From rforno at infowarrior.org Fri May 1 02:51:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 22:51:03 -0400 Subject: [Infowarrior] - Justice Souter To Retire Message-ID: <82E3C3D3-63E0-4245-BF50-5286404B02F0@infowarrior.org> Supreme Court Justice Souter To Retire by Nina Totenberg http://www.npr.org/templates/story/story.php?storyId=103694193 NPR.org, April 30, 2009 ? NPR has learned that Supreme Court Justice David Souter is planning to retire at the end of the current court term. The vacancy will give President Obama his first chance to name a member of the high court and begin to shape its future direction. At 69, Souter is nowhere near the oldest member of the court. In fact, he is in the younger half of the court's age range, with five justices older and just three younger. So far as anyone knows, he is in good health. But he has made clear to friends for some time that he wanted to leave Washington, a city he has never liked, and return to his native New Hampshire. Now, according to reliable sources, he has decided to take the plunge and has informed the White House of his decision. Factors in his decision no doubt include the election of President Obama, who would be more likely to appoint a successor attuned to the principles Souter has followed as a moderate-to-liberal member of the court's more liberal bloc over the past two decades. In addition, Souter was apparently satisfied that neither the court's oldest member, 89-year-old John Paul Stevens, nor its lone woman, Ruth Bader Ginsburg, who had cancer surgery over the winter, wanted to retire at the end of this term. Not wanting to cause a second vacancy, Souter apparently had waited to learn his colleagues' plans before deciding his own. Given his first appointment to the high court, most observers expect Obama will appoint a woman, since the court currently has only one female justice and Obama was elected with strong support from women. But an Obama pick would be unlikely to change the ideological makeup of the court. Souter was a Republican appointed by President George H.W. Bush in 1990, largely on the recommendation of New Hampshire's former Gov. John Sununu, who had become the first President Bush's chief of staff. But Souter surprised Bush and other Republicans by joining the court's more liberal wing. He generally votes with Stevens and the two justices who were appointed by President Bill Clinton ? making up the bloc of four more liberal members of the court, a group that has usually been in the minority throughout Souter's tenure. Possible nominees who have been mentioned as being on a theoretical short list include Elena Kagan, the current solicitor general who represents the government before the Supreme Court; Sonia Sotomayor, a Hispanic judge on the U.S. Court of Appeals for the Second Circuit; and Diane Wood, a federal judge in Chicago who taught at the University of Chicago at the same time future President Barack Obama was teaching constitutional law there. President Obama's choice has an excellent chance of being confirmed by the U.S. Senate, where Democrats now have an advantage of 59 seats to the Republicans' 40. By the time a vote on a successor is taken, the Senate is anticipated to have a 60th Democrat, as the Minnesota Supreme Court is expected to approve the recount that elected Democrat Al Franken over incumbent Republican Norm Coleman in that state. From rforno at infowarrior.org Fri May 1 11:47:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 May 2009 07:47:16 -0400 Subject: [Infowarrior] - EFF digs deep into the FBI's "everything bucket" Message-ID: The EFF digs deep into the FBI's "everything bucket" A new EFF report pulls together everything that's now known about the FBI's monster internal records system. By Jon Stokes | Last updated April 30, 2009 10:01 PM CT http://arstechnica.com/tech-policy/news/2009/04/the-eff-digs-deep-into-the-fbis-everything-bucket.ars Earlier this week, the EFF published a new report detailing the FBI's Investigative Data Warehouse, which appears to be something like a combination of Google and a university's slightly out-of-date custom card catalog with a front-end written for Windows 2000 that uses cartoon icons that some work-study student made in Microsoft Paint. I guess I'm supposed to fear the IDW as an invasion of privacy, and indeed I do, but given the report's description of it and my experiences with the internal-facing software products of large, sprawling, unaccountable bureaucracies, I mostly just fear for our collective safety. The idea behind the system, which the FBI has been working on since at least 2002, is that the Bureau can dump all of its information in there so that it can be easily searched and shared. IDW contains more documents than the library of congress?a stew of TIFFs with OCRed text, multiple Oracle databases, news streamed in from the Internet, reports and records in various in-house data formats, watch lists, telephone data, and an alphabet soup of smaller databases and records repositories?all accessible as one sprawling system that processes batch jobs, runs queries, and issues alerts. In short, the IDW is an "everything bucket" for the FBI. Complicating the picture is the fact that some parts of the system are classified as "secret," while others aren't. I'm sure the entire thing is a joy to use. The EFF's report is based on information obtained over the past three years through litigating a FOIA request; the organization didn't get everything it wanted from the FOIA, but it got quite a bit. Some of the e-mails obtained are bureaucratic classics, in which correspondents are fussing over phrasing to be used when testifying before Congress so as to give the proper impression (e.g., that they care about privacy) and generally stay under the radar. Ultimately, though, the EFF still doesn't have a complete picture of all of the data sources that have been added to the IDW, but the group is pretty clear on the direction that the expanding database is headed: data mining for the purpose of catching bad guys before they commit crimes or acts of terror. Last year I wrote a pretty detailed explanation of why these attempts to use data mining to catch bad guys before-the-fact are all doomed to fail, based on an National Research Council report that made the same point, so I won't recap that here. It suffices to say that the precrime stuff does not work, and will never work, and government should take the money they spend on these projects and hire linguists and other human agents instead. From rforno at infowarrior.org Fri May 1 13:02:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 May 2009 09:02:17 -0400 Subject: [Infowarrior] - Report labels U.S. computer security "embarrassing" Message-ID: <85DAE442-C650-4EF1-9073-1452C15A5552@infowarrior.org> Report labels U.S. computer security "embarrassing" Wed Apr 29, 2009 3:28PM EDT http://tech.yahoo.com/blogs/null/141067 In his first days in office as President, Barack Obama ordered a report to be generated investigating the state of our "cybersecurity" infrastructure, concerned with how our computer networks could withstand threats from terrorism and other attacks. Now that report is in, and the results are sad, filled with terms like "broken," "childlike," and "embarrassing." The report and experts in the industry point to our antiquated approach to computer security as the primary reason for the rotten verdict: User names and passwords have been the basis for security protocols since the beginning of computing, and now experts are saying that method is simply obsolete, unable to compete with hackers who've long since figured out ways to steal or crack passwords on a massive scale. Already politicians are looking for ways to beef up the nation's security infrastructure. One noteworthy bill would give to the president the power to disconnect just about anyone -- government, business, or individual -- from the Internet in the event of a national computer security emergency. But naturally, the security industry would prefer to address the issue from a prevention standpoint rather than the blunt tactic of pulling the plug when an attack is detected. Those technologies include the use of token-based authentication (as with smart cards or code-generating gizmos that constantly change your password), biometrics, and other related tools. Meanwhile, attacks continue to arrive online from all fronts, not just consumer-level malware attacks that leave many users panicked and cost billions to clean up, but organized infiltrations into essential computer networks too, as was the case with the recent, well-publicized invasion into the national power grid earlier this month. The official government report will be formally opened up for review and comment by the public in the coming days. From rforno at infowarrior.org Sat May 2 00:58:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 May 2009 20:58:16 -0400 Subject: [Infowarrior] - Batten down the cyber-hatches Message-ID: <7857D69B-812C-465E-9E6A-77BD38D11D1E@infowarrior.org> Batten down the cyber-hatches Articles in English 01 May 2009 EE Online Tr?ki Tr?ki E-post E-post Securing vulnerable networks across Europe http://www.eesti.ca/?op=article&articleid=23611 Edward Lucas Over the past ten years the European Union has failed to protect the continent's energy security. Will it do any better when it comes to cyber-security? At an EU conference on that subject in Tallinn on April 27th, participants wrestled with the need to act and the difficulty of deciding what exactly to do. The location was a suitable one: Estonia is the only EU member state to have suffered a full-scale cyber- attack, in April 2007. Amid a furious row with Russia about the relocation of a Soviet-era war memorial, a flood of bogus internet traffic disabled the country's main websites, briefly shutting down vital public services and crippling businesses such as online banking. Yet two years later, the EU and its member states are still wrestling with the issue. Knowing whether such attacks come from pranksters, hooligans, terrorists, criminals or an unfriendly government is difficult?sometimes impossible. But the potential damage is clear: everything from water and electric power to financial industries and retail distribution depends on the internet. The right combination of malicious code, stolen or hacked passwords and a badly designed system could mean catastrophe. One temptation is to put lots of faith in expensive and gimmicky technical fixes. But as Scott Borg, an American expert attending the conference, pointed out, the starting point should be economics: without knowing the cost of, say, a 24-hour power shutdown as opposed to a six-hour one, it is hard to know what priority to give the means necessary to prevent it. A simple form of defence is sharing information. But that requires trust. If news of a cyberstrike on a business leaks out, it can scare customers and send share prices plummeting. The last thing that business will want to do is announce that it has been attacked. Yet pooling knowledge strengthens everyone's defences. Similarly, getting businesses and bureaucrats to share information runs into cultural barriers, as well as worries about confidentiality and legal liability. So it is no surprise that countries with a high level of social trust are way ahead of the rest. Sweden, for example, will be staging its third bi-annual cyber-warfare exercise on May 6th and 7th, in which officials and businesses will practise coping with simulated attacks, some using live "ammunition", and work out how they would keep the economy and public services going most effectively. Most EU member states are nowhere near that level. Some have yet to set up a national body, usually known as a computer emergency readiness team or CERT, to coordinate cyber-defences. That makes a provisional plan to hold EU-wide cyberwar exercises by 2010 look ambitious. So is placing great hopes on a common regulatory framework to deal with cyber-security, for example setting clearer rules about identity on the internet. It is hard to imagine the "black hats" (the generic term for the bad guys) quaking at the thought of yet another fat document emerging from the Brussels bureaucracy. One contentious idea discussed at the conference was whether to make internet service providers (ISPs) legally liable, at least to some extent, for the damage caused by the data they transmit. That might encourage them to police and protect their customers better. But given the scale of the potential risk, it is hard to see how any ISP could cope. The best hope is that countries with the best cyber-defences keep innovating and coordinating their efforts, and that over time more states will join them. By most counts, they number roughly seven European countries, including non-EU Norway. For everyone else, some prudent supplies of bottled water, canned food and candles sounds sensible. (Europe.view column, April 30, 2009, Economist.com. Also posted on the author?s blog) From rforno at infowarrior.org Sat May 2 01:28:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 May 2009 21:28:18 -0400 Subject: [Infowarrior] - Cyber chief needs to be in White House: experts Message-ID: Cyber chief needs to be in White House: experts * By Diane Bartz - Fri May 1, 2009 8:08PM EDT http://tech.yahoo.com/news/nm/20090502/wr_nm/us_cybersecurity_congress WASHINGTON (Reuters) - The cybersecurity chief named to battle Internet viruses and larger challenges facing the information technology networks used by U.S. companies and national defense should be based in the White House, experts told a congressional panel on Friday. Cybersecurity is important enough to warrant a White House staffer with real authority and a real budget, said Larry Clinton, president of the Internet Security Alliance and one of those who made recommendations to the Obama team. "It can't be just a figurehead," he told an Energy and Commerce subcommittee. "We tend to think it should be somewhere in the White House structure." No date has been set for when, or if, such an appointment would be made. Gregory Nojeim, senior counsel for the Center for Democracy and Technology, said his group had urged that the task of ensuring cybersecurity be given to the Department of Homeland Security, not the National Security Agency, or NSA, which is responsible for breaking codes and electronic spying. The NSA, he argued, was ill-suited for the job of ensuring that the lightly regulated Internet was kept up and running. "I think it's a very difficult thing for them to handle," he said. Rep. Anthony Weiner, a New York Democrat, noted that no witnesses from the Obama administration attended the hearing. "The obvious reason is I don't think they know yet what their policies are," he said. A White House team prepared a still-secret study on cybersecurity for President Barack Obama which was completed last month. The study addressed problems ranging from cyber-spying to fighting hackers organized enough to break into 130 automated teller machines worldwide in 30 minutes last November. The cybersecurity review, led by Melissa Hathaway, a top advisor to the former director of national intelligence, was ordered by the White House in early February. The report's importance was driven home earlier this month when the Wall Street Journal reported that cyber-spies had penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. A current concern is the worm Conficker, whose authors appear to have used it to spread another worm, Waledac, which offers fake anti- spyware for sale. Purchasers lose their money and download software that turns their computer into a spam machine. Conficker seems to be spreading Waledac but for two weeks only, said Rodney Joffe, a technology expert with Neustar. The Conficker virus was also found on 300 critical medical devices from a single manufacturer, Joffe told the panel. The devices, whose manufacturer was not named, were used for tasks like viewing MRIs. The United States for several years has accused the Chinese and Russians, among others, of using cyber-attacks to try to steal American trade and military secrets. (Reporting by Diane Bartz; Editing by Richard Chang) From rforno at infowarrior.org Sat May 2 02:28:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 May 2009 22:28:55 -0400 Subject: [Infowarrior] - =?windows-1252?q?MS_offers_Secure_Windows_=85_But?= =?windows-1252?q?_Only_to_the_Government?= Message-ID: <11361A04-13FA-48A2-8650-54499677B425@infowarrior.org> Microsoft Offers Secure Windows ? But Only to the Government * By Kim Zetter Email Author * April 30, 2009 | * 11:50 pm | * Categories: Cybersecurity http://www.wired.com/threatlevel/2009/04/air-force-windows/ It?s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it. The Air Force persuaded Microsoft CEO Steve Ballmer to provide it with a secure Windows configuration that saved the service about $100 million in contract costs and countless hours of maintenance. At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as a template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us. Security experts have been arguing for this ?trickle-down? model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the Air Force case is a good judge, however, things might be changing. Threat Level spoke with former CIO of the Air Force, John Gilligan, to get the details. Gilligan, who served as CIO of the Air Force from 2001 to 2005 and now runs a consulting firm, said it all began in 2003 after the NSA conducted penetration tests on the Air Force network as part of its regular testing of Pentagon cybersecurity. NSA pen-testers made Swiss cheese of the network, and found that more than two-thirds of their intrusions were possible because of poorly configured software that created vulnerabilities. In some cases, the culprit was an operating system or application that came bloated with unsecured features that were never re-configured securely by Air Force administrators. In other cases, systems that were configured securely became vulnerable later (for instance, when a system crashed and original software was re-installed without patches that had been on the system before the crash). ?It was really an easy target,? Gilligan says. ?All the NSA had to do was scan the network.? The Air Force, on the verge of renegotiating its desktop-software contract with Microsoft, met with Ballmer and asked the company to deliver a secure configuration of Windows XP out of the box. That way, Air Force administrators wouldn?t have to spend time re-configuring, and the department would have uniform software across the board, making it easier to control and maintain patches. Surprisingly, Microsoft quickly agreed to the plan, and Ballmer got personally involved in the project. ?He has half-a-dozen clients that he personally gets involved with, and he saw that this just made a lot of sense,? Gilligan said. ?They had already done preliminary work themselves trying to identify what would be a more secure configuration. So we fine-tuned and added to that.? The NSA got together with the National Institute of Standards and Technology, the Defense Information Systems Agency and the Center for Internet Security to decide what to lock down in the Air Force special edition. Many of the changes were complex and technical, but Gilligan says one of the most important and simplest was an obvious fix to how Windows XP handled passwords. The Air Force insisted the system be configured so administrative passwords were unique, and different from general user passwords, preventing an average user from obtaining administrative privileges. Specifications were added to increase the length and complexity of passwords and expire them every 60 days. It then took two years for the Air Force to catalog and test all the software applications on its networks against the new configuration to uncover conflicts. In some cases, where internally designed software interacted with Windows XP in an insecure way, they had to change the in-house software. ?We started to put discipline into what people were fielding in the way of applications,? Gilligan said. ?It required a lot of senior- level attention because this was not something that the IT guys were happy about. We were taking control from them and forcing them to make modifications in systems. But the benefits were huge because now the Air Force knows what is fielded; they know all the applications that run against a certain configuration.? In addition to the secure configuration, they also got Microsoft to install automated tools to update patches and to detect and prevent someone from altering the configuration. Having a single configuration across the network greatly reduced the time it took to patch systems. Gilligan said it used to take the Air Force well over 100 days to install patches after new vulnerabilities were discovered, because the military?s network administrators had to test the patches against multiple configurations. Emergency patches that needed to be installed post-haste took 57 days to install, leaving systems vulnerable to intruders during that time. ?Once the flaw was known, then those who wanted to attack our systems could be developing attacks in that time,? Gilligan said. gilligan_jm Former Air Force CIO John Gilligan But with a single configuration, all that testing is now done by Microsoft before it releases a patch, saving the Air Force time. An added benefit of the new configuration was a 40 percent drop in the number of calls to Air Force help desks. ?Turns out when you configure things properly and don?t touch them, they actually work pretty well,? Gilligan said. The Air Force began the project in 2005 and finished installing the new configuration on systems in 2007. In contracts with hardware providers it demanded that vendors pre-load the special Windows XP configuration onto systems before delivering them to the Air Force. The USAF saved $100 million on a five-year license agreement with Microsoft by consolidating more than 30 contracts ? made possible by the fact that it was now able to buy a single standard configuration. Most importantly, security of the system improved. Gilligan said 85 percent of attacks were blocked after the configuration was installed. ?Once you get the standard configuration, then it becomes a much harder target to attack,? Gilligan said. ?I will not say that the Air Force cannot be penetrated, but the incidents have decreased. The hope is that those who are defending the networks can focus their energies on a smaller set of vulnerabilities and more sophisticated attacks. It dampens out the low-hanging fruit and the easy attacks.? The project was so successful that it became the foundation for the government?s Federal Desktop Core Configuration program, which was mandated last year by the White House?s Office of Management and Budget to improve the security of government systems across the board. Gilligan said other departments have started with the Air Force configuration and modified it slightly to fit their unique needs and applications. He said the next step is to expand the project to other software products, such as database management systems. He added that he?s confident the Microsoft example marks the turning of the tide against vendors that arrogantly resist locking down their products. ?They?re still in the model that they want to give all the features enabled to clients,? he said. ?But I think we?ve reached a point where that model is one that is no longer effective. I?m of the opinion that all products ought to be configured with these locked-down configurations, and if the customer decides they want to undo them, then they can do that. They cannot continue fielding products where the cost that is being borne by the consumer in terms of having to maintain configurations and deal with attacks is so high.? What this means for the rest of us is unclear. Threat Level contacted Microsoft to find out if any part of the locked down Windows XP configuration got into general consumer versions of the software or has influenced how it configures future versions of its software. The company did not respond. Top image: Brigadier General Gary T. Magonigle and Colonel Brian Dravis present Steve Ballmer with a plaque showing the Air Guard?s appreciation for Microsoft?s support of Guards and Reservists. (United States Air Force photo by Tech. Sgt. Douglas Olsen) From rforno at infowarrior.org Sat May 2 02:36:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 May 2009 22:36:37 -0400 Subject: [Infowarrior] - Don't Leap to Conclusions, WHO Warns Message-ID: <0B71710A-0D3E-4852-8EBB-2A4A3F8C41E6@infowarrior.org> Flu's True Severity Is Still Unknown Don't Leap to Conclusions, WHO Warns By Joel Achenbach and David Brown Washington Post Staff Writers Saturday, May 2, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/05/01/AR2009050101777_pf.html So is this new swine flu outbreak the next great plague, or just a global spasm of paranoia? Are we seeing a pandemic or a panic? The pathogen that has seized the world's attention has an official name (swine-origin influenza A H1N1), an acronym (S-OIV), a nickname (swine flu) and an apparent birthplace (Mexico). But the essential nature of the pathogen, its personality, its virulence, remain matters of frenetic investigation. Like all influenza viruses, it is mutating capriciously and, thus, is not a static and predictable public health threat but an evolving one. The bug has gone global, having shown up in Asia yesterday with the first reported case in Hong Kong. It also popped up in Denmark, as well as in eight new U.S. states. But there has been some flu-scare backlash, with some officials questioning whether schools are too quick to close their doors at the first hint of the virus. The World Health Organization directly addressed the pandemic-versus- panic issue yesterday by cautioning the public against leaping to any conclusions about the virulence of the virus. It has yet to show lethality outside Mexico (the one person to die in the United States was a toddler who traveled from Mexico to Texas), though that doesn't mean it will remain a mild pathogen in the weeks and months to come, officials said. Influenza is a simple virus, with just eight genes, but it makes poor copies of itself, leading to constant mutation. Most of those mutations are dead ends, but, given enough chances, the virus can become more infectious or more lethal. Although the United States is past its flu season, the Southern Hemisphere, where the virus has spread, is entering the cold months when influenza can become explosive. Some positive news surfaced yesterday: Mexican scientists said the contagiousness of the swine flu is no greater than that of the seasonal flu that circulates every year. And a preliminary genetic analysis hasn't turned up any of the markers that scientists associate with the virulence of the 1918 "Spanish" influenza virus, said Nancy Cox, head of the flu lab of the Centers for Disease Control and Prevention. The 1918-19 pandemic has cast a long shadow over today's health emergency. That virus circled the world, eventually infecting nearly everyone and killing at least 50 million people. Jeffery Taubenberger, the National Institutes of Health researcher who reconstructed the 1918 influenza virus, said he is growing the new swine flu virus in his lab. "We're very early on in figuring out what makes this virus tick. I am loath to make predictions about what an influenza virus that mutates so rapidly will do," he said. But he believes it will spread across the planet: "My prediction is that this strain will continue to spread, and it is very likely to become a pandemic virus, if it's not already a pandemic now. That does not mean that this has to be a very severe pandemic like 1918." Michael T. Osterholm, an epidemiologist at the University of Minnesota, said the situation is analogous to forecasting a hurricane when meteorologists know only that there is a high-low pressure gradient in the Atlantic. "Everyone in one week wants an answer as to what it will do. Anyone who gives you an answer right now, do not listen to them about anything else because you cannot trust them," Osterholm said. WHO spokesman Gregory Hartl noted yesterday that the public may misunderstand the word "pandemic." The term refers to where an illness spreads, not its severity. A major unknown is the swine flu virus's "case-fatality rate" -- the small fraction of infected people who die. For the 1918 influenza, it was 2 to 2.5 percent for the United States as a whole, but in military camps and on troop ships, the rate was a brutal 7 to 10 percent, and in some Inuit villages, it soared to 70 percent. The other two flu pandemics of the 20th century, however, were far milder. The Asian influenza of 1957-58 had a fatality rate of 0.2-0.5, and the rate during the Hong Kong influenza of 1968-69 was even lower, about 0.1 percent, close to what it is for seasonal flu. The case-fatality rate of the swine flu will become certain only when epidemiologists are able to track its behavior from the moment it arrives in a population -- a difficult task under the best circumstances, which the current circumstances in Mexico aren't. Physicians there first suspected something strange when a small number of young adults showed up in the hospital with severe pneumonia. The question is how many other people contracted influenza but never got very sick. Researchers must draw blood from a sample of people in affected towns and cities to estimate how many people were infected and never knew it. The early signs from the United States and a few European countries where the strain is spreading suggest it is not unusually dangerous, as there have been few deaths so far. If that continues to be true, then it may help explain the mysteriously high mortality in Mexico. It may be that Mexico already has had hundreds of thousands, and possibly millions, of cases -- all but the most serious hidden in the "noise" of background illness in a crowded population. The fact that most people infected in other countries had recently been to Mexico -- or were in direct contact with someone who had been -- is indirect evidence that the country may have been experiencing a silent epidemic for months. Regardless of how dangerous it proves to be, the new swine flu virus is almost certain to eventually infect every continent and country, although that may take years. Studies in the 1930s found that 97 percent of people born before 1920 had antibodies to the Spanish influenza virus. That's evidence that virtually everyone alive in the three years it circulated -- 1918, 1919 and 1920 -- was at one point infected, even if they didn't know it. A similar fate awaits any population exposed long enough to a new flu strain to which it has no immunity, experts believe. From rforno at infowarrior.org Sat May 2 14:54:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 May 2009 10:54:01 -0400 Subject: [Infowarrior] - AF names new vice commander for cyber unit Message-ID: <712CA090-C3F0-4AD9-981F-8197AFB4A976@infowarrior.org> Air Force names new vice commander for cyber unit May 1, 2009 - 4:12pm http://www.federalnewsradio.com/index.php?nid=35&sid=1666437 By Jason Miller Executive Editor FederalNewsRadio The Air Force promoted Brig. Gen. Charles Shugg to vice commander of its provisional Cyber Command at Barksdale Air Force Base in Louisiana. Shugg was the commander of the Joint Unmanned Aircraft Systems Center of Excellence at Creech Air Force Base in Nevada. Shugg replaces Maj. Gen. Randal Fullhart, who became the Director of Global Reach Programs in the Air Force Office of the Assistant Secretary for Acquisition. Fullhart left the cyber command in October after staying less than three months. The Air Force is expected to announce where the numbered unit will permanently reside by June. In January, the service reduced the number of bases it was considering to six from 17. In his previous position, Shugg oversaw the development of unmanned aircraft systems employment and training standards, providing relevant products, analysis and information to the joint force. Shugg also ensured the development and integration of common UAS operating standards, capabilities, concepts, technologies, doctrine, tactics, techniques, procedures and training. From rforno at infowarrior.org Sat May 2 16:32:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 May 2009 12:32:24 -0400 Subject: [Infowarrior] - Al Qaeda: Low tech still the best tool Message-ID: <07BB7360-911B-4E95-B897-CD645CCADD9E@infowarrior.org> Al-Qaida used Hotmail, simple codes in planning By PAMELA HESS, Associated Press Writer Pamela Hess, Associated Press Writer Sat May 2, 2:21 am ET http://news.yahoo.com/s/ap/20090502/ap_on_go_ot/us_enemy_combatant_technology/print WASHINGTON ? In the days following the Sept. 11 terrorist attacks, alleged al-Qaida operations mastermind Khalid Sheikh Mohammed intended to use his free Hotmail account to direct a U.S.-based operative to carry out an attack, according to a guilty plea agreement filed by Ali Saleh Kahlah al-Marri in federal court. The document shows how al-Qaida, at least in 2001, embraced prosaic technologies like pre-paid calling cards, public phones, computer search engines and simplistic codes to communicate, plan and carry out its operations. Al-Marri also surfed the Internet to research cyanide gas, using software to cover his tracks, according to the document filed Thursday in federal court in Peoria, Ill. He marked the locations of dams, waterways and tunnels in the United States in an almanac. The government claims this reflects intelligence that al-Qaida was planning to use cyanide gas to attack those sites. As a result of his guilty plea, al-Marri could be sentenced up to a maximum 15-year term in federal prison. In a stipulation of facts filed as part of the plea agreement, al- Marri admitted that he trained in al-Qaida camps and stayed in terrorist safe houses in Pakistan between 1998 and 2001. There, he learned how to handle weapons and how to communicate by phone and e- mail using a code. After arriving in the U.S. on Sept. 10, 2001 ? a day before al-Qaida's long-plotted terror strikes in New York and Washington ? Al-Marri stored phone numbers of al-Qaida associates in a personal electronic device. He used a "10-code" to protect the numbers ? subtracting the actual digits in the phone numbers from 10 to arrive at a coded number, according to a person close to the investigation. In a 10-code, eight becomes a two, for example. Other al-Qaida members used the same code, according to the plea agreement. Al-Marri sent e-mails to Khalid Sheikh Mohammed's hotmail account ? HOR70 at hotmail.com ? addressed to "Muk" and signed "Abdo." The details of that code were included in an address book found in an al-Qaida safehouse in Pakistan. An attempt by The Associated Press to reach that address did not indicate the account had been closed, but it went unanswered. Al-Marri initially tried to use a Yahoo e-mail account to contact Mohammed, but it failed to go through. So he switched to Hotmail as well. When al-Marri arrived in the United States, he created five new e-mail accounts to communicate with Mohammed, using the 10-code to send him his cell phone number in Peoria. From September to November, al-Marri tried and failed to contact members of al-Qaida in Pakistan using prepaid calling cards and public phones, sometimes traveling 160 miles to use a different phone. Al-Marri was arrested in December 2001, three months after entering the U.S. on a student visa. He was shortly thereafter declared an "enemy combatant" and taken into military custody. The "enemy combatant" designation was dropped when he was indicted by a federal grand jury in Illinois. Suspected as an al-Qaida sleeper agent, he was held without charge for more than five years. His attorneys say he was tortured while in military custody. There is no indication in the plea agreement that al- Marri ever made contact with other alleged al-Qaida agents inside the United States. Al-Marri admitted that before entering the U.S., he met and had regular contact with Khalid Sheikh Mohammed and with Mustafa Ahmad al- Hawsawi, who allegedly helped the Sept. 11 hijackers with money and Western-style clothing. From rforno at infowarrior.org Sun May 3 00:28:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 May 2009 20:28:24 -0400 Subject: [Infowarrior] - Italian Pirate Bay Trial in the Making Message-ID: Italian Pirate Bay Trial in the Making Written by Ernesto on May 02, 2009 http://torrentfreak.com/italian-pirate-bay-trial-in-the-making-090502/ Following the Swedish verdict, Italy is now considering starting its own trial against the people involved with The Pirate Bay. This would be the first criminal prosecution against the Pirate Bay ?founders? outside their home country. tpbDuring August last year, The Pirate Bay was ?censored? in Italy when ISPs were ordered to block access to the worlds largest BitTorrent tracker. The Pirate Bay appealed the block and eventually won the court case. In October the Court of Bergamo ruled that no foreign website can be censored for alleged copyright infringement. However, with the Swedish verdict against The Pirate Bay in hand, the Italian justice authority is now looking into the possibility of starting their very own trial against the Pirate Bay ?operators?. Interesting to say the least, because The Pirate Bay and those involved with the site have no direct link to Italy. Nevertheless, anti-piracy lobbyists are already claiming a victory. ?The charge is the same as the one in Sweden, so one can be optimistic about obtaining a similar verdict in Italy,? Enzo Mazza, president of the Italian Music Industry Federation (FIMI) told IDG. The defense lawyers seem to be a little more down to earth. Francesco Paolo Micozzi and Giovanni Battista Gallus, the lawyers for Pirate Bay spokesman Peter Sunde told TorrentFreak that the music industry boss might be a little too optimistic. ?I absolutely disagree with the fact that the Swedish decision would in any way clear the way for the Italian prosecution,? they told TorrentFreak. ?First of all, it?s a first instance decision, which means that it is not relevant at the moment.? ?Secondly, the Italian case has many different peculiarities, starting with jurisdiction issues, which make the Swedish decision much less relevant than it could seem at first glance. Thirdly, every decision is based on its own evidence, and in the Italian case the trial is yet to start,? they explained. According to Sunde?s lawyers, one of the issues still under discussion is whether the evidence collected by the Swedish authorities is legal or not. Thus far, the only binding jurisdiction with regard to The Pirate Bay is that the Italian blocking order was absolutely unlawful under criminal law. Nevertheless, the entertainment industry is one step ahead and already thinking about how they will divide the booty. Simona Lavagnini, one of the lawyers representing the Italian music industry said that it is not very realistic to expect the defendants to be extradited to Italy, but she believes that fines and a seizure of assets belong to the possibilities. The Italian prosecutor will decide in a few months whether there will be an Italian Pirate Bay trial or not. The order for ISPs to block access to TPB is currently under appeal and the decision in that case will come some time in September. From rforno at infowarrior.org Sun May 3 14:37:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 May 2009 10:37:38 -0400 Subject: [Infowarrior] - Interview: Rick on Air America Message-ID: <9F352333-5F48-4014-95E2-C5A158599525@infowarrior.org> Last Thursday I did an interview with Ron Kuby of Air America discussing cyberwar and cybersecurity. The MP3 of that interview, for those interested, is shown below. http://www.infowarrior.org/media/2009-04-30-Ron_Kuby_3-1.mp3 -rf From rforno at infowarrior.org Sun May 3 14:40:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 May 2009 10:40:09 -0400 Subject: [Infowarrior] - Merck Makes Phony Peer-Review Journal Message-ID: <3082BA0B-32D2-4F96-A2B1-994020C47EE3@infowarrior.org> (FYI this type of marketing practice -- and others like it -- by big pharma is discussed in a 2006 book 'Our Daily Meds' written by IIRC the NYT medical reporter. Very insightful and disturbing reading.) Merck Makes Phony Peer-Review Journal http://blog.bioethics.net/2009/05/merck-makes-phony-peerreview-journal/ books old white background.jpgIt's a safe guess that somewhere at Merck today someone is going through the meeting minutes of the day that the hair-brained scheme for the Australasian Journal of Bone and Joint Medicine was launched, and that everyone who was in the room is now going to be fired. The Scientist has reported that, yes, it's true, Merck cooked up a phony, but real sounding, peer reviewed journal and published favorably looking data for its products in them. Merck paid Elsevier to publish such a tome, which neither appears in MEDLINE or has a website, according to The Scientist. What's wrong with this is so obvious it doesn't have to be argued for. What's sad is that I'm sure many a primary care physician was given literature from Merck that said, "As published in Australasian Journal of Bone and Joint Medicine, Fosamax outperforms all other medications...." Said doctor, or even the average researcher wouldn't know that the journal is bogus. In fact, knowing that the journal is published by Elsevier gives it credibility! These kinds of endeavors are not possible without help. One of The Scientist's most notable finds is a Australian rheumatologist named Peter Brooks who served on the "honorary advisory board" of this "journal". His take: "I don't think it's fair to say it was totally a marketing journal", apparently on the grounds that it had excerpts from peer-reviewed papers. However, in his entire time on the board he never received a single paper for peer-review, but because he apparently knew the journal did not receive original submissions of research. This didn't seem to bother him one bit. Such "throwaways" of non-peer reviewed publications and semi-marketing materials are commonplace in medicine. But wouldn't that seem odd for an academic journal? Apparently not. Moreover, Peter Brooks had a pretty lax sense of academic ethics any way: he admitted to having his name put on a "advertorial" for pharma within the last ten years, says The Scientist. An "advertorial"? Again, language unfamiliar to us in the academic publishing world, but apparently quite familiar to the pharmaceutical publishing scene. It is this attitude within companies like Merck and among doctors that allows scandals precisely like this to happen. While the scandals with Merck and Vioxx are particularly egregious, we know they are not isolated incidents. This one is just particularly so. If physicians would not lend their names or pens to these efforts, and publishers would not offer their presses, these publications could not exist. What doctors would have as available data would be peer-reviewed research and what pharmaceutical companies produce from their marketing departments--actual advertisements. Summer Johnson, PhD From rforno at infowarrior.org Sun May 3 20:43:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 May 2009 16:43:31 -0400 Subject: [Infowarrior] - Jacqui's secret plan to 'Master the Internet' Message-ID: Original URL: http://www.theregister.co.uk/2009/05/03/gchq_mti/ Jacqui's secret plan to 'Master the Internet' 'Climb down' on central database was 'a sideshow' By Chris Williams Posted in Government, 3rd May 2009 10:02 GMT Free whitepaper ? Making large UPS systems more efficient Spy chiefs are already spending hundreds of millions of pounds on a mass internet surveillance system, despite Jacqui Smith's announcement earlier this week that proposals for a central warehouse of communications data had been dumped on privacy grounds. The system - uncovered today by The Register and The Sunday Times (http://www.timesonline.co.uk/tol/news/politics/article6211101.ece ) - is being installed under a GCHQ project called Mastering the Internet (MTI). It will include thousands of deep packet inspection probes inside communications providers' networks, as well as massive computing power at the intelligence agency's Cheltenham base, "the concrete doughnut". Sources with knowledge of the project said contacts have already been awarded to private sector partners. One said: "In MTI, computing resources are not measured by the traditional capacities or speeds such as Gb, Tb, Megaflop or Teraflop... but by the metric tonne!.. and they have lots of them." The American techology giant Lockheed Martin is understood to have bagged a ?200m deal. The BAE-owned British firm Detica, which has close links to MI5 and MI6, as well as to GCHQ, has also been signed up to help on MTI. A spokeswoman for GCHQ said the agency does not comment on individual contracts. "GCHQ works with a broad range of industry partners to deliver a complex portfolio of technical projects," she said. Detica also declined to comment, and Lockheed Martin did not return calls. Sources said MTI received approval and funding of more than ?1bn over three years in the October 2007 Comprehensive Spending Review. GCHQ, like MI5 and MI6, is funded out of the opaque Single Intelligence Account. For 2007/8 the planned budget for the three agencies was over ?1.6bn. GCHQ began work on MTI soon after it was approved. Records of job advertising by the agency show that in April 2008 it was seeking a Head of Major Contracts with "operational responsibility for the ?Mastering the Internet? (MTI) contract". The new senior official was to be paid an annual salary of up to ?100,000. The advertisment also indicated that the head of Major Contracts would be in charge of procurement on MTI and be expected to forge close links with the private sector. According to sources, MTI is a core piece of the government's Interception Modernisation Programme (IMP). On Monday of last week, the Home Secretary Jacqui Smith announced that under IMP, rather than build a central warehouse, responsibility for storing details of who contacts whom, when and where will be imposed on communications providers. The news was welcomed by privacy advocates and civil liberties campaigners, but sources described it as a "side show" compared to the massively increased surveillance capability that MTI will deliver. It will grant intelligence staff in Cheltenahm complete visibility of UK Internet traffic, allowing them to remotely configure their deep packet inspection probes to intercept data - both communications data and the communication content - on demand. Shami Chakrabarti, director of Liberty, said: "We opposed the big brother database because it gave the state direct access to everybody?s communications. But this network of black boxes achieves the same thing via the back door." GCHQ's spokeswoman said: "GCHQ does not discuss 'how' we use data, as this may lead to revelations about our capability which damage national security. "GCHQ is constantly updating its systems in order to maintain and renew its capability." Advocates of MTI and IMP say they are essential if intelligence agencies are to maintain their capability to monitor terrorist and other criminal networks. A Home Office consultation on the storage of communications data is now open (http://www.theregister.co.uk/2009/04/27/imp_consultation/). Meanwhile, work and spending on the all-seeing system to intercept and retrieve it is already underway. ? From rforno at infowarrior.org Sun May 3 21:37:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 May 2009 17:37:11 -0400 Subject: [Infowarrior] - An invention that could change the internet for ever Message-ID: <977FD772-2071-4C94-97B7-999E3D5FB819@infowarrior.org> http://license.icopyright.net/user/viewFreeUse.act?fuid=MzM1NjQ4Mg%3D%3D May 3, 2009 An invention that could change the internet for ever Revolutionary new web software could put giants such as Google in the shade when it comes out later this month. Andrew Johnson reports The biggest internet revolution for a generation will be unveiled this month with the launch of software that will understand questions and give specific, tailored answers in a way that the web has never managed before. The new system, Wolfram Alpha, showcased at Harvard University in the US last week, takes the first step towards what many consider to be the internet's Holy Grail ? a global store of information that understands and responds to ordinary language in the same way a person does. Although the system is still new, it has already produced massive interest and excitement among technology pundits and internet watchers. Computer experts believe the new search engine will be an evolutionary leap in the development of the internet. Nova Spivack, an internet and computer expert, said that Wolfram Alpha could prove just as important as Google. "It is really impressive and significant," he wrote. "In fact it may be as important for the web (and the world) as Google, but for a different purpose. Tom Simpson, of the blog Convergenceofeverything.com, said: "What are the wider implications exactly? A new paradigm for using computers and the web? Probably. Emerging artificial intelligence and a step towards a self-organising internet? Possibly... I think this could be big." Wolfram Alpha will not only give a straight answer to questions such as "how high is Mount Everest?", but it will also produce a neat page of related information ? all properly sourced ? such as geographical location and nearby towns, and other mountains, complete with graphs and charts. The real innovation, however, is in its ability to work things out "on the fly", according to its British inventor, Dr Stephen Wolfram. If you ask it to compare the height of Mount Everest to the length of the Golden Gate Bridge, it will tell you. Or ask what the weather was like in London on the day John F Kennedy was assassinated, it will cross- check and provide the answer. Ask it about D sharp major, it will play the scale. Type in "10 flips for four heads" and it will guess that you need to know the probability of coin-tossing. If you want to know when the next solar eclipse over Chicago is, or the exact current location of the International Space Station, it can work it out. Dr Wolfram, an award-winning physicist who is based in America, added that the information is "curated", meaning it is assessed first by experts. This means that the weaknesses of sites such as Wikipedia, where doubts are cast on the information because anyone can contribute, are taken out. It is based on his best-selling Mathematica software, a standard tool for scientists, engineers and academics for crunching complex maths. "I've wanted to make the knowledge we've accumulated in our civilisation computable," he said last week. "I was not sure it was possible. I'm a little surprised it worked out so well." Dr Wolfram, 49, who was educated at Eton and had completed his PhD in particle physics by the time he was 20, added that the launch of Wolfram Alpha later this month would be just the beginning of the project. "It will understand what you are talking about," he said. "We are just at the beginning. I think we've got a reasonable start on 90 per cent of the shelves in a typical reference library." The engine, which will be free to use, works by drawing on the knowledge on the internet, as well as private databases. Dr Wolfram said he expected that about 1,000 people would be needed to keep its databases updated with the latest discoveries and information. He also added that he would not go down the road of storing information on ordinary people, although he was aware that others might use the technology to do so. Wolfram Alpha has been designed with professionals and academics in mind, so its grasp of popular culture is, at the moment, comparatively poor. The term "50 Cent" caused "absolute horror" in tests, for example, because it confused a discussion on currency with the American rap artist. For this reason alone it is unlikely to provide an immediate threat to Google, which is working on a similar type of search engine, a version of which it launched last week. "We have a certain amount of popular culture information," Dr Wolfram said. "In some senses popular culture information is much more shallowly computable, so we can find out who's related to who and how tall people are. I fully expect we will have lots of popular culture information. There are linguistic horrors because if you put in books and music a lot of the names clash with other concepts." He added that to help with that Wolfram Alpha would be using Wikipedia's popularity index to decide what users were likely to be interested in. With Google now one of the world's top brands, worth $100bn, Wolfram Alpha has the potential to become one of the biggest names on the planet. Dr Wolfram, however, did not rule out working with Google in the future, as well as Wikipedia. "We're working to partner with all possible organisations that make sense," he said. "Search, narrative, news are complementary to what we have. Hopefully there will be some great synergies." What the experts say "For those of us tired of hundreds of pages of results that do not really have a lot to do with what we are trying to find out, Wolfram Alpha may be what we have been waiting for." Michael W Jones, Tech.blorge.com "If it is not gobbled up by one of the industry superpowers, his company may well grow to become one of them in a small number of years, with most of us setting our default browser to be Wolfram Alpha." Doug Lenat, Semanticuniverse.com "It's like plugging into an electric brain." Matt Marshall, Venturebeat.com "This is like a Holy Grail... the ability to look inside data sources that can't easily be crawled and provide answers from them." Danny Sullivan, editor-in-chief of searchengineland.com Worldwide network: A brief history of the internet 1969 The internet is created by the US Department of Defense with the networking of computers at UCLA and the Stanford Research Institute. 1979 The British Post Office uses the technology to create the first international computer networks. 1980 Bill Gates's deal to put a Microsoft Operating System on IBM's computers paves the way for almost universal computer ownership. 1984 Apple launches the first successful 'modern' computer interface using graphics to represent files and folders, drop-down menus and, crucially, mouse control. 1989 Tim Berners-Lee creates the world wide web ? using browsers, pages and links to make communication on the internet simple. 1996 Google begins as a research project at Stanford University. The company is formally founded two years later by Sergey Brin and Larry Page. 2009 Dr Stephen Wolfram launches Wolfram Alpha. From rforno at infowarrior.org Mon May 4 12:31:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 May 2009 08:31:48 -0400 Subject: [Infowarrior] - OT: Stop worrying about your children! Message-ID: <3013E8B4-5609-4AF6-B656-A6D6707A7418@infowarrior.org> http://www.salon.com/mwt/feature/2009/05/04/free_range_kids/print.html Stop worrying about your children! Kids today are just as safe as they were in the '70s, says "Free-Range Kids" author Lenore Skenazy, and what's really distressing is an alarmist culture that refuses to let them grow up. By Katharine Mieszkowski May. 04, 2009 | Over the past year, syndicated columnist Lenore Skenazy, 49, has become something of a heretic. She's an American mother of two boys, now 11 and 13, who dares to suggest that today's kids aren't growing up in constant state of near peril. Amid the cacophony of terrifying Amber Alerts and safety tips for every holiday, Skenazy is a chipper alternative, arguing that raising children in the United States now isn't more dangerous than it was when today's generation of parents were young. And back then, it was reasonably safe, too. So why does shooing the kids outside and telling them to have fun and be home by dark seem irresponsible to so many middle-class parents today? Skenazy first instigated a kerfuffle about contemporary parenting mores when she and her husband allowed their then 9-year-old son Izzy to ride the subway alone in April 2008. After she wrote a column about Izzy's independent excursion, she and the little subway veteran made the rounds on TV morning shows and cable news, where Skenazy fielded heated questions about her common sense, if not her outright sanity. The tsk-tsking wasn't limited to the TV talking heads, either. This year, a train conductor on the Long Island Rail Road called the police after then 10-year-old Izzy took a train ride by himself. (For the record, it's entirely legal.) In her new book, "Free-Range Kids: Giving Our Children the Freedom We Had Without Going Nuts With Worry," Skenazy suggests that many American parents are in the grips of a national hysteria about child safety, which is fed by sensationalistic media coverage of child abductions, safety tips from alarmist parenting mags, and companies marketing products that promise to protect tykes from every possible danger. She by no means recommends that mom and dad chuck the car seats, but says that trying to fend off every possible risk, however remote, holds its own unfortunate, unintended consequences. Salon spoke with Skenazy from her apartment in Manhattan, where she lives with her husband and sons. < - > http://www.salon.com/mwt/feature/2009/05/04/free_range_kids/print.html From rforno at infowarrior.org Mon May 4 17:12:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 May 2009 13:12:26 -0400 Subject: [Infowarrior] - EU urges Internet governance revamp Message-ID: <3B0BB74E-4BA5-4357-90F8-D1004CD17CF7@infowarrior.org> EU urges Internet governance revamp Reuters Monday, May 4, 2009 6:57 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/05/04/AR2009050400801_pf.html STRASBOURG, France (Reuters) - The body in charge of assigning Internet addresses such as .com and .net should be shorn of its U.S. government links from October and made fully independent, the European Union's information society chief said on Monday. The Internet Corporation for Assigned Names and Numbers (ICANN) is a not-for-profit organization set up in 1998 but operates under the aegis of the U.S. Department of Commerce, a set-up that raises concerns for some as the Internet is seen as belonging to a wider constituency. Pressure in the past on ICANN from right-wing politicians to stop .xxx from becoming a domain name for pornography, worried some policymakers. ICANN's operating agreement with the U.S. government expires at the end of September. "This opens the door for the full privatization of ICANN and it also raises the question of to whom ICANN should be accountable, as from 1 October," EU Information Society Commissioner Viviane Reding said in a statement. She urged U.S. President Barack Obama to agree to a "new, more accountable, more transparent, more democratic and more multilateral form of Internet governance." ICANN decides on what names can be added to the Internet's top level domains (TLDs) such as .com but Reding wants it to become completely independent, overseen by an independent judicial body as well as a "G12 for Internet Governance" to discuss Internet and security issues. "In the long run, it is not defendable that the government department of only one country has oversight of an Internet function which is used by hundreds of millions of people in countries all over the world," Reding said. Such a "G12" would include two representatives from each North America, South America, Europe and Africa, three representatives from Asia and Australia, as well as the chairman of ICANN as a non-voting member. The European Commission holds a public hearing on Wednesday in Brussels to debate future governance of the Internet. Despite Dept of Commerce concerns, ICANN agreed last year to relax the rules on TLDs, the suffixes, such as the ubiquitous .com, .net and .org, among others. (Reporting by Huw Jones; Editing by David Cowell) From rforno at infowarrior.org Tue May 5 12:37:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 May 2009 08:37:44 -0400 Subject: [Infowarrior] - McAfee Gets Worked. Hard. Message-ID: McAfee Gets Worked. Hard. Patrick Gray's picture Embarrassing vulnerabilities in McAfee websites poised to make headlines... By Patrick Gray http://risky.biz/news_and_opinion/patrick-gray/2009-05-05/mcafee-gets-worked-hard May 5, 2009 -- Security software maker McAfee is an industry laughing stock following the disclosure of embarrassing security vulnerabilities in its websites. A Cross Site Request Forgery (CSRF) vulnerability uncovered in McAfee's "secure" vulnerability scanning portal would have allowed attacker to take control of client accounts. The portal is designed to scan customer websites for security vulnerabilities and fulfil some PCI DSS compliance requirements. To fall victim to the attack the target would have to be logged in to their McAfee account and browse to a malicious website that exploited the CSRF bug. Commenting on his CSRF discovery, security researcher Mike Bailey didn't pull punches. "Until last week, McAfee Secure was vulnerable to critical CSRF holes," he wrote on his blog. "Not little ones, or ones that were difficult to exploit. [These are] basic, zero-knowledge, classic GET-based total-account-compromise holes." McAfee did not comply with PCI requirements for Approved Scanning Vendors as defined by the PCI Security Standards Council, Bailey claims, and believes the company failed to use a secure software development lifecycle when building the application. Furthermore, a penetration test should have caught the problem, he wrote, thus he concludes "no such audit has taken place". Another, seemingly unrelated Cross Site Scripting (CSS) bug in a McAfee website allows miscreants to create pages that appear to be hosted on McAfee domains, when in fact the content is being served from elsewhere. Worse, no SSL errors would be generated in this attack, so even a vigilant user would be fooled. SecureScience.net has demonstrated the attack by creating a "buy now" page for McAfee products, which, if a user clicked through to that page, would steal their credit card number and deliver a trojaned version of McAfee's product. (Click here for the dummied up CSS'd page. It won't bite.) It's feared spammers could exploit the bug to offer seemingly legitimate "special deal offers" on McAfee products, using the CSS bug to create a genuine-looking purchase page with a valid SSL cert. McAfee, presumably, is scrambling to fix this second issue. Ironically, marketing material for McAfee's secure scanning portal claims the service detects CSS vulnerabilities. Sydney-based security consultant Chris Gatford, who works for Pure Hacking, believes the disclosures highlight an all too common hypocrisy among security providers. "It's a sad fact that many security service providers do not practice what they preach," he says. Others thought the revelations were nothing short of hilarious. One local PCI Qualified Security Assessor (QSA), who did not want to be named, described the news as hysterical. "If there was a vote for lolz of the year I would be voting for McAfee Secure," he says. "That's just stunning." McAfee isn't the only security vendor to wear egg on its face this year. The website of antivirus software maker Kaspersky was defaced in February. The website of BitDefender, another AV vendor, was also defaced. Risky.biz sought comment from McAfee, but due to time-zone differences it was unable to offer any response in time for deadline. From rforno at infowarrior.org Tue May 5 12:50:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 May 2009 08:50:41 -0400 Subject: [Infowarrior] - Board Ties at Apple and Google Are Scrutinized Message-ID: <2403A005-23B9-40BC-989E-57702B43AA49@infowarrior.org> May 5, 2009 Board Ties at Apple and Google Are Scrutinized By MIGUEL HELFT and BRAD STONE http://www.nytimes.com/2009/05/05/technology/companies/05apple.html?