How to add Google Analytics to every page on your osCommerce eCart

First thing you need to do is to open an account with Google, you can do that here http://www.google.com/analytics/

Once you have an account you will be given a snippet of code to install on each page you want tracked. On a normal HTML page you will place this just before the <./body> tag at the bottom of each page. You may read on some other sites that should place this at the top of the page, you should ignore such advice because if it's placed at the top of a page and there is a delay in the communication with the Google server then your page won't load load until it's finished, resulting in slow page load times and annoyed customers. If placed at the bottom, then the page will load first and be usable before Google has done it's bit.

The code snippet looks something like this

HTML Code:

To insert it into each page of OSC (except the admin pages) you need to open /includes/footer.php

At the bottom of which you will see something like this.

PHP Code:
if ($banner = tep_banner_exists('dynamic', '468x50')) {
?>






echo tep_display_banner('static', $banner); ?>

}
?>
You need to add your Google code to it like this
PHP Code:
if ($banner = tep_banner_exists('dynamic', '468x50')) {
?>






echo tep_display_banner('static', $banner); ?>

}
?>

That's all there is to it, you now have Google Analytics on every user page of your osCommerce shopping cart.

Posted in | 0 comments

South Korea a victim of cyber warfare

South Korea's military has been put on alert against overseas hackers who have gained access to some soldiers' personal computers, the defence ministry said Thursday.

It did not identify the country where the hackers are based but Chosun Ilbo newspaper said it was China.

The Defence Security Command, which handles counter-intelligence, this week warned all military units to be on the alert against hacking, a ministry spokesman said.

"The alert was issued after the counter-intelligence command found 'third-nation' hackers had successfully broken into some soldiers' computers via e-mails to steal private data," the spokesman told AFP.

"No military information has been leaked."

The South's military runs its own Intranet, usually disconnected to the Internet, and also has separate servers for processing confidential data, he said.

But the command instructed troops to keep no official data on personal computers and also to update anti-virus programmes.

The spokesman said hackers used emails entitled in Korean "Current state of the North Korean army's capabilities" to arouse the curiosity of soldiers. The hacking virus starts working when the emails are opened.

Chosun Ilbo said military investigators had traced the hackers to China but failed to identify whether they are ordinary citizens or military personnel.

It noted that China launched a military unit called NET Force to carry out online warfare against enemy computer networks in 2000, with one million civilian "red hackers" operating in the country.

The Korea Institute for Defence Analyses, a state think-tank affiliated with the defence ministry, said one of its researchers had his computer hacked by a Chinese in 2004.

"The Chinese hacker took out private data, neither official nor confidential, from the researcher's personal computer while pretending to be a Korean e-mailer," a spokesman told AFP.

South Korea is one of the world's most wired societies with 34 million people or 70 percent of the population using the Internet.

Posted in | 0 comments

Malware variants may have hit half-million mark

Underscoring the difficulty in keeping up with the pace of malicious code development, two antivirus companies published their latest tally of the menagerie of malicious code against which they have to protect their customers.

On Wednesday, antivirus firm F-Secure announced that the total number of "detections" -- or variants -- of viruses, worms, Trojan horses and other malicious code reached 500,000 in the last week of 2007, counting from 1986. In December, McAfee estimated that is own count of malicious code would surpass 360,000 by the end of the year.

F-Secure stressed that the influx of variants are not due to original code, but mass-produced attempts to foil antivirus filters, a tactic made successful by the Storm Worm. However, the overwhelming numbers do put strain on antivirus companies' human analysts, according to Dave Marcus, security research and communications manager for McAfee's Antivirus Emergency Response Team.

"You have to invest in your researchers, but you also have to invest in automating the process," Marcus said in a December interview with SecurityFocus. "When you are getting thousands of samples a day, you cannot just rely on human analysts, you need automation."

In 2007, antivirus companies have had to deal with evolving tactics on the part of malware authors. The Storm Worm's creators have used a variety of techniques, from rapidly changing variants to fast-flux hosting, to continue to spread variants of the program to victims' PCs. Web-based infection kits that deliver a different variant to each victim's PC has also made analysis more difficult.

For both F-Secure and McAfee, the number of malicious-code variants nearly doubled in 2007 over the previous year's total.

Posted in | 0 comments

Cyber thieves target social sites

MySpace logo, AP
Social sites are already being targeted by hi-tech thieves

It is not just the average net user who is a fan of social network sites, so are hi-tech criminals.

