daily online news

n a bold move to counter Google’s online pre-eminence, Microsoft said Friday that it had made an unsolicited offer to buy Yahoo for about $44.6 billion in a mix of cash and stock.

If consummated, the deal would redraw the competitive landscape in Internet consumer services, where both Microsoft and Yahoo have both struggled to compete with Google.

The offer of $31 a share represents a 62 percent premium over Yahoo’s closing stock price of $19.18 on Thursday. It would be Microsoft’s largest acquisition ever.

Microsoft said the combination of the two companies would create efficiencies that would save approximately $1 billion annually. The software giant also said that it had an integration plan to include employees of both companies and intends to offer incentives to retain Yahoo employees.

Steven A. Ballmer, the Microsoft chief executive, said that he called his Yahoo counterpart, Jerry Yang, on Thursday night to tell him that Microsoft intended to bid on the company, and that they had a substantive discussion. “I wouldn’t call it a courtesy call,” he said in an interview.

Mr. Ballmer said he had decided to pursue a takeover because friendly deal negotiations would most likely be protracted and would probably become public.

“These things are hard to keep quiet in the best of times,” he said. He said his conversation with Mr. Yang was constructive, but suggested that a deal may not come easily.

Yahoo said in a news release Friday that its board would evaluate Microsoft’s bid “carefully and promptly in the context of Yahoo’s strategic plans.”

In a letter to Yahoo’s board, Mr. Ballmer wrote that the two companies discussed a possible merger, as well as other ways to work together, in late 2006 and 2007. Mr. Ballmer said that in February 2007, Yahoo decided to end the merger discussions because its board was confident in the company’s “potential upside.”

“A year has gone by, and the competitive situation has not improved,” Mr. Ballmer wrote.

As a result, he said, “while a commercial partnership may have made sense at one time, Microsoft believes that the only alternative now is the combination of Microsoft and Yahoo that we are proposing.”

Mr. Ballmer met several times in late 2006 and 2007 with Terry S. Semel, then Yahoo’s chief executive, people involved in the talks said. While the talks — originally focused on the prospect of a merger or a joint venture — were initially constructive and appeared to move forward, they quickly broke down, these people said.

After a series of secret meetings between both sides in hotels around California and elsewhere, Mr. Semel and Yahoo’s board decided against progressing with the talks, betting that its stock would turn around as it introduced a new advertising system called Panama, these people said. Mr. Yang, in particular, was adamantly against selling the company to Microsoft and championed the view of remaining independent, they added.

Mr. Ballmer constantly consulted with Bill Gates, the Microsoft chairman, about the progress of the negotiations, people close to the company said, and when the talks collapsed, he decided to wait to see the fate of Yahoo’s stock price. As the stock continued to fall, they said, Microsoft’s management became emboldened and began internal meeting in late 2007 about the prospect of making a hostile bid.

Despite their heavy investments in online services, both Yahoo and Microsoft have watched Google extend its dominance over Internet search and the lucrative online advertising business that goes along with it.

“No one can compete with Google on their own any more,” said Jon Miller, the former chairman and chief executive of AOL. “There has to be consolidation among the major players. It has been a long time coming, and now it is here.”

In recent months, Yahoo has struggled to develop a plan to turn around the company under Mr. Yang, its co-founder, who was appointed chief executive amid growing shareholder dissatisfaction last June.

Yahoo investors, however, remain skeptical. The company’s shares have slumped, and the closing price on Thursday was 44 percent below its 52-week high.

In afternoon trading Friday, Yahoo’s shares were up almost 50 percent, to about $28.50. Microsoft’s shares were down about 6 percent, and Google’s shares declined about 7 percent.

Microsoft, like Yahoo, has faced an uphill battle against Google. The company invested heavily to build its own search engine and advertising technology. Last year, it spent $6 billion to acquire the online advertising specialist aQuantive. Microsoft’s online services unit has been growing, but remains unprofitable.

Meanwhile, Google’s share of the search market and of the overall online advertising business has continued to grow.

Announcing its quarterly earnings earlier this week, Yahoo said it would cut 1,000 jobs in an effort to refocus the company and reduce spending, and issued an outlook for 2008 that disappointed investors.

The timing of Microsoft’s bid could allow the company to mount a proxy contest for control of Yahoo’s board should it try to dismiss the offer. Microsoft has discussed the prospect of mounting such a campaign, people close to the company said, and has until March 13 to propose a slate.

In his letter to Yahoo’s board, Mr. Ballmer wrote, “Depending on the nature of your response, Microsoft reserves the right to pursue all necessary steps to ensure that Yahoo’s shareholders are provided with the opportunity to realize the value inherent in our proposal.”

On Thursday night, Yahoo announced that Mr. Semel, its nonexecutive chairman and former chief executive, was leaving the board. Under Mr. Semel, a long-time Hollywood studio executive who ran Yahoo from 2001 to 2007, the company became more focused on its advertising and media businesses, but was unable to keep up with Google’s challenge in Web search and advertising and with the rise of social networking sites such as MySpace and Facebook.

A longtime board member, Roy J. Bostock, has been named nonexecutive chairman, Yahoo said.

Microsoft said it believes the Yahoo transaction could receive the necessary regulatory approvals in time to close by the second half of this year.

The UK government will be given the opportunity to share, trade or release valuable radio spectrum holdings under new plans revealed by Ofcom.

The arrangement means that the Ministry of Defence could trade holdings in frequencies below 15GHz, the most sought after and congested part of the radio spectrum.

The MoD holds around a third of this part of the spectrum and is already committed to sharing a significant proportion with other parties.

Ofcom said in a statement that the initiative will usher in "new wireless services for the benefit of citizens and consumers".

The spectrum held by the public sector could have a market value of anywhere between £3bn and £20bn, according to an independent study published in 2005.

"Public bodies, and the MoD in particular, hold some of the most valuable and sought-after radio spectrum," said Ofcom chief executive Ed Richards.

"By working with these organisations we are enabling them to trade and release this spectrum and create new opportunities for the development of wireless services for the whole country."

Three West African defendants pleaded guilty to federal charges of running an advance-fee scheme that targeted U.S. victims with promises of millions of dollars, including money from an estate and a lottery.

The guilty plea proceedings were held this week before US Magistrate Judge Ramon E. Reyes, Jr. at the federal courthouse in Brooklyn, New York.

Nnamdi Chizuba Anisiobi, Anthony Friday Ehis and Kesandu Egwuonwu were extradited from the Netherlands after police raids in February 2006. Following these arrests Dutch police started Operation Apollo to fight internet fraud scams operated by West Africans and notably Nigerians.

Using names such as Yellowman, Abdul Rahman, Michael Anderson, Edmund Walter, Nancy White, Jiggaman and Namo, the men sent spam emails to thousands of potential victims, in which they falsely claimed to control millions of dollars located abroad.

In one scenario, the defendants sent emails purporting to be from an individual suffering from terminal throat cancer who needed assistance distributing approximately $55m to charity.

A fourth defendant fled to Nigeria, but was later arrested by the Nigerian Economic & Financial Crimes Commission. He also will be extradited to the US. The maximum penalty for mail and wire fraud in North America is 20 years in prison.

So far, most Nigerian scammers arrested in Europe have been deported back to Nigeria or sentenced locally. However, assistant Attorney General Alice S. Fisher of the Criminal Division this week that online scam artists should be "on notice that we will continue to work closely with our international partners to ensure that there are no safe geographic boundaries for committing these crimes."

The Transportation Security Administration (TSA) on Wednesday launched a new blog to get questions and feedback on airport security issues -- and to respond to those posts.

TSA Administrator Kip Hawley noted on the blog that there is no time for agency personnel to answer passenger questions during the airport screening process. Screeners have no time to explain to passengers why they are asked to do certain things and can only demand that they follow orders. The blog, he said, provides a forum to explain processes and to allow passengers to suggest changes to the TSA checkpoint processes.

"One of my major goals of 2008 is to get TSA and passengers back on the same side, working together," Hawley wrote. "We need your help to get the checkpoint to be a better environment for us to do our security job and for you to get through quickly and on to your flight. We will not only give you straight answers to your questions, but we will challenge you with new ideas and involve you in upcoming changes."

Hawley noted that while he and other senior leaders at TSA participate in the discussion, a team of TSA moderators runs the blog.

"Our hosts [moderators] aren't responsible for TSA's policies, nor will they have to defend them -- their job is to engage with you straight-up and take it from there," he added. "Our postings from the public will be reviewed to remove the destructive, but not touch the critical or cranky."

As of Thursday morning, the blog had garnered 125 comments, most from passengers asking questions about common security practices like requiring passengers to remove their shoes in checkpoints or not allowing liquids over a certain number of ounces to be taken aboard a flight on carry-on luggage.

