holmes to seek his own defense counsel. "Using IO to influence our own folks is a bad idea," the lawyer wrote, "and contrary to IO policy." In a statement to Rolling Stone, a spokesman for Caldwell "categorically denies the assertion that the command used an Information Operations Cell to influence Distinguished Visitors." But after Scott offered his legal opinion, the order was rewritten to stipulate that the IO unit should only use publicly available records to create profiles of U.S. visitors. Based on the narrower definition of the order, Holmes and his team believed the incident was behind them. Three weeks after the exchange, however, Holmes learned that he was the subject of an investigation, called an AR 15-6. The investigation had been ordered by Col. Joe Buche, Caldwell?s chief of staff. The 22-page report, obtained by Rolling Stone, reads like something put together by Kenneth Starr. The investigator accuses Holmes of going off base in civilian clothes without permission, improperly using his position to start a private business, consuming alcohol, using Facebook too much, and having an "inappropriate" relationship with one of his subordinates, Maj. Laural Levine. The investigator also noted a joking comment that Holmes made on his Facebook wall, in response to a jibe about Afghan men wanting to hold his hand. "Hey! I?ve been here almost five months now!" Holmes wrote. "Gimmee a break a man has needs you know." "LTC Holmes? comments about his sexual needs," the report concluded, "are even more distasteful in light of his status as a married man." Both Holmes and Levine maintain that there was nothing inappropriate about their relationship, and said they were waiting until after they left Afghanistan to start their own business. They and other members of the team also say that they had been given permission to go off post in civilian clothes. As for Facebook, Caldwell?s command had aggressively encouraged its officers to the use the site as part of a social-networking initiative ? and Holmes ranked only 15th among the biggest users. Nor was Holmes the only one who wrote silly things online. Col. Breazile?s Facebook page, for example, is spotted with similar kinds of nonsense, including multiple references to drinking alcohol, and a photo of a warning inside a Port-o-John mocking Afghans ? "In case any of you forgot that you are supposed to sit on the toilet and not stand on it and squat. It?s a safety issue. We don?t want you to fall in or miss your target." Breazile now serves at the Joint Chiefs of Staff, where he works in the office dedicated to waging a global information war for the Pentagon. Following the investigation, both Holmes and Levine were formally reprimanded. Holmes, believing that he was being targeted for questioning the legality of waging an IO campaign against U.S. visitors, complained to the Defense Department?s inspector general. Three months later, he was informed that he was not entitled to protection as a whistleblower, because the JAG lawyer he consulted was not "designated to receive such communications." Levine, who has a spotless record and 19 service awards after 16 years in the military, including a tour of duty in Kuwait and Iraq, fears that she has become "the collateral damage" in the military?s effort to retaliate against Holmes. "It will probably end my career," she says. "My father was an officer, and I believed officers would never act like this. I was devastated. I?ve lost my faith in the military, and I couldn?t in good conscience recommend anyone joining right now." After being reprimanded, Holmes and his team were essentially ignored for the rest of their tours in Afghanistan. But on June 15th, the entire Afghan training mission received a surprising memo from Col. Buche, Caldwell?s chief of staff. "Effective immediately," the memo read, "the engagement in information operations by personnel assigned to the NATO Training Mission-Afghanistan and Combined Security Transition Command-Afghanistan is strictly prohibited." From now on, the memo added, the "information operation cell" would be referred to as the "Information Engagement cell." The IE?s mission? "This cell will engage in activities for the sole purpose of informing and educating U.S., Afghan and international audiences?." The memo declared, in short, that those who had trained in psy-ops and other forms of propaganda would now officially be working as public relations experts ? targeting a worldwide audience. As for the operation targeting U.S. senators, there is no way to tell what, if any, influence it had on American policy. What is clear is that in January 2011, Caldwell?s command asked the Obama administration for another $2 billion to train an additional 70,000 Afghan troops ? an initiative that will already cost U.S. taxpayers more than $11 billion this year. Among the biggest boosters in Washington to give Caldwell the additional money? Sen. Carl Levin, one of the senators whom Holmes had been ordered to target. From rforno at infowarrior.org Fri Feb 25 11:07:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 12:07:25 -0500 Subject: [Infowarrior] - RSA 2011: Winning the War But Losing Our Soul Message-ID: <430F66DD-4431-4E2B-9016-FF4DF40216F3@infowarrior.org> February 22, 2011, 3:25PM RSA 2011: Winning the War But Losing Our Soul by Paul Roberts http://threatpost.com/en_us/blogs/rsa-2011-winning-war-losing-our-soul-022211 There was lots of noise and distraction on the crowded Expo floor of the RSA Security Conference this year. After a grueling couple of years, vendors were back in force with big booths, big news and plenty of entertainment designed to attract visitor traffic. Wandering the floor, I saw - variously - magic tricks, a man walking on stilts, a whack-a-mole game, a man dressed in a full suit of armor and a 15 foot long racetrack that I would have killed for when I was 10. The most telling display, however, may have been the one in Booth 556, where malware forensics firm HBGary displayed a simple sign saying that it had decided to remove its booth and cancel scheduled talks by its executives. This, after the online mischief making group Anonymous broke into the computer systems of the HBGary Federal subsidiary and stole proprietary and confidential information. The HBGary sign stayed up for a couple days, got defaced by someone at the show and was later removed. When I swung by HBGary's booth on Thursday, it was a forlorn and empty patch of brown carpet where a couple marketing types where holding an impromptu bull session. It would be easy to say that the lesson of HBGary is that "anyone can get hacked." After all, the company's founder, Greg Hoglund is one of the smartest security folks around - hands down. He's a recognized expert on malware and, literally, wrote the book on rootkit programs. HBGary Federal's customers included the U.S. Department of Defense as well as spy agencies like the CIA and NSA. Or maybe the lesson of HBGary is simply not to "kick the hornet's nest," so to speak: needlessly provoking groups like Anonymous who have shown themselves to be hungry for publicity and have little to lose in a confrontation. Maybe, the lesson is simply that, if you're going to kick the hornet's nest, as HBGary Federal CEO Aaron Barr was determined to, then at least to spend some time securing your Web- and e-mail infrastructure and following password security best practices before you commence said kicking. But I think the real lesson of the hack - and of the revelations that followed it - is that the IT security industry, having finally gotten the attention of law makers, Pentagon generals and public policy establishment wonks in the Beltway, is now in mortal danger of losing its soul. We've convinced the world that the threat is real - omnipresent and omnipotent. But in our desire to combat it, we are becoming indistinguishable from the folks with the black hats. Of course, none of this is intended to excuse the actions of Anonymous, who HBGary President Penny Leavy, in a conversation with Threatpost, rightly labeled "criminals" rather than politically motivated "hacktivists." The attack on HBGary was an unsubtle, if effective, act of intimidation designed to send a message to Barr and other would be cyber sleuths: 'stay away.' We can see their actions for what they are, and sympathize deeply with Aaron Barr, Greg Hoglund and his wife (and HBGary President) Penny Leavy for the harm and embarrassment caused by the hackers from Anonymous, who published some 70,000 confidential company e-mails online for the world to see. Those included confidential company information, as well as personal exchanges between HBGary staff that were never intended for a public airing. Its easy to point the finger and chortle upon reading them, but how many of us (or the Anonymous members, themselves) could stand such scrutiny? Its harder to explain away the substance of many other e-mail messages which have emerged in reporting by Ars Technica as well as others. They show a company executives like HBGary Federal CEO Aaron Barr mining social networks for data to "scare the s***" out of potential customers, in theory to win their business. While "scare 'em and snare 'em" may be business as usual in the IT security industry, other HBGary Federal skunk works projects clearly crossed a line: a proposal for a major U.S. bank, allegedly Bank of America, to launch offensive cyber attacks on the servers that host the whistle blower site Wikileaks. HBGary was part of a triumvirate of firms that also included Palantir Inc and Berico Technologies, that was working with the law firm of the U.S. Chamber of Commerce to develop plans to target progressive groups, labor unions and other left-leaning non profits who the Chamber opposed with a campaign of false information and entrapment. Other leaked e-mail messages reveal work with General Dynamics and a host of other firms to develop custom, stealth malware and collaborations with other firms selling offensive cyber capabilities including knowledge of previously undiscovered ("zero day") vulnerabilities. Look, there's nothing wrong with private firms helping Uncle Sam to develop cyber offensive capabilities. In an age of sophisticated and wholesale cyber espionage by nation states opposed to the U.S., the U.S. government clearly needs to be able to fight fire with