So say security professionals predicting what net criminals will turn to in 2008 to catch people out.

The quasi-intimate nature of the sites makes people share information readily leaving them open to all kinds of other attacks, warn security firms.

Detailed information gathered via the sites will also help tune spam runs or make phishing e-mail more convincing.

Friendly faces

There was no doubt that 2007 was the year that sites such as MySpace, Facebook, Bebo, Orkut rose to prominence as millions of people signed up to use them and started posting information about themselves and what they were up to.

But in 2008 these sites will become an attack vector for the hi-tech gangs who are now behind the vast majority of cyber crime.

Mary Landesman, senior security researcher at ScanSafe, said social sites would prove popular for two reasons.

"The technologies that play there and the third party add-ons make it an environment that is susceptible to compromise," said Ms Landesman.

Already at the end of 2007 Brazilian users of Google's Orkut were subject to an attack by a worm that tried to steal bank account details. The malicious program, which also tried to hijack compromised computers, propagated via booby-trapped links placed on the personal page of Orkut users.

Still other attacks have tried to capitalise on the popularity of video clips seen on sites such as YouTube by putting booby-trapped links on pages that show the short films.

Alongside technical vulnerabilities in the networks go other problems with the amount of information that people share on social networking sites.

Online bank login screen, BBC
Social sites help make phishing attacks look more plausible
This data can give criminals knowledge about the names of employees at a company, insight in its managerial make-up or information about its processes to lend credibility to other attacks.

"That information can be very specific, very focused," she said. "It can mention company names, actual events and people."

This information, said Ms Landesman, could help attackers embarking on social engineering attacks which attempt to con employees by posing as another worker or a business partner.

David Porter, head of security and risk at Detica, said the apparent familiarity of social network sites, which often help people build connections with people who share their interests and outlook meant many people were cavalier with their personal information.

"It is remarkable that people use social networking websites to publish details about their lives, loves, jobs and hobbies to the entire world that they would not dream of sharing with a stranger in a bar," he said.

"Such data is invaluable to identity fraudsters," he said.

This move to exploit social network sites would also fuel a move away from attacks that exploit vulnerabilities in the Windows operating system to gain control of a PC or steal data.

Far better for the criminal, said Paul King, senior security advisor for Cisco, is to use those phishing e-mails to exploit the end user.

"So many attacks now are nothing to do with an exploit. It's about persuading you to click a link," he said. "There's no vulnerability involved in you clicking on that. None."

The big challenge in 2008 for individuals and companies was coming to terms and recognising the sheer number of threats ranged against them.

But, he said, consumers and PC users should not feel stifled by all the potential security problems.

There were a lot of benefits to using social networking sites, said Mr King and the downsides should not put people off using them.

"It's about trying to manage risk rather than avoid risk," he said.

Posted in | 0 comments

Spyware found in Sears online community installation

Online shoppers who signed up for the "Sears Holdings Community" ("My SHC Community" or "SHC") this holiday season got a gift that keeps on giving: spyware.

Sears defends its actions by saying it clearly notified customers before they accepted the software installation. However, several antispyware researchers found the Sears notification process fails to call out that users' online activities (including logging in to bank accounts) will be recorded and that it generally falls below industry standards.

The concern focuses on software installed by ComScore, an online data marketing firm. ComScore states on its Web site that it "maintains massive proprietary databases that provide a continuous, real-time measurement of the myriad ways in which the Internet is used and the wide variety of activities that are occurring online." The company has maintained over the years that its data collection methods do not qualify as spyware. However, several leading antispyware researchers disagree.

The controversy was first reported at the end of December by a senior researcher in the Anti-Spyware unit at Computer Associates, Benjamin Googins. In a blog, Googins related his own experience in joining the Sears Holdings Community, "a place where your voice is heard and your opinion matters." Although an initial sign up e-mail informed Googins of potential tracking opportunities, the online registration site itself does not. Nor does the Sears privacy policy clearly state what is and is not being tracked.

Rob Harles, a senior vice president of SHC, responded in a post to Googins blog . In his post, Harles said, "The vast majority of members of My SHC do not participate in any form of tracking, and those that have explicitly signed up do so after having been presented with simple, easy to understand language to which they have agreed." Googins says that a quick scan of older press releases shows that Harles was formerly a senior vice president at ComScore.