For example, one user who posted as "Anonymous" asked why some metal detectors are more sensitive than others with regard to the user's metal hip replacement.

A user who posted as "Lanz" welcomed the idea of the blog, "providing you actually make use of this blog as something other than a propaganda organ. Please allow as many comments as possible to go through, barring the to-be-expected nuts, spambots and abusive anti-government types. Number one rule of blogging -- be honest."

Another user, who posted to the blog as "I Guess I'm On the List Now," noted that the TSA is "fundamentally broken."
"Confiscating deodorant and sun block?" the user wrote. "Does anyone believe that this kabuki security theater really makes us safer? If you guys are serious about your responsibility to protect the country I suggest you start by not cutting off 'TSA approved' locks anymore, learning and sticking to your own rules and regulations especially those pertaining to passengers with medical problems … [and] immediately crack down on the threatening screeners who shout 'do you want to fly today?' anytime their crazy made-up-on-the-spot orders are questioned by passengers."

Another commentor, "Seth," applauded the idea of getting TSA and the passengers in agreement, but suggested that the TSA embrace transparency.

"The implication that the passengers need to remain in the dark and that TSA policy must remain secret in order to fool the 'bad guys' is a naive way to approach security," Seth added. "Share legitimate reasons for the policies and maybe people will agree that they aren't so onerous. If the idea of getting everyone back on the same side is for the traveling public to bow to the whim of the TSA/[Department of Homeland Security] without questioning policies then you're asking citizens to forego one of their primary responsibilities in society -- to ensure that the government does not abuse its power at the expense of the people."

On the blog a moderator noted that none of the comments would be used to add a person to the government's "No Fly List."

The creators of the Storm Worm botnet are known to US authorities but a lack of co-operation from their counterparts in St. Petersburg, Russia, is preventing action being taken.

St. Petersburg was the centre of the infamous Russian Business Network. It's also reckoned by some to be the city the Storm Worm (more properly Trojan) authors call home.

Dmitri Alperovitch director of intelligence analysis and hosted security at Secure Computing told The Washington Post that Russian President Vladimir Putin and political influence within the Federal Security Service (Russia's successor to the Soviet KGB) was hampering prosecution efforts. The implication is that elements of Russian intelligence agencies are protecting the city's cybercriminals.

"The right people now know who the Storm worm authors are," Alperovitch said. 'It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places."

Other security experts reckon that the Storm Worm gang are based in Russia but have no real idea of their location, much less their identities. David Emm, senior technology consultant at Kaspersky Lab UK, said coding similarities and packing techniques used with the worm suggest the authors of the malware and Russian hackers known to have attacked local websites are one and the same. Kaspersky, like antivirus firm F-Secure, reckons that the Storm Worm gang is a multinational effort based in Russia.

"We don't know who they are," said F-Secure chief research officer Mikko Hyppönen, "but we believe it's a Russian gang with an American or several Americans helping them to build the social engineering messages and the websites they use."

NAZRAN, Russia (Reuters) - An opposition Web site in the southern Russian region of Ingushetia accused local authorities on Thursday of trying to shut it down after it promoted protests and published details of kidnaps and murders.

Ingushetiya.ru had been one of the only information sources criticising the authorities from the mainly Muslim region bordering Chechnya.

The Web site promoted and helped organise a protest on Saturday in which demonstrators armed with petrol bombs clashed with police and burnt a pro-government newspaper office.

On Thursday the Web site was closed, founder Magomed Evloev said, accusing authorities of hacking into the site to try and silence opposition.

"This is the action of the Ingush authorities," he said. "They want to silence us and all the people of Ingushetia, but they will not succeed."

Ingushetia's authorities declined to comment.

Civil unrest has been growing in Ingushetia and Dagestan -- which both border Chechnya -- where most of the population is jobless and where kidnaps, murders and shootouts between police and rebels occur almost daily.

But the Kremlin, which is trying to ensure a smooth transition of power at a March 2 presidential election when Vladimir Putin steps aside, has ordered Russia's mainstream media to avoid reporting details of the fighting and unrest.

This thrust a series of fringe Web sites like ingushetiya.ru to the fore. It has previously been closed to viewers in Ingushetia but recently reopened before the latest closure. Evloev has pledged to restart the site again

Evloev has also organised a petition against the December 2 parliamentary election which official results said around 99 percent of the republic's population had voted and nearly all of them for the pro-Putin party.

About 90,000 people in Ingushetia have signed the petition, stating they did not vote, out of a total population of 450,000.

Police in Canada charged four men with fraudulently possessing financial data and criminal conspiracy after a traffic stop led to the discovery of 129 gift cards holding the banking details of British citizens and materials connecting the accused with the Tamil Tigers, a terrorist group, the Toronto Police Service said in a statement released on Wednesday.

The four men were detained after police pulled over their rented van for running a stop sign and found that the driver had been drinking, according to a Canwest News Service report. Following a search of the vehicle, the police allegedly discovered 41 plastic gift cards containing the banking information of British citizens encoded on their magnetic stripes. After searching a residence and hotel room connected with the men, police found 88 more plastic gift cards, $25,000 in Canadian twenty-dollar bills and "Tamil Tiger paraphernalia," according to the statement released by the Toronto Police Service (pdf).

In addition, police seized two laptop computers, computer memory sticks, card reading and writing hardware, travel documents in the accused's names and receipts from money transfers back to the United Kingdom, the police stated. Two of the men are residents of Toronto, Ontario, while the other two were residents of London, England.

Fraud linked to various types of electronic payments continues to grow. A year ago, gift-card and credit-card fraud garnered more attention after data on more than 100 million accounts was stolen from retail giant TJX Companies. Last month, TJX settled with banks that had to replace customers credit and debit cards because of fraud, agreeing to pay nearly $41 million.

Law-enforcement authorities have asserted that terrorists groups have increasingly focused on electronic and cyber crime as ways to launder money and fund their activities.

The Toronto police estimate that that seized cards are worth approximately $250,000, the Canwest News Service report stated. Police plan to bring additional charges against the men.

Spyware is becoming a tool of domestic abuse, according to security researchers.

Privacy-invading software packages are most commonly associated with surreptitiously snooping on victims to find out the passwords they use for online banking sites or bombarding them with invasive pop-up ads. But spyware can also be used as a tool to monitor and control their spouses by abusive partners, McAfee researcher Anna Stepanov warns.

"With so much of our lives dependent on computers and other technologies such as cell phones, the use of spyware is ideal for abusers, who often feel the need to control all aspects of a victim’s existence," she writes. "Monitoring a victim’s online, cell phone, or general computing activity is of more value than ever in controlling or hurting a victim."

Safe computing has joined finding safe housing as a list of requirements for people fleeing abusive relationships. "There is a strong movement within the [US-based] National Network to End Domestic Violence to educate victims and the general public about safe computing," Stepanov adds. "Many security companies have made sizable monetary donations to this organization to assist in education and to provide aid for securing networks within shelters for victims of domestic violence."

The changing uses of spyware and its continuing evolution are dealt with in a white paper by Stepanov titled Spyware: A Morphing Campaign.

Commercial products such as FlexiSPY, which records information about an individual's mobile phone calls and SMS messages before sending them to a remote server, have already generated controversy over the last couple of years. Packages such as FlexiSPY and Mobile Spy, another similar product, are marketed as a means for parents to keep watch on their child's phone, or enables employers to enforce an acceptable use policy on their staff. The legality of both products has been questioned.

A mobile phone is an obvious target for snoopers, but email inboxes are also a tempting target for control-freaks looking to keep tabs on their partners. Stepanov's research shows that cybercrime in its traditional sense is not the only motive for planting spywar

hehehehehe

Google's "I'm feeling lucky" button was designed to save web searchers time by automatically opening the first page of a query. It turns out the feature, and similar ones from other search engines, are increasingly helping junk mailers get around anti-spam products.

That's one of the findings from a January Intelligence report from MessageLabs. The IT security firm found that so-called search engine spam, which only came to light in the past few weeks, accounted for 17 per cent of all the spam the company saw in January. The emails include links that work like this one. When a recipient clicks on them, they frequently lead to destinations hosting malware or phishing sites. But because the links make no mention of the naughty URL itself, many anti-spam filters don't catch them. Anti-phishing protections built in to browsers and browser plug-ins also fail to catch them, in many cases.

To change things up, spammers frequently use different regionalized search engine sites, such as google.com.hk and google.co.uk.

The new technique is "probably more a manifestation of the ebb and flow of the good-guy versus bad-guy arms race," says MessageLabs Chief Security Analyst Mark Sunner. "There really hasn't been a necessity until this point for the bad guys to raise their game with this technique."