fire. Besides, everybody already knew that Greg Hoglund was writing rootkits for the DoD, so is it right to say we're "shocked! shocked!" to read his e-mail and find out that what we all suspected was true? I don't think so. What's more disturbing is the way that the folks at HBGary - mostly Aaron Barr, but others as well - came to view the infowar tactics they were pitching to the military and its contractors as applicable in the civilian context, as well. How effortlessly and seamlessly the focus on "advanced persistent threats" shifted from government backed hackers in China and Russia to encompass political foes like ThinkProgress or the columnist Glenn Greenwald. Anonymous may have committed crimes that demand punishment - but its up to the FBI to handle that, not "a large U.S. bank" or its attorneys. The HBGary e-mails, I think, cast the shenanigans on the RSA Expo floor in a new and scarier light. What other companies, facing the kind of short term financial pressure that Barr and HBGary Federal felt might also cross the line - donning the gray hat, or the black one? What threat to all of our liberties does that kind of IT security firepower pose when its put at the behest of corporations, government agencies, stealth political groups or their operatives? Bruce Schneier - our industry's Obi-Wan Kenobi - has warned about this very phenomena: the way the military's ever expanding notion of "cyber war," like the Bush era's "War on Terror" does little to promote security, but a lot to promote inchoate fear. That inchoate fear then becomes a justification for futher infringement on our liberties. "We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime," Schneier observed. That kind of conflation is clear reading Barr's e-mails where the line between sales oriented tactics and offensive actions blur. The security industry veterans I spoke with at this year's show were as aghast at Barr's trip far off reservation, but they also expressed a weary recognition that, in the security business, this is where things are headed. What's the alternative? Schneier notes that focusing on cyber crime as "crime" rather than "war" tends to avoid the problems with demagoguery. Focus on cyber crime and hacking in the same way as you focus on other types of crimes: as long term problems that must be managed within the "context of normal life," rather than "wars" that pose an existential threat to those involved and must be won at all costs. The U.S. needs peacetime cyber-security "administered within the myriad structure of public and private security institutions we already have" rather than extra-judicial vigilantism and covert ops of the kind the HBGary e-mails reveal. Here's hoping HBGary is the wake up call the industry needed to reverse course. From rforno at infowarrior.org Fri Feb 25 11:24:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 12:24:51 -0500 Subject: [Infowarrior] - RFI: Lightpeak / Thunderbolt Message-ID: I see a lot of coverage about Intel's Thunderbolt (USB-alternative) on the new Macbooks and it looks nice in terms of file transfer, daisy-chaining, and so forth. It's being positioned as *the* next-gen interface for moving large volumes of data, video, multiple monitors, and so forth. That said, call me paranoid, but does anyone know what the DRM is like on this particular interface? -- rick From rforno at infowarrior.org Fri Feb 25 12:55:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 13:55:05 -0500 Subject: [Infowarrior] - Sony's Neverending War Against The Freedom To Tinker And Innovate Message-ID: Sony's Neverending War Against The Freedom To Tinker And Innovate from the learn-to-let-go dept http://www.techdirt.com/articles/20110224/23195013251/sonys-neverending-war-against-freedom-to-tinker-innovate.shtml We recently compared Sony's lawsuit against GeoHot for adding functionality (that Sony had removed) to PS3s, to Sony's attack on Aibo hackers a decade ago. With somewhat perfect timing, Philip Torrone has now put together a full list of Sony's ongoing "war" against "makers, hackers and innovators." You can read all the details at the link, but here's the list that he's working from: ? Sony DMCA delayed disclosure of Sony BMG rootkit vulnerability ? Sony threatens Aibo hobbyists for creating software that enables Sony?s Aibo robot dog to dance ? Sony sues Connectix and Bleem to block software that allows gamers to play their PlayStation games on PCs ? Sony attacks PlayStation ?Mod Chips? and enforces a system of ?region coding? ? Sony sued Gamemasters, distributor of the Game Enhancer peripheral device, which allowed owners of a U.S. PlayStation console to play games purchased in Japan and other countries ? Sony removes OtherOS option, removes Linux support ? Sony is suing makers, hackers, and tinkers for jailbreaking of the PS3 to play homebrew games What's really amazing in all of this is that Sony keeps making the same anti-maker mistakes over and over and over again. It's as if they don't understand that these people are adding value and making Sony products more valuable. From rforno at infowarrior.org Fri Feb 25 12:56:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 13:56:05 -0500 Subject: [Infowarrior] - Cyber cops and domain name registrars meet to tackle net crooks Message-ID: <1C8488DC-8D0C-4B0B-BA6E-8CE04E2E78FA@infowarrior.org> Cyber cops and domain name registrars meet to tackle net crooks http://www.theregister.co.uk/2011/02/25/cyber_cops_meet_domain_name_registrars/ By Kevin Murphy ? Get more from this author Posted in Government, 25th February 2011 16:41 GMT Cyber cops from both sides of the Atlantic are meeting with domain name registrars in Brussels today to try to figure out ways to crack down on internet crime. This second meeting of the "EU-US working group on cyber security and cybercrime" is dedicated to increasing cooperation between law enforcement agencies and the companies that unwittingly sell web addresses to online crooks, according to attendees. "We're trying to get both sides to communicate, so that we on our side have some idea what they're trying to achieve, and they on their side understand what we're able to do technically," said Michele Neylon, managing director of the Irish registrar Blacknight Solutions. The two-day consultation comes as police in the US and UK are increasingly turning their attention to domain names as an internet choke-point that can be used to shut down web sites selling counterfeit goods and enabling the trading of pirated movies and child pornography. The controversial Combating Online Infringement and Counterfeits Act (COICA), currently being discussed in the US, would codify the government's domain seizure powers. In the UK, the Serious Organised Crime Agency is pushing for a Nominet policy that would make it easier for police to shut down sites selling bogus goods. But the last two days of meetings in Brussels have focused on discussing ways to help law enforcement crack down on all types on cybercrime, and on ways the domain name industry can self-regulate through policies overseen by ICANN, according to Go Daddy general counsel Christine Jones and other attendees. Specifically, registrars are responding to recommendations made in October 2009 by the FBI, the Mounties, SOCA, and law enforcement agencies from Australia and New Zealand. The recommendations call on ICANN to conduct more rigorous due diligence before accrediting registrars, and to more aggressively police their conduct thereafter. Law enforcement is particularly interested in the Whois services that registrars have to provide, which enables anyone to quickly uncover the name, address and phone number of any domain name registrant. Cops don't like the proxy/privacy add-on services that many registrars offer to shield their customers' personal data from prying eyes. They want these services either banned or regulated through ICANN, using an accreditation program similar to the one used to approve registrars. Only private individuals engaged in non-commercial activities would be allowed to use privacy services, under these proposals. They also want ICANN to force registrars to collect more validated data about their customers, and to more effectively control their reseller networks. Registrars have pushed back to an extent, partly because many of law enforcement's demands could be tricky and/or expensive to implement. "We take a pretty aggressive approach to these issues already, so it would not be particularly burdensome for Go Daddy, but it could be for some of the smaller registrars that perhaps don't have the resources," said Jones. A major issue is that obtaining an ICANN registrar accreditation is fairly easy, quite cheap, and as a result there are almost 1,000 approved registrars. Many of these are simply shell companies, and some do not make even basic efforts to comply with ICANN's existing rules. Complicating matters, some registrars have thousands of resellers, which are not directly bound by ICANN contracts. As it stands, ICANN's compliance department barely has the resources to police its existing registrars; it has been without a senior director of compliance since July last year. In addition, the aftermath of recent US domain seizures has shown that when law enforcement grabs a .com domain, criminals quickly relocate their websites to country-code domains, which are not subject to ICANN oversight or US jurisdiction. With all this in mind, registrars have been discussing the best ways to help tackle the very real problem of criminal activity on a borderless internet. It's tricky. "There's no disagreement about the intent," Jean-Christophe Vignes, CEO of OpenRegistry, said from Brussels. "No self-respecting registrar, and certainly no registrar in the room, would say we don't want to fight crime. The question is: how do we get there?" The Brussels meeting is reportedly very well attended. Delegates include registrars representing a majority of the world's registered domain names, as well as law enforcement agencies from several European and North American countries. ? From rforno at infowarrior.org Fri Feb 25 13:13:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 14:13:56 -0500 Subject: [Infowarrior] - Feds spy on reporter in leak probe Message-ID: <6162ECCB-416F-4405-AA47-E8523CE323FC@infowarrior.org> Feds spy on reporter in leak probe By: Josh