Veteran antispyware researcher Benjamin Edelman agrees with Googins. In a recent blog, Edelman stated "the limited SHC disclosure provided by email lacks the required specificity as to the nature, purpose, and effects of the ComScore software."

Specifically, Edelman cites that "the initial SHC email refers to the ComScore software as 'VoiceFive.' The license agreement refers to the ComScore software as 'our application' and 'this application.' The ActiveX prompt gives no product name, and it reports company name 'TMRG, Inc.' These conflicting names prevent users from figuring out what software they are asked to accept."

Posted in | 0 comments

'Ragtag' Russian army shows the new face of DDoS attacks

In late April, a Russian-speaking blogger upset with recent events in Estonia posted a series of dispatches calling on like-minded people to attack government servers in that country.

"They're really fascists," the user, who went by the name of VolchenoK, wrote of Estonian government officials, according to this translation. "Let us help those who are there and really fought for the memory of our grandfather and grandmother. Yet they are fighting against fascism!"
Click here to find out more!

VolchenoK's dispatch was echoed in posts on other Russian-speaking websites and helped set the groundwork for more than a week of distributed denial of service (DDoS) attacks, which sometimes brought official Estonian websites to their knees.

The assault on the Estonian sites was motivated by the government's removal of a Soviet-era memorial from the center of that country's capital. For decades, the monument stood as a tribute to Soviet soldiers who drove out the Nazis during World War II. Some Russians took the removal as a slap in the face and sought revenge.

The attacks should serve as a wake-up call for US government officials about the potency of several new DDoS tools adopted by cyber criminals, says Arbor Networks senior security engineer Jose Nazario. He will speak about about DDoS threats later this month at the US Department of Defense's Cyber Crime Conference.
Rage against the Machine

The Estonia attacks are a graphic example of the damage that disaffected groups can cause when they vent their rage on internet targets, he says. Combined with a separate round of attacks on sites belonging to both pro-Russian and anti-Russian groups over the last three months, they raise the possibility that attacks based on political, ethnic or cultural differences may be on the rise.

"That ragtag army ... can actually be effective," Nazario says. "We're very, very worried about computer botnets. We should be just as worried about semi-organized groups of upset people."

Posts like the one left by VolchenoK included a do-it-yourself script users could run to turn their computers into individual launch pads for the attacks. They also included instructions on when participants should start and stop them to ensure the incursions caused as much damage as possible. They were combined with more traditional DDoS attacks from networks of zombie machines.

By Western standards, the attacks weren't all that sophisticated. They topped out at about 100MB per second, compared with as much as 40GB per second unleashed against some targets. They also employed protocols such as ICMP and TCP SYN, which have been used for so long that they are no longer effective against many hardened targets.

But more recent events may show that politically motivated attackers are growing more savvy. Over the past several months, Nazario has documented attacks on sites belonging to groups on both sides of the Russian establishment. Targets include the Party of Regions, a pro-Russian party led by Ukrainian Prime Minister Viktor Yanukovych; the site of Gary Kasparov, the Russian chess grandmaster turned critic of Russian President Vladimir Putin; and namarsh.ru, another dissident site. All attacks have been carried out using botnets, Nazario says.
BlackEnergy

One weapon used in these most recent raids is a tool called BlackEnergy. It doesn't rely on the more primitive IRC protocol, doesn't scan for new hosts to infect and is cloaked in a rootkit, making it hard for users or security researchers to detect. A graphical interface makes it easy for hackers to configure and it is designed solely for carrying out DDoS attacks, Nazario says.

More than three dozen servers have been detected as command and control centers for BlackEnergy, and because the tool is available for $40 the number could grow, Nazario says. HTML-based bots like BlackEnergy are harder for security professionals to detect and stop because the data they generate looks similar to web traffic.

"The DDoS problem hasn't gone away," Nazario says. "People who commit those kind of attacks have more specialized tools avaiable to them and their attacks have gotten mor specialized."

So Nazario is working with the computer emergency response teams of various governments to snuff out the command and control servers that act as the hubs for these networks. Among the techniques for stopping them are the blacklisting of domain names and internet protocol addresses and the sharing of signature files that can be used by Snort and other intrusion detection systems to pinpoint the servers. ®

Posted in | 0 comments

Malware writers exploit Bhutto killing

The assassination of former Pakistan president Benazir Bhutto has become the latest hook to lure users to malicious websites.