_r=2&pagewanted=print SAN FRANCISCO ? The Federal Trade Commission has begun an inquiry into whether the close ties between the boards of two of technology?s most prominent companies, Apple and Google, amount to a violation of antitrust laws, according to several people briefed on the inquiry. Apple and Google share two directors, Eric E. Schmidt, chief executive of Google, and Arthur Levinson, former chief executive of Genentech. The Clayton Antitrust Act of 1914 prohibits a person?s presence on the board of two rival companies when it would reduce competition between them. The two companies increasingly compete in the cellphone and operating systems markets. Antitrust experts say the provision against ?interlocking directorates,? known as Section 8 of the act, is rarely enforced. Nevertheless, the agency has already notified Google and Apple of its interest in the matter, according to the people briefed on the inquiry, who agreed to speak on condition of anonymity because the inquiry was confidential. F.T.C. officials declined to comment. Spokespeople for Apple and Google also declined to comment. A spokesman for Genentech declined to make Mr. Levinson available for comment. The inquiry, which appears to be in its early stages, is the second antitrust examination involving Google to have surfaced in recent days. It suggests that despite the company?s closeness to the Obama administration, Google will not escape scrutiny from regulators. Mr. Schmidt campaigned for then-Senator Barack Obama during his presidential campaign and advised the transition team and the administration on various matters. He was recently appointed to President Obama?s advisory council on science and technology. Christine A. Varney, who was recently confirmed as the head of the antitrust division of the Justice Department, last year singled out Google as a probable source of future antitrust concerns because of its near monopoly on Internet search and advertising. Some antitrust experts said they did not expect Google?s ties to the administration to play a role in antitrust issues. ?I expect the administration to be aggressive, generally, on antitrust enforcement,? said Sanford Litvack, a partner at Hogan & Hartson. Last year, while working for the Justice Department, Mr. Litvack built a case to block a prominent advertising partnership between Google and Yahoo. ?I don?t expect Google to either be singled out or to receive a free pass because of Schmidt?s relationship with the administration,? he said. Antitrust experts say that investigations of interlocking directorates rarely lead to major confrontations between companies and the government. Executives typically choose to resign from the board of a competitor if it poses a problem rather than face a lengthy investigation or a bruising legal fight. Like many companies in the technology industry, Google and Apple are both allies and competitors. Google, for instance, worked with Apple to design early versions of some its services, like Gmail and Google Maps, for Apple?s iPhone. But the areas in which the companies are bumping up against each other as rivals have been increasing. Mobile phones, in particular, loom large in the future of both Google and Apple. Much of Apple?s fortunes these days are tied to the success of the iPhone. Google, for its part, has said repeatedly that one of its biggest strategic opportunities is to expand its online advertising empire into mobile phones. While Google benefits from the success of the iPhone, which drives more traffic to its mobile services than any other device, it also produces the Android operating system for mobile phones that compete with the iPhone. The system currently powers the T-Mobile G1, a phone that some analysts say is the most capable of a number of rivals. Other phone makers are planning to roll out devices powered by Android later this year. And the Android operating system is being built into lightweight portable computers known as netbooks, which may compete with some Apple laptops. Google and Apple compete in a variety of other areas. Apple makes the Safari Web browser while Google makes the competing Chrome. Apple?s iTunes and Google?s YouTube are increasingly competing as venues for distribution of music and videos. And the two companies have photo- editing services. It is not clear whether regulators have singled out any of these areas of competition as particularly troubling. Under the Clayton Act, interlocking directorates are not considered a problem if the revenue from products in which the companies compete is less than 2 percent of either company?s sales. ?Government actions under Section 8 are rare, but they are brought under circumstances when the presence of a common director on competing boards is likely to be anticompetitive,? said Andrew I. Gavil, an antitrust expert and a professor at the Howard University School of Law. Both Google and Apple share a rival in Microsoft, which competes with the two companies in some areas. But Professor Gavil said regulators were not likely to see that as a problem, even if the two Silicon Valley companies were discussing ways to compete more effectively with Microsoft. Mr. Schmidt joined Apple?s board in 2006, about five months before it unveiled the iPhone. Google announced its plans for Android, its mobile phone operating system, nearly a year later. Since then, analysts have speculated that Mr. Schmidt?s position on Apple?s board could become untenable. Google has said he recuses himself when Apple?s board discusses mobile phones. From rforno at infowarrior.org Tue May 5 13:58:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 May 2009 09:58:42 -0400 Subject: [Infowarrior] - P2P bill could regulate Web browsers, FTP clients Message-ID: <9B7D5A1E-DB2E-472E-BEBB-D7B78949B9E3@infowarrior.org> P2P bill could regulate Web browsers, FTP clients by Declan McCullagh http://news.cnet.com/8301-13578_3-10233419-38.html?part=rss&subj=news&tag=2547-1_3-0-20 news analysis The U.S. House of Representatives has scheduled a hearing Tuesday to examine a bill that would force peer-to-peer applications to provide specific notice to consumers that their files might be shared. The hearing before a House Energy subcommittee comes about a month after reports that specifications about the helicopter used as Marine One may have been leaked through a P2P network. Meanwhile, a second House committee is probing whether LimeWire or another P2P application was responsible. Tuesday's hearing is expected to focus on a bill introduced in March by Rep. Mary Bono Mack, a California Republican. The catch: while it appears intended to target only P2P applications, the measure sweeps in Web browsers, FTP applications, instant messaging utilities, and other common programs too. Bono's Informed P2P User Act says that it will be "unlawful" for P2P software to cause files to be made available unless two rules are followed. First, the utility's installation process must provide "clear and conspicuous notice" of its features and obtain the user's "informed consent." Second, the program must step through that notice- and-consent process every time it runs. Her bill defines P2P applications as software that lets files be marked for transfer, transferred, and received. (The exact wording: "to designate files available for transmission to another computer; to transmit files directly to another computer; and to request the transmission of files from another computer.") Every copy of Windows, GNU/Linux, and Mac OS X sold in recent memory includes a command-line FTP client fitting that definition but lacking the proposed warning. Does that mean that Microsoft, the Free Software Foundation, and Apple could be fined for "unlawful" activities? If the definition stretches to include the rsync utility and open-source software too, will volunteer maintainers and foreign citizens have to comply? Another example: Web browsers could also be regulated and subject to Federal Trade Commission enforcement action unless "informed consent" is obtained each time the desktop icon is double-clicked. (Every Web browser allows the user to "designate" files to be uploaded--ever post a photo?--and request that files be downloaded.) It's true that forcing compliance--at least for those programmers who are paying attention to legislative proclamations from the U.S. Congress--shouldn't be too difficult. A few warning messages and click- here-to-continue dialog boxes would suffice. Still, the argument that a particular piece of proposed legislation could be worse is no argument at all. What the bill's drafters may not appreciate is that the Internet is, by definition, a peer-to-peer network. Restricting its P2Pishness, for lack of a better term, is difficult to do with restricting Internet access completely. The point here is not that LimeWire and its rivals are without risk; misconfiguration probably would expose sensitive files to the public. It's more that software is uniquely malleable, difficult to define, and better overseen by West Coast coders voluntarily adding warning messages than East Coast lawyers making it illegal not to do so. The U.S. Supreme Court failed to reach a consensus about regulating obscenity a generation ago; do we really think that computer code today won't be equally slippery? Declan McCullagh, CBSNews.com's chief political correspondent, chronicles the intersection of politics and technology. He has covered politics, technology, and Washington, D.C., for more than a decade, which has turned him into an iconoclast and a skeptic of anyone who says, "We oughta have a new federal law against this." E-mail Declan. From rforno at infowarrior.org Tue May 5 19:24:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 May 2009 15:24:18 -0400 Subject: [Infowarrior] - Felony Proposal: Blogs as a weapon? Message-ID: (Yes I see this coming into law easily........--rf) Federal Felony To Use Blogs, the Web, Etc. To Cause Substantial Emotional Distress Through "Severe, Repeated, and Hostile" Speech? http://volokh.com/archives/archive_2009_04_26-2009_05_02.shtml#1241122059 That's what a House of Representatives bill, proposed by Rep. Linda T. Sanchez and 14 others, would do. Here's the relevant text: Whoever transmits in interstate or foreign commerce any communication, with the intent to coerce, intimidate, harass, or cause substantial emotional distress to a person, using electronic means to support severe, repeated, and hostile behavior, shall be fined under this title or imprisoned not more than two years, or both.... ["Communication"] means the electronic transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received; ... ["Electronic means"] means any equipment dependent on electrical power to access an information service, including email, instant messaging, blogs, websites, telephones, and text messages. 1. I try to coerce a politician into voting a particular way, by repeatedly blogging (using a hostile tone) about what a hypocrite / campaign promise breaker / fool / etc. he would be if he voted the other way. I am transmitting in interstate commerce a communication with the intent to coerce using electronic means (a blog) "to support severe, repeated, and hostile behavior" -- unless, of course, my statements aren't seen as "severe," a term that is entirely undefined and unclear. Result: I am a felon, unless somehow my "behavior" isn't "severe." 2. A newspaper reporter or editorialist tries to do the same, in columns that are posted on the newspaper's Web site. Result: Felony, unless somehow my "behavior" isn't severe. 3. The politician votes the wrong way. I think that's an evil, tyrannical vote, so I repeatedly and harshly condemn the politician on my blog, hoping that he'll get very upset (and rightly so, since I think he deserves to feel ashamed of himself, and loathed by others). I am transmitting a communication with the the intent to cause substantial emotional distress, using electronic means (a blog) "to support severe, repeated, and hostile behavior." (I might also be said to be intending to "harass" -- who knows, given how vague the term is? -- but the result is the same even if we set that aside.) Result: I am a felon, subject to the usual utter uncertainty about what "severe" means. 4. A company delivers me shoddy goods, and refuses to refund my money. I e-mail it several times, threatening to sue if they don't give me a refund, and I use "hostile" language. I am transmitting a communication with the intent to coerce, using electronic means "to support severe, repeated, and hostile behavior." Result: I am a felon, if my behavior is "severe." 5. Several people use blogs or Web-based newspaper articles to organize a boycott of a company, hoping to get it to change some policy they disapprove of. They are transmitting communications with the intent to coerce, using electronic means "to support severe, repeated, and hostile behavior." Result: Those people are a felon. (Isn't threatening a company with possible massive losses "severe"? But again, who knows?) 6. John cheats on Mary. Mary wants John to feel like the scumbag that he is, so she sends him two hostile messages telling him how much he's hurt her, how much she now hates him, and how bad he should feel. She doesn't threaten him with violence (there are separate laws barring that, and this law would apply even in the absence of a threat). She is transmitting communications with the intent to cause substantial emotional distress, using electronic means "to support severe, repeated, and hostile behavior." Result: Mary is a felon, again if her behavior is "severe." The examples could be multiplied pretty much indefinitely. The law, if enacted, would clearly be facially overbroad (and probably unconstitutionally vague), and would thus be struck down on its face under the First Amendment. But beyond that, surely even the law's supporters don't really want to cover all this speech. What are Rep. Linda Sanchez and the others thinking here? Are they just taking the view that "criminalize it all, let the prosecutors sort it out"? Even if that's so, won't their work amount to nothing, if the law is struck down as facially overbroad -- as I'm pretty certain it would be? Or are they just trying to score political points here with their constituents, with little regard to whether the law will actually do any good? I try to focus my posts mostly on what people do, not on their motives, but here the drafting is so shoddy that I just wonder why this happened. From rforno at infowarrior.org Wed May 6 12:05:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 May 2009 08:05:50 -0400 Subject: [Infowarrior] - OT: Stimulus oversight left up to taxpayers Message-ID: CURL: Stimulus oversight left up to taxpayers By Joseph Curl POLITICAL THEATER | Wednesday, May 6, 2009 http://washingtontimes.com/news/2009/may/06/stimulus-oversight-left-up-to-taxpayers/ So just who's tracking that $787 billion in taxpayer money that President Obama and the Democrat-led Congress are doling out? You are. Or you're supposed to be, anyway. "We are, in essence, deputizing the entire American citizenry to help with the oversight of this program," said Rep. Brad Miller, chairman of the House Committee on Science and Technology's subcommittee on investigations and oversight. So, too, said Earl Devaney, the ex-cop who's now chairman of the Recovery Act Accountability and Transparency Board, charged with tracking the torrent of cash now pouring out of federal coffers. "I'm going to have millions of citizens to help me," he said, comparing run-of-the-mill Americans to inspectors general, the high- ranking officials charged with ferreting out waste and abuse in federal agencies. "I'm going to have a million little IGs running around," the chairman said Tuesday after his testimony before the subcommittee. And perhaps that's just as well, given the turnout of the panel tasked with keeping track of thousands of millions of dollars. Just three of the 10 members bothered to show up for the subcommittee's second meeting, dramatically titled "Follow the Money Part II." "These hearings are titled 'follow the money' after the character in the movie - and the book - 'All the President's Men,' " Mr. Miller said. "The Deep Throat character, he told [reporters Carl] Bernstein and [Bob] Woodward to trace the money back to find out where the corruption began. "We hope this will not end up as anything as sordid as that was," he joked. Still, the North Carolina Democrat said he realized that tracking so much money will be difficult, acknowledging that "we're trying to spend $500 billion quickly." Mr. Devaney, though, said his board - made up of 10 IGs - has a dual mission: "First, the board is responsible for establishing and maintaining a Web site." Oh, and second, it's supposed to "help minimize fraud, waste or mismanagement." While Mr. Miller and the panel's top Republican were there, only Rep. Kathy Dahlkemper, Pennsylvania Democrat, also came along to the hearing. Absent were Democratic Reps. Steven R. Rothman of New Jersey, Lincoln Davis of Tennessee, Charlie Wilson of Ohio, Alan Grayson of Florida and Bart Gordon of Tennessee. Republican Reps. Brian P. Bilbray of California and Ralph M. Hall of Texas also skipped the session. Still, to a sparse crowd, Mr. Miller got right to the point. "President Obama promised a level of transparency, through the Internet, Recovery.gov. ... How do you intend to provide that level of transparency, to see how - who actually got the contract to pour asphalt?" "As I mentioned in my testimony," Mr. Devaney said, "that Web site is evolving. ... I would probably be the first to admit today the Web site doesn't give you that kind of information." Rep. Paul Broun of Georgia, the subcommittee's ranking Republican, noted that he voted against the $787 billion stimulus plan. "Simply put, the American people need to know what they got for their money," he said. "Under the Obama budget, the national debt will double in five years and triple in 10." Mr. Broun was most interested in Mr. Obama's claim that the recovery plan would create "or save" 4 million jobs, but noted that the number of jobs "saved" is likely unknowable and that since the president took office, 1.3 million jobs have been lost. "How do you plan to verify the actual number of jobs created?" he asked. "Sir, we haven't really received any information about that on the Web site," Mr. Devaney said. The repeated lack of information, though, sets up a fantastic sequel: "Follow the Money III." From rforno at infowarrior.org Wed May 6 12:20:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 May 2009 08:20:12 -0400 Subject: [Infowarrior] - Should UK bank shock jock? Message-ID: I think Weiner (I refuse to call him 'Savage') is a rabblerouser and obnoxious, but this Brit is right ..... now they're looking to ban folks for expressing their opinions? ---rf Should we be banning this US 'shock jock'? Posted By: Philip Johnston at May 5, 2009 at 15:51:33 [General] Posted in: Three Line Whip http://blogs.telegraph.co.uk/philip_johnston/blog/2009/05/05/should_we_be_banning_this_us_shock_jock The Home Office has issued the latest list of people it believes should not come to the country because they hold extremist opinions. It is a state's prerogative to decide who it wants to come to its country. That is, after all, what a visa system is for. But those banned from entry used to be people who were likely to cause public disorder or who had criminal records. In the 1960s there was a row when George Raft, the Hollywood actor, was refused entry because of his alleged links to organised crime. Now we are more likely than not to ban someone for what they think. The list of people banned over the past six months includes a former member of the Ku Klux Klan, a neo- Nazi, a Hamas MP, a Baptist pastor and his daughter barred for homophobia and a Jewish extremist. Oddly, it also contains the name Michael Savage, a US "shock jock" talk-show host whose views on Islam, rape and autism have stirred controversy in America. By all accounts, his views are pretty offensive; but is that reason enough to ban someone? The test usually is whether the individual in expressing his views would threaten public order. This is the justification given for refusing entry to the American political leader Louis Farrakhan, leader of the Nation of Islam. But to ban a radio presenter from a democratic country where he is allowed to broadcast freely is a new departure, as was the decision to refuse entry to Gert Wilders, the Dutch MP, a few months back for wanting to show a film about the Koran to British parliamentarians. The Government claims Savage engages in unacceptable behaviour by seeking to provoke others to serious criminal acts and fostering hatred which might lead to inter-community violence. But is not the real reason he is barred because he preaches dislike of other groups rather than violence against them? Home Office officials say Michael Savage, real name Michael Weiner, holds abhorrent views on immigration, Islam, rape and autism, which have caused great offence in America. That may be so. But are we now banning people because we don't like what they think or say; or are we accepting that anyone who responds violently to a view of which they disapprove can effectively veto other people's right to free speech? Now we learn that Savage may sue the Home Secretary for defamation. He said he was outraged that he had been named alongside hate preachers and a member of Hamas. He said: "For this lunatic Jacqui Smith, the Home Secretary of England, to link me up with skinheads who are killing people in Russia, to put me in (the same) league with mass murderers who kill Jews on buses is defamation. "I thought this was a joke or a mistake." He has a point. Jacqui Smith said the people who were banned were those whose views the country 'would not tolerate'. But who is she to make that decision? While it is the job of the Home Secretary to ensure the security and safety of the nation, it is not for her to decree what we should hear and to whom we should listen. From rforno at infowarrior.org Wed May 6 13:04:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 May 2009 09:04:20 -0400 Subject: [Infowarrior] - 16 y/o arrested under 'Patriot' Act Message-ID: <1DA0B12B-94AE-4950-91F8-82C74701751F@infowarrior.org> (c/o CW) He was accused of making bomb threats over the internet. Mother claims his IP address was stolen and used to make the threats. http://www.youtube.com/watch?v=gFVQ0HZz2mc From rforno at infowarrior.org Wed May 6 13:22:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 May 2009 09:22:44 -0400 Subject: [Infowarrior] - Chronology of Information Flows Message-ID: These days, everyone is trying to figure out how to connect with other people. It used to be simply, you just placed some ads in whatever newspaper that was most suited to your product, but now that world is becoming ever more irrelevant. So how do you connect with other people today? And more importantly, how do you do it tomorrow? In this article, we are going to take a little tour through the history of information - or more specifically where to focus efforts if you want get in touch with other people. It is really exciting time, because we are currently in the middle of the most drastic change since the invention of the newspaper. We are seeing an entirely new way for people to interact. One that makes all traditional ways seem silly. It is a fundamental shift, and it will completely change the world as we know it. And the best thing about it is that you get to help make it happen. So join me on this tour of the last 210 years of information + 10 more years into the future < - > http://www.baekdal.com/articles/Management/market-of-information/ From rforno at infowarrior.org Wed May 6 16:00:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 May 2009 12:00:31 -0400 Subject: [Infowarrior] - OT: For us Firefly fans.... Message-ID: <59C96928-592C-4765-8583-DD48B83E4E99@infowarrior.org> XKCD is having fun with our show this week .... http://xkcd.com/577/ http://xkcd.com/578/ http://xkcd.com/579/ (best so far) From rforno at infowarrior.org Wed May 6 16:25:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 May 2009 12:25:43 -0400 Subject: [Infowarrior] - RIAA: "we have no choice" but to file more named lawsuits Message-ID: <524022B1-5AF4-4626-B9B4-9BB0F15021AC@infowarrior.org> http://arstechnica.com/tech-policy/news/2009/05/riaa-we-have-no-choice-but-to-file-more-named-lawsuits.ars RIAA: "we have no choice" but to file more named lawsuits The RIAA said it would file no more "new" lawsuits against individual file-swappers, but it filed more such lawsuits in April. How to explain the apparent contradiction? By defining "new" in a particular way. By Nate Anderson | Last updated May 6, 2009 9:34 AM CT The RIAA's lawsuit campaign against individual file-sharers never quite seems to wrap up, and as long as the music labels continue filing their suits, stories about how the RIAA is a lying collection of lying liars (who lie) aren't going to die either. Such a story came yesterday from Ray Beckerman, the lawyer who runs the Recording Industry vs. The People blog. Beckerman noted that the music labels had filed new cases in April, despite their claim to Congress (and Ars) that they had stopped "initiating new lawsuits" in August 2008. That claim, says Beckerman, was a "total fabrication," and the continued court filings prove it. There aren't many of these "new" cases; Beckerman found three in New York. But why are they being filed at all? It depends on what "new" means The answer remains (as it has every time we've covered this issue) that the RIAA did not pledge to stop filing legal documents. The group's own definition of "new cases" does not include those that were already in process as "John Doe" cases or where settlement letters had already gone out. This was the case in March, when the RIAA filed a case against an Omaha resident for file-swapping. Those hypocrites! But the case had been detected in 2007, a John Doe lawsuit was filed months later, and once the necessary account information was subpoenaed from the ISP, the John Doe suit was replaced with a named lawsuit in March 2009. An RIAA spokesperson told us at the time that the issue was about fairness (though we raised some obvious questions about just how fair it was). "We're obviously pleased to transition to a new program going forward but that doesn't mean we can give a free pass to those who downloaded music illegally in the past," we were told. "How fair would it be to the thousands of individuals who took responsibility for their actions and settled their case while others are let off the hook? We're still in the business of deterrence and it must be credible." We checked in with the RIAA about the cases filed in April and were told that the group is "making a diligent, good faith effort to settle existing cases (see Santangelo, for example). But in instances where the defendant flat-out refuses to accept responsibility for their actions and settle, or ignores repeated overtures, we have no choice but to move forward with the legal process. As we have said since December, no new cases are being filed." The lawyers we've spoken with don't see any legal necessity for the labels to continue with these cases, but the labels have decided that they will press ahead with them, regardless. The interesting questions It does make one wonder just how many more of these lawsuits could yet be filed or converted to named suits. The RIAA has terminated its relationship with P2P investigator MediaSentry, but it appears to be reserving the right to bring every case identified by MediaSentry to completion. Most such cases are settled for a few thousand dollars, but we don't know how many outstanding cases there might be. But the truly interesting question isn't about whether the RIAA will file a couple dozen more named lawsuits in the upcoming months?nor about whether the group will be "hypocritical" when it does so. No, the interesting questions are about whether existing lawsuits like the Joel Tenenbaum and Jammie Thomas cases will deal the legal campaign a fatal blow in court, and about just how well the RIAA is doing at lining up ISPs for its voluntary graduated response program. This, after all, is the future as the RIAA sees it. The lawsuits are the past, but "three strikes and you're off the Internet" offers a way forward. Unfortunately for the music labels, ISPs are supremely skeptical. We give the idea a few more months before the labels basically abandon the voluntary approach and try to lean on Congress? probably the only realistic way to convince ISPs to disconnect paying customers. But as the Time Warner Cable data caps issue showed, nothing makes the grassroots angrier than a massive corporation interfering with their Internet. And nothing gives a Congressman or Senator more incentive to stand up to corporations than an angry mob of voters. From rforno at infowarrior.org Thu May 7 13:12:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 May 2009 09:12:07 -0400 Subject: [Infowarrior] - Report: FBI Mishandles Terror Watch List Message-ID: <3EE908A3-6204-480E-8D95-9A24066345CF@infowarrior.org> Report: FBI Mishandles Terror Watch List * By Ryan Singel Email Author * May 6, 2009 | * 4:47 pm | * Categories: Watchlists http://www.wired.com/threatlevel/2009/05/fbi-gets-f-in-handling-terror-watch-list-ig-finds/ terrorism watch list posterThe FBI can?t figure out the right way to add or remove suspected terrorists from the country?s unified terrorist watch list, subjecting citizens to unjustified scrutiny from government officials and possibly putting the country at risk, the Justice Department?s internal watchdog said Wednesday in a new report. ?We found that the FBI failed to nominate many subjects in the terrorism investigations that we sampled, did not nominate many others in a timely fashion, and did not update or remove watchlist records as required,? the Inspector General report (.pdf) said. ?We believe that the FBI?s failure to consistently nominate subjects of international and domestic terrorism investigations to the terrorist watchlist could pose a risk to national security.? Senator Patrick Leahy (D-Vermont), a longtime civil liberties advocate, took issue with the nation?s premier law enforcement agency letting innocent citizens languish on a secret list. ?Given the very real and negative consequences to which people on the watchlist are subjected, this is unacceptable,? Leahy said. The FBI is responsible for adding domestic threats to the list, while the intelligence community nominates foreigners. Inspector General Glenn Fine?s findings are not surprising, given the Fine?s 2007 audit of the watchlist found that the list full of duplicate entries and bad information. As of December 31, 2008, the centralized terrorist watch list contained more than 1.1 million known or suspected terrorist names, referring to an estimated 400,000 individuals. The list is used by local police to screen speeding drivers, by the State department to vet visa applicants and by Homeland Security to create the No-Fly list and pick-out travelers for interrogation. In 15 percent of terrorism cases the office reviewed, FBI agents failed to add the subjects to the list, while in 8 percent of closed cases, people were left on the list, in violation of policy. In 72 percent of the closed cases people weren?t removed in a timely manner, causing people to undergo unjustified screenings by the Secret Service and at the airport. Neither the FBI or the inspector general knows how many people the FBI has put on the list, but the IG?s best estimate is the FBI has nominated between 68,000 and 130,000 known or suspected terrorist identities since 2003. Of the 68,669 known or suspected terrorist identities in the database the IG could attribute to the FBI, 35 percent were outdated or had no known link to terrorism cases. Additionally the FBI has added tens of thousands of name s of Afghani and Iraqi citizens stopped and fingerprinted by the military with help from crack FBI teams. These entries have little information attached and no process for removal. The Terrorist Screening Center, which runs the list, says it is constantly scrubbing unjustified entries from the list. When the systems record a hit for a rogue speeder, the trooper calls the center to clarify the person stopped is the person on the list and what should be done. At the TSC, analysts sit in front of giant monitors, checking information called in against the intelligence that put the person on the list. Along one wall, the center plots encounters on an electronic, color-coded, electronic map of the United States.. From rforno at infowarrior.org Thu May 7 13:17:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 May 2009 09:17:57 -0400 Subject: [Infowarrior] - Ebay'd laptop had top secret data Message-ID: Computer hard drive sold on eBay 'had details of top secret U.S. missile defence system' By Daily Mail Reporter Last updated at 11:08 AM on 07th May 2009 http://www.dailymail.co.uk/news/article-1178239/Computer-hard-drive-sold-eBay-details-secret-U-S-missile-defence-system.html Highly sensitive details of a US military missile air defence system were found on a second-hand hard drive bought on eBay. The test launch procedures were found on a hard disk for the THAAD (Terminal High Altitude Area Defence) ground to air missile defence system, used to shoot down Scud missiles in Iraq. The disk also contained security policies, blueprints of facilities and personal information on employees including social security numbers, belonging to technology company Lockheed Martin - who designed and built the system. missile A missile launch in California: Details of the ground-to-air defence system were found on a computer hard drive British researchers found the data while studying more than 300 hard disks bought at computer auctions, computer fairs and eBay. The experts also uncovered other sensitive information including bank account details, medical records, confidential business plans, financial company data, personal id numbers, and job descriptions. The drives were bought from the UK, America, Germany, France and Australia by BT's Security Research Centre in collaboration with the University of Glamorgan in Wales, Edith Cowan University in Australia and Longwood University in the US. A spokesman for BT said they found 34 per cent of the hard disks scrutinised contained 'information of either personal data that could be identified to an individual or commercial data identifying a company or organisation.' And researchers said a 'surprisingly large range and quantity of information that could have a potentially commercially damaging impact or pose a threat to the identity and privacy of the individuals involved was recovered as a result of the survey.' Two disks appear to have been formerly used by Lanarkshire NHS Trust to hold information from the Monklands and Hairmyres hospitals including patient medical records, images of x-rays, medical staff shifts and sensitive and confidential staff letters. In Australia, one disk came from a nursing home and contained pictures of patients and their wounds. Confidential material including network data and security logs from the German Embassy in Paris were also discovered on a disk from France. And the trading performances and budgets of a UK-based fashion company, corporate data from a major motor manufacturing company were discovered along with details of a proposed 50 billion currency exchange through Spain involving a US-based consultant. Dr Andy Jones, head of information security research at BT, who led the survey, said: 'This is the fourth time we have carried out this research and it is clear that a majority of organisations and private individuals still have no idea about the potential volume and type of information that is stored on computer hard disks. 'For a very large proportion of the disks we looked at we found enough information to expose both individuals and companies to a range of potential crimes such as fraud, blackmail and identity theft. 'Businesses also need to be aware that they could also be acting illegally by not disposing of this kind of data properly.' Dr Iain Sutherland of the University of Glamorgan said: 'Of significant concern is the number of large organisations that are still not disposing of confidential information in a secure manner. In the current financial climate they risk losing highly valuable propriety data.' A spokesman for Lockheed Martin, who make the THADD launch system, said: 'Lockheed Martin is not aware of any compromise of data related to the Terminal High Altitude Area Defence programme. 'Until Lockheed Martin can evaluate the hard drive in question, it is not possible to comment further on its potential contents or source.' A spokesman for NHS Lanarkshire said: 'This study refers to hard disks which were disposed of in 2006. At that time NHS Lanarkshire had a contractual agreement with an external company for the disposal of computer equipment. 'In this instance the hard drives had been subjected to a basic level of data removal by the company and had then been disposed of inappropriately. This was clearly in breach of contract and was wholly unacceptable.' The spokesman said the trust now destroy equipment containing data on the premises, so no longer use external companies to dispose of IT equipment. From rforno at infowarrior.org Thu May 7 14:30:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 May 2009 10:30:05 -0400 Subject: [Infowarrior] - OpEd: Boost national cybersecurity without stifling freedom Message-ID: <87C68CA6-4FF5-48F0-9650-BEBCFF34C53C@infowarrior.org> from the May 06, 2009 edition - http://www.csmonitor.com/2009/0506/p09s03-coop.html Boost national cybersecurity without stifling freedom The US government should apply stricter control over its own network, but it should leave public networks alone. By Bryann Alexandros Virginia Beach, Va. For years, the US government has been fretting over national network vulnerabilities with banking and financial assets, government and military data, and the energy and utilities grid. Just last year, the Defense Department detected 360 million attempts to penetrate its networks, up from 6 million in 2006. One such attack involved overseas hackers that breached both the nation's electricity grid and the Pentagon's biggest weapons program, the $300 billion Joint Strike Fighter, according to the Wall Street Journal. "We are literally under attack every day as our networks are constantly probed and our adversaries seek to exploit vulnerabilities," Lt. Gen. William Shelton, the Air Force's chief information officer, told a House Armed Services Committee panel this week. To be sure, America is so e-vulnerable in so many e-ways that security officials now say Washington has no other choice but to extend its national security efforts across the Internet. This makes sense at first glance. However, the "Cybersecurity Act of 2009" (introduced recently in the Senate and apparently lacking independent expert testimony) would advance a plethora of shady mandates that could impinge on America's freedom and actually put it at greater risk. The bill requires federal agencies to take some needed steps to secure their computer networks. But it also essentially decrees the government grand overseer of Internet and network security, granting agencies such as the National Security Agency and Department of Commerce rights to regulate and impose their own universal security standards across public and private networks. It would even grant the president the most epic privilege: the ability to control and shut down any network the government wanted in the name of a "cyber emergency" ? though that term isn't defined. The government tried its hand at managing the national network infrastructure ( the system of digital networks that electronically link the electrical grid, defense systems and the White House) with The Federal Information Security Act of 2002 (FISMA). It enforced security rules for government information systems. But it seemed bent on compliance and report cards rather than on actual measurable performance. Security experts later lambasted the act as a lethargic piece of legislation that stymied action and built nothing but paper fortresses. Even former White House security adviser Howard A. Schmidt admitted recently that despite laudable goals, FISMA "has not managed to solve security problems." The Cybersecurity Act would be no better. It proposes uniform protocol that those companies it classifies as "critical infrastructure" must use. (Think websites in the sectors of public health, government, telecommunications, and finance). While politicians suggest that a federally mandated security scheme would benefit the national network infrastructure, lawmakers don't seem to foresee the inefficiency here, let alone the potential for great risk. If companies were required by law to use identical security configuration across all systems as the bill proposes, it would make it easier for hackers to attack on a broad scale because then all networks would share the same weaknesses. Also, software companies could lose incentive to innovate beyond the federally mandated level, and overall network security would suffer. The bill causes complications for IT professionals by requiring mandatory separate federal licensing if they work within "critical infrastructure." The problem with this is that the information technology world is already replete with ways to certify technological competence among individuals. These certification tests are authored either by the software/hardware vendors or by independent security groups, which do a good job. The bill also calls for a study of "an identity management and authentication program, with the appropriate civil liberties and privacy protections, for government and critical infrastructure information systems and networks." It holds an eerie verisimilitude to the controversial REAL ID Act of 2005. The solution? While the government may be wise to reinforce stricter control over its own network infrastructure, it does not need to interfere in the network security of the public or private sector. Lawmakers are hawking power-grabbing legislation on a topic that actually needs the weigh-in of independent security experts. Instead, we are flanked with justifications from the director of national intelligence, Homeland Security, former Bush administration officials, and government think tanks. Independent experts would explain that the biggest problems in computer security are not sinister IT professionals and the way they configure firewalls, but are in the software we choose to run. Software isn't perfect, but it surely evolves. It's beautiful in function but once we find that bit of flawed code, we fix it and patch it; we thus grow smarter, and our software more stable and secure. In fact, it is through this process that the ideas and innovation which make the US are formed. We cannot afford to stifle that. There is no bulletproof solution to computer and network security. Right now we must design our systems and networks accordingly. We must ponder the obstacles we face, and fitly fortify ourselves. The most practical way is not through sweeping government mandates, but by focusing on current software and hardware vulnerabilities, system design, and best industry practices at a local and regional level. Certainly national security is something we should all be concerned about, but it doesn't mean forgoing common sense or freedom. The Cybersecurity Act of 2009 grants immense power without any judicial checks over a digital problem lawmakers can't fully understand without an independent coterie of real and competent security experts. Before this Act goes any further, we all need to honestly ask whether the government should meddle in regulating the last frontier for free information. Bryann Alexandros is a freelance writer and has previously worked as a systems administrator in the IT industry. From rforno at infowarrior.org Thu May 7 14:34:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 May 2009 10:34:17 -0400 Subject: [Infowarrior] - Cyber-Command May Help Protect Civilian Networks Message-ID: <0E3FD983-039E-4070-A953-BCDDCA0D9A11@infowarrior.org> Cyber-Command May Help Protect Civilian Networks By Ellen Nakashima Washington Post Staff Writer Wednesday, May 6, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/05/05/AR2009050504342_pf.html The Pentagon is considering whether to create a new cyber-command that would oversee government efforts to protect the military's computer networks and would also assist in protecting the civilian government networks, the head of the National Security Agency said yesterday. The new command would be headquartered at Fort Meade, the NSA's director, Lt. Gen. Keith B. Alexander, told the House Armed Services terrorism subcommittee. Alexander, who is a front-runner to assume control of the command if it is created, said its focus would be to better protect the U.S. military's computers by marrying the offensive and defensive capabilities of the military and the NSA. Through the command, the NSA would also provide technical support to the Department of Homeland Security, which is in charge of protecting civilian networks and helps safeguard the energy grid and other critical infrastructure from cyber-attack, Alexander said. He stressed that the NSA does not want to run or operate the civilian networks, but help Homeland Security improve its efforts. "So if we develop something we're going to use for the Defense Department, it makes no sense for [Homeland Security] to develop the same thing," he said in a short interview after the hearing. "They can leverage it . . . We have great technical people. We can provide them the support." His remarks come as the White House is preparing to release a report based on a review of the government's cyber-security initiatives. The cyber-command idea was raised in a letter last year by then-Director of National Intelligence Mike McConnell to Defense Secretary Robert M. Gates. As proposed by the Pentagon, the command would fall under the U.S. Strategic Command, which is tasked with defending against attacks on vital interests. The NSA, which drew fire for its role in the Bush administration's program to monitor without a warrant Americans' e-mails and phone calls, has "phenomenal depth and expertise far beyond what is there at DHS," said Amit Yoran, a former top DHS cyber-security official now in the private sector. But Yoran cautioned that the effort must be transparent. "DHS needs to be very, very cautious about its participation in a program like that because you could fundamentally erode the trust DHS needs in order to be successful in its broader security mission." Any effort involving the NSA that goes beyond protecting the military networks requires careful legal analysis, he said. Alexander said a host of questions must be resolved for the military and intelligence community to broaden their partnerships with other entities. "What is the framework for sharing threat signatures that are classified? How do we do it at network speed so that it's defensible? What's that legal framework and what's that operational framework? Those are areas that technically are easier to do than to set the legal framework up." Already, he said, DHS officials have been invited to see how the NSA runs its cyber-security, he said. The idea would be to formalize that partnership. "We could say, 'Here's the path we're going down,' " he said. "They can choose their own path, but at least they know one that's been tried and the problems and issues we've had." To truly address the cyber-threat, the military must boost its partnership with the private sector as well as with DHS, he said at the hearing. But the path forward has obstacles, he acknowledged. Say the NSA discovers a malicious computer code that an adversary is using, he said. If the government shares that classified information with, say, the antivirus industry, "how do we ensure that it's not given out so widely that our adversaries have it?" he said. Post a Comment From rforno at infowarrior.org Thu May 7 16:55:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 May 2009 12:55:36 -0400 Subject: [Infowarrior] - Europe Rejects Broadband ISP Three-Strikes Anti-Piracy Legislation Message-ID: <3BDFFD0F-969D-44F5-B3F7-93F40A123CC9@infowarrior.org> Europe Rejects Broadband ISP Three-Strikes Anti-Piracy Legislation By: MarkJ - 7 May, 2009 (7:57 AM) - Views: 340 - Categories: Illegal Downloads http://www.ispreview.co.uk/story/2009/05/07/europe-rejects-broadband-isp-three-strikes-anti-piracy-legislation.html The European Parliament has, in its FINAL vote (there have been five so far) on the matter, chosen to retain amendment 46 (138) of the new Telecoms Package by a majority of 407 to 57. Amendment 46 states that restrictions to the fundamental rights and freedoms of Internet users can only be put in place after a decision by judicial authorities, which protects ISPs from having to disconnect customers suspected of involvement with illegal broadband file-sharing (P2P) downloads. La Quadrature du Net confirms that the European Parliament has nevertheless adopted a soft compromise on issues of network equity: no strong protection against "net discrimination" was adopted. "A formidable campaign from the citizens put the issues of freedoms on the Internet at the center of the debates of the Telecoms Package. This is a victory by itself. It started with the declaration of commissioner Viviane Reding considering access to Internet as a fundamental right. The massive re-adoption of amendment 138/46 rather than the softer compromise negotiated by rapporteur Trautmann with the Council is an even stronger statement. These two elements alone confirm that the French 'three strikes' scheme, HADOPI, is dead already." explains J?r?mie Zimmermann, co-founder of La Quadrature du Net. However it's not all good news as the changes do not prevent similar schemes from being introduced by individual member states. Likewise nothing will forbid ISPs from turning the Internet away from a neutral zone where people have equal access to all content applications and services. [geek]We doubt the Romulans would approve.