31 gennaio 2011

EFF Uncovers Widespread FBI Intelligence Violations | Electronic Frontier Foundation

EFF Uncovers Widespread FBI Intelligence Violations

EFF has uncovered widespread violations stemming from FBI intelligence investigations from 2001 - 2008. In a report released today, EFF documents alarming trends in the Bureau’s intelligence investigation practices, suggesting that FBI intelligence investigations have compromised the civil liberties of American citizens far more frequently, and to a greater extent, than was previously assumed.

Using documents obtained through EFF's Freedom of Information Act (FOIA) litigation, the report finds:

Evidence of delays of 2.5 years, on average, between the occurrence of a violation and its eventual reporting to the Intelligence Oversight Board

Reports of serious misconduct by FBI agents including lying in declarations to courts, using improper evidence to obtain grand jury subpoenas, and accessing password-protected files without a warrant

Indications that the FBI may have committed upwards of 40,000 possible intelligence violations in the 9 years since 9/11

EFF's report stems from analysis of nearly 2,500 pages of FBI documents, consisting of reports of FBI intelligence violations made to the Intelligence Oversight Board — an independent, civilian intelligence-monitoring board that reports to the President on the legality of foreign and domestic intelligence operations. The documents constitute the most complete picture of post-9/11 FBI intelligence abuses available to the public. Our earlier analysis of the documents showed the FBI's arbitrary disclosure practices.

EFF's report underscores the need for greater transparency and oversight in the intelligence community. As part of our ongoing effort to inform the public and elected officials about abusive intelligence investigations, we are distributing copies of the report to members of Congress.

A pdf copy of the report can be downloaded here.

Related Issues: FOIA Litigation for Accountable GovernmentNational Security LettersPATRIOT ActTransparency

Related Cases: FOIA: Intelligence Agencies' Misconduct Reports


Hackers break US government smart card security

The US government has been stepping up its use of smart cards to help lock down its computer networks, but hackers have found ways around them.

Over the past 18 months, security consultancy Mandiant has come across several cases where determined attackers were able to get onto computers or networks that required both smart cards and passwords. In a report set to be released Thursday, Mandiant calls this technique a "smart card proxy."

The attack works in several steps. First, the criminals hack their way onto a PC. Often they'll do this by sending a specially crafted email message to someone at the network they're trying to break into. The message will include an malicious attachment that, when opened, gives the hacker a foothold in the network.

After identifying the computers that have card readers, the bad guys install keystroke logging software on those computers to steal the password that is typically used in concert with the smart card.

Then they wait.

When the victim inserts the smart card into the hacked PC, the criminals then try to log into the server or network that requires the smart card for authentication. When the server asks for a digital token from the smart card, the bad guys simply redirect that request to the hacked system, and return it with the token and the previously stolen password.

This is similar to the techniques criminals have been using for several years now to get around the extra authentication technologies used in online banking.

Mandiant is the kind of company that businesses and government agencies call to clean up the mess after they've been hacked. It has done investigations at about 120 organisations overt the past year and a half. Most of them get hacked via a targeted email. But in many cases, they were actually hacked years earlier, but never managed to remove the malicious software from their network, according to the report.

Companies or government agencies that assume that they are secure just because they use smart cards to authenticate, could be in for a nasty surprise some day, said Rob Lee, a director with Mandiant. "Everything is circumventable in the end," he said.

From the Archive: Historic NASA Photos | Plog — World news photography, Photos — The Denver Post

collision detection: Study: Teams work best when members are physically close together

Generally, people think of “brainstorming” as gathering everyone in a room so they can yell out ideas, with one person writing down the ideas on a whiteboard. But studies show that can shut people down: They get nervous about speaking out loud, or they think their idea isn’t interesting, or one person dominates the brainstorming and drags the center of gravity, for good or ill, in one direction. In contrast, a 1958 study found that if you take the members of your team, put them in different rooms, and ask each to brainstorm solutions to a problem, they’ll produce more and better ideas. That’s because the problems of face-to-face dynamics go away: The “virtual” group is better.

30 gennaio 2011

The Inside Story of How Facebook Responded to Tunisian Hacks - Technology - The Atlantic


It was on Christmas Day that Facebook's Chief Security Officer Joe Sullivan first noticed strange things going on in Tunisia. Reports started to trickle in that political-protest pages were being hacked. "We were getting anecdotal reports saying, 'It looks like someone logged into my account and deleted it,'" Sullivan said.

For Tunisians, it was another run-in with Ammar, the nickname they've given to the authorities that censor the country's Internet. They'd come to expect it.

In the days after the holiday, Sullivan's security team started to take a closer look at the data, but it wasn't entirely clear what was happening. In the US, they could look to see if different IP addresses, which identify particular nodes on the network, were accessing the same account. But in Tunisia, the addresses are commonly reassigned. The evidence that accounts were being hacked remained anecdotal. Facebook's security team couldn't prove something was wrong in the data.  It wasn't until after the new year that the shocking truth emerged:

Ammar was in the process of stealing an entire country's worth of passwords.

