Privacy Digest

Online scammers prep for Gustav, say researchers - Via :

August 31, 2008 (Computerworld) Nearly 100 domains related to Hurricane Gustav have been registered in the past 48 hours, security experts said Sunday, some of which may be used by bogus charity and relief scams after the storm strikes the U.S. Gulf Coast.

According to television station KTAL in Shreveport, La., the office of Louisiana's Attorney General Buddy Caldwell has warned residents of Gustav phishing attacks already in progress.

On Saturday, Marcus Sachs, director of the SANS Institute's Internet Storm Center (ISC), noted that numerous domains containing the word "gustav," "charity," "hurricane" and "relief" had been recently registered.

"On the day [Hurricane] Katrina hit New Orleans [in 2005] hundreds of donation sites appeared online, many if not most were scam sites," said Sachs in a post yesterday to the ISC research blog. "Well, this time around, it looks like the people who like to register domain names in anticipation of a storm's arrival have already started registering them for Gustav."  read more »

AT&T thanks the Blue Dog Democrats with a lavish party - Via Salon: Glenn Greenwald:

(updated below (with video added) - Update II)

Last night in Denver, at the Mile High Station -- next to Invesco Stadium, where Barack Obama will address a crowd of 30,000 people on Thursday night -- AT&T threw a lavish, private party for Blue Dog House Democrats, virtually all of whom blindly support whatever legislation the telecom industry demands and who also, specifically, led the way this July in immunizing AT&T and other telecoms from the consequences for their illegal participation in the Bush administration's warrantless spying program. Matt Stoller has one of the listings for the party here.

Armed with full-scale Convention press credentials issued by the DNC, I went -- along with Firedoglake's Jane Hamsher, John Amato, Stoller and others -- in order to cover the event, interview the attendees, and videotape the festivities. There was a wall of private security deployed around the building, and after asking where the press entrance was, we were told by the security officials, after they consulted with event organizers, that the press was barred from the event, and that only those with invitations could enter  read more »

OneWebDay 2008: An E-Democracy Time Capsule - Via CDT - PolicyBeta:

We’re just under a month away from OneWebDay 2008, and the Washington, DC OneWebDay planning committee would like to invite you to participate. Susan Crawford started OneWebDay four years ago to promote the Internet and keep it vibrant, in the same way that Earth Day promotes taking care of the environment. The Internet is under a lot of pressure, from inadequate connectivity and the digital divide to censorship. When the Internet is in the news, it is usually to highlight one of the feared aspects of the Internet, rather than the positive transformative power of the Internet. OneWebDay is intended to create a town square of sorts where people far and wide can come together to celebrate and protect the Internet- keeping it innovative, open and free.  read more »

Pirate Bay Renamed Beijing Bay After Olympics Tracking - Via Threat Level:

The Pirate Bay has a new logo, at least temporarily.

The world's most notorious torrent-tracking site has temporarily renamed itself The Beijing Bay after the International Olympic Committee sought the assistance of the Swedish government to stop it from tracking clips from the ongoing Olympics in Beijing.  read more »

A First Ever Look Inside The Defcon Network Operations Center - Via Threat Level:

Editor: Interesting graphic removed. Go to original site for that [...]

The backbone of the Defcon network consists of a Cisco fiber switch (second box from top).  The firewall (bottom server) is a quad-core Xeon running OpenBSD and employing pf to filter and shape traffic.

LAS VEGAS -- Over 9,000 hackers, freaks, feds and geeks are gathered in Las Vegas for Defcon, the world's largest computer security convention. The temporary wireless network that serves the Defcon attendees is the most hostile on the planet.

Defcon's network is put together and run by a group of dedicated volunteers, known as Goons.  These red badge-sporting Network Goons work hard to make the network robust enough to handle the endless stream of dangerous traffic.

Threat Level got the first ever photo tour of the Defcon Network Operations Center. Here are the photos for your viewing pleasure.

[...]

(Read Original Article - Via Threat Level.)