Also in January, MessageLabs saw a spike in spam pitching get-rich-quick and other financially-related services. Coming amid a wave of news articles reporting problems with the US and global economies, the spam is playing off of people's anxiety about their finances, Sunner said.

MessageLabs saw declines in other types of junk mail. Spam touting stocks fell to just two per cent in January, an all-time low since MessageLabs began keeping count. Company researchers said the decline could be related to the arrest of notorious spammer Alan Ralsky, who according to federal prosecutors, was engaged in a sophisticated pump-and-dump operation with 10 other individuals until it was shut down almost four weeks ago.

While MessageLabs made no mention of an initiative implemented in March by the Securities and Exchange Commission, this is likely also to be responsible for the drop. Under the program, penny stocks that are the subject of pump-and-dump email campaigns are temporarily suspended immediately following the issuance of the spam - preventing the architects from being able to profit from the scheme. Remove the profit and chances are you'll remove the crime, too. Indeed, both Symantec and the SEC have reported declines in stock-related spam following the new rules.

MessageLabs also said the amount of image spam fell in January to just two percent of all junk mail. That compares with a high of 20 per cent last summer.

The company provides email and web filtering services for more than 16,000 business customers. It processes more than 2.5 billion email connections and one billion web requests each day

Mortgage-refinancing spam has jumped to 10 per cent of all junk email in the past week, according to new estimates.

The hike, recorded by Commtouch, occurred after the recent interest rate cut by the US Federal Reserve.

The email security firm warned that further rate changes expected today are likely to spur even more finance-related spam.

Commtouch added that this huge increase in mortgage spam also poses a potential problem with obstructed legitimate emails, known as false positives.

Email correspondence between banks and customers may be delayed or blocked by over-zealous anti-spam technologies which have difficulty differentiating between valid mortgage-related email and finance-related spam.

"Now that market conditions have created fervour among homeowners wishing to refinance their mortgages, cyber-criminals are taking advantage by sending more mortgage-themed spam," said Amir Lev, chief technology officer at Commtouch.

"Loan officers and their customers need to be particularly cautious since some content-based email filtering tools used by banks and consumers may block legitimate email messages and disrupt the communication chain."

Finance-related spam accounted for only two per cent of all spam during the fourth quarter of 2007, according to Commtouch.

Documents released by WikiLeaks last week appear to support earlier reports that Germany's federal police plan to use Trojan horse malware to conduct surreptitious searches of targeted computers, including Skype communication and encrypted SSL traffic.

According to one of the documents, which are unverified and were first published by the German political party PiratenPartei (Pirate Party), the Bavarian police appear to have commissioned a German security company to create a Trojan horse for capturing Skype communications and SSL traffic from surveilled computers that would be directly installed on targeted systems or delivered to unsuspecting suspects via an e-mail with a rogue attachment (much as the FBI delivered a Trojan horse to a Washington high school student last year).

One of the two documents appears to be a letter from the Bavarian Ministry of Justice to prosecutors. It discloses that a company named DigiTask was contracted to provide the Trojan horse, or Skype Capture Unit. The document discusses who is responsible - the Bavarian police or prosecutors -- for the cost of surveilling VoIP traffic used in criminal proceedings.

According to this document and the second one dated September 4 of last year -- which appears to be a letter from DigiTask to government authorities outlining how the program would work and its costs -- the police would be required to rent the software at a cost of EURO 3,500 a month, for a minimum of three months. In addition to the rental fee, the letter describes a one-time installation and de-installation fee of EURO 2,500 (the software de-installs itself after a set timeframe but can also be de-installed manually at any time), plus the cost of renting two proxy servers used to route the collected data to police. The document also mentions an additional EURO 2,500 required to rent SSL-decoding.

Of course Skype traffic is encrypted so just collecting the communication as it's in transit isn't enough. Authorities would need a key to decrypt it. German authorities spoke publicly last year about being thwarted by Skype's encryption. The two leaked documents, which have been somewhat poorly translated into English, address the encryption issue:

Encryption of communication via Skype poses a problem for surveillance of telecommunications. All traffic generated by Skype can be captured when surveilling a Dialin- or DSL-link, but it cannot be decrypted. The encryption of Skype works via AES wih a 256-Bit key. The symmetric AES keys are negotiated via RSA keys (1536 to 2048 Bit). The public keys of the users are confirmed by the Skype-Login-Server when logging in. To surveil Skype-communication it thus becomes necessary to realize other approaches than standard telecommunications surveillance.

The concept of DigiTask intends to install a so called Skype-Capture-Unit on the PC of the surveilled person. This Capture-Unit allows recording of the Skype communication, such as Voice and Chat, as well as diverting the data to an anonymous Recoridng-Proxy. The Recording-Proxy (not part of this offer) forwards the data to the final Recording-Server. The data can then be accessed via mobile Evaluation Stations.

The mobile Evaluation Units can, making use of a streaming-capable multimedia player, playback the recorded Skype communication, such as Voice and Chat, also live. To minimize bandwidth usage special codecs for strong compressions are used. The transmission of data to the recording unit is encrypted using the AES algorithm.

Germany's Supreme Court ruled last year that evidence gained from surreptitious searches of a suspect's computers were inadmissible in the absence of surveillance laws regulating police hacking activity. Legislators began drafting such a bill late last year, but as the leaked documents show, police didn't wait for legislators to make their move before they began talking with DigiTask about creating made-to-order Skype malware.

Around the same time that the police were negotiating with DigiTask, Germany passed another hacking bill that now makes it illegal for anyone (other than police presumably) to create, spread or purchase tools that are designed for hacking.

The DigiTask letter leaked online and dated after the new hacking law was passed includes a disclaimer saying that DigiTask will not be held responsible for usage of the software or any damages caused by it -- such as could happen if the rogue software wreaked havoc on a target's machine or if a lucky hacker stumbled across it on a target's machine and commandeered it for his own surveillance purposes. Noticeably, the letter doesn't appear to mention any guarantee by DigiTask that its secret software can bypass standard firewall and anti-virus protection.

Call centres are places where people who like to take abuse at the hands of complete random strangers prefer to spend their time. They are staffed by masochists, dwarves and halflings from West Virginia, Spain, India and Philippines whose only qualification has to be that they speak and understand very little English. This is a necessary skill to help them annoy, frustrate and anger the hell out of rich dedicated consumers.

Most people who work in Call Centres are massively medicated or become alcoholics. This usually happens after the intense experience encountered when using the wonderful contact and documentation program called CS3. However, the West Virginian sect are usually drunks even before they get to work and, of course, have the fewest teeth.

The GOB.net organization was started by some former Call Centre employees.

Many call centres have attempted to use VoIP technology for their telephony solution, always without success and always resulting personal injury.

Detailed Definitions

* Call centres are actually staffed by secret members of a clan called Matrixx. It is a well-kept secret that very few are aware of. This is why it eventually had to deal with the out-sourcing concept. Call centre employees all possess physic powers and can read your mind before you say what is on it.
* Call centre employees have access to information that not even Bill Gates is privy to. Call centres actually started in Taiwan when a lack of good metaphysically minded hypnotists from the western world forced the CIA to bring in people from the Taiwanese underground.
* Hence, call centres became popular after those who signed up were successfully trained in installing and deploying cracked copies of windows OS on Linux machines.
* Call centre employees are the highest level of intelligent human beings around, without actually being humans. Why else would morons call a call centre.
* Call Centers primarily consist of people with the name like John, Brad, John, Lisa, John, Jenny, Carl and John. It remains a challenge to most callers to understand what is said by people like John and thus may loose their temper.

* Call Centre employees deserve way more respect than they deserve. They run the shadow government which controls the major countries governments. The worlds leaders are employees of the year from call centres located in those countries. Call centres are training grounds for the FBI and CIA, and will pwn all OMGWTFBBQPWNAGE!!!!!

A new method of digital rights management (DRM) which relies on a user's profile has been pioneered by Aboriginal Australians.

The Mukurtu Wumpurrarni-kari Archive has been developed by a community based in Australia's Northern Territory.

It asks every person who logs in for their name, age, sex and standing within their community.

This information then restricts what they can search for in the archive, offering a new take on DRM

Dr Kimberly Christen, who helped to develop the archive, told BBC World Service's Digital Planet programme that the need to create these profiles came from community traditions over what can and cannot be seen.

"It grew out of the Warumungu community people themselves, who were really interested in repatriating a lot of images and things that had been taken from the community," she said.

"You find this a lot in indigenous communities, not just in Australia but around the world... this really big push in these communities to get this information back and let people start looking at it and narrating it themselves."

Where to look

Dr Christen, who is an assistant professor based at Washington State University, stumbled across the idea of the archive by chance after meeting a group of missionaries who had digitally archived photos of the Warumungu community since the 1930s.