* * *

Here's what's at stake. December of 2010 saw the most substantial civil unrest in Tunisia in the reign of Zine El Abidine Ben Ali, which began with a bloodless coup in November 1987. Beginning with street protests in the country's poor interior region of Sidi Bouzid, the calls for change were soon echoed by more powerful civil society organizations, notably the country's only labor union, the UGTT. But despite the turmoil, it wasn't clear what exactly might happen.

"It is too early to know if these protests signal the beginning of the end for Ben Ali," wrote Christopher Alexander in Foreign Policy on January 3. "However, Tunisia's current political scene looks a bit like it did in 1975 and 1976, the beginning of the long slide for Ben Ali's predecessor, Habib Bourguiba."

That is to say, even expert analysts of the country couldn't tell if Ben Ali would remain in power for a few more weeks or a decade. It did not feel inevitable that Ben Ali would be deposed. People had protested in the streets before. Revolution had been in the air. It wasn't clear that this time would be different.

There has been a lot of debate about whether Twitter helped unleash the massive changes that led Ben Ali to leave office on January 14, but Facebook appears to have played a more important role in spreading dissent. 

"I think Facebook played a bigger role in this case," said Jillian York of the Berkman Center for the Internet and Society, who has been tracking the Tunisian situation closely. "There are a lot more Facebook users than Twitter users. Facebook allows for strong ties in a way that Twitter doesn't. You're not just conversing."

One early sign that Tunisians felt Facebook could be useful: Back in July, bloggers Photoshopped a picture of Mark Zuckerberg to show him holding up a sign that read, "Sayeb Sala7, ya 3ammar," the slogan for a freedom of expression campaign late in 2010. Later, Zuckerberg popped up on a sign outside the Saudi Arabian embassy carried by Tunisian protesters demanding the arrest of Ben Ali.


York said that Tunisian bloggers and activists had told her that the ability to upload video to Facebook drove its usage because many other video-sharing sites had been blocked by the government.

The videos -- shot shakily with cameraphones -- created a link between what was happening on the streets in the poor areas of the country and the broader Tunisian population. Many are graphic. In one video -- since taken down, apparently -- a young man is lying on a gurney with his skull cracked open. Brain oozes out. Cries are heard all around. The video focuses in on the man's face and as the camera pulls back, we see that there are two other people with cameraphones recording the injury. Video after video of the revolutionary events captures other people videoing the same event. Those videos, and the actions they recorded, became the raw material for a much greater online apparatus that could amplify each injury, death, and protest.

But it wasn't just videos that people were sharing. All kinds of information passed between Tunisians. For activists as well as everyday people, Facebook became an indispensable resource for tracking the minute-by-minute development of the situation. By January 8, Facebook says that it had several hundred thousand more users than it had ever had before in Tunisia, a country with a few more people than Michigan. Scaled up to the size to the U.S., the burst of activity was like adding 10 million users in a week. And the average time spent on the site more than doubled what it had been before.

Rim Abida, a Tunisian-born, Harvard-educated development consultant now living in Rio de Janeiro, said that over the course of the events, her "relationship to Facebook changed entirely."

"It basically went from being a waste of time or procrastination tool, to my go-to source on up-to-date information," Abida wrote in a Facebook message to me. "My mom is back in Tunisia on her own, and my Tunisian network on Facebook was posting the most up-to-date info on what was happening on the ground. It was stuff the major media channels weren't reporting, such as numbers to call to reach the military and what was happening when in what specific neighborhood."

In between the scenes of local unrest and people like Abida, there was a whole stratum of bloggers, writers, and social media sharers who watched and shared important videos.

While clashes with security forces took place in the streets, Rim, who asked we not use her last name, was in her bed in her apartment in Tunis. Like the blogger cliché, Rim sat in her pajamas sharing videos. In her hands, small protests that reached 50 people could suddenly reach another 50, who would share it with another 50. The idea that it might be time for the regime to change spread from city to city faster than street protests and even middle class places got involved.

Rim doesn't think the Tunisian revolution was a "Facebook revolution," but it was sufficiently important that when rumors started to fly on the 13th about what kind of retaliation the government was prepared to take, it took this form:

"There were rumors that Facebook or electricity was going to be shut down," Rim IM'd me from Tunis. "Or both."

* * *

Facebook and the Tunisian Revolt.jpg

After more than ten days of intensive investigation and study, Facebook's security team realized something very, very bad was going on. The country's Internet service providers were running a malicious piece of code that was recording users' login information when they went to sites like Facebook.

By January 5, it was clear that an entire country's worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades. Sullivan and his team decided they needed a country-level solution -- and fast.

Though Sullivan said Facebook has encountered a wide variety of security problems and been involved in various political situations, they'd never seen anything like what was happening in Tunisia.

"We've had to deal with ISPs in the past who have tried to filter or block our site," Sullivan said. "In this case, we were confronted by ISPs that were doing something unprecedented in that they were being very active in their attempts to intercept user information."

If you need a parable for the potential and pitfalls of a social-media enabled revolution, this is it: the very tool that people are using for their activism becomes the very means by which their identities could be compromised. When the details are filled in on the abstractions of Clay Shirky and Evgeny Morozov's work on the promise (former) and danger (latter) of Internet activism, the ground truth seems to be that both had their visions play out simultaneously.