Researchers at security firm McAfee said that attackers were embedding blog pages with URLs for malicious sites that claim to offer a video of the killing.

Users who attempt to view the video are prompted to download what the site claims is a codec file needed to 'translate' the video.

The 'codec' is actually a Trojan program that installs malware on the user's system.

Other sites then attempt to exploit a previously patched flaw in Internet Explorer to install the malware.

The use of major news events as a means of spreading malware is not uncommon. The infamous Storm worm surfaced early last year as an attachment to fake emails about flooding in Europe.

Criminals also used the Virginia Tech shootings, the London terror bombing, and Hurricane Katrina to bring in victims online.

The use of fake codecs is also a common tactic for spreading malware. Attackers will often use the promise of pornographic videos to lure users into downloading and installing Trojans.

The recent MacOS X Trojan was one such example of such an attack, using the fake video files to deliver a DNS changer.

Posted in | 0 comments

Ransomware Trojan locks up infected PCs

A new strain of "Ransomware" that attempts to coerce victims into paying $35 to unlock their Windows PC, is doing the rounds.

The scam uses a variety of premium rate numbers in different countries, and UK regulator PhonePayPlus is investigating the suspected misuse of a type of premium rate line normally used for sex lines in the UK.
Click here to find out more!

The Delf-CTK Trojan poses as a "Browser Security and Anti-adware" security application whose license has expired. Windows machines infected by the malware are confronted by a full-screen message that poses as a Windows error. Ironically, but unsurprisingly, the malware typically uses Windows exploits to infect vulnerable machines.

Prospective marks are invited to call a country-specific premium rate number and enter a PIN to obtain a license code. The US premium rate number belongs to "passwordtwoenter.com", a payment processing firm used by hardcore porn sites, according to anti-spyware firm Sunbelt Software, which was the first to warn of the ruse. Passwordtwoenter.com is registered to Global Voice SA, a firm based in the Indian Ocean island state of the Seychelles.

If the US number doesn't work, prospective marks are invited to call alternate numbers including a satellite telephone number and another in the West African nation of Cameroon, Computerworld adds. UK and French premium numbers also feature in the scam.

The 0909 number British marks are invited to call is reserved for adult premium rate lines, premium rate regulator PhonePayPlus told El Reg. PhonePayPlus agreed to investigate the issue, after we told them about the scam. A spokesman added that he wasn't aware of previous UK cases where malware has been linked to attempts to prompt users into phoning premium rate lines.

Ransomware packages (which began appearing early in 2006) typically use malicious code to gain control of user files, encrypt them, and threaten users that they won't see these files again unless they hand over a cash "ransom" to hackers.

The Delf-ctk Trojan is more subtle than this, the demands are less transparently hostile, and a different (more advanced) payment method is used. Users infected by the malware are locked out of their whole system by malware that takes over their desktop - not just preventing them from opening particular files - so in some ways the Delf-CTK Trojan is nastier than earlier ransomware strains such as Gpcode. ®

Posted in | 0 comments

Facebook users are being warned about a new application on the social networking site that contains adware.

Facebook users are being warned about a new application on the social networking site that contains adware.

'Secret Crush' contains a download of the Zango adware program which automatically sends itself to five friends.

It has already infected three per cent of Facebook users, over one million computers, according to security firm Fortinet.

"People are now developing Facebook 'platform applications' for profit rather than just for fun, but this does not mean that all widgets are going to be malicious," said Guillaume Lovet, manager of Fortinet's European Threat Response Team.

"Honest ways to generate profits exist on Facebook, but users must use common sense and protection to avoid being scammed and abused."

Lovet warned that social networking sites are fast becoming dangerous places, and that users who are unaware or run unpatched browsers are increasingly at risk.

The adware has spread quickly because people are more willing to install new applications on Facebook, something they are learning not to do with email attachments.

Posted in | 0 comments

Facebook hit by adware attack

Facebook users are being warned about a new application on the social networking site that contains adware.

'Secret Crush' contains a download of the Zango adware program which automatically sends itself to five friends.

It has already infected three per cent of Facebook users, over one million computers, according to security firm Fortinet.

"People are now developing Facebook 'platform applications' for profit rather than just for fun, but this does not mean that all widgets are going to be malicious," said Guillaume Lovet, manager of Fortinet's European Threat Response Team.