Gerstein February 24, 2011 11:06 PM EST http://dyn.politico.com/printstory.cfm?uuid=5AF5D3CD-EFBA-9364-70DB200BF7A60C7B Federal investigators trying to find out who leaked information about a CIA attempt to disrupt Iran?s nuclear program obtained a New York Times reporter?s three private credit reports, examined his personal bank records and obtained information about his phone calls and travel, according to a new court filing. The scope and intrusiveness of the government?s efforts to uncover reporter James Risen?s sources surfaced Thursday in the criminal case of Jeffrey Sterling, a former CIA officer facing federal criminal charges for allegedly disclosing classified information. Sterling is accused of giving Risen details about what Risen describes as the CIA?s plan to give Iran faulty nuclear blueprints, hoping to temporarily thwart the regime?s ambitions to build an atomic bomb. In a motion filed in federal court in Alexandria, Sterling?s defense lawyers, Ed MacMahon Jr. and Barry Pollack, reveal that the prosecution has turned over ?various telephone records showing calls made by the author James Risen. It has provided three credit reports?Equifax, TransUnion and Experian?for Mr. Risen. It has produced Mr. Risen?s credit card and bank records and certain records of his airline travel.? The revelation alarmed First Amendment advocates, particularly in light of Justice Department rules requiring the attorney general to sign off on subpoenas directed to members of the media and on requests for their phone records. And Risen told POLITICO that the disclosures, while not shocking, made him feel ?like a target of spying.? ?We?ve argued that I was a victim of harassment by the government. This seems to bolster that,? Risen said. ?Maybe I should ask them what my credit score is.? Sterling?s attorneys and a Justice Department spokeswoman declined POLITICO?s request for comment. The government?s interest in Risen?s sources for his 2006 book, ?State of War,? has been known since 2008. In particular, investigators have zeroed in on a chapter which details what Risen describes as a botched CIA effort to trip up Iran?s nuclear program. The scheme involved using a Russian defector to deliver the faulty blueprints to the Iranians, but the defector blew the CIA?s plot by alerting the Iranians to the flaws ? negating the value of the program, and perhaps even advancing Iran?s nuclear ambitions. Risen was twice subpoenaed to appear before a grand jury to testify about his sources, but the first grand jury dissolved before a judge acted on Risen?s motion to quash the subpoena. Last year, U.S. District Court Judge Leonie Brinkema sided with Risen and quashed the second subpoena, though details of her reasoning haven?t been made public. Soon after that decision, Sterling was indicted. First Amendment advocates said the Justice Department?s use of business records to find out about Risen?s sources was troubling. Those records, they argue, could potentially expose a wide array of Risen?s sources and confidential contacts ? information that might fall beyond the initial investigation that led to Sterling?s indictment. ?To me, in many ways, it?s worse than a direct subpoena,? said Jane Kirtley, a University of Minnesota law professor and former director of the Reporters Committee for Freedom of the Press. ?Third-party subpoenas are really, really invidious?. Even if it is targeted, even if they?re trying to just look at the relevant stuff, they?re inevitably going to get material that exposes other things.? Kirtley also said journalists often aren?t notified when the government asks telecom companies, banks or other service providers for their records. Asked how journalists could credibly complain about such techniques when most also refuse more direct demands for information about their sources, Kirtley said reporters who become the focus of determined investigators face a ?Hobson?s choice.? ?It?s the same thing as if the cops go to someone?s office with a search warrant and say, ?Give us the information we want and we won?t tear the place apart,?? she said. ?If you say ?tear the place apart,? all kinds of confidential information that you don?t think the police should have is going to end up in their hands.? Lawyers tracking the case believed that both former Attorney General Michael Mukasey, who was part of the Bush administration, and current Attorney General Eric Holder gave the go-ahead to subpoena Risen. Under Justice Department rules, the attorney general must approve a subpoena for a journalist and grant permission to obtain ?telephone toll records of a member of the news media.? It?s unclear whether the records investigators obtained about Risen?s phone calls came from his billing records or from records of incoming calls to Sterling or others. The Justice Department guidelines for investigations affecting journalists don?t appear to address travel, bank or credit card records. Risen said the government never notified him that they were seeking his phone records. But he said he got an inkling in 2008 that investigators had collected some information about his calls. ?We heard from several people who had been forced to testify to the grand jury that prosecutors had shown them phone records between me and those people?not the content of calls but the records of calls,? he said. ?As a result of what they told us, my lawyers filed a motion with the court as asking how the Justice Department got these phone records and whether or not they had gotten my phone records.? ?We wanted the court to help us decide whether they had abided by the attorney general?s guidelines,? Risen said. ?We never got an answer from the court or the government.? The new defense filings also offer the first official confirmation that Risen?s work was the focus of the investigation that led to the charges against Sterling. In addition to the phone, travel and financial records, Sterling?s defense said the prosecution handed over a copy of the cover of Risen?s book along with receipts and shipping records showing it was sold in Virginia. While those familiar with the case immediately concluded that Sterling was a source for Risen, the journalist who got classified information from Sterling was referred to simply as ?Author A? in the indictment, and was not named. Justice Department policy generally bars naming unindicted individuals in an indictment. From 2004 to 2006, the New York Times fought a court battle to keep federal prosecutor Patrick Fitzgerald from obtaining the telephone records of Times reporters Judith Miller and Philip Shenon. Fitzgerald wanted the information to help find out who leaked information that tipped off Islamic charities about federal raids on their offices. A district judge ruled in the Times? favor, but a federal appellate court overturned that decision. Fitzgerald ultimately obtained the records when the Supreme Court declined to step in; no one was ever charged for the leak. Sterling?s indictment suggests that Risen urged the Times to publish details about the CIA?s attempt to stop Iran?s nuclear program, but Times editors declined after senior U.S. government officials warned that the disclosure could harm national security and endanger the life of the Russian intermediary. The information later appeared in Risen?s book. The new details about the FBI?s investigation of Risen came in a motion that called on the government to provide more details about what specific information Sterling allegedly disclosed. Sterling's lawyers also filed a series of other motions challenging several counts of the indictment as duplicative. Some also sought to punish Sterling for acts he did not commit, such as Risen?s publication of the book, the defense argued. From rforno at infowarrior.org Fri Feb 25 13:22:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 14:22:52 -0500 Subject: [Infowarrior] - Google's war on content farms begins with algorithm update Message-ID: Google's war on content farms begins with algorithm update By Ed Oswald | Published February 25, 2011, 1:46 PM http://www.betanews.com/article/Googles-war-on-content-farms-begins-with-algorithm-update/1298659416 Google took a big step Thursday night towards dealing with the issue of content farms clogging results, changing its algorithms to weed out low-quality sites. The company said the changes would "noticeably impact" 11.8 percent of all queries, and could affect the rankings for a large number of websites, the company warned. "We can't make a major improvement without affecting rankings for many sites. It has to be that some sites will go up and some will go down," the company posted to its blog. "It is important for high-quality sites to be rewarded, and that's exactly what this change does." The Mountain View, Calif. company had earlier this month released an extension for the Chrome browser that allowed users to block certain websites. Google is compiling data from the sites users block, however it said this data was not used in creating the algorithm. It's unknown what sites have been affected by the changes, as it's hard to tell whether or not the results really have changed. But at least one company that is thought to be the target of the changes -- Demand Media -- claimed that they had not seen a noticeable difference at all. "It's impossible to speculate how these or any changes made by Google impact any online business in the long term -- but at this point in time, we haven't seen a material net impact on our Content & Media business," Demand Media, Media and Operations chief, Larry Fitzgibbon wrote in a blog post responding to Google's changes. Much of Demand Media's business is based around search queries, with article titles carefully crafted to match those queries. But detractors of the site and other "content farms" like it argue that the content is often written by people with little if any actual experience in the topic, or write them for the compensation they pay without any real consideration for quality. From rforno at infowarrior.org Fri Feb 25 13:25:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 14:25:58 -0500 Subject: [Infowarrior] - Over 40K "Does" Dismissed In Copyright Troll Cases Message-ID: Over 40,000 Does Dismissed In Copyright Troll Cases News Update by Eva Galperin http://www.eff.org/deeplinks/2011/02/over-40-000-does-dismissed-copyright-troll-cases