At Facebook, Sullivan's team decided to take an apolitical approach to the problem. This was simply a hack that required a technical response. "At its core, from our standpoint, it's a security issue around passwords and making sure that we protect the integrity of passwords and accounts," he said. "It was very much a black and white security issue and less of a political issue."

The software was basically a country-level keystroke logger, with the passwords presumably being fed from the ISPs to the Ben Ali regime. As a user, you just logged into some part of the cloud, Facebook or your email, say, and it snatched up that information. If you stayed persistently logged in, you were safe. It was those who logged out and came back that were open to the attack.

Sullivan's team rapidly coded a two-step response to the problem. First, all Tunisian requests for Facebook were routed to an https server. The Https protocol encrypts the information you send across it, so it's not susceptible to the keylogging strategy employed by the Tunisian ISPs.

The second technical solution they implemented was a "roadblock" for anyone who had logged out and then back in during the time when the malicious code was running. Like Facebook's version of a "mother's maiden name" question to get access to your old password, it asks you to identify your friends in photos to complete an account login.

They rolled out the new solutions to 100% of Tunisia by Monday morning, five days after they'd realized what was happening. It wasn't a totally perfect solution. Most specifically, ISPs can force a downgrade of https to http, but Sullivan said that Facebook had not seen that happen.

Though Sullivan is the unflappable type, the Tunisian situation seemed to force him into a bit of reflection. "When you step back and think about how Internet traffic is routed around the world, an astonishing amount is susceptible to government access," he noted.

And if governments around the world can, at least hypothetically, compromise users, it makes you wonder, as the Berkman Center's Jillian York has, why Facebook hasn't implemented special tools or processes for activists. The biggest issue is that political dissidents often do not want to use their real names in places where activism can get you killed. Facebook has adamantly opposed activists attempts to use pseudonyms.

"We get requests all the time in a few different contexts where people would like to impersonate someone else. Police wanting to go undercover or human rights activists, say," Sullivan said. "And we, just based on our core mission and core product, don't want to allow that. That's just not what Facebook is. Facebook is a place where people connect with real people in their lives using their real identities."

Does Facebook have to go the extra mile to support activists? Sullivan said that preliminary work has been done to create a special complaint reporting process for NGOs and other activists, a move that would address one long-time complaint.

More generally, though, Facebook certainly don't seem to be under any obligations to provide special treatment. But if Facebook really is becoming the public sphere -- and wants to remain central to people's real sociopolitically embedded lives -- maybe they're going to have to think beyond the situational technical fix. Facebook needs to own its position as a part of The Way the World Works and provide protections for political speech and actors.

Because the protests and overthrow of Ben Ali were just the beginning of this story. Hopes are high, but as we've seen so many times in the global south, the exit of one corrupt dictator usually means the entrance of another. To avoid that fate, politically active Tunisians will be using all of the tools at their disposal, including and maybe especially, Facebook. In fact, Rim said, it's already being used to debate how to create a new government and a better Tunisia.

Illustrations by Alex Hoyt.

This article available online at:


Sunday Fun: How To Keep Up With the Latest News on Egypt : The Disciplined Investor

Sunday Fun: How To Keep Up With the Latest News on Egypt

January 30, 2011

With all of the activity in Egypt, there I plenty of news to be found. Here is a list of some of the best ways that I gather information, with up to the minute updates.

Have a few to share? Apps perhaps? Add those to the comments area.

BBC Latest Updates

YouTube – Last Hour



Google News

CNN – iReports

Live Map of Tweets about Egypt

Updated Google Map of Protest Sites

Huffington Post Updated

Google REALTIME Cairo

Egypt’s Internet Traffic Updates

Breaking News Updates – Egypt

Haaretz Breaking News

Related Posts:

  1. Sunday Fun: Chinese News Site – Good Stuff Here is a great way to keep up with news from China....
  2. Sunday Fun: Google/Apple Phone War – Who Wins? Which one wins? Already Apple has won, but we are talking about...
  3. Sunday Fun: Shove the Fish In – YUCK! Just some random weirdness for a Sunday. Visit msnbc.com for breaking news,...
  4. Sunday Fun: Apple Contortionist Reception The Apple iPhone has been under attack for the poor planning on...
  5. Sunday Fun: Sex Takes Backseat During Recession Well, it appears that the stats room is in high gear, looking...

Disclosure: This material is provided for information only and is not intended as a recommendation or an offer or solicitation for the purchase or sale of any security or financial instrument. This material is not a complete analysis of all material facts respecting any issuer, industry or security or of your investment objectives, parameters, needs or financial situation, and therefore is not a sufficient basis alone on which to base an investment decision. Horowitz & Company clients may hold positions (long or short) in investments discussed. Please click for detailed disclosures and additional information about our stock ratings and scoring.

Written by Andrew Horowitz · Filed Under Markets 




Subscribe to this blog post's comments through...

  • Add to netvibes

  • Add to My Yahoo!

  • Add to Google

  • Add to Microsoft Live

RSS Icon

RSS Feed

Subscribe via email

Follow the discussion


Loading... Logging you in...

  • Logged in as
You are about to flag this comment as being inappropriate. Please explain why you are flagging this comment in the text box below and submit your report. The blog admin will be notified. Thank you for your input.
There are no comments posted yet. Be the first one!