"Honest ways to generate profits exist on Facebook, but users must use common sense and protection to avoid being scammed and abused."

Lovet warned that social networking sites are fast becoming dangerous places, and that users who are unaware or run unpatched browsers are increasingly at risk.

The adware has spread quickly because people are more willing to install new applications on Facebook, something they are learning not to do with email attachments.

Posted in | 0 comments

Researcher: Firefox vulnerable to ID spoofing

Firefox 2.0 has a vulnerability that can leave its users susceptible to an identity theft attack, according to Aviv Raff, a security researcher based in Israel.

Raff outlined a bug in Firefox that allows spoofing and enables an attacker “to conduct phishing attacks, by tricking the user to believe that the authentication dialog box is from a trusted website.” The versions affected include Firefox v2.0.0.11 and prior versions. Ryan Naraine got a private demo of Raff’s work and noted that this attack is easy to fall for.

Gallery: How to secure Firefox.

Raff in his post outlines two possible attacks:

1. An attacker creates a web page with a link to a trusted website (e.g. Bank, PayPal, Webmail, etc.). When the victim clicks on the link, the trusted web page will be opened in a new window, and a script will be executed to redirect the new opened window to the attacker’s web server, which will then return the specially crafted basic authentication response.

2. An attacker embeds an image (pointing to the attacker’s web server, which will return the specially crafted basic authentication response) to:

  • A mail which will be sent to a webmail user.
  • RSS feed which will be consumed by a web RSS reader.
  • A forum/blog/social network page.

As for the workaround, Raff suggests avoiding sites that require password authentication and give you a dialog that looks like this. Mozilla last issued a security patch for Firefox Nov. 27.

authentication.png

Posted in | 0 comments

DOJ indicts alleged British hacker

The U.S. Department of Justice indicted Tuesday a British man who allegedly hacked into military computer systems and shut them down in the wake of the Sept. 11, 2001 terrorist attacks.

Gary McKinnon, a 36-year-old former systems administrator from London, was charged by a grand jury in New Jersey with intentionally damaging a federal computer system, according to a statement released by the U.S. Attorney's Office in the Eastern District of Virginia.

McKinnon is believed to have attacked the Earle Naval Weapons Station, a U.S. Navy command center responsible for supplying munitions to the Atlantic fleet, three times between April 2001 and September 2001.

During the final attack on Sept. 23, 2001, the DOJ alleges McKinnon deleted key files necessary to power some computers on the network.

"This was a grave intrusion into a vital military system computer system at a time when we, as a nation, had to summon all of our defenses against further attack," Assistant U.S. Attorney Scott S. Christie said in the statement. Representatives from U.S. Navy would not comment on the indictment.

The U.S. Attorney's office also indicted McKinnon on seven counts of unauthorized access and damage to computer systems for his hack of nearly 100 computers, mainly military systems. The second indictment charged McKinnon with breaking into systems belonging to the U.S. Army, U.S. Navy, the U.S. Air Force, the U.S. Department of Defense and NASA, as well as six corporate computers. Altogether, McKinnon allegedly caused approximately $900,000 in damage.

Both indictments were handed down Tuesday morning. The U.S. Attorney's office in Virginia will be taking lead on the case, a representative from that office said.

After McKinnon was charged with the network break-in, the DOJ worked to try McKinnon in the United States, said Judy Prue, a spokeswoman for Britain's National High-Tech Crime Unit.

"It was decided that he would be extradited to the U.S.," Prue said. "Technically, we had de-arrest this guy."

The DOJ announced plans to extradite McKinnon Tuesday afternoon. The Associated Press reported some details of the investigation on Monday.

Online vandals have often used military systems as hacking targets. The Pentagon, for example, has cited as many as 250,000 attacks in a single year. The attacks do succeed, on occasion.

In May of last year, government contractor Exigent International acknowledged that one or more hackers broke into a government server that contained satellite software and stole code. Evidence led investigators to an e-mail service in Sweden, where the hackers apparently stashed the code. The culprits were never apprehended.

In 1997, two California teenagers and a trio of Israeli hackers were arrested for hacking into Pentagon servers. Israeli hacker Ehud Tenenbaum, then 18 years old, and his two teenage accomplices weren't extradited yet were prosecuted by local authorities.