[/geek] "The strong statement for the access to the Internet as a fundamental right demonstrates that the Parliament can be courageous and reject the pressure to compromise when essential values are at stake. Unfortunately, on issues that appear more technical such as the absence of discrimination of services and contents on the Internet, the Parliament did not take the full measure of what it is at stake yet. Citizens must remain mobilized on these crucial questions," concludes G?rald S?drati-Dinet, analyst for La Quadrature. Mercifully we're unlikely to see Three-Strikes style legislation in the UK, although some rights holders are still privately pushing for it. To date the industry as a whole has failed to agree a concrete way forward on the matter, although it's expected that Lord Carter's final Digital Britain report (due in another month or so) may present one. See our 'To Ban or Not to Ban (Illegal File Sharers)' ? article for more background to all this. From rforno at infowarrior.org Thu May 7 16:58:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 May 2009 12:58:45 -0400 Subject: [Infowarrior] - Has the MPAA lost it? Message-ID: <0D327786-7406-4E50-AB75-FAD6A0414448@infowarrior.org> (rhetorical question, don't waste keystrokes answering!! --rf) http://www.boingboing.net/2009/05/07/mpaa-to-teachers-don.html The Electronic Frontier Foundation's Fred von Lohmann sez, "Hearings for the DMCA triennial rulemaking are going on this week in DC, where the educational community is asking for an exemption to rip DVDs to take clips for classroom use. The MPAA responded with a video showing how to camcord (!) movies from a flat screen monitor, arguing that educators and students should do this instead of ripping DVDs. In the words of media literacy researcher Martine Courant Rife, that's like typing up a quote from a book, taking it outside, chiseling the words in a rock, photographing the rock, scanning the photo, and running OCR on it. And for what?" From rforno at infowarrior.org Fri May 8 02:24:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 May 2009 22:24:28 -0400 Subject: [Infowarrior] - Response to: A Pearl Harbor by keystroke? (Washington Times) In-Reply-To: <1f6b580d0905071811t30ca15b6w4206ffca6c43e547@mail.gmail.com> References: <1f6b580d0905071811t30ca15b6w4206ffca6c43e547@mail.gmail.com> Message-ID: <3B644775-A537-4DA4-88FF-5252D2ABD6F3@infowarrior.org> (anyone care to pass this to the author in question, feel free to do so with my compliments. --rick) A Pearl Harbor by keystroke? Thomas M. Skypek http://washingtontimes.com/news/2009/may/07/a-pearl-harbor-by-keystroke/ First off: the author of this op-ed is a "Washington-based defense analyst who specializes in military transformation, deterrence and U.S. defense policy" -- his level of knowledge in cybersecurity- anything is unknown. (Source: Jamestown Foundation -- http://tinyurl.com/os6u7y) Having said that.... > Without a cyberdeterrence policy in place, the United States can > expect more and larger cyberattacks on its interests. It was > reported in the Wall Street Journal on April 21 that a > cyberintrusion breached the Pentagon's $300 billion Joint Strike > Fighter (JSF) program. The attackers copied critical design > information which could make it easier for an adversary to defend > against the aircraft in a conflict. > How does "theft of proprietary data" constitute an "attack" ? Since the piece uses this as its intro, that's the logic upon which this person bases the rest of his argument on? That was an INCIDENT of data loss, not an "attack" -- but it seems "attack" is DC-speak for "someone we probably don't know doing something we don't like in cyberspace." > An effective cybersecurity strategy must include a clearly > articulated cyberdeterrence policy. When responding to a > cyberattack, Washington should move beyond cybercounterattacks to > include full kinetic attack options. > Cyberdeterrence? How is that anything other than a component of traditional deterrence mechanisms of national power? By this phraseology, do we need biodeterrence for biowarfare, chemdeterrence for chemical warfare? A response using cyber is a just another mechanism and method at our disposal! > In other words, cruise missiles or precision guided munitions should > be used to retaliate against facilities where cyberattacks are > launched with the complicity of an enemy state. All options should > be on the table when it comes to responding to attacks in cyberspace. > Your data center is believed to be the source for an "attack" on SCADA Site X. Let loose the JDAMs? PGMs in the physical world are sledgehammers in the cyber world.....one server (or a few) are a target, so you want to kinetically destroy 50, 100, or 1000 in the data center that have nothing to do with the aggressor? Have you even considered the notion of collateral damage in cyberspace? > A declaratory cyberdeterrence policy will not eliminate the threat > of cyberattacks, but it will limit the number of attacks - > particularly from state actors such as China. Lone-wolf hackers are > much more difficult to deter, but deterring state-sponsored > cyberattacks will make an incredibly complex problem more manageable > as resources can be diverted to focusing on lone-wolf hackers. The > deterrent piece of U.S. cybersecurity strategy should focus on state > actors. States who sponsor cyberattacks - or allow nonstate actors > to launch attacks from within their borders - should be held > responsible for such attacks. > So how will you know when a non-state actor is using China or Russia in a false-flag operation? Does this not start us down a very slippery slope? You say later that attribution is key --- in this case, misattribution can be more dangerous, but it's a very easy thing for the talented aggressor to get us to do! > Deterrence is a simple concept to grasp, but its execution is much > more difficult. This thought can be boiled down to a simple if-then > statement: If you attack me, I will attack you. The message: Don't > attack me in the first place. Successful deterrence requires the > ability to credibly threaten that which an adversary values and the > capability to follow through if the adversary crosses predetermined > red lines. > Credibile attribution, too. But unless you lock down the internet in ways that break it on a variety of technical, social, and cultural methods that nobody is going to endorse, 100% correct attribution is impossible. It's not like seeing a missile launch somewhere and retaliating because you know the geographic location and who controls/ owns the missile launch facility. The level of attribution you know of and rely on in the nuclear deterrence world isn't directly (or even remotely easily) transferrable into the cyber realm, and even in cases where it might be, how can you be 100% sure you're correct? > Just what are those red lines? Policymakers need to think seriously > about this issue and what types of attacks warrant kinetic > responses. A state-sponsored campaign should certainly be on that > list. However, deciding what exactly constitutes a red line is a > major policy decision which will need to be debated heavily and then > clearly communicated to the rest of the world. > That alone will tie the lawyers up for decades. How appropriate a solution for Washington. Meanwhile, Rome still burns. > By telling the world that all options are on the table when it comes > to responding to cyberattacks, most states will likely find the > costs of launching cyberattacks against the United States > unacceptably high and thus be deterred. > They will more likely snicker and see that we are posturing aimlessly because the true state aggressor -- or other competent cyber adversary -- will make it look like we're attacking ourselves, and they'll have their tracks quite well concealed. > For this to work, however, Washington's threats must be credible. > This means that the first state to seriously attack the U.S. in > cyberspace after the U.S. deterrence policy is articulated must be > attacked with conventional munitions. Selected military targets that > enable cyberoperations against the United States should be destroyed. > Since the DOD, or some DOD leaders, think a "ping" of a DOD host from a certain country as an "attack" in quoting their "millions of attacks a week" metrics to the media, that might lead to some unfortunate consequences. (Note muted sarcasm.) > Moreover, states will have a powerful new incentive to find and root > out nonstate actors operating within their borders. > This assumes you can locate every miscreant in cyberspace. Good luck. You are assuming a systems-oriented rational actor adversary....the joy of cyberspace is that you can operate outside traditional organizational frameworks and constraints. As to detecting and 'rooting out' cyber-adversaries effectively and efficiently? The game of Whack-a-Mole comes to mind here. > Of course, for cyberdeterrence to work, attribution is critical. We > need to know who perpetrated the attack. Cyberattacks can be > launched from anywhere, making targeting a difficult task. > Unsurprisingly, this makes intelligence an absolutely critical part > of the cyberdeterrence equation. Sophisticated hackers are easily > able to cover their tracks. Significant investments should be made > into improving our attribution capabilities. > Given what you just said, while the pawns and other "low hanging fruit" might be easily detected and countered, what do you think the success rate will be of detecting (and more importantly, CORRECTLY attributing) the truly sophisticated adversaries? > Attacks in cyberspace are not going away. The Pentagon has spent > more than $100 million in the last six months repairing damage from > by cyberattacks, according to Gen. John A. Davis, deputy commander > of the Joint Task Force for Global Operations. Cleaning one infected > computer can cost between $5,000 and $7,000. > What's the breakdown of that cost? Dollars to donuts I bet it's because the computer is classified for no legitimate reason, which necessitates 'special handling' to disinfect. (Of course this info likely is classified.) How many new computers could DOD buy instead for that price? The $100m spent on repairing damage? Again, what kind of damage.....worms, viruses, trojans, and other stupid user actions, or SERIOUS STUFF that we need to worry about that indeed is state- sponsored or comes from known adversaries? (Of course this info likely is classified.) Since some DOD cyber-leaders continually offer suspiciously-high statistics of how many times the department is under "attack" yet never articulated clearly exactly what constitutes an "attack" I have to question any statistic they cite until they do. > It is difficult to overstate our dependence on networked computers > and other information technologies. Laptops, personal computers and, > of course, the ubiquitous BlackBerry are the lifeblood of business, > personal communications and global information sharing. And that's > just in the civilian world. > Beg to differ. Many thought leaders in this world, including me, don't use Blackberries. ;) > While the Pentagon's computer networks are hardened from > cyberattacks, they clearly are not impervious to intrusions. > Because of a variety of reasons, most of which are self-inflicted by the so-called "good guys" we're paying to allegedly secure our systems in the name of national security. > The United States cannot afford a Pearl Harbor in cyberspace. > Danger, Will Robinson! Danger! The minute anyone invokes "Pearl Harbor" in a discussion about cyberspace (and means it) they should be viewed as having no understanding of how the net works or any concept of cybersecurity. By using that sensational phrase, they are, either wittingly or not, sowing unsubstantiated fear and needless hysteria in the eyes of the public and national policymakers. > A distributed denial-of-service campaign against critical > infrastructure targets such as power, water and transportation would > be catastrophic - so too would be a coordinated attack on the > financial services and banking industries. Worse yet, a pre-emptive > cybercampaign could be used to negate our overwhelming military > advantage, making us more susceptible to the conventional military > power of near-peer competitors. > Two points: First, how have people in American towns and cities survived when blizzards, floods, or hurricanes knocked out power to their communities for days or weeks? Something tells me that my neighborhood will survive even if some cyber-varmint launches a DDOS against my power company and we 'go dark' for a while. Happens fairly frequently, thanks to Mother Nature --- which, according to your article, means we should be developing a Mother Nature Deterrence Posture as well. Secondly, why would such a critical system - power, water, transport - be on the public network if it's deemed a critical infrastructure? If they are on a public-access network, it tells me loud and clear that security, resilience, and survivability of a public-safety infrastructure resource are being sacrificed for operatior convenience and cost-cutting. If we consider some system "critical" to public safety, than we need to treat it as such, and that means PAYING FOR APPROPRIATE SECURITY AND RESILIENCY. Security for such networks / systems should not take a back seat to cost-savings, and that means they should NEVER, EVER be on a public network!!! As for the damage caused by the financial system.....well, they didn't need hackers to wreak havoc in this country, did they? (Sorry, couldn't resist.) > Crafting an effective cyberdeterrence policy will not be easy task. > But right now, our lack of a coherent deterrence policy is a hole in > our overall cybersecurity strategy. We will be able to leverage some > of the lessons we have learned from our six-decade policy of nuclear > deterrence. However, cyberspace is a unique domain and will require > fresh ideas to make a new kind of deterrence effective. > No, we need to get rid of our six-decade-old mentality of applying conventional solutions to unconventional problems. We need to understand....truly understand....the nature of the network and not just the points that interest us. We need to get rid of the fear- mongering based on security stereotypes and baseless fears and fix - not 'address' - the root problems of our current cyber insecurity. That means designing and administering truly survivable and resilient software and systems, not letting convenience win out over security, and taking actual measures to ensure that our cybersecurity problems and vulnerabilities are not the result of self-inflicted wounds -- which they are, unfortunately. Absent these and other processes, any attempt at "cyber-deterrence" will be met with hoots of increduous laughter by those we are seeking to deter. > Thomas M. Skypek is a defense policy analyst. The views expressed > are solely those of the author. > Rick Forno has been involved in IA / IO / CIP / and more for the past 15 years. The views expressed are his alone, but likely are shared by other competent cybersecurity thought leaders as well. From rforno at infowarrior.org Fri May 8 13:04:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 May 2009 09:04:09 -0400 Subject: [Infowarrior] - NCTC 2008 Report on Terrorism Message-ID: NCTC 2008 Report on Terrorism http://cryptome.org/terror-2008.zip From rforno at infowarrior.org Fri May 8 17:53:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 May 2009 13:53:03 -0400 Subject: [Infowarrior] - Austria to pull out of European CERN institute Message-ID: Austria to pull out of European CERN institute http://www.google.com/hostednews/afp/article/ALeqM5gXpK1nNNGu1TG7V0RjfTwt9y3-MA VIENNA (AFP) ? Austria is pulling out of the European Organisation for Nuclear Research (CERN), Science Minister Johannes Hahn announced Thursday, citing budget concerns. The 20-million-euro (26.9-million-dollar) yearly membership in CERN -- which is responsible for Europe's Big Bang atom-smasher -- makes up 70 percent of the money available in Austria for participation in international institutes and could be better used to fund other European projects, he said. "I feel bad about every membership that we cannot keep up," Hahn told journalists. But a choice had to be made between continuing work with CERN or encouraging other prospects for the future, he added. Hahn said he hoped Austria could find "a new kind of cooperation" with CERN and described Vienna's withdrawal from the project as a "pause", noting that some 30 states were already working together with the Geneva-based centre without being members. The science ministry was aiming "to enhance Austria's research profile" by participating in a variety of projects across a wide range of disciplines, and while CERN's work was high-profile, Austria's role in it was rather limited, said Hahn. The newly-available funds will now allow Austria to take part in new European projects, boost its participation in old ones as well as help the Austrian Science Fund (FWF), the country's main organisation funding research. But top Austrian scientists criticised the move Thursday, just months before the CERN is due to relaunch the Large Hadron Collider (LHC), a 27-kilometre (17-mile) multi-billion-dollar underground particle accelerator designed to shed light on the "Big Bang." "This is a catastrophe," said renowned Vienna physicist Walter Thirring, who headed CERN's theory group from 1968 to 1971, warning that other states could follow Austria in pulling out of the organisation. The head of the Austrian Institute of High Energy Physics, Christian Fabjan, meanwhile called it a "black day for Austrian research." Austria, which has been a member of CERN since 1959, just needs formal approval from parliament and the government now to pull out of the organisation. Its membership could then end officially in late 2010. From rforno at infowarrior.org Fri May 8 17:55:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 May 2009 13:55:34 -0400 Subject: [Infowarrior] - Court rejects ToS claim of anytime modifications Message-ID: <5CDE2381-500E-456C-8EA4-462E58FDB0DE@infowarrior.org> This could be interesting! --rf Court Rejects Online Terms Of Service That Reserve The Right To Change At Any Time from the wow dept If you look at many online terms of service, they reserve the right to change the terms at any time. Some force you to re-agree to the terms -- but others don't. In the past, courts have ruled that if someone didn't agree to the changed terms, the new terms could be found to be unenforceable, but a recent decision has gone much further, effectively saying that the entire terms of service are void if they claim they can be changed at any time. Sent in by Blake, the ruling said that Blockbuster's online terms of service were "illusory" and unenforceable because it included a clause saying it could change the terms at any time. So, even though the term it was trying to enforce was in the terms that the person agreed to, the court found the entire terms unenforceable. This is quite a ruling that could have a pretty major impact on any online service that has terms that insist they can change at any time. While it's just a district court ruling and may be reversed on appeal, it's something anyone running an online service should pay attention to. http://techdirt.com/articles/20090508/0212134792.shtml From rforno at infowarrior.org Fri May 8 19:25:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 May 2009 15:25:37 -0400 Subject: [Infowarrior] - MacBook Users: Turn off This Bluetooth Default Setting Now Message-ID: <0CC08B9E-2D43-4098-A591-4F617D10C97E@infowarrior.org> MacBook Users: Turn off This Bluetooth Default Setting Now * By Brian X. Chen Email Author * May 8, 2009 | http://www.wired.com/gadgetlab/2009/05/macbook-users-turn-off-this-bluetooth-default-setting-now/ Last night I discovered an incredibly dumb ? and what I consider to be dangerous ? setting enabled by default in my unibody MacBook Pro. In the Bluetooth preferences, it?s the box checkmarked ?Allow Bluetooth devices to wake this computer.? Sounds innocent enough, but it could?ve killed my computer. picture-2Here?s what happened: I was in a rush to leave the office to meet a colleague for coffee, so I closed my MacBook Pro and threw my Bluetooth mouse into my laptop bag. After my coffee meeting, I ended up at a bar and took my notebook out to quickly check my e-mail. It was scalding hot all over, and when I opened the lid I was greeted with the gray screen of death. And I realized my notebook, though closed, was still on for hours ? the heat insulated by my bag. After checking the Apple support forums I found a thread where a user reported the exact same problem, and it turned out it was because his Bluetooth mouse was left on in his bag, too; he remedied the issue by unchecking the default Bluetooth setting. I was relieved that the solution was so simple, but I was still pretty concerned that this was a default setting in the first place. Imagine if I hadn?t checked my notebook for a few more hours. That could?ve caused a serious burn injury, or at worst, a fire. True, it was my own negligence to not turn off my Bluetooth mouse before throwing it in my bag, but I think it?s reasonable to assume many people have done the same thing. (Heck, I often don?t turn off my Bluetooth mouse when it?s on my desk at home, as it shuts down when it?s inactive. Clearly it?s not the same when your mouse is in your bag and you?re keeping it on by walking around.) Also, I say it?s unintelligent that this feature is turned on by default because for notebooks, it?s useless. Usually when we sleep our notebooks, we close the lid. On a MacBook, opening the lid wakes it back up automatically. There?s no need to use the Bluetooth mouse to wake up the notebook. This setting should certainly not be turned on by default. MacBook users? If you own a Bluetooth mouse, disable this setting now. Have you seen any other strange settings turned on by default that I should disable? Feel free to point them out in the comments below. From rforno at infowarrior.org Sat May 9 00:22:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 May 2009 20:22:26 -0400 Subject: [Infowarrior] - WH Military Office Director Resigns over AF1 flyover Message-ID: <915949A0-8B1B-4164-A8AE-3C2ED45E04AB@infowarrior.org> After Flyover of Air Force One Backup, Military Office Director Resigns By Jeff Zeleny http://thecaucus.blogs.nytimes.com/2009/05/08/after-air-force-one-flyover-military-office-director-resigns/?hp The White House released a photo of the plane flying over New York City on Friday.The White House The White House on Friday released the April 27 photo of the plane flying over New York City. The director of the White House Military Office submitted his resignation on Friday, less than two weeks after he authorized a flyover by an Air Force One backup of the Statue of Liberty that terrified thousands of people in New York City. Louis Caldera, who served as the secretary of the Army in the Clinton administration, apologized for the ?distraction? that approving the flyover caused. He said in a brief letter to President Obama on Friday that it ?has made it impossible for me to effectively lead the White House Military Office.? On April 27, a plane that usually serves as the president?s plane was flying low over the New York City skyline, trailed closely by two fighter jets. It was a photo opportunity ? authorized by several government officials, including Mr. Caldera ? that infuriated Mr. Obama. Last week, Mr. Obama ordered a deputy chief of staff, Jim Messina, to review the incident. And on Friday afternoon, a seven-page review of the matter was released, along with the photograph. Mr. Messina, in his memorandum to the president, said that ?structural and organizational ambiguities? in the White House Military Office led to a series of miscommunications and senior aides to the president were not advised of the flyover that had been in the planning stages since March. ?The breakdown was the lack of public notification,? the memorandum states, adding that Mr. Caldera believed others had been notified about the flight. ?If he had been aware that the flight would cause so much trouble or any embarrassment to the president or to the White House,? the report said, ?he never would have allowed it to go forward.? From rforno at infowarrior.org Sat May 9 02:56:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 May 2009 22:56:21 -0400 Subject: [Infowarrior] - Chilton: LOAC will apply to cyberwar Message-ID: <056F8505-9ED3-4DA5-BE8C-928CE451A971@infowarrior.org> http://www.stripes.com/article.asp?section=104&article=62555 Official: No options ?off the table? for U.S. response to cyber attacks By Jeff Schogol, Stars and Stripes Mideast edition, Friday, May 8, 2009 ARLINGTON, Va. ? The U.S. military?s response to a cyber attack would not necessarily be limited to cyberspace, the head of U.S. Strategic Command said Thursday. "The Law of Armed Conflict will apply to this domain," said Air Force Gen. Kevin P. Chilton. The United States? response to a cyber attack would be decided by the president and Defense secretary, Chilton told reporters during a breakfast roundtable. "Our job would be to present them options, just as every other combatant commander would do," he said. Chilton would not rule out a kinetic response to a cyber attack. "I don?t think you take anything off the table when you provide options to the president to decide," he said. "You don?t take any response options off the table from an attack on the United States of America. Why would we constrain ourselves on how we would respond?" The Defense Department?s networks are probed thousands of times per day, Chilton said. The intrusions are geared toward espionage ? gathering information rather than slowing or manipulating the department?s computers, he said. Information stolen includes personnel and medical records. While those intrusions were against unclassified networks, the information is still important, he said. Chilton said the threats range from bored teenagers to criminals and to nations ? although he did not name which nations. "They?re all threats, but what we?re finding is we?re getting and better and better at our defenses, and so the capabilities to come at our networks are going to require more sophisticated efforts, and I think what you?ll see is that requires resources. "And so that would logically take you to the probably bigger threats, would be nation-state approach or a well funded, well organized, well educated and equipped other organization that may be a non nation- state that had that capability," he said. From rforno at infowarrior.org Sat May 9 03:25:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 May 2009 23:25:07 -0400 Subject: [Infowarrior] - PCI: A Brand, Not a Security Standard References: Message-ID: http://attrition.org/security/rants/pci/heartland01.html PCI: A Brand, Not a Security Standard Fri May 8 21:09:02 EDT 2009 security curmudgeon I am so fed up with this entire ordeal. As a customer who was twice affected by Heartland's security breach (two different cards through two institutions were re-issued because of the breach), I am disgusted with Visa and Heartland. PCI and its cheerleaders make me angry. Visa is a PCI fan because it transfers risk to their customers, and removes liability from Visa. It's in their best interest to maintain the integrity of PCI at any cost, even when that cost is violating their own integrity. How can anyone sit back and groan about this ordeal without getting mad? Visa, PCI and Heartland are as bad as Enron, as bad as the Wall Street thugs who tanked the economy, and are nothing more than wealthy criminals. I have asked Visa to comment on specific aspects of this. Attrition has had calls in to Heartland to comment on points of confusion and question. We sit here, unsatisifed, without answers and wondering why either can stay in a position of financial power. [..] http://attrition.org/security/rants/pci/heartland01.html From rforno at infowarrior.org Sun May 10 01:08:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 May 2009 21:08:25 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_danger_of_drugs_=85_and_data?= Message-ID: <2B5D4A2D-D119-4A30-88B8-6A19F5E6D19E@infowarrior.org> The danger of drugs ? and data Comments (88) * Ben Goldacre * The Guardian, Saturday 9 May 2009 * Article history http://www.guardian.co.uk/commentisfree/2009/may/09/bad-science-medical-journals-companies A fascinating court case in Australia has been playing out around some people who had heart attacks after taking the Merck drug Vioxx. This medication turned out to increase the risk of heart attacks in people taking it, although that finding was arguably buried in their research, and Merck has paid out more than ?2bn to 44,000 people in America ? however, they deny any fault. British users of the drug have had their application for legal aid rejected, incidentally: the health minister, Ivan Lewis, promised to help them, but documents obtained by the Guardian last week showed that within hours Merck launched an expensive lobbying effort that convinced the minister to back off. This is a shame, because court cases can be tremendously revealing. The first fun thing to emerge in the Australian case is email documentation showing staff at Merck made a "hit list" of doctors who were critical of the company, or of the drug. This list contained words such as "neutralise", "neutralised" and "discredit" next to the names of various doctors. "We may need to seek them out and destroy them where they live," said one email, from a Merck employee. Staff are also alleged to have used other tactics, such as trying to interfere with academic appointments, and dropping hints about how funding to institutions might dry up. Institutions might think about whether they wish to receive money from a company like that in future. Worse still, is the revelation that Merck paid the publisher Elsevier to produce a publication. The relationship between big pharma and publishers is perilous. Any industry with global revenues of $600bn can afford to buy quite a lot of adverts, and pharmaceutical companies also buy glossy expensive "reprints" of the trials it feels flattered by. As we noted in this column two months ago, there is evidence that all this money distorts editorial decisions. This time Elsevier Australia went the whole hog, giving Merck an entire publication which resembled an academic journal, although in fact it only contained reprinted articles, or summaries, of other articles. In issue 2, for example, nine of the 29 articles concerned Vioxx, and a dozen of the remainder were about another Merck drug, Fosamax. All of these articles presented positive conclusions. Some were bizarre: such as a review article containing just two references. In a statement to The Scientist magazine, Elsevier at first said the company "does not today consider a compilation of reprinted articles a 'journal'". I would like to expand on this statement: It was a collection of academic journal articles, published by the academic journal publisher Elsevier, in an academic journal-shaped package. Perhaps if it wasn't an academic journal they could have made this clearer in the title which, I should have mentioned, was named: The Australasian Journal of Bone and Joint Medicine. Things have deteriorated since. It turns out that Elsevier put out six such journals, sponsored by industry. The Elsevier chief executive, Michael Hansen, has now admitted that they were made to look like journals, and lacked proper disclosure. "This was an unacceptable practice and we regret that it took place," he said. The pharmaceutical industry, and publishers, as we have repeatedly seen, have serious difficulties in living up to the high standards needed in this field, and bad information in the medical literature leads doctors to make irrational prescribing decisions, which ultimately can cost lives, and cause unnecessary suffering, not to mention the expense. It has been estimated it would take 700 hours a month to read the thousands of academic articles relevant to a GP; doctors skim, they take shortcuts, they rely on summaries, or worse. We could perform better when giving them information, but for now, it will often be "actually, I think I've seen at least two studies on that, and in different journals". The real tragedy is that the cost of distorted information, and irrational prescribing, is far greater than the cost of the research that could prevent it. Health systems pay for these drugs ? state- funded in almost every single developed country ? and they largely pay for the journals, too. In a sensible world, countries would band together and pay for comparative research themselves, and the free, open distribution of the results, to prevent all this nonsense. We do not live in a sensible world. From rforno at infowarrior.org Mon May 11 03:02:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 May 2009 23:02:52 -0400 Subject: [Infowarrior] - Cadets Trade the Trenches for Firewalls Message-ID: May 11, 2009 Cadets Trade the Trenches for Firewalls By COREY KILGANNON and NOAM COHEN http://www.nytimes.com/2009/05/11/technology/11cybergames.html?_r=1&ref=global-home&pagewanted=print WEST POINT, N.Y. ? The Army forces were under attack. Communications were down, and the chain of command was broken. Pacing a makeshift bunker whose entrance was camouflaged with netting, the young man in battle fatigues barked at his comrades: ?They are flooding the e-mail server. Block it. I?ll take the heat for it.? These are the war games at West Point, at least last month, when a team of cadets spent four days struggling around the clock to establish a computer network and keep it operating while hackers from the National Security Agency in Maryland tried to infiltrate it with methods that an enemy might use. The N.S.A. made the cadets? task more difficult by planting viruses on some of the equipment, just as real- world hackers have done on millions of computers around the world. The competition was a final exam of sorts for a senior elective class. The cadets, who were computer science and information technology majors, competed against teams from the Navy, Air Force, Coast Guard and Merchant Marine as well as the Naval Postgraduate Academy and the Air Force Institute of Technology. Each team was judged on how well it subdued the threats from the N.S.A. The cyberwar games at West Point are just one example of a heightened awareness across the military that it must treat the threat of a computer attack as seriously as it does an attack carried out by a bomber or combat brigade. There is hardly an American military unit or headquarters that has not been ordered to analyze the risk of cyberattacks to its mission ? and to train to counter them. If the hackers were to succeed, they could change information on the network and cripple Internet communications. In the desert outside Las Vegas, in a series of inconspicuous trailers, some of the most highly motivated hackers in the United States spend their days and nights probing the military?s vast computer networks for weaknesses to exploit. These hackers ? many of whom got their start as teenagers devoted to computer screens in their basements ? have access to the latest in attack software. Some of it was developed by cryptologists at the N.S.A., the nation?s largest intelligence agency, where most of the government?s talent for breaking and making computer codes resides. The hackers have an official name ? the 57th Information Aggressor Squadron ? and a real home, Nellis Air Force Base. The Army last year created its own destination for computer experts, the Network Warfare Battalion, where many of the cadets in the cyberwar games hope to be assigned. But even so, the ranks are still small. The Defense Department today graduates only 80 students a year from its cyberwar schools, causing Defense Secretary Robert M. Gates to complain that the Pentagon is ?desperately short of people who have capabilities in this area in all the services, and we have to address it.? Under current Pentagon budget proposals, the number of students cycled through the schools will be quadrupled in the next two years. Part of the Pentagon?s effort to increase the military?s capabilities are the annual cyberwar games played at the nation?s military academies, including West Point, where young cadets in combat boots and buzz cuts talk megabytes instead of megatons on a campus dotted with statues of generals, historic armaments and old stone buildings. While the Pentagon has embraced the need for offensive cyberwarfare, there were no offensive maneuvers in the games last month, said Col. Joe Adams, who teaches Information Assurance and stood at the head of the classroom during the April exercise. Cadet Joshua Ewing said he and his fellow Blue Team members ?learn all the techniques that a hacker would do, and we try to beat a hacker.? These strategies are not just theoretical. Most of these cadets will soon be sent to Afghanistan to carry out such work, Cadet Ewing said. When the military deploys in a combat zone or during a domestic emergency, establishing a secure Internet connection is an early priority. To keep things humming, the military?s experts must fend off the ordinary chaos of the Internet as well as attacks devised to disable the communications system, like flooding e-mail servers with so many junk messages that they collapse. Underscoring how seriously the cadets were taking the April games, the sign above the darkened entranceway in Thayer Hall read ?Information Warfare Live Fire Range? and the area was draped with camouflage netting. One group had to retrieve crucial information from a partly erased hard drive. One common method of hiding text, said Cadet Sean Storey, is to embed it in digital photographs; he had managed to find secret documents hidden this way. He was seeking a password needed to read encrypted e-mail he had located on the hard drive. Other cadets worked in tandem, as if plugging a leaky dam, to keep the entire system working as the N.S.A. hackers attacked the engine that runs a crucial database as well as the e-mail server. They shouted out various Internet addresses to inspect ? and usually block ? after getting clearance from referees. And there was that awkward moment when the cadet in charge, Salvatore Messina, had to act without clearance because the attack was so severe he couldn?t even send an e-mail message. The cadets in this room do get their share of ribbing. But one cadet, Derek Taylor, said today?s soldiers recognize that technological expertise can be as vital as brute force in saving lives. West Point takes the competition seriously. The cadets who helped install and secure the operating system spent a week setting it up. The dean gives a pep talk; professors bring food. Brian McCord, part of the team that installed the operating system, said he was chosen because his senior project was deeply reliant on Linux. The West Point team used this open-source operating system, freely available on the Internet, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems. ?It seems weird for the Army with its large contracts to be using Linux, but it?s very cheap and very customizable,? Cadet McCord said. It is also much easier to secure because ?you can tweak it for everything you need? and there are not as many known ways to attack it, he said. West Point emerged victorious in the games last month. That means the academy, which has won five of the last nine competitions, can keep the Director?s Cup trophy, which is displayed near a German Enigma encoding machine from World War II. Cracking the Enigma code helped the Allies win the war, and the machine is a stark reminder of the pivotal role of technology in warfare. Thom Shanker contributed reporting from Washington. From rforno at infowarrior.org Mon May 11 13:37:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 May 2009 09:37:49 -0400 Subject: [Infowarrior] - Maryland pursues cell-phone jamming test Message-ID: The Washington Times Monday, May 11, 2009 Maryland pursues cell-phone jamming test http://www.washingtontimes.com/news/2009/may/11/state-pursues-cell-phone-jamming-test/print/ Brian Witte ASSOCIATED PRESS ANNAPOLIS -- Gov. Martin O'Malley plans to ask federal regulators to allow Maryland to hold a cell-phone jamming demonstration at a state prison to show the effectiveness of stopping inmate cell-phone use, which has been a safety threat in prisons around the nation. The Federal Communications Commission can give federal agencies permission to jam cell-phone signals, but the Communications Act of 1934 doesn't allow state and local agencies to use the technology, which prevents cell-tower transmissions from reaching the targeted phone. "Current attempts to ensure that cell phones stay out of prisons can easily be foiled and must be supplanted by the best technology available," Mr. O'Malley wrote in a letter to Sen. Barbara A. Mikulski, Maryland Democrat, who is co-sponsoring legislation in Congress to legalize cell-phone jamming at state and local prisons. The Democratic governor wrote the letter to Maryland's senior senator to indicate his intent to request a demonstration and to update Miss Mikulski on the state's efforts to clear prisons of illegal cell phones. "I am committed to seizing the opportunity that this legislative initiative has created to move law enforcement and the enhancement of public safety to the 21st century as cell phones become smaller and more difficult to find," Mr. O'Malley wrote. South Carolina ran a demonstration in Nov. 2008 without federal permission, while Texas planned one, then called it off because of the federal restriction. The FCC has denied two recent requests from the District of Columbia and Louisiana for test jamming sessions. Rick Abbruzzese, an O'Malley spokesman, said the time is right for the FCC to consider Maryland's request because Congress is taking up the issue and that there's a need for up-to-date data on how the technology can be used to prevent prisoners from using cell phones. Inmates use cell phones to get around security, further gang activity and conduct criminal activity from behind bars, authorities say. Last week, a Baltimore drug dealer who used a cell phone in the city jail to plan the killing of a trial witness was sentenced to life without parole. Patrick A. Byers Jr. was convicted of murdering Carl S. Lackl Jr., who had identified Byers as the gunman in a previous killing. Mr. Lackl, a 38-year-old single father, was fatally wounded in a drive-by shooting outside his home in July 2007, a week before Byers was scheduled for trial. Maryland corrections officials confiscated 947 cell phones in 2008 by using specially trained dogs and other security measures. That's a 71 percent increase in confiscations compared with 2006, according to the O'Malley administration. Mr. O'Malley said the confiscations helped reduce serious assaults by inmates on staff by taking away a tool that inmates can use to coordinate attacks - resulting in a 32 percent drop from 2006 to 2008. Mr. O'Malley wrote that serious weapon assaults are down 75 percent over the same period. "But while we have made progress, we can do much more to improve public safety and eradicate the harm caused by these cell phones by shutting them down," Mr. O'Malley wrote in the May 7 letter to Miss Mikulski. Mr. Abbruzzese said state officials are working on the details of a demonstration, and it's not known where or when it would occur. Chris Guttman-McCabe, vice president of regulator affairs at CTIA - The Wireless Association, the industry's leading trade group, said he has concerns about cell-phone jamming affecting customers who live near prisons. "While we don't want prisoners to have service inside the jails, we also don't want our customers to be impacted outside the jails," Mr. Guttman-McCabe said. Examples of inmates using cell phones to further criminal activity have cropped up nationwide. In Texas earlier this month, a death-row inmate and two relatives were indicted in a purported cell-phone smuggling case that led to a statewide prison lockdown. A grand jury also indicted Richard Lee Tabler on a felony retaliation charge for threatening to kill a state senator. In Kansas, convicted killer John Manard planned his 2006 prison escape using a cell phone smuggled in by an accomplice. The following year, two inmates escaped another Kansas prison with the help of a former guard and a smuggled cell phone. From rforno at infowarrior.org Tue May 12 02:27:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 May 2009 22:27:30 -0400 Subject: [Infowarrior] - Cornell says no to restrictions on public domain materials Message-ID: http://news.library.cornell.edu/com/news/PressReleases/Cornell-University-Library-Removes-All-Restrictions-on-Use-of-Public-Domain-Reproductions.cfm Communications > News > Press Releases & Announcements FOR RELEASE: Contact: Peter Hirtle Phone: (607) 255-4033 E-mail: pbh6 at cornell.edu Cornell University Library Removes All Restrictions on Use of Public Domain Reproductions ITHACA, N.Y. (May 11, 2009) ? In a dramatic change of practice, Cornell University Library has announced it will no longer require its users to seek permission to publish public domain items duplicated from its collections. Instead, users may now use reproductions of public domain works made for them by the Library or available via Web sites, without seeking any further permission. The Library, as the producer of digital reproductions made from its collections, has in the past licensed the use of those reproductions. Individuals and corporations that failed to secure permission to repurpose these reproductions violated their agreement with the Library. "The threat of legal action, however," noted Anne R. Kenney, Carl A. Kroch University Librarian, "does little to stop bad actors while at the same time limits the good uses that can be made of digital surrogates. We decided it was more important to encourage the use of the public domain materials in our holdings than to impose roadblocks." The immediate impetus for the new policy is Cornell?s donation of more than 70,000 digitized public domain books to the Internet Archive (details at www.archive.org/details/cornell). "Imposing legally binding restrictions on these digital files would have been very difficult and in a way contrary to our broad support of open access principles," said Oya Y. Rieger, Associate University Librarian for Information Technologies. "It seemed better just to acknowledge their public domain status and make them freely usable for any purpose. And since it doesn?t make sense to have different rules for material that is reproduced at the request of patrons, we have removed permission obligations from public domain works." Institutional restrictions on the use of public domain work, sometimes labeled "copyfraud," have been the subject of much scholarly criticism. The Cornell initiative goes further than many other recent attempts to open access to public domain material by removing restrictions on both commercial and non-commercial use. Users of the public domain works are still expected to determine on their own that works are in the public domain where they live. They also must respect non-copyright rights, such as the rights of privacy, publicity, and trademark. The Library will continue to charge service fees associated with the reproduction of analog material or the provision of versions of files different than what is freely available on the Web. All library Web sites will be updated to reflect this new policy during 2009. The new Cornell policy can be found at cdl.library.cornell.edu/ guidelines.html. About Cornell University Library One of the leading academic research libraries in the United States, Cornell University Library is a highly valued partner in teaching, research and learning at Cornell University. The Library offers cutting-edge programs and a full spectrum of services, rare books and manuscripts and a growing network of digital resources. The Library?s outstanding collections ? from medieval manuscripts to hip hop and from ancient Chinese texts to comic books ? preserve the past and pave the way for future scholarship. To learn more about Cornell University Library, visit library.cornell.edu. From rforno at infowarrior.org Tue May 12 10:44:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 May 2009 06:44:37 -0400 Subject: [Infowarrior] - China blocks U.S. from cyber warfare Message-ID: Tuesday, May 12, 2009 China blocks U.S. from cyber warfare Bill Gertz http://washingtontimes.com/news/2009/may/12/china-bolsters-for-cyber-arms-race-with-us/print/ China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies. The secure operating system, known as Kylin, was disclosed to Congress during recent hearings that provided new details on how China's government is preparing to wage cyberwarfare with the United States. "We are in the early stages of a cyber arms race and need to respond accordingly," said Kevin G. Coleman, a private security specialist who advises the government on cybersecurity. He discussed Kylin during a hearing of the U.S. China Economic and Security Review Commission on April 30. The deployment of Kylin is significant, Mr. Coleman said, because the system has "hardened" key Chinese servers. U.S. offensive cyberwar capabilities have been focused on getting into Chinese government and military computers outfitted with less secure operating systems like those made by Microsoft Corp. "This action also made our offensive cybercapabilities ineffective against them, given the cyberweapons were designed to be used against Linux, UNIX and Windows," he said. The secure operating system was disclosed as computer hackers in China - some of them sponsored by the communist government and military - are engaged in aggressive attacks against the United States, said officials and experts who disclosed new details of what was described as a growing war in cyberspace. These experts say Beijing's military is recruiting computer hackers for its forces, including one specialist identified in congressional testimony who set up a company that was traced to attacks that penetrated Pentagon computers. Chinese Embassy spokesman Wang Baodong declined immediate comment. But Jiang Yu, a Chinese Foreign Ministry spokesman, said April 23 that the reports of Chinese hacking into Pentagon computers were false. "Relevant authorities of the Chinese government attach great importance to cracking down on cybercrimes," Ms. Jiang said. "We believe it is extremely irresponsible to accuse China of being the source of attacks prior to any serious investigation." Mr. Coleman, a computer security specialist at Technolytics and a consultant to the director of national intelligence and U.S. Strategic Command, said Chinese state or state-affiliated entities are on a wartime footing in seeking electronic information from the U.S. government, contractors and industrial computer networks. Mr. Coleman said in an interview that China's Kylin system was under development since 2001 and the first computers to use it are government and military servers that were converted beginning in 2007. Additionally, Mr. Coleman said, the Chinese have developed a secure microprocessor that, unlike U.S.-made chips, is known to be hardened against external access by a hacker or automated malicious software. "If you add a hardened microchip and a hardened operating system, that makes a really good solid platform for defending infrastructure [from external attack]," Mr. Coleman said. U.S. operating system software, including Microsoft, used open-source and offshore code that makes it less secure and vulnerable to software "trap doors" that could allow access in wartime, he explained. "What's so interesting from a strategic standpoint is that in the cyberarena, China is playing chess while we're playing checkers," he said. Asked whether the United States would win a cyberwar with China, Mr. Coleman said it would be a draw because China, the United States and Russia are matched equally in the new type of warfare. Rafal A. Rohozinski, a Canadian computer security specialist who also testified at the commission hearing, explained how he took part in a two-year investigation that uncovered a sophisticated worldwide computer attack network that appeared to be a Chinese-government- sponsored program called GhostNet, whose electronic strikes were traced to e-mails from Hainan island in the South China Sea. GhostNet was able to completely take over targeted computers and then download documents and information. Some of the data stolen were sensitive financial and visa information on foreign government networks at overseas embassies, Mr. Rohozinski said. The China-based computer network used sophisticated break-in techniques that are generally beyond the capabilities of nongovernment hackers, Mr. Rohozinski said. Using surveillance techniques, the investigators observed GhostNet hackers stealing sensitive computer documents from embassy computers and nongovernmental organizations. "It was a do-it-yourself signals intelligence operation," Mr. Rohozinski said of the network, which took over about 1,200 computers in 103 nations, targeted specifically at overseas Tibetans linked to the exiled Dalai Lama. Mr. Rohozinski, chief executive officer of the SecDev Group and an advisory board member at the Citizen Lab at the Munk Center for International Studies at the University of Toronto in Ontario, said the GhostNet operation was likely part of a much bigger cyberintelligence effort by China to silence or thwart its perceived opponents. A third computer specialist, Alan Paller, told the Senate Committee on Homeland Security and Governmental Affairs on April 29 that China's military in 2005 recruited Tan Dailin, a graduate student at Sichuan University, after he showed off his hacker skills at an annual contest. Mr. Paller, a computer security specialist with the SANS Institute, said the Chinese military put the hacker through a 30-day, 16-hour-a- day workshop "where he learned to develop really high-end attacks and honed his skills." A hacker team headed by Mr. Tan then won other computer warfare contests against Chinese military units in Chengdu, in Sichuan province. Mr. Paller said that a short time later, Mr. Tan "set up a little company. No one's exactly sure where all the money came from, but it was in September 2005 when he won it. By December, he was found inside [Defense Department] computers, well inside DoD computers," Mr. Paller said. A Pentagon official said at the time that Chinese military hackers were detected breaking into the unclassified e-mail on a network near the office of Defense Secretary Robert M. Gates in June 2007. Additional details of Chinese cyberattacks were disclosed recently by Joel F. Brenner, the national counterintelligence executive, the nation's most senior counterintelligence coordinator. Mr. Brenner stated in a speech in Texas last month that cyberactivities by China and Russia are widespread and "we know how to deal with these," including widely reported "Chinese penetrations of unclassified DoD networks." "Those are more sophisticated, though hardly state of the art," he said. "Frankly, I worry more about attacks we can't even see, which the Russians are good at. The Chinese are relentless and don't seem to care about getting caught. And we have seen Chinese network operations inside certain of our electricity grids." Mr. Brenner said there are minimal concerns about a Chinese cyberattack to shut down U.S. banking networks because "they have too much money invested here. "Our electricity grid? No, not now. But if there were a dust-up over Taiwan, these answers might be different," he said. Aggressive Chinese computer hacking has been known for years, but the U.S. government in the past was reluctant to detail the activities. The CIA, for example, sponsored research in the late 1990s that sought to minimize Chinese cyberwarfare capabilities, under the idea that highlighting such activities would hype the threat. Researcher James Mulvenon, for instance, stated during a 1998 conference that China's People's Liberation Army (PLA) "does not currently have a coherent [information warfare] doctrine, certainly nothing compared to U.S. doctrinal writings on the subject." Mr. Mulvenon stated in one report that "while PLA [information warfare] capabilities are growing, they do not match even the primitive sophistication of their underlying strategies." Mr. Mulvenon has since changed his views and has identified Chinese computer-based warfare as a major threat to the Pentagon. Mr. Coleman said China's military is equal to U.S. and Russian military cyberwarfare. "This is a three-horse race, and it is a dead heat," Mr. Coleman said. The National University of China is the strategic adviser to the Chinese military on cyberwarfare and the Ministry of Science and Technology, he said. Several computer security specialists recently sounded public alarm about the growing number of cyberattacks from China and Russia. China, based on state-approved writings, thinks the United States is "already is carrying out offensive cyberespionage and exploitation against China," Mr. Coleman said. In response, China is taking steps to protect its own computer and information networks so that it can "go on the offensive," he said. Mr. Coleman said one indication of the problem was identified by Solutionary, a computer security company that in March detected 128 "acts of cyberagression" tied to Internet addresses in China. "These acts should serve as a warning that clearly indicates just how far along China's cyberintelligence collection capabilities are," Mr. Coleman said. A Pentagon spokesman, Air Force Lt. Col. Eric Butterbaugh, would not comment on Chinese cyberattacks directly but said "cyberspace is a war- fighting domain, critical to military operations: We must protect it." The Pentagon's Global Information Grid is hit with "millions of scans" - not intrusion attempts - every day, Lt. Butterbaugh said. "The nature of the threat is large and diverse, and includes recreational hackers, self-styled cybervigilantes, various groups with nationalistic or ideological agendas, transnational actors, and nation- states," he said. "We have seen attempts by a variety of state and nonstate sponsored organizations to gain unauthorized access to, or otherwise degrade, DoD information systems." Air Force Gen. Kevin Chilton, commander of the U.S. Strategic Command, said May 7 that a joint cybercommand is needed under the Pentagon to better integrate military and civilian cybercapabilities and defenses. Gen. Chilton said he favors creating the joint command at Fort Meade, Md., where the National Security Agency is located. The command should be a subunit of Strategic Command, located at Offutt Air Force Base, Neb. Mr. Gates said last month that the National Security Council is heading up a strategic review of U.S. cybercapabilties and is considering creating a subunified command within Strategic Command. Pentagon spokesman Bryan Whitman said Mr. Gates has not decided on the subunified command to handle cyberwarfare issues and is waiting for the completion of the White House review of cyberwarfare and security issues, which is past due from the 60-day deadline imposed by Congress. Mr. Gates "thought it would be prudent to wait for their work before looking at potential organization structures," Mr. Whitman said in an interview. From rforno at infowarrior.org Tue May 12 12:07:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 May 2009 08:07:24 -0400 Subject: [Infowarrior] - Print Books Are Target of Pirates on the Web Message-ID: Props to Cory's quote @ the end! -rf May 12, 2009 Print Books Are Target of Pirates on the Web By MOTOKO RICH http://www.nytimes.com/2009/05/12/technology/internet/12digital.html?partner=rss&emc=rss&pagewanted=print Ursula K. Le Guin, the science fiction writer, was perusing the Web site Scribd last month when she came across digital copies of some books that seemed quite familiar to her. No wonder. She wrote them, including a free-for-the-taking copy of one of her most enduring novels, ?The Left Hand of Darkness.? Neither Ms. Le Guin nor her publisher had authorized the electronic editions. To Ms. Le Guin, it was a rude introduction to the quietly proliferating problem of digital piracy in the literary world. ?I thought, who do these people think they are?? Ms. Le Guin said. ?Why do they think they can violate my copyright and get away with it?? This would all sound familiar to filmmakers and musicians who fought similar battles ? with varying degrees of success ? over the last decade. But to authors and their publishers in the age of Kindle, it?s new and frightening territory. For a while now, determined readers have been able to sniff out errant digital copies of titles as varied as the ?Harry Potter? series and best sellers by Stephen King and John Grisham. But some publishers say the problem has ballooned in recent months as an expanding appetite for e-books has spawned a bumper crop of pirated editions on Web sites like Scribd and Wattpad, and on file-sharing services like RapidShare and MediaFire. ?It?s exponentially up,? said David Young, chief executive of Hachette Book Group, whose Little, Brown division publishes the ?Twilight? series by Stephenie Meyer, a favorite among digital pirates. ?Our legal department is spending an ever-increasing time policing sites where copyrighted material is being presented.? John Wiley & Sons, a textbook publisher that also issues the ?Dummies? series, employs three full-time staff members to trawl for unauthorized copies. Gary M. Rinck, general counsel, said that in the last month, the company had sent notices on more than 5,000 titles ? five times more than a year ago ? asking various sites to take down digital versions of Wiley?s books. ?It?s a game of Whac-a-Mole,? said Russell Davis, an author and president of the Science Fiction and Fantasy Writers of America, a trade association that helps authors pursue digital pirates. ?You knock one down and five more spring up.? Sites like Scribd and Wattpad, which invite users to upload documents like college theses and self-published novels, have been the target of industry grumbling in recent weeks, as illegal reproductions of popular titles have turned up on them. Trip Adler, chief executive of Scribd, said it was his ?gut feeling? that unauthorized editions represented only a small fraction of the site?s content. Both sites say they immediately remove illegally posted books once notified of them. The companies have also installed filters to identify copyrighted work when it is uploaded. ?We are working very hard to keep unauthorized content off the site,? Mr. Adler said. Several publishers declined to comment on the issue, fearing the attention might inspire more theft. For now, electronic piracy of books does not seem as widespread as what hit the music world, when file-sharing services like Napster threatened to take down the whole industry. Publishers and authors say they can learn from their peers in music, who alienated fans by using the courts aggressively to go after college students and Napster before it converted to a legitimate online store. ?If iTunes started three years earlier, I?m not sure how big Napster and the subsequent piratical environments would have been, because people would have been in the habit of legitimately purchasing at pricing that wasn?t considered pernicious,? said Richard Sarnoff, a chairman of Bertelsmann, which owns Random House, the world?s largest publisher of consumer titles. Until recently, publishers believed books were relatively safe from piracy because it was so labor-intensive to scan each page to convert a book to a digital file. What?s more, reading books on the computer was relatively unappealing compared with a printed version. Now, with publishers producing more digital editions, it is potentially easier for hackers to copy files. And the growing popularity of electronic reading devices like the Kindle from Amazon or the Reader from Sony make it easier to read in digital form. Many of the unauthorized editions are uploaded as PDFs, which can be easily e-mailed to a Kindle or the Sony device. An example of copyrighted material on Scribd recently included a digital version of ?The Tales of Beedle the Bard,? a collection of fairy tales by J. K. Rowling. One commenter, posting as vicious-9690, wrote ?thx for posting it up ur like the robinhood of ebooks.? For some writers, tracking down illegal e-books is simply not worth it. ?The question is, how much time and energy do I want to spend chasing these guys,? Stephen King wrote in an e-mail message. ?And to what end? My sense is that most of them live in basements floored with carpeting remnants, living on Funions and discount beer.? Book sales are down significantly, and publishers say it is difficult to determine whether electronic piracy is denting sales. Some of the most frequently uploaded books, like the ?Twilight? series, are also huge best sellers. Some authors say they just want to protect the principle of compensating writers. ?I don?t ask to get rich off this stuff,? said Harlan Ellison, an author and screenwriter. ?I just ask to be paid.? Nine years ago, Mr. Ellison sued Internet service providers for failing to stop a user from posting four of his stories to an online newsgroup. Since settling that suit, he has pursued more than 240 people who have posted his work to the Internet without permission. ?If you put your hand in my pocket, you?ll drag back six inches of bloody stump,? he said. Others view digital piracy as a way for new readers to discover writers. Cory Doctorow, a novelist whose young adult novel ?Little Brother? spent seven weeks on the New York Times children?s chapter books best-seller list last year, offers free electronic versions of his books on the same day they are published in hardcover. He believes free versions, even unauthorized ones, entice new readers. ?I really feel like my problem isn?t piracy,? Mr. Doctorow said. ?It?s obscurity.? From rforno at infowarrior.org Tue May 12 19:05:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 May 2009 15:05:03 -0400 Subject: [Infowarrior] - 5 Miami men convicted of Sears Tower attack plot Message-ID: 5 Miami men convicted of Sears Tower attack plot By CURT ANDERSON The Associated Press Tuesday, May 12, 2009; 2:44 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/05/12/AR2009051202050.html?hpid=topnews MIAMI -- Five men were convicted Tuesday of plotting to join forces with al-Qaida to destroy Chicago's Sears Tower and bomb FBI offices in hopes of igniting an anti-government insurrection. The jury in Miami acquitted another member of the so-called "Liberty City Six" in the sixth day of deliberations. Two previous trials ended in mistrials when jurors could not agree on the men's guilt or innocence. They were arrested in June 2006 on charges of plotting terrorism with an undercover FBI informant they believed was from al-Qaida. Defense attorneys said terrorist talk recorded on dozens of FBI tapes was not serious and the men wanted only money. Ringleader Narseal Batiste, 35, was the only one convicted of all four terrorism-related conspiracy counts, including plotting to provide material support to terrorists and conspiring to wage war against the U.S. Batiste, who was on the vast majority of hundreds of FBI audio and video tapes, faces up to 70 years in prison. ad_icon Batiste's right-hand man, 29-year-old Patrick Abraham, was convicted on three counts and faces 50 years behind bars. Convicted on two counts and facing 30 years are 24-year-old Burson Augustin, 25-year- old Rotschild Augustine and 33-year-old Stanley Grant Phanor. Naudimar Herrera, 25, was cleared of all four charges. U.S. District Judge Joan Lenard set sentencing for July 26 for the five convicted men, most of whom are Haitian or have Haitian ancestry. They lived in Miami's downtrodden inner-city neighborhood known as Liberty City. The jury endured a two-month trial, then had to restart deliberations last week after one juror was excused for illness and a second was booted off the panel for being uncooperative. After the verdicts were read, court security officials escorted the jury _ whose names were kept secret _ out of the building before they could be interviewed. The arrests were initially hailed as a major success by President George W. Bush's administration, an example of disrupting potential attacks at the earliest possible stages. But two previous juries struggled with the lack of solid evidence indicating the men took any steps to pull off such major mass assaults, such as possessing bomb- making manuals or building blueprints. Prosecutors focused on the group's intent as captured on dozens of FBI audio and video recordings. Batiste is repeatedly heard espousing violence against the U.S. government and saying the men should start a "full ground war" that would "kill all the devils." "I