Post a new comment

    Posting anonymously.


    Comments by IntenseDebate

    OECD’s Cyber Report Misses Key Facts - Jeffrey Carr - Digital Dao - Forbes

    Cyberwar soldiers

    Image via Wikipedia

    Professors Sommer and Brown wrote a paper for the OECD entitled “Reducing Systemic Cybersecurity Risk“. They sought to answer the question “How far could cyber-related hazards be as devastating as events like large-scale pandemics and the 2007-10 banking crisis?“. Their conclusion: “very few single cyber-related events have the capacity to cause a global shock.” The authors identify only two events that would qualify:

    • a successful attack on one of the underlying technical protocols upon which the Internet depends, such as the Border Gateway Protocol
    • a very large-scale solar flare which physically destroys key communications components such as satellites, cellular base stations and switches.

    It’s important to note that the professors have taken care to only address “pure” cyber war, not hybrid or multi-modal warfare where cyber is one component of a kinetic attack. Personally I think that greatly diminishes the value of the project because it ignores the evolving nature of cyber warfare, particularly as it has been conducted since late 2009 in favor of a theoretical academic exercise. And that’s really the crux of my problem with this report – it’s more “ivory tower” than “street” and while parts of their work are well-researched, other parts show little to no research at all. Here are a few of their biggest flaws.

    - Reasons given for why there will never be a true cyber war:

    (1) many critical computer systems are protected against known exploits and malware so that designers of new cyberweapons have to identify new weaknesses and exploits;

    (2) the effects of cyberattacks are difficult to predict

    (3) there is no strategic reason why any aggressor would limit themselves to only one class of weaponry.

    I can’t imagine any Information Security professional accepting (1) as valid. In fact, the notion that USCYBERCOM, Israel’s Unit 8200, and Germany’s Bundeswehr’s Strategic Reconnaissance Unit would throw up their hands in the face of “having to identify new exploits and weaknesses” is utterly laughable.

    The author’s point (2) could work both ways.

    And point (3) as it applies to cyber warfare, makes me wonder if the authors consulted with any military strategists in writing this report, particularly Western military officers who read Sun Tzu:

    The skillful leader subdues the enemy’s troops without any fighting; he captures their cities without laying siege to them; he overthrows their kingdom without lengthy operations in the field.”

    There are many strategic reasons for achieving the objectives of a war without the enormous costs incurred through massive destruction of the enemy’s infrastructure, work force, and economic base. Operations against an adversary state conducted in cyberspace may be one of the few ways to achieve that goal.

    - Analysis Of The Likelihood Of Cyber-Related Events

    Appendix 1 of the report lists tables which “illustrate feasible cyber-related events and analyses them for likelihood, duration and propagation”. Here are a few examples provided by the authors:

    Event: Zero day fundamental flaw in popular operating system

    Likely Duration/Recovery Factors – immediate: “News of the exploit would appear within 24-48 hours, together with initial (and probably partial) advice on evasion. A fuller remedy might take 7 or more days and would be in the form of a patch. Advice would need to be disseminated about acquiring and applying the patch safely.

    Potential For Global Impact: Low

    There are so many exceptions to this statement that I hardly know where to begin.  US CERT gives vendors 45 days to fix a publicly disclosed vulnerability whereas Google has set their number at 60 days. Stuxnet is a great example of how long patching critical vulnerabilities can take. The .LNK vulnerability had been known since November 2008 while the patch came out in August, 2010. The print spooler exploit used by Stuxnet was first known in April 2009 while the patch was released in September 2010. The Privilege Escalation Via Task Scheduler vulnerability went un-patched until Dec 14, 2010.

    Another important factor not addressed by Summer and Brown is that companies don’t immediately push patches released by Microsoft onto their networks. They have to be tested first to ensure that it doesn’t break anything and that can take another month or longer. Bottom line- this event’s entire “proof” by the authors needs to be thrown out.

    Event: “Large Scale Failure Of Electricity Supply”

    Likely Duration/Recovery Factors – immediate: “Electricity is usually supplied via a grid so that some service can be restored in hours. More remote locations may have to wait days, but not much longer.”

    Potential For Global Impact: Low

    This one category of risk was grossly under-researched. It made me wonder if the authors had ever personally experienced living in a region without power for two days or more. “Low impact” is not what immediately comes to mind for those times when my neighbors and I have endured that experience. Even worse, however, is that the authors didn’t address the more serious risks posed by the rapid implementation of the Smart Grid.

    David Baker wrote the following assessment in his article “Making A Secure Smart Grid A Reality” for the Journal of Energy Security:

    If a truly malicious worm were to infect meters in a given area, there would be a best- and a worst-case scenario. Under the best-case scenario, the utility would simply push a firmware update across the standard wireless network to all the affected meters, overwrite the worm, and return the meters to normal operation. This assumes the attacker had not damaged the remote flashing capabilities, changed the frequency on which the meter operates, or changed the calibration of the meter.

    Unfortunately, during malicious attacks the worst-case scenario is more likely to be true. In this case, the normal wireless update mechanisms would no longer be intact, or the calibration of the meters would have been changed. If meters supported remote disconnect capability they could be instructed to simultaneously or individually disconnect service to customers’ homes. To return power to affected homes, the utility would need to take time to understand the vulnerability and develop a patch. Then the utility would need to physically repair or replace each meter to return it to normal operation. Restoring power to homes would likely be an expensive and long process, detrimental to the utility and frustrating to the costumers.


