Tuesday, 10. September 2002
Disgruntled CISSP flunky accused of SPAM campaign against (ISC)2
(ISC)2 is working with federal and state law enforcement authorities on the case. The consortium's own investigation has led to a suspect who recently failed the CISSP exam and then physically threatened the proctors if they didn't grant his credentials. While he declined to identify the suspect, Johnston says the person lives in an English-speaking country that will cooperate in his prosecution and, if warranted, extradition. Johnston, who doubles as (ISC)2's CISO, says they initially couldn't pinpoint where the spam was coming from, but were eventually able to determine that the suspect was using a spam server in China. (ISC)2 says its membership lists and network weren't compromised by the spammer. Most of the messages are being sent to people who have never heard of the accreditation consortium, the group says. [Security News Portal]
Philippines cracks phone hacking ring
MANILA (Reuters) - The Philippines said on Monday it had cracked a 100 million peso ($1.9 million) computer hacking ring that had gained access to telephone company lines and sold off cheap phone calls.
The hacking ring was cracked after the country's main phone company, Philippine Long Distance Telephone Co, asked for help to stop the scam, police said. The hackers tapped into computers controlling long-distance phone calls, then sold calls to their clients at prices around half the normal rate.
Immigration officials said two of those arrested were Jordanians and the third was a Filipino. The ring had amassed about 100 million pesos from their hacking operations since last year.
If convicted, those arrested face up to six years in jail and a fine of up to 100,000 pesos ($1,923) each.[Moreover - moreover...]
Digital Demonstrations again.
Hacktivism.ca has a snippet on my "H2K2" presentation "on virtual sit-ins" and a link to an article "What is the Borderline Between Criminality and Civil Disobedience in the Net?" by Marco Cappato (MEP) who is pushing the EU to be careful not to criminalize creative political expression on the Internet. See also his report on the subject.
4.-6.10: Hackmeeting in Madrid
25-year jail terms for terror?
A proposed new Victorian law seeks to impose increased jail terms for acts of sabotage, including "cyber crime". The legislation is not yet available for review. The Government is planning to introduce new legislation in State Parliament this week under the Crimes (Property Damage and Computer Offences) Bill. [...]
The laws are likely to receive bipartisan support and will give specific
powers to prevent cyber crime, such as hacking into the police computer
network.... [bplog]
unmask: identifying the authors of anonymous texts
immunitysec: unmask. Immunitysec.com has released Unmask, a script that claims to help identify the authors of anonymous texts, using statistical analysis to record signatures. It's released under the GPL.
Unmask is a python script that allows you to break the anonymity of
e-mail or other text. It works by doing basic statistical matching
against stored "signatures." It may require some tweaking to fit your
particular use to it (un-anonymizing IRC chats, email, web pages on
FreeNet,... [bplog]
Konferenz zu Informationsfreiheit, Kontrolle von Inhalten und Zensur im Internet
Der eco macht mit dem "CCC" die gleiche Konferenz, wie die LfM einen Tag später. Am Wochenende davor gibt's was ähnliches von der Naumann Stiftung. Es geht rund im Rheinland!
"IMGccc" Anscheinend hat der Spass keine Webseite, daher hier die Mail:
Liebe eco Interessenten, liebe Mitglieder,
nachfolgend mûchten wir Sie auf eime Veranstaltung des CCC (unter Beteiligung von eco) am 16.09.2002 in Düsseldorf aufmerksam machen. ºber Ihre rege Teilnahme würden wir uns freuen!
Konferenz zu Informationsfreiheit, Kontrolle von Inhalten und Zensur im Internet -Eine Veranstaltung des Chaos Computer Club e.V., Montag 16.09.2002 Düsseldorf, Forum im Finanzkaufhaus
10:00 - 10:45 Inhaltliche Kontrolle des Internets über das Domain Name System, Referent: Andy Müller-Maguhn, Sprecher Chaos Computer Club e.V., Benutzergewählter Direktor für Europa, ICANN, http://www.ccc.de/~andy/
10:45 - 11:30 Insert Coin - Manipulation von Internet-Inhalten als Experiment Alvar Freude, Betreiber ODEM.ORG http://www.odem.org/
11:30 - 11:45 Kaffeepause
11:45 - 12:15 (working title), Internetfreedom in France after the "yahoo" court decision, Meryem Marzouki http://asim.lip6.fr/~marzouki/perso/index.gb.html
12:15 - 13:00 Internet-Zensur in Nordrhein-Westfälen, Bûssow gefährdet die Informationssphäre (Arbeitstitel), Referenten: Jens Ohlig, Sprecher Chaos Computer Club e.V, Lars Weiler, Chaosdorf Düsseldorf e.V. http://www.ccc.de/censorship/
13:15 - 14:30 Mittagspause, (gesondert angekündigt: Pressekonferenz um 13:30 - 13:50)
14:30 - 15:15 Die Internet-Zensur in NRW aus Providersicht, Referenten: Harald A. Summa, eco Forum e.V. , http://www.eco.de/ , sowie vorr. ein Vertreter eines betroffenen ISP
15:15 - 15:30 Kaffeepause
15:30 - 16:15 Verpflichtet die deutsche Gestzeslage Internet-Service Provider, inhaltliche Angebote des Netzes zu sperren? Europäische Rechtsanwältin Dr. Irini E. Vassilaki, Universität Gûttingen
16:15 - 16:30 Kaffeepause
16:30 - 17:00 Gesellschaftlicher Umgang mit extremen Inhalten im, Internet , Prof. Dr. Thomas Hoeren, Harald A. Summa, Irini Vassilaki, Andy Müller-Maguhn
ca. 17:00 Ende der Veranstaltung
Die Veranstaltung findet statt im Forum im Finanzkaufhauses Düsseldorf, Bilker Alle (Hausnummer befindet sich noch in der Ermittlung)
Eine Anfahrtsbeschreibung gibt es unter http://www.forum-duesseldorf.com/forum_duesseldorf_anfahrt.htm
Mit freundlichen Grü¤en
...