want to fight some jihad," Batiste says on one tape. A key piece of evidence is an FBI video of the entire group pledging an oath of allegiance, or "bayat," to al-Qaida and Osama bin Laden in a March 16, 2006, ceremony led by an FBI informant posing as "Brother Mohammed" from al-Qaida. But Batiste, who testified in all three trials, insisted he was only going along with Mohammed so he could obtain $50,000 or more for his struggling construction business and a nascent community outreach program. Batiste was leader of a Miami chapter of a sect known as the Moorish Science Temple, which combines elements of Christianity, Judaism and Islam and does not recognize the U.S. government's full authority. Defense lawyers also claimed the case was an FBI setup driven by informants who manipulated the group. "This is a manufactured crime," Batiste attorney Ana M. Jhones said earlier in the trial. A seventh man who was acquitted after the first 2007 trial, 34-year- old Lyglenson Lemorin, is being deported to his native Haiti anyway. Less stringent immigration laws make it easier for U.S. officials to use the terrorism allegations against Lemorin. From rforno at infowarrior.org Tue May 12 19:06:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 May 2009 15:06:22 -0400 Subject: [Infowarrior] - DHS to Bolster Protection of Civilian Computer Networks Message-ID: DHS to Bolster Protection of Civilian Computer Networks By Ellen Nakashima and Spencer S. Hsu Washington Post Staff Writers Tuesday, May 12, 2009 2:13 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/05/12/AR2009051201743_pf.html The Department of Homeland Security will step up operations to secure civilian computer networks against cyber attacks in coming years, getting increases in funding and personnel, and coordinating responsibilities now scattered across government agencies, administration officials said this week. The comments come as a comprehensive review of the nation's cyber defenses before President Obama has triggered a broader debate over whether the government is sufficiently mobilized and has the resources to tackle complex cyber-security threats posed by sophisticated criminal operations and states such as Russia and China. A debate over the White House's role in leading the effort also is expected to be resolved soon, with an announcement expected as early as the end of this week, though more likely next week, sources said. The review, led by Obama aide Melissa Hathaway, was aimed at crafting a broad strategy to defend against debilitating cyber attacks -- against government sites and the increasingly global computer networks of major telecommunications, financial, energy and other companies that control critical infrastructure. But not all issues have been resolved, sources said. Officials said that under the plan, the National Security Agency would continue to assist DHS in protecting civilian networks, despite concern over the impact on Americans' privacy and the legal authority for the military and intelligence agency to conduct domestic surveillance activities. Legal reviews of that issue are ongoing, officials said. The extent to which the government should direct or guide actions by owners of private commercial systems remains a matter of sharp disagreement with industry and civil liberties groups and probably will be deferred, said sources who have been briefed on the discussions. Senior administration officials told reporters last month that the report would establish that the White House would oversee and direct interagency cyber efforts, but would leave operations to the relevant agencies. They said the report would outline a strategic vision but leave many major policy questions to officials to be named later. The Pentagon and intelligence community have responsibility for protecting military and classified networks, and are considering creating a new cyber command to combine offensive and defensive cyber efforts. Meanwhile, the Homeland Security Department was given a greater role in defending civilian government systems last year under the Bush administration's Comprehensive National Cyber Security Initiative, a largely classified, five-year, $17 billion effort. In his proposed 2010 budget last week, President Obama requested a $177 million, or 16 percent, increase in spending for DHS's chief information officer and Infrastructure Protection and Information Security office, which include agencies that Bush identified as the cornerstone of civilian coordination and preparedness efforts. The full-time staff of the latter is projected to triple between 2008 and 2010, to 1,031 civilian workers. Speaking to Washington Post editors and reporters Monday, Homeland Security Secretary Janet Napolitano said the department expected significant increases in cyber funding "not only this year but in years to come." "We will become, in effect, the non-DoD locus for cyber security," Napolitano said. "It makes sense to have a DoD focus and a non-DoD focus, and I think that's functionally where it's going." Napolitano acknowledged complaints that DHS lacks adequate skills and personnel to achieve its mandate. However, she said the department will continue to receive "technical assistance" from the NSA. Sources said the department is expected to expand its cyber security operations centers, pulling in non-defense components from across the government, such as the Treasury Department. "In reality a lot of that is the intersection of DHS and their .gov sites, and their relationship to the banks and regulated communities. They're all wrapped up together," Napolitano said. Her remarks came after NSA Director Lt. Gen Keith B. Alexander told a House panel last week that the Pentagon is considering creating a new cyber command at Fort Meade, where the NSA is based, and after the White House report is released, the Pentagon will begin to "walk through" with industry what it can do to help them. In an interview with The Washington Post after the hearing, he said he thought DHS is "going to need the technical support" from NSA. "Secretary Napolitano is superb at that," he said. "She knows how to leverage us." Though the NSA is acknowledged to have the skills to detect cyber threats and exploit adversaries' vulnerabilities, the secrecy surrounding its activities and recent controversy over its role in the Bush administration's warrantless surveillance of Americans' e-mails and phone calls have raised concerns over its participation in the protection of non-military networks. Among departments, the Pentagon and NSA also are wrestling with battles over turf and sensitive legal and operational questions about how and when to share classified information about computer threats with the private sector. At the White House, the review has triggered jockeying among the National Economic Council and Office of Science and Technology Policy and the National Security and Homeland Security councils. The number of cyber-security incidents reported by federal agencies to the U.S. Computer Emergency Readiness Team within the National Cyber Security Division at DHS more than tripled between 2006 and 2008, the Government Accountability Office, Congress's audit arm, reported last week. The GAO found weaknesses in security controls needed to detect or prevent cyber attacks at 23 of 24 major agencies. From rforno at infowarrior.org Tue May 12 19:21:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 May 2009 15:21:38 -0400 Subject: [Infowarrior] - CRS Report Leaks Prove Tough to Stop Message-ID: <4092E7D5-A895-4001-811A-C765D6585490@infowarrior.org> CRS Report Leaks Prove Tough to Stop http://www.rollcall.com/issues/54_129/news/34813-1.html May 11, 2009 By Emily Yehle Earlier this year, Wikileaks put more than 6,000 Congressional Research Service reports online, spawning excitement in the blogosphere, ire from some Members and an investigation by the inspector general of the Library of Congress. But three months later, the reports are still online and the culprit is unknown. IG Karl Schornagel said he hit a dead end a few weeks ago, after following the trail to the Senate. As clients of the CRS, Members and staffers have unfettered access to most of the CRS? confidential reports online. ?These things could be leaked at any time in probably vast quantities by any staffer or Member of Congress,? Schornagel said recently. ?We have no jurisdiction than to go further than their front door.? That?s apparently where it will end. The IG?s office had discovered an anomaly, where a Senate Web site holding the CRS reports had updated twice, rather than the usual once. But Senate officials said that was a glitch in the system and not the reason for the leak, according to Schornagel. A spokeswoman for Senate Sergeant-at-Arms Terrance Gainer said the office is not conducting an investigation. The IG office, meanwhile, has referred the case to the FBI. The case highlights the increasing difficulty of keeping CRS reports private as technology makes spreading information instantaneous and easy. For a century, the CRS has produced confidential analyses to Members, answering questions on everything from specific legislation to broader policy issues. Some reports are made available to the entire Congress; others are memos and briefings in response to an individual Member or committee. Their secrecy has been more a product of preference than one driven by classified information. Over the years, some Members ? such as Sen. Joe Lieberman (ID-Conn.) ? have attempted to make CRS reports easily accessible to the public. But Congress and the CRS have resisted, citing worries about politicizing the analyses. Recently, CRS Director Daniel Mulhollan reiterated at an appropriations hearing that the agency?s work ?must be authoritative, objective and confidential.? In many cases, the Internet is responsible for making the reports easily accessible to the public. Web sites like OpenCRS.com and Wikileaks make it easy for sympathetic staffers and Members to pass along reports, while other companies, such as Roll Call Group?s GalleryWatch, are able to collect the reports and charge subscribers. Despite its unwillingness to make the reports directly available to the public, the CRS is taking steps to make it easier for Members to share reports, setting up a system where they can feed reports onto their official Web site for constituents to read. Such capabilities are the ?newest step,? CRS spokeswoman Janine D?Addario said. ?Knowing of the interest that there is in Members wanting to make reports available to constituents or to a wider audience, I think this facilitates their ability to do that,? she said. But some argue that reports should be made officially public because Members otherwise can simply pick and choose whatever reports support their opinions. Reports gathered surreptitiously also may not get updated as frequently; D?Addario pointed to those on Wikileaks, which stretched back as far as 1990. The 6,780 reports from Wikileaks are still available online in an easy- to-download PDF format. But none have been added since they were first leaked in February, and D?Addario said the agency has added security measures to its Web site. She wouldn?t give details, citing security concerns. Still, Members and staffers can continue to download PDFs of reports in order to send them to constituents ? or anyone else. ?If we have provided a Member of Congress or committee with information, then it is up to them? to decide whether to release it publicly, D?Addario said. From rforno at infowarrior.org Wed May 13 14:30:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 May 2009 10:30:01 -0400 Subject: [Infowarrior] - =?windows-1252?q?OpEd=3A_Congress=92s_Torture_Bub?= =?windows-1252?q?ble?= Message-ID: <873727CC-61C6-4675-8D4C-F9E0DD35EAE6@infowarrior.org> May 13, 2009 Op-Ed Contributor Congress?s Torture Bubble By VICKI DIVOLL (Vicki Divoll, a former deputy counsel to the C.I.A. Counterterrorist Center, was the general counsel of the Senate Intelligence Committee from 2001 to 2003. She teaches government at the United States Naval Academy. ) http://www.nytimes.com/2009/05/13/opinion/13divoll.html?_r=1&pagewanted=print JUST four members of Congress were notified in 2002 when the Central Intelligence Agency?s ?enhanced interrogation techniques? program was first approved and carried out, according to documents released by the agency last week. They were Senators Bob Graham and Richard Shelby and Representatives Porter Goss and Nancy Pelosi, then the chairmen and ranking members of the Senate and House intelligence committees ? the so-called ?Gang of Four.? Each was briefed orally and it was understood that they were not to speak about the program with anyone, including their colleagues on the committees. It?s logical to ask, so what if it was only four members? If they objected to the program, why didn?t they take steps to change it or stop it? Maybe they should have tried. But as a practical matter, there was very little, if anything, the Gang of Four could have done to affect the Bush administration?s decision on the enhanced interrogation techniques program. To stop it, they needed the whole Congress. The framers of the Constitution gave aggregate, not individual, powers to the legislative branch. For the Gang of Four to have waved their arms and yelled at mid-level C.I.A. briefers, or written harsh letters to the president and vice president, would have been useless. Four members do not have the ability, on their own, to bring the great weight of the constitutional authority of Congress to bear. There are C.I.A. ?covert action? activities ? like the detention and interrogation program ? that because of their significance, and risks, require participation from both the White House and the Congressional intelligence committees in their initiation and oversight. The National Security Act defines covert action programs as those designed ?to influence political, economic, or military conditions abroad, where it is intended that the role of the United States government will not be apparent or acknowledged publicly.? The C.I.A. is prohibited by law from conducting covert action activities without express presidential approval ? and this is not a requirement that the agency takes lightly. The National Security Act also requires that when the president approves a covert action program the two Congressional intelligence committees shall be ?notified.? The committees do not have disapproval power, nor can they force changes at that time. But the law does require the executive branch to provide timely, written notice to the full committees ? which together consist of fewer than 40 members ? of the plans. It is unlawful for the executive branch to limit notification, as it did here, to the Gang of Four. There is no such entity recognized in the National Security Act. Federal law does provide, however, for notification of fewer lawmakers than the full intelligence committees, but only when ?extraordinary circumstances affecting vital interests of the United States? are at stake. Under those very limited situations, the notification may be to the ?Gang of Eight,? which includes the majority and minority leadership of the House and Senate, in addition to the intelligence committee leaders. It should be noted that there is a legal argument that the interrogation program was merely foreign intelligence ?collection,? and not ?covert action? at all, because it was used to elicit information that already existed in the minds of the detainees. In that case, there is no exception in the law for Gangs of Four or Eight, and every member of the two committees should have been notified. What it boils down to is this: many of the laws mandating Congressional notification of covert action programs were enacted after the Senate?s Church Committee hearings in the late 1970s had revealed widespread abuses by the intelligence agencies domestically and overseas. The House and Senate intelligence committees ? created at that time ? were designed to be the ?eyes and ears? of the full Congress on significant intelligence activities. These committees were entrusted with the faith of the American people to oversee aggressive intelligence operations done in all of our names, and to ensure that they are necessary, effective and consistent with American laws and values. But the narrow Gang of Eight exception, or worse, the Gang of Four, has swallowed up the notification rule. This is a trend that began before the Bush administration, and the types of programs about which the Church Committee was most concerned now receive the least oversight ? in many cases, no oversight ? by Congress. It is reasonable for us to wonder how many other covert action programs the Bush administration kept from the committees. One might ask whether it was just too risky to share information about the interrogation program with so many members of Congress. Isn?t four better than 40, if we must keep this secret? It is true that the Gang of Eight exception was included in the law to give some flexibility, in a subset of cases, to the executive branch to limit the number of legislators who receive a notification, at least initially. Sometimes, for example, if an operation is imminent ? like the capture of an al Qaeda leader ? short-term security may require it to be held very closely. But there is nothing in the legislative history of the Gang of Eight exception that supports the use made of it by the Bush administration ? to shield, indefinitely, a politically controversial program from Congressional scrutiny. The exception has been abused to the point where it no longer has meaning, and Congress should examine whether it should be clarified or even eliminated. If we do keep it, Congress should spell out in detail the very limited circumstances in which a Gang of Eight briefing may be given, and permit such secrecy for only a limited time. Only short-term operational security ? not a controversial policy choice ? should justify a temporary close hold. Of course, the real reason that notifying four members of Congress was better than 40 to the Bush White House is crystal-clear ? to eliminate political pushback. Check the box that Congress was informed just in case, someday, the program becomes public and things get rough. But do so in a way that the legislative branch is not in a position to cause any trouble. In Article I of the Constitution, the framers gave Congress two extraordinary powers over the executive branch ? the power of the purse and the power to make laws. It is unconstitutional for the executive branch to spend one dime on a program for which Congress has not appropriated funds. And if Congress passes a law forbidding the executive branch from engaging in an activity, it must stop, or people go to jail. But four members cannot stop financing and ban activities on their own ? that takes the whole Congress. So what might the four have done? They could have demanded that the full committees receive the briefings and that more information be provided. If the White House objected, they could have told their colleagues anyway. The committees then could have put a classified budget provision in the intelligence authorization bill for fiscal year 2003 cutting off money for the program, or delineating how the C.I.A. must treat detainees. The speech and debate clause of the Constitution shields senators and representatives from civil and criminal liability in the performance of their legislative duties. It would have protected those members if they had decided to march down to the House or Senate floor and denounce the Bush administration for engaging in torture, though that approach not only could have harmed C.I.A. operations, but also surely would have been political suicide. But would the full committees ? or even the full Congress ? have taken action to stop the enhanced interrogation program if they had been informed of it in 2002? Admittedly, the memory of 9/11 was very raw then and we cannot know if things would have turned out differently. We do know, however, that the full committees weren?t briefed on the C.I.A. detention and interrogation program until 2006, on the same day that the program was made public by President George W. Bush. Since then, the committees have tried, so far without success, to amend federal law to hold the C.I.A. to the same strict interrogation standards for military intelligence collection spelled out in the Army Field Manual. Even if the results had been the same, we would now at least have the cold comfort of knowing that our constitutional system of checks and balances had been put into play before a program that risked our fundamental values was carried out on our behalf. The framers of the Constitution never intended for small numbers of legislators to be culled from Congress and expected to act as a check on the excesses of the executive. Vicki Divoll, a former deputy counsel to the C.I.A. Counterterrorist Center, was the general counsel of the Senate Intelligence Committee from 2001 to 2003. She teaches government at the United States Naval Academy. From rforno at infowarrior.org Wed May 13 23:57:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 May 2009 19:57:44 -0400 Subject: [Infowarrior] - Apple snags ex-OLPC security chief Message-ID: Apple snags ex-OLPC security chief Posted by Ryan Naraine @ 10:33 am http://blogs.zdnet.com/security/?p=3358 Former director of security architecture at One Laptop per Child (OLPC) Ivan Krstic has joined Apple to help thwart hacker attacks against the Mac operating system. Krstic, a well-respected innovator who designed the Bitfrost security specification for the OLPC initiative, joined Cupertino this week and will work on core OS security. His hiring comes at a crucial time for a company that ties security to its marketing campaigns despite public knowledge that it?s rather trivial to launch exploits against the Mac. Krstic sees the OLPC?s Bitfrost system as a foolproof way to defeat malware attacks so it?s a safe bet he?ll be working with Apple engineers on some form of sand-boxing of applications: Instead of blocking specific viruses, the system (Bitfrost) sequesters every program on the computer in a separate virtual operating system, preventing any program from damaging the computer, stealing files, or spying on the user. Viruses are left isolated and impotent, unable to execute their code. ?This defeats the entire purpose of writing a virus,? says Krstic. I?ve written in detail in the past about Apple?s security-by-PR campaigns and the danger of assuming Macs are secure because hackers aren?t targeting the operating system so it comes as pleasant news that the company appears serious about hiring top talent in the security world. Krstic is a no-BS software engineer who has done quality work in the past and his presence at Apple will only help. Here?s a talk that outlines Krstic?s thinking around computer security.... http://blogs.zdnet.com/security/?p=3358 From rforno at infowarrior.org Thu May 14 03:58:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 May 2009 23:58:48 -0400 Subject: [Infowarrior] - Foreigners using GPS face arrest in China Message-ID: <9D9F2E9B-E080-4454-ACBA-DDE35C75731A@infowarrior.org> http://www.telecomasia.net/article.php?id_article=12957 Foreigners using GPS face arrest in China Mar 26, 2009 By Telecom Asia Staff telecomasia.net China's Bureau of Surveying and Mapping (BSM) has warned foreigners to turn off the GPS functions on their mobile phones, or risk arrest. The bureau warned foreigners using GPS devices on mainland China that they could be detained if suspected of conducting illegal mapping. The bureau has launched a crackdown on "illegal surveying", the South China Morning Post reported, with foreigners the main targets. Under Chinese law, non-Chinese institutions or individuals intending to use mapping devices in China must file a request to the government - which can take months to approve - have their data submitted for vetting and be 'assisted' by Chinese authorities. A US citizen, mining expert Calvin Herron, was arrested for using a handheld GPS device in a village near Luoyang in 2007, the bureau said. He was detained for four months, then deported and fined 100,000 yuan ($14,640). Chinese experts believe Herron was arrested for getting too close to guided missile sites believed to be situated in Luoyang. http://www.telecomasia.net/article.php?id_article=12957 From rforno at infowarrior.org Thu May 14 04:31:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 00:31:09 -0400 Subject: [Infowarrior] - Why the FSF Cares About RIAA Lawsuits Message-ID: The War on Sharing: Why the FSF Cares About RIAA Lawsuits Written by Ernesto on May 13, 2009 In one of RIAA?s high profile cases the Free Software Foundation backed defendant Joel Tenenbaum, much to the dislike of the music industry lobby. John Sullivan, Operations Manager at the FSF explains in a guest post why they think these cases impact not just music, but also free software and its technology. http://torrentfreak.com/the-war-on-sharing-why-the-fsf-cares-about-riaa-lawsuits-090513/ From rforno at infowarrior.org Thu May 14 04:32:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 00:32:40 -0400 Subject: [Infowarrior] - When love is harder to show than hate Message-ID: When love is harder to show than hate Copyright law is set up to protect critics, while leaving fans of creative works out in the cold http://www.guardian.co.uk/technology/2009/may/13/cory-doctorow-copyright When a group of fans of the Dune books received a copyright threat from the estate of Frank Herbert, they took the path of least resistance: they renamed and altered their re-creation of the novel's setting ? a loving tribute created inside the virtual world of Second Life ? so that it was no longer so recognisable as an homage to Herbert's classic science fiction novels. The normal thing to do here is to rail at the stupidity of the Herbert estate in attacking these fans. After all, they weren't taking money out of the pockets of the estate, the chance of trademark dilution in this case is infinitesimal, the creators were celebrating and spreading their love for the series, they are assuredly all major fans and customers for the products the estate is trying to market, their little Second Life re-creation was obscure and unimportant to all but its users, and the estate's legal resources could surely be better used in finding new ways to make money than in finding new ways to alienate its best customers. But that's not what this column is about. What I want to ask is, how did we end up with a copyright law that only protects critics, while leaving fans out in the cold? Some background: copyright's regulatory contours allow for many kinds of use without permission from the copyright holder. For example, if you're writing a critical review of a book, copyright allows you to include quotations from the book for the purpose of criticism. Giving authors the right to choose which critics are allowed to make their points with quotes from the original work is obvious bad policy. It's a thick-skinned author indeed who'd arm his most devastating critics with the whips they need to score him. The courts have historically afforded similar latitude to parodists, on much the same basis: if you're engaged in the parodical mockery of a work, it's a little much to expect that the work's author will give her blessing to your efforts. The upshot of this is that you're on much more solid ground if you want to quote or otherwise reference a work for the purposes of rubbishing it than if you are doing so to celebrate it. This is one of the most perverse elements of copyright law: the reality that loving something doesn't confer any right to make it a part of your creative life. The damage here is twofold: first, this privileges creativity that knocks things down over things that build things up. The privilege is real: in the 21st century, we all rely on many intermediaries for the publication of our works, whether it's YouTube, a university web server, or a traditional publisher or film company. When faced with legal threats arising from our work, these entities know that they've got a much stronger case if the work in question is critical than if it is celebratory. In the digital era, our creations have a much better chance of surviving the internet's normal background radiation of legal threats if you leave the adulation out and focus on the criticism. This is a selective force in the internet's media ecology: if you want to start a company that lets users remix TV shows, you'll find it easier to raise capital if the focus is on taking the piss rather than glorifying the programmes. Second, this perverse system acts as a censor of genuine upwellings of creativity that are worthy in their own right, merely because they are inspired by another work. It's in the nature of beloved works that they become ingrained in our thinking, become part of our creative shorthand, and become part of our visual vocabulary. It's no surprise, then, that audiences are moved to animate the characters that have taken up residence in their heads after reading our books and seeing our movies. The celebrated American science-fiction writer Steven Brust produced a fantastic, full-length novel, My Own Kind of Freedom, inspired by the television show Firefly. Brust didn't ? and probably can't ? receive any money for this work, but he wrote it anyway, because, he says, "I couldn't help myself". Brust circulated his book for free and was lucky enough that Joss Whedon, Firefly's creator, didn't see fit to bring legal action against him. But if he had been sued, Brust would have been on much stronger grounds if his novel had been a savage parody that undermined everything Whedon had made in Firefly. The fact that Brust wrote his book because he loved Whedon's work would have been a mark against him in court. This isn't a plea for unlimited licence to commercially exploit the creations of others. It's fitting that commercial interests who plan on making new works from yours seek your permission under the appropriate circumstances. Nor is this a plea to eliminate the vital aid to free expression that we find in copyright exceptions that protect criticism. Rather, it's a vision of copyright that says that fannish celebration ? the noncommercial, cultural realm of expression and creativity that has always accompanied commercial art, but only lately attained easy visibility thanks to the internet ? should get protection, too. That once an artist has put their works in our head, made them part of our lives, we should be able to live those lives. From rforno at infowarrior.org Thu May 14 12:19:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 08:19:53 -0400 Subject: [Infowarrior] - Holltwood copyright notice forms easily hacked Message-ID: http://techdirt.com/articles/20090514/0136024879.shtml Entertainment Industry Copyright Notice Acknowledgement Forms Easily Hacked from the nice-work,-baytsp dept One of the companies that the entertainment industry hires to send out nastygrams to people it believes are file sharing illegally is BayTSP. The company tries to hunt down IP addresses and then try to notify the user. Apparently, a part of this process is also to include a link to a web form where the user can respond to the notice and tell BayTSP if you will comply with their infringement notice and remove the offending files from your computer. Except, some are noticing, that BayTSP's method of doing this isn't even remotely secure, so the response forms are available for anyone to see -- and to respond to. You can find your own with a little help from Google. Even worse, you could send your own notices, pretending to be BayTSP, and get people to fill out the forms instead. And, on top of that, some have discovered that BayTSP's site has some scripting vulnerabilities such that you could create a fake complaint and get people to, say, download malware or enter credit card data. Once again demonstrating the high level of technical incompetence from the folks the RIAA and MPAA hire to piss off fans worldwide. http://techdirt.com/articles/20090514/0136024879.shtml From rforno at infowarrior.org Thu May 14 12:20:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 08:20:45 -0400 Subject: [Infowarrior] - RealNetworks accuses MPAA of antitrust violations Message-ID: <244FD248-5D6A-4B2A-9C4F-7F21534FA691@infowarrior.org> May 13, 2009 7:27 PM PDT RealNetworks accuses MPAA of antitrust violations by Greg Sandoval http://news.cnet.com/8301-1023_3-10240490-93.html?part=rss&subj=news&tag=2547-1_3-0-20 RealNetworks has accused the major film studios of antitrust violations in documents filed Wednesday with a federal court. Real, a software company known best for the company's video and music player, has asked U.S. District Judge Marilyn Patel for permission to file an amended second complaint against the six largest film studios as well as Viacom, the entertainment conglomerate and parent company of Parmount Pictures. Real has been involved in a legal conflict with Hollywood over its release last year of RealDVD, a software that duplicates DVDs and stores the copies on a computer hard drive. The Motion Picture Association of America claims that RealDVD violates copyright law. The two sides have met in court this month so Patel could determine whether to remove an injunction placed on the sale of RealDVD. She halted sales last September, days after the software first went on sale. An MPAA representative was not immediately available and a Real spokesman declined to comment. In the latest filing, Real accuses the studios as well as the DVD Copy Control Association, a group dedicated to protecting DVDs from piracy, of violating the Sherman Antitrust Act, the federal statute designed to limit cartels and monopolies. "RealNetworks has become aware of facts demonstrating that the DVD CCA and the Studio Defendants have engaged in both a horizontal group boycott of RealNetworks," Real said in it's filing. "The testimony of the Studio Defendants during the preliminary injunction hearing further confirmed the existence of a horizontal conspiracy." Real alleged in the document that the studios were guilty of anti- competitive practices when they agreed to block anyone from making copies of DVDs without their say so. "(The witnesses) unambiguously," Real said in the court filing,"confirmed the Studios' position that the (Content Scrambling System) License Agreement (which is needed to legally make copies of DVDs) resulted from a joint agreement among the Studios to prohibit all copies of DVD content unless the Studios jointly authorize the making of such a copy." Greg Sandoval covers media and digital entertainment for CNET News. He is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at http://twitter.com/sandoCNET . From rforno at infowarrior.org Thu May 14 13:58:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 09:58:37 -0400 Subject: [Infowarrior] - Pirated Windows 7 RC builds botnet Message-ID: <293554C1-2F7A-453F-B7AD-143E62803125@infowarrior.org> May 14, 2009 5:58 AM PDT Pirated Windows 7 RC builds botnet by Matthew Broersma http://news.cnet.com/8301-1009_3-10240643-83.html?part=rss&subj=news&tag=2547-1_3-0-20 A pirated version of Windows 7 Release Candidate infected with a Trojan horse has created a botnet with tens of thousands of bots under its control, according to researchers at security firm Damballa. The software, which first appeared on April 24, spread as quickly as several hundred new bots per hour, and controlled roughly 27,000 bots by the time Damballa took over the network's command and control server on May 10, the firm said Tuesday. The pirated software was spread via popular piracy sites and online forums, Damballa said. The software is primarily designed to download and install other malicious packages under a "pay-per-install" scheme, under which the botmasters are paid based on the number of other pieces of malware they cause to be installed, Damballa said. Infected installations are continuing to appear at a rapid rate, according to the company. "We continue to see new installs happening at a rate of about 1,600 per day with broad geographic distribution," Tripp Cox, Damballa's vice president of engineering, said in a statement. "Since our takedown (of the command and control server), any new installs of this pirated distribution of Windows 7 RC are inaccessible by the botmaster." However, the botmaster still controls the existing installations, Damballa said. The infected systems are mainly concentrated in the U.S., with 10 percent, and the Netherlands and Italy, with 7 percent each. Windows 7 RC has been used as a lure by other malware distributors since its launch on May 5, according to security experts. On Monday, Trend Micro said it found the Trojan horse TROJ_DROPPER.SPX masquerading as a copy of the release candidate. Botnets are one of the most serious threats on the Internet, according to security experts, and are typically used to carry out denial-of- service attacks or phishing schemes or to send junk mail. Last month, SecureWorks researcher Joe Stewart suggested that technology was not enough to stop botnets, arguing that the IT industry should look to new law-enforcement measures. The legitimate version of Windows 7 RC is available from Microsoft's Web site. From rforno at infowarrior.org Thu May 14 13:59:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 09:59:56 -0400 Subject: [Infowarrior] - British ISPs say no to being copyright cops Message-ID: British ISPs say no to being copyright cops Clean up your act, rights holders told By Nick Farrell Thursday, 14 May 2009, 10:36 http://www.theinquirer.net/inquirer/news/1137333/british-isps-copyright-cops WHILE POLITICIANS in blighty dither over whether or not they should introduce tougher anti-piracy laws, the nation's ISPs are telling the music and film industries to stuff it. The UK creative industries have demanded that ISPs start disconnecting users accused of repeated online copyright infringement. But ISPs are starting to fight back. They do not see why they should be the movie and film industries' copyright cops, particularly as the problem is caused by rights holders not doing a better job of licencing legal content. In a statement, the Internet Service Providers' Association (ISPA) said Internet companies are trying to provide legal content online but are frustrated by the entertainment industries' daft rules that stop them from doing it. ISPA told Ars Technica that legislation on enforcement should only be introduced on the condition that the rights holder industries commit to significant licencing reform. There is some merit in this. In areas where the likes of the RIAA and friends have allowed reasonable distribution illegal downloading has fallen off. The Music Mafiaa's own statistics show that legal downloading is more popular than illegal file sharing. We'd go further than ISPA's timid statement, however. The entertainment industries should be required to achieve licencing reform before they even think about asking for legislative support, and they should have to pay artists ninety per cent of gross receipts and submit to strict audits. ? From rforno at infowarrior.org Thu May 14 14:04:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 10:04:20 -0400 Subject: [Infowarrior] - Chemist Shows How RNA Can Be the Starting Point for Life Message-ID: <6988E1D1-55FB-4B37-B08B-E33DE5C18536@infowarrior.org> May 14, 2009 Chemist Shows How RNA Can Be the Starting Point for Life By NICHOLAS WADE http://www.nytimes.com/2009/05/14/science/14rna.html?hpw=&pagewanted=print An English chemist has found the hidden gateway to the RNA world, the chemical milieu from which the first forms of life are thought to have emerged on earth some 3.8 billion years ago. He has solved a problem that for 20 years has thwarted researchers trying to understand the origin of life ? how the building blocks of RNA, called nucleotides, could have spontaneously assembled themselves in the conditions of the primitive earth. The discovery, if correct, should set researchers on the right track to solving many other mysteries about the origin of life. It will also mean that for the first time a plausible explanation exists for how an information- carrying biological molecule could have emerged through natural processes from chemicals on the primitive earth. The author, John D. Sutherland, a chemist at the University of Manchester, likened his work to a crossword puzzle in which doing the first clues makes the others easier. ?Whether we?ve done one across is an open question,? he said. ?Our worry is that it may not be right.? Other researchers say they believe he has made a major advance in prebiotic chemistry, the study of the natural chemical reactions that preceded the first living cells. ?It is precisely because this work opens up so many new directions for research that it will stand for years as one of the great advances in prebiotic chemistry,? Jack Szostak of the Massachusetts General Hospital wrote in a commentary in Nature, where the work is being published on Thursday. Scientists have long suspected that the first forms of life carried their biological information not in DNA but in RNA, its close chemical cousin. Though DNA is better known because of its storage of genetic information, RNA performs many of the trickiest operations in living cells. RNA seems to have delegated the chore of data storage to the chemically more stable DNA eons ago. If the first forms of life were based on RNA, then the issue is to explain how the first RNA molecules were formed. For more than 20 years researchers have been working on this problem. The building blocks of RNA, known as nucleotides, each consist of a chemical base, a sugar molecule called ribose and a phosphate group. Chemists quickly found plausible natural ways for each of these constituents to form from natural chemicals. But there was no natural way for them all to join together. The spontaneous appearance of such nucleotides on the primitive earth ?would have been a near miracle,? two leading researchers, Gerald Joyce and Leslie Orgel, wrote in 1999. Others were so despairing that they believed some other molecule must have preceded RNA and started looking for a pre-RNA world. The miracle seems now to have been explained. In the article in Nature, Dr. Sutherland and his colleagues Matthew W. Powner and B?atrice Gerland report that they have taken the same starting chemicals used by others but have caused them to react in a different order and in different combinations than in previous experiments. they discovered their recipe, which is far from intuitive, after 10 years of working through every possible combination of starting chemicals. Instead of making the starting chemicals form a sugar and a base, they mixed them in a different order, in which the chemicals naturally formed a compound that is half-sugar and half-base. When another half- sugar and half-base are added, the RNA nucleotide called ribocytidine phosphate emerges. A second nucleotide is created if ultraviolet light is shined on the mixture. Dr. Sutherland said he had not yet found natural ways to generate the other two types of nucleotides found in RNA molecules, but synthesis of the first two was thought to be harder to achieve. If all four nucleotides formed naturally, they would zip together easily to form an RNA molecule with a backbone of alternating sugar and phosphate groups. The bases attached to the sugar constitute a four-letter alphabet in which biological information can be represented. ?My assumption is that we are here on this planet as a fundamental consequence of organic chemistry,? Dr. Sutherland said. ?So it must be chemistry that wants to work.? The reactions he has described look convincing to most other chemists. ?The chemistry is very robust ? all the yields are good and the chemistry is simple,? said Dr. Joyce, an expert on the chemical origin of life at the Scripps Research Institute in La Jolla, Calif. In Dr. Sutherland?s reconstruction, phosphate plays a critical role not only as an ingredient but also as a catalyst and in regulating acidity. Dr. Joyce said he was so impressed by the role of phosphate that ?this makes me think of myself not as a carbon-based life form but as a phosphate-based life form.? Dr. Sutherland?s proposal has not convinced everyone. Dr. Robert Shapiro, a chemist at New York University, said the recipe ?definitely does not meet my criteria for a plausible pathway to the RNA world.? He said that cyano-acetylene, one of Dr. Sutherland?s assumed starting materials, is quickly destroyed by other chemicals and its appearance in pure form on the early earth ?could be considered a fantasy.? Dr. Sutherland replied that the chemical is consumed fastest in the reaction he proposes, and that since it has been detected on Titan there is no reason it should not have been present on the early earth. If Dr. Sutherland?s proposal is correct it will set conditions that should help solve the many other problems in reconstructing the origin of life. Darwin, in a famous letter of 1871 to the botanist Joseph Hooker, surmised that life began ?in some warm little pond, with all sorts of ammonia and phosphoric salts.? But the warm little pond has given way in recent years to the belief that life began in some exotic environment like the fissures of a volcano or in the deep sea vents that line the ocean floor. Dr. Sutherland?s report supports Darwin. His proposed chemical reaction take place at moderate temperatures, though one goes best at 60 degrees Celsius. ?It?s consistent with a warm pond evaporating as the sun comes out,? he said. His scenario would rule out deep sea vents as the place where life originated because it requires ultraviolet light. A serious puzzle about the nature of life is that most of its molecules are right-handed or left-handed, whereas in nature mixtures of both forms exist. Dr. Joyce said he had hoped an explanation for the one-handedness of biological molecules would emerge from prebiotic chemistry, but Dr. Sutherland?s reactions do not supply any such explanation. One is certainly required because of what is known to chemists as ?original syn,? referring to a chemical operation that can affect a molecule?s handedness. Dr. Sutherland said he was working on this problem and on others, including how to enclose the primitive RNA molecules in some kind of membrane as the precursor to the first living cell. From rforno at infowarrior.org Thu May 14 15:36:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 11:36:41 -0400 Subject: [Infowarrior] - Kindle 2 kill switches appear Message-ID: <219BEACC-5996-43CB-872B-3797DB45B74A@infowarrior.org> Kindle 2 vs Reading Disabled Students By Meredith Filak, on May 13th, 2009 http://www.keionline.org/blogs/2009/05/13/kindle-2-vs-reading-disabled-students/ [Update, 13 May: Beginning yesterday, Random House Publishers began to disable text-to-speech remotely. The TTS function has apparently been remotely disabled in over 40 works so far. Affected titles include works by Toni Morrison, Stephen King, and others. Other notable titles include Andrew Meachem's American Lion, and five of the top ten Random House best-sellers in the Kindle store. As a former English major, a teacher, and a lover of books, I can't see how anyone can justify eroding access to popular and classic literature.] A little-known fact: in my non-IP life, I?m a bit of an education wonk. My mother was a high school English teacher for 30 years, and I work as a part-time SAT and Writing tutor. I specialize in working with dyslexic, ADD/ADHD, and other reading-disabled students?and so, on both personal and professional levels, I am appalled by the backwards approach to equal access espoused by the Author?s Guild during the recent Kindle 2 debacle. While the Guild claims that they should have the right to selectively block the text-to-speech (TTS) function on the Amazon Kindle 2?due to the ?added value? it automatically provides to their work?their response has served to do little more than exclude, alienate, and set back the reading-impaired community. First, some background on the technology itself: Text-to-speech is a function, available on almost all personal computers for several years now, that translates written text into a computerized voice. (Put aside those images of Stephen Hawking and Speak-N-Spells; the voices are much softer on the ear nowadays.) The TTS function on the Kindle translates e-books to sound. The end result is of decent quality, but isn?t something you?d get particularly excited about. TTS is not an audiobook. The quality is so disparate that I?d be hard- pressed to say they?re even remotely comparable. Audiobooks are performed and recorded by professional actors and sound technicians, and involve great expense on the part of the publishers. They are performance pieces, subtle, nuanced and genuinely entertaining. (The Harry Potter audiobooks are a phenomenal example.) The Author?s Guild, however, claims that the quality of TTS is improving so rapidlythat someday computerized voices could be on par with, or even superior to, professionally-acted audio books. Putting aside concerns about concerns about (as Cory Doctorow puts it) ?the plausibility of the singularity emerging from Amazon?s text-to-speech R&D,? the claim itself is both legally and practically very shaky. But wait, you say. So what? Who?s affected by all this? Well, aside from a long list of people who, for one reason or another, cannot physically utilize books, those with text-based learning disabilities are left out in the cold. Reading disabilities, particularly in youth and adolescence, interfere with nearly every aspect of education and often require prohibitively expensive tests to formally diagnose. (In the DC metro area, a full- spectrum learning diagnostic?often critical for securing standardized test accommodations?can easily cost over $2,000.) Uncounted children have to cope daily with undiagnosed learning disabilities which manifest as vague, nebulous ?difficulties? with seemingly disparate tasks. According to the International Dyslexia Association and Learning Disabilities Association of America, between 4-7% of all school-age children in the United States receive accommodation in school for a learning disability, and 85% of those students (5% overall) have a language-based disability. Estimates of prevalence of language disabilities in the general population can reach as high as an estimated 15-20% of the American population, and at least one study has estimated that as many as one in five children is dyslexic. Reading disabilities, because of their tangible effect on textual performance, are usually the easiest for educators to identify. Unfortunately, they?re also among the first (along with ADD/ADHD) to be falsely and crassly dismissed as the hallmark of a ?slow learner.? On the contrary, reading disabilities often mask otherwise brilliant mathematical, artistic, and analytical minds. What most people forget is that, on a fundamental level, those with reading disabilities process language differently than a non-disabled reader. A student once explained his dyslexia to me with a familiar analogy; it?s like an older student learning a new language. Dyslexia, he told me, was like a new student translating a passage?a stop-and-go process of read-translate-integrate, which produces a string of words but no obvious coherent meaning. (Having taken Japanese in college, I found the analogy painfully effective.) For this student and many others, text is quite literally another language. The simple option to have books read aloud to them?even by a computer?is an enormously powerful asset to those with a whole spectrum of difficulties, including dyslexia, ADD/ADHD, and linguistic impairment. English as a Second Language students (whose immersion is, often, primarily aural, and only later textual) also receive the obvious benefits of word-sound association. Compounding this problem is the fact that reading disabilities last a lifetime. In a longitudinal setting, text-to-speech offers an invaluable resource; TTS provides continual reinforcement, even as the subject matter or reading level changes. A Kindle with text-to-speech could provide a dyslexic child with a lifetime of reading assistance, opening them up to a whole world of literature and information. College students with textual impairments could access their textbooks in TTS format, providing a level of comprehension that they would otherwise only be able to achieve through a private human reader. We teach young children with technology designed to promote associations between sounds and printed words, but too often we overlook the value this same technology provides for adults. But beyond the technical and educational debate, there exists a more fundamental, compelling reason to preserve TTS technology and protect its implementation. In the TTS debate, those with reading disabilities face not only a challenge to their ability to utilize technology to learn, but a fundamental challenge to their human rights as ensconced in the Universal Declaration of Human Rights. Article 27 guarantees every human being ?the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.? The Author?s Guild seeks not only to prevent further cultural participation by reading-disabled people, but also to deny them the benefits of scientific advancement by blocking an existing technology from performing its intended role?and doing all this while demanding remuneration for a capability they themselves have done nothing to promote. If this is how the Author?s Guild wishes to treat those with reading disabilities?as freeloaders attempting to abuse the ?added value? of TTS?then I fear for the future of equal access. From rforno at infowarrior.org Thu May 14 16:01:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 May 2009 12:01:37 -0400 Subject: [Infowarrior] - REAL ID: Another state says no Message-ID: Senate says NO to federal REAL ID requirements Wednesday, May 13, 2009, 8:50 PM By Steve Walsh http://www.missourinet.com/gestalt/go.cfm?objectid=3DE3DA36-5056-B82A-374269B0EE2E3C30 By a vote of 32-0 the State Senate has approved HB 361 - legislation that would have Missouri join a dozen other states in rejecting the federal government REAL ID Act of 2005 requiring states to conform to a federal standard for driver's licenses or identification cards. Having previously been approved by the House, the bill now goes to Governor Jay Nixon. Opponents of REAL ID express privacy and constitutional concerns. During Senate debate the question of federal government motive was also raised. Senator Gary Nodler (R-Joplin) suggested federal lawmakers lack the courage to anger those with constitutional concerns, so they are forcing the states to do what Congress refuses to do. "You back door rather than to directly, frontally confront the issue," said Nodler. "Of whether we should have a national ID card." Senator Charlie Shields (R-St. Joseph), the Senate President Pro Tem, agrees with Nodler. "The reason this is out there," said Shields. "Is because there was enough objection from civil libertarians about having a national ID that the Congress went around that and said we will make sure that we have state IDs in all 50 states and territories that comply with the national standard." The currrent federal REAL ID requirements call for implementation of the rules to begin this year, with an effective date of December, 2011. The Obama Administration has indicated, however, that the implementation date could be delayed. From rforno at infowarrior.org Fri May 15 12:25:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 May 2009 08:25:06 -0400 Subject: [Infowarrior] - Palin's lawyers clueless about DNS Message-ID: At least do you basic research before going after someone? Oh...right; on the Intertubes, if you're feeling wronged, it's shoot/ flail first and then figure out why your strategy isn't working. *cough*MPAARIAABSA* He yanked the "site" (aka DNS redirect) down, but I don't think he had any legal obligation to do so. Then agan, IANAL. Sarah Palin's legal team doesn't understand DNS Posted by Cory Doctorow, May 15, 2009 3:17 AM | permalink A reader writes, "The person who owned the domain CrackHo.com set it up to redirect to Sarah Palin's website on the Alaska state site. No one used the site, but apparently someone got upset: Palin's lawyers sent a cease & desist, claiming that it was misuse of the Alaskan seal and copyright infringement. Note, that CrackHo didn't copy anything or use any of the content. It was just a simple redirect to the Alaska website." http://www.boingboing.net/2009/05/15/sarah-palins-legal-t.html From rforno at infowarrior.org Fri May 15 12:28:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 May 2009 08:28:59 -0400 Subject: [Infowarrior] - The perfect geek age? Message-ID: The perfect geek age? May 14th, 2009 (Visited 3942 times) Tags: http://www.raphkoster.com/2009/05/14/the-perfect-geek-age/ Was being born in 1971 the perfect time to be born a geek? * It meant I got to see Star Wars in the theater, 13 times, at ages 6 and 7, exactly when it would overwhelm my sense of wonder. * I got an 8-bit computer at exactly the age when boys get obsessive about details, and I spent days PEEKing and POKEing and typing in listings from magazines and learning how computers actually worked. * It meant at least half the new games I played were actually new ideas. * And yet I got to play real pinball machines. * In real arcades. * New Wave science fiction was the used paperbacks laying around, and I got to read cyberpunk and steampunk as they were invented, and see SF when fandom was not yet a media circus. * I got to play D&D from as close to the beginning as most anyone. * And feel like I had inside baseball knowledge during the D&D scene in E.T., which the other folks in the theater didn?t get. * I was there for when the X-Men were new and fresh * I got to high school when PCs were becoming ubiquitous. * I got to college when Macs were on Apple campuses, and actually useful. * And when you had no choice but to use libraries for research, so I actually learned what real research is. * And I was too young to feel cynical about Dead Poets Society. * I got onto the Internet after it was tiny, but before it was mass market. So I got to see and use most of the tools and software that were key to its evolution, as they were used, then replaced, then discarded. Pine, gopher, Usenet, Mozilla? * I read Sandman when the issues first came out. * I got into the games business before it was mass media, but got to ride the wave. * ?and also got to see the Web unfold? * ?and got Wikipedia and Google just in time for when I didn?t need to use libraries anymore? * ?and see some of the science fiction coming true. Looking back on it, it makes me feel a bit sorry for those born ten years later. And I can?t judge ten years earlier, but so much of that seemed to hit at the right age. Looking back at history, it seems like the last big waves of popular invention like this were decades ago. Teens with hot rods? Engineering in the 20s? I see my kids now, and they are so clearly getting the finished products of so much, not the products in the process of invention? Am I wrong? From rforno at infowarrior.org Fri May 15 12:30:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 May 2009 08:30:31 -0400 Subject: [Infowarrior] - More Nixon Tapes released Message-ID: <5D98A710-BB1E-4821-A3B2-6450FEC98DB9@infowarrior.org> SUMMARY: This notice announces the opening of additional Nixon Presidential Historical Materials by the Richard Nixon Presidential Library and Museum, a division of the National Archives and Records Administration. Notice is hereby given that, in accordance with section 104 of Title I of the Presidential Recordings and Materials Preservation Act (PRMPA, 44 U.S.C. 2111 note) and 1275.42(b) of the PRMPA Regulations implementing the Act (36 CFR part 1275), the Agency has identified, inventoried, and prepared for public access approximately 154 hours of Nixon White House tape recordings and textual materials among the Nixon Presidential Historical Materials. DATES: The Richard Nixon Presidential Library and Museum intends to make the materials described in this notice available to the public on Tuesday, June 23, 2009. The tape recordings will be made available on the Web at http://www.nixonlibrary.gov beginning at 9 a.m. (EDT)/6 a.m. (PDT). The textual materials will be made available at the National Archives building at College Park, MD beginning at 11 a.m. (EDT) with the exception of the White House Central Files of Kenneth Cole which will be made available at the Richard Nixon Library and Museum's primary location in Yorba Linda, CA beginning at 9 a.m. (PDT). In accordance with 36 CFR 1275.44, any person who believes it necessary to file a claim of legal right or privilege concerning access to these materials must notify the Archivist of the United States in writing of the claimed right, privilege, or defense before June 15, 2009. < - > http://cryptome.org/0001/nara051509.htm From rforno at infowarrior.org Fri May 