These have been some eventful weeks in the world of copyright trolling. Thousands of unnamed ?John Does? in P2P file sharing lawsuits filed in California, Washington DC, Texas, and West Virginia have been severed, effectively dismissing over 40,000 defendants. The plaintiffs in these cases must now re-file against almost all of the Does individually rather than suing them en mass. These rulings may have a significant impact on the copyright trolls? business model, which relies on being able to sue thousands of Does at once with a minimum of administrative expense. The cost of filing suit against each Doe may prove prohibitively expensive to plaintiffs? attorneys who are primarily interested in extracting quick, low-hassle settlements. However, EFF has received reports that some Does are still receiving notices from their ISP?s informing them that their identities are being sought in relation to these cases. If you receive a notice from your ISP informing you that it has received a subpoena requesting your subscriber information in connection with one of the cases in the spreadsheet attached below, please contact EFF immediately by emailing info at eff.org. From rforno at infowarrior.org Fri Feb 25 13:30:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 14:30:15 -0500 Subject: [Infowarrior] - How to not squander a Sputnik moment Message-ID: How to not squander a Sputnik moment By Gunnar Peterson | Friday, Feb. 25, 2011 http://www.minnpost.com/community_voices/2011/02/25/26116/how_to_not_squander_a_sputnik_moment From rforno at infowarrior.org Fri Feb 25 16:28:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 17:28:56 -0500 Subject: [Infowarrior] - Gregory Evans sues Attrition.Org Message-ID: <3A633A6D-A551-4633-B3F0-CF92CC8DBA16@infowarrior.org> First we have Westboro Baptist Church taking on Anonymous in the court of public opnion. Now Gregory Evans is taking on Attrition.Org in a Georgia federal court. This must be Global Demonstrate-Your-Internet-Idiocy Week. --- rick < -- > We've enjoyed our history of legal threats over the years: http://attrition.org/postal/legal.html This time, the paperwork is actually filed. We are one of the 8 John Doe defendants in the case. Background, links, reply to lawyer and current docket: http://attrition.org/errata/charlatan/gregory_evans/ligatt23/ < -- > From rforno at infowarrior.org Fri Feb 25 16:35:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 17:35:34 -0500 Subject: [Infowarrior] - Facebook Tries to Simplify Privacy Policy Message-ID: ? TECHNOLOGY ? FEBRUARY 25, 2011, 5:00 P.M. ET Facebook Tries to Simplify Privacy Policy By GEOFFREY A. FOWLER In an effort to take some of the legalese out of a legal document, Facebook Inc. unveiled a new draft of its closely watched privacy policy. The new policy doesn't change the social network's data-handling practices, said Edward Palmieri, a privacy and product counsel at Facebook. Rather, the goal was to "apply the Facebook design experience that we bring to everything we do and extend that to our privacy policy." In place of an existing document that Facebook admitted was "longer than the U.S. constitution ? without the amendments," the draft policy contains chunks of information organized around more practical headings such as "Your information and how it is used" and "how advertising works." "We struggle with really hitting home to users that we do not sell their data to advertisers," said Mr. Palmieri, so the new policy includes screen shots that show what advertisers see about Facebook users. Privacy policies are often written by lawyers in notoriously vague language to provide companies legal cover for required notice about user data that's required by the Federal Trade Commission and other regulatory bodies. But in a recent report, the FTC noted that it was difficult for the average person to understand privacy policies ? and that many people assume that just because a company has one, their privacy is being protected. < - > http://online.wsj.com/article/SB10001424052748704150604576166603764298960.html#printMode From rforno at infowarrior.org Fri Feb 25 20:01:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 21:01:04 -0500 Subject: [Infowarrior] - HarperCollins Puts 26 Loan Cap on Ebook Circulations Message-ID: HarperCollins Puts 26 Loan Cap on Ebook Circulations The new provisions are the first significant revision to ebook lending terms By Josh Hadro Feb 25, 2011 In the first significant revision to lending terms for ebook circulation, HarperCollins has announced that new titles licensed from library ebook vendors will be able to circulate only 26 times before the license expires. Mention of the new terms was first made in a letter from OverDrive CEO Steve Potash to customers yesterday. He wrote [emphasis in original]: < -- > http://www.libraryjournal.com/lj/home/889452-264/harpercollins_caps_loans_on_ebook.html.csp From rforno at infowarrior.org Fri Feb 25 20:04:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Feb 2011 21:04:30 -0500 Subject: [Infowarrior] - Obama signs temporary extension of Patriot Act Message-ID: "Change we can believe in" ??? more like "Change we can choke on." ---rick Obama signs temporary extension of Patriot Act The Associated Press Friday, February 25, 2011; 5:21 PM http://www.washingtonpost.com/wp-dyn/content/article/2011/02/25/AR2011022505562_pf.html WASHINGTON -- President Barack Obama has signed a three-month extension of key surveillance provisions of the Patriot Act. The law extends two areas of the 2001 act. One provision allows law enforcement officials to set roving wiretaps to monitor multiple communication devices. The other allows them to ask a special court for access to business and library records that could be relevant to a terrorist threat. A third provision gives the FBI court-approved rights for surveillance of non-American "lone wolf" suspects - those not known to be tied to specific terrorist groups. Obama signed the three-month extension of the provisions Friday. They were to expire Monday. Lawmakers will soon start debating a multiple-year extension of the provisions, which have drawn fire from defenders of privacy rights. ? 2011 The Associated Press From rforno at infowarrior.org Sat Feb 26 14:58:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Feb 2011 15:58:43 -0500 Subject: [Infowarrior] - DHS planning DNA screening Message-ID: HOMELAND SECURITY PLANS DNA SCREENING... http://www.thedaily.com/page/2011/02/26/news-tsa-scanner-1-2/ From rforno at infowarrior.org Sat Feb 26 21:24:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Feb 2011 22:24:04 -0500 Subject: [Infowarrior] - Real Steganography with TrueCrypt Message-ID: <78E8BB2E-1B3A-4B30-908F-9D964AB24BA3@infowarrior.org> Real Steganography with TrueCrypt http://keyj.s2000.at/?p=458 From rforno at infowarrior.org Sun Feb 27 09:22:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Feb 2011 10:22:57 -0500 Subject: [Infowarrior] - Al-Jazeera seeks TV distribution deal with Comcast Message-ID: (Looking at the nonsensical URL, one wonders if the Philly Inquirer isn't trying to make political statement? -- rick) Al-Jazeera seeks TV distribution deal with Comcast February 25, 2011|By Bob Fernandez, Inquirer Staff Writer http://articles.philly.com/2011-02-25/business/28629801_1_mouthpiece-for-osama-bin-al-jazeera-officials-al-jazeera-english#ixzz1F1tqxG36 Hauling four boxes that contained the printouts of 13,000 supportive e-mails, Al Antsey of the Al-Jazeera network came to the Comcast building on Tuesday looking for a major U.S. platform for the 24-hour, Qatar-based news channel that at one time was viewed as just a mouthpiece for Osama bin Laden. It's time, he told officials with the nation's largest cable operator, to cast aside misperceptions of the Arabic news station as tainted with anti-American bias, and join the rest of the world. About 250 million households around the globe have access to Al-Jazeera English - arguably the most sophisticated English-language news organization covering the Middle East - but fewer than three million of those households are in the U.S. The network has viewership in three U.S. markets: Washington; Burlington, Vt.; and Toledo, Ohio. With viewership on its Internet site up sharply because of Al-Jazeera's news coverage of the political upheaval in the Middle East, Antsey says this is a "turning point" for the news channel, and he is making the rounds of the U.S. pay-TV operators. "We had a very fruitful meeting," Antsey said, adding that during his talks at the Comcast Center, the tallest U.S. building between New York and Chicago, he had "a fantastic view of the city over which we would like to broadcast our news." A Comcast spokeswoman confirmed that the cable operator met with Al-Jazeera officials but would not comment on programming negotiations or discussions. The cable giant has agreed to launch several new channels either owned by minorities or that targeted minority audiences as part of its deal to acquire a controlling interest in the news and entertainment giant NBC Universal Inc. Al-Jazeera would not be one of those channels. One reason Antsey traveled with the 13,000 e-mails was to show that there were viewers with a real interest in the channel. He had other statistics, too. Antsey, who spoke with the accent of his native London, said that traffic on the Al-Jazeera English website had spiked during the current Mideast political unrest and that 10 million minutes of live Al-Jazeera programming were now streamed daily over the Internet, with 45 percent of the views coming in the U.S. "That tells us there is demand for Al-Jazeera in the United States," he said. As for past perceptions of Al-Jazeera, Antsey said the view should be "consigned to history" and he pleaded "watch us!" Sean Yom, assistant professor of political science at Temple University, said on Thursday that Al-Jazeera was highly regarded by experts and that it had access in the Middle East that reporters for Western news organizations lacked. "People think the news is quite good and on the level of, say, BBC," Yom said. "The bias comes in with its commentary. While the channel is not anti-American . . . many of the guests that come on the commentary shows have an anti-American bias." But Yom added, "I don't think they are any more biased than other news sources." Contact Bob