After loading them onto her laptop, she took them back to Tennant Creek and set up a slideshow - where she noticed that people turned away when certain images came up on screen.

For example, men cannot view women's rituals, and people from one community cannot view material from another without first seeking permission. Meanwhile images of the deceased cannot be viewed by their families.

Offline website

"The way people were looking at the photos was embedded in the social system that already existed in the community," she said.

"People would come in and out of the area of the screen to look when they could look."

This threw up issues surrounding how the material could be archived, as it was not only about preserving the information into a database in a traditional sense, but also how people would access it depending on their gender, their relationship to other people and where they were situated.

Dr Christen and her team of software developers came up with what is described as "a website that's not online", containing photos, digital video clips, audio files, digital reproductions of cultural artefacts and documents.

The system has also been designed with a "two-click mantra" in mind, making the content easy to access for those with low computer literacy skills.

Images are arranged in their own categories, with content tagged with restrictions.

The project believes it has established a cultural solution as well as an opportunity for Aboriginals to collate much of what was once lost. The hope of the project's designers is that as culture and traditions change, history can be rewritten and changed by people themselves.

German cops are pushing ahead with controversial plans, yet to be legally approved, to develop "remote forensic software" - in other words, a law enforcement Trojan.

Leaked documents outline proposals by German firm Digitask to develop software to intercept Skype VoIP communications and SSL transmissions. A second leaked document from the Bavarian Ministry of Justice outlines costing and licensing proposals for the software. Both scanned documents (in German, natch) have found their way onto the net after being submitted to Wikileaks.

German cops are pushing ahead with controversial plans, yet to be legally approved, to develop "remote forensic software" - in other words, a law enforcement Trojan.

Leaked documents outline proposals by German firm Digitask to develop software to intercept Skype VoIP communications and SSL transmissions. A second leaked document from the Bavarian Ministry of Justice outlines costing and licensing proposals for the software. Both scanned documents (in German, natch) have found their way onto the net after being submitted to Wikileaks.

A low-level trader caused the largest individual trading loss in banking history by simply using his knowledge of trading operations, some fake e-mail messages and, occasionally, colleagues' passwords to sidestep the bank's suspicion, according to media reports and a statement by French bank Société Générale.

Jérôme Kerviel, the 31-year-old man who has been nicknamed the "Mad Trader" by the French media, worked as part of Société Générale's Delta One team, an arbitrage trading group that made small profits by both selling and buying large financial positions in the European stock market. While large amounts of money are involved in the transactions, because the trades offset each other, there is typically little risk involved and a small profit for the trader, according to Société Générale's statement (pdf).

Starting in 2005, Kerviel began taking small positions on the trend in the European stock market without taking the countervailing position which would have offset the risk. The trader dodged financial controls by taking positions that did not trigger a margin call and which did not require immediate confirmation, the bank said in its statement. Since Kerviel bet on the European market's rise, the trader brought in significant profits until 2008, when the stock market began its decline.

When his activities arouse suspicions, Kerviel produced faked e-mails from the bank's clients to make it appear that the trades were legitimate, according to a New York Times article. Prosecutors in France continue to investigate Kerviel and could charge him with forgery, breach of trust and breaking into a computer system, the NY Times article stated. Kerviel did not steal from the bank itself, rather sought bigger profits so that his own bonus would be higher. Société Générale has called Kerviel a "computer genius."

The bank has come under increasingly criticism for its lack of awareness of Kerviel's activities.

The €4.9 billion (US$7.2 billion) loss caused by the the trader, and the bank's subsequent unwinding of the positions over three days, may have contributed to the decline in the European market on January 21 and 22, an event that preceded a three-quarter point cut in a key interest rate by the Federal Reserve, the United States' central bank. The value of the trading positions Kerviel placed totaled almost €50 billion ($75 billion), according to media reports.

The U.S. Congress voted on Tuesday to keep a controversial expansion of a wiretapping law alive for another 15 days.

The law in question, called the Protect America Act, was passed hurriedly by Congress last August and is set to expire Friday. The temporary extension, which passed by a voice vote, arrived amid strong objections from the Bush administration and many Republicans. But according to published reports, the White House plans to sign off on the measure.

The 15-day extension followed Senate Majority Leader Harry Reid's failed attempt on Monday to secure enough support for a 30-day extension of the law in his chamber.

Rep. Lamar Smith (R-Texas), a ranking member of the House Judiciary Committee, condemned the latest vote, arguing the "Democratic majority missed an opportunity to close dangerous loopholes in our intelligence laws."

But Rep. Jane Harmon (D-Calif.), a leader on the House Intelligence Committee, argued that that's a bogus argument. Nothing has been done to strip away the existing wiretapping law, known as the Foreign Intelligence Surveillance Act, or FISA. And anyone who says otherwise is making a "bald-faced attempt to play the fear card and to jam Congress into gutting a carefully crafted, three-decades-old law," Harmon contended on the House floor before Tuesday's vote.

Rep. John Conyers (D-Mich.), chairman of the House Judiciary Committee, said the latest vote was designed "only to avoid a headlong rush into possibly ill-conceived legislation."

The primary dispute among Democrats and Republicans is whether new legislation should absolve corporations of any past lawsuits alleging illegal cooperation with government spy agencies, such as the one the Electronic Frontier Foundation filed against AT&T. Conyers was referring to a proposed version of the wiretap-law rewrite that would do just that--and that civil libertarians argue gives the government overly expansive authority to snoop on Americans' communications without a warrant.

Earlier on Tuesday, Reid, a Nevada Democrat, pleaded for senators to support an extension of the existing law--regardless of the number of days, although he acknowledged favoring a "longer period" of time--so that senators can thoroughly debate the thornier provisions of the bill.

Further complicating matters, Reid said, is the House's schedule. Set to adjourn Tuesday evening and embark on a retreat for the rest of the week, the House wouldn't be in session to approve a reworked FISA bill before the Protect America Act expires on Friday, Reid said.

Senate Republican leader Mitch McConnell of Kentucky countered by pressing again for immediate passage of a Senate Intelligence Committee bill that would grant retroactive legal immunity to corporations.

But ultimately, Reid was able to secure passage of the House's 15-day extension on Tuesday night by a voice vote, which means the battle over immunity for telecommunications companies is sure to begin anew.

December's Patch Tuesday finds Vista in bad guys' sights. Plus: Get Office 2007 SP1, get your fix for Flash, and avoid an HP laptop disaster.

With more people finally switching to Windows Vista, the operating system is fast becoming a target for security researchers and--surprise!--hackers.

Though Vista is generally more secure than earlier versions of Windows, hackers are increasingly finding ways through, or around, its defenses. Indeed, this is the first time since the operating system debuted last year that virtually every hole discussed in this column affects Vista in one way or another.

Exhibit A: Microsoft released three "critical" patches in December to fix security holes that affect earlier versions of Windows, including XP Service Pack 2, but they can also bite if you're running Vista.

One patch addresses four holes in Internet Explorer 6 and 7. (This "cumulative update" incorporates all previous patches, just in case you've slipped behind in your patching duties.) One of the flaws, in the way IE handles Dynamic HTML, was under attack when Microsoft shipped the patch.

The other two patches correct problems in Windows' processing of certain multimedia files. One fixes a vulnerability in DirectX, while the other closes a hole that the operating system has in its treatment of some audio and video files.

Whenever Microsoft labels a bug "critical," the vulnerability has the potential to leave you at criminals' mercy.

Dmitri Galushkevich, 20, of Tallinn, was fined 17,500 Estonian Krooni ($1,641) on Wednesday after he was found guilty of launching an assault on the website of the Reform Party of Prime Minister Andrus Ansip and Estonian government systems. The fine is the equivalent of 350 days' salary, based on the minimum wage set by the Estonian government, EarthTimes reports.

Galushkevich worked together with unidentified accomplices to launch the attacks from his Tallinn home between April 25 and May 4 last year.

The fine is the first levied after last year's intense cyberattacks. Although fairly unsophisticated, the assaults served as a wake-up to the potential damage that might be caused by DDoS attacks.

Civil unrest in Estonia over the removal of Soviet-era memorials last April was accompanied by attacks against the Baltic nation's internet infrastructure. Several Estonian government websites remained unavailable; others such as that of the Estonian Police were available only in text-only form as a result of sustained denial of service attacks, many of which were powered by networks of compromised PCs. Local banks and media outlets were also targets for the attack.

Estonian minister pointed the finger of blame for the attacks towards the Russian government, an accusation the Kremlin denied.

Security experts, and even government officials, point out there's little evidence much less proof to back up these charges. It seems more likely that a loose-knit group of indivduals and different groups united by outrage flamed by posts on Russian-language blogs and forums were behind the assault.