    Call it what you will, cyber operations with hostile intent are being conducted every day while cyber warfare tactics, techniques, and procedures are being researched, drafted, debated, and implemented by both developed and developing nation states. Summers and Brown really bit off more than they could chew with this research project. A proper evaluation of just the impact of attacking the vulnerabilities present in Smart Grid technology and its potential global effects would have been a much wiser investment of their time and OECD’s budget. In my opinion, this paper did not answer the question assigned to it. It’s a Fail.

    How Egypt did (and your government could) shut down the Internet

    Unremote Security » Kaspersky Antivirus Source code leak (KAV 8 – 2009)

    So the rumor i post months ago on twitter was right :o , kaspersky antivirus source code were leaked :/ , i take a quick look on the source and it seems legit and to be Kaspersky 2009 Edition by the design sheets on it.

    To compile it is recommended you to use Visual Studio C++ 2008 , i try with VC2010 its kinda hard.

    I will not host the source in one of my web servers then i give you a torrent link :D

    Have fun .
    Size uncompressed : ~1Gb
    Size zipped : ~300Mo

    btw i recommend people to use Bitdefender instead of KAV , Bitdefender rox ;)


    if for a legal issue i must delete this thread then i’m waiting for a mail with a copy of the law that saying “it is illegal to post a torrent containing the source code of a private app that wasn’t leaked by me but by an ex employee years ago :)
    Here is my mail : DarkCoderSc@Unremote.org

    What you didn’t know about Nintendo | The Best Article Every day

    29 gennaio 2011

    Exclusive: Tunisia Internet Chief Gives Inside Look at Cyber Uprising | Danger Room

    A security guard stands outside a Tunisian Internet Agency. Photo: Mikel Ayestaran

    TUNIS, Tunisia –- When Zine El Abidine Ben Ali’s dictatorship began unraveling here last month amid violent street protests, Tunisia’s internet administrators saw a massive spike in the number of sites placed on government block lists. But, in contrast to the embattled Egyptian government, the Ben Ali regime never ordered internet and cellphone communications shut off or slowed down, the head of the Tunisian Internet Agency says.

    “I think Ben Ali did not realize where the situation was going or that he could be taken down,” Tunisian Internet Agency (French initials: ATI) director Kamel Saadaoui tells Wired.com. “Maybe if he had known that, he would have cut the internet. But the number of blocked sites did grow drastically when the revolution started. They were trying desperately to block any site that spoke about Sidi Bouzid. In a few weeks the number doubled.”

    Egypt’s blackout, confirmed Thursday by internet-monitoring company Renesys, shut down four out of five of the country’s ISPs, with one connection left open to Noor Group, which hosts the Egyptian stock exchange, Rensys reported. The move signals an unprecedented clampdown on communications as activists, apparently inspired by Tunisia’s successful uprising, are taking to the streets in massive numbers.

    During its 15-year existence, the ATI had a reputation for censoring the internet and hacking into people’s personal e-mail accounts. All Tunisian ISPs and e-mail flowed through its offices before being released on the internet, and anything that the Ben Ali dictatorship didn’t like didn’t see the light of day.

    Saadaoui, its director of three years, complains that the perception of the ATI as an oppressive cyber-nanny is undeserved. He was just following the regime’s orders, he insists. Now that the government has changed, he’s following those new policies, helping open up Tunisian internet access as never before.

    “We are computer and electronic engineers, not policemen,” Saadaoui says at his office in the ATI headquarters, a handsome, white bungalow near Pasteur Square in a high-end neighborhood of Tunis. “We don’t check e-mail and we don’t filter websites, even though we have filtering engines on our network. We run the engines technically, but we don’t decide to block your blog. We don’t even know you have a blog.”

    ‘It’s useless to block. Whatever we do, there are ways to get around it.’

    “But,” he adds, “we give access to these engines to other institutions that have been mandated by the government to choose which websites should be blocked. They have the gateway that has all the mail to be read.”

    In other words: don’t blame us. We just work here.

    Saadaoui described the governmental oversight of the internet as an encrypted interface built and maintained by the ATI. Only the government can manipulate it.

    “We gave them an interface where they can go in and add anything they want to block,” he says. “We don’t even know what they were banning because the list is encrypted. We can only see the number of blocked sites and some other technical aspects, such as CPO load, how much traffic … things like this. Sometimes we learn about the blocked sites when people call in and ask why their blog has been blocked. Then we know.”

    At first, the regime banned around 300 websites, but as internet use grew throughout the country –- from 1 percent of the population in 2000 to 37 percent as of last November –- the blacklist bloated to more than 2,000. When the government started going after proxies, Saadaoui said, the number jumped to many thousands. He estimated that around a thousand of the blocked sites were political, and the rest were proxies.

    The revolution began Dec. 17 in the central Tunisian town of Sidi Bouzid, when 26-year-old fruit vendor Mohammed Bouazizi set himself on fire to protest the humiliating tactics of local officials. The suicide jolted Tunisians. They began to protest in the streets — and clash with police.