The United States rarely extradites cybercriminals; the process has proven to be extremely slow in the cases that do call for extradition.

In May, two citizens of Kazakhstan were extradited from Britain more than 20 months after their arrest in a London hotel room on charges of unauthorized computer access and extortion.

Oleg Zezov and Igor Yarimaka allegedly sent several e-mail messages to the founder of financial information company Bloomberg and now mayor of New York City, Michael Bloomberg, demanding that he pay $200,000 in exchange for information on how the duo infiltrated the Bloomberg system.

Law enforcement officials have also tried other methods to snatch foreign hackers suspected of cybercrimes.

In November 2000, two alleged Russian hackers were lured to Seattle in a sting operation after FBI agents grabbed evidence from a server in Chelyabinsk, Russia. Authorities from that province filed charges against the FBI for the "hack" earlier this year.

Posted in | 0 comments

DOJ charges youth in hack attacks

The U.S. Department of Justice indicted Tuesday a British man who allegedly hacked into military computer systems and shut them down in the wake of the Sept. 11, 2001 terrorist attacks.

Gary McKinnon, a 36-year-old former systems administrator from London, was charged by a grand jury in New Jersey with intentionally damaging a federal computer system, according to a statement released by the U.S. Attorney's Office in the Eastern District of Virginia.

McKinnon is believed to have attacked the Earle Naval Weapons Station, a U.S. Navy command center responsible for supplying munitions to the Atlantic fleet, three times between April 2001 and September 2001.

During the final attack on Sept. 23, 2001, the DOJ alleges McKinnon deleted key files necessary to power some computers on the network.

"This was a grave intrusion into a vital military system computer system at a time when we, as a nation, had to summon all of our defenses against further attack," Assistant U.S. Attorney Scott S. Christie said in the statement. Representatives from U.S. Navy would not comment on the indictment.

The U.S. Attorney's office also indicted McKinnon on seven counts of unauthorized access and damage to computer systems for his hack of nearly 100 computers, mainly military systems. The second indictment charged McKinnon with breaking into systems belonging to the U.S. Army, U.S. Navy, the U.S. Air Force, the U.S. Department of Defense and NASA, as well as six corporate computers. Altogether, McKinnon allegedly caused approximately $900,000 in damage.

Both indictments were handed down Tuesday morning. The U.S. Attorney's office in Virginia will be taking lead on the case, a representative from that office said.

After McKinnon was charged with the network break-in, the DOJ worked to try McKinnon in the United States, said Judy Prue, a spokeswoman for Britain's National High-Tech Crime Unit.

"It was decided that he would be extradited to the U.S.," Prue said. "Technically, we had de-arrest this guy."

The DOJ announced plans to extradite McKinnon Tuesday afternoon. The Associated Press reported some details of the investigation on Monday.

Online vandals have often used military systems as hacking targets. The Pentagon, for example, has cited as many as 250,000 attacks in a single year. The attacks do succeed, on occasion.

In May of last year, government contractor Exigent International acknowledged that one or more hackers broke into a government server that contained satellite software and stole code. Evidence led investigators to an e-mail service in Sweden, where the hackers apparently stashed the code. The culprits were never apprehended.

In 1997, two California teenagers and a trio of Israeli hackers were arrested for hacking into Pentagon servers. Israeli hacker Ehud Tenenbaum, then 18 years old, and his two teenage accomplices weren't extradited yet were prosecuted by local authorities.

The United States rarely extradites cybercriminals; the process has proven to be extremely slow in the cases that do call for extradition.

In May, two citizens of Kazakhstan were extradited from Britain more than 20 months after their arrest in a London hotel room on charges of unauthorized computer access and extortion.

Oleg Zezov and Igor Yarimaka allegedly sent several e-mail messages to the founder of financial information company Bloomberg and now mayor of New York City, Michael Bloomberg, demanding that he pay $200,000 in exchange for information on how the duo infiltrated the Bloomberg system.

Law enforcement officials have also tried other methods to snatch foreign hackers suspected of cybercrimes.

In November 2000, two alleged Russian hackers were lured to Seattle in a sting operation after FBI agents grabbed evidence from a server in Chelyabinsk, Russia. Authorities from that province filed charges against the FBI for the "hack" earlier this year.