The removal of monuments to Soviet soldiers and the excavation of World War II Red Army graves sparked riots on the street that spilled over onto the net. Sporadic attacks thought to be motivated by the same factors continue. Earlier this month an Estonian news site was hit with a sustained DDoS from a botnet, security tools firm Arbor Networks reports.

Disassembling in the dark

Last night, Atomic talked to Wii hacker Bushing about every conceivable aspect of Wii hacking. To make things even more incredible, the first “Hello World” program to ever to run on a Wii was executed during our discussion.

Over the next four pages you’ll find all the details you could ask for about the world’s first proper Wii hack: no mod chips required. It's powerful stuff.

We've also got some analysis and screenshots of the hack over here for you.

Enjoy!


Atomic: First off, what's your programming background?
Bushing: I've been programming since age 8 (on an Apple IIc); I spent a lot of time growing up, hacking on Linux. I did Electrical Engineering and Comp. Sci in college, and now I do software development professionally.

Atomic: What was the appeal in hacking the Wii?
Bushing: Mostly that it hadn't been done. I don't play many video games, but I saw one at my boss's house at a party this summer, and it was fun, so I bought one. And I like to hack everything I own, and it was a big flashing target because I knew that nobody had yet been able to do it.

Atomic: Is this your first gaming console hack?
Bushing: Yup. I'd done "mods" before -- installing chips, and stuff -- but this is the first original thing I've worked on.

Atomic: How did you get started on this particular hack?
Bushing: I mentioned to a co-worker that I was interested in Wii-hacking, and he introduced me to tmbinc and Costis, both of whom are already somewhat known for these things. We began talking online, trading code, and ideas.

Atomic: You mentioned some others, who is everyone in your team?
Bushing: Me, Segher, Tmbinc, and also Costis and Adhs have helped out.

Check out the "Hello Bushing" line. Beautiful stuff.

Atomic: Now you’ve got your hands on a (presumably) small chunk of arbitrary code. What's its function? What can we do with it and gain from probing it?
Bushing: Well, it's not actually that small -- Nintendo includes the newest version of the system software on almost every Wii game. If you're running on an older version of the software, it will let you upgrade using the disc. So, we were able to get a (mostly) full copy of the software used to do, well, everything on the Wii.

But it was strange, because it didn't work at all when we tried to disassemble it as PowerPC code -- and then we discovered it was actually ARM code. We couldn't see this chip anywhere on the Wii board, so eventually figured out it's buried inside the graphics chip.

The graphics chip's name is "Hollywood", so one of us (segher) named it the "Starlet".
It performs all of the security for the Wii, and also controls almost all of the peripherals. It's "The Enemy".

Atomic: So how did you get at the code, and how is it being disassembled?
Bushing: I'm disassembling it using IDA Pro under VMware Fusion. tmbinc was able to use a "tweezer hack" to extract the encryption keys from the memory of his Wii, and then we were able to write software to decrypt games and firmware.

Secret silicon

Atomic: Can you tell us more about the tweezer attack? What does it bridge exactly?
Bushing: With respect to the specific chips and the tweezer attack -- it might help to refer to this photo (the top one) -- you can see there U1, the Hollywood (note how it's the biggest chip - it contains the Starlet core), U2 is the Broadway (main CPU), and U3 is the RAM chip.

It's possible to run Gamecube games on the Wii, and people have long been able to run homebrew code in Gamecube mode -- unfortunately, this turns off most of the "interesting" hardware on the Wii, specifically anything that wasn't present on a Gamecube. However, this *does* allow you to see 25% of that RAM chip (U3) by shorting various address lines underneath U3 (on the opposite side of the board), we're able to fool the Hollywood into shifting that 16MB window of Gamecube memory around the 64MB space of that RAM chip.

It's notable that the Hollywood is the one that interfaces with the RAM chip, not the Broadway, because it's actually the Starlet doing this; the Starlet limits the amount of memory you can use in Gamecube mode.

The Starlet also happens to use some of that memory for its own purposes -- including storing the encryption keys. So, we tricked the Starlet into giving us part of its secret memory in Gamecube mode.

Atomic: Once you were able to access the higher memory, how did you actually get it out of the Wii?
Bushing: It involved sending it to tmbinc's computer via a serial port soldered onto the Gamecube controller connector, while he shorted the address lines.

Atomic: That's one of the more amusing hacks I've heard of.
Bushing: Yeah. It speaks well of their security that we had to go to such heroics. There have been other hacks since then, but that was the first crack in the wall that let us start prying it open.

Atomic: In a similar vein, could you tell us briefly about the disassembly process?
Bushing: Well, it's pretty tedious. Someone hands you a big blob of binary data -- first, you have to figure out what it is. Is it encrypted, or compressed? Is it a program, a picture, a savegame, a database?

From there -- okay, this is a program -- but what format? What processor?

Some of these you can answer ahead of time because you know what to expect. We knew that the Wii used a PowerPC chip, and its file formats are very much like that of the Gamecube, so that made things somewhat easier.

From there, you take a program and you load it up into your favourite disassembly program, and then you work on it for a few days, and then you can get a general idea of what the code does.

Atomic: I know your public key research is still secret, but what other interesting things did you find?
Bushing: Probably the most exciting thing was that we discovered a secret second microprocessor buried inside the graphics chip.

Look Ma, no SD card!

Atomic: Earlier you mentioned code. I take it you're dealing with assembly code, is this right?
Bushing: Yeah, sorry. We use disassemblers, which take raw binary data and produce assembly-language code, which is not very readable, but more readable than just looking at hex dumps.

Atomic: You mentioned earlier that you're in the process of pulling something apart now. Is that work on the system software, or something else that you've found?
Bushing: Sort of. It's hard to really stay focused while working on these things.

None of this stuff is documented, so often the only way we can determine what something does is by inference. I can take a bit of the PowerPC (aka "Broadway") code, and it will be sending a message to the Starlet.

Only by taking that code, the Starlet code, and a game disc together can I figure out that when the Broadway sends the message "0x1384956" to the Starlet, it's asking it to read the name of the game off the disc.

Even at a more basic level, we see little bits of code repeated throughout the whole system, often in unexpected places. If I can figure out that some particular bit of code resets the system in Wii Sports, it can help me "get my bearings in Zelda" (which is what I'm working on now).

As I said, this can get awfully tedious, and quite frequently I find myself running into a wall. It helps to be able to put one piece down and pick up somewhere else.

Atomic: What sort of headway have you made so far? I hear you've found an interesting vulnerability in the zelda savegame code, can you go into detail on that, or are you keeping that to yourself for now?
Bushing: Yes. We did our first public demo at 24C3, right after Christmas. There, we showed a really crude demo that we made by taking a game disc and modifying it -- just enough to prove that we'd modified it. (The proof here is a big deal because so many people make this shit up -- there have been at least 4 fake demos of people claiming to do similar things in the past month.)

Still, that required some pretty ugly hacks to pull off, but it was still the first time anyone had even gotten that far. Recently, we've been leveraging that experience to try to find cleaner hacks that we can release.

We're working on a special savegame for Zelda: Twilight Princess that will exploit a bug in the way it handles character names, and eventually let you boot code from an SD card. Hopefully.

Atomic: Is this the savegame exploit, using an original zelda disk, your hacked save file which triggers the crash, allowing 4 lines of code to be executed?
Bushing: Close -- your description of the savegame hack is correct; we started out with 4 lines of code and are trying to grow that. I think we're currently at twice that.

Atomic: I'm guessing your experiment at 24C3 where you modified the original disk doesn't actually relate to this exploit, it was merely a learning tool.
Bushing: The demo at 24C3 used an unrelated attack, and it's one we're not disclosing details on to try to keep Nintendo from fixing it. Instead, we're trying to leverage it to make developing other hacks like this (the Zelda one) faster / easier.


Atomic: At this stage, custom code execution is only possible on your modified Wii. What mods to you actually have installed, and will the SD hack require a modded Wii?
Bushing: I just have your plain old "backup"-running modchip right now -- actually, an OpenWii -- and I've been using an SD card in a home-made SD card adapter.

No, the SD hack will *not* require a modded wii. That's the big deal.

Atomic: So the demo at 24C3 didn't require all of the serial port hackery?
Bushing: No, it did -- the part you missed is just that we have multiple people doing multiple things. tmbinc is the one that pulled the hardware hack stunt on his Wii, but it was the kind of thing that really only has to happen once.

Atomic: How did you get from disassembling your data dumps to running your own code, and is this related to the discovery of the public key?
Bushing: Getting the key allowed use to decrypt disks and read them, and then figure out how to modify them such that the system would still boot off them.