Fernandez at 215-854-5897 or bob.fernandez at phillynews.com. From rforno at infowarrior.org Sun Feb 27 11:11:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Feb 2011 12:11:02 -0500 Subject: [Infowarrior] - Anonymous declares war on Koch Industries Message-ID: <107B983C-7667-4209-87D4-42DA5288B55A@infowarrior.org> Anonymous declares war on Koch Industries http://www.scribd.com/doc/49513260/OpWisconsin Dear Citizens of the United States of America, It has come to our attention that the brothers, David and Charles Koch--the billionaire owners of Koch Industries--have long attempted to usurp American Democracy. Their actions to undermine the legitimate political process in Wisconsin are the final straw. Starting today we fight back. Koch Industries, and oligarchs like them, have most recently started to manipulate the political agenda in Wisconsin. Governor Walker's union-busting budget plan contains a clause that went nearly un-noticed. This clause would allow the sale of publicly owned utility plants in Wisconsin to private parties (specifically, Koch Industries) at any price, no matter how low, without a public bidding process. The Koch's have helped to fuel the unrest in Wisconsin and the drive behind the bill to eliminate the collective bargaining power of unions in a bid to gain a monopoly over the state's power supplies. The Koch brothers have made a science of fabricating 'grassroots' organizations and advertising campaigns to support them in an attempt to sway voters based on their falsehoods. Americans for Prosperity, Club for Growth and Citizens United are just a few of these organizations. In a world where corporate money has become the lifeblood of political influence, the labor unions are one of the few ways citizens have to fight against corporate greed. Anonymous cannot ignore the plight of the citizen-workers of Wisconsin, or the opportunity to fight for the people in America's broken political system. For these reasons, we feel that the Koch brothers threaten the United States democratic system and, by extension, all freedom-loving individuals everywhere. As such, we have no choice but to spread the word of the Koch brothers' political manipulation, their single-minded intent and the insidious truth of their actions in Wisconsin, for all to witness. Anonymous hears the voice of the downtrodden American people, whose rights and liberties are being systematically removed one by one, even when their own government refuses to listen or worse - is complicit in these attacks. We are actively seeking vulnerabilities, but in the mean time we are calling for all supporters of true Democracy, and Freedom of The People, to boycott all Koch Industries' paper products. We welcome unions across the globe to join us in this boycott to show that you will not allow big business to dictate your freedom. U.S. Product Boycott List y Vanity Fair y Quilted Northern y Angel Soft y Sparkle y Brawny y Mardi Gras y Dixie European Product Boycott List y Demak'Up y Kitten Soft y Lotus / Lotus Soft y Tenderly y Nouvelle Soft y Okay Ktchen Towels y Colhogar y Delica y Inversoft y Tutto To identify these brands, please look for the following logo anywhere on the packaging: Anonymous. We are Legion. We do not forgive. We do not forget. Expect us. From rforno at infowarrior.org Sun Feb 27 17:28:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Feb 2011 18:28:51 -0500 Subject: [Infowarrior] - Gmail accidentally resetting accounts Message-ID: <9F202EA8-8A81-4B36-94B2-E737B0DAB0A9@infowarrior.org> Yaaaaay, cloud!!! -- rick Gmail accidentally resetting accounts, years of correspondence vanish into the cloud? By Sean Hollister posted Feb 27th 2011 6:13PM If you've got a working Gmail account, you might want to back it up every so often -- as many as 500,000 Gmail users lost access to their inboxes this morn, and some of them are reporting (via Twitter and support forums) that years worth of messages, attachments and Google Chat logs had vanished by the time they were finally able to log on. While we haven't experienced the issue personally, we're hearing that the bug effectively reset some accounts, treating their owners as new users complete with welcome messages. For its part, Google says that the issue "affects less than .29% of the Google Mail userbase," engineers are working to fix the issue right now, and that missing messages will be restored as soon as possible. We'll soon see if this is a momentary setback... or a lengthy wakeup call. http://www.engadget.com/2011/02/27/gmail-accidentally-resetting-accounts-years-of-correspondence-v/ From rforno at infowarrior.org Sun Feb 27 21:47:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Feb 2011 22:47:44 -0500 Subject: [Infowarrior] - J.P. Morgan Fund in Talks to Take Twitter Stake Message-ID: <2486D790-42E6-490F-96E1-7C716E52D849@infowarrior.org> http://online.wsj.com/article/SB10001424052748704288304576171033398632972.html?mod=googlenews_wsj TECHNOLOGY FEBRUARY 28, 2011 J.P. Morgan Fund in Talks to Take Twitter Stake By ANUPREETA DAS And AMIR EFRATI A fund run by J.P. Morgan Chase & Co. is in talks with Twitter Inc. to take a minority stake in the rapidly growing microblogging company, people familiar with the matter said. The investment, which is expected to value Twitter at more than $4 billion, will be made from the bank's new $1.2 billion digital growth fund, these people said. Exact terms of the potential deal couldn't be learned. Discussions between J.P. Morgan and Twitter are continuing, and there is no guarantee a deal will be struck, the people added. J.P. Morgan also has purchased a significant amount of Twitter's shares on exchanges for private-company stock, separate from its talks for a direct stake in the company, said a person familiar with the matter. A Twitter spokesman said the company doesn't comment on interest by other companies. A J.P. Morgan spokesman declined to comment. J.P. Morgan said in a regulatory filing last week that it had raised $1.2 billion for the new fund, much more than the initial target of between $500 million and $750 million reported by The Wall Street Journal. The fund, being run out of J.P. Morgan's asset-management unit, will target private Internet and digital-media companies that have an up-and-running business model, steady revenue and cash flow. Besides the potential deal with Twitter, which was reported earlier by the Financial Times, the J.P. Morgan fund could also be interested in online gaming firm Zynga Inc., which is in discussions to raise nearly $500 million from institutional investors, one of the people familiar with the matter said. Twitter's revenue and valuation have risen as the company continues to work on ways to translate its more than 200 million registered users into a profitable business. Research firm eMarketer said it expected the San Francisco-based company to generate $150 million in revenue this year, largely from offering marketers the chance to advertise on the site. Twitter, which was created in 2006 and now has about 350 employees, introduced advertising into its service last year. Twitter's value has more than quadrupled over the past year or so to nearly $4 billion, based on the last round of financing raised by the company, which was disclosed in December. In low-level, informal talks with potential suitors in recent months, the company has said it is worth an additional several billion dollars, people familiar with the matter have said. Both social-networking company Facebook Inc. and Internet-search behemoth Google Inc. have at times expressed some interest in potentially acquiring Twitter, people familiar with the matter have said. Two people familiar with the matter recently said Twitter isn't considering any buyout offers, and has told possible suitors it is focused on building an independent company. From rforno at infowarrior.org Mon Feb 28 06:33:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Feb 2011 07:33:06 -0500 Subject: [Infowarrior] - iCal + Blackberry Sync Message-ID: <06ABD668-EF13-4954-965D-E315A1BC2D67@infowarrior.org> FYI if anyone upgrades their iCal to the new version (a forced upgrade soon, btw) it will break the ability of Blackberry Desktop to sync with iCal. Downgrading iCal back to the previous version (via the Me.Com website) seems to fix the problem. Hope this gets fixed when the upgrade becomes mandatory --- I refuse to buy a crippled JesusPhone just because I want mobile PIM and email functionality with my Mac. Apple.......sigh. -- rick From rforno at infowarrior.org Mon Feb 28 06:58:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Feb 2011 07:58:32 -0500 Subject: [Infowarrior] - No support for U.S. proposal for domain name veto Message-ID: <87F2B11B-F6F8-40E8-8CBB-58A343828ECE@infowarrior.org> February 28, 2011 4:00 AM PST No support for U.S. proposal for domain name veto by Declan McCullagh http://news.cnet.com/8301-31921_3-20037090-281.html?part=rss&subj=news&tag=2547-1_3-0-20 The Obama administration has failed in its bid to allow it and other governments to veto future top-level domain names, a proposal before ICANN that raised questions about balancing national sovereignty with the venerable Internet tradition of free expression. A group of nations rejected (PDF) that part of the U.S. proposal last week, concluding instead that governments can offer nonbinding "advice" about controversial suffixes such as .gay but will not receive actual veto power. Other portions of the U.S. proposal were adopted, including one specifying that individual governments may file objections to proposed suffixes without paying fees and another making it easier for trademark holders to object. The final document, called a "scorecard," will be discussed at a two-day meeting that starts today in Brussels. At stake are the procedures to create the next wave of suffixes to supplement the time-tested .com, .org, and .net. Hundreds of proposals are expected this year, including .car, .health, .love, .movie, and .web, and the application process could be finalized at a meeting next month in San Francisco of ICANN, or the Internet Corporation for Assigned Names and Numbers. Proposed domain suffixes like .gay are likely to prove contentious among more conservative nations, as are questions over whether foreign firms should be able to secure potentially lucrative rights to operate