15 16:06:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 May 2009 12:06:35 -0400 Subject: [Infowarrior] - OT: Administratium Discovered Message-ID: <5130EAEA-8D0D-4495-88D6-C7A015958145@infowarrior.org> New chemical Element Discovered by William DeBuvitz http://www.lhup.edu/~dsimanek/administ.htm This bit of humor was written in April 1988 and appeared in the January 1989 issue of The Physics Teacher. William DeBuvitz is a physics professor at Middlesex County College in Edison, New Jersey (USA). He retired in June of 2000. The heaviest element known to science was recently discovered by investigators at a major U.S. research university. The element, tentatively named administratium, has no protons or electrons and thus has an atomic number of 0. However, it does have one neutron, 125 assistant neutrons, 75 vice neutrons and 111 assistant vice neutrons, which gives it an atomic mass of 312. These 312 particles are held together by a force that involves the continuous exchange of meson- like particles called morons. Since it has no electrons, administratium is inert. However, it can be detected chemically as it impedes every reaction it comes in contact with. According to the discoverers, a minute amount of administratium causes one reaction to take over four days to complete when it would have normally occurred in less than a second. Administratium has a normal half-life of approximately three years, at which time it does not decay, but instead undergoes a reorganization in which assistant neutrons, vice neutrons and assistant vice neutrons exchange places. Some studies have shown that the atomic mass actually increases after each reorganization. Research at other laboratories indicates that administratium occurs naturally in the atmosphere. It tends to concentrate at certain points such as government agencies, large corporations, and universities. It can usually be found in the newest, best appointed, and best maintained buildings. Scientists point out that administratium is known to be toxic at any level of concentration and can easily destroy any productive reaction where it is allowed to accumulate. Attempts are being made to determine how administratium can be controlled to prevent irreversible damage, but results to date are not promising. From rforno at infowarrior.org Fri May 15 17:44:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 May 2009 13:44:22 -0400 Subject: [Infowarrior] - Report: Index of Personal and Economic Freedom Message-ID: <0A8AB6F3-9E62-438F-B7DB-85D1AAE72F57@infowarrior.org> Freedom in the 50 States: Index of Personal and Economic Freedom William P. Ruger and Jason Sorens Abstract This paper presents the first-ever comprehensive ranking of the American states on their public policies affecting individual freedoms in the economic, social, and personal spheres. We develop and justify our ratings and aggregation procedure on explicitly normative criteria, defining individual freedom as the ability to dispose of one?s own life, liberty, and justly acquired property however one sees fit, so long as one does not coercively infringe on other individuals? ability to do the same. This study improves on prior attempts to score economic freedom for American states in three primary ways: 1) it includes measures of social and personal freedoms such as peaceable citizens? rights to educate their own children, own and carry firearms, and be free from unreasonable search and seizure; 2) it includes far more variables, even on economic policies alone, than prior studies, and there are no missing data on any variable; 3) we adopt new, more accurate measurements of key variables, particularly state fiscal policies. We find that the freest states in the country are New Hampshire, Colorado, and South Dakota, which together achieve a virtual tie for first place. All three states feature low taxes and government spending and middling levels of regulation and paternalism. New York is the least free by a considerable margin, followed by New Jersey, Rhode Island, California and Maryland. On personal freedom alone, Alaska is the clear winner, while Maryland brings up the rear. As for freedom in the different regions of the country, the Mountain and West North Central regions are the freest overall while the Middle Atlantic lags far behind on both economic and personal freedom. Regression analysis demonstrates that states enjoying more economic and personal freedom tend to attract substantially higher rates of internal net migration. The data used to create the rankings are publicly available online at www.statepolicyindex.com , and we invite others to adopt their own weights to see how the overall state freedom rankings change. < - > http://www.statepolicyindex.com/?page_id=143 From rforno at infowarrior.org Fri May 15 22:37:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 May 2009 18:37:38 -0400 Subject: [Infowarrior] - DOD declares war on spam in bid to protect networks Message-ID: Defense declares war on spam in bid to protect networks By Bob Brewin 05/14/2009 http://www.nextgov.com/nextgov/ng_20090514_2422.php The Defense Information Systems Agency asked technology companies on Wednesday for ideas on how to build an e-mail defense system on the perimeter of its networks that can scan 50 million inbound messages a day to catch spam, viruses and cyberattacks. In a notice to industry, DISA said it needs to protect 700 unclassified network domains and that, while there are many individual e-mail domains administered by Defense Department units, "there is a possibility these may be combined into one enterprise DoD e-mail domain." Defense currently scans e-mails for viruses and spam coming into systems serving the military services, commands or units. DISA wants to extend the protection to the interface between the Internet and its unclassified network, the Non-classified Internet Protocol Router Network. The agency also wants the ability to scan all outbound e- mails from the 5 million users. The issue of spam is serious, Defense reports. Army Lt. Gen. Keith B. Alexander, director of the National Security Agency, told an audience attending the RSA Security Conference in San Francisco in April that about 20 billion e-mails are sent globally every day, of which 65 percent to 70 percent are spam. DISA's request ties in with recommendations that the Defense Science Board issued in April that said Defense is more vulnerable to cyberattacks because of its decentralized networks and systems. The board envisioned a major role for DISA in developing the architecture for enterprisewide systems. The agency asked IT companies to submit ideas for developing an unclassified e-mail security gateway that would provide a security border that at a minimum could filter viruses, spam, phishing attacks and content in the e-mails sent to 5 million Defense personnel. The system would protect the "logical first hop" into Defense networks and would not be intended to take the place of individual e-mail security systems that the services, commands, bases and units operate. Margaret Diego, global product marketing for Trend Micro in Cupertino, Calif., said her company can provide such services, starting with matching the addresses of incoming e-mails against a database of known senders of spam. Trend Micro scans e-mail for viruses and spam, and then performs content filtering in the body of the e-mail. If the message passes all the checks, it's sent to the recipient. The biggest problem DISA faces in deploying an e-mail system on such a massive scale is management, including policies that govern the kinds of traffic that can be passed through the system, said David Frazer, director of technology services for F-Secure, an Internet security company based in Helsinki, Finland. Once a new threat is discovered, it must be included in e-mail protection software and pushed out to servers that run the protection system, he said. Gary Moore, chief technology officer for Entrust in Dallas, a manufacturer of scanning software for outbound e-mail traffic, said Defense will need to deploy a massive server and network infrastructure to sift through 50 million e-mails a day and estimated the cost of such a system at $100 million. From rforno at infowarrior.org Sat May 16 17:05:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 May 2009 13:05:02 -0400 Subject: [Infowarrior] - Wolfram Alpha is live Message-ID: <1DF36FD9-331A-4894-8740-FB6430E88583@infowarrior.org> http://www.wolframalpha.com/ Wolfram|Alpha's long-term goal is to make all systematic knowledge immediately computable and accessible to everyone. We aim to collect and curate all objective data; implement every known model, method, and algorithm; and make it possible to compute whatever can be computed about anything. Our goal is to build on the achievements of science and other systematizations of knowledge to provide a single source that can be relied on by everyone for definitive answers to factual queries. Wolfram|Alpha aims to bring expert-level knowledge and capabilities to the broadest possible range of people?spanning all professions and education levels. Our goal is to accept completely free-form input, and to serve as a knowledge engine that generates powerful results and presents them with maximum clarity. Wolfram|Alpha is an ambitious, long-term intellectual endeavor that we intend will deliver increasing capabilities over the years and decades to come. With a world-class team and participation from top outside experts in countless fields, our goal is to create something that will stand as a major milestone of 21st century intellectual achievement. > > http://www.wolframalpha.com/ From rforno at infowarrior.org Sat May 16 17:17:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 May 2009 13:17:03 -0400 Subject: [Infowarrior] - Blind interpreter a US Air security risk Message-ID: Blind interpreter detained at Philly airport says he has nightmares from arrest http://www.philly.com/philly/news/20090512_Blind_interpreter_detained_at_Philly_airport_says_he_has_nightmares_from_arrest.html By JESSICA BAUTISTA & KITTY CAPARELLA Philadelphia Daily News caparek at phillynews.com 215-854-5880 A BLIND INTERNATIONAL interpreter who says he was dragged off a Belgium-bound flight, arrested and held in custody in Philadelphia for hours without food or water faces an arraignment Thursday. His crime: He questioned why his U.S. Airways flight was delayed nearly two hours. Nicola Cantisani, 61, of Brussels, Belgium, a professional translator who has been blind since birth, was charged with resisting arrest and disorderly conduct, police said. "This is taking airplane security to a new and ridiculous level," said his attorney, A. Charles Peruto Jr. "It's pretty crazy." Cantisani and his wife, Paola, were returning to Brussels April 4 after visiting family in New York. The couple changed planes at Philadelphia International Airport and boarded the 8:32 p.m. flight. After the plane sat on the tarmac for some time, passengers were told that the flight would be delayed - without explanation, according to Cantisani. They were unable to use phones, receive attendant service or move from their seats. "That was the straw that unfortunately broke the camel's back," Cantisani said. "It just got to me: They board you and just taxi you around." Cantisani said he stood up to request a glass of water and to speak with the crew or captain about the delay, but was told to sit down. In interviews in Philadelphia and later by phone from Brussels, Cantisani described what he called an "indescribable" chain of events that has given him nightmares. "I felt I was being kidnapped - like I was a hostage," Cantisani said of the wait. Cantisani said he spoke with the captain, who told him the plane was having mechanical problems. He then returned to his seat. Shortly afterward, another passenger made a remark about the crew, prompting three Philadelphia Police officers to escort that man off the plane, Cantisani said. Then, police tried to remove Cantisani as well, he said. Lt. Frank Vanore, a police spokesman, said the police were called to Gate A-19 because of a disorderly passenger. "A passenger had become irate over the delay," Vanore said. Cantisani, unaware of why he was being removed, refused to leave. He said the officers yanked Cantisani from his seat and dragged him off the plane, injuring his hand, which was gripping his seat belt . Then they forced him into a wheelchair. At one point, an officer held him "by the throat," he said. Vanore said that Cantisani had been asked several times to leave the plane but continually refused. A U.S. Airways representative said Cantisani was an unruly passenger who had refused to exit the plane. During the struggle with police, Cantisani said, he lost his retractable walking cane, making him unable to navigate. Officers told him they had done the "blind test" and didn't believe he was blind, he said. Vanore said he knew of no "blind test" administered by police. Cantisani claimed he was held in police custody at the airport from about 10 p.m. to 3 a.m. without food, water or access to his phone or outside communication. His wife, who had followed him off the plane, said she "was asking a lot of questions" but got no explanation. After speaking with the officers, Cantisani - who translates several languages for international conferences - said he was asked how much English he spoke and was questioned by a psychiatrist. About 3 a.m., he was taken to the 18th Police District, where he was detained until late the next evening, he said. "I was never read my rights. I was put against the wall, told to put [my] hands on the wall, empty [my] pockets and undo my shoelaces," Cantisani said. "Then, I was shoved into a 6-by-7-foot cell and that was it." Cantisani said that without his cane to help him navigate, he bumped his head, causing it to bleed. Cantisani said no one believed he was blind until the end of his stay. "Imagine yourself blindfolded and being knocked around, and I had no idea how long that was going to last," Cantisani said. After Cantisani appeared before a bail commissioner, he was released sometime after 7:35 p.m. April 5 and driven to the Penn View Hotel in Old City, where he was reunited with his wife. Cantisani said he remains "beside himself" about the flight procedures, the crew and the officers who handled him. "It's indescribable . . . I still have nightmares," Cantisani said. "I wake up in the middle of the night thinking I'm in a prison cell." Cantisani said he does not plan to return to Philadelphia. Peruto said he would represent Cantisani in court Thursday. From rforno at infowarrior.org Sun May 17 18:14:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 May 2009 14:14:43 -0400 Subject: [Infowarrior] - DHS HSIN hacked Message-ID: Information-sharing platform hacked * By Ben Bain * May 13, 2009 http://fcw.com/articles/2009/05/13/web-dhs-hsin-intrusion-hack.aspx Homeland Security Information Network suffers intrusions The Homeland Security Department?s platform for sharing sensitive but unclassified data with state and local authorities was hacked recently, a DHS official has confirmed. The intrusion into the Homeland Security Information Network (HSIN) was confirmed to Federal Computer Week by Harry McDavid, the chief information officer for DHS? Office of Operations Coordination and Planning. McDavid said the U.S. Computer Emergency Readiness Team reported an intrusion into the system in late March. The initial hack was brief and limited, and it was followed by a more extensive hack in early April, McDavid said. The hacker or hackers gained access to the data by getting into the HSIN account of a federal employee or contractor, McDavid said. The bulk of the data obtained was federal, but some state information was also accessed, he added, and the organizations that owned the data and Congress were notified of the intrusion. The files that were accessed contained administrative data such as telephone numbers and e-mail addresses of state and federal employees. However, an investigation into the incidents has found that no Social Security numbers, driver's license numbers or financial data were obtained, McDavid said. Because HSIN is a sensitive but unclassified network ?no information can be posted on HSIN that would cause anything more than minor damage to the homeland security mission,? he said, adding that none of the accessed files dealt with the operations of either federal or state agencies that use HSIN. McDavid said he did not know of other successful hacks into the platform. He called the tactics used to gain access to the user account ?very sophisticated.? However, he said the amount of data accessed was relatively minor and that officials have been able to map exactly what files were accessed. ?We immediately put in place a package of mitigation actions,? he said. ?One of those actions was to install two-factor identification on certain accounts that would preclude this identical type of intrusion from occurring again.? Ongoing work to upgrade HSIN has allowed DHS to quickly deploy new security measures to prevent similar intrusions from occurring, McDavid said. DHS awarded a contract worth as much as $62 million in May 2008 to upgrade HSIN to the HSIN Next Gen platform. Officials say HSIN Next Gen will better meet users? needs and improve security. McDavid said DHS? investigation into the incident found that no latent malicious code or applications were left behind. In addition, he said that although an authorized account was used to gain access to the system, no HSIN users had been found to be at fault and officials are working on a report about the hack for Homeland Security Secretary Janet Napolitano. The report is expected to be completed this summer, he said. From rforno at infowarrior.org Sun May 17 18:15:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 May 2009 14:15:25 -0400 Subject: [Infowarrior] - DHS HSIN hacked Message-ID: <98A7BBA2-956C-4A6C-A3E5-3782C479D9B2@infowarrior.org> Information-sharing platform hacked * By Ben Bain * May 13, 2009 http://fcw.com/articles/2009/05/13/web-dhs-hsin-intrusion-hack.aspx Homeland Security Information Network suffers intrusions The Homeland Security Department?s platform for sharing sensitive but unclassified data with state and local authorities was hacked recently, a DHS official has confirmed. The intrusion into the Homeland Security Information Network (HSIN) was confirmed to Federal Computer Week by Harry McDavid, the chief information officer for DHS? Office of Operations Coordination and Planning. McDavid said the U.S. Computer Emergency Readiness Team reported an intrusion into the system in late March. The initial hack was brief and limited, and it was followed by a more extensive hack in early April, McDavid said. The hacker or hackers gained access to the data by getting into the HSIN account of a federal employee or contractor, McDavid said. The bulk of the data obtained was federal, but some state information was also accessed, he added, and the organizations that owned the data and Congress were notified of the intrusion. The files that were accessed contained administrative data such as telephone numbers and e-mail addresses of state and federal employees. However, an investigation into the incidents has found that no Social Security numbers, driver's license numbers or financial data were obtained, McDavid said. Because HSIN is a sensitive but unclassified network ?no information can be posted on HSIN that would cause anything more than minor damage to the homeland security mission,? he said, adding that none of the accessed files dealt with the operations of either federal or state agencies that use HSIN. McDavid said he did not know of other successful hacks into the platform. He called the tactics used to gain access to the user account ?very sophisticated.? However, he said the amount of data accessed was relatively minor and that officials have been able to map exactly what files were accessed. ?We immediately put in place a package of mitigation actions,? he said. ?One of those actions was to install two-factor identification on certain accounts that would preclude this identical type of intrusion from occurring again.? Ongoing work to upgrade HSIN has allowed DHS to quickly deploy new security measures to prevent similar intrusions from occurring, McDavid said. DHS awarded a contract worth as much as $62 million in May 2008 to upgrade HSIN to the HSIN Next Gen platform. Officials say HSIN Next Gen will better meet users? needs and improve security. McDavid said DHS? investigation into the incident found that no latent malicious code or applications were left behind. In addition, he said that although an authorized account was used to gain access to the system, no HSIN users had been found to be at fault and officials are working on a report about the hack for Homeland Security Secretary Janet Napolitano. The report is expected to be completed this summer, he said. From rforno at infowarrior.org Mon May 18 01:15:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 May 2009 21:15:31 -0400 Subject: [Infowarrior] - AF CyberCommand to be located in Texas Message-ID: <0D157FB5-6B9B-4ECD-9258-92D1F219998B@infowarrior.org> Friday, May 15, 2009 ? Last updated 8:16 a.m. PT Texas to be home of Air Force cyber command http://www2.seattlepi.com/articles/406253.html By GARY MARTIN SAN ANTONIO EXPRESS-NEWS WASHINGTON -- Lackland AFB in San Antonio is being selected by Air Force officials as the headquarters for a new cyber command, an official close to the selection process said late Thursday. The Air Force is expected to make the selection official today, but lawmakers representing states and cities with potential sites were being notified in advance of the announcement. Lackland was selected by the Air Force as the best of several other candidates for the headquarters, which would mean an influx of infrastructure, security and 400 staffers. The headquarters will include the commander's staff and an operations center. The operations primarily will focus on defending Air Force computers against cyber attack and preventing computer disruptions. Sen. Kay Bailey Hutchison, R-Texas, said selecting Lackland was "great news for San Antonio." Hutchison said Lackland "and its dedicated military personnel have the unique and varied attributes that made it the obvious choice." Bexar County Judge Nelson Wolff said he was surprised to hear Lackland was selected, because a Louisiana site was considered the front-runner. "This is a good surprise," Wolff said, adding that it comes on the heels of last week's announcement that Medtronic Diabetes Therapy Management and Education Center is moving to San Antonio and will hire 1,400 workers over five years. The selected site for the cyber command now must undergo an environmental impact assessment. A final announcement of where to place the command will come later this summer, after the assessment is conducted, said Carla Pampe, a spokeswoman for the command in Louisiana. Alternative sites also will be announced, should the finalist site be eliminated by the environmental impact assessment. The temporary location of the command is at Barksdale AFB in Shreveport, La. The Louisiana base was one of six finalists. Other potential sites were Langley AFB, Va.; Offut AFB, Neb.; Peterson AFB, Colo.; and Scott AFB, Ill. Hutchison and Rep. Charlie Gonzalez, D-San Antonio, led efforts to sway Air Force officials to locate the command at Lackland, where existing missions are located. When Lackland was named a finalist in January, Gonzalez said the Air Force base was "well-positioned" to get the command because of existing work there. Lackland is home to the Intelligence, Surveillance and Reconnaissance Agency, the Cryptologic Systems Group, the 67th Network Warfare Wing, the Information Operation Center and the Join Operation Warfare Command. In addition, the University of Texas at San Antonio has cyber-related research, and the National Security Agency's Texas Cryptologic Center is in San Antonio. Wolff said landing the command at Lackland also would boost local efforts to get "more jobs here with NSA." "This is a positive step toward that effort," Wolff said. Rep. Ciro Rodriguez agreed, saying, "The Air Force cyber center is a major component of security, but it also will have some other components for the private sector, which will trigger other forms of jobs." Rodriguez, D-San Antonio, said the command would be a "a good incubator" for business. Sen. John Cornyn, R-Texas, and the entire Texas congressional delegation signed onto a letter urging the Air Force to put the command in San Antonio. And Hutchison, the ranking Republican on the Senate Appropriations subcommittee on military construction and military affairs, touted San Antonio as the location for the center in a March meeting with Air Force Chief of Staff Gen. Norton Schwartz. In the selection process, the Air Force considered factors that included existing cyber activities, network capabilities, infrastructure and security. San Antonio demonstrated it had the networks and infrastructure to become a national center for cyber security, Hutchison said. Hutchison said she would work with Congress, the Air Force and San Antonio leaders to "ensure a smooth and efficient transition process so we can stand up this critical new command as quickly as possible." ?1996-2009 Seattle Post-Intelligencer From rforno at infowarrior.org Tue May 19 13:18:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 May 2009 09:18:13 -0400 Subject: [Infowarrior] - Inside DARPA's latest projects Message-ID: <14186FE6-C1F9-4BFE-BA7F-BC2AB83871C1@infowarrior.org> By Layer 8 on Mon, 05/18/09 - 9:42am. http://www.networkworld.com/community/node/41935 When it comes to building the most advanced, bad-ass technologies around there are few science enclaves that can match the US Defense Advanced Research Projects Agency. Last week the outfit detailed nine top strategic research programs in a 57-page report. The report states the programs will lead to revolutionary, radical high-payoff (and many times high-cost) technology advances. Indeed DARPA's projects run the gamut from building extremely fast, secure networks, and developing higher, longer flying unmanned aircraft to bio-related advances that help bring vaccines to a useful state faster and space technologies that offer modular satellite systems. If you want to get a general idea of the scope of DARPA's programs, here is a short list of research projects on the table. Most of which are spelled out with more detail later: -Accelerated Development and Production of Therapeutics: rapidly and inexpensively manufacture millions of doses of life saving drugs or vaccines in weeks, instead of the years required to ramp up today's manufacturing practices. -Blue Laser for Submarine Laser Communications: provide for timely, large area submarine communications at speed and depth, which no other future or existing system, or combinations of systems, can do. -High Energy Liquid Laser Area Defense System: novel, compact, high power lasers making practical small-size and low-weight speed-of- light weapons for tactical mobile air- and ground-vehicles. -High Productivity Computing Systems: supercomputers are fundamental to a variety of military operations, from weather forecasting to cryptography to the design of new weapons; DARPA is working to maintain our global lead in this technology. -Networks: self-forming, robust, self-defending networks at the strategic and tactical level are the key to network-centric warfare; these networks will use spectrum far more efficiently and resist disruption if the GPS time signal is unavailable. -Quantum Information Science: exploiting quantum phenomena in the fields of computing, cryptography, and communications, with the promise of opening new frontiers in each area. -Real-Time Accurate Language Translation: real-time machine language translation of structured and unstructured text and speech with near-expert human translation accuracy. The nine strategic programs feature a multitude of technologies as you might guess. Here I have tried to distill some of the most advanced here from DARPA's Strategic Plan 2009 report, including: Ground control to Major Tom: Space is where it's at As you may know, DARPA began as a space agency, when the shock of Sputnik caused Americans to believe the Soviet Union had seized "the ultimate high ground." DARPA's space strategy includes a number of ambitious projects including: The Falcon program has been working to build a jet that can hit the Mach 6+ range. A major goal of the program is to flight-test key hypersonic cruise vehicle technologies in a realistic flight environment. Recently DARPA conducted both low- and high-speed wind tunnel tests that validate the stability and control of the hypersonic technology. Test flights are planned from Vandenberg Air Force Base to Kwajalein Atoll to test thermal and aerodynamic control systems. One flight will follow a fairly direct trajectory, while the second "buttonhook" trajectory will demonstrate significant cross-range maneuver capability. DARPA's System F6 program takes a dramatically new approach towards designing, building, launching, and operating larger spacecraft. The F6 or Future, Fast, Flexible, Fractionated, Free-Flying Spacecraft United by Information Exchange also known as the System F6, is intended to let the agency deploy individual pieces or what it calls "fractionated modules" of current all-in-one satellites. For example, each fractionated module would support a unique capability, such as command and control, data handling, guidance and navigation, payload. Modules could replicate the functions of other modules as well. Such modules can be physically connected once in orbit or remain nearby to each other in a loose formation, or cluster, harnessed together through a wireless network they create a virtual satellite. According to DARPA such a virtual satellite effectively constitutes a "bus in the sky" - wherein customers need only provide and deploy a payload module suited to their immediate mission need, with the supporting features supplied by a global network of infrastructure modules already resident on-orbit and at critical ground locations. In addition, there can be sharing of resources between various "spacecraft" that are within sufficient range for communication. DARPA said the within the F6 network all subsystems and payloads can be treated like a uniquely addressable computing peripheral or network device. Meanwhile, the Space Surveillance Telescope (SST) program will enhance space situational awareness by demonstrating rapid, unsecured search, detection, and tracking of faint, deep-space objects. SST is using curved focal plane array technology to develop a large-aperture optical telescope with very wide field of view to detect and track new and unidentified objects that suddenly appear with unknown purpose or intent, such as small, potentially hazardous debris objects and future generations of small satellites. DARPA's ISIS program recently got the go ahead to build a roughly 1/3- scale model of a stratospheric airship that if completed in-scale will basically house a floating 15-story radar system capable of detecting and tracking everything from small cruise missiles and unmanned aerial vehicles to soldiers and small vehicles under foliage up to 300 kilometers away. The move to unmanned warfare Without a doubt unmanned aircraft have already had a huge impact on military and civilian flying worlds. DARPA says its efforts have been focused in two areas: First, to improve individual platforms so that they provide new or improved capabilities, such as unprecedented endurance or survivability. Second, expand the level of autonomy and robustness of robotic systems. Some of the more advanced unmanned aircraft projects include: -The A160 program is developing an unmanned helicopter for intelligence, surveillance, and reconnaissance (ISR) missions, with long endurance - up to 20 hours - and the ability to hover at high altitudes. In 2008, the A160 set a world record for UAV endurance when it completed an 18.7 hour endurance flight. The A160 concept is being evaluated for surveillance and targeting, communications and data relay, crew recovery, resupply of forces in the field, and special operations missions in support of Army, Navy, Marine Corps, and other needs. -Vulture will develop an aircraft capable of remaining on-station for over five years, pushing technology and design so that the system may not require refueling or maintenance. A single Vulture aircraft could support traditional intelligence, surveillance, and reconnaissance functions over country-sized areas, while also providing geostationary satellite-class communication capabilities but at a fraction of the cost. -Rapid Eye program is creating the capability to deliver a persistent intelligence, surveillance, and reconnaissance asset anywhere worldwide within one to two hours. The program will develop a high- altitude, long-endurance, unmanned aircraft that can be put on existing space launch systems, withstand atmosphere re-entry, and provide efficient propulsion in a low-oxygen environment at low speed. Just as air vehicles have moved toward both increased mission complexity and increased environmental complexity, DARPA is also trying to increase both the mission and environmental complexity for autonomous ground vehicles. This will help meet the Congressional goal that, by 2015, one third of US operational ground combat vehicles will be unmanned. The Unmanned Ground Combat Vehicle - Perception for Off-Road Robotics (PerceptOR) - Integration (UPI) program demonstrated an unmanned ground vehicle (UGV) capability. DARPA has begun to transition this technology to the Army, and provided a prototype ground vehicle with PerceptOR vehicle control algorithms and software to the Army Tank- Automotive Research, Development and Engineering Center to use in developing a UGV control architecture, and conducting vehicle design and control risk mitigation activities for Future Combat Systems vehicle. Getting more power in the face of the enemy By using improved information technology, DARPA intends to reduce the layers and amount of infrastructure needed to operate the computers, software applications, and networks that support the front-line fighting forces, letting military personnel conduct new kinds of missions in new ways. The fundamental goal is to get a larger proportion of forces into the fight. With that in mind, DARPA said it as embarked on an ambitious mission to create a new generation of computing systems - cognitive computers - to dramatically reduce military manpower and extend the capabilities of military personnel. DARPA's cognitive computing research is developing technologies that will enable computer systems to learn, reason and apply knowledge gained through experience, and respond intelligently to new and unforeseen events. The Personalized Assistant that Learns (PAL) program has been developing integrated cognitive systems to act as personalized executive-style assistants to military commanders and decision-makers. PAL is creating a new generation of machine learning technology so information systems automatically adjust to new environments and new users, help commanders maintain the battle rhythm and adapt to new enemy tactics, evolving situations and priorities, and accelerate the incorporation of new personnel into command operations, while making more effective use of resources. DARPA's Integrated Learning program has demonstrated software that an learn these planning tasks by watching examples. Once the system learns a planning task, it can then support other operators who are perhaps less expert by guiding them through the task. This software will eventually make it practical to create many sophisticated decision support systems that will make operators faster and more effective. Improved real-time translation of foreign languages at both the strategic and tactical levels is another important way computers can assist the military and civilians. Real-time language translation technology will help US forces better understand adversaries and overall social and political contexts of the operational areas. This improved awareness will decrease costly mistakes due to misunderstandings, and also improve the chances of success. The goal of the Global Autonomous Language Exploitation (GALE) program is to translate and distill foreign language material (television shows and newspapers) in near real-time, highlight the salient information, and store the results in a searchable database. Through this process, GALE would be able to produce high-quality answers to the types of questions that are normally pro-vided by bi-lingual intelligence analysts. GALE is making progress toward achieving this very ambitious goal by 2011. The agency is developing the System for Tactical Use program, a two-way speech translation system to convert spoken foreign language input to English output and vice versa. The networks have it DARPA is developing technologies for wireless tactical net-centric warfare that will enable reliable, mobile, secure, self-forming, ad hoc networking among the various echelons while using available spectrum very efficiently. For starters, DARPA said frequency spectrum is scarce and valuable. Most of the radio frequency spectrum is already allocated to users who may or may not be using it at a given time and place. DARPA's neXt Generation (XG) Communications technology will effectively make up to ten times more spectrum available by taking advantage of spectrum that has been assigned but is not being used at a particular point in time. XG technology senses the actual spectrum being used and then dynamically uses the spectrum that is not busy at that particular place and time. XG resists jamming and does not interfere with other users. DARPA also has been developing autonomous network communications for the cluttered environment of cities. Urban clutter usually creates multiple signals from diverse reflections of the initial signal (multi- path), and the result is weak and/or fading voice/data communications. DARPA's the Mobile Networked Multiple-Input/Multiple-Output (MNM) program is actually exploiting multipath phenomena to improve communications between vehicles moving in cities without using a fixed communications infrastructure. Besides tactical networking, DARPA is bridging strategic and tactical operations with high-speed, high-capacity communications networks. The Department's strategic, high-speed fiber optic network, called the Global Information Grid (GIG), has an integrated network whose data rate is hundreds to thousands of megabits per second. To reach the battlefield deployed elements, data on the GIG must be converted into a wireless format for reliable transmission to the various elements and echelons within the theater. This data rate mismatch creates problems in the timely delivery of information to military personnel. In response to this challenge, DARPA has been working on robust network management to combine the high data-rate capability of laser communications with the high reliability of radio frequency communications and obtain the benefits of both. DARPA's Optical RF7 Communications Adjunct (ORCA) program will design, build, and demonstrate a prototype tactical network connecting ground- based and airborne elements. ORCA's goal is to create a high data rate backbone network, via several airborne assets that nominally fly at 25,000 feet and up to 200 kilometers apart, which provides GIG services to ground elements up 50 kilometers away from any one node. Networks rely on a widely available timing signal, or common clock, to sequence the movement of voice and data traffic and to enable encryption. The timing signal is often provided by the Global Positioning System (GPS) or broadcast via other radio signals. We should expect adversaries to attack our networks by blocking these timing signals. DARPA has been developing a miniature atomic clock - measuring approximately one cubic centimeter - to supply the timing signal should the external signal be lost. The Chip-Scale Atomic Clock will let a network node, using a Single Channel Ground and Airborne Radio System, maintain synchronous operation with the network for several days after loss of the GPS signal. Urban area warfare To provide a response to the challenges of battles in hard-to-reach areas, DARPA said it is assembling sensors, exploitation tools, and battle management systems to rapidly find, track, and destroy irregular forces that operate there. This includes small-units operating in mountains, forests, and swamps; ground troops that abandon open country for cities; and insurgents whose whole organization - finance, logistics, weapon fabrication, attack - is embedded in civilian activities. DARPA is even looking out to sea to counter the piracy threat. For example, changes detected between images generated by DARPA's foliage-penetrating radar can be used to engage elusive targets. The FORESTER radar operates at frequencies that penetrate the forest canopy. Algorithms, running either on an aircraft or by the network at a ground station, compare images taken at different times to detect changes that signify either departures or arrivals. Because radars operate in all weather and at long ranges, this technique can discover the location of potential targets over very wide areas. DARPA is also networking radars together. DARPA's NetTrack program uses airborne radars to gather features of moving vehicles and pass that information over a network to maintain tracking information over extended periods. This network of radars will allow us to track the enemy even if they move behind obstructions or into urban canyons. To identify targets in response to these cues, DARPA has developed laser radar, or ladar sensors that can obtain exquisitely detailed, 3- D imagery. shows a ladar image of a tank beneath forest cover. By flying the ladar over a potential target, photons can be collected from many different angles. Those photons that pass through gaps between leaves for example, however few, can be collated together into a composite image. New computational methods can match these data against 3-D geometric models of a variety of target types, even identifying gun barrels, rocket launchers, and other equipment that unambiguously indicate the military nature of the vehicle. DARPA has several programs to vastly improve capabilities to understand what is going on throughout a complex urban environment, including the ability to detect adversaries hiding in buildings and other structures, and to find hidden explosives or weapons of mass destruction. DARPA's UrbanScape system will rapidly create a three-dimensional model of an urban area that allows the user to navigate and move around in a computer environment much like a video game, but one based on real data. This will allows troops to become very familiar with the urban terrain before beginning a mission. A helmet-mounted visor is being developed that displays a fused image created from several other helmet-mounted sensors - even when it's too dark for night vision goggles, or when peering through smoke and fog. And DARPA developed a hand-held radar that senses people on the other side of walls to detect potential enemies before military personnel enter a room or building. Another program, DARPA's Predictive Analysis for Naval Deployment Activities (PANDA) program is developing technology that exploits surface maritime vessel tracks to automatically learn the normal behavior of over 100,000 vessels, and then detect deviations. PANDA will automatically provide alerts on those vessels exhibiting suspicious activity, including activities that have not been previously seen or defined. Tagging, tracking and locating capabilities DARPA has been developing new capabilities to persistently monitor targets or equipment of interest; tag, track and locate enemy activities; track and detect weapons fabrication and movement; and precisely discriminate threat from non-threat entities. Protecting the military from attacks is an ever-present challenge - especially in the close-quarters and congestion of cities. DARPA is developing technologies to detect, prevent, or mitigate attacks, including suicide bombers, improvised explosive devices, and weapons of mass destruction. Improvised explosive devices (IEDs) remain a significant threat to our forces in Iraq and Afghanistan. DARPA's Hardwire program has developed an entirely new class of armor that weighs less than comparable steel armor and has demonstrated outstanding protection against armor piercing rounds, fragments, and IEDs. Small arms fire poses a constant threat, particularly in urban terrain. DARPA's low-cost Boomerang shooter detection and location system provides a protection tool that warns ground forces when they are being fired upon and where the fire is coming from. Building on the success of Boomerang, DARPA is developing a detection and warning system for ground forces under the Crosshairs program, which incorporates the Boomerang system as well as an advanced radar capable of detecting a broad range of threats including small arms, rockets, missiles, and mortars. DARPA programs are also modeling and understanding social indicators that precede the onset of hostilities and conflict, coupled with tools to develop strategies to stabilize an urban area and assist US civil affairs units. Meanwhile DARPA's LANDROID system which creates small robots that are also communications relay nodes to establish and manage communication networks. Military folks will carry several of these pocket-sized LANdroids, dropping them as they deploy. The LANDroids will talk to one another and spread out to establish a mesh communications network over the region. When the fighters move, the LANdroids and the network will move with them to maintain robust, self-healing communications. Bio-Revolution Developing defenses against biological attack poses daunting problems. Strategies using today's technologies to counter future biological threats are seriously limited. First, it is nearly impossible to predict what threats might emerge in two decades, particularly engineered threats. Second, from the moment a new pathogen is first identified - either a weapons agent or a naturally emerging pathogen - today's technology requires at least 15 years to discover, develop, and manufacture large quantities of an effective therapy. It would be exorbitantly costly to attempt to cover the bases with the research and development required to deal with a wide range of potential threats, and then stockpile, maintain, and indefinitely renew population-significant quantities of vaccines or other therapeutics just in case one or more of those threats might emerge., DARPA stated. DARPA has developed approaches to dramatically increase the effectiveness of vaccines. One agent, CpG, has been shown to reduce the dose required to achieve immunity and the number of "booster shots" required to maintain immunity. With CpG, DARPA demonstrated a nearly nine-fold improvement in response to the anthrax vaccine, and significantly shortened the time until military personnel are fully protected. CpG has transitioned widely and is in advanced clinical trials for influenza and biodefense vaccines. DARPA's work to discover new therapies include our Protein Design Process program, with the goal to demonstrate a computer-based system that can identify new targets and therapies within 24 hours, in sharp contrast to the weeks or months currently required. DARPA's Rapid Vaccine Assessment (RVA) program has been developing new ways to test vaccines and rapidly provide more precise, biologically relevant evaluation of human responses than conventional tissue culture systems or animal testing. For combat injuries on the battlefield, hemorrhage continues to be the leading cause of death, accounting for about 50% of fatalities, DARPA said. To provide more time for evacuation, triage, and supportive therapies, DARPA's Surviving Blood Loss (SBL) program has been developing novel strategies to delay the onset of hemorrhagic shock due to blood loss by extending the "golden hour" after severe trauma to six to ten hours, or more. SBL is working to understand how energy production, metabolism, and oxygen use is controlled, and to identify protective mechanisms to preserve cellular function despite low oxygen caused by blood loss. SBL has identified very promising compounds, including hydrogen sulfide and estrogen, that, in large animal tests, extend survival from potentially lethal hemorrhage to more than three hours without requiring resuscitative fluids. Human safety trials for hydrogen sulfide are proceeding. Miscellaneous core technologies All things Quantum DARPA's Quantum Entanglement Science and Technology (QuEST) program is creating new quantum information science technologies, focusing on loss of information due to quantum decoherence, limited communication distance due to signal attenuation, protocols, and larger numbers of quantum bits (Qubits) and their entanglement. Key among the program's challenges is integrating improved single- and entangled-photon and electron sources and detectors into quantum computation and communication networks. Defense applications include highly secure communications, algorithms for optimization in logistics, highly precise measurements of time and position on the earth and in space, and new image and signal processing methods for target tracking. Parts is parts DARPA's Structural Amorphous Metals (SAM) program is building a new class of bulk materials with amorphous or "glassy" microstructures that have previously unobtainable combinations of hardness, strength, damage tolerance and corrosion resistance. Calcium-based SAM alloys are being developed for ultralight space structures, aluminum-based alloys for efficient turbine compressor blades, and iron-based alloys for corrosion resistance in marine environments. In an effort with the Navy, the Naval Advanced Amorphous Coatings program has devised a thermal spray technique that produces textured amorphous metal coatings with a high coefficient of friction and wear, impact, and corrosion resistance that is superior to any other corrosion- resistant, non-skid material, with the goal of certifying them for unrestricted use on Navy ships. Honey I shrunk the device Advances in nano-science and nanotechnology, where matter is manipulated at the atomic scale enable still-more-complex capabilities in ever smaller and lower-power packages. DARPA envisions adaptable microsystems for enhanced radio frequency and optical sensing; more versatile signal processors for extracting minute signals in the presence of overwhelming noise and intense enemy jamming; high- performance communication links with assured bandwidth; and intelligent chips that let a user convert data into information in near-real-time. From rforno at infowarrior.org Tue May 19 13:24:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 May 2009 09:24:22 -0400 Subject: [Infowarrior] - Google's "Big Brother" project Message-ID: <2F21C3B2-25ED-4F2F-A43C-90B6668F7357@infowarrior.org> Precrime, anyone? --rf Google?s (GOOG) ?Big Brother? Act: Screen Employee Behavior, And It Could Be The Company?s Next Blockbuster Product Posted: May 19, 2009 at 5:09 am http://247wallst.com/2009/05/19/googles-goog-big-brother-act-screen-employee-behavior/#more-34839 WinterGoogle (GOOG) wants to know which of its employees will quit. That is natural since a number of its senior staff have left for positions at other online companies. For the first time since the company started, an exodus of people is including the firm?s best and brightest. Google thinks it has come up with a way to predict who will leave. If they system works, the search company may be able to approach people with offers to stay. According to The Wall Street Journal, ?Applying a complex equation to a basic human-resource problem is pure Google.? While the new program may be a way to retain talented staff which saves Google the effort and cost of replacing people, it could also be a service that the company can market to thousands of companies all over the world. Google has had trouble creating products beyond its core search business that make the company money. It efforts to sell PC applications to compete with Microsoft (MSFT) have been a failure based on the volume of sales. YouTube, the company?s huge video- sharing service loses several million a year. Google Maps, another large service, does not bring in any revenue at all. Retaining the best employees is a problem that faces almost every enterprise in the world, be it government or business. If the Google screen for employees who may leave is a success, it will be a sales goldmine if the search company will license it to the market. From rforno at infowarrior.org Tue May 19 17:20:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 May 2009 13:20:40 -0400 Subject: [Infowarrior] - Court Says White House Can Keep Memos on Bush E-mails Private Message-ID: <6ACBAB01-CD44-4072-B821-E588BC368875@infowarrior.org> Court Says White House Can Keep Memos on Bush E-mails Private By Del Quentin Wilber Washington Post Staff Writer Tuesday, May 19, 2009 11:04 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/05/19/AR2009051901322_pf.html A federal appeals court ruled this morning that the White House does not have to make public internal documents examining the potential disappearance of e-mails during the Bush administration. In upholding a ruling last year by a federal judge, the appeals court found that the White House's Office of Administration is not subject to the Freedom of Information Act. The ruling came in a lawsuit brought by Citizens for Responsibility and Ethics in Washington. The group filed a lawsuit in 2007 seeking to force the Office of Administration to comply with a FOIA request for documents related to the alleged sloppy retention of e-mails between 2001 and 2005, a period that included the Iraq war. The Office of Administration, which performs a variety of services for the Executive Office of the President, had complied with FOIA requests for years. But the office announced in 2007 that it no longer would process FOIA requests because officials did not believe the office was subject to the law. White House officials argued that the Office of Administration provides only administrative support and services to the president and his staff and does not exercise enough independent authority to fall under FOIA. A 1980 Supreme Court decision found that the FOIA law does not extend "to the President's immediate personal staff or units in the Executive Office [of the President] whose sole function is to advise and assist the President." The three-judge appeals panel this morning ruled that the Office of Administration's work "is directly related to the operational and administrative support of the work of the President" and his staff. Because the Office of Administration does not perform "tasks other than operational and administrative support for the President and his staff, we conclude that [it] lacks substantial independent authority and is therefore not an agency under FOIA," wrote Judge Thomas B. Griffith, who was joined in the 13-page opinion by Chief Judge David B. Sentelle and Judge A. Raymond Randolph. CREW's executive director, Melanie Sloan, said her organization was unlikely to appeal the ruling. But Sloan said CREW and other advocacy groups sent a letter recently to the Obama administration urging it have the Office of Administration comply with FOIA requests. She noted that the office had complied with the open records law for years. "Transparency and accountability start at home," she said. From rforno at infowarrior.org Wed May 20 01:27:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 May 2009 21:27:35 -0400 Subject: [Infowarrior] - FBI Use of Patriot Act Authority Increased Dramatically in 2008 Message-ID: <88559130-A8F9-40A2-9C73-A8704275C1D7@infowarrior.org> Threat Level Privacy, Crime and Security Online FBI Use of Patriot Act Authority Increased Dramatically in 2008 * By Kim Zetter Email Author * May 19, 2009 | http://www.wired.com/threatlevel/2009/05/fbi-use-of-patriot-act-authority-increased-dramatically-in-2008/ FISA-court authorizations for national security and counter-terrorism wiretaps dropped last year by almost 300, a new Justice Department report to Congress shows. But the FBI?s use of ?national security letters? to get information on Americans without a court order increased dramatically, from 16,804 in 2007 to 24,744 in 2008. The 2008 requests targeted 7,225 U.S. people. This is still much lower than the number of NSLs issued in 2006 ? more than 49,000 ? but indicates that the FBI?s reliance on the self- authorized subpoenas is rebounding, after audits in 2006 and 2007 revealed the bureau had been abusing the tool. The new seven-page report (.pdf) was submitted to Congress last Thursday. National security letters (NSL) are written demands from the FBI that compel internet service providers, credit companies, financial institutions and others to hand over confidential records about their customers, such as subscriber information, phone numbers and e-mail addresses, websites visited and more. NSLs have been used since the 1980s, but the Patriot Act expanded the kinds of records that could be obtained with an NSL. They do not require court approval, and come with a built-in lifetime gag order. With an NSL, the FBI need merely assert that the information is ?relevant? to an investigation, and anyone who gets a national security letter is prohibited from disclosing that they?ve received the request. The FBI?s use of NSLs has been sharply criticized. In 2007, a Justice Department Inspector General audit found that the FBI, which issued almost 200,000 NSLs between 2003 and 2006, had abused its authority and misused NSLs. The inspector general found that the FBI evaded limits on (and sometimes illegally issued) NSLs to obtain phone, e-mail and financial information on American citizens, and under-reported the use of NSLs to Congress. About 60 percent of a sample of the FBI?s NSLs did not conform to Justice Department rules, and another 22 percent possibly violated the statute because they made improper requests of businesses or involved unauthorized collections of information. The audit also criticized the FBI for improperly tracking its use of NSLs. Subsequently, the number of NSLs issued in 2007 dramatically dropped from 49,000 to 16,000. The new 2009 DoJ report submitted to Congress last week addresses these earlier issues by assuring legislators that the FBI has put in a number of corrective actions. According to the report, the FBI replaced the database it used for tracking NSLs, which ?has reduced errors in compiling statistics necessary for Congressional reporting.? The report says the FBI also issued a number of ?corrective NSLs? to ?provide legal authority to retain information it had previously received? for so-called ?exigent? requests and ?blanket NSLs?. Exigent requests involve an informal emergency request to a business to voluntarily hand over information until a more formal NSL can be issued to cover the request. For example, the FBI reviewed the circumstances around more than 4,000 phone numbers it obtained through NSLs to determine if proper legal process was used to obtain them. If the review team couldn?t find documentation that proper legal process was followed or if the process was insufficient, but the team determined the phone number was relevant to a national security investigation, the agency issued a corrective NSL for the data. If not, then the agency purged the collected data from its database. The DoJ report to Congress only briefly discusses FISA applications for electronic surveillance and physical surveillance related to foreign intelligence investigations. According to the document, authorities submitted 2,082 so-called ?FISA applications? to the Foreign Intelligence Surveillance Court last year. But the court, which evaluates such requests, approved 2,083 FISA applications in 2008 ? the discrepancy is because two applications submitted in 2007 were approved in 2008 and are counted in 2008 figures. The court rejected one application in 2008 and made unspecified ?substantive modifications? to two others. By contrast, in 2007, the court approved 2,370 FISA applications, denied three and part of a fourth application, and modified 86 applications. From rforno at infowarrior.org Wed May 20 01:28:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 May 2009 21:28:58 -0400 Subject: [Infowarrior] - Cybersecurity groups band together in malware fight Message-ID: <464AC1AE-D154-4971-BC4F-1D59B4D1D7E3@infowarrior.org> Cybersecurity groups band together in malware fight http://www.theregister.co.uk/2009/05/19/anti_malware_coalition/ 'A chain of trust' By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 19th May 2009 23:14 GMT Free whitepaper ? Secure and managed file transfer In the era of regulatory compliance Three cybersecurity groups said Tuesday they plan to band together to combat the growing scourge of malware. The Anti-Spyware Coalition, National Cyber Security Alliance, and StopBadware.org said the Chain of Trust Initiative will link together vendors, researchers, government agencies, network providers, and other groups involved in internet security. The members said they want to establish a united front against malware suppliers in much the way groups coalesced to successfully fight providers of adware several years ago. "Organization and collaboration are out best tools against an enemy that doesn't play by any rules," StopBadware.org's manager, Maxim Weinstein, said in a statement announcing the alliance. "Just by nature of how the internet works, malware distributors have a technological advantage, but we can respond by strengthening our shared networks and by better understanding our shared responsibilities." Maybe so, but it's clear that the participants have their work cut out. While the groups are looking to the the success the ASC, or Anti- Spyware Coalition, had in the past few years driving Gator, Zango and other adware and spyware purveyors out of business, fighting malware crooks will be a different thing altogether. Unlike most of the adware pushers, malware organizations don't tend to be legal entities located in the US. The pressure exerted by the previous coalition forced adware vendors "to decide whether to become legitimate players in the marketplace...or go completely to the dark side," Ari Schwartz, the ASC's coordinator and vice president of the Center for Democracy and Technology, said, according to IDG News. Certainly, Schwartz must already know that malware distributors have dwelled on the dark side for years now. It's also a little unclear what concrete tasks the new group plans to undertake. Tuesday's announcement says it will "lead the mapping effort and jointly develop ideas and initiatives to form stronger bonds between links on the chain." Is that a fancy way of saying it plans to figure out what its next step will be? The group says it will release a "paper tracking the results of the mapping project and proposed initial recommendations to strengthen the chain." ? From rforno at infowarrior.org Thu May 21 00:05:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 May 2009 20:05:32 -0400 Subject: [Infowarrior] - Video: Twouble with Twitter (High Quality) Message-ID: <80C6AEAC-F33E-4788-B99C-3F1CA9AD1856@infowarrior.org> Amusing yet very twue.... :) -rick Twouble with Twitter (High Quality) http://www.youtube.com/watch?v=Xo8IfYFyLgQ From rforno at infowarrior.org Thu May 21 00:10:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 May 2009 20:10:26 -0400 Subject: [Infowarrior] - Google CEO urges grads: 'Turn off your computer' Message-ID: Google CEO urges grads: 'Turn off your computer' By KATHY MATHESON ? 