MIT Students' Response to MBTA Statements - Via EFF.org Updates:

Yesterday, the Massachusetts Bay Transportation Authority issued a statement to CNET that misrepresents the facts leading up to the MBTA's lawsuit against three MIT students. The statement said:

A week ago, the MBTA learned about the presentation to be made at the conference, and immediately contacted MIT. At a meeting last Tuesday involving all the parties, MIT staff and the students agreed to provide the MBTA with a copy of the presentation. After several days passed without getting any information from MIT, the MBTA had no choice but to seek assistance from a federal court judge on Friday. At 4:30 a.m. on Saturday, the presentation was finally provided to the MBTA. Staff is thoroughly reviewing the information to determine if there is any degree of substance to the claims being made by the students.

The MIT students would like to clarify a few facts:  read more »

YouTube Yanks Free Tibet Video After IOC Pressure - Via Slashdot: Your Rights Online:

RevWaldo writes "The International Olympic Committee filed a copyright infringement claim yesterday against YouTube for hosting video of a Free Tibet protest at the Chinese Consulate in Manhattan Thursday night. The video depicts demonstrators conducting a candlelight vigil and projecting a protest video onto the consulate building; the projection features recent footage of Tibetan monks being arrested and riffs on the Olympic logo of the five interlocking rings, turning them into handcuffs. YouTube dutifully yanked the video, but it can still be seen on Vimeo. (Be advised; there is some brief footage of bloody, injured monks.)"

(Read Original Article - Via Slashdot: Your Rights Online.)

MIT Students Gagged by Federal Court Judge - Via EFF.org Updates:

Las Vegas - Three students at the Massachusetts Institute of Technology (MIT) were ordered this morning by a federal court judge to cancel their scheduled presentation about vulnerabilities in Boston's transit fare payment system, violating their First Amendment right to discuss their important research.

The Electronic Frontier Foundation (EFF) represents Zack Anderson, RJ Ryan and Alessandro Chiesa, who were set to present their findings Sunday at DEFCON, a security conference held in Las Vegas. However, the Massachusetts Bay Transit Authority (MBTA) sued the students and MIT in United States District Court in Massachusetts on Friday, claiming that the students violated the Computer Fraud and Abuse Act (CFAA) by delivering information to conference attendees that could be used to defraud the MBTA of transit fares. This morning District Judge Douglas P. Woodlock, meeting in a special Saturday session, ordered the trio not to disclose for ten days any information that could be used by others to get free subway rides.

"We wanted to share our academic work with the security community and had planned to withhold a key detail of our results so that a malicious attacker could not use our research for fraudulent purposes," said Anderson. "We're disappointed that the court is preventing us from presenting our findings even with this safeguard."  read more »

The Last HOPE - July 18-20, 2008 - Hotel Pennsylvania - New York City :

For those of us who couldn't make the conference or could only listen in(On their radio station) to some of the seminars. Here is a whole bunch of recordings of many(maybe even most or all) of the seminars.

They have 16kbps for low fidelity audio, 64kbps for high fidelity audio. So no matter what your connection speed there is something for you.

Something tells me that their bandwidth is going to be busy for a while, since this was also mentioned on SlashDot today.

(Read Original Article .)

French Reporters at Black Hat Hacked Fellow Reporters - Via Threat Level:

LAS VEGAS -- Reporters covering the Black Hat Security Conference this week were apparently hacked by three French reporters.

A Black Hat spokeswoman, explained that three French reporters gathered log-in data for reporters in the Black Hat press room and tried to convince organizers of the Wall of Sheep to post the data publicly. The Wall of Sheep is a traditional feature at the DefCon hacker conference but was launched at Black Hat for the first time this year.  read more »

French Reporters at Black Hat Booted from Conference for Hacking Fellow Reporters - Via Threat Level:

LAS VEGAS -- Reporters covering the Black Hat Security Conference this week were allegedly hacked by three French reporters. The three reporters are believed to have sniffed a private network that other reporters at the conference were using -- an apparent violation of the federal wiretap statute.

