via HDM's Twitter feed:
Adobe PDF 0.9-day added to Metasploit: [msf> use exploit/windows/fileformat/adobe_media_newplayer.rb] (via jduck/pusscat/myself) SVN r7881
The party is registered! Submitted by Andy_R on 11 August 2009 The long-awaited news has finally arrived, the Pirate Party UK is now officially registered as a political party! This means we can raise funds, have Pirate Party Candidates at the next general election, and do all the other things that political parties do. Getting to this stage has been a long process, we've had to elect officers, raise funds, fill out forms, meet with some (very helpful) people at the Electoral Commission, and learn far more about electoral law and the special party funding rules that apply to Gibraltar than any same person would ever want to. Andrew Robinson, Party Leader and Eric Priezkalns, Party Treasurer at the Electoral Commission offices in Westminster. Andrew Robinson, Party Leader and Eric Priezkalns, Party Treasurer at the Electoral Commission offices in Westminster. Now the party can really start. It's time for us to tell the world that we exist, to recruit members, raise funds and gear up to fight the General Election. The officers and web team have built the framework that the party needs to get going, now it's time for YOU to make things happen. Join the party, tell the media about the party,tell your friends about the party, take part in policy and news debates on the forum, join our Facebook group, donate or set up a regular payment to provide financial support, set up a branch in your constituency, school or workplace, join the specialist workings groups for members with key skills like lawyers and journalists and volunteer to take part in canvassing and campaigning in your constituency at the general election... The success of Britain's newest party depends on you, the members![From Pirate Party UK - Blog - The party is registered!]
This week, the United Kingdom's Interception of Communications commissioner, Sir Paul Kennedy, announced his latest statistics for Britain's phone and email surveillance systems, to generally shocked responses by the British Public. In 2008, law enforcement, local authorities and the secret services in that country demanded "communication data" — the "who, how, when and where", but not the actual content of messages — 504,073 times. That's 1,381 times a day; or one inquiry every year for every 78 people in the UK.
Sir Kennedy's report is, in many ways, all the public oversight these half a million requests get.
In the United Kingdom, there is no judicial review of these requests; law enforcement together with the Information Commission regulate their own regime, and are bound only to a government "code of conduct".
Communications data continues to be viewed by lawmakers as non-invasive and therefore not regarded as requiring strict regulation, despite the growing range of personal information that can now be revealed by a communications data intercept request. These orders can reveal lists of websites visited, email headers, name and address lookups, and, perhaps most controversially, the real-time location of a particular mobile telephone.
Such a breadth of information so readily available make these intercepts increasingly tempting for law enforcement; modern technology makes them far easier to capture and process en masse; and with no probable cause or other conditions on obtaining such data, these numbers will keep rising. To guard against the misuse of these invasive powers, we need more than just aggregate statistics presented at the end of the year. Across the world, these frequent invasions of privacy need full judicial oversight, once case at a time.
This has got to stop soon!
From the BBC
Communications firms are being asked to record all internet contacts between people as part of a modernisation in UK police surveillance tactics.
The home secretary scrapped plans for a database but wants details to be held and organised for security services.
The new system would track all e-mails, phone calls and internet use, including visits to social network sites.
The Tories said the Home Office had "buckled under Conservative pressure" in deciding against a giant database.
Announcing a consultation on a new strategy for communications data and its use in law enforcement, Jacqui Smith said there would be no single government-run database.
But she also said that "doing nothing" in the face of a communications revolution was not an option.
The Home Office will instead ask communications companies - from internet service providers to mobile phone networks - to extend the range of information they currently hold on their subscribers and organise it so that it can be better used by the police, MI5 and other public bodies investigating crime and terrorism.
Ministers say they estimate the project will cost £2bn to set up, which includes some compensation to the communications industry for the work it may be asked to do.
"Communications data is an essential tool for law enforcement agencies to track murderers, paedophiles, save lives and tackle crime," Ms Smith said.
"Advances in communications mean that there are ever more sophisticated ways to communicate and we need to ensure that we keep up with the technology being used by those who seek to do us harm.
"It is essential that the police and other crime fighting agencies have the tools they need to do their job, However to be clear, there are absolutely no plans for a single central store."
This just scares the hell out of me, but at the same time, it makes me really glad that I'm working in this industry.
Via Washington Post
WASHINGTON -- Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.
Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.