2 days ago http://www.google.com/hostednews/ap/article/ALeqM5hk2_X3Te8xchIOsJ49yZovHTRzvgD988S7900 PHILADELPHIA (AP) ? The head of the world's most popular search engine urged college graduates on Monday to step away from the virtual world and make human connections. Speaking at the University of Pennsylvania's commencement, Google chairman and CEO Eric Schmidt told about 6,000 graduates that they need to find out what is most important to them ? by living analog for a while. "Turn off your computer. You're actually going to have to turn off your phone and discover all that is human around us," Schmidt said. "Nothing beats holding the hand of your grandchild as he walks his first steps." Schmidt, who holds a doctorate from the University of California at Berkeley, also received an honorary doctor of science degree at the ceremony. Penn President Amy Gutmann cited Schmidt's "manifold contributions to putting the world at humanity's fingertips." "You have devoted your career to heralding a new age of learning empowered by technology," Gutmann said. It was Schmidt's second honorary degree in as many days. On Sunday, he received one at Carnegie Mellon University in Pittsburgh, where he delivered a similar speech. At Penn, Schmidt noted the Ivy League school played a key role in the technological industry by creating ENIAC, one of the world's first electronic computers, in 1946. "Literally everything that you see ? every computer, every mobile phone, every device ? descends from the principles that were invented right here," Schmidt said. In the next 10 years, he predicted, technology will advance to the point where it will be possible to have 85 years worth of video on the equivalent of iPod. He also urged graduates not to lay out a rigid path for themselves. Rewards will gravitate to those who make mistakes and learn from them, Schmidt said. "You can't plan innovation or inspiration, but you can be ready for it, and when you see it you can jump on it and you can make a difference," he said. The Class of 2009 is graduating in a tough economic climate, but such downturns can be a time for innovation, Schmidt said. He noted that Rice Krispies, Twinkies and beer cans were all products of the Great Depression ? not to mention staples of college life. He playfully compared today's "Google and Facebook generation" to his own: cell phones vs. phone booths, Wii vs. Pong, blogs vs. newspapers, Red Bull vs. Tang. Perhaps most notably, Schmidt said, members of his generation spent all their time trying to hide their most embarrassing moments. Today's generation records and posts all those moments on YouTube, he said, drawing laughter from the crowd. "And I am looking forward to watching these for the next 30 or 40 years," Schmidt said. Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Thu May 21 13:33:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 May 2009 09:33:35 -0400 Subject: [Infowarrior] - Anonymity of Home/Work Location Pairs Message-ID: <84CD9B90-BEC5-4FC5-9E71-120D1E58DFA0@infowarrior.org> "On the Anonymity of Home/Work Location Pairs," by Philippe Golle and Kurt Partridge Abstract: Philippe Golle and Kurt Partridge of PARC Many applications benefit from user location data, but location data raises privacy concerns. Anonymization can protect privacy, but identities can sometimes be inferred from supposedly anonymous data. This paper studies a new attack on the anonymity of location data. We show that if the approximate locations of an individual's home and workplace can both be deduced from a location trace, then the median size of the individual's anonymity set in the U.S. working population is 1, 21 and 34,980, for locations known at the granularity of a census block, census track and county respectively. The location data of people who live and work in different regions can be re-identified even more easily. Our results show that the threat of re- identification for location data is much greater when the individual's home and work locations can both be deduced from the data. To preserve anonymity, we offer guidance for obfuscating location traces before they are disclosed. http://crypto.stanford.edu/~pgolle/papers/commute.pdf From rforno at infowarrior.org Fri May 22 14:33:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 May 2009 10:33:59 -0400 Subject: [Infowarrior] - Apple, a puritanical company? Message-ID: <4CA1BED1-B104-4EEA-AFCC-B4142507629C@infowarrior.org> Apple says no Project Gutenberg for iPhone because some old books are dirty Posted by Cory Doctorow, May 22, 2009 2:13 AM | permalink Apple has rejected Eucalyptus, an ebook reader that facilitates downloading public domain books from Project Gutenberg, because some Victorian books mention sex (many of these same books can be bought as ebooks through the iPhone Kindle reader or purchased as audiobooks from the iTunes store). It's amazing to think that in 2009 a phone manufacturer wants to dictate which literature its customers should be allowed to download and read on their devices. < - > http://www.boingboing.net/2009/05/22/apple-says-no-projec.html From rforno at infowarrior.org Fri May 22 14:45:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 May 2009 10:45:58 -0400 Subject: [Infowarrior] - Amazon tells RIAA essentially to bugger off Message-ID: <6F98BF84-2871-4F9B-BF9F-079F0AB1608E@infowarrior.org> TuneCore, Amazon Set to Unveil On-Demand CD Sales * By Eliot Van Buskirk Email Author * May 21, 2009 | * 4:10 pm | http://www.wired.com/epicenter/2009/05/amazon-to-unveil-on-demand-cd-printing-service-with-tunecore/ TuneCore is poised to partner with Amazon?s on-demand CD-printing-and- distribution service, Wired.com has learned. It?s a deal that could put powerful new physical publishing options in the hands of musicians, even as the world goes increasingly digital. The service is expected to be announced Thursday, linking Amazon with TuneCore, a novel digital distribution startup that?s made waves signing the likes of Trent Reznor, Keith Richards and other stars seeking a way out of the label system, as well as slews of garage bands and hopefuls on their way up. Tunecore will charge just $31 a year in upfront fees to handle a 10- track CD from pressing to delivery, passing all other costs through to the buyer. In other words, the service promises to remove nearly all of the risks of short-run CD manufacturing, which can cost musicians hundreds or even thousands of dollars for discs that rarely sell enough to cover expenses. ?As an artist, you have unlimited physical inventory, made on demand, with no upfront costs and worldwide distribution to anyone who orders it at Amazon.com,? said TuneCore CEO Jeff Price, formerly of indie label SpinArt Records (Pixies, KaitO, Apollo Sunshine). The deal comes as physical music sales are tanking and as major CD distributors like Amazon seek to evolve to a digital model. Yet Price suggests that there may be life left in good old physical storage media, with a slight twist. Why would people buy music on CD if it?s also available in iTunes, Amazon MP3 and other digital stores? ?Why not?? responds Price, who says he believes the costs are so low it will makes sense for lots of bands to try it out. ?Let the music fan decide how they want the music.? In addition to competing with downloads and streaming, one obvious drawback to this model is that you can?t sell an on-demand CD at shows, where enthusiastic fans are most likely to pick one up. But Price says labels wondering why artists still need them now have yet another thing to worry about. When you can sell CDs on Amazon for 30 bucks, who needs a label? Certainly not Reznor, an early TuneCore adopter who once paid the service 38 bucks to distribute a quadruple- length album through Amazon MP3. Amazon has offered on-demand CD printing for about a year through its CreateSpace acquisition, for a flat fee of $5 per disc. TuneCore?s massive footprint means far more bands will use that service, because it?s now just another checkbox in the system they already use. For TuneCore, the deal expands its primary business helping indie artists get digital distribution through online outlets such as iTunes, Napster and Amazon MP3. TuneCore will now compete directly with CDBaby, the current leader in low-volume CD manufacturing and distribution. CDBaby charges $278 for 100 discs, although it recently lowered its minimum order to just five copies. Brooklyn-based TuneCore gave us a peek inside its accounting system, which shows the most successful artists on the service regularly earning upwards of $20,000 per month. Chump change this is not. As with its digital distribution service, TuneCore passes 100 percent of Amazon?s payout to the artist ? about 40 percent of the retail price. If one of Amazon?s 80 million customers buys your 10-song CD on Amazon for $8.98, you?ll receive $3.59. After selling just nine discs, you?re in the black. TuneCore takes care of the UPC code, artwork, bar code, CD label design and so on, so that artists can concentrate on writing songs ? and cashing checks. The on-demand CD partnership with Amazon is just the latest in a long string of successes for the 2006 startup, whose distribution catalog dwarfs those of the labels. ?There?s more music released in one day on TuneCore than there is on a major [label] in the course of a year ? in three days, more than all the majors combined, and within a month, all the majors and indies combined,? explained Price. ?TuneCore artists have generated over $32 million in revenue from music sales over the past 22 months. ?Some of the artists, frankly, have been selling more than the Billboard Top 40 artists,? he added. ?It?s just not being picked up by the mainstream places [like SoundScan] that track sales.? As their label contracts expire, some fairly heavy hitters are signing up for TuneCore. In addition to Reznor and Richards, the service now handles distribution duties for Joan Jett and other luminaries. But unsigned bands are always found among TuneCore?s top sellers. For instance, Never Shout Never sold over 250,000 songs in 60 days, as well as 30,000 T-shirts (also handled by TuneCore). Universal Music Group ? the biggest record label in the world ? has also partnered with TuneCore to offer additional services to its indie artists. For $50, Universal?s Grammy-winning producers will master your music for CD before it gets distributed. And for another as-yet undisclosed fee, Universal?s art department will also design the high- resolution PDF that iTunes now requires with each album submission ? all they need is four images and the names of your songs. TuneCore has other plans in the works: * Amazon will launch a TuneCore-branded section next month. * A TuneCore widget will soon allow bands to distribute tweets and songs to fans. * If you sell 100 songs in the New York or Los Angeles area, you get to play Le Poisson Rouge or The Roxy, earning a guaranteed minimum of $100 ? even if no one shows up. * TuneCore is working on a deal with live music behemoth Live Nation/House of Blues that would give artists who sell a certain number of songs a live gig, also with a minimum guarantee of $100. * If you sell enough songs through TuneCore, MusicNotes will score one of them into downloadable sheet music so that others can learn how to play your music. * Another deal rewards bands who sell a certain number of songs with 16 packs of Ernie Ball guitar strings and 8 packs of bass strings for free, every month. * Yet another deal lets bands who hit certain metrics offer fans the chance to wrap Blackberries, computers and other gadgets with an image of the artist. * A TuneCore iPhone app will soon allow 30-second and full-song streams for participating bands. Here?s how you can distribute a CD through Amazon using TuneCore. Once you?ve signed in, click Add Album: From rforno at infowarrior.org Fri May 22 14:49:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 May 2009 10:49:15 -0400 Subject: [Infowarrior] - Breaking Web Browsers' Trust Message-ID: <309A4797-F46F-4F01-BF22-EBF1EEE2FFBC@infowarrior.org> (Amusingly, a friend and I wrote about this very thing several years ago in a CACM article. --rick) Thursday, May 21, 2009 Breaking Web Browsers' Trust Researchers reveal a flaw with the way most Web browsers treat secure connections. By Erica Naone http://www.technologyreview.com/printer_friendly_article.aspx?id=22682&channel=web§ion= Making Internet communications secure means shutting off ways for an unauthorized person to access secret information. This is easier said than done. In work presented this week at the IEEE Symposium on Security and Privacy, a team of researchers described a former flaw with almost all Web browsers that undermined the protocol used to secure online banking transactions and other sensitive transmissions. The problem arose when the victim was connected to the Internet via a proxy, such as a wireless access point at a hotel or cafe. Although the researchers completed their work in July 2007, they kept the details secret to allow time to fix vulnerable browsers and test newer ones. The researchers say that they were able to successfully attack Internet Explorer 7 and 8, Firefox 2 and 3, Opera 9, and Chrome Beta and 1. The near-universal nature of the vulnerability suggests that better methods are needed to protect browser communications. "It's very difficult to figure out the composition of all these end-to- end crypto protocols, which are at different layers of the network," says Shuo Chen, a researcher at Microsoft who helped uncover the vulnerability. The protocol used to secure browser messages is based on a simple idea, Chen says: it's meant to establish a secure link between the user's browser and a Web server and distrust any points in between. However, because the browser often needs to trust the broader network, weak spots can creep in, he says. Chen's group uncovered a problem with the way Web browsers display information from Web pages when a secure communications link has been established. They found that most browsers will sometimes treat insecure data as if it's part of the secure protocol. This means that a Web proxy--a machine sitting in between the browser and a website-- can issue commands that the browser interprets as coming from a secure website, even if they are not. "In reality, it's very difficult to make sure that you are using a trusted network," he says. For example, when a browser requests access to a secure website, the proxy could return a fake error message that the browser displays as genuine. The browser could then be tricked into sending secure messages to both the legitimate server and the malicious proxy. Adam Barth, a researcher at the University of California, Berkeley, who studies browser security, says that the newly revealed flaw is significant because several browsers contained the same vulnerability. "That demonstrates that the issue is subtle," Barth says. "A lot of smart people missed it." He adds that since a browser is a complex system of interlocking parts, it could be useful to investigate tools that could help people analyze how data moves through those parts. Such tools might help catch similar errors in browser design. Barth also says that Web standards would have mandated more secure behavior if experts had looked at the issue more carefully. Though the specific problem that Chen's team found was fixed, Chen is still concerned about the methods used to build browsers. Normally, he says, the group of developers that figures out how a browser will display pages works separately from the group that implements a secure communications protocol. Chen thinks the Web community should think more carefully about the way different parts of the browser are put together. "It's difficult for the whole browser-development effort to have the whole picture," he says. Copyright Technology Review 2009. From rforno at infowarrior.org Fri May 22 19:18:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 May 2009 15:18:21 -0400 Subject: [Infowarrior] - Network Attack Weapons Emerge Message-ID: (I recall working on a similar proof of concept 1994-5 timeframe for a bleeding-edge Beltway company, but the idea was tossed aside for several reasons...but we sure had some nifty stuff in it! That said, reading this article I'm reminded of the fictitious 'Janus Box' from the movie 'Hackers' that would decrypt/hack ANY security protocol and essentially give its users access to everything, everywhere. In this case, assuming such a device is even developed (or possible) imagine the havoc caused if it suddenly shows up on BitTorrent and everyone can have such point-click-hack capabilities? You think you have cyber problems now, you ain't seen nothing yet! ---rick) http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/CYBER052109.xml Network Attack Weapons Emerge David A. Fulghum Devices to launch and control cyber, electronic and information attacks are being tested and refined by the U.S. military and industry in preparation for moving out of the laboratory and into the warfighter's backback. It's a part of a technology race that is already well underway. The Russian attack on Georgia last year showed weaknesses in some combat areas, but not in cyberwarfare, say U.S. analysts. "The Russians conducted a cyberattack that was well coordinated with what Russian troops were doing on the ground," says a longtime specialist in military information operations. "It was obvious that someone conducting the cyber[war] was talking to those controlling the ground forces. They knew where the [cyber]talent was [in Russia], how to use it, and how to coordinate it. "That sophisticated planning at different levels of cyberwarfare surprised a lot of people in the Defense Dept.," he says. "It looked like a seamless, combined operation that coordinated the use of a range of cyberweapons from the sophisticated to the high school kids that thought it was cool to deface official web sites. The techniques they used everybody knows about. The issue was how effective they were as part of a combined operation." The U.S. is looking for a tool to duplicate that kind of attack. Moreover, the Defense Advanced Research Projects Agency has awarded several contracts to information technology (IT) companies to design a cyberattack range. Candidate sites include Naval Air Warfare Center's China Lake, Calif., radar cross-section facility and the U.S. Air Force radar cross-section range at Holloman AFB, N.M. Several future attack devices are being built in a U.S. cyberwarfare attack laboratory. The one shown to Aviation Week & Space Technology is a software framework for locating digital weaknesses. It combines cybersleuthing, technology analysis and tracking of information flow. It then offers suggestions to the operator on how best to mount an attack and, finally, reports on success of the effort. Right now, electronic and cyberattacks are conducted and understood by a very few. To make the capability part of the warfighter's arsenal it has to be configured and packaged so that a non-expert could use it on the battlefield. The heart of this attack device is its ability to tap into satellite communications, voice over Internet, proprietary Scada networks-- virtually any wireless network. Scada (supervisory control and data acquisition) is of particular interest since it is used to automatically control processes at high-value targets for terrorists such as nuclear facilities, power grids, waterworks, chemical plants and pipelines. The cyberattack device would test these supposedly inviolate networks for vulnerabilities to wireless penetration. "If you think about the explosion of capability in the commercial electronics sector, it's obvious that for not too much money, anybody can set up a fairly robust WiFi capability and just ride the backbone of the Internet," says a U.S.-based, network attack researcher. "We're tying together the protection and the reaction side with this device which will serve for planning, execution and penetration testing." A by-product of the project is that it offers a start to weaponizing cyberattack for the non-cyberspecialist, military user. There are four broad objectives in designing the attack device: Capture expert knowledge but keep humans in the loop. *Quantify results so that the operator can put a number against a choice. *Enhance execution by creating a tool for the nonexpert that puts material together and keeps track of it. *Create great visuals so missions can be executed more intuitively. This particular network attack prototype has a display at the operator's position that shows a schematic of the network of interest and identifies its nodes. "You could be talking about thousands and thousands of nodes being involved in a single mission," says a second network attack researcher. "Being able to visualize that without a tool is practically impossible." A touch-screen dashboard beneath the network schematic display looks like the sound mixing console at a recording studio. The left side lists cyberattack mission attributes such as speed, covertness, attribution and collateral damage. Next to each attribute is the image of a sliding lever on a long scale. These can be moved, for example, to increase the speed of attack or decrease collateral damage. Each change to the scales produces a different list of software algorithm tools that the operator needs. "Right now, all that information is in the head of a few guys that do computer network operations and there is no training system," says the first specialist. Experts are combining digital tools that even an inexperienced operator can bring into play. In the unclassified arena there are algorithms dubbed Mad WiFi, Air Crack and Beach. For classified work, industry developers also have a toolbox of proprietary cyberexploitation algorithms. Air Crack, for example, uses open source tools to crack the encryption key for a wireless network. Some cracks are quick, but require injecting a lot of data into the network, which makes the attack noisy and easy to trace. Others are very passive and slow--taking a couple of days or even months. But no one is aware of the intrusion. A passive dictionary attack can find passwords such as common English words, names or birthdays, but it is considered a brute force attack. Cryptoattacks use more sophisticated techniques to cut through the password hash. "It runs faster and you usually get a better result," says an IT specialist. "But you have to take a more active role, capture different types of data and send the right information to get a proper response." A de-authorization capability can kick all the nodes off a network temporarily so that the attack system can watch them reconnect. This provides information needed to quickly penetrate the network. In one prototype attack device, a colored bar is at the right of each scale. Green means the effect is better than specified; blue, that it is equal; and red signifies it does not meet the user's criteria. The three major elements of a cyberattack system are its toolbox, planning and execution capabilities. The toolbox is put together by the hardware and software experts in any organization to address specific missions. They maintain the database of available capabilities. The planning capability takes input from other planning systems--for example, network situational awareness--and incorporates it. The planner weighs the attack device's capabilities, the target to be attacked along with the style of execution and then ranks the solutions. But the final decision is left to the operator. The output of planning is a course of action--the sequence of steps that must happen. This blueprint can be reviewed, modified and approved by a supervisor. It is then taken to the field and executed or exported to some other cyberattack system. From rforno at infowarrior.org Sat May 23 03:26:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 May 2009 23:26:10 -0400 Subject: [Infowarrior] - Army migrating computers to Vista?!?! Message-ID: <373E4DDA-A07E-4B33-BA25-FFD8248D8C9C@infowarrior.org> (This makes absolutely no sense whatsoever -- does the Army think Vista will offer added value and/or security because it won't be as widely-used as Windows 7? Or is this a case of deploying obsolete and inferior products just because they've been paid for under some "strategic plan" from years back? I find this absolutely absurd! - rick) Army migrating computers to Vista May 20, 2009 By Gary Sheftick and Delawese Fulton http://www.army.mil/-news/2009/05/20/21389-army-migrating-computers-to-vista/ WASHINGTON (Army News Service, May 20, 2009) -- The Army is migrating all of its Windows-based computers to Microsoft's Vista operating system to bolster Internet security and standardize its information systems. The systems change, which includes swapping Office 2003 for Office 2007, is set to be completed by Dec. 31. About half of the Army's 744,000 desktop computers have already installed Office 2007, estimated Dr. Army Harding, director of Enterprise Information Technology Services for the Army's G-6. She said about 13 percent of the computers have migrated so far to VISTA. The migration was mandated in a Fragmentary Order published Nov. 22, 2008. It was sent out Army-wide as FRAGO 2 to Department of the Army Executive Order 056-05. "It's for all desktop computers on the SIPR and NIPRNET," Harding said, referring to both the classified and unclassified networks. She added that the only exemptions are standalone weapons systems. First-time Vista users will discover added support for data encryption, a new Windows Explorer, upgraded icons and navigation structure. There are also graphical replications of clock, calendar, weather and Outlook mail functions. The switch to Office 2007 actually began earlier than the Vista migration, Harding said. The new Office suite provides more straightforward document security, according to reviews, which add there's better integration throughout applications. But the new tools interface is not always intuitive and many reviews say there's a steep learning curve. In the continental United States, the Army has installed Vista so far in about 44,000 computers. Fort Campbell, Ky., is leading the charge with more than 5,350 computers migrated to Vista, according to G-6 data. Fort Stewart, Ga., has about 3,800 computers installed with Vista. Fort Lewis, Wash., and Fort Drum, N.Y., both have more than 2,150 computers migrated. Fort Jackson, S.C., has just over 1,000 of more than 7,500 computers converted to Vista. But Directorate of Information Management officials there say they are on track to meet the December deadline. "The goal is to minimize the impact to the installation's training mission," said Marcus D. Good, chief of the Information Technology Systems Support Division at DOIM. "We want to handle this migration in a way that makes sense to the organizations fielded." "As for the impact on Fort Jackson, the DOIM has been working with the installation's IT professionals and Information Management Officers from many different organizations to test Vista in a controlled and limited deployment," Good said. Fort Jackson's DOIM officials say the initiative will strengthen Army LandWarNet security by reducing opportunities for hackers to access and exploit government computer systems. "The Army has been testing Vista since its release and has run it through the Army Golden Master program. The Army Golden Master program is responsible for the release of the Army standard baseline configurations for commonly used computing environments within the Army Enterprise Infrastructure, the team responsible for making sure applications that ran on XP will run on Vista," Good said. As with the implementation of any new technology, there will be challenges to overcome -- not to mention this will be a change for users who have gotten comfortable with Windows XP and Office 2003. The new look and feel will take some time to adjust to, Good said. The Soldier Support Institute staff was first to begin migrating to the new operating system at Fort Jackson. Sharon Reed, chief of IT at the Soldier Support Institute said the division is providing several resources to facilitate the transition for its employees and customers. "During this process, we are offering several in-house training sessions, helpful quick-tip handouts and free Army online training," Reed said. Reed added that because several of the division's employees already use Vista and Office 2007 at their homes, it has shortened the learning curve for SSI overall. The 171st Infantry Brigade started the Vista system last week, said Lashanda Howard, DOIM Vista migration project leader. Howard said the roll-out is well planned and strategic. Classroom computers, dayroom and kiosk computers, new computers (such as life cycle replacement computers) and computers with minimal impact to mission readiness will be part of the initial implementation. Soldiers and employees who have never used the operating system, can preview it and begin training by visiting http://usarmy.skillport.com and https://train.gordon. army.mil/. (Delawese Fulton writes for the Fort Jackson Leader newspaper.) From rforno at infowarrior.org Sat May 23 03:31:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 May 2009 23:31:19 -0400 Subject: [Infowarrior] - Sophos releases Klingon AV product Message-ID: (Clever marketing, to be sure. Wonder if Paramount will have something to say about it, or if this was developed under license from the movie studio as a new form of product tie-in? ----rick) Now even Klingon speakers can scan their computers for security threats. Use Sophos's Klingon Anti-Virus to quickly perform an on-demand scan and find viruses, spyware, adware, zero-day threats, Betazoid sub- ether porn diallers and Tribbles that your existing protection might have missed. The software can be run without deactivating your current anti-virus software. Phasers can be left set to stun. http://www.sophos.com/klingon-anti-virus/ From rforno at infowarrior.org Sat May 23 03:38:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 May 2009 23:38:32 -0400 Subject: [Infowarrior] - MPAA: DRM trumps your fair use rights Message-ID: Reminder from the MPAA: DRM trumps your fair use rights As part of this week's RealDVD court hearings, Real continued to argue that the movie studios are trying to prevent fair use. At the same time, the MPAA pushed back by saying that fair use can't be used to defend against the DMCA's anticircumvention provisions, since the two are not even related. In fact, this is a gray area of the law that has yet to be fully tested in court. Both sides hope that this case will help sort things out. By Jacqui Cheng | Last updated May 22, 2009 12:45 PM CT http://arstechnica.com/tech-policy/news/2009/05/reminder-from-the-mpaa-drm-trumps-your-fair-use-rights.ars Fair use has nothing to do with?and can't be used to defend?DRM circumvention, according to the Motion Picture Association of America. The arguments were made during the RealDVD hearing in San Francisco this week, with the MPAA insisting that the DVD copying case isn't about fair use at all, but violations of the DMCA's anticircumvention rules. The two concepts aren't directly related when it comes to US Copyright Law, and the MPAA wants the court to agree that DMCA claims trump all when it comes to copying content. RealNetworks has been dealing with the legal fallout from its RealDVD software since September 2008?before it was even released to the public. At the time, Real seemed confident that RealDVD operated well within the DMCA because the software didn't break CSS encryption?it merely copied a DVD straight to a hard drive, keeping the encryption intact. Additionally, RealDVD added a new layer of DRM to each file to lock the files to the user and PC that created them, which the company thought would keep it on the movie studios' good side. But Real thought wrong. Almost immediately, the MPAA sued Real, claiming that the company had violated DMCA anticircumvention rules and referring to RealDVD as "StealDVD." Real sued right back, hoping to get a judge to declare RealDVD legal; instead, a judge granted a temporary restraining order against the company, halting the sales of RealDVD. Real has long argued during this case that its software merely enables DVD buyers to make legitimate copies of their legally purchased discs? this would theoretically fall under the fair use guidelines in US Copyright Law. As part of its counterclaims filed against the DVD Copy Control Association earlier this month, Real argued that the movie studios were acting as an "illegal cartel" that was trying to stifle competition in the market of fair use copies of DVDs. Fair use v. circumvention: fight! Real argued this once again in the hearing this week with the MPAA, saying that the company needs to be able to make copies to a hard drive in order to allow people to use the software's features. Real attorney Don Scott told the judge that making copies of music has long been recognized as "lawful fair use," according to CNET, and that consumers are allowed to make copies of CDs to put on an iPod or some other device without having to pay a second time. Isn't the same true for movies? The MPAA insisted, however, that the mere act of circumventing DRM in order to make those copies makes one an outlaw; fair use doesn't come into the picture. Judge Marilyn Patel questioned the MPAA on whether it would be considered circumvention to make a copy to a hard drive that was limited to only that drive without the ability to make any further copies. "Yes, it would be circumvention," MPAA attorney Bart Williams said. "And no, it would not be fair use. The only backup copy Congress envisioned was archival, that you would never use until such time when your main computer wasn't working... Congress would not have gone through the process or have this process if you're going to say there is some fair use rights that allows you to circumvent." Unrelated ideas? Fair use principles obviously came before the DMCA's anticircumvention rules, but the two are not necessarily related. Fair use is part of general US copyright law and is used when arguing cases of copyright infringement, while the DMCA's anticircumvention rules specifically address the breaking of DRM?whether infringement occurred or not. This, according to the Electronic Frontier Foundation's Fred von Lohmann, is the crux of the MPAA's argument. "The MPAA's view is that the DMCA's circumvention provisions stand separate and apart from general copyright infringement, so that defenses to copyright infringement are not defenses to circumvention claims," von Lohmann told Ars. "So fair use, on their view, has no application because it's only a defense to copyright infringement." The MPAA has been using this argument for some time, ever since the first DVD ripping case in 2000 (Universal v. Reimerdes). However, it turns out that this distinction has not been fully tested in court, and the MPAA has had only mixed success with it so far. "In Universal v. Reimerdes (the deCSS case), the district court essentially agreed with the MPAA's argument, but on appeal the court didn't embrace that part of the district court's reasoning," von Lohmann said. (But neither did the appeals court reject it explicitly.) However, von Lohmann noted that other cases?ones that aren't about DVDs ?are increasingly insisting on some sort of nexus with copyright infringement before they will permit an anticircumvention claim through the DMCA. "For example, in [Storage Tech v. Custom Hardware], the court found that there could be no circumvention claim because the activity in question fell within the copyright exception for independent service vendors (17 USC 117). That's a copyright exception (not DMCA exception), and yet the court found that it blocked the circumvention claim," said von Lohmann. "Hard to see why the same wouldn't apply to fair use (17 USC 107)." Finally, he pointed out that the MPAA implicitly acknowledges that fair use still matters, even if the organization promotes ridiculous and roundabout ways to exercise it. Earlier this month, the MPAA showed government officials how teachers could make legal clip collections for classroom use by pointing a camcorder at a video screen showing a DVD (instead of merely ripping the DVD itself). The MPAA wants to show that circumvention isn't required in order to engage in fair use; other ways of using the material are available, if inconvenient. If the Copyright Office agrees, the movie business could have more ammo against companies like Real in court. From rforno at infowarrior.org Sat May 23 18:46:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 May 2009 14:46:10 -0400 Subject: [Infowarrior] - Boston dorm computer raid ruled illegal Message-ID: <7534B2DC-F6B8-4E0A-B0EE-D200588F1FDF@infowarrior.org> Boston dorm computer raid ruled illegal By Dan Goodin in San Francisco ? Get more from this author Posted in Law, 22nd May 2009 23:50 GMT http://www.theregister.co.uk/2009/05/22/computer_seizure_ruled_illegal/ A justice from Massachusetts's highest court has ordered police to return a laptop and other gear seized from a Boston student's dorm room after rejecting prosecutors' arguments that hoax emails he was suspected of sending might be illegal under a computer crime statute. The decision, issued Thursday by Justice of the Supreme Judicial Court Margot Botsford, also ordered police to immediately cease any ongoing search of the seized property. Police confiscated 23 items, including three laptops, two iPods, two cellular phones, a digital camera, and a variety of data-storage devices, during a March 30 raid on the dorm room of Boston College (BC) student Riccardo Calixte. "No one should be subjected to a search like this based on such flimsy theories and evidence," said Matt Zimmerman, a senior staff attorney for the Electronic Frontier Foundation, which helped represent the computer science student. As a result of the seizure, Calixte was forced to complete much of the final month of the semester without a computer, phone or network access, the EFF said. Calixte came under suspicion following a "domestic dispute" when a roommate told a police detective he had observed Calixte commit two computer crimes. When police requested a warrant to search the dorm room, much of the factual basis provided that a crime had been committed were two emails sent in early March that falsely claimed the roommate was participating on a gay dating website. At least one them was suspected to have been sent by Calixte. In arguing the search warrant was properly issued, prosecutors argued the hoax emails might violate a Massachusetts statute barring the "unauthorized access" to a computer. Justice Botsford rejected that theory. "The commonwealth's claim that such an email might be unlawful because it violates a hypothetical internet use policy maintained by BC both goes well beyond the reasonable inferences that may be drawn from the affidavit, and would dramatically expand the appropriate scope of" the statute, she wrote. She went on to find there was no probable cause to support that Calixte illegally downloaded more than 200 movies and music files and accessed the BC grading system used by professors to change grades. From rforno at infowarrior.org Mon May 25 01:45:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 May 2009 21:45:26 -0400 Subject: [Infowarrior] - Memorial Day Message Message-ID: All, Just a quick note of recognition, rememberance, and thanks to those who have served in our Nation's Armed Forces over the years -- and a special nod to those who are serving currently, including those forward deployed in harm's way; my best wishes to you and your troops for a safe deployment and speedy, healthy return home! Stay Safe, Rick Forno -infowarrior.org From rforno at infowarrior.org Mon May 25 19:04:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 May 2009 15:04:17 -0400 Subject: [Infowarrior] - DOD, Industry Join to Protect Data Message-ID: <87EA46EA-EE8A-4030-9E63-347BB806228F@infowarrior.org> Defense Dept., Industry Join to Protect Data By Ellen Nakashima Washington Post Staff Writer Monday, May 25, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/05/24/AR2009052402140_pf.html LINTHICUM, Md. -- At 2:42 p.m. one recent Wednesday, on the fourth floor of a squat brick office building under the flight path of jets landing at Baltimore-Washington International Marshall Airport, a Pentagon analyst skilled in parsing malicious computer code e-mailed a threat alert to 28 of the nation's largest defense contractors. That morning, a defense company had told the Defense Department Cyber Crime Center about a significant probe of its computer network. The Pentagon analysts determined the code was present in several companies' networks and raised the alarm. This information exchange took place, government and industry officials said, because the companies and the Pentagon have begun to trust one another. They are joining forces to stem the loss of important defense industry data -- by some estimates at least $100 billion worth in the past two years, reflecting the cost to produce the data and its value to adversaries. For two years, the Defense Department has been collaborating with industry to try to better protect the firms' computer networks. Now, as the Obama administration ponders how to strengthen the nation's defenses against cyberattacks, it is considering ways to share the Pentagon's threat data with other critical industries, such as those that handle vastly larger amounts of data, including phone calls and private e-mails. The threat scenarios, experts say, are chilling: a months-long blackout of much of the United States, wide-scale corruption of electronic banking data, a disabling of the air traffic control system. The Pentagon's trial program with industry illuminates the promise and the pitfalls of such partnerships. The goal is a swifter, more coordinated response to threats facing the defense industry. But intelligence and law enforcement agencies have been reluctant to release threat data they consider classified. And the companies have been reluctant to share intrusion data, for fear of losing control over personal or proprietary information. "This isn't just about national security. It's about the economic well- being of the United States. It's that fine line of ensuring that you have security without unnecessarily compromising privacy," said Barbara Fast, vice president of Boeing Cyber Solutions. The pilot program has prompted the Department of Homeland Security to consider extending the model to other industries, officials said. And the Defense Department is in preliminary talks with telecommunications and Internet service providers about creating a similar partnership, industry officials say. The Defense Department's Cyber Crime Center, whose 277 employees are mostly contractors, is a clearinghouse for threat data from the National Security Agency, military agencies, the DHS and industry. Some alerts go out quickly, such those flagging the "Internet protocol" address of a potential hacker. Other reports based on classified data take on average three weeks to compile. They tell a company who might be behind an attack and what the attacker's tactics are, such as infected e-mail. One reason vetting such material takes time is that sources must approve dissemination of the information to ensure that disclosure will not jeopardize an investigation. "Clearly this needs to be a lot quicker than it is today," Boeing's Fast said in an interview last month. Several firms said they share with the Cyber Crime Center technical information about viruses and suspicious probes that they feel can help the industry broadly. But Northrop Grumman, for instance, generally reports breaches to the military branch that owns the contract, company officials said, and the branch decides whether it should be reported elsewhere. "There is this natural inclination to not highlight that you've had a problem, an incursion into your system," said Ellen E. McCarthy, president of the Intelligence and National Security Alliance, which includes the defense industry. "It highlights to your customers, to your board of directors, that you've had a problem." Though Lockheed Martin's agreement allows the firm to send samples of breach data to the crime center, the firm prefers to do its own intrusion investigations, said Mike Gordon, senior manager of Lockheed's Computer Incident Response Team. "We've got the most talented team, the most advanced technologies," he said during an interview at the firm's Security Intelligence Center in Gaithersburg. At the touch of a button, a wood-paneled wall slid up and revealed an operations center -- barely a year old -- with 24 workstations, 15 analysts scrutinizing code on their monitors, a wall of giant video screens showing network traffic, and a map of the firm's global Internet links. Each day, 4 million e-mails enter Lockheed's networks, and analysts monitor hundreds of millions of actions, including clicks on the company Web site, for suspicious activity. In 2006, Lockheed officials contacted government investigators about a suspicious intrusion into an unclassified network that handles data on the F-35 Joint Strike Fighter. The Wall Street Journal reported about that incident last month. Senior Air Force officials became concerned that other systems were vulnerable and directed that the breach investigation be broadened to include the F-22 fighter program, although no evidence was found that F-22 data had been stolen, according to sources who spoke on the condition of anonymity because of the matter's sensitivity. Both jets rely on computer networks for operation and maintenance, which makes them vulnerable to hacking that can affect flight operations. Gaining access to unclassified data about design and maintenance can allow an adversary to more easily design countermeasures, the sources said. In early 2007, the Air Force launched a partnership with about a dozen companies that work on the F-35 and F-22, and that served as the nucleus for the broader partnership. In August 2007, Deputy Defense Secretary Gordon England gathered the top executives of major contractors for a classified briefing. "We shared with them the fact that we've got a very, very aggressive cyber threat," said Robert Lentz, a Pentagon official who heads the partnership. The Pentagon soon will seek to amend defense acquisition rules to require cybersecurity standards for firms seeking contracts. "The sooner we all understand what's required to protect the information in our networks, and we teach this in universities and in businesses, the better off we all will be, down to the Internet user at home," Lentz said. From rforno at infowarrior.org Tue May 26 12:45:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 08:45:19 -0400 Subject: [Infowarrior] - Council uses terror law to spy on shirker in shower Message-ID: <84CF6588-977B-458D-8989-68B64894D87C@infowarrior.org> Council uses terror law to spy on shirker in shower Marie Woolf, Whitehall Editor http://www.timesonline.co.uk/tol/news/uk/crime/article6350362.ece A LOCAL council has used surveillance powers designed to catch terrorists and prevent serious crime to check how long a member of staff spent in the shower. Burnley borough council invoked laws set up to safeguard national security to mount a covert operation against one of its own officials because it suspected he was using a gym during office hours. Internal council papers, obtained under the Freedom of Information Act, revealed that the council decided to mount a ?direct surveillance? operation against the official. Its purpose was ?to see if [the] council employee is using gym/showers whilst clocked in?. Rather than interview the official or monitor his attendance overtly, the council deployed human operatives to spy on his movements, including in the changing room. Hidden cameras were not installed. The surveillance was authorised for three months, after which the council concluded the employee had carried out ?personal activities? while at work and had defrauded the council. The operation required authorisation from senior council officials under the Regulation of Investigatory Powers Act (Ripa). The act, introduced in 2000, was said by government ministers to be necessary to combat terrorism. Critics warned that its wide powers could easily be abused. Last week Burnley council refused to comment on the case. But the snooping operation was condemned by the Conservatives as a ridiculous misuse of powers. Bob Neill, shadow local government minister, said: ?It is absurd that powers meant to foil serious crimes are being used to watch people in the shower. It is wrong for taxpayers? money to be used by an army of town hall spies to act out their James Bond fantasies.? A survey last year found that some local authorities had used Ripa to spy on suspected litter louts or people whose dogs fouled the pavement and to check whether a family really did live in a school catchment area. Yesterday Shami Chakrabarti, director of Liberty, the civil rights organisation, called for an immediate overhaul of the laws to stop councils behaving like ?peeping Toms?. ?These powers were intended to combat serious crime and terrorism, not to monitor the cleanliness of council employees,? she said. The government is to review Ripa, including its use by local authorities. From rforno at infowarrior.org Tue May 26 12:46:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 08:46:49 -0400 Subject: [Infowarrior] - COPPA 2.0 Message-ID: http://pff.org/news/news/2009/052109-COPPA-age-verification-privacy-free-speech.html News Media PFF Highlights News Release FOR IMMEDIATE RELEASE CONTACT: Amy Smorodin May 21, 2009 (202) 289-8928 COPPA Expansion Would Impact All Internet Users Better Approaches are Available to Protect Children Online WASHINGTON D.C. - Legislative proposals to expand the Children's Online Privacy Protection Act are highly misguided, explain Berin Szoka and Adam Thierer in "COPPA 2.0: The New Battle Over Privacy, Age Verification, Online Safety & Free Speech," released today by The Progress & Freedom Foundation. Expanding age verification mandates would require all users to surrender privacy and speech rights while doing little to improve the online safety of minors. In the paper, PFF Fellows Szoka and Thierer argue that proposed state laws to expand the parental consent framework in the Children's Online Privacy Protection Act (COPPA) to include adolescents between 13 and 17 would essentially require age verification of all users of affected sites, including large numbers of adults. This would violate the First Amendment rights of adults as well as of minors and site operators. Attempts to enact such proposals at the state level would also conflict with the Commerce Clause because of the interstate nature of the Internet. Furthermore, in light of widespread "social networking" found in most Web 2.0 websites today, expansion of parental consent requirements would be unworkable because of the increased hassles and costs of compliance. Expanding age verification mandates would also require websites to obtain more information about both minors and their parents, which runs counter to the original goal of the Act: protecting the privacy of minors. Ultimately, this would actually make minors less "safe online." "It's important we not overlook the privacy implications of any effort to expand COPPA to do something it was not originally intended to do," the authors conclude. "There are better ways to protect our kids online." "COPPA 2.0: The New Battle Over Privacy, Age Verification, Online Safety & Free Speech," is available on the PFF website. PFF also produces a book, "Parental Controls and Online Protection: A Survey of Tools and Methods," which offers parents and policymakers a comprehensive inventory of the many excellent tools and strategies that can be used to protect kids online. The Progress & Freedom Foundation is a market-oriented think tank that studies the digital revolution and its implications for public policy. It is a 501(c)(3) research & educational organization. From rforno at infowarrior.org Tue May 26 12:58:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 08:58:25 -0400 Subject: [Infowarrior] - AP: Obama picks Sotomayor for SCOTUS Message-ID: AP sources: Obama picks Sotomayor for high court May 26 07:43 AM US/Eastern By BEN FELLER Associated Press Writer http://www.breitbart.com/article.php?id=D98DU81G0&show_article=1 WASHINGTON (AP) - President Barack Obama tapped federal appeals Judge Sonia Sotomayor for the Supreme Court on Tuesday, officials said, making her the first Hispanic in history picked to wear the robes of a justice. If confirmed by the Senate, Sotomayor, 54, would succeed retiring Justice David Souter. Two officials described Obama's decision on condition of anonymity because no formal announcement had been made. Administration officials say Sotomayor would bring more judicial experience to the Supreme Court than any justice confirmed in the past 70 years. A formal announcement was expected at midmorning. Obama had said publicly he wanted a justice who combined intellect and empathy?the ability to understand the troubles of everyday Americans. Democrats hold a large majority in the Senate, and barring the unexpected, Sotomayor's confirmation should be assured. If approved, she would join Justice Ruth Bader Ginsburg as the second woman on the current court. Sotomayor is a self-described "Newyorkrican" who grew up in a Bronx housing project after her parents moved to New York from Puerto Rico. She has dealt with diabetes since age 8 and lost her father at age 9, growing up under the care of her mother in humble surroundings. As a girl, inspired by the Perry Mason television show, she knew she wanted to be a judge. A graduate of Princeton University and Yale Law School, a former prosecutor and private attorney, Sotomayor became a federal judge for the Southern District of New York in 1992. As a judge, she has a bipartisan pedigree. She was first appointed by a Republican, President George H.W. Bush, then named an appeals judge by President Bill Clinton in 1997. Copyright 2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Tue May 26 12:59:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 08:59:13 -0400 Subject: [Infowarrior] - Vandenberg to become 2nd largest intentional reef Message-ID: <5D7C4F06-98FA-44B6-B45B-9EE71F12D4CF@infowarrior.org> http://news.yahoo.com/s/ap/20090525/ap_on_re_us/us_sinking_the_vandenberg_1 Ship to become 2nd largest intentional reef By BRIAN SKOLOFF, Associated Press Writer Brian Skoloff, Associated Press Writer ? Mon May 25, 10:11 am ET KEY WEST, Fla. ? Aboard the Gen. Hoyt S. Vandenberg, a massive World War II ship last used by the U.S. Air Force to track missiles and spacecraft, it's anything but business as usual. Crews are preparing the decommissioned ship for sinking Wednesday seven miles off Key West, where it will become one of the world's biggest man-made reefs. Explosives attached to the ship's hull beneath the water level will be detonated to open it for flooding, which should quickly send it to the sea floor. The 17,000 ton, 523-foot-long ship will be sunk on a sandy bottom in about 140 feet of clear water. "Don't go to the bathroom. Don't go get a beer. It should be under three minutes for the ship to fully deploy onto the bottom," said Joe Weatherby, project organizer at Reefmakers, a Moorestown, N.J.