geographical suffixes such as .nyc, .paris, and .london. And nobody has forgotten the furor over .xxx, which has been in limbo for seven years after receiving an emphatic thumbs-down from the Bush administration. "We are very pleased that this consensus-based process is moving forward," a spokeswoman for the U.S. Commerce Department said in a statement provided to CNET over the weekend. "The U.S., along with many other GAC members, submitted recommendations for consideration and as expected, these recommendations provided valuable input for the development of the new scorecard." GAC is the Governmental Advisory Committee of ICANN and composed of representatives of scores of national governments from Afghanistan to Yemen. The Commerce Department's National Telecommunications and Information Administration, or NTIA, serves as the committee's representative from the United States. ICANN representatives did not respond to a request for comment. Milton Mueller, a professor of information studies at Syracuse University and author of a recently published book on Internet governance, says an effort he supported--complete with an online petition--"shamed" GAC representatives "into thinking about the free expression consequences" of a governmental veto. "When I started this campaign, I knew that the Department of Commerce could never defend what they were doing publicly," Mueller said. "There are also potential constitutional issues." Complicating the Obama administration's embrace of a governmental veto was its frequently expressed support for Internet freedoms including free speech, laid out in Secretary of State Hillary Clinton's speech last January. Clinton reiterated the administration's commitment to "the freedom to connect" again in a speech in Washington, D.C. this month. One argument for the veto over new-top level domains is that it could fend off the possibility of a more fragmented Internet, which would likely happen if less liberal governments adopt technical measures to prevent their citizens from connecting to .gay and .xxx Web sites. In addition, handing governments more influence inside ICANN could reduce the odds of a revolt that would vest more Internet authority with the United Nations, a proposal that China allies supported last year. "I suspect that the U.S. government put (the veto power) in there to show that it wants to respect the wishes of governments," said Steve DelBianco, executive director of the NetChoice coalition. "I think the U.S. would prefer to see a string rejected rather than let it get into the root and have multiple nations block the top-level domain." DelBianco, whose coalition's members include AOL, eBay, Oracle, VeriSign, and Yahoo, said "blocking creates stability and consistency problems with the Internet...The U.S. government was showing a preference for having one global root." Today's meeting in Brussels between the ICANN board and national government, which appears to be unprecedented in the history of the organization, signals a deepening rift and an attempt to resolve disputes before ICANN's next public meeting beginning March 13 in San Francisco. (The language of the official announcement says the goal is "arrive at an agreed upon resolution of those differences.") A seven-page statement (PDF) in December 2010 from the national governments participating in the ICANN process says they are "very concerned" that "public policy issues raised remain unresolved." In addition to concern over the review of "sensitive" top-level domains, the statement says, there are also issues about "use and protection of geographical names." That statement followed years of escalating tensions between ICANN and representatives of national governments, including a letter (PDF) they sent in August 2010 suggesting that "the absence of any controversial [suffixes] in the current universe of top-level domains to date contributes directly to the security and stability of the domain name and addressing system." And the German government recently told (PDF) ICANN CEO Rod Beckstrom that there are "outstanding issues"--involving protecting trademark holders--that must be resolved before introducing "new top-level domains." From rforno at infowarrior.org Mon Feb 28 07:38:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Feb 2011 08:38:50 -0500 Subject: [Infowarrior] - OT: Last U.S. World War I veteran Frank W. Buckles dies at 110 Message-ID: Last U.S. World War I veteran Frank W. Buckles dies at 110 By Paul Duggan Monday, February 28, 2011; 7:53 AM http://www.washingtonpost.com/wp-dyn/content/article/2011/02/28/AR2011022800165_pf.html Frank W. Buckles died early Sunday, sadly yet not unexpectedly at age 110, having achieved a singular feat of longevity that left him proud and a bit bemused. In 1917 and 1918, close to 5 million Americans served in World War I, and Mr. Buckles, a cordial fellow of gentle humor, was the last known survivor. "I knew there'd be only one someday," he said a few years back. "I didn't think it would be me." His daughter, Susannah Buckles Flanagan, said Mr. Buckles, a widower, died of natural causes on his West Virginia farm, where she had been caring for him. Buckles' distant generation was the first to witness the awful toll of modern, mechanized warfare. As time thinned the ranks of those long-ago U.S. veterans, the nation hardly noticed them vanishing, until the roster dwindled to one ex-soldier, embraced in his final years by an appreciative public. "Frank was a history book in and of himself, the kind you can't get at the library," said his friend, Muriel Sue Kerr. Having lived from the dawn of the 20th century, he seemed to never tire of sharing his and the country's old memories - of the First World War, of roaring prosperity and epic depression, and of a second, far more cataclysmic global conflict, which he barely survived. Mr. Buckles, who was born by lantern light in a Missouri farmhouse, quit school at 16 and bluffed his way into the Army. As the nation flexed its full military might overseas for the first time, he joined 4.7 million Americans in uniform and was among 2 million U.S. troops shipped to France to vanquish the German kaiser. Ninety years later, with available records showing that former corporal Buckles, serial No. 15577, had outlived all of his compatriots from World War I, the Department of Veterans Affairs declared him the last doughboy standing. He was soon answering fan mail and welcoming a multitude of inquisitive visitors to his rural home. "I feel like an endangered species," he joked, well into his 11th decade. As a rear-echelon ambulance driver behind the trenches of the Western Front in 1918, he had been safe from the worst of the fighting. But "I saw the results," he would say. He saw the world With his death, researchers said, only two of the approximately 65 million people mobilized by the world's militaries during the Great War are known to be alive: an Australian man, 109, and a British woman, 110 . Mr. Buckles said he was just a naive schoolboy chasing adventure when he enlisted Aug. 14, 1917, after the United States joined a war that had been raging for three years, with millions dead. "I knew what was happening in Europe, even though I was quite young," he told a Washington Post reporter when he was 105. "And I thought, well, 'I want to get over there and see what it's about." After the armistice, he traveled the globe as a purser on commercial ships and was caught in Manila when Japan invaded the Philippines in 1941. He endured 38 months of cruel deprivation as a civilian prisoner during World War II before being freed in a daring military raid. In 1953, he and his wife bought a cattle farm with a Colonial-era stone house near Charles Town, W.Va., and there Mr. Buckles quietly spent the rest of his life, his doughboy tunic hanging in a closet. As his generation passed away, he held fast as a centenarian, doing daily calisthenics and immersing himself in books and newspapers. Then, on Feb. 4, 2008, a Florida man who had been in Army basic training when hostilities ended in November 1918 died at 108. As best as the VA could determine, that left only Mr. Buckles, who warmly indulged people's growing fascination with him. He was an honored guest on Capitol Hill, at the Pentagon and in the Oval Office. School children, history buffs, journalists, younger veterans, and even Britain's defense secretary visited him at the farm, admiring him like a museum piece. "Well, I guess I'm famous now," he said slyly. Not surprisingly, some were quick to declare him "a hero" - a notion he dismissed as sentimental. The VA, established in 1930, does not have complete records from World War I. But amid all the attention Mr. Buckles received, no one surfaced claiming to have also served in the U.S. military before the armistice. Mr Buckles's secret to longevity: "When you think you're dying," his son-in-law once heard him quip, "don't." Letters from strangers, some seeking autographs, arrived at his home in stacks. He signed as many as he could until a frail hand forced him to stop. And despite the ailments of age, he went on championing his favorite cause: a proposal to refurbish the District of Columbia's neglected World War I monument and rededicate it as a national memorial. Appearing before a U.S. Senate panel in 2009 in support of the idea, Mr. Buckles greeted lawmakers and others as they filed toward him in a reverent procession. With his old Army ribbons pinned to his blue blazer, he seemed a memorial in his own right to a dimly remembered catastrophe that left an estimated 16 million people dead worldwide. 