Posted in | 0 comments

Philippine DOJ hacked

For a few hours on Thursday, visitors to the Department of Justice's website saw a wizard and animated fireworks and heard an amusement park's theme music instead of seeing legal opinions and message from Justice Secretary Raul Gonzalez.

Gonzalez confirmed that the DoJ's website was hacked, but was restored past 3 p.m. Nevertheless, he ordered the National Bureau of Investigation to look into the incident given the repercussions of the act.

The DoJ website was hosted by PLDT, which he said has also promised to investigate the incident.

He said that even though the operations of the department were not disrupted as a result of the hacking, the fact that somebody could tamper with government websites posed a threat to other government agencies especially those handling matters related to national security.

"The danger is if there are sensitive matters on the website. It can also be the source of something that will mislead others... Hacking can cause serious disruption of the economy," he said.

A check of the DoJ's website around 2 p.m. showed a purple background with the logo of Enchanted Kingdom, a theme park in Laguna. The website also showed the lighted facade of the amusement park, its wizard mascot and animated fireworks.

Gone were the picture of Gonzalez, his message, the DoJ profile and links to legal opinions and the DoJ directory.

"I think what happened to us here should be a forewarning to all other agencies of the government. The financial institutions will be very important, the security cluster," he said.

He also said hacking was a criminal offense. It is punishable under the e-commerce law.

Posted in | 0 comments

The politics of privacy

Nearly 30 years after its passage, a once-obscure wiretapping law, and the secret federal court created by it, roiled the waters in Washington, D.C. And the debate is far from over.

The 1978 law in question is the Foreign Intelligence Surveillance Act, which was enacted in the post-Watergate era as a way to rein in abuses by U.S. intelligence agencies. After September 11, 2001, President Bush authorized his administration to bypass FISA when conducting wiretaps--a mechanism that he defended as necessary but that a chorus of opponents said amounted to a violation of the law, and perhaps the U.S. Constitution itself.

But a newly Democratic Congress, distracted by the ongoing occupation of Iraq and a flap over U.S. Attorneys, proved unwilling to risk a direct confrontation with the president over the limits of FISA. Instead, it bowed to the White House's requests for pro-surveillance amendments to FISA and approved the Protect America Act, which Bush signed into law in early August.

It was an unusually hasty process. Republicans tried to accelerate a vote on the legislation by disclosing a secret ruling by the secret FISA court that allegedly imperiled ongoing electronic surveillance. The ruling was not public, and press reports about it were vague, but congressional leaders decided to schedule a quick vote on the bill before leaving for their summer holiday. After arranging a vote on the Protect America Act, House Speaker Nancy Pelosi said the measure "does violence to the Constitution of the United States."

One question that the Protect America Act leaves unresolved is whether telecommunications companies will receive retroactive legal immunity for unlawful cooperation with the Bush administration. Because the law expires after 180 days, debates over its renewal have centered on that question.

On one side of the argument are intelligence-community representatives, who say a retroactive grant of immunity from lawsuits alleging privacy violations is only fair to executives who believed that cooperation with the National Security Agency would aid antiterror efforts. The other argues that companies should be held liable for illegal cooperation with spooks--and any immunity would set a terrible precedent.

Forcing the matter are dozens of lawsuits that have been filed against telecommunications companies and consolidated before a federal judge in San Francisco. One of those lawsuits, brought by the Electronic Frontier Foundation against AT&T, has advanced to the 9th Circuit Court of Appeals. The Bush administration asked it to pull the plug on the suit during oral arguments in August, and a decision is expected at any time.

As of the time of this writing, the debate in Washington remained unsettled. The House of Representatives rejected retroactive immunity by a reasonably close 227-180 vote in November. A Senate committee liked the idea, but after stiff opposition from senior Democrats, U.S. Senate Majority Leader Harry Reid withdrew the bill from a floor vote on December 17. That means the debate will continue next year.

Also continuing through next year will be a growing controversy over the Real ID Act, which would create the first federal identity card for Americans. In January, Maine became the first state to formally reject the scheme, and a few months later anti-Real ID Act senators had some success with an amendment limiting its future expansion.

But the Department of Homeland Security pressed forward with its regulations, which means that starting on May 11, 2008, residents of noncompliant states won't be able to use their driver's licenses as ID at airports or while entering federal buildings. The next five months will tell whether DHS will actually enforce those rules.