The latest intrusions provide new evidence that a battle is heating up between the U.S. and potential adversaries over the data networks that tie the world together. The revelations follow a recent Wall Street Journal report that computers used to control the U.S. electrical-distribution system, as well as other infrastructure, have also been infiltrated by spies abroad.
Attacks like these -- or U.S. awareness of them -- appear to have escalated in the past six months, said one former official briefed on the matter. "There's never been anything like it," this person said, adding that other military and civilian agencies as well as private companies are affected. "It's everything that keeps this country going."
Many details couldn't be learned, including the specific identity of the attackers, and the scope of the damage to the U.S. defense program, either in financial or security terms. In addition, while the spies were able to download sizable amounts of data related to the jet-fighter, they weren't able to access the most sensitive material, which is stored on computers not connected to the Internet.
Former U.S. officials say the attacks appear to have originated in China. However it can be extremely difficult to determine the true origin because it is easy to mask identities online.
A Pentagon report issued last month said that the Chinese military has made "steady progress" in developing online-warfare techniques. China hopes its computer skills can help it compensate for an underdeveloped military, the report said.
The Chinese Embassy said in a statement that China "opposes and forbids all forms of cyber crimes." It called the Pentagon's report "a product of the Cold War mentality" and said the allegations of cyber espionage are "intentionally fabricated to fan up China threat sensations."
The U.S. has no single government or military office responsible for cyber security. The Obama administration is likely to soon propose creating a senior White House computer-security post to coordinate policy and a new military command that would take the lead in protecting key computer networks from intrusions, according to senior officials.
The Bush administration planned to spend about $17 billion over several years on a new online-security initiative and the Obama administration has indicated it could expand on that. Spending on this scale would represent a potential windfall for government agencies and private contractors at a time of falling budgets. While specialists broadly agree that the threat is growing, there is debate about how much to spend in defending against attacks.
The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter.
Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into. The Air Force has launched an investigation.
Pentagon officials declined to comment directly on the Joint Strike Fighter compromises. Pentagon systems "are probed daily," said Air Force Lt. Col. Eric Butterbaugh, a Pentagon spokesman. "We aggressively monitor our networks for intrusions and have appropriate procedures to address these threats." U.S. counterintelligence chief Joel Brenner, speaking earlier this month to a business audience in Austin, Texas, warned that fighter-jet programs have been compromised.
Foreign allies are helping develop the aircraft, which opens up other avenues of attack for spies online. At least one breach appears to have occurred in Turkey and another country that is a U.S. ally, according to people familiar with the matter.
Joint Strike Fighter test aircraft are already flying, and money to build the jet is included in the Pentagon's budget for this year and next.
Computer systems involved with the program appear to have been infiltrated at least as far back as 2007, according to people familiar with the matter. Evidence of penetrations continued to be discovered at least into 2008. The intruders appear to have been interested in data about the design of the plane, its performance statistics and its electronic systems, former officials said.
The intruders compromised the system responsible for diagnosing a plane's maintenance problems during flight, according to officials familiar with the matter. However, the plane's most vital systems -- such as flight controls and sensors -- are physically isolated from the publicly accessible Internet, they said.
The intruders entered through vulnerabilities in the networks of two or three contractors helping to build the high-tech fighter jet, according to people who have been briefed on the matter. Lockheed Martin is the lead contractor on the program, and Northrop Grumman Corp. and BAE Systems PLC also play major roles in its development.
Lockheed Martin and BAE declined to comment. Northrop referred questions to Lockheed.
The spies inserted technology that encrypts the data as it's being stolen; as a result, investigators can't tell exactly what data has been taken. A former Pentagon official said the military carried out a thorough cleanup.
Fighting online attacks like these is particularly difficult because defense contractors may have uneven network security, but the Pentagon is reliant on them to perform sensitive work. In the past year, the Pentagon has stepped up efforts to work with contractors to improve computer security.
Investigators traced the penetrations back with a "high level of certainty" to known Chinese Internet protocol, or IP, addresses and digital fingerprints that had been used for attacks in the past, said a person briefed on the matter.
As for the intrusion into the Air Force's air-traffic control systems, three current and former officials familiar with the incident said it occurred in recent months. It alarmed U.S. national security officials, particularly at the National Security Agency, because the access the spies gained could have allowed them to interfere with the system, said one former official. The danger is that intruders might find weaknesses that could be exploited to confuse or damage U.S. military craft.
Military officials declined to comment on the incident.