-based company that specializes in acquiring, preparing and sinking craft to create artificial reefs. It's a project that has been years in the making. The cost is about $8.6 million, from acquiring the ship to cleaning it. Officials in the Florida Keys expect it to pay dividends, up to $8 million in annual tourism-related revenue, mostly from divers flocking to get a look at the underwater spectacle. The idea is to not only to attract tourists, but to help protect the Keys' natural reefs, already suffering from excessive diving, snorkeling and fishing along with warming ocean temperatures. Weatherby said people ? and fish ? will now be drawn to the wreck from nearby natural coral, "giving the reef a breather, which is what it needs." Preparation for sinking has taken months of inspections and cleanup to remove contaminants. Workers hauled off more than a million feet of wire, 1,500 vent gaskets, dozens of watertight steel doors, 81 bags of asbestos, 193 tons of potentially cancer-causing substances, 46 tons of garbage that could come loose and float to the surface, 300 pounds of materials containing mercury and 185 55-gallon drums of paint chips. The cleanup was performed at two Norfolk, Va., shipyards before the boat made the 1,100-mile voyage, arriving in Key West on April 22. Permitting was required from 18 local, state and federal agencies. The Vandenberg began as the Gen. Harry Taylor and was later commissioned by the Army as a transport vessel, ferrying troops and supplies from San Francisco to island bases in the western Pacific Ocean in 1944. In 1945, it carried troops home from Europe near the end of World War II. It was later used by the Navy as a transport ship, and was transferred to the Air Force in 1961, when it was renamed the Vandenberg. For about 20 more years, the ship served as a missile tracker throughout the height of the Cold War and was retired in 1983. Mac Monroe, a former mission controller aboard the Vandenberg, said he was pleased the ship won't be turned into scrap metal. "It's nice to see the old rust bucket again," Monroe said on a recent trip to Key West to see the ship. "And it's a positive outcome for it be sunk and become something useful again." Organizers say it will serve as "the anchor" to the region's wide array of existing sunken vessels and wrecks from Key Largo to Key West, where some estimate there's a shipwreck about every 300 yards. The rusty hulk is now tied up at a dock awaiting its final resting place on the ocean floor. Organizers hope the Vandenberg sinking goes more smoothly than that of the Spiegel Grove off Key Largo in 2002. That 510-foot decommissioned landing ship dock partially sank upside-down, hours before an attempt to scuttle it to create an artificial reef. The sudden sinking sent 40 workers onboard scrambling for safety and left the ship's bow sticking out of the water for three weeks. The Vandenberg will become the world's second largest intentionally sunk artificial reef. In 2006, the USS Oriskany, a decommissioned aircraft carrier nearly three football fields in length, was sunk about 24 miles off the coast of Pensacola Beach in the Florida Panhandle. That ship became the world's largest intentionally sunk artificial reef. "And it's been paying dividends since before it sank with the people coming for the event," Weatherby said. "We expect some of that same experience here." From rforno at infowarrior.org Tue May 26 21:13:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 17:13:59 -0400 Subject: [Infowarrior] - Cybersecurity Czar to be announced this week Message-ID: Obama Set to Create A Cybersecurity Czar With Broad Mandate Shielding Public, Private Networks Is Goal http://www.washingtonpost.com/wp-dyn/content/article/2009/05/25/AR2009052502104_pf.html By Ellen Nakashima Washington Post Staff Writer Tuesday, May 26, 2009 President Obama is expected to announce late this week that he will create a "cyber czar," a senior White House official who will have broad authority to develop strategy to protect the nation's government- run and private computer networks, according to people who have been briefed on the plan. The adviser will have the most comprehensive mandate granted to such an official to date and will probably be a member of the National Security Council but will report to the national security adviser as well as the senior White House economic adviser, said the sources, who spoke on the condition of anonymity because the deliberations are not final. The announcement will coincide with the long-anticipated release of a 40-page report that evaluates the government's cybersecurity initiatives and policies. The report is intended to outline a "strategic vision" and the range of issues the new adviser must handle, but it will not delve into details, administration officials told reporters last month. Cybersecurity "is vitally important, and the government needs to be coordinated on this," a White House official said Friday, speaking on the condition of anonymity. "The report give conclusions and next steps. It's trying to steer us in the right direction." The document will not resolve the politically charged issue of what role the National Security Agency, the premier electronic surveillance agency, will have in protecting private-sector networks. The issue is a key concern in policy circles, and experts say it requires a full and open debate over legal authorities and the protection of citizens' e-mails and phone calls. The Bush administration's secrecy in handling its Comprehensive National Cybersecurity Initiative, most of which was classified, hindered such a debate, privacy advocates have said. The White House's role will be to oversee the process, formulate policy and coordinate agencies' roles, and will not be operational, administration officials have said. Obama was briefed a week ago and signed off on the creation of the position, the sources said. But as of Friday, discussions were continuing as to what rank and title the adviser would have. The idea is to name someone who can "pick up the phone and contact the president directly, if need be," an administration official said, speaking on the condition of anonymity. Obama pledged during his presidential campaign to elevate the issue of cybersecurity to a "top priority" and to appoint a national cybersecurity adviser "who will report directly to me." Having the adviser report to both the national security and economic advisers suggests that the White House is seeking to ensure a balance between homeland security and economic concerns, the sources said. It also indicates an effort to quell an internal political battle in which Lawrence H. Summers, the senior White House economic adviser, is pushing for the National Economic Council to have a key role in cybersecurity to ensure that efforts to protect private networks do not unduly threaten economic growth, the sources said. The report suggests that although it is a key government responsibility to help secure private-sector networks, regulation should be the last resort, the sources said. The report touts the concept of public-private partnerships to protect nongovernmental systems. It discusses the need to provide incentives for greater data sharing and risk management, and to use the procurement process to drive greater security, they said. The report recommends that members be appointed to the Privacy and Civil Liberties Oversight Board, an independent executive branch agency created by Congress in 2007 to ensure that privacy concerns are considered in the implementation of counterterrorism policies and laws. The report suggests that the board's mandate expressly include cybersecurity, the sources said. The document is based on a 60-day review of cyber policies, led by Melissa Hathaway, the interim White House cybersecurity adviser and former intelligence official who is a contender for the new position. During that review, Hathaway's team had dozens of meetings with representatives from industry, academia and civil liberties groups, and received more than 100 papers. From rforno at infowarrior.org Tue May 26 21:17:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 17:17:17 -0400 Subject: [Infowarrior] - Ten Firefox extensions that help keep you safe Message-ID: (I would also add CookieSafe as a very helpful cookie/privacy manager.....-rick) May 26, 2009 1:14 PM PDT Ten Firefox extensions that help keep you safe Being safe while you surf the Web is extremely important, yet safe surfing sometimes seems like an oxymoron. For users of the Firefox browser, downloading security extensions can help increase your level of protection from worms, hackers, phishers, and the like. I should note that even with these extensions installed, you won't be perfectly safe. Visit sites only of trusted sources, and don't download unknown files. < - > http://news.cnet.com/8301-17939_109-10249214-2.html?part=rss&subj=news&tag=2547-1_3-0-20 From rforno at infowarrior.org Tue May 26 21:18:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 17:18:43 -0400 Subject: [Infowarrior] - CFP: eCrime Researchers Summit 2009 Message-ID: <8E6F11D4-3540-4C62-BAF5-6FF99F2E9A93@infowarrior.org> The fourth annual APWG eCrime Researchers Summit will be hosted in October 2009, in Tacoma, WA. http://www.ecrimeresearch.org/2009/cfp.html Original papers on all aspects of electronic crime are solicited for submission to eCrime '09. Topics of relevance include but are not limited to: * Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emerging attacks. * Technical, legal, political, social and psychological aspects of fraud and fraud prevention. * Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering. * Techniques to assess the risks and yields of attacks and the success rates of countermeasures. * Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures. * Spoofing of different types, and applications to fraud. * Techniques to avoid detection, tracking and takedown; and ways to block such techniques. * Honeypot design, data mining, and forensic aspects of fraud prevention. * Design and evaluation of user interfaces in the context of fraud and network security. * Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation. Accepted papers will appear in the IEEE Digital Library. In addition, cash awards will be given for the best paper overall and the best student co-authored paper. A limited number of cash travel awards will also be made to student authors of papers and posters. http://www.ecrimeresearch.org/2009/cfp.html From rforno at infowarrior.org Tue May 26 23:44:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 19:44:45 -0400 Subject: [Infowarrior] - SCOTUS Ease Rules on Questioning Message-ID: <8BA577D5-F562-4AD8-A8EB-0120DEA7BF3F@infowarrior.org> May 26, 2009 Justices Ease Rules on Questioning By THE ASSOCIATED PRESS Filed at 12:32 p.m. ET http://www.nytimes.com/aponline/2009/05/26/us/AP-US-Supreme-Court-Lawyer-Request.html?_r=2&hp=&pagewanted=print WASHINGTON (AP) -- The Supreme Court on Tuesday overturned a long- standing ruling that stopped police from initiating questions unless a defendant's lawyer was present, a move that will make it easier for prosecutors to interrogate suspects. The high court, in a 5-4 ruling, overturned the 1986 Michigan v. Jackson ruling, which said police may not initiate questioning of a defendant who has a lawyer or has asked for one unless the attorney is present. The Michigan ruling applied even to defendants who agreed to talk to the authorities without their lawyers. The court's conservatives overturned that opinion, with Justice Antonin Scalia saying ''it was poorly reasoned.'' Under the Jackson opinion, police could not even ask a defendant who had been appointed a lawyer if he wanted to talk, Scalia said. ''It would be completely unjustified to presume that a defendant's consent to police-initiated interrogation was involuntary or coerced simply because he had previously been appointed a lawyer,'' Scalia said in the court's opinion. Scalia, who read the opinion from the bench, said the decision will have ''minimal'' effects on criminal defendants because of the protections the court has provided in other decisions. ''The considerable adverse effect of this rule upon society's ability to solve crimes and bring criminals to justice far outweighs its capacity to prevent a genuinely coerced agreement to speak without counsel present,'' Scalia said. The Michigan v. Jackson opinion was written by Justice John Paul Stevens, the only current justice who was on the court at the time. He and Justices David Souter, Stephen Breyer and Ruth Bader Ginsburg dissented from the ruling, and in an unusual move Stevens read his dissent aloud from the bench. It was the first time this term a justice had read a dissent aloud. ''The police interrogation in this case clearly violated petitioner's Sixth Amendment right to counsel,'' Stevens said. Overruling the Jackson case, he said, ''can only diminish the public's confidence in the reliability and fairness of our system of justice.'' The Obama administration had asked the court to overturn Michigan v. Jackson, disappointing civil rights and civil liberties groups that expected President Barack Obama to reverse the policies of his Republican predecessor, George W. Bush. The Justice Department, in a brief signed by Solicitor General Elena Kagan, said the 1986 decision ''serves no real purpose'' and offers only ''meager benefits.'' The government said defendants who don't wish to talk to police don't have to and that officers must respect that decision. But it said there is no reason a defendant who wants to should not be able to respond to officers' questions. Eleven states also echoed the administration's call to overrule the 1986 case. The decision comes in the case of Jesse Jay Montejo, who was found guilty in 2005 of the shooting death of Louis Ferrari in the victim's home on Sept. 5, 2002. Montejo was appointed a public defender at his Sept. 10, 2002 hearing, but never indicated that he wanted the lawyer's help. Montejo then went with police detectives to help them look for the murder weapon. While in the car, Montejo wrote a letter to Ferrari's widow incriminating himself. When they returned to the prison, a public defender was waiting for Montejo, irate that his client had been questioned in his absence. Police used the letter against Montejo at trial, and he was convicted and sentenced to death. He appealed, but the Louisiana Supreme Court upheld the conviction and sentence. The Supreme Court sent the case back for a determination of whether any of Montejo's other court-provided protections, like his Miranda rights, were violated. The case is Montejo v. Louisiana, 07-1529. From rforno at infowarrior.org Wed May 27 01:16:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 21:16:13 -0400 Subject: [Infowarrior] - Russians Spend Big For a Piece Of Facebook Message-ID: <42D849FE-38CF-4142-9268-5937433181CF@infowarrior.org> May 27, 2009 Russians Spend Big For a Piece Of Facebook By CLAIRE CAIN MILLER http://www.nytimes.com/2009/05/27/technology/internet/27facebook.html?hpw=&pagewanted=print A Russian investment firm, Digital Sky Technologies, has invested $200 million in the social networking company Facebook in return for a 1.96 percent stake, the two companies said Tuesday. The investment values Facebook?s preferred stock at $10 billion, a $5 billion drop from October 2007 when Microsoft paid $240 million for a 1.6 percent stake. With the latest round of financing, Facebook has raised about $600 million since it was founded in 2004. Mark E. Zuckerberg, Facebook?s founder and chief, said that the Microsoft investment was made at the ?absolute peak of the market? and that it was a part of Facebook?s partnership with Microsoft, which includes advertising and search agreements. ?Relative to the economic conditions for when the Microsoft deal happened and that being more of a strategic partnership than a straight financial investment, we feel really good about the progress we?ve made,? Mr. Zuckerberg said in a conference call with reporters. At the time of Microsoft?s investment, Facebook?s $15 billion valuation drew criticism for being unrealistically high and a sign of a bubble in social network investments. With the new valuation, Facebook is demonstrating to its critics that it is living up to its early promise. Facebook turned down better-known firms in the United States who reportedly offered to invest at lower valuations. As with any private company valuation, it is simply a data point, venture capitalists say. Only when Facebook is sold to another company or sold to the public will a value be determined. ?It?s hard to extrapolate that?s what the company is worth at this point,? said Braden Berg, a lawyer in the Silicon Valley office of Mintz Levin who works with start-ups and venture capital firms. He said it was a valuable valuation, ?and that may have been one of Facebook?s motivations.? The fresh capital will provide a cushion for the company as it continues its fast-paced growth and explores new revenue sources beyond advertising. Facebook did not need the money, Mr. Zuckerberg said. Its revenue is growing 70 percent year over year. He said the company would be able to run its operations from cash flow in 2010, even without the additional capital. ?The financing will serve as a cash buffer to support our continued growth, allowing us to scale,? he said. Yet some Facebook observers have questioned whether a company growing so quickly, particularly overseas, where the online advertising market is smaller, can achieve these financial goals. Facebook had 307 million visitors worldwide in April, almost triple the number a year ago, and 79 percent of them are outside the United States, according to comScore. It is quickly using cash to pay for the bandwidth and storage needs of the exploding user base abroad. Digital Sky Technologies, which will not get a seat on Facebook?s board, will be able to help Facebook, which makes most of its money from ads, figure out new ways to make money outside the United States. It is a prominent Internet investor in Russia and Europe, where it owns stakes in Web companies that account for 70 percent of all page views on the Russian-speaking Internet, according to the firm. Its portfolio companies include two large social networks, Forticom and vKontakte, and a Russian Web portal, Mail.ru. They have various business models, such as collecting micropayments from users and selling virtual goods. These companies have figured out how to make money outside the United States much better than Facebook has, said Yuri Milner, chief executive of Digital Sky Technologies. He said that he was confident that Facebook would also be able to tap into these sources of revenue. ?We believe the current valuation reflects that,? he said. Digital Sky Technologies also plans to buy at least $100 million of Facebook stock from current and former employees, the companies said. Details of the transaction will be announced in a few months. This will let some Facebook employees receive cash before the company is sold, something Mr. Zuckerberg said would not happen in the near future. ?It?s not something we?re thinking about right now, it?s not something we?re rushing toward,? he said. ?We?ll do it when it?s the right thing for the company.? From rforno at infowarrior.org Wed May 27 03:08:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 May 2009 23:08:33 -0400 Subject: [Infowarrior] - WH Integrates Security Councils, Adds New Offices Message-ID: <1486812B-D589-4F51-8866-EC2220AB0DFF@infowarrior.org> Obama Integrates Security Councils, Adds New Offices Computer, Pandemic Threats Addressed By Spencer S. Hsu Washington Post Staff Writer Wednesday, May 27, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/05/26/AR2009052603148_pf.html President Obama announced yesterday that he will merge the staffs of the Homeland Security Council and the National Security Council to speed up and unify security policymaking inside the White House. The combined national security staff, about 240 people, will report to national security adviser James L. Jones. The White House also will add new offices for cybersecurity, for terrorism involving weapons of mass destruction, and for "resilience" -- a national security directorate aimed at preparedness and response for a domestic WMD attack, pandemic or natural catastrophe, officials said. "The challenges of the 21st century are increasingly unconventional and transnational, and therefore demand a response that effectively integrates all aspects of American power," Obama said in a statement. Obama's changes to the national security structure, to be implemented over six weeks, address concerns that former president George W. Bush created an overlapping White House bureaucracy by establishing the Homeland Security Council after the Sept. 11, 2001, terrorist attacks. The 9/11 Commission, among others, recommended merging it into the NSC. Instead, Obama will preserve the Homeland Security Council's role as the main forum for government policymaking on issues such as terrorism, weapons of mass destruction, natural disasters and pandemic influenza. Doing so will improve state and local officials' access to the White House and does not require an act of Congress, aides said. "The idea that somehow counterterrorism is a homeland security issue doesn't make sense when you recognize the fact that terror around the world doesn't recognize borders," Jones told reporters in a briefing. "There is no right-hand, left-hand anymore." John O. Brennan, Obama's assistant for homeland security and counterterrorism, will continue to report to Jones as a deputy and maintain direct access to the president. "There's no diminishment at all of the effort on" counterterrorism, Brennan said. Jones and Brennan, whom Obama tapped Feb. 23 to lead a 60-day organizational review, said the changes will strengthen the White House security staff, which includes aides detailed from other departments. Among other things, Obama is establishing a new global engagement directorate to coordinate U.S. communications with other countries and to streamline U.S. diplomatic, aid, environment and energy policies in support of security objectives, officials said. Jones said the biggest pitfall for the new structure will be if he and Brennan "don't achieve this degree of collegiality that we've achieved," adding: "If we don't do this well . . . that will contribute to instability." Senior lawmakers in Congress and former Bush aides generally praised the moves. Kenneth Wainstein, Brennan's immediate predecessor, praised the administration's "inclusive" approach and said it allayed fears that changes "might diminish the perceived importance of homeland security issues." "It doesn't bury the homeland equities," said Frank J. Cilluffo, director of George Washington University's Homeland Security Policy Institute, who served as assistant to the president for homeland security in 2003. However, Frances Fragos Townsend, who served in Brennan's role from 2005 to 2008, cautioned in an e-mail that he "will no longer have direct control of the resources required to the job." "John Brennan and Gen. Jim Jones are experienced, competent professionals and they will bear the burden of ensuring the necessary resource allocations across the broad spectrum of threats against the United States," Townsend wrote. Sen. Susan Collins (R-Maine), the top Republican on the Senate homeland security committee, said she remained "concerned" that changes may dilute the focus of Brennan and homeland security staffers. From rforno at infowarrior.org Wed May 27 11:10:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 May 2009 07:10:16 -0400 Subject: [Infowarrior] - OpEd: The Deadliness of Certainty Message-ID: <3E210BE4-3A13-4BAD-879F-C44F711C84C3@infowarrior.org> The Deadliness of Certainty By Kathleen Parker Wednesday, May 27, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/05/26/AR2009052602786_pf.html Freud recognized that human beings have a sex drive and even a death drive. Is it possible that we also have an aphorism drive? We do seem attracted to pat answers and pithy summations -- especially from our politicians. It isn't enough to be wise or effective; one must be quotable. In fact, aphorism is the oldest written art form, according to aphorism expert and author James Geary ("The World in a Phrase: A Brief History of the Aphorism"). Before famed aphorists Mark Twain, Dorothy Parker and Woody Allen put the party in repartee, Buddha, Jesus and Muhammad were creating buzz. Five thousand years ago, the Egyptians and Chinese were chiseling out sturdy statements of universal truth. Les bons mots tend to make us feel better, lending form to our thoughts and order to our emotions. They're especially useful in times of duress. Eulogies and editorials invariably feature those three little words: "As [fill in the blank] said." Here comes one now: "The only thing we have to fear is fear itself." Ahhhh. Feeling better already. Thus was born the Hallelujah Chorus. Then again, more often these days, a politician's happy turn of phrase makes me feel worse. I don't know whether to clap my hands or clutch my wallet. Why does the very thing intended to make one feel uplifted and inspired make me feel manipulated and skeptical? Harvard psychologist Daniel Gilbert, writing recently in the New York Times, inadvertently may have offered a clue. He was explaining that people are happiest when they are certain. We don't like not knowing, apparently, even when what we know is awful. Gilbert cited various experiments to make his point, including one involving the certifiably awful colostomy. People who knew their colostomies would be permanent were happier than people whose colostomies might someday be reversed. Gilbert's conclusion: People would rather know than not know. Knowing, they can make psychological adjustments. "We find our bootstraps and tug," he wrote. "But we can't come to terms with circumstances whose terms we don't yet know." Gilbert's observations were in the context of our current economic woes. As soon as we know how bad things are (or aren't), he said, we'll adapt and get along just fine. He may be right as far as it goes, but the same uncertainty that makes human beings unhappy also stimulates the creativity that makes us happy. Was Leonardo da Vinci happy? Homer? George Washington? Man's drive to create isn't born of contentment but of anxiety attached to the unconscious agitation that comes from the greatest certainty ever devised: Death. Here is a truism, if not an aphorism. Without death and the certainty of physical finitude, Homo sapiens would never have left the cave. Unhappiness and uncertainty -- rather than happiness and certitude -- are what get us off our duffs. No misery. No Sistine Chapel. So what happens to the creative spirit when government steps in to soothe our anxieties? Without unhappiness, what happens to culture? Without adversity, what happens to motivation? Parents know. Suffice to say, the work ethic is not strong among the coddled. Most important, with all needs met, what happens to freedom -- that human recoil against imposed order? When Rahm Emanuel said, "You never want a serious crisis to go to waste," he wasn't the first or the last to express the sentiment. George W. Bush was accused of taking advantage of Americans' post- Sept. 11 terror to expand executive power. Barack Obama will be remembered for creating budget-busting social programs while Americans were caught in the headlights of unemployment and economic reversal. The citizen's fear is the politician's elixir. Certainty may be the promise of government, but uncertainty is the grease of free markets. Uncertainty was also America's midwife. Without a tolerance for uncertainty -- and unhappiness -- our nation's Founders might have remained in their rockers. Previous generations understood that life is a gamble of uncertain returns. They were sometimes sad because life is sometimes sad. They were good at coping in bad times because downturns were more familiar than upticks. Today, we apparently trade liberty for certainty and our once- swashbuckling spirit for contentment, preferably in pill form. All we need is a nice aphorism to help the medicine go down. Here's one beloved by conservatives to get things rolling: "A government big enough to give you everything you want is a government big enough to take from you everything you have." Happy now? kparker at kparker.com From rforno at infowarrior.org Wed May 27 17:05:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 May 2009 13:05:25 -0400 Subject: [Infowarrior] - Steganography via TCP Message-ID: Fake web traffic can hide secret chat * 26 May 2009 by Paul Marks http://www.newscientist.com/article/mg20227096.200-fake-web-traffic-can-hide-secret-chat.html?full=true&print=true THE internet's underlying technology can be harnessed to let people exchange secret messages, perhaps allowing free speech an outlet in oppressive regimes. So says a team of steganographers at the Institute of Telecommunications in Warsaw, Poland. Steganography is the art of hiding a message in an openly available medium. For example, you can subtly change the pixels in an image in a way that is undetectable to the eye but carries meaning to anyone who knows the pre-arranged coding scheme. Wojciech Mazurczyk, along with Krzysztof Szczypiorski and Milosz Smolarczyk, have already worked out how to sneak messages into internet phone calls, and now the Warsaw team have turned their attention to the internet's transmission control protocol (TCP). Web, file transfer, email and peer-to-peer networks all use TCP, which ensures that data packets are received securely by making the sender wait until the receiver returns a "got it" message. If no such acknowledgement arrives (on average 1 in 1000 packets gets lost or corrupted), the sender's computer sends the packet again. This scheme is known as TCP's retransmission mechanism - and it can be bent to the steganographer's whim, says Mazurczyk. Their system, dubbed retransmission steganography (RSTEG), relies on sender and receiver using software that deliberately asks for retransmission even when email data packets are received successfully. "The receiver intentionally signals that a loss has occurred. The sender then retransmits the packet but with some secret data inserted in it," he says in a preliminary research paper (www.arxiv.org/abs/0905.0363) . So the message is hidden among the teeming network traffic. Could a careful eavesdropper spot that RSTEG is being used because the first sent packet is different from the one containing the secret message? As long as the system is not over-used, apparently not, because if a packet is corrupted the original packet and the retransmitted one will differ from each other anyway, masking the use of RSTEG. One application of the RSTEG technique might be to help people in totalitarian regimes avoid censorship. The Warsaw team plans to demonstrate it at a workshop on network steganography in Wuhan, China, this November. "We are aware that organising this event in China may be not only a scientific challenge but also a political one," says Mazurczyk. From rforno at infowarrior.org Wed May 27 22:18:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 May 2009 18:18:17 -0400 Subject: [Infowarrior] - L0phtcrack returns Message-ID: <616FDA94-FBCA-40FC-B100-A65E76AF2D83@infowarrior.org> Seminal password tool rises from Symantec ashes L0phtcrack returns By Dan Goodin in San Francisco ? Get more from this author Posted in Enterprise Security, 27th May 2009 18:34 GMT http://www.theregister.co.uk/2009/05/27/l0phtcrack_returns/ More than three years after Symantec unceremoniously pulled the plug on L0phtcrack, the seminal tool for auditing and cracking passwords is back with a set of new capabilities. Starting Wednesday, L0phtcrack 6 is available from the same team of hackers who introduced it to the world a decade ago. The program was pulled from the market in late 2005 shortly after it was acquired by Symantec, presumably because its offensive capabilities didn't fit in with the company's portfolio of defensive products and services. While programs like John the Ripper and Cain and Abel in many ways filled the void, L0phtcrack is credited with bringing awareness about password strength to the masses. "It was one of the few tools that you could use to do password cracking that looked legitimate at the time," said HD Moore, founder of the Metasploit project. "It became fairly common for not only the pen testers and the assessment folks to use but also very common for system administrators to use to audit the passwords of their systems." A lot has changed in the half decade that has passed since L0phtcrack 5 was released, and many of those changes are reflected in the latest version. It adds support for x64 processors and the latest operating system releases from Microsoft, Ubuntu and others. It also brings sharp new teeth to cracking passwords that use the NTLM hash, an algorithm for protecting Windows pass phrases that has come into vogue in the past few years. According to Moore, we largely have L0phtcrack to thank for the phasing out of a previous Microsoft password hash known as LAN Manager. The algorithm stored hashes in seven-character, case- insensitive chunks that made cracking especially easy. "It really changed people's views on how they should develop secure passwords," Moore explained. "L0phtcrack is probably the number-one reason why people disabled LANMan hashes and actually picked passwords longer than 14 characters in corporations." L0phtcrack's reincarnation comes after its creators from the L0pht hacker collective repurchased the program's rights from Symantec. The anti-virus provider had acquired them when it acquired @stake in 2004. @stake took control of the rights a year or so earlier when it merged with L0pht. With a price starting at $295, it's by no means the cheapest password tool on the market, but L0phtcrack team member Christien Rioux says the features such as scheduling and a dashboard that simplifies the process of disabling users with weak passwords makes the program stand out. "There are a number of enterprise administrative features that make the product worth it for organizations that are doing this on a regular basis," he said. "It's been a very long time that this has been out there. The benefit is that we've had the opportunity to interact and fix [customer] issues and take [in] their concerns." ? From rforno at infowarrior.org Thu May 28 11:22:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 May 2009 07:22:58 -0400 Subject: [Infowarrior] - CSAF memo ref: cyberspace operations Message-ID: From: CSAF Sent: Wed May 27 14:42:46 2009 Subject: Cyberspace Operations Culture Change Fellow Airmen, In executing our Air Force mission of fly, fight and win, our Airmen, civilians and contractors, knowingly or unknowingly, engage daily on the cyber battlefield. Computers and personal electronic devices connected to our networks can simultaneously be powerful tools and critical vulnerabilities. At times, our networks have been compromised by multiple means: Malware hidden in emails, virus-corrupted thumb drives, and media moved incorrectly between networks. We can prevent these events with due consideration and proper procedures, but in the past, we've regarded network protection and security as the "comm guy's job," and as a user inconvenience. This must no longer be the case. Today, we forge a long overdue Air Force cultural change. Cyber operations reinforce and enable everything we do - from administrative functions to combat operations - and we must treat our computers and networks similarly to our aircraft, satellites and missiles. To this end, operations and maintenance will follow standards governed by a tight system of regulations and technical orders. Compliance with time critical software updates will gain new emphasis and commanders will be held accountable. Command and control relationships will be revised to correctly align authorities and responsibilities. MAJCOMs and subordinate commanders will no longer "own" networks, but will be responsible for their portion of the larger Air Force Global Information Grid (AF-GIG). Air Force Space Command will champion our cyber force development and operations. I have signed a directive memo making an unequivocal statement about the importance of compliance with network related technical orders. This guidance will improve safety and efficiency on the AF-GIG and provide commanders a clear enforcement/disciplinary mechanism. MTOs, NTOs, and CCOs issued by the AFNETOPS/CC now have the same authority as aircraft maintenance technical orders and lawful general orders. I expect this change will increase compliance with network technical orders across the AF. As Airmen, civilians and contractors, you must understand your responsibility in this cultural change. Each time you use a networked device, you are on patrol for our Nation. You must be alert for and report suspicious emails, websites and suspicious attachments. Mission needs may require you to "sneaker-net" information, but you must follow safe and approved procedures for moving critical data. You must not upload data from personal devices for any reason. While training programs communicate information on network security, we depend on you to execute responsibly. When irresponsible acts occur, I expect commanders to enforce our standards. This change is not easy, but compliance enables us to defend our networks - paramount in the face of increasing threats. Networks are a shared resource and a risk assumed by one is a risk exposed to all. Our Air Force must move to a system of tight network control, personal responsibility, and accountability as we execute our global mission on behalf of our Nation. NORTON A. SCHWARTZ General, USAF Chief of Staff From rforno at infowarrior.org Thu May 28 11:27:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 May 2009 07:27:21 -0400 Subject: [Infowarrior] - =?windows-1252?q?Kremlin_Launches_=91School_of_Bl?= =?windows-1252?q?oggers=92?= Message-ID: <3EE3EDA7-6D6F-4150-925B-AA437D7CD235@infowarrior.org> Kremlin Launches ?School of Bloggers? * By Nathan Hodge Email Author * May 27, 2009 | * 10:34 am | * Categories: Info War, Russia http://www.wired.com/dangerroom/2009/05/kremlin-launches-school-of-bloggers/ Russian President Dmitry Medvedev recently made a foray into Web 2.0 with the launch of his own blog. Now it looks as if the Kremlin?s embrace of social media is tightening. Evgeny Morozov, who writes Foreign Policy?s fascinating Net.effect blog, stumbled upon the announcement for a series of public lectures on the ?Kremlin?s School of Bloggers.? The announcement is on Liberty.ru, a sort of DailyKos for the pro-Kremlin set. Unfortunately, we missed the inaugural lecture, delivered on May 14 by Alexey Chadayev, the director of the Kremlin?s school of bloggers. Chadayev (pictured, with pipe) already has an impressive resume: He lists his credentials as ?famous political scientist, blogger, activist, doctoral candidate in cultural studies, docent at Russian State University of the Humanities, member of the Public Chamber, editor in chief of the online portal Liberty.ru, and author of the book, Putin: His Ideology.? Give this man a Twitter account, and you?ll have the Karl Rove of the Russian establishment. The Russian government was slow to pick up on new media ? meaning it was always a step behind domestic political opposition as well as more serious opponents. Take the case of Kavkaz Center: a pro-Chechen website launched at the beginning of the Second Chechen War in 1999. In the early days of the conflict, Kavkaz Center was an effective propaganda site; it also pioneered a lot of the information warfare tactics seen on jihadist websites, posting ?trophy videos? of roadside bomb attacks and ambushes against Russian soldiers. Russian authorities countered with lame sites like Chechnyafree.ru, but they never quite caught on. But in recent years, the Kremlin and its online supporters have become much more adept at using the Web as a tool of information war. Kavkaz Center was an early target of denial-of-service attacks; Russian ?cyber militias? have been blamed for waging cyberwar on Georgia, Kyrgyzstan and Estonia. With backing from Medvedev, however, the Kremlin seems to view the Web as more of an instrument of soft power instead of as an offensive weapon. Take, for instance, the case of the man who posted a comment on Medvedev?s blog about shabby conditions at a local children?s hospital. The Kremlin responded swiftly, shaming the local authorities into action. It?s an effective way to reinforce the president?s prestige ? and it fits in with a historical pattern (?good czar vs. bad boyars?). Liberty.ru, for instance, seems to be a more sophisticated way to build a community than the pro-Putin youth groups, which bore a disturbing resemblance to totalitarian youth movements of the 1930s. But it still offers up a Bizzaro World version of reality. The homepage, for instance, currently features a web video entitled ?Battle for History: Georgia 1989?), which takes a conspiratorial view of the Soviet crackdown in Georgia 20 years ago, suggesting that the CIA was behind nationalist demonstrations that led to Georgia?s independence. If only. From rforno at infowarrior.org Thu May 28 12:44:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 May 2009 08:44:38 -0400 Subject: [Infowarrior] - Paper: DRM makes pirates out of us all Message-ID: <1BC31F9B-18AB-4271-95BC-EBCA7352D0EB@infowarrior.org> 6286. Technological accommodation of conflicts between freedom of expression and DRM: the first empirical assessment Patricia Akester (PhD) was awarded a Leverhulme Early Career Research Fellowship (in association with matched funding from Emmanuel College, University of Cambridge) to undertake a project looking at the impact of technological measures on the ability of users to take advantage of the statutory exceptions to copyright. When technological measures were under consideration in the mid 1990s two stark scenarios presented themselves: on the one hand, an ideal world where copyright owners could use DRM to make their works available under a host of different conditions in a way that responded to the diversity of consumer demand; on the other, a more bleak environment where all users of copyright material (and much non-copyright material) would be forced to obtain permission and pay to access material that previously would have been available to all. In the face of these two extreme visions, the European legislature developed a compromise position, embodied notoriously in Article 6(4) of the Information Society Directive. The legislature appeared to be hoping that rightholders would voluntarily make material within certain specified exceptions available to users. Patricia Akester examines how these issues are working out in practice. Based on a series of interviews with key organisations and individuals, involved in the use of copyright material and the development and deployment of DRM, she provides a sober assessment of the current state of affairs. http://www.law.cam.ac.uk/faculty-resources/download/technological-accommodation-of-conflicts-between-freedom-of-expression-and-drm-the-first-empirical-assessment/6286/pdf From rforno at infowarrior.org Thu May 28 12:47:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 May 2009 08:47:58 -0400 Subject: [Infowarrior] - Time Warner to spin off AOL Message-ID: Time Warner to spin off AOL The Associated Press Thursday, May 28, 2009; 8:41 AM NEW YORK -- Time Warner Inc. says its board has approved plans to spin off AOL, the company's lagging Internet unit. The New York company, which owns 95 percent of AOL, said Thursday it will buy out Google Inc.'s 5 percent stake during the third quarter and spin the unit off to Time Warner shareholders. The long-anticipated move is expected to be completed around the end of the year. AOL and Time Warner combined in 2001 in a deal they said would produce a powerful marriage of content and the Internet. But it produced big losses instead. In a statement, Time Warner Chief Executive Jeff Bewkes said, "We believe AOL will then have a better opportunity to achieve its full potential as a leading independent Internet company." http://www.washingtonpost.com/wp-dyn/content/article/2009/05/28/AR2009052800895.html From rforno at infowarrior.org Thu May 28 19:56:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 May 2009 15:56:52 -0400 Subject: [Infowarrior] - Who Controls the Internet? Message-ID: <5BD4000F-E6A4-4C4B-857D-165647C19AC4@infowarrior.org> Who Controls the Internet? The United States, for now, and a good thing, too. by Ariel Rabkin 05/25/2009, Volume 014, Issue 34 http://www.weeklystandard.com/Content/Public/Articles/000/000/016/515zoozk.asp In order to please our European allies and our Third World critics, the Obama administration may be tempted to surrender one particular manifestation of American "dominance": central management of key aspects of the Internet by the U.S. Department of Commerce. Other countries are pushing for more control. Early this year, British cabinet member Andy Burnham told the Daily Telegraph that he was "planning to negotiate with Barack Obama's incoming American administration to draw up new international rules for English language websites." It would be a mistake for the administration to go along. America's special role in managing the Internet is good for America and good for the world. Internet domain names (such as www.google.com) are managed hierarchically. At the top of the hierarchy is an entity called IANA, the Internet Assigned Numbers Authority, operated on behalf of the Commerce Department. The U.S. government therefore has the ultimate authority to review or revoke any decision, or even to transfer control of IANA to a different operator. Until now, the management of the Domain Name System has been largely apolitical, and most of the disputes that have arisen have been of interest only to insiders and the technology industry. IANA has concerned itself with fairly narrow questions like "Should we allow names ending in .info?" Commercial questions about ownership of names, like other property disputes, are settled in national courts. Political questions like "Who is the rightful government of Pakistan, and therefore the rightful owner of the .pk domain?" are settled by the U.S. Department of State. There are persistent proposals to break the connection between IANA and the U.S. government. In these schemes, IANA would be directed by some international body, such as the United Nations or the International Telecommunication Union, which coordinates international phone networks. It is unclear what problem such proposals attempt to solve. There have been no serious complaints about American stewardship of the Internet, no actual abuses perpetrated by American overseers. But were we to abdicate this stewardship, a number of difficulties could arise. Domain names sometimes present political questions. Which side in a civil war should control Pakistan's Internet domain? Should Israel's .il be suspended as punishment for its being an "Apartheid state"? What about Taiwan's .tw if China announces an attempt to "reabsorb its wayward province"? Perhaps most serious, control of Internet names could become a lever to impose restrictions on Internet content. Many governments already attempt to control speech on the Internet. Some years ago, Yahoo! was subject to criminal proceedings in France for allowing Nazi memorabilia to be auctioned on its website. Britain, Canada, and Australia all have mandatory nationwide blacklists of banned sites, managed by nongovernmental regulators with minimal political oversight. Such blacklists can have unpredictable consequences: Wikipedia was badly degraded to British users for some hours because of a poorly designed censorship system targeting child pornography. If we give control of the Internet naming infrastructure to an international organization, we must expect attempts to censor the Internet. The Organization of the Islamic Conference will doubtless demand the suppression of websites that "insult Islam" or "encourage hatred," and a number of European countries may well go along. Most countries lack our First Amendment tradition, and if we wish to protect the free speech rights of Americans online, we should not allow Internet domain names to be hostage to foreign standards. Many other First World countries already have government-imposed restrictions on Internet speech that we would not contemplate here. Even if Internet governance were shared only with First World democracies, they might urge and ultimately demand that domain operators impose restrictions on content. An international Internet-management organization could offer foreign governments a way to impose restrictions without public debate. Rather than having a political fight about the matter, governments might quietly pressure international regulators to draw up and gradually extend "responsible behavior" codes for online speech. This would follow a pattern familiar in other global institutions: Governments negotiate preferred policies without public participation and then present the results as an international consensus, beyond political challenge. American stewardship does not mean the world must put its entire trust in U.S. oversight. If the United States started using its privileged role in ways that other governments found intolerable, they could override this behavior. It would be technically straightforward for foreign governments to maintain their own naming infrastructure and to instruct Internet service providers to use it. This heavy-handed government intervention in network operations, however, would likely receive substantial public scrutiny. It probably would not be undertaken unless the United States gravely misused its authority over the Internet. This same reluctance would apply to potential American responses to censorship or mismanagement by an international organization. The United States could, in theory, set up a renegade, uncensored Internet. But there would likely be significant public distrust, substantial political acrimony, and a great deal of hesitation. We are better off keeping the public Internet free and leaving the social and technical burdens on governments that want to censor. The present system is thus perhaps the best way to prevent the naming system from being used to chill online speech worldwide. American supervision of Internet naming is not a historical accident.Much of the world's telecommunications infrastructure was developed by national post offices. Our unusual tradition of private infrastructure development, including the railroad and telephone networks, made America fertile ground for the development of the Internet. We expect government not only to settle political questions, but also to protect the freedom of private entrepreneurs as much as possible. To the extent that the Internet is decentralized and self- governing, it is so because Americans expect society to work that way. It is natural for other countries to resent the privileged role of the United States in Internet governance and to demand a greater measure of control. But if we believe in free speech, we ought to keep control of the Internet away from foreign governments that value it far less than we do. Ariel Rabkin is a Ph.D. student in computer science at the University of California, Berkeley. From rforno at infowarrior.org Thu May 28 19:58:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 May 2009 15:58:39 -0400 Subject: [Infowarrior] - Obama to create cyber czar in awareness effort Message-ID: Obama to create cyber czar in awareness effort By LOLITA C. BALDOR , 05.28.09, 03:41 PM EDT http://www.forbes.com/feeds/ap/2009/05/28/ap6477154.html The Obama administration is creating a "cyber czar" within the White House to coordinate the nation's computer security. Critics already say the post will not have enough authority to haul the government into the digital age. Government and private industry need to better protect the nation's computer networks, the White House warns in a plan to be rolled out Friday as the administration sets broad goals for dealing with cyber threats. President Barack Obama is expected to say that cyber security is a top priority of the administration and to call for a new education campaign to raise public awareness of the challenges and threats cyber security involves. Completed six weeks ago, the much-anticipated cyber report has been delayed because policymakers in and outside the White House have been at loggerheads over how much power and budget-making authority the new office will have. According to officials familiar with the discussions, the cyber czar would be a special assistant to the president and would be supported by a new cyber directorate within the National Security Council. The cyber czar would also work with the National Economic Council, said the officials, who described the plan on condition of anonymity because it has not been publicly released. The special assistant title is not as high in the White House hierarchy as some officials sought. It would not give the czar direct, unfettered access to the president. Instead, the official would report to senior NSC officials - a situation many say will make it difficult to make major changes within the calcified federal bureaucracy. Government and military officials have acknowledged that U.S. computer networks are constantly assailed by attacks and scans, ranging from nuisance hacking to more nefarious probes and attacks. Some suggest that the actions at times are a form of cyber espionage from other nations, such as China. Federal officials and corporate leaders familiar with the review say it will urge private industry to better protect networks against hackers and cyber criminals. The plan will call for accountability from both the government and industry in ensuring the security of the nation's networks. Related Stories The study will depict the U.S. as a digital nation that needs to provide the education required to keep pace with technology, and attract and retain a cyber-savvy work force. But the review does not explicitly dictate how the government or private industry should tighten digital defenses. Critics say the cyber czar will not have sufficient budgetary and policymaking authority over securing computer systems and spending. Dale Meyerrose, a retired Air Force major general now vice president at Harris Corp. ( HRS - news - people ), said the administration needs to improve the ways government agencies use and secure their computer systems and how they spend their budgets. The White House, Meyerrose said, needs "to empower this person to solve the problems." But, he added, "this is an initial step and to expect it to completely change how we run government is asking way too much." Because of lingering uncertainty over the cyber czar's authority and presidential access, several contenders for the post took themselves out of the running, according to one former administration official. But a handful of candidates were still being mentioned as late as this week. Obama, however, is not expected to announce who will get the job during Friday's unveiling of the review, according to an administration official who spoke on condition of anonymity because the selection process is ongoing. Obama ordered a 60-day cyber review shortly after taking office, and the exhaustive study has been lauded by government officials and well as technology executives. The review was led by Melissa Hathaway, once an aide to President George W. Bush and appointed by Obama to fashion a broad policy for the computer systems that govern everything from power grids and airline traffic to military computers. Corporate leaders who met with Hathaway praised her efforts to reach out to private industry. Franck Journoud, manager of information security policy for BSA, said the administration had a "healthy debate" over how to ensure cyber security without limiting innovation and economic development. Others cautioned that expectations may have been set too high for the review's results. Lawmakers are already taking steps to shape the government's cyber policies, and in some cases may call for stronger action that the president is expected to take. Democratic Sen. Jay Rockefeller of West Virginia, who chairs the Senate's commerce committee, has introduced legislation with Sen. Olympia Snowe, R-Maine, that would establish a national cybersecurity adviser office, led by someone who would report directly to the president. U.S. cyber efforts have been plagued with turf battles and confusion over who controls the country's vast computer systems. Earlier this year the head of the nation's cybersecurity center, Rod Beckstrom, resigned, bluntly complaining about a shortage of money for the center and a clash over whether the National Security Agency should control cyber efforts. The role of the NSA - the agency oversees electronic intelligence- gathering - in protecting domestic computer networks has triggered debate, particularly among privacy and civil liberties groups who oppose giving such control to U.S. spy agencies. Intelligence officials argue, however, that they must be involved in order to adequately defend the country and its networks. Although Obama's new review put overall control and coordination of cyber at the White House, it reportedly does not get into the NSA debate. Associated Press writer Ted Bridis contributed to this report. Copyright 2009 Associated Press. All rights reserved. This material may not be published broadcast, rewritten, or redistributed From rforno at infowarrior.org Fri May 29 03:00:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 May 2009 23:00:16 -0400 Subject: [Infowarrior] - Pentagon Plans New Arm to Wage Wars in Cyberspace Message-ID: <8CE1FA8B-B28F-4EEF-A996-3F3D3EA4FB2B@infowarrior.org> May 29, 2009 Pentagon Plans New Arm to Wage Wars in Cyberspace By DAVID E. SANGER and THOM SHANKER http://www.nytimes.com/2009/05/29/us/politics/29cyber.html?pagewanted=print WASHINGTON ? The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare. The military command would complement a civilian effort to be announced by President Obama on Friday that would overhaul the way the United States safeguards its computer networks. Mr. Obama, officials said, will announce the creation of a White House office ? reporting to both the National Security Council and the National Economic Council ? that will coordinate a multibillion dollar effort to restrict access to government computers and protect systems that run the stock exchanges, clear global banking transactions and manage the air traffic control system. White House officials say Mr. Obama has not yet been formally presented with the Pentagon plan. They said he would not discuss it Friday when he announces the creation of a White House office responsible for coordinating private-sector and government defenses against the thousands of cyberattacks mounted against the United States ? largely by hackers but sometimes by foreign governments ? every day. But he is expected to sign a classified order in coming weeks that will create the military cybercommand, officials said. It is a recognition that the United States already has a growing number of computer weapons in its arsenal and must prepare strategies for their use ? as a deterrent or alongside conventional weapons ? in a wide variety of possible future conflicts. The White House office will be run by a ?cyberczar,? but because the position will not have direct access to the president, some experts said it was not high-level enough to end a series of bureaucratic wars that have broken out as billions of dollars have suddenly been allocated to protect against the computer threats. The main dispute has been over whether the Pentagon or the National Security Agency should take the lead in preparing for and fighting cyberbattles. Under one proposal still being debated, parts of the N.S.A. would be integrated into the military command so they could operate jointly. Officials said that in addition to the unclassified strategy paper to be released by Mr. Obama on Friday, a classified set of presidential directives is expected to lay out the military?s new responsibilities and how it coordinates its mission with that of the N.S.A., where most of the expertise on digital warfare resides today. The decision to create a cybercommand is a major step beyond the actions taken by the Bush administration, which authorized several computer-based attacks but never resolved the question of how the government would prepare for a new era of warfare fought over digital networks. It is still unclear whether the military?s new command or the N.S.A. ? or both ? will actually conduct this new kind of offensive cyber operations. The White House has never said whether Mr. Obama embraces the idea that the United States should use cyberweapons and the public announcement on Friday is expected to focus solely on defensive steps and the government?s acknowledgement that it needs to be better organized to face the threat from foes attacking military, government and commercial online systems. Defense Secretary Robert M. Gates has pushed for the Pentagon to become better organized to address the security threat. Initially at least, the new command would focus on organizing the various components and capabilities now scattered across the four armed services. Officials declined to describe potential offensive operations, but said they now viewed cyberspace as comparable to more traditional battlefields. ?We are not comfortable discussing the question of offensive cyber operations, but we consider cyberspace a war-fighting domain,? said Bryan Whitman, a Pentagon spokesman. ?We need to be able to operate within that domain just like on any battlefield, which includes protecting our freedom of movement and preserving our capability to perform in that environment. Although Pentagon civilian officials and military officers said the new command was expected to initially be a subordinate headquarters under the military?s Strategic Command, which controls nuclear operations as well as cyberdefenses, it could eventually become an independent command. ?No decision has been made,? said Lt. Col. Eric Butterbaugh, a Pentagon spokesman. ?Just as the White House has completed its 60-day review of cyberspace policy, likewise, we are looking at how the department can best organize itself to fill our role in implementing the administration?s cyberpolicy.? The creation of the cyberczar?s office inside the White House appears to be part of a significant expansion of the role of the national security apparatus there. A separate group overseeing domestic security, created by President George W. Bush after the Sept. 11 attacks, now resides within the National Security Council. A senior White House official responsible for countering the proliferation of nuclear and unconventional weapons has been given broader authority. Now, cybersecurity will also rank as one of the key threats that Mr. Obama is seeking to coordinate from the White House. The strategy review Mr. Obama will discuss on Friday was completed weeks ago, but delayed because of continuing arguments over the authority of the White House office, and the budgets for the entire effort. It was kept separate from the military debate over whether the Pentagon or the N.S.A. is best equipped to engage in offensive operations. Part of that debate hinges on the question of how much control should be given to American spy agencies, since they are prohibited from acting on American soil. ?It?s the domestic spying problem writ large,? one senior intelligence official said recently. ?These attacks start in other countries, but they know no borders. So how do you fight them if you can?t act both inside and outside