Atomic: So at this stage you haven't been able to execute anything non-trivial from the SD slot, but you have been able to execute useful things from hacked proprietary Nintendo software?
Bushing: Well, I don't know if I'd even say we've ever been able to execute anything useful or non-trivial :) But yes, we started with hacked versions of games that we (of course) legally bought, because that's far easier from starting from scratch. The system has many safeguards in place to keep people from modifying code.

It's dangerous to go alone! Take this!

Atomic: What's stopping people from writing software that can be executed from the DVD drive, and for that matter, what's your major stumbling block with the SD card exploit?
Bushing: The biggest stumbling point for the Zelda hack is that we were trying to make the game crash in a very specific and predictable way. We got the crash working, but it was hard to get the specific part working without having normal software development tools like a debugger.

Atomic: Would you say it’s just a matter of time and persistence before the SD card hack works, or are you expecting another brick wall?
Bushing: There are always potential brick walls -- either ones we haven't seen, or ones that Nintendo will try to place in reaction to our efforts. However, at this point I do think it's a matter of time and persistence. We can provably run a small bit of code on an unmodified system, and we know that we can run more, so it's just a question of writing it and debugging it. Neither of those is easy, but we think we know how to do them.

Atomic: Does this mean (legalities aside and assuming everything goes to plan), we will start to see modchip-less game duplication as well?
Bushing: Hard to say. People are clever, but right now any code you run will run "as" Zelda, so you couldn't write savefiles for another game, and I'm not sure any retail game would actually run unmodified. It's not something that's particularly interesting to me.

Atomic: So at this stage, homebrew is confined to running within the game environment, rather than custom Wii Channels and booting straight from the SD?
Bushing: Right.

Atomic: Is there anything stopping the current hack from working on an unmodded Wii?
Bushing: No, it should work on unmodded wiis when it's released.

Atomic: So it's still a 'should work', not a 'will work'?
Bushing: I don't have an unmodded wii to test it on, but I know of no possible reason it wouldn't work.

Atomic: I wondered if that were the case. Am I right in thinking that the Wii as a gaming platform doesn't really interest you, rather you like it as a development platform? And once you get homebrew running, what would be your first project?
Bushing: Actually, that'll probably be my big contribution. It's been a lot of work, and there's still a lot left to be done, and I'll leave it to more-qualified people. Porting Linux will probably be one of the first things done; it's almost a tradition. I do like gaming, too, but I almost like reverse-engineering more.

Atomic: With that in mind, are you concerned about any legal response from Nintendo?
Bushing: No. I haven't broken any laws, and I think that they have a much more costly problem with modchips.

Atomic: Similarly, do you predict difficulty in keeping on top of Nintendo's software response?
Bushing: That will certainly be a challenge. It remains to be seen how much they really care, as long as it doesn't lead to more piracy. If it does, things will get more complicated.

Atomic: Are you concerned about what the modding community can potentially do with this?
Bushing: Well, I think that people need to exercise good judgement, but I also know that piracy is inevitable, so all I can do I try not to actively contribute to it. It's an indication we're on the right path.

Atomic: Wow, I just read: Hello World! (This interview was conducted as geek history was being made. –Ed.) Is this the breakthrough we've been waiting for, or is this another brick in the wall?
Bushing: :) We're still working pretty hard on this.

Atomic: We've got hello world running, are we a small step or a major leap from running our own code?
Bushing: Hmm... we’re closer to a small step from running trivial programs. It'll take hard work by many people to use that to do something interesting.

Atomic: Is there anything else you would like to tell the world?
Bushing: Right now this information is only useful to a very small number of people, but it will turn into something more interesting to the rest of the world in good time.

And they'll hear about it, don't worry. :)

Until then ... it'll be done when it's done.

Atomic: We know there are people out there who are already thanking you. Thanks for the interview!
Bushing: No problem.

CYBER-CRIMINALS are apparently coming up with more crafty and sophisticated ways to hack data now that owners are installing firewalls and virus checkers.

According to USA Today, the latest technique is to attack home network routers instead of PC hard-drives. Another uses hacked PCs to click on Internet adverts to generate ad payments.

Mary Landesman, senior researcher at security firm ScanSafe said that attacks were becoming more frequent and continue to grow increasingly more sophisticated in 2008.

The router hack seems to be the brain child of one particular gang which has successfully used it to get money out of a Mexican bank.

This involves sending out tainted e-mail greeting card that, when opened, give the intruders control of the recipient's router.

It only worked on one router model, but fortunately for the crooks it just happened to be one run by the bank.

A Symantec spokesman said that the attack was so successful it was almost certain to be copied by others who would use other router brands.

Most men believe that they know more about online security than women, but new research suggests that both sexes are equally vulnerable to malware and other threats.

The poll of 1,400 UK adults found that men are likely to be more confident about their levels of online protection, and only four per cent are unaware of what protection they have.

However, both sexes showed the same levels of vulnerability to online crime.

"My gut feeling, because I'm a man, is that it is one of those societal gender things," said Larry Bridwell, global security strategist at AVG which commissioned the study.

"Men feel that they are more in control of what they do. It's like map reading. In fact the risk is equal among the sexes."

The survey also found that one in three internet users had been a victim of either financial or data loss online, but not even one in five would change their online habits as a result.

Bridwell claimed that this does not indicate that people are not worried about security, but that they are unable to do anything about the situation.

"It would be comical if it wasn't sad," he said. "Users are locked in. In my case I fly between 100,000 and 200,000 miles a year, so I have to pay for things online. If I didn't I'd have a horrible credit rating and no power at home."

The survey was carried out to promote AVG's new security software, which has antivirus and anti-spyware capabilities combined. The software is free for personal use, but backed up by the company's commercial software arm.

"To be honest it's free for two reasons. First, giving away free security software that works is a great branding tool," said Bridwell.

"Secondly, it's got to be done. There's a huge pool of unprotected internet users out there spreading malware all over the place, and that hurts everyone."

In a victory for privacy advocates, a federal judge has ordered a US company to pay almost $200,000 and barred it from selling the phone records of individuals' phone records without their permission.

US District Judge William F. Downes of Wyoming entered a permanent injunction against a company called AccuSearch and its principal, Jay Patel. They advertised a service on a website called Abika-dot-com that made phone records of any individual available for a fee. Privacy watchdogs at the Federal Trade Commission filed suit in 2006, alleging the practice was illegal.

Downes agreed that the obtaining and selling of phone records without the owners' consent was necessarily accomplished through illegal means, according to this release from the FTC. He went on to say that the service represented a menace to consumers in the form of stalkers, identity thieves and costs of changing phone carriers.

Attempts to reach AccuSearch and Patel for comment were unsuccessful. The company has said it plans to appeal the ruling, according to court records.

The ruling comes two years after Hewlett-Packard spied on reporters and board members in an attempt to identify individuals who were leaking information to the media. Among the controversial steps taken was the practice of pretexting, in which investigators called phone companies and pretended to be reporters who wanted a copy of their phone bills.

The FTC has alleged that phone bills constitute confidential information. According to its lawsuit against AccuSearch, Abika-dot-com claimed it could acquire the phone records, including outgoing and incoming calls, of any individual. FTC attorneys argued that using false pretenses, fraudulent statements and fraudulent or stolen documents to induce carriers to disclose records was illegal.

Downes also shot down AccuSearch's claims that it had immunity under the US Communications Decent Act because it actively participated in the creation or development of the content on the Abika site.

AccuSearch was ordered to surrender $199,692 in sales earned from the record sales.

A key component of the UK ID card scheme, the central database of fingerprints, may be abandoned, according to a leaked Home Office document obtained by the Observer. The document doesn't suggest entirely scrapping fingerprints, but instead suggests that their value should be assessed for each group of the population enrolled.

So how does that work? Well, for the ID scheme as originally planned, it clearly doesn't. From David Blunkett onwards Home Office ministers have presented biometrics as the system's USP, the one single factor that makes it entirely certain (in their view) that you are who you say you are. And, they have claimed, the ability to check those biometrics against a central register would give us the 'gold standard' of identity. But if you don't necessarily collect everybody's fingerprints, then you don't have a complete national biometric register, so you might as well save yourself a pile of money, chuck away any notion of online biometric checks as a matter of routine, and forget any ideas you still had about a national biometric register.

Quite a few of the claimed 'benefits' of the ID scheme go out of the window if you do this. The police cannot trawl the register in order to match crime scene fingerprints, nor can they use their mobile fingerprint readers to identify you or to prove that you are who you say you are. Effectively, the ID card would be chip-backed picture ID, with the security of the chip only of value in circumstances where a reader was used.

Except, apparently, for some groups. Immigration Minister Liam Byrne recently reiterated his commitment to issuing the first biometric ID cards to foreign nationals from November of this year. Having this group carrying biometric ID cards makes sense to the government, in a racist sort of way, because it should already have biometrics for many of them via the biometric visa programme. But not all foreign nationals require a visa, so perhaps not all foreign nationals will turn out to require an ID card - at least initially.