In his speech in Austin, Mr. Brenner, the U.S. counterintelligence chief, issued a veiled warning about threats to air traffic in the context of Chinese infiltration of U.S. networks. He spoke of his concerns about the vulnerability of U.S. air traffic control systems to cyber infiltration, adding "our networks are being mapped." He went on to warn of a potential situation where "a fighter pilot can't trust his radar."
Everyone really needs to help out on this one, the link to the website can be found here.
Please take action!
The European open internet is under imminent threat
URGENT - VOTING IN EU PARLIAMENT 5th of MAY 2009
Don't let the EU parliament lock up the Internet! There will be no way back!
Internet access is not conditional
Everyone who owns a website has an interest in defending the free use of Internet... so has everyone who uses Google or Skype... everyone who expresses their opinions freely, does research of any kind, whether for personal health problems or academic study ... everyone who shops online...who dates online...socialises online... listens to music...watches video...
The internet as we know it is at risk because of proposed new EU rules going through end of April. Under the proposed new rules, broadband providers will be legally able to limit the number of websites you can look
at, and to tell you whether or not you are allowed to use particular services. It will be dressed up as ‘new consumer options' which people can choose from. People will be offered TV-like packages - with a limited
number of options for you to access.
It means that the Internet will be packaged up and your ability to access and to put up content could be severely restricted. It will create boxes of Internet accessibility, which don't fit with the way we use it today. This is because internet is now permitting exchanges between persons which cannot be controlled or "facilitated" by any middlemen (the state or a corporation) and this possibility improves the citizen's life but force the industry to lose power and control. that's why they are pushing governments to act those changes.
The excuse is to control the flow of music, films and entertainment content against the alleged piracy by downloading for free, using P2P file-sharing. However, the real victims of this plan will be all Internet users and the democratic and independent access to information, culture goods.
Think about how you use the Internet! What would it mean to you if free access to the Internet was taken away?
These days, the Internet is about life and freedom. It's about shopping, booking theatre tickets ... holidays, learning, job-seeking, banking, and trade. It's also about the fun things - dating, chatting, invitations, music, entertainment, joking and even a Second Life. It is a tool to express ourselves, to collaborate, innovate, share, stimulate new business ideas, reach new markets - thrive without middlemen..
Just think - what's your web address? Unless people have that address in their "package" of regular websites - they won't be able to find you. That means they can't buy, or book, or register, or even view you online. Your business won't be able to find niche suppliers of goods - and compare prices. If you get any money at all from advertising on your site, it will diminish. Yes, Amazon and a select few will be OK, they will be the included in the package. But your advertising on Google or any other website, will be increasingly worthless. Skype could be blocked. (As it is in Germany in the use from iPhone, already). Small businesses could literally disappear, especially specialist, niche or artisan businesses.
If we don't do something now - we could lose free and open use of the internet. Our freedom (of choice in information, market, culture, pleasure) will be curtailed. The EU proposals hold an enormous risk for our future. They are about to become Law - and will be virtually impossible to reverse. People (even the members of the European Parliament who are voting on it) don't really seem to understand the full implications and the legal changes are wrapped up in something called "Telecoms Package" which lulls people into thinking it is just about industry.
However, in reality, hiding from public view, the amendments are about the way the Internet will operate in future! Text that expresses your rights to access and distribute content, services and applications, is being crossed out. And the text that is being brought in, says that broadband providers must inform you of any limitations, or restrictions to your broadband service. Alternative versions use the word ‘conditions' - and it is seriously being proposed that you will be told the conditions of use of Internet services. This is made to sound good - it is dressed up as ‘transparency' - except that of course it means that the broadband providerwill have the legal right restrict your access or impose conditions,otherwise why would they need tell you? If the Telecoms Package amendmentsare voted in, the changes will not be reversible.
We all have a stake in the Internet! You need to act now to save it!
What can you do about it?
Tell the European Parliament to vote against conditional access to the Internet! Remind them that they need your vote in June and that internet still give us the tools to be watching and judging what they are doing! (link a la quadrature du net) You must know you are not alone: hundreds of organizations are working on that and thousands of people have already contact their parliamentarians about this issue.
So, act now:
1 - Email, write to or phone your MEP - follow this link to get theirdetails - a suggested template letter is attached. You can also use the following software that send the letter directly to all the parliamentarians. Believe, they will really receive it and they will really feel the pressure. You are welcome to personalize the letter and include information that will make MEPs wake up, take note and take appropriate action.