Posted in | 0 comments

Wii Hacked, Runs Homebrew Software




At this last weekend's Chaos Communication Congress, a group of hackers demonstrated a hack for the Wii which allowed them to run software of their own design natively on the system.

This is the first official demonstration of this kind of hack on Nintendo's Wii.

The hack itself -- as explained in the above video -- is quite complicated and probably far above the average Wii gamer, but it demonstrates the future potential for the system to run code that Nintendo never intended it to. While the technique is basically just a proof-of-concept at this point, expect to see Linux ports and rudimentary homebrew software for the Wii popping up throughout 2008.

The importance of this event is difficult to overstate.

The Wii is a wildly popular system manufactured by a company who is notoriously protective of their secretive hardware. The fact that a group of amateur hackers were able to crack the system's encryption proves, yet again, that despite any attempts to dictate how your hardware should be used, once you've sold it to consumers, it's completely up to them what they want to do with it.

With the hack still in its infancy it presents no danger to Nintendo of draining the company's profits through the unauthorized duplication of software, but you can be sure Nintendo is eyeing this hack with great scrutiny.

Posted in | 0 comments

CA issues false warning on JavaScript apps

A mis-firing anti-virus update from CA issued on Monday wrongly identified legitimate JavaScript files as a virus.

The eTrust signature update wrongly identified JSQuery (a JavaScript AJAX library) and Mootools (a JavaScript web 2.0 library) and other complex JavaScript packages as being contaminated with the Snz-A JasaScript malware. Users running CA eTrust (also known as Vet Anti-Virus) who applied the dodgy update were liable to find themselves confronted by false alarms that their systems were infected when visiting legitimate websites, causing unnecessary alarm in the process.

The dodgy update reportedly is 31.3.5417, dated December 31. Faulty anti-virus signature updates are not uncommon across the industry and CA can be expected to respond quickly to the problem by pulling the dodgy update and issuing a replacement. In the meantime users hit by the slip-up are posting their gripes and comparing experiences in various online blogs and forums (example here).

A post to the Mootools forum reports the false alarm but there's no official word from CA, either on its site or in response to our queries, as yet


Posted in | 0 comments

Privacy rights 'fragile' in 2007

Threats to personal privacy got more severe in 2007, a report has claimed.

Compiled by Privacy International and the Electronic Privacy Information Center the report details global trends in privacy protection and surveillance.

It found that in 2007 more nations than ever ranked as places where surveillance had become "endemic".

The move toward greater surveillance had left the fundamental right to a private life "fragile and exposed", the report said.

Complex threat

The 1,000 page report from the two campaigning groups details what governments, companies and lobby groups have done in the past 12 months to defend or dismantle privacy online or offline.

Overall, wrote the report's authors, privacy protection "worsened" during 2007.

As in previous years the report found no nation which consistently tried to uphold privacy or gave substantial help, legislative or otherwise, to protect personal data.

Greece topped the table of 47 countries ranked in the report and was the only one that was identified as having "adequate safeguards against abuse".

Most countries surveyed were classed as having "some safeguards but weakened protections" or a "systemic failure" to defend citizen's private lives.

In 2007 the survey found surveillance "endemic" in nine countries - compared to five in 2006.

The nine were - England, Wales, Malaysia, China, Russia, Singapore, Taiwan, Thailand and the US.

The report said that greater scrutiny of citizens grew out of two trends - government efforts to beef up national security and a burgeoning industry built around surveillance or the data it collects.

It noted that action by lobby groups or campaigners to protect privacy were "marginal" and added that any substantive effort to fight back could struggle against the complex and diverse threats ranged against privacy.

Posted in | 0 comments

New York Hack Hacked

Billy Chasen, an artist and software engineer, says he hopped into a New York City cab one night and found an error message displayed on the Windows touchscreen machine in the backseat. Cabs have begun installing the screens to provide passengers with news, advertisements and a GPS map to follow their trip progress. The touchscreens are also used by passengers to pay for their trip using a credit card.

Chasen was able to open Internet Explorer and initiate an internet connection through the connection wizard using a Sprint card that was already set up in the system. He was also able to navigate through the system and get full administrative access.

He posted photos of the screen on his blog here. You can also see a video interview with him here.

As an added bonus to leave with you before I sign off for 2007, here are some random cool photos of Chasen's exploded iPod, which still works after being encased in resin.

Happy new year, Threat Level readers. See you back here in 2008.

Posted in | 0 comments