Berman-Coble: an exercise in the cyber-law-definition jungle.
Maybe I should start the freedom to tinker comment weblog. Edward Felten is again poking arround in the Berman-Coble bill inviting me to get back to my favorite rants. Felten now looks Part B of the p2p Definition in the bill, which says somethong like this:
'peer to peer file trading network' means two or more computers which are connected by computer software that--
(A) [is designed to support file sharing]; and
(B) does not permanently route all file or data inquiries or searches through a designated, central computer located in the United States;
Felten argues that no significant centralized system would use a single server but for load balancing reasons a cluster of many machines. He is right, but before talking about this we must find out what constitutes a computer. A single CPU? So a IBM zSeries Machine would be more than a single computer. Processing units in a single Case? No, my Siemens MX-300 comes in two cases. As a working thesis I would define a computer in the context of this bill should be defined as "closely coupeled computing resources under single administrative control". While we might argue if two webservers behind a load balancer are "closely coupeled" stuff like the AIM servers could be subsumed under this term for computer if one really wants to.
Just for the record: This restriction to central servers in the US strange, too. Th US government might create laws which forces citizens of their nation to endure attacks by the RIAA. But they can't to that to foreigeners not on their soil. In fact if the US government encourages private eintities from the US to attack people in other countries, this might be considered an attack carried out by the US government - which might considered as act of war.
Germany should not pick on the US for this: When the german minister for interior affairs realized that he couldn't sue away german Nazi pages on US servers he declared in an interview that this servers should be hacked by german law enforcement to get rid of the Nazi hate pages.
Anruf in Holland.
Wegen Neal-Weh habe ich eben in Holland angerufen. Eigentlich hatte ja meiner Zeit für mich, weill Essen angesagt war, aber zwischen den Bissen hatte Neal für das eine oder andere Wort Zeit: als ehr "Heimweh" hûrte, hat er das nachgesprochen - obwohl er gar nicht nach Heimweh klang - auch die Nicky identifizierte er korrekt als "Mama" und ans Rose erzählte er habe Schrims gegessen wurde auch das nachgesprochen. Im hintergrund rief er immer "nochmal", ich vermute damit war Fütterung gemeint. Und zum Abschied sagte er korrekt "Tschü¤". Wortgewantes Kind.
Microsoft says Win 2000 hacking outbreak subsides
On 30 Aug, Microsoft warned customers of an increase in reported hacker attacks against Windows 2000, but offered few details about the root of the problem. On 6 Sep 2002, MS said the malicious activity has "lessened significantly" -- claiming that the attacks probably did not result from new vulnerabilities in its operating system, but rather from administrators not following standard procedures to secure their servers. "By analyzing computers that have been compromised, Microsoft has determined that these attacks do not appear to exploit any new product-related security vulnerabilities and do not appear to be viral or worm-like in nature," the company stated in its advisory, available online at http://support.microsoft.com/default.aspx?scid=kb;en-us;q328691. "Instead, the attacks seek to take advantage of situations where standard precautions have not been taken," the advisory said. "The activity appears to be associated with a coordinated series of individual attempts to compromise Windows 2000-based servers." MS urges us to take preventive measures to protect themselves against future attacks: eliminate blank or weak administrator passwords, disable guest accounts, run up-to-date antivirus software, use firewalls to protect internal servers, and stay up to date on all security patches. [Source: article by Matt Berger, *Info World*, 9 Sep 2002; PGN-ed, TNX to Lillie Coney] http://www.infoworld.com/articles/hn/xml/02/09/09/020909hnmshack.xml
[So, it's all OUR fault, even if I don't even use MS software! PGN] ["Peter G. Neumann" <neumann@csl.sri.com> via risks-digest Volume 22, Issue 24]
Mein Sohn ist verloren ...
... wenn er Fisch sieht, sagt er "hmmm, lecker". Seufz.
Hacking Trackback into Radio II
My Trackback attempts are continuing. Seems David Watson likes the stuff. He points out Trackback and Radio are a political issue
There are to be several implementations for sending pings (see this tutorial, too). But I want the pings to be send automagically. There is much talk about it but no code/a>.
So I hacked a Python script which connects to radio via the Meta Weblog XML-RPC API, iterates through the latest posts, gets all the liks in each posts, downloads the pages referenced by this links, extracts traceback-RDF information, compares them with if they match the links we were expecting and if so sends out the trachback pings. I will give this thing a test run for one or two more days to be sure it does not break the internet or something like this and then post it here.
disLEXia, a research project by Maximillian Dornseif
 |  |  | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |
   |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 |  |  | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||