'I was just 16' Wood Buckles - his given name, recorded in the family Bible before birth certificates were required in his home state - was born Feb. 1, 1901, on his parents' farm in Bethany, Mo. He said destiny seemed to side with him early, in 1903, when he and his brother Ashman fell deathly ill together with scarlet fever. Ashman, 4, succumbed; Mr. Buckles pulled through and experienced a century. Few others born during the McKinley administration lived to have a Facebook page, as he did. "My father took newspapers," he told the Library of Congress's Veterans History Project a decade ago. "I read about the war." The tangle of alliances and volatile rivalries among Europe's old empires, the diplomatic deceits and blunders that ignited the conflict in 1914 were hard for an adolescent to sort out. But the din of rabid patriotism surrounding America's entry into the war in April 1917 stirred his imagination, Mr. Buckles said. "I was just 16 and didn't look a day older," he once wrote. After Navy and Marine Corps recruiters shooed him away - "they'd take one look at me and laugh" - the Army, expanding massively, inducted Mr. Buckles, who swore without proof that he was old enough to join. A sergeant insisted that he needed a middle initial, Mr. Buckles recalled. So he adopted an uncle's name, Frank Woodruff Buckles, and never stopped using it. "Every last one of us Yanks believed we'd wrap this thing up in a month or two and head back home before harvest," he said. "In other words, we were the typical cocky Americans no one wants around until they need help winning a war." In December 1917, as his Army detachment steamed for Europe on the British liner Carpathia, Mr. Buckles said, crewmen shared stories of the grim dawn less than six years earlier when their ship had been the first to reach survivors of the Titanic. From England, he said, "I was anxious to get to France, and I used several methods, including, I should say, pestering every officer of influence in the place." A lifetime later, recalling the scorched French countryside from the comfort of his den, he spoke of the weary, grateful German POWs, some of them teenagers like himself, who he helped repatriate after the vast bloodletting of the world's first industrialized war. One gave him a souvenir, a soldier's belt with a buckle inscribed, "GOTT MIT UNS" [God with us], which he kept for the rest of his years. In war and peace The nation's official toll from 19 months of war: 116,516 deaths, about half in battle, most of the rest from illnesses, mainly the 1918 influenza pandemic. After his discharge, Mr. Buckles said, he paid for typing and shorthand classes and took a clerical job with a steamship line - a generation before the first G.I. Bill would make college and home ownership possible for millions of returning World War II vets. He weathered the Depression at sea on his purser's salary, regularly making port calls in newly Nazified Germany. He saw Adolf Hitler at the 1936 Summer Olympics, he said, and watched Jesse Owens anger the dictator by sprinting to victory in Berlin's Reichssportfeld. Then, in December 1941, he was working in a shipping company's Manila office when Japanese invaders landed in Luzon after the attack on Pearl Harbor. "Three years, two months," he said of his captivity in the Philippines, eventually at a notorious camp in Los Banos. There, under pitiless Japanese guards, hundreds of Allied civilian and military internees lived in squalor, subsisting on often wormy rations. "The starvation was so bad . . . it is surprising that any of us survived," said Mr. Buckles, who was among 2,147 Los Banos prisoners liberated Feb. 23, 1945, in a risky assault by U.S. paratroopers and Filipino guerrillas. American commanders in the fight to retake the Philippines had ordered the rescue mission, 25 miles behind Japanese lines, fearing that the guards would begin massacring the captives before the main U.S. ground advance reached the camp. Mr. Buckles turned 44 that winter, suffering from beriberi and dengue fever. Deciding he had had enough adventure, he said, he worked in sales for a West Coast paint company after marrying in 1946. Then he settled on his 330-acre Gap View Farm, driving a tractor past his 100th birthday until the years finally caught up with him. His wife, Audrey Buckles, died in 1999 at age 78, after which Flanagan, their only survivor, moved to the farm to help care for her father. Because Mr. Buckles served just one hitch in the Army and returned from France with no wounds or medals for bravery, he was eligible under Arlington National Cemetery protocols only for inurnment in a vault for cremated remains. In March 2008, however, the Bush administration ordered a rare exception for an old corporal of the so-called war to end all wars, and for the passing of living memory. Mr. Buckles wanted a grave site at Arlington and a traditional white marble headstone. And he will get his wish. From rforno at infowarrior.org Mon Feb 28 11:29:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Feb 2011 12:29:52 -0500 Subject: [Infowarrior] - Libyans Using Coded Dating Site Messages To Avoid Government Monitoring Message-ID: Libyans Using Coded Dating Site Messages To Avoid Government Monitoring from the can't-stop-technology dept http://www.techdirt.com/articles/20110226/18330013292/libyans-using-coded-dating-site-messages-to-avoid-government-monitoring.shtml A few different people have sent over this fascinating story of how Libyans have been using a popular muslim dating site to communicate about the protests in that country. It's been widely covered how various protesters around the middle east have been using tools like Facebook and Twitter to organize and communicate, and governments have been responding to that fact, often shutting off access to those sites, or at least monitoring them very, very closely. In order to avoid that, apparently some of the conversations in Libya have migrated to this dating site. The article at ABC News includes plenty of details about how people are communicating on the site, and it's worth a read. Here's a snippet: The phrase "May your day be full of Jasmine," for example, is a coded reference to what's been called the Jasmine Revolution sweeping the region, Mahmoudi told ABC News. He said the response, "And the same to you. I hope you will call me" meant they were ready to begin. If the undercover "lovers" wrote "I want love," it meant "I want liberty," Mahmoudi said. They also communicated in code the number of their comrades supporting the revolution. The five Ls in the phrase "I LLLLLove you," for example, meant they had five people with them. Yet another reminder that no matter how hard governments try to suppress certain forms of communication, people always seek out alternative means. From rforno at infowarrior.org Mon Feb 28 17:40:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Feb 2011 18:40:04 -0500 Subject: [Infowarrior] - Morgan Stanley Hacked in China-Based Attacks That Hit Google Message-ID: <54DC1F39-9E84-4996-A260-1AB4B36D7C8E@infowarrior.org> http://www.bloomberg.com/news/print/2011-02-28/morgan-stanley-network-hacked-in-same-china-based-attacks-that-hit-google.html Morgan Stanley Hacked in China-Based Attacks That Hit Google By Michael Riley - Feb 28, 2011 Morgan Stanley, the world?s top merger adviser, experienced a ?very sensitive? break-in to its network by the same China-based hackers who attacked Google Inc.?s computers in January 2010, according to leaked e-mails from a cyber-security company working for the bank. The e-mails from the Sacramento, California-based computer security firm HBGary Inc., which identify the first financial institution targeted in the series of attacks, said the bank considered details of the intrusion a closely guarded secret. ?They were hit hard by the real Aurora attacks (not the crap in the news),? wrote Phil Wallisch, a senior security engineer at HBGary, who said he read an internal Morgan Stanley report detailing the so-called Operation Aurora attacks. McAfee Inc., a Santa Clara, California-based cyber-security firm, dubbed the attacks Operation Aurora and called them ?a watershed moment in cyber security.? The number of companies known to be hit in the attacks was initially estimated at 20 to 30 and now exceeds 200, said Christopher Day, senior vice president for Terremark Worldwide Inc., which provides information-technology security services. The HBGary e-mails don?t indicate what information may have been stolen from Morgan Stanley?s databanks or which of the bank?s multinational operations were targeted. ?They have given me access to a very sensitive report on their Aurora experience,? Wallisch wrote in a May 10 e-mail to HBGary President Penny Leavy-Hoglund. ?I will honor their wishes about not sharing the info with anyone, but the good news is that I have some great ideas for our final reports.? Sandra Hernandez, a spokeswoman for the New York-based bank, which unlike Google didn?t disclose the attacks publicly, declined to comment on them specifically. ?Conducting Business? ?Like any other company in our industry we deal with malware and attempted computer compromises as a matter of conducting business and work with law enforcement where appropriate,? Hernandez said today by phone. FBI Deputy Assistant Director Steven Chabinsky said that hackers have increasingly targeted information related to mergers and acquisitions related to China-based companies, data that can give those companies an advantage in negotiations. Google said in January 2010 that it was one of 20 major U.S. companies breached by hackers using China-based servers, an event that McAfee Chief Technology Officer George Kurtz described as the ?largest and most sophisticated cyberattack we have seen in years targeted at specific corporations.? ?Politburo Standing Committee? U.S. diplomatic cables published by WikiLeaks and citing high-level Chinese sources later traced direction of the attack to the ?Politburo Standing Committee level? of China?s government. Wang Baodong, a spokesman for the Chinese embassy in Washington, said cyber-hacking is an international issue and that many Chinese governmental websites have been attacked. ?China?s stand on fighting hacking activities is clear and consistent, with relevant strict domestic laws and regulations in place, and is always ready to work with other countries to jointly strike down on hacking crimes,? he said today in an e-mail. China?s official news agency last year quoted an unidentified spokesman from the Ministry of Industry and Information Technology saying that accusations the government was behind the attacks were ?groundless.? Forensic Investigations Kevin Mandia, chief executive officer of the cyber-security firm Mandiant, based in Alexandria, Virginia, said forensic investigations of the attacks showed that the hackers had penetrated company networks over a period lasting more than a year and had hit some companies multiple times. Day and Mandia, citing client confidentiality, didn?t discuss the companies that were victims of the attack. The e-mails were stolen from HBGary?s computer network by the group of hacker activists called Anonymous, which posted them on the Internet as a searchable database. HBGary confirmed the messages were stolen and declined last week to comment on their content. Marc Zwillinger, an attorney for HBGary, didn?t immediately respond to a phone message seeking comment. Zwillinger has previously declined to comment on the HBGary e-mails? content, citing client confidentiality. Morgan Stanley hired HBGary in 2010 to address suspected network breaches by hackers not linked to Operation Aurora who broke through the company?s Internet security systems. The hackers successfully implanted software designed to steal confidential files and internal communications, according to dozens of HBGary e-mails that detail efforts to plug the holes. One e-mail, dated June 19, said that the attackers may be the same ones who had hit a U.K.