the United States?? John Markoff contributed reporting. From rforno at infowarrior.org Fri May 29 03:12:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 May 2009 23:12:24 -0400 Subject: [Infowarrior] - FBI planning a bigger role in terrorism fight Message-ID: <7E5B37BD-377E-42B0-B49F-D2BC0D3BE56C@infowarrior.org> FBI planning a bigger role in terrorism fight Bureau agents will gather evidence to ensure that criminal prosecutions of alleged terrorists are an option. The move is a reversal of the Bush administration's emphasis on covert CIA actions. By Josh Meyer May 28, 2009 http://www.latimes.com/news/nationworld/nation/la-na-fbi28-2009may28,0,694540.story Reporting from Washington -- The FBI and Justice Department plan to significantly expand their role in global counter-terrorism operations, part of a U.S. policy shift that will replace a CIA- dominated system of clandestine detentions and interrogations with one built around transparent investigations and prosecutions. Under the "global justice" initiative, which has been in the works for several months, FBI agents will have a central role in overseas counter-terrorism cases. They will expand their questioning of suspects and evidence-gathering to try to ensure that criminal prosecutions are an option, officials familiar with the effort said. Though the initiative is a work in progress, some senior counter- terrorism officials and administration policy-makers envision it as key to the national security strategy President Obama laid out last week -- one that presumes most accused terrorists have the right to contest the charges against them in a "legitimate" setting. The approach effectively reverses a mainstay of the Bush administration's war on terrorism, in which global counter-terrorism was treated primarily as an intelligence and military problem, not a law enforcement one. That policy led to the establishment of the prison at Guantanamo Bay, Cuba; harsh interrogations; and detentions without trials. The "global justice" initiative starts out with the premise that virtually all suspects will end up in a U.S. or foreign court of law. That will be the case whether a suspected terrorist is captured on the battlefields of Iraq and Afghanistan, in the Philippine jungle or in a mosque in Nigeria, said one senior U.S. counter-terrorism official with knowledge of the initiative. "Regardless of where any bad guy is caught, we want the bureau to be in a position to put charges on them," the official said, adding that the Bush administration's emphasis on CIA and military operations often marginalized the FBI -- especially when it came to interrogating suspects. Like others interviewed for this article, the official spoke on the condition of anonymity because no one has been authorized to discuss the initiative publicly. "We have no comment on it at this time," FBI Assistant Director John J. Miller, the bureau's chief spokesman, said when asked about the initiative. Upon taking office in January, Obama shut down the CIA's secret "black site" prisons and forbade the use of coercive interrogation techniques. That opened the door for an increased role for the FBI, which for the last year has deployed more agents and analysts overseas to work alongside the CIA, U.S. military and foreign governments. The initiative would mean even broader incorporation of the FBI and Justice Department into global counter-terrorism operations. Many national security officials said it is a vindication of the FBI, which before Sept. 11 had played a leading role in international terrorism investigations. FBI agents for years had used non-coercive interrogations to thwart attacks, win convictions of Al Qaeda operatives and gain an encyclopedic knowledge of how the terrorist network operates. But they withdrew from questioning important suspects after the bureau opposed the tactics being used by the CIA and military -- often by inexperienced civilian contractors. The harsh interrogations provided such bad information that U.S. agents spent years chasing false leads around the world, former FBI agent Ali Soufan testified before Congress two weeks ago. "It was one of the worst and most harmful decisions made in our efforts against Al Qaeda." Bush administration officials, however, have defended the tactics and rejected claims that the FBI's methods would have worked better. "With many thousands of lives potentially in the balance, we did not think it made good sense to let the terrorists answer questions in their own good time," former Vice President Dick Cheney said in a speech this month. The FBI itself has been criticized, as has the CIA, for failing to connect the dots before the Sept. 11 attacks. In hindsight, the evidence pointed to a clear and intensive Al Qaeda effort to launch attacks on U.S. soil. Before Sept. 11, the FBI model of "informed" interrogation -- knowing everything about a suspect to get them talking -- was the preferred method of intelligence and military interrogators. Even veteran CIA agents said that abandoning that approach after Sept. 11 was counterproductive. "To use a contractor to ask the questions and not let the FBI guy who's collected all the evidence and knows all of the intelligence about these guys, it makes no sense at all," said former CIA counter-terrorism case agent Robert Baer. One intelligence official said the FBI's expanded role in the global fight against terrorism was a natural outgrowth of the Obama administration's new priorities. "It stands to reason because, by executive order, the CIA is out of the long-term detention business," the official said, referring to Obama's closing of overseas prisons. Richard Clarke, a senior counter-terrorism official in the Clinton and George W. Bush administrations, said the turnabout was long overdue. "We have to return to the practice that we had before of arresting terrorists and putting them on trial," said Clarke, who added that the country's ability to do that "has atrophied." CIA spokesman Paul Gimigliano said the agency would continue to play a central role in interrogations and counter-terrorism operations -- using techniques approved by the U.S. Army Field Manual-- in conjunction with other U.S. agencies. Behind the scenes, some intelligence officials are resisting a broader criminal justice role overseas for the FBI, contending that it could inhibit the flow of intelligence if their own agents, or foreign governments, believe top-secret sources and methods might be disclosed during criminal prosecutions. Two senior U.S. officials said efforts are being made to ensure that intelligence-gathering and law enforcement efforts proceed side by side. They stressed that the CIA and military would continue to play pivotal roles, particularly in gaining strategic intelligence against terrorist groups and thwarting future attacks. josh.meyer at latimes.com From rforno at infowarrior.org Fri May 29 12:19:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 May 2009 08:19:21 -0400 Subject: [Infowarrior] - AFSC Journal on Cyberspace Message-ID: <148CCF47-D989-4324-B5C6-3E8EE7A90667@infowarrior.org> (h/t Anonymous.) The latest issue of AF Space Command's professional journal is dedicated to Cyberspace Operations. http://www.afspc.af.mil/shared/media/document/AFD-090519-102.pdf From rforno at infowarrior.org Fri May 29 14:35:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 May 2009 10:35:53 -0400 Subject: [Infowarrior] - WH Fact Sheet: Cyberspace Policy Review Message-ID: <7550907C-8A06-44AA-8BA9-351BA790B532@infowarrior.org> http://www.boston.com/news/politics/politicalintelligence/2009/05/president_annou.html FACT SHEET Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure In February 2009, President Obama directed the National Security Council (NSC) and Homeland Security Council to conduct a 60-day review of the plans, programs, and activities underway throughout government that address our communications and information infrastructure (i.e., ?cyberspace?), in order to develop a strategic framework to ensure that the U.S. government?s initiatives in this area are appropriately integrated, resourced, and coordinated. Threats to the information and communications infrastructure pose one of the most serious economic and national security challenges of the 21st Century for the United States and our allies. In this environment, the status quo is no longer acceptable, and a national dialogue on cybersecurity must begin today. The U.S. Government cannot succeed in securing cyberspace in isolation, but it also cannot entirely delegate or abrogate its role in securing the Nation from a cyber incident or accident. Ensuring that cyberspace is sufficiently resilient and trustworthy to support U.S. goals of economic growth, civil liberties and privacy protections, national security, and the continued advancement of global democratic institutions requires working with individuals, academia, industry, and governments. We must make cybersecurity a national priority and lead from the White House. The review team?s report to the President contains five main chapters, outlined below, and includes a near-term action plan for U.S. Government activities to strengthen cybersecurity. (U) Chapter I: Leading from the Top ? Makes the case for strengthening cybersecurity leadership for the United States through 1) the establishment of a Presidential cybersecurity policy official and supporting structures, 2) reviewing laws and policies, and 3) strengthening cybersecurity leadership and accountability at federal, state, local, and tribal levels. (U) Chapter II: Building Capacity for a Digital Nation ? Advocates a national dialogue on cybersecurity to increase public awareness of the threats and risks and how to reduce them. Outlines the need for increased education efforts at all levels to ensure a technologically advanced workforce in cybersecurity and related areas, similar to the United States? focus on mathematics and science education in the 1960s. Identifies the need to expand and improve the federal information technology workforce and for the Federal government to facilitate programs and information sharing on cybersecurity threats, vulnerabilities, and effective practices across all levels of government and industry. (U) Chapter III: Sharing Responsibility for Cybersecurity ? Discusses the need for improving and expanding partnerships between the Federal government and both the private sector and key U.S. allies. (U) Chapter IV: Creating Effective Information Sharing and Incident Response ? The United States needs a comprehensive framework to facilitate coordinated responses by government, the private sector, and allies to a significant cyber incident. This chapter explores elements of such a framework and suggests enhancements to information sharing mechanisms to improve incident response capabilities. (U) Chapter V: Encouraging Innovation ? The chapter addresses ways for the United States to harness the benefits of innovation to address cybersecurity concerns, including work with the private sector to define performance and security objectives for future infrastructure, linking research and development to infrastructure development and expanding coordination of government, industry, and academic research efforts. It also addresses supply chain security and national security / emergency preparedness telecommunications efforts. Expected attendees at today?s East Room event: Secretary Steven Chu, Department of Energy Secretary Janet Napolitano, Department of Homeland Security General James Jones, National Security Advisor Deputy Secretary William Lynn, Department of Defense Deputy Secretary Neal Wolin, Department of Treasury Lawrence Summers, Director of the National Economic Council Lynne Osmus, Acting Administrator of the Federal Aviation Administration Jon Wellinghoff, Chairman of the Federal Energy Regulatory Commission Michael Copps, Acting Chairman of the Federal Communications Commission Jon Leibowitz, Chair of the Federal Trade Commission James Cartwright, Vice Chairman of the Joint Chiefs of Staff Robert Mueller, Director of the Federal Bureau of Investigation John P. Holdren, Director of the Office of Science and Technology John Kimmons, Lieutenant-general, Director of National Intelligence Office John O. Brennan, Assistant to the President for Homeland Security and Counterterrorism Maryland Governor Martin O?Malley, Chair of National Governors Association, Homeland Security Committee Congressman Bart Gordon Congressman Peter King William Pelgrin, Chair of the Multi-State Information Sharing and Analysis Center Heather Hogsett, National Governors Association, Director, Public Safety and Homeland Security Office of Federal Relations From rforno at infowarrior.org Fri May 29 15:22:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 May 2009 11:22:43 -0400 Subject: [Infowarrior] - PDF -- WH Cyberspace Security Review Message-ID: <119DDAC8-75EC-4570-81C7-A23E2512C9DF@infowarrior.org> WH Cyberspace Security Review: Assuring a Trusted and Resilient Information and Communications Infrastructure http://www.whitehouse.gov/asset.aspx?AssetId=1732 From rforno at infowarrior.org Fri May 29 19:49:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 May 2009 15:49:53 -0400 Subject: [Infowarrior] - Text: Obama's Remarks on Cybersecurity Message-ID: <0480CDC0-D073-43B3-BF12-FD824F93899F@infowarrior.org> May 29, 2009 Text: Obama's Remarks on Cybersecurity http://www.nytimes.com/2009/05/29/us/politics/29obama.text.html?ref=politics&pagewanted=print Following is the text of President Obama's remarks on Friday on a new White House cybersecurity office, as released by the White House. THE PRESIDENT: Everybody, please be seated. We meet today at a transformational moment -- a moment in history when our interconnected world presents us, at once, with great promise but also great peril. Now, over the past four months my administration has taken decisive steps to seize the promise and confront these perils. We're working to recover from a global recession while laying a new foundation for lasting prosperity. We're strengthening our armed forces as they fight two wars, at the same time we're renewing American leadership to confront unconventional challenges, from nuclear proliferation to terrorism, from climate change to pandemic disease. And we're bringing to government -- and to this White House -- unprecedented transparency and accountability and new ways for Americans to participate in their democracy. But none of this progress would be possible, and none of these 21st century challenges can be fully met, without America's digital infrastructure -- the backbone that underpins a prosperous economy and a strong military and an open and efficient government. Without that foundation we can't get the job done. It's long been said that the revolutions in communications and information technology have given birth to a virtual world. But make no mistake: This world -- cyberspace -- is a world that we depend on every single day. It's our hardware and our software, our desktops and laptops and cell phones and Blackberries that have become woven into every aspect of our lives. It's the broadband networks beneath us and the wireless signals around us, the local networks in our schools and hospitals and businesses, and the massive grids that power our nation. It's the classified military and intelligence networks that keep us safe, and the World Wide Web that has made us more interconnected than at any time in human history. So cyberspace is real. And so are the risks that come with it. It's the great irony of our Information Age -- the very technologies that empower us to create and to build also empower those who would disrupt and destroy. And this paradox -- seen and unseen -- is something that we experience every day. It's about the privacy and the economic security of American families. We rely on the Internet to pay our bills, to bank, to shop, to file our taxes. But we've had to learn a whole new vocabulary just to stay ahead of the cyber criminals who would do us harm -- spyware and malware and spoofing and phishing and botnets. Millions of Americans have been victimized, their privacy violated, their identities stolen, their lives upended, and their wallets emptied. According to one survey, in the past two years alone cyber crime has cost Americans more than $8 billion. I know how it feels to have privacy violated because it has happened to me and the people around me. It's no secret that my presidential campaign harnessed the Internet and technology to transform our politics. What isn't widely known is that during the general election hackers managed to penetrate our computer systems. To all of you who donated to our campaign, I want you to all rest assured, our fundraising website was untouched. (Laughter.) So your confidential personal and financial information was protected. But between August and October, hackers gained access to emails and a range of campaign files, from policy position papers to travel plans. And we worked closely with the CIA -- with the FBI and the Secret Service and hired security consultants to restore the security of our systems. It was a powerful reminder: In this Information Age, one of your greatest strengths -- in our case, our ability to communicate to a wide range of supporters through the Internet -- could also be one of your greatest vulnerabilities. This is a matter, as well, of America's economic competitiveness. The small businesswoman in St. Louis, the bond trader in the New York Stock Exchange, the workers at a global shipping company in Memphis, the young entrepreneur in Silicon Valley -- they all need the networks to make the next payroll, the next trade, the next delivery, the next great breakthrough. E-commerce alone last year accounted for some $132 billion in retail sales. But every day we see waves of cyber thieves trolling for sensitive information -- the disgruntled employee on the inside, the lone hacker a thousand miles away, organized crime, the industrial spy and, increasingly, foreign intelligence services. In one brazen act last year, thieves used stolen credit card information to steal millions of dollars from 130 ATM machines in 49 cities around the world -- and they did it in just 30 minutes. A single employee of an American company was convicted of stealing intellectual property reportedly worth $400 million. It's been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to $1 trillion. In short, America's economic prosperity in the 21st century will depend on cybersecurity. And this is also a matter of public safety and national security. We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control. Yet we know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness. Our technological advantage is a key to America's military dominance. But our defense and military networks are under constant attack. Al Qaeda and other terrorist groups have spoken of their desire to unleash a cyber attack on our country -- attacks that are harder to detect and harder to defend against. Indeed, in today's world, acts of terror could come not only from a few extremists in suicide vests but from a few key strokes on the computer -- a weapon of mass disruption. In one of the most serious cyber incidents to date against our military networks, several thousand computers were infected last year by malicious software -- malware. And while no sensitive information was compromised, our troops and defense personnel had to give up those external memory devices -- thumb drives -- changing the way they used their computers every day. And last year we had a glimpse of the future face of war. As Russian tanks rolled into Georgia, cyber attacks crippled Georgian government websites. The terrorists that sowed so much death and destruction in Mumbai relied not only on guns and grenades but also on GPS and phones using voice-over-the-Internet. For all these reasons, it's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation. It's also clear that we're not as prepared as we should be, as a government or as a country. In recent years, some progress has been made at the federal level. But just as we failed in the past to invest in our physical infrastructure -- our roads, our bridges and rails -- we've failed to invest in the security of our digital infrastructure. No single official oversees cybersecurity policy across the federal government, and no single agency has the responsibility or authority to match the scope and scale of the challenge. Indeed, when it comes to cybersecurity, federal agencies have overlapping missions and don't coordinate and communicate nearly as well as they should -- with each other or with the private sector. We saw this in the disorganized response to Conficker, the Internet "worm" that in recent months has infected millions of computers around the world. This status quo is no longer acceptable -- not when there's so much at stake. We can and we must do better. And that's why shortly after taking office I directed my National Security Council and Homeland Security Council to conduct a top-to- bottom review of the federal government's efforts to defend our information and communications infrastructure and to recommend the best way to ensure that these networks are able to secure our networks as well as our prosperity. Our review was open and transparent. I want to acknowledge, Melissa Hathaway, who is here, who is the Acting Senior Director for Cyberspace on our National Security Council, who led the review team, as well as the Center for Strategic and International Studies bipartisan Commission on Cybersecurity, and all who were part of our 60-day review team. They listened to a wide variety of groups, many of which are represented here today and I want to thank for their input: industry and academia, civil liberties and private -- privacy advocates. We listened to every level and branch of government -- from local to state to federal, civilian, military, homeland as well as intelligence, Congress and international partners, as well. I consulted with my national security teams, my homeland security teams, and my economic advisors. Today I'm releasing a report on our review, and can announce that my administration will pursue a new comprehensive approach to securing America's digital infrastructure. This new approach starts at the top, with this commitment from me: From now on, our digital infrastructure -- the networks and computers we depend on every day -- will be treated as they should be: as a strategic national asset. Protecting this infrastructure will be a national security priority. We will ensure that these networks are secure, trustworthy and resilient. We will deter, prevent, detect, and defend against attacks and recover quickly from any disruptions or damage. To give these efforts the high-level focus and attention they deserve -- and as part of the new, single National Security Staff announced this week -- I'm creating a new office here at the White House that will be led by the Cybersecurity Coordinator. Because of the critical importance of this work, I will personally select this official. I'll depend on this official in all matters relating to cybersecurity, and this official will have my full support and regular access to me as we confront these challenges. Today, I want to focus on the important responsibilities this office will fulfill: orchestrating and integrating all cybersecurity policies for the government; working closely with the Office of Management and Budget to ensure agency budgets reflect those priorities; and, in the event of major cyber incident or attack, coordinating our response. To ensure that federal cyber policies enhance our security and our prosperity, my Cybersecurity Coordinator will be a member of the National Security Staff as well as the staff of my National Economic Council. To ensure that policies keep faith with our fundamental values, this office will also include an official with a portfolio specifically dedicated to safeguarding the privacy and civil liberties of the American people. There's much work to be done, and the report we're releasing today outlines a range of actions that we will pursue in five key areas. First, working in partnership with the communities represented here today, we will develop a new comprehensive strategy to secure America's information and communications networks. To ensure a coordinated approach across government, my Cybersecurity Coordinator will work closely with my Chief Technology Officer, Aneesh Chopra, and my Chief Information Officer, Vivek Kundra. To ensure accountability in federal agencies, cybersecurity will be designated as one of my key management priorities. Clear milestones and performances metrics will measure progress. And as we develop our strategy, we will be open and transparent, which is why you'll find today's report and a wealth of related information on our Web site, www.whitehouse.gov. Second, we will work with all the key players -- including state and local governments and the private sector -- to ensure an organized and unified response to future cyber incidents. Given the enormous damage that can be caused by even a single cyber attack, ad hoc responses will not do. Nor is it sufficient to simply strengthen our defenses after incidents or attacks occur. Just as we do for natural disasters, we have to have plans and resources in place beforehand -- sharing information, issuing warnings and ensuring a coordinated response. Third, we will strengthen the public/private partnerships that are critical to this endeavor. The vast majority of our critical information infrastructure in the United States is owned and operated by the private sector. So let me be very clear: My administration will not dictate security standards for private companies. On the contrary, we will collaborate with industry to find technology solutions that ensure our security and promote prosperity. Fourth, we will continue to invest in the cutting-edge research and development necessary for the innovation and discovery we need to meet the digital challenges of our time. And that's why my administration is making major investments in our information infrastructure: laying broadband lines to every corner of America; building a smart electric grid to deliver energy more efficiently; pursuing a next generation of air traffic control systems; and moving to electronic health records, with privacy protections, to reduce costs and save lives. And finally, we will begin a national campaign to promote cybersecurity awareness and digital literacy from our boardrooms to our classrooms, and to build a digital workforce for the 21st century. And that's why we're making a new commitment to education in math and science, and historic investments in science and research and development. Because it's not enough for our children and students to master today's technologies -- social networking and e-mailing and texting and blogging -- we need them to pioneer the technologies that will allow us to work effectively through these new media and allow us to prosper in the future. So these are the things we will do. Let me also be clear about what we will not do. Our pursuit of cybersecurity will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans. Indeed, I remain firmly committed to net neutrality so we can keep the Internet as it should be -- open and free. The task I have described will not be easy. Some 1.5 billion people around the world are already online, and more are logging on every day. Groups and governments are sharpening their cyber capabilities. Protecting our prosperity and security in this globalized world is going to be a long, difficult struggle demanding patience and persistence over many years. But we need to remember: We're only at the beginning. The epochs of history are long -- the Agricultural Revolution; the Industrial Revolution. By comparison, our Information Age is still in its infancy. We're only at Web 2.0. Now our virtual world is going viral. And we've only just begun to explore the next generation of technologies that will transform our lives in ways we can't even begin to imagine. So a new world awaits -- a world of greater security and greater potential prosperity -- if we reach for it, if we lead. So long as I'm President of the United States, we will do just that. And the United States -- the nation that invented the Internet, that launched an information revolution, that transformed the world -- will do what we did in the 20th century and lead once more in the 21st. Thank you very much, everybody. Thank you. (Applause.) From rforno at infowarrior.org Fri May 29 20:05:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 May 2009 16:05:33 -0400 Subject: [Infowarrior] - Cybersecurity Quiz: Can you tell Obama from Bush? Message-ID: <1981C128-BBBC-4CFE-BDB2-F12B8B24D962@infowarrior.org> May 29, 2009 12:19 PM PDT A Cybersecurity Quiz: Can you tell Obama from Bush? by Declan McCullagh http://news.cnet.com/8301-13578_3-10252263-38.html?part=rss&subj=news&tag=2547-1_3-0-20 The U.S. president has announced a comprehensive cybersecurity strategy for the federal government, saying Internet-based threats have risen "dramatically" and the country "must act to reduce our vulnerabilities." A 76-page White House document calls for a new way of looking at Internet and computer security, saying that private-public partnerships are necessary, collaboration with international organizations will be vital, and that privacy and civil liberties must be respected in the process. Sound familiar? The year was 2003, and the president was George W. Bush, who wrote the introduction to what he called a "National Strategy to Secure Cyberspace." On Friday, President Obama announced his 76-page "Cyberspace Policy Review" -- with precisely the same number of pages as his predecessor's -- at an event at the White House. While the Bush document discusses centralizing cybersecurity responsibilities in the Department of Homeland Security and the Obama document shifts them to the White House, the two reports are remarkably similar. Perhaps this should be no surprise: Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an Bush-era "Cyber Task Force," to conduct the review. To test your political acumen, we've taken excerpts from both and placed them side-by side in the following chart. Can you tell which quotations come from which administration? (An answer key is at the end.) < - > http://news.cnet.com/8301-13578_3-10252263-38.html?part=rss&subj=news&tag=2547-1_3-0-20 From rforno at infowarrior.org Sat May 30 20:15:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 May 2009 16:15:55 -0400 Subject: [Infowarrior] - Contractors Vie for Plum Work, Hacking for the United States Message-ID: May 31, 2009 Cyberwar Contractors Vie for Plum Work, Hacking for the United States By CHRISTOPHER DREW and JOHN MARKOFF http://www.nytimes.com/2009/05/31/us/31cyber.html?_r=2&partner=rss&emc=rss&pagewanted=print MELBOURNE, Fla. ? The government?s urgent push into cyberwarfare has set off a rush among the biggest military companies for billions of dollars in new defense contracts. The exotic nature of the work, coupled with the deep recession, is enabling the companies to attract top young talent that once would have gone to Silicon Valley. And the race to develop weapons that defend against, or initiate, computer attacks has given rise to thousands of ?hacker soldiers? within the Pentagon who can blend the new capabilities into the nation?s war planning. Nearly all of the largest military companies ? including Northrop Grumman, General Dynamics, Lockheed Martin and Raytheon ? have major cyber contracts with the military and intelligence agencies. The companies have been moving quickly to lock up the relatively small number of experts with the training and creativity to block the attacks and design countermeasures. They have been buying smaller firms, financing academic research and running advertisements for ?cyberninjas? at a time when other industries are shedding workers. The changes are manifesting themselves in highly classified laboratories, where computer geeks in their 20s like to joke that they are hackers with security clearances. At a Raytheon facility here south of the Kennedy Space Center, a hub of innovation in an earlier era, rock music blares and empty cans of Mountain Dew pile up as engineers create tools to protect the Pentagon?s computers and crack into the networks of countries that could become adversaries. Prizes like cappuccino machines and stacks of cash spur them on, and a gong heralds each major breakthrough. The young engineers represent the new face of a war that President Obama described Friday as ?one of the most serious economic and national security challenges we face as a nation.? The president said he would appoint a senior White House official to oversee the nation?s cybersecurity strategies. Computer experts say the government is behind the curve in sealing off its networks from threats that are growing more persistent and sophisticated, with thousands of intrusions each day from organized criminals and legions of hackers for nations including Russia and China. ?Everybody?s attacking everybody,? said Scott Chase, a 30-year-old computer engineer who helps run the Raytheon unit here. Mr. Chase, who wears his hair in a ponytail, and Terry Gillette, a 53- year-old former rocket engineer, ran SI Government Solutions before selling the company to Raytheon last year as the boom in the military?s cyberoperations accelerated. The operation ? tucked into several unmarked buildings behind an insurance office and a dentist?s office ? is doing some of the most cutting-edge work, both in identifying weaknesses in Pentagon networks and in creating weapons for potential attacks. Daniel D. Allen, who oversees work on intelligence systems for Northrop Grumman, estimated that federal spending on computer security now totals $10 billion each year, including classified programs. That is just a fraction of the government?s spending on weapons systems. But industry officials expect it to rise rapidly. The military contractors are now in the enviable position of turning what they learned out of necessity ? protecting the sensitive Pentagon data that sits on their own computers ? into a lucrative business that could replace some of the revenue lost from cancellations of conventional weapons systems. Executives at Lockheed Martin, which has long been the government?s largest information-technology contractor, also see the demand for greater computer security spreading to energy and health care agencies and the rest of the nation?s critical infrastructure. But for now, most companies remain focused on the national-security arena, where the hottest efforts involve anticipating how an enemy might attack and developing the resources to strike back. Though even the existence of research on cyberweapons was once highly classified, the Air Force plans this year to award the first publicly announced contract for developing tools to break into enemy computers. The companies are also teaming up to build a National Cyber Range, a model of the Internet for testing advanced techniques. Military experts said Northrop Grumman and General Dynamics, which have long been major players in the Pentagon?s security efforts, are leading the push into offensive cyberwarfare, along with the Raytheon unit. This involves finding vulnerabilities in other countries? computer systems and developing software tools to exploit them, either to steal sensitive information or disable the networks. Mr. Chase and Mr. Gillette said the Raytheon unit, which has about 100 employees, grew out of a company they started with friends at Florida Institute of Technology that concentrated on helping software makers find flaws in their own products. Over the last several years, their focus shifted to the military and intelligence agencies, which wanted to use their analytic tools to detect vulnerabilities and intrusions previously unnoticed. Like other contractors, the Raytheon teams set up ?honey pots,? the equivalent of sting operations, to lure hackers into digital cul-de- sacs that mimic Pentagon Web sites. They then capture the attackers? codes and create defenses for them. And since most of the world?s computers run on the Windows or the Linux systems, their work has also provided a growing window into how to attack foreign networks in any cyberwar. ?It takes a nonconformist to excel at what we do,? said Mr. Gillette, a tanned surfing aficionado who looks like a 1950s hipster in his T- shirts with rolled-up sleeves. The company, which would allow interviews with other employees only on the condition that their last names not be used because of security concerns, hired one of its top young workers, Dustin, after he won two major hacking contests and dropped out of college. ?I always approach it like a game, and it?s been fun,? said Dustin, now 22. Another engineer, known as Jolly, joined Raytheon in April after earning a master?s degree in computer security at DePaul University in Chicago. ?You think defense contractors, and you think bureaucracy, and not necessarily a lot of interesting and challenging projects,? he said. The Pentagon?s interest in cyberwarfare has reached ?religious intensity,? said Daniel T. Kuehl, a military historian at the National Defense University. And the changes carry through to soldiers being trained to defend and attack computer and wireless networks out on the battlefield. That shift can be seen in the remaking of organizations like the Association of Old Crows, a professional group that includes contractors and military personnel. The Old Crows have deep roots in what has long been known as electronic warfare ? the use of radar and radio technologies for jamming and deception. But the financing for electronic warfare had slowed recently, prompting the Old Crows to set up a broader information-operations branch last year and establish a new trade journal to focus on cyberwarfare. The career of Joel Harding, the director of the group?s Information Operations Institute, exemplifies the increasing role that computing and the Internet are playing in the military. A 20-year veteran of military intelligence, Mr. Harding shifted in 1996 into one of the earliest commands that studied government- sponsored computer hacker programs. After leaving the military, he took a job as an analyst at SAIC, a large contractor developing computer applications for military and intelligence agencies. Mr. Harding estimates that there are now 3,000 to 5,000 information operations specialists in the military and 50,000 to 70,000 soldiers involved in general computer operations. Adding specialists in electronic warfare, deception and other areas could bring the total number of information operations personnel to as many as 88,700, he said. From rforno at infowarrior.org Sun May 31 00:36:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 May 2009 20:36:45 -0400 Subject: [Infowarrior] - US lab debuts super laser Message-ID: <12678B46-EE57-4C24-B8DF-B8EF2F4B9FB3@infowarrior.org> US lab debuts super laser May 30 03:21 AM US/Eastern http://www.breitbart.com/article.php?id=CNG.12fab6f6c00a65e15e6fb5e305aacbb7.41&show_article=1 Tamil civilians at the Manik Farm refugee camp in the northern Sri Lankan t... A US weapons lab on Friday pulled back the curtain on a super laser with the power to burn as hot as a star. The National Ignition Facility's main purpose is to serve as a tool for gauging the reliability and safety of the US nuclear weapons arsenal but scientists say it could deliver breakthroughs in safe fusion power. "We have invented the world's largest laser system," actor-turned- governor Arnold Schwarzenegger said during a dedication ceremony attended by thousands including state and national officials. "We can create the stars right here on earth. And I can see already my friends in Hollywood being very upset that their stuff that they show on the big screen is obsolete. We have the real stuff right here." NIF is touted as the world's highest-energy laser system. It is located inside the Lawrence Livermore National Laboratory about an hour's drive from San Francisco. Equipment connected to a house-sized sphere can focus 192 laser beams on a small point, generating temperatures and pressures that exist at cores of stars or giant planets. NIF will be able to create conditions and conduct experiments never before possible on Earth, according to the laboratory. A fusion reaction triggered by the super laser hitting hydrogen atoms will produce more energy than was required to prompt "ignition," according to NIF director Edward Moses. "This is the long-sought goal of 'energy gain' that has been the goal of fusion researchers for more than half a century," Moses said. "NIF's success will be a scientific breakthrough of historic significance; the first demonstration of fusion ignition in a laboratory setting, duplicating on Earth the processes that power the stars." Construction of the NIF began in 1997, funded by the US Department of Energy National Nuclear Security Administration (NNSA). "NIF, a cornerstone of the National Nuclear Security Administration's effort to maintain our nuclear deterrent without nuclear testing, will play a vital role in reshaping national security in the 21st century," said NNSA administrator Tom D'Agostino. "This one-of-a-kind facility is the only place in the world that is capable of providing some of the most critical technical means to safely maintain the viability of the nation's nuclear stockpile." Scientists say that NIF also promises groundbreaking discoveries in planetary science and astrophysics by recreating conditions that exist in supernovas, black holes, and in the cores of giant planets. Electricity derived from fusion reactions similar to what takes place in the sun could help sate humanity's growing appetite for green energy, according to lab officials. "Very shortly we will engage in what many believe to be this nation's greatest challenge thus far, one that confronts not only the nation but all of mankind -- energy independence," said lab director George Miller. The lab was founded in 1952 and describes itself as a research institution for science and technology applied to national security. "This laser system is an incredible success not just for California, but for our country and our world," Schwarzenegger said. "NIF has the potential to revolutionize our energy system, teaching us a new way to harness the energy of the sun to power our cars and homes." Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium From rforno at infowarrior.org Sun May 31 02:35:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 May 2009 22:35:12 -0400 Subject: [Infowarrior] - OpEd: The Trauma of 9/11 Is No Excuse Message-ID: <112528D0-FD1F-473D-BEFE-ADC34AFD5FCC@infowarrior.org> The Trauma of 9/11 Is No Excuse By Richard A. Clarke Sunday, May 31, 2009 Top officials from the Bush administration have hit upon a revealing new theme as they retrospectively justify their national security policies. Call it the White House 9/11 trauma defense. "Unless you were there, in a position of responsibility after September 11, you cannot possibly imagine the dilemmas that you faced in trying to protect Americans," Condoleezza Rice said last month as she admonished a Stanford University student who questioned the Bush- era interrogation program. And in his May 21 speech on national security, Dick Cheney called the morning of Sept. 11, 2001, a "defining" experience that "caused everyone to take a serious second look" at the threats to America. Critics of the administration have become more intense as memories of the attacks have faded, he argued. "Part of our responsibility, as we saw it," Cheney said, "was not to forget the terrible harm that had been done to America." I remember that morning, too. Shortly after the second World Trade Center tower was hit, I burst in on Rice (then the president's national security adviser) and Cheney in the vice president's office and remember glimpsing horror on his face. Once in the bomb shelter, Cheney assembled his team while the crisis managers on the National Security Council staff coordinated the government response by video conference from the Situation Room. Many of us thought that we might not leave the White House alive. I remember the next day, too, when smoke still rose from the Pentagon as I sat in my office in the White House compound, a gas mask on my desk. The streets of Washington were empty, except for the armored vehicles, and the skies were clear, except for the F-15s on patrol. Every scene from those days is seared into my memory. I understand how it was a defining moment for Cheney, as it was for so many Americans. Yet listening to Cheney and Rice, it seems that they want to be excused for the measures they authorized after the attacks on the grounds that 9/11 was traumatic. "If you were there in a position of authority and watched Americans drop out of eighty-story buildings because these murderous tyrants went after innocent people," Rice said in her recent comments, "then you were determined to do anything that you could that was legal to prevent that from happening again." I have little sympathy for this argument. Yes, we went for days with little sleep, and we all assumed that more attacks were coming. But the decisions that Bush officials made in the following months and years -- on Iraq, on detentions, on interrogations, on wiretapping -- were not appropriate. Careful analysis could have replaced the impulse to break all the rules, even more so because the Sept. 11 attacks, though horrifying, should not have surprised senior officials. Cheney's admission that 9/11 caused him to reassess the threats to the nation only underscores how, for months, top officials had ignored warnings from the CIA and the NSC staff that urgent action was needed to preempt a major al-Qaeda attack. Thus, when Bush's inner circle first really came to grips with the threat of terrorism, they did so in a state of shock -- a bad state in which to develop a coherent response. Fearful of new attacks, they authorized the most extreme measures available, without assessing whether they were really a good idea. I believe this zeal stemmed in part from concerns about the 2004 presidential election. Many in the White House feared that their inaction prior to the attacks would be publicly detailed before the next vote -- which is why they resisted the 9/11 commission -- and that a second attack would eliminate any chance of a second Bush term. So they decided to leave no doubt that they had done everything imaginable. The first response they discussed was invading Iraq. While the Pentagon was still burning, Secretary of Defense Don Rumsfeld was in the White House suggesting an attack against Baghdad. Somehow the administration's leaders could not believe that al-Qaeda could have mounted such a devastating operation, so Iraqi involvement became the convenient explanation. Despite being told repeatedly that Iraq was not involved in 9/11, some, like Cheney, could not abandon the idea. Charles Duelfer of the CIA's Iraq Survey Group recently revealed in his book, "Hide and Seek: The Search for Truth in Iraq," that high- level U.S. officials urged him to consider waterboarding specific Iraqi prisoners of war so that they could provide evidence of an Iraqi role in the terrorist attacks -- a request Duelfer refused. (A recent report indicates that the suggestion came from the vice president's office.) Nevertheless, the lack of evidence did not deter the administration from eventually invading Iraq -- a move many senior Bush officials had wanted to make before 9/11. On detention, the Bush team leaped to the assumption that U.S. courts and prisons would not work. Before the terrorist attacks, the U.S. counterterrorism program of the 1990s had arrested al-Qaeda terrorists and others around the world and had a 100 percent conviction rate in the U.S. justice system. Yet the American system was abandoned, again as part of a pattern of immediately adopting the most extreme response available. Camps were established around the world, notably in Guantanamo Bay, where prisoners were held without being charged or tried. They became symbols of American overreach, held up as proof that al-Qaeda's anti-American propaganda was right. Similarly, with regard to interrogation, administration officials conducted no meaningful professional analysis of which techniques worked and which did not. The FBI, which had successfully questioned al-Qaeda terrorists, was effectively excluded from interrogations. Instead, there was the immediate and unwarranted assumption that extreme measures -- such as waterboarding one detainee 183 times -- would be the most effective. Finally, on wiretapping, rather than beef up the procedures available under the Foreign Intelligence Surveillance Act (FISA), the administration again moved to the extreme, listening in on communications here at home without legal process. FISA did need some modification, but it also allowed for the quick issuance of court orders, as when President Clinton took stepped-up defensive measures in late 1999 under the heightened threat of the new millennium. Yes, Dick Cheney and Condoleezza Rice may have been surprised by the attacks of Sept. 11, 2001 -- but it was because they had not listened. And their surprise led them to adopt extreme counterterrorism techniques -- but it was because they rejected, without analysis, the tactics the Clinton administration had used. The measures they uncritically adopted, which they simply assumed were the best available, were in fact unnecessary and counterproductive. "I'll freely admit that watching a coordinated, devastating attack on our country from an underground bunker at the White House can affect how you view your responsibilities," Cheney said in his recent speech. But this defense does not stand up. The Bush administration's response actually undermined the principles and values America has always stood for in the world, values that should have survived this traumatic event. The White House thought that 9/11 changed everything. It may have changed many things, but it did not change the Constitution, which the vice president, the national security adviser and all of us who were in the White House that tragic day had pledged to protect and preserve. rclarke at hks.harvard.edu Richard A. Clarke, the national coordinator for security and counterterrorism under Presidents Bill Clinton and George W. Bush, is the author of "Against All Enemies" and "Your Government Failed You." From rforno at infowarrior.org Sun May 31 04:03:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 May 2009 00:03:44 -0400 Subject: [Infowarrior] - Americans Need Passports at All U.S. Borders Starting Monday Message-ID: Americans Need Passports at All U.S. Borders Starting Monday The Columbus Dispatch, Ohio , 2009-05-30 By Scott Stephens, The Columbus Dispatch, Ohio http://www.dispatch.com/live/content/local_news/stories/2009/05/30/passports.html May 30--Driving to Niagara Falls? Unless you plan to stay on the U.S. side, you'll need a passport. As of Monday, U.S. citizens crossing into Canada, Mexico, Bermuda or the Caribbean by any means -- land, water or air -- must have a passport or a secure-identity card designed for the purpose. The latest rule change, requiring a passport for land and water border crossings, is the last phase of a 2004 law meant to curb the risk of terrorism. Border crossings by air have required a passport of anyone 16 or older since June 2007. (Children younger than 16 can present a birth certificate or other proof of citizenship as identification.) The rules as a whole have been plagued by delays and false steps. A surge of applications flooded passport-service agencies in 2007 when the rules for air travel changed. The requirement was delayed for six months as the government processed the backlog. Since then, Americans have had ample time to digest the rules for land and water crossings; they were scheduled to take effect last year but also were postponed. Laura Tischler, spokeswoman for the State Department, said the government has made great efforts to avoid the problems of 2007. "We've increased our passport-issuance capacity by 90 percent," Tischler said. "We've increased our staffing; we've opened new facilities, including passport agencies in Detroit and Minneapolis; and have plans to open an additional agency in Dallas." Passport applications peaked at 18.3 million in fiscal year 2007, falling to 16.2 million last year. Applicants with Ohio addresses received 404,000 passports last year. Through April, the federal government had received 7.1 million applications in the current fiscal year. A first-time application for a passport takes six to eight weeks to process. The application fee is $97. Expedited processing is available at an additional charge. The government has also introduced a cheaper "passport card" (the size of a driver's license) for use at the Canadian and Mexican borders and for seaport entries from Bermuda and the Caribbean. The card costs $45 for first-time passport applicants. "We encourage everyone, even people who aren't traveling this summer, to get a passport," Tischler said. "It's good for 10 years, and it's always good to have." Canadian tourism officials don't expect major problems because of the new U.S. regulations, said Mark Thompson, a spokesman for the Ontario provincial Ministry of Tourism. "Are we worried?" he said. "The bottom line is, not particularly, no." Some destinations hope to benefit from travelers who are reluctant to apply for a passport. The U.S. Virgin Islands has a marketing campaign under way touting the fact that U.S. citizens can visit that U.S. territory without a passport. Most travelers do seem aware of the new requirements, said travel agent Ike Reynolds of Reynolds Travel in Columbus. "I know a few people who have been getting by on cruises without a passport, but they knew the new rules were coming," he said. "And every time you come to a deadline, some people will wait until the last minute. The question everyone wanted to know was: How soon were (the changes) really going into effect?" For detailed information about the passport-application process or the law, go to www.travel.state.gov/passport or www.ontariotravel.net. sstephens at dispatch.com ----- From rforno at infowarrior.org Sun May 31 04:08:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 May 2009 00:08:35 -0400 Subject: [Infowarrior] - Metro Dig at Tysons Stirs Underground Intrigue Message-ID: (Ahhh the joys of living in the DC area..... -rick) Metro Dig at Tysons Stirs Underground Intrigue High Anxiety Over Top-Security Cable By Amy Gardner Washington Post Staff Writer Sunday, May 31, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/05/30/AR2009053002114_pf.html This part happens all the time: A construction crew putting up an office building in the heart of Tysons Corner a few years ago hit a fiber optic cable no one knew was there. This part doesn't: Within moments, three black sport-utility vehicles drove up, a half-dozen men in suits jumped out and one said, "You just hit our line." Whose line, you may ask? The guys in suits didn't say, recalled Aaron Georgelas, whose company, the Georgelas Group, was developing the Greensboro Corporate Center on Spring Hill Road. But Georgelas assumed that he was dealing with the federal government and that the cable in question was "black" wire -- a secure communications line used for some of the nation's most secretive intelligence-gathering operations. "The construction manager was shocked," Georgelas recalled. "He had never seen a line get cut and people show up within seconds. Usually you've got to figure out whose line it is. To garner that kind of response that quickly was amazing." Black wire is one of the looming perils of the massive construction that has come to Tysons, where miles and miles of secure lines are thought to serve such nearby agencies as the Office of the Director of National Intelligence, the National Counterterrorism Center and, a few miles away in McLean, the Central Intelligence Agency. After decades spent cutting through red tape to begin work on a Metrorail extension and the widening of the Capital Beltway, crews are now stirring up tons of dirt where the black lines are located. "Yeah, we heard about the black SUVs," said Paul Goguen, the engineer in charge of relocating electric, gas, water, sewer, cable, telephone and other communications lines to make way for Metro through Tysons. "We were warned that if they were hit, the company responsible would show up before you even had a chance to make a phone call." So far, so good, Goguen added. But the peril remains for a project that will spend $150 million moving more than 75 miles of conduit along the three-mile stretch of routes 123 and 7 that run through Tysons. In the Washington area, it's a scenario that has traveled the cocktail party circuit for years. Shiva Pant, an administrator with the Metro system and a former transportation director in Fairfax County, recalled that an expansion of the Dulles Toll Road years ago was delayed when utilities that did not appear on any maps were discovered. The incident fueled all manner of speculation about the purpose and owner of the lines, he said. Even without the presence of sensitive government operations, moving utilities to make way for Metrorail is a tricky and enormous enterprise. The Tysons-Reston corridor is home to part of MAE-East, one of the nation's primary Internet pipelines installed years ago by the government and private companies. Most major telecommunications carriers link to the pipeline, meaning there's a jumble of fiber optic wire under the Dulles rail route. Moving utilities quickly and cheaply is a big part of any construction work. But the $5.2 billion rail project, which will extend service from Arlington County to Dulles International Airport, is particularly complex: It includes four stations in Tysons and a three-mile stretch of elevated track along the two main Tysons thoroughfares, which are used by more than 100,000 vehicles each day. Construction crews have been digging for more than a year to shift the utility wires out of the path of the rail line, stations and support piers -- and they have another year to go. They have dug 30-foot-deep trenches and augured 250-foot conduit sleeves beneath roads. In the end, they will have installed more than 140 new manholes and rerouted the lines of more than 21 private utilities, including Dominion Virginia Power, Cox Cable, Verizon, AT&T and many more. And they have snapped, accidentally, dozens of those carriers' lines, because even not-so-secret commercial lines sometimes don't show up on utility maps. Goguen, the utility manager, estimates that the rail project has already hit three dozen lines, sometimes doing no damage and other times grinding work to a halt or cutting power to retailers along Route 7. Even after extensively researching land records and maps and digging more than 600 test holes to determine utility locations, it's hard to avoid accidents on a project of such complexity and in such a busy place, he said. "Every time we dig a hole, we run into issues that we didn't expect," he said. Such issues are likely to resurface this summer, when construction on a short tunnel between routes 123 and 7 is scheduled to begin. Above the tunnel's path, just outside Clyde's Restaurant, is a giant microwave communications tower operated by the U.S. Army. And if you want to know what the 280-foot tower is for, too bad. "The specific uses of the system to which this particular antenna is attached" are classified, Army spokesman Dave Foster said. Other government agencies located near Tysons also had little to say. A CIA spokeswoman would not comment when asked about the agency's use of communications lines through Tysons. And Mike Birmingham, a spokesman for the Office of the Director of National Intelligence (located at the intersection of the Dulles Toll Road and Route 123), would say only that if a communications line used by the agency was cut, the nation's intelligence-gathering would carry on uninterrupted. "No particular project puts us at risk -- highway construction, building construction," Birmingham said. "We don't have a single point of failure. Our systems are redundant." Georgelas, the developer whose company was overseeing the work in 2000 when the Chevrolet Suburbans drove up to the Greensboro Corporate Center, said he figured that the government was involved when an AT&T crew arrived the same day to fix the line, rather than waiting days. His opinion didn't change when AT&T tried to bill his company for the work but immediately backed down when his company balked. "These lines are not cheap to move," Georgelas said. "They said, 'You owe us $300,000.' We said, 'Are you nuts?' " The charges just disappeared. Goguen, the engineer with the Dulles rail project, laughs at the stories of past encounters but has no desire to meet up with the men in the black SUVs. "We've been here a year," he said, "and it hasn't happened to us yet."