    Around 100 people died throughout the country. The media, controlled by Ben Ali’s advisers, reported only that criminals were looting.

    But videos of the protests, riot police and their victims appeared on Facebook, and bloggers began reporting the daily events with first-hand accounts, photographs and videos. This information helped drive the uprising, and the government responded by allegedly hijacking Tunisian Facebook passwords.

    At the same time, hackers began to attack the Tunisian government’s control over the internet. They bombed the ATI’s DNS and website, and tried to bomb the e-mail centipede gateway. The National Computer Security Agency — which fights hacking, phishing, viruses and fraud — took on the activists who tried to overload government websites with distributed denial-of-service attacks.

    “When the hackers did DDOS they did a good job, and Anonymous did a good job,” Saadaoui says, smiling. “But not on everything. They weren’t able to take down the DNS, they weren’t able to take down the main servers or the network, but they were able to DDOS websites. They were able to bomb Ben Ali’s website.”

    Open, But Uncertain, Future

    Since Ben Ali fled the country Jan. 14, the transitional government has removed several restrictions on internet use while the 60-person ATI aims to focus on tasks more befitting an internet regulator: providing bandwidth and IP numbers, DNS management, IP addresses, research and development, electronic commerce, and web hosting. The agency is also the ISP for all public institutions.

    How the dictator-less Tunisia will rebuild its internet architecture is still being discussed, Saadaoui says. But one optimistic sign is that 33-year-old blogger and activist Slim Amamou, who was arrested during the revolt, is now the secretary of state for youth and sports. The Ministry of Communications and Technology has announced that anyone who has a SMTP server can have direct access to the internet without going through the governmental post office.

    The interface that allows the government to block sites, however, still exists. Saadaoui promises that it will be used only to block pornography, child pornography, nudity and “hate,” using URL classifiers.

    “The new government told us to keep the filtering engines where they are and to allow them to add categories that they don’t like,” Saadaoui says. “The difference now is that they will ask a judge to approve the filtering. The problem is not filtering, the problem is who filters and based on what law. Before, people would filter without applying the law, and now we will filter with a judicial mandate. And the current mandate is to block pornography, pedophilia, nudity and hate.”

    Many Tunisians, such as Amamou and the hackers who fought the ATI during the revolution, prefer a completely open internet. Saadaoui disagrees. He says the current filters are necessary on a political level: “The limits are symbolic. It’s a message from the government that we are a Muslim and conservative society and that we would appreciate if you didn’t go to these [filtered] sites.

    Besides, Saadaoui says, everyone knows how to sidestep the restrictions, anyway.

    “Tunisia has a lot of young, open people who know how to go around filters via hotspot proxies,” he says. “So really it’s useless to block. Whatever we do, there are ways to get around it.”

    See Also:

    28 gennaio 2011

    20 Of The Funniest Exam Answers Of All Time

    No Hacker Left Behind - Forbes.com

    Alan Paller's plan to defend America's cyber-infrastructure: Teach our kids to think like thieves.

    Low-cost SSL proxy could bring cheaper, faster security; defeat threats like Firesheep - Computerworld

    Based on an algorithm devised by researchers in Korea and the U.S., SSLShading is software that directs SSL traffic being proxied either to a CPU or a graphics processing unit (GPU), whichever is most appropriate to handle the current load. The researchers will discuss the algorithm in their paper "SSLShader: Cheap SSL Acceleration with Commodity Processors."

    CHART OF THE DAY: Here's How Much A Unique Visitor Is Worth

    24 gennaio 2011

    Toshiba's Android 3.0 tablet has swappable battery - News - Linux for Devices

    Toshiba launched a preview website for its 10.1-inch, "Toshiba Tablet," which runs Android 3.0 on an Nvidia Tegra 2 processor, and offers dual cameras and a swappable battery. Meanwhile, Motorola's rival Xoom Android 3.0 tablet will go on sale at Best Buy on Feb. 17, and will be offered by Verizon Wireless for a pricey $799 without a contract, say reports.

    Book Review - Alone Together - By Sherry Turkle - NYTimes.com

    In Turkle’s latest book, “Alone Together,” this optimism is long gone. If the Internet of 1995 was a postmodern playhouse, allowing individuals to engage in unbridled expression, Turkle describes it today as a corporate trap, a ball and chain that keeps us tethered to the tiny screens of our cellphones, tapping out trite messages to stay in touch. She summarizes her new view of things with typical eloquence: “We expect more from technology and less from each other.

    Mantra - Free and Open Source Browser based Security Framework

    Mantra is a dream that came true. It is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software. Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.

    Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

    23 gennaio 2011

    NewsGrange » Hacker Shows It Doesn’t Take $8 Million to Clone Qwiki – Just 321 Lines of HTML Will do the Trick

    In the source code, the developer clearly references that the reason for this project was to show how easy it is to implement the basic functionality of Qwiki: “This code is not pretty, but it doesn’t need to be. It’s only been 6 hours, but based on funding patterns I should be able to raise a few million off of this ;) .” The first demo of Fqwiki you see after opening the site is its rendition of the Wikipedia entry for “snake oil.”