But even if the Home Office were to abandon ID card fingerprints for everyone bar the foreigners it's fingerprinting already, it would still ultimately be fingerprinting most of the rest of us, as the Identity & Passport Service (IPS) is currently scheduled to start collecting fingerprints at passport renewal from 2009. The UK isn't a Schengen signatory and therefore isn't obliged, as the Schengen states are, to add fingerprints to passports, but has committed to do so.

Which presents us with a puzzle. The ID card has up to now been envisaged as, effectively, a small format passport - you collect the biometric data for the passport and squirt it onto the passport chip and the ID card chip, same thing, different shapes. But there's always been a need, if the ID card is to be universal, to collect biometric data from that part of the population that doesn't have a passport. And if you're not going to do that, then the passport and the ID card start to become different beasts, with the passport the ID that's more strongly tied to the individual, and the ID card being rather less so.

The picture is not wholly coherent, which is as one would expect from an organisation looking for savings and shortcuts in a desperate attempt to salvage something from the ID card disaster.

An amateur cryptographer who beat the British World War II computer Colossus in a code-cracking challenge has been honoured for his skills.

Joachim Schueth solved a German cipher in just 46 seconds, more than three hours quicker than the 60 year old PC.

He received a prize from the National Museum of Computing, which included a valve from the Colossus machine.

Mr Schueth deciphered the code using a laptop and a program he wrote specifically for the challenge.

"It was unfair because I was using a modern PC, while Colossus was created more than 60 years ago," he said. "It really is astonishing and humbling that the world's first programmable, digital computer was created in the 1940s."

The Cipher Challenge took place in November 2007 at Bletchley Park, the home of early UK computing efforts, and marked the end of a project to rebuild Colossus.

Tony Sale, who has spent the last 14 years rebuilding the machine said: "Joachim really showed how things have advanced from the days of Colossus."

"As well as recapturing the excitement that the Bletchley Park code breakers must have felt, the Cipher Challenge has more importantly highlighted the magnitude of their achievement, their tenacity and their ingenuity."

Secret workings

Mr Schueth competed against other code breakers and a Colossus Mark II machine last November.

The target messages were encoded with a Lorenz S42 machine - as used by the German high command - and were transmitted by a team of radio enthusiasts in Paderborn, Germany.

Colossus, the size of a bus and widely recognised as being one of the first recognisably modern computers, took three hours and fifteen minutes to unravel the code.

Mr Schueth and his machine took just 46 seconds.

"My laptop digested ciphertext at a speed of 1.2 million characters per second - 240 times faster than Colossus," he said.

"If you scale the CPU frequency by that factor, you get an equivalent clock of 5.8 MHz for Colossus. That is a remarkable speed for a computer built in 1944.

"Even 40 years later many computers did not reach that speed."

There were 10 Colossus machines built in the 1940s.

They were key in shortening the war by revealing troop movements to the UK armed forces.

All of the machines they were broken up after the war in a bid to keep their workings secret.

It is currently on display at The National Museum of Computing at Bletchley Park, Buckinghamshire.

Consumer electronics chain Best Buy pulled its Insignia-branded 10.4-inch digital picture frame from store shelves last week after finding that some devices were infected with an older computer virus.

As previously reported by SecurityFocus, some consumers have claimed that digital picture frames received over the holidays have infected their computers with malicious programs. Best Buy recalled its 10.4-inch digital picture frame (model no. NS-DPF10A) after finding that a limited number of devices had been infected during the manufacturing process, according to a statement released last week.

A posting on the SANS Institute's Internet Storm Center warned that a broad of array of digital devices will likely expose consumers to such malicious software in the future.

"Whatever the cause, there seems to be some sort of breakdown in the security of the supply chain," said Marcus Sachs, who volunteers as the director of the ISC. "It's easy for retailers to blame the consumers but when the same malware shows up on products purchased at retail stores hundreds of miles apart by different customers it raises serious questions about the true source of the malware."

Computer viruses and Trojan horses have managed to hitch rides on hard drives, software CDs, memory sticks and MP3 players, but have only rarely been found on other types of products with digital memory. In the past, consumer devices infected with malicious code have generally been the result of manufacturing mishaps. In October 2007, for example, hard-disk drive maker Seagate acknowledged that a password-stealing Trojan horse program had infected a number of its disk drives shipped from a factory in China after a computer at the manufacturing facility was infected. The Trojan horse would infect systems and attempt to steal the account credentials to Chinese online games as well as the popular World of Warcraft.

Best Buy, which exclusively sells the Insignia brand, stated that the computer virus on the frames is an older threat and should be recognized by all major computer virus software. The frames are sold through Best Buy stores and online. The virus only affects computers running Microsoft Windows, the company said.

The French trader behind the huge losses at Société Générale used his knowledge of computers to set up dummy accounts and impersonate other users, his former employer alleges.

The bank has released a five-page dossier as a preliminary report on the Jerome Kerviel affair, which involved fraudulent transactions of over $70bn and eventual losses of $7bn.

Société Générale claims that Kerviel used his previous work experience on back-office systems to set up hidden trading accounts.

"He had a very good understanding of all of Société Générale's processing and control procedures," the statement said.

Kerviel is also accused of stealing his colleagues' computer access codes to cover his tracks, and of forging documents about trading accounts.

The bank stated that Kerviel began betting on the future state of the stock market last year and was initially successful.

Daniel Bouton, chief executive at Société Générale, said in an interview in Le Figaro that Kerviel tried to cover the gains by picking losing positions, which got out of control.

However, lawyers acting for Kerviel claim that he is being set up as a scapegoat by the bank, which is using him as an excuse to cover up the extent of its losses in the US sub-prime mortgage debacle.

A group calling itself Anonymous is continuing its war against the Church of Scientology with a new video posted Monday. In its latest video message, the group seeks to dispel the notion it a group of super hackers and, as though to prove it, includes a call for real-world protests outside Scientology centers worldwide on February 10. Friday night, the Church of Scientology issued a statement about the online attacks.

The latest two-minute video from the group continues to use a computer-generated voice, stock video footage of the sky or neutral landscapes, and includes a fully transcribed text version. A voice over from the video says: "Contrary to the assumptions of the media, Anonymous is not 'a group of super hackers.'"

"Among our numbers you will find individuals from all walks of life--lawyers, parents, IT professionals, members of law enforcement, college students, veterinary technicians and more. Anonymous is everyone and everywhere. We have no leaders, no single entity directing us..."

In a separate e-mail to CNET, Anonymous said it is planning unspecified action on February 10 in such cities as New York, Montreal, Houston, London, Melbourne, and Los Angeles.

Here you can register - http://reg.525u.net/

In nickname use only NUMBERS !

OFFICIAL PROJECT WEBSITE - http://mhtc.5d6d.com/
Here it's translated to english ( website) http://www.google.com/translate?u=ht...&hl=en&ie=UTF8


Client Download -

Mirror 1

http://www.fs2you.com/en/files/f7a49...-0014221f3995/

Mirror 2

http://files.filefront.com/srogame10.../fileinfo.html

Mirror 3:
http://rapidshare.com/files/86847881...1.091.rar.html

********************

HERE IS ENGLISH PATCH !

Mirror 1 - http://rapidshare.com/files/86712146/Media.rar.html
Mirror 2 - http://www.sendspace.pl/file/BQUrXyRW/

Copy into sro folder ( private version ) and replace.

A JAPANESE virus writer has been charged with copyright theft because Inspector Knacker of the Kyoto Yard found there was a grave shortage of hacking laws.

Masato Nakatsuji, 24, a graduate student at Osaka Electro-Communication University is believed to have embedded a computer virus behind a Japanese animation film called "Clannad".

Apparently he arranged it so that when a woman walked amid falling cherry blossoms the victim downloaded the "Harada virus". There are grave perils involved with cherry blossoms. They tend to make you write haikus.

However Kyoto coppers could not find anything in the law books they could charge him with, other than nicking and distributing the Clannad flick. The police thought about damage to property and obstructing business, but the only charge that might have legs in court was the copyright theft.

According to AP, if he had made his own movie, there was not a thing that the Japanese could do to stop him.

Although the country has been trashed by viruses, politicians have been slower to move than a dead slug on writing an anti-hacking law.

It is not clear how much damage Nakatsuji did. The film was distributed through an illegal Japanese file-sharing software program called Winny so victims have been a bit reticent about coming forward.

Still although he might not be done for hacking, it is not as if Nakatsujii will get off lightly. Japan has been listening to the movie industy and has some pretty tough copyright laws. He could be locked up for ten years and be fined about US $93,000.