2 - Forward this email to everyone you know so that they can take action.
3 - Syndicate this page so that you keep been informed: disinformation is what they count on, we must be aware. Text for people to cut and paste to MEP: The coalition version needs to have instructions for people from each country. coalition members need to get a translated version online in their own languages and link to the LQ site for their own MEPs.
The time to post this one just seems fitting all things considered recently, for those of you that remember this one, drop me a line, let's catch up somewhere.
The Hacker Manifesto
Written January 8, 1986
Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
Damn kids. They're all alike.
But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world...
Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...
Damn underachiever. They're all alike.
I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."
Damn kid. Probably copied it. They're all alike.
I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...
Damn kid. All he does is play games. They're all alike.
And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...
Damn kid. Tying up the phone line again. They're all alike...
You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
Ok, we need to do something now, things are getting out of hand!
From the BBC
New CCTV cars to catch drivers using their mobile phones or being otherwise distracted at the wheel are being piloted by Greater Manchester Police.
The small Smart cars, which have a 12ft (3.6m) mast with a camera attached, are parked at junctions to monitor traffic.
Mike Downes of the Greater Manchester Casualty Reduction Partnership said the scheme was successfully "driving the number of accidents down".
But the AA's Paul Watters said drivers "might regard it as Big Brother".
Proportionate and fair
Two cars are currently being piloted in Greater Manchester, the first of their kind in the UK.
Anyone seen driving while distracted - eating at the wheel, playing with the radio or applying make-up for instance - is filmed by the cameras.
Later, a letter is sent to the owner of the car, in many cases along with a fine.
Anyone caught using their mobile will be asked to pay £60 and have three points added to their licence. Fines could also be handed out to anyone who is thought to be driving without due care and attention, or similar offences
According to the Partnership - also known as Drivesafe - there have been 406 collisions in Greater Manchester in the past two years which can be attributed to distracted drivers.
Of those, 51 were said to involve the use of a mobile phone as a significant factor.
Mr Downes said the cars would only trace people who are committing an offence.
"The camera is only trained on the vehicle to secure the evidence," he said.
"I would say the actions we are taking are reasonable, proportionate and fair in light of the fact that we are trying to save lives."
The scheme is only a few weeks into the pilot, so figures on the numbers of people who have been caught using this technology are unavailable.
But the CCTV cars have already attracted criticism from people who argue they are an infringement of people's privacy.
Paul Watters from the Automobile Association (AA), said he had reservations about the cars, and would watch the pilot scheme with interest.
"CCTV enforcement lacks connection with the driver until after the event and some drivers might regards it as Big Brother.
"We think that most drivers would prefer police in cars to dish out tickets on the spot and instil better driving behaviour," he said.
If the scheme is seen to be a success in reducing the number of accidents, those behind it hope it could be rolled out across the UK.
Some councils already use Smart cars with cameras to track parking and bus lane offences.
This really gets to be, as if any security researcher were to do this in the UK, we'd loose our jobs, and probably be locked up for a minimum of ten years, but yet when the BBC does it, it's fine?
"For a short time in February, I had complete control over 21,696 personal computers around the world. These were machines whose owners had not taken the basic security precautions necessary to stay safe online.
While their owners were busy checking their e-mails, or playing Solitaire, or doing their accounts, I could have made their computers do anything I wanted without anyone knowing.
I could have ordered the machines to log keystrokes as they were typed, and then send me anything that looked like a banking user name and password.
I could have redirected the users to fake shopping websites - identical to the originals, apart from the fact that come point of sale, the credit card and security numbers would have been delivered to me.
Or I could have used them to spread spam and phishing e-mails to thousands of other computers.
I did not, of course. That would have been illegal. "
So, let me get this straight, it's fine to have control of 21,696 PC's from around the world, and to gain access to them illegally, and some of these may have even been corporate PC's, so other laws could have been broken here as well.
It's fine though for Spencer Kelly to do this, and have the British Broadcasting Centre air this on a show on national television though, but yet he feels it's illegal to do the things mentioned above, is he serious?
I'd like to see documented proof that nothing was changed on any of these PC's that were under control, and were all the owners of these PC's made aware of what was going on?
Yet Gary Mc Kinnon hacks into some PC's in the US in search of UFO's, and they wanted to press charges of terrorism, and put him in Guantanamo bay.
What the hell is happening to this country?