    Index of /~greg/stackoverflow/ebooks

    These books contain the top questions from a selection of the top tags on Stack Overflow. The top questions include those with a score of 10 or greater (except in the case of a high volume tag like c#). I have to limit the number of questions in each book because of the poor O(n2) performance of kindlegen.

    21 gennaio 2011

    DROMORAMA | metti (che) in moto un dromomane

    È ufficiale: mi son beccato il virus del viaggio, a tal punto che mi è venuta la malsana idea di provare a camparci con questa attività. Dromorama nasce non solo con l’intenzione di documentare e condividere i miei viaggi ma anche come motivatore a farne ancora di più: insomma pare un paradosso ma più mi seguite, più io viaggio.

    Violent Penguins - The Daily WTF

    Ballpoint Pen review | PDA-247

    In summary, I would happily recommend this pen to anyone who is planning on writing on paper. If you are considering a writing implement for some other surface such as writing on a CD, or other non-porous substances then another pen might be better suited, but if it’s just plain old paper then I think you will probably be well served by this particular model

    20 gennaio 2011

    IT instratructure needs to be resilinent, because it can't be invulnerable, former DOD official says -- Government Computer News

    Stuxnet not such a masterpiece after all? - The H Security: News and Features

    Stuxnet Logo Some security specialists are now questioning whether Stuxnet is really as much of a masterpiece of malware programming as it has been made out to be. Although it combines a lot of knowledge from a range of disciplines, they believe that the implementation was sloppy. Security web site Threatpost, for example, cites security specialist Tom Parker. Parker believes that the worm's command and control mechanism was poorly implemented, since it sent data traffic in unencrypted form. He also points out that the worm spread via the web, which resulted in uncontrolled infection of systems other than the actual target.

    Parker believes that a range of groups must have worked on the worm, and that a highly talented group must have programmed the exploits and the code for modifying control systems. A less talented group may then have added the functionality for getting the malware to its target. The quality of the Stuxnet code is reported to be low and it is said to omit modern methods for hiding on infected systems and preventing analysis by anti-virus vendors.

    Security specialist Nate Lawson expresses similar views . Although Stuxnet includes some obfuscation techniques and installs a rootkit, Lawson notes that this does not make it any different from any other recent worm. Contrary to a recent report by the New York Times, Lawson even expresses the hope that the US was not involved in writing the worm. He adds that he hopes that digital weaponry developers have a little more up their sleeves than tricks used by Bulgarian teenagers to disguise viruses back in the '90s.

    Parker and Lawson both come to the conclusion that the worm's authors probably just did not have enough time to improve the code and its obfuscation. However, many of the comments on Lawson's blog express the view that Stuxnet simply did not have any need for sophisticated camouflage techniques and point out that it took anti-virus specialists Siemens, and SCADA experts, months to discover and understand Stuxnet even without these mechanisms.

    See also:


    19 gennaio 2011

    Stuxnet Authors Made Several Basic Errors | threatpost

    In a talk at the Black Hat DC conference here Tuesday, Tom Parker, a security consultant, presented a compelling case that Stuxnet may be the product of a collaboration between two disparate groups, perhaps a talented group of programmers that produced most of the code and exploits and a less sophisticated group that may have adapted the tool for its eventual use. Parker analyzed the code in Stuxnet and looked at both the quality of the code itself as well as how well it did what it was designed to do, and found several indications that the code itself is not very well done, but was still highly effective on some levels.

    Honey Bee Extinction | The Big Picture

    Unhackable data in a box of bacteria: Future of InfoSec? - Computerworld Blogs

    Unhackable data in a box of bacteria: Future of InfoSec?

    17 gennaio 2011

    Autonito, Automatically Open Domains In Google Chrome’s Incognito Mode

    Royal Pingdom » Internet companies with few employees but millions of users

    Can you imagine a traditional, “offline” company managing these kinds of user numbers with a moderate number of employees? Probably not, right? These numbers only really become possible in the economy that the Internet and the World Wide Web has given us. It’s a true gift to all those tech-savvy entrepreneurs out there. You can accomplish great things with just a small team.

    Israel and US fingered for Stuxnet attack on Iran • The Register

    The US and Israel jointly developed the infamous Stuxnet worm before using the sophisticated malware to sabotage key components of Iran's controversial nuclear program, according to an investigation by the New York Times.

    Was Stuxnet a joint US-Israeli project? - The H Security: News and Features

    It has long been clear that a lot of grey matter was exercised in creating Stuxnet. It is equally clear that the highly expert team behind the worm was not simply showing off Windows exploits on Siemens manufacturing control systems, but intended to destroy centrifuges used for uranium enrichment.

    A New York Times report has now collected together a range of evidence which suggests that experts from the US and Israel worked together to develop Stuxnet over a two year period. Siemens is also reported to have unwittingly assisted them, in that the company collaborated with a US Department of Energy research institute on a programme for protecting against cyber-attacks. The security vulnerabilities uncoveredPDF during this programme were then utilised in developing the worm.

    The fastidiousness with which the developers tailored Stuxnet to the Iranian enrichment facility in Natanz is also interesting. The New York Times quotes German security specialist Ralph Langner, whose analysis of the code showed that Stuxnet was targeted at a network of exactly 984 machines – precisely the number, according to nuclear experts – disabled in summer 2009.