A Black Hat spokeswoman explained that the three reporters gathered log-in data for reporters in the Black Hat press room and tried to convince organizers of the Wall of Sheep to post the data publicly. The Wall of Sheep is a traditional feature at the DefCon hacker conference (which begins tomorrow in Las Vegas) but was launched at Black Hat for the first time this year.  read more »

Black Hat: Security Geeks Converge on Vegas - Via Threat Level:

LAS VEGAS -- More than 4,000 security professionals have converged in Las Vegas this week for the Black Hat Security Conference -- to be followed this weekend by the DefCon hacker conference.

IOActive penetration tester Dan Kaminsky is expected to draw a full house to his anticipated talk on the serious DNS security flaw he discovered earlier this year.

Other talks include a discussion on hacking highway toll systems, security vulnerabilities in implantable wireless medical devices and a demonstration on injecting law-enforcement Trojans onto target machines.  read more »

Kaminsky's Grandmother Bakes Session Cookies for Black Hat - Via Threat Level:

Dan Kaminsky has been giving talks at the Black Hat Security Conference in Las Vegas for nine years. For five of those years his 85-year-old grandmother has been in the audience. The last three talks, she baked cookies for attendees -- what Kaminsky refers to as "session cookies."

Grandma Kaminsky, also known as Raia Maurer, made 250 Swedish lace cookies for the crowd this year. But that fell far short of the standing-room only audience that showed up to hear his talk.

I chatted a bit with Maurer who hails from Eastern Europe but emigrated to Canada with her husband in 1951 and later came to live with Kaminsky's family in California after her husband died. She bought Kaminsky his first computer -- or, rather, she gave him $1,800 to purchase parts to build his first computer.

She recalls the first time she heard him speak at Black Hat.  read more »

Lessig Predicts Cyber 9/11 Event, Restrictive Laws - Via Slashdot: Your Rights Online:

A number of readers are sending in links to a video from the Fortune Brainstorm Tech conference last month, in which Lawrence Lessig recounts a conversation over dinner with Richard Clarke, the former government counter-terrorism czar. Remembering that the Patriot Act was dropped on Congress just 20 days after 9/11 — the Department of Justice had had it sitting in a drawer for years — Lessig asked Clarke if DoJ had a similar proposed law, an "i-Patriot Act," to drop in the event of a "cyber-9/11." Clarke responded, "Of course they do. And Vint Cerf won't like it." Lessig's anecdote begins at about 4:30 in the video.

(Read Original Article - Via Slashdot: Your Rights Online.)

Black Hat : The World's Premier Technical Security Conference :

August 2-7, Caesars Palace Las Vegas, USA

This August, The Black Hat Briefings return to the venerable Caesars Palace Hotel and Casino for another installment of the premier North American technical information security conference. Every year the lineup of presentations helps define the security headlines for the following year and 2008 will be no exception.

(Visit Original Site .)

DEFCON 16 - Real Time Social Networking for Ninjas :

DEFCON 16: August 8-10, 2008 at the Riviera Hotel & Casino in Las Vegas

Well folks, the time for the 16th installment of the hacking convention known as DEFCON draws near, and this year promises to be a great one! We've got more content than ever, including 5 full tracks of talks, demos, workshops, new contests, a new Hardware Hacking Village, and even a new EFF fundraiser to replace the dunk tank!

(Visit Original Site .)

Black Hat/DefCon: Welcome to the funhouse - Via InfoWorld | 2008-07-31 | By Ellen Messmer, Network World:

The Black Hat conference and its post-event, DefCon, promise to be a security funhouse in the coming week, as experts in Las Vegas seek to shock and amaze by poking holes in today's network technologies. The Web, wireless LANs, routers, and desktop software may all look different reflected in the Black Hat/DefCon hall of mirrors, where security vendors will be revealing their hacker sides.

"We're showing malware we created called Jinx," says Itzik Kotler, manager of the security operations center at Radware and a presenter at Black Hat, which runs through Aug. 7. Kotler describes Jinx as attack code that can be used to take over the machines of victims using versions of Mozilla's Firefox browser that pre-date Firefox 3, Mozilla's latest release. (You might want to upgrade now if you haven't already.)

JavaScript-based Jinx can index a victim's hard drive and send back files from Macintosh, Windows, or Linux-based machines to the attacker, or turn the computer into a spam machine, he says.  read more »