-based defense contractor and discusses hacking software called Monkif, which can be used by intruders to remotely orchestrate a sophisticated form of cyber attack known as an ?advanced persistent threat? or APT. ?This Monkif payload may represent APT or play a part in the APT?s campaign,? HBGary Chief Executive Officer Greg Hoglund wrote to Wallisch. ?Phil, you might find this of value given that you are dealing with the same attack over at Morgan.? To contact the reporter on this story: Michael Riley in Washington at michaelriley at bloomberg.net. To contact the editor responsible for this story: John Pickering at jpickering at bloomberg.net. From rforno at infowarrior.org Mon Feb 28 20:52:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Feb 2011 21:52:02 -0500 Subject: [Infowarrior] - Obama administration joins critics of U.S. nonprofit that oversees Internet Message-ID: Obama administration joins critics of U.S. nonprofit that oversees Internet By Ian Shapira Washington Post Staff Writer Monday, February 28, 2011; 2:12 PM http://www.washingtonpost.com/wp-dyn/content/article/2011/02/28/AR2011022803719_pf.html The California nonprofit organization that operates the Internet's levers has always been a target for global heavies like Russia and China that prefer the United Nations in charge of the Web. But these days, the Internet Corporation for Assigned Names and Numbers is fending off attacks from a seemingly unlikely opposition: the Obama administration. The U.S. government, which helped create ICANN in 1998, has been reprimanding the nonprofit to be more accountable to foreign nations, even warning that it must meet certain U.S. recommendations by the summer. The battle has come at a sensitive time for ICANN, which this year is trying to pull off the biggest expansion of the Web in the Internet's history. This week and later in March, the nonprofit is meeting with foreign governments to debate the controversial launch of new Web suffixes, such as .gay, .god or .nazi. Also, this fall, the nonprofit is trying to keep its federal contract to oversee the Web's master database of addresses - a power that alarms some foreign governments. "There's a deeper question of how the world is reacting to a small company - even a nonprofit - completely in charge of a key part of the Internet. Is that acceptable? There's no 100 percent comfortable solution here," said Steve Crocker, ICANN's vice chairman, who lives in Bethesda and is the chief executive of Shinkuro, a technology company. ICANN quietly wields vast influence over the Web, a power that is unknown to many Americans and elected officials. Some countries worry that the new wave of Web suffixes might be too controversial while others might require companies to spend vast sums of money to protect their online brands and trademarks. (Who gets .merck? The U.S. drug company? Or the German drug company with the same name?). With some Middle East countries shutting down the Internet within their borders to curb uprisings, the question of who runs the Web is increasingly figuring into global foreign policy debates. Even in Washington, ICANN is somewhat mysterious to elected officials, according to Nao Matsukata, a senior policy adviser to the Coalition Against Domain Name Abuse, a grass-roots organization in Washington. Matsukata's main problem, he said, is trying to explain what ICANN is to people on Capitol Hill. His group has met with more than 50 members of Congress. "Sometimes, when we're in meetings on the Hill, they're just nodding their heads," said Matsukata, a former senior official to President George W. Bush. "Very few people understand where all these decisions are coming from, and that this is something that impacts us every day of our lives. Someone is determining what is allowed, what is not allowed, and someone is profiting from these things. People rarely look behind the screen and think, 'How does all that happen?' " This tiny nonprofit can be especially provocative to a trade press that covers its every move, and a rival U.N. agency, the International Telecommunications Union. When the ITU, a 145-year-old U.N. agency of nearly 200 nations and territories, held its annual meeting in October in Mexico, a Syrian emissary representing Arab states popped off against ICANN as if it were an enemy nation. "Do not surrender to the ICANN!" yelled Syrian representative Nabil Kisrawi, during one of the conference's sessions, according to a story in the Register, an online publication on Internet governance. "There is even a representative of the ICANN in this room!" Kisrawi said. (Kisrawi recently died.) Other nations have been mobilizing against ICANN. China has been leading a campaign among dozens of developing nations to lobby the U.N. for oversight over ICANN, according to former and current ICANN officials. And a coalition of former Soviet states, led by a Russian minister, has been pushing the U.N. to obtain veto power over ICANN. Chris Disspain, a volunteer ICANN committee chairman and Australian domain name executive, said the prospect of governments running the Web would be calamitous. "China, Syria Iran, and Saudi Arabia and number of others have said in meetings they believe ICANN shouldn't be in existence, or be replaced by some U.N. body," he said. "Frankly, that would be a disaster." Some countries fear that the United States has, at the very least, the appearance of too much power by owning the contract to run the master database of Web addresses. "One concern is that if the U.S. decides Syria is behaving badly, then they could make all Web sites using Syria's country code domain - .sy - point to freedom of expression sites, for example," said Avri Doria, an ICANN group chairman. "Countries say, how can we subject ourselves to that?" Crocker, the ICANN board's vice chairman, said the chances of the U.S. tinkering with the master Web database are "nil." ICANN can only request changes to the master database; the U.S. government reviews those decisions; then, the Dulles-based company VeriSign actually executes the change. ICANN has been recently clashing with the U.S. government's Commerce Department, which worries that other countries might soon lobby en masse for the United Nations to take over instead. Commerce officials prefer a fast-moving private sector organization to run the Web's addressing system; but the government doesn't believe ICANN is listening enough to the international community. Some ICANN officials worry that, if tensions continue with the Commerce Department, the nonprofit might lose its contract to run the Web's master database. That contract, which the Commerce Department last gave to ICANN in a no-bid process, comes up for renewal this fall. Commerce officials have yet to decide whether they will ask for other organizations to compete for it. In mid-February, at a technology conference in Colorado, Lawrence Strickling, an assistant secretary in the Commerce Department, put ICANN on notice, declaring it "must act" by June on a set of accountability guidelines made by him and international leaders who will continue to "monitor" it. Strickling warned about the "forces at play" lobbying for the United Nations to run the Web instead. In an interview, Strickling said he met privately with ICANN's board members at a December meeting in Colombia, where he urged ICANN to be more open to recommendations from foreign nations. "It's not out of hostility ... but I am trying to nudge ICANN to be its best," Strickling said. "It's important that this model have buy-in from other governments in order to support the global growth of the Internet." But the U.S. government appears wedded to a private-sector organization running the Web - though that might not necessarily be ICANN. If ICANN fails to meet the government's June deadline, Strickling was unclear about whether he would endorse another organization to take over. He said that he was committed only to "making this stakeholder-driven model succeed." ICANN scored one minor victory in late February. Its advisory body of foreign nations rejected the Obama administrations's proposal that would have required ICANN to make it easier for nations to object to controversial new Web suffixes like .gay or .xxx. The United States proposed that any country within ICANN's advisory council should be able to recommend killing any new domain name, and if no other country objected to that nation's veto recommendation, then ICANN's board would have to follow suit. ICANN, however, wants those challenges going before three experts guiding the International Chamber of Commerce. But ICANN's advisory body of foreign nations recently decided that any country's objection will be considered merely non-binding advice to ICANN's board. Commerce Department officials worry that if foreign governments feel they have no role in the process, they will start ignoring ICANN, blocking Web sites and splitting up the Internet so that only certain domains can be accessed, depending on the country. Critics, however, say the U.S.'s proposal was hostile to free expression. "The U.S. government was pushing hard to give any country the power to object and have that right be decisive," said Milton Mueller, a Syracuse University professor who has chaired and participated in several groups that developed ICANN policies that would be overridden by the U.S. intervention. "We think they were playing a game of geopolitical game of placating governments."