    Langner credits Stuxnet with two mechanisms of action: firstly it deregulates the centrifuges so that they run to destruction and secondly it delivers fake sensor data to the control panel to give the impression that everything is running normally.

    From the precision with which the worm performed its function, many experts conclude that Israel must also have been involved, drawing the conclusion that live tests must have been carried out. All indications point towards Israel's Dimona project in the Negev desert, which includes a uranium enrichment facility, as the test site. All of this is of course strictly confidential and deniable – likewise US and Israeli involvement in creating Stuxnet. But, reports the newspaper, none of the American or Israeli experts were able to suppress a proud grin when noting that Iran's nuclear programme has been put back to at least 2015.


    Tor project releases update to close critical hole - The H Security: News and Features

    Cyberwar hype is obscuring real security threats • The Register

    The ill-informed leading the ill-informed...

    14 gennaio 2011

    More corruption = more collapse in earthquakes - Holy Kaw!

    More corruption = more collapse in earthquakes

    Ultimate Bashrc File GNOME-Look.org

    For those who love using the terminal, here is a '.bashrc' file I created, mainly for those who've had issues with their own. Hopefully it'll benefit those of whom love aliases, functions, and such. Probably more than you need, so modify all you want. I've organized it best I can to make it easier for using and modification. This is also for those many who've had a difficult time finding a good source for their own on the net, like it was for me.

    Intel showering employees with 4X bonuses | VentureBeat

    Intel is giving four times the usual bonuses for its employees thanks to its record year with $43 billion in revenues. The company is also paying its workers the equivalent of 3 extra days of work on top of that.

    Wikileaks volunteer detained and searched (again) by US agents - Boing Boing

    John F. Kennedy Presidential Library & Museum

    Porn Worm Extorts Money From 2,500 Victims - PCWorld

    Porn Worm Extorts Money From 2,500 Victims

    13 gennaio 2011

    Saying Image 111312

    Minimum Route Finder Using Dijkstra Algorithm

    Minimum Rout Finder Using Dijkstra Algorithm

    The Philter Lounge

    What is my IPv6 Address?

    Check out this website I found at ip6.me

    Mirror of GeoHot's PS3 Jailbreak

    Mirror of GeoHot's PS3 Jailbreak

    January 11, 2011:

    Our friends at Sony are having another bad day: i.e., doing something breathtakingly stupid, presumably because they don't know any better. This time they're suing George Hotz for publishing PS3 jailbreak information, as reported by EnGadget, Attack of the Fan Boy, and inevitably, Slashdot. Hotz's jailbreak allows PS3 owners to run the software of their choice on a machine they have legally purchased. His site is geohot.com.

    Free speech (and free computing) rights exist only for those determined to exercise them. Trying to suppress those rights in the Internet age is like spitting in the wind.

    We will help our friends at Sony understand this by mirroring the geohot jailbreak files at Carnegie Mellon.

    GeoHot Mirror

    Click here for usage instructions.

    Note to Sony lawyers: no doubt you're eager to rack up another billable hour by sending legal threats to me and my university. Before you go down that unhappy road, check out what happened the last time a large corporation tried to stop the mirroring of technical information here: The Gallery of CSS Descramblers. Have you learned anything in ten years?

    A reader points out that jailbreaking the iPhone is legal in the US thanks to the efforts of the Electronic Frontier Foundation. What bearing this has on the PS3 controversy remains to be seen.

    Update: My light-hearted use of the editorial "we" above should not mislead anyone into thinking that I an speaking on behalf of Carnegie Mellon. On all my personal web pages hosted by CMU, including this page, I speak only for myself, as does every other faculty member. We have a PR department whose job is to speak for the university.

    Microsoft sucks open source into its WebMatrix • The Register

    Microsoft sucks open source into its WebMatrix

    SmuSec: Announcing Ruminate IDS

    Post a Comment

    keys open doors

    erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
    riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
    pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
      R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
      n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
      K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
     Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70


    props to fail0verflow for the asymmetric half
    no donate link, just use this info wisely
    i do not condone piracy

    I made a video

    it's jailbreak time
    open the zip, you know how to install
    3.55 only
    would be pirates, don't waste your time
    do not mirror file, link to geohot.com
    no donations accepted right now, don't get scammed

    homebrew signing source
    make_self_npdrm makes valid NPDRM selfs from elfs
    it does not contain any info on decrypting or removing NPDRM
    NPDRM is required for interoperability of our homebrew applications
    package_finalize turns your debug packages into psuedoretail packages
    psuedoretail packages install on a geohot jailbroken PS3

    i'm excited to see what you will create
    open source SDK @ PSL1GHT

    12 gennaio 2011

    «Un faccino tondo e un nasetto da bambola» » Piovono rane - Blog - L'espresso

    Globish Home - Globish.com

    Globish allows you to:

    • Communicate in English, using only 1500 words.

    • Employ simple, but standard grammatical structure.

    • Learn enough pronunciation and spelling for 1500 words only.

    • Provide a tool for leading a conversation in business or as a tourist, anywhere in the world.

    Venerable Rustock Botnet Is Spamming Again - Darkreading

    Venerable Rustock Botnet Is Spamming Again