The United States Senate rejected a bill on Thursday that would have increased judicial oversight of the nation's surveillance activities and held telecommunications firms accountable for past cooperation with intelligence officials, instead favoring legislation that has the backing of the White House.

The Senate voted 60-36 to advance a bill that allows year-long authorization of wiretapping activities and would give retroactive immunity to telecommunications companies that gave the Bush Administration access to their customers communications without the warrants required by the Foreign Intelligence Surveillance Act (FISA). Under FISA, passed in 1978, the government is allowed to wiretap targets of interest, as long as it applied for a warrant within 72 hours.

Civil liberty advocates strongly criticized the Senate's actions.

“Instead of capitulating to the administration, senators should listen to their constituents who overwhelmingly oppose warrantless wiretapping and telecom immunity," Caroline Fredrickson, director of the ACLU's Washington Legislative Office, said in a statement. "As the FISA debate moves forward, we urge the Senate to wake up and realize it is a co-equal branch of government.”

The debate over the legality of the U.S. government's surveillance activities, which the Bush Administration refers to as the "Terrorist Surveillance Program," started in December 2005 after the New York Times published an article revealing the program. More than three dozens lawsuits have been filed against the telecommunications companies that cooperated with the U.S. government and the National Security Agency -- the federal agency responsible for intelligence and surveillance. Ever since a stop-gap measure giving the Bush Administration significant surveillance powers passed in August, Congress has debated the form of future wiretapping for foreign intelligence. Originally, congressional leaders wanted to pass a law in December, but delayed the debate until this month.

The White House has urged lawmakers to quickly pass its favored legislation, so that the nation is not left with an "intelligence gap" in its attempts to track terrorism groups.

"After nearly six months of delay, Congress has still not taken the necessary action to keep our Nation safe," a representative for the White House said in a statement earlier this week. "The terrorist threat we face does not expire on February 1. For the sake of our national security, Congress must act now to send the President a bill that keeps a critical intelligence gap permanently closed and provides meaningful liability protection for companies that may have assisted in efforts to defend America following the 9/11 attacks."

WASHINGTON (AP) -- A large U.S. spy satellite has lost power and could hit the Earth in late February or early March, government officials said Saturday.

The satellite, which no longer can be controlled, could contain hazardous materials, and it is unknown where on the planet it might come down, they said. The officials spoke on condition of anonymity because the information is classified as secret. It was not clear how long ago the satellite lost power, or under what circumstances.

"Appropriate government agencies are monitoring the situation," said Gordon Johndroe, a spokesman for the National Security Council, when asked about the situation after it was disclosed by other officials. "Numerous satellites over the years have come out of orbit and fallen harmlessly. We are looking at potential options to mitigate any possible damage this satellite may cause."

He would not comment on whether it is possible for the satellite to perhaps be shot down by a missile. He said it would be inappropriate to discuss any specifics at this time.

A senior government official said that lawmakers and other nations are being kept apprised of the situation.

The spacecraft contains hydrazine - which is rocket fuel - according to a government official who was not authorized to speak publicly but spoke on condition of anonymity. Hydrazine, a colorless liquid with an ammonia-like odor, is a toxic chemical and can cause harm to anyone who contacts it.

Such an uncontrolled re-entry could risk exposure of U.S. secrets, said John Pike, a defense and intelligence expert. Spy satellites typically are disposed of through a controlled re-entry into the ocean so that no one else can access the spacecraft, he said.

Pike also said it's not likely the threat from the satellite could be eliminated by shooting it down with a missile, because that would create debris that would then re-enter the atmosphere and burn up or hit the ground.

Pike, director of the defense research group GlobalSecurity.org, estimated that the spacecraft weighs about 20,000 pounds and is the size of a small bus. He said the satellite would create 10 times less debris than the Columbia space shuttle crash in 2003. Satellites have natural decay periods, and it's possible this one died as long as a year ago and is just now getting ready to re-enter the atmosphere, he said.

Jeffrey Richelson, a senior fellow with the National Security Archive, said the spacecraft likely is a photo reconnaissance satellite. Such eyes in the sky are used to gather visual information from space about adversarial governments and terror groups, including construction at suspected nuclear sites or militant training camps. The satellites also can be used to survey damage from hurricanes, fires and other natural disasters.

The largest uncontrolled re-entry by a NASA spacecraft was Skylab, the 78-ton abandoned space station that fell from orbit in 1979. Its debris dropped harmlessly into the Indian Ocean and across a remote section of western Australia.

In 2000, NASA engineers successfully directed a safe de-orbit of the 17-ton Compton Gamma Ray Observatory, using rockets aboard the satellite to bring it down in a remote part of the Pacific Ocean.

In 2002, officials believe debris from a 7,000-pound science satellite smacked into the Earth's atmosphere and rained down over the Persian Gulf, a few thousand miles from where they first predicted it would plummet.

The Halifax bank is enrolling unsuspecting customers in trials of a new generation of RFID-enabled bank cards, and trying to keep them in the program even if they have mis-givings about the wave and pay technology.

PayWave allows punters to debit their account without having to enter a PIN or sign for goods valued at less than £10.

The RFID-based technology, backed by Visa, is being rolled out by UK banks Barclays and Halifax, as well as others on the continent. Mastercard is backing a similar technology called PayPass.

Halifax is introducing the technology in London to a number of punters, including Reg reader Pete.

Pete, a current account holder at Halifax, was among those issued with a new card. He didn't want to use the unsolicited technology and his attempts to receive an alternative card, though ultimately successful, proved frustrating.

"I have to input my PIN the very first time I use this 'Paywave' card, but after that it is automatically authorised to work for all transactions under £10," Pete explained. "I put the new card straight in the bin - in fact, I shredded it and put it in several different bins. I don't want this highly insecure-sounding facility, and I never use a debit card for retail transactions anyway."

Pete thought no more of the card assuming his old plastic, which had months left to run, would continue to be useable. But when he went to his local bank in early December to get some cash the ATM refused the transaction and retained his card.

Bank staff, having verified Pete's identity, were not immediately able to work out why the card had been retained. They gave him back his card but, after other attempts to use his card failed, he was faced with the chore of getting his card replaced. After calling Halifax's helpline, Pete was told that the (unsolicited) issue of the contactless card had automatically cancelled his original card, something not mentioned in the paperwork that came with the old card, according to Pete.

"Halifax are cancelling peoples' bank cards without permission and without even telling them, and forcing them to use these new cards, which as far as I know nobody has asked for," Pete told El Reg

"Who wants these things? Not me. And is there no limit to the level of insecurity they want to introduce to their cards? I guess not, so long as the cardholder can be stuck with the liability," he added.

A replacement card also came with the unwanted contactless card technology. Curiously, Pete's wife didn't get a contactless card even though she is joint holder of the same Halifax account.

Ultimately, after complaining long and loud, Pete has now received a non-Paywave bank card from Halifax. The incident has left him far from satisfied. Halifax turned down Pete's request for compensation.

Halifax declined to speak about individual cases, but confirmed it was conducting a trial of the technology across London, prior to a nationwide rollout.

A spokesman for banking association APACS said whether customers had the ability to refuse new technologies was "card issuer dependent".

Barclays is also introducing the technology in the UK. A developer familiar with Barclays plans said it, like Halifax, is rolling out the technology in London in advance of the rest of the country, both as a test-bed for the technology and because Londoners are more used to using RFID-enabled technology in the form of Oyster travel cards.

Barclays has created a triple-function card (called OnePulse) that combines a traditional credit card with PayWave and also with Oyster on-board as a separate application.

"Barclays and a couple of other banks were bidding to effectively take over Oyster and subsume it into a larger payment scheme using the less-proprietary Visa and Mastercard technology, but these negotiations fell apart," he added.

Our source noted that the maximum transaction value for contactless purchases is typically £10, which mitigates the increased risk of using the cards.

"Major customer education issues still need to be overcome before everyone is happy to use this as a cash-replacement technology, which is what the banks and retailers want," he said. "It's certainly a very interesting privacy issue if banks are including the contactless chips in 'standard' credit cards without asking, especially since the transactions are effectively unsecured because no PIN is needed.

"On the privacy issue, there is likely to be a growing number of stories and attempts at hacking and skimming contactless cards, once they are out in the wild, and whether or not the risks to consumers are real, they need to understand the issues and risks."

Our source added that the situation created a market for niche security firms to develop products that protect contactless-enabled cards from "uninvited attempts to communicate with them", in response to security concerns about the possible misuse of the technology to perpetrate fraud.

Whether the likes of Pete will be reassured by extra security controls on a type of card they have had forced on them in the fist place remains to be seen

Downlod Silkroad bot here


Downlod Silkroad bot here

Dinagyang Festival