Prometheus 6

Belcher said. "We're also interested in integrating [the batteries] with biological organisms."

MIT engineers work toward cell-sized batteries
Microbatteries could power tomorrow's miniature devices
Elizabeth A. Thomson, News Office
August 20, 2008

Forget 9-volts, AAs, AAAs or D batteries: The energy for tomorrow's miniature electronic devices could come from tiny microbatteries about half the size of a human cell and built with viruses.

MIT engineers have developed a way to at once create and install such microbatteries -- which could one day power a range of miniature devices, from labs-on-a-chip to implantable medical sensors -- by stamping them onto a variety of surfaces.

In the Proceedings of the National Academy of Sciences (PNAS) the week of Aug. 18, the team describes assembling and successfully testing two of the three key components of a battery. A complete battery is on its way.

[P6: Actually, complete batteries are here already.

Instead of physically arranging the component parts, researchers genetically engineer viruses to attract individual molecules of materials they're interested in, like cobalt oxide, from a solution, autonomously forming wires 17,000 times thinner than a sheet of paper that pack themselves together to form electrodes smaller than a human cell.

"Once you do the genetic engineering with the viruses themselves, you pour in the solution and they grow the right combination of these materials on them," Belcher says. 

]

The technique, devised by Pilosov, doesn't exploit a bug or flaw in BGP. It simply exploits the natural way BGP works....

"Everyone ... has assumed until now that you have to break something for a hijack to be useful," Kapela said. "But what we showed here is that you don't have to break anything. And if nothing breaks, who notices?"

You think that's deep? Consider the repercussions of this:

"I went around screaming my head about this about ten or twelve years ago.... We described this to intelligence agencies and to the National Security Council, in detail."

Revealed: The Internet's Biggest Security Hole
By Kim Zetter
August 26, 2008 | 8:00:00 PM

Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.

The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.

Data Breaches Have Surpassed Level for All of '07, Report Finds
By Brian Krebs
Washingtonpost.com Staff Writer
Tuesday, August 26, 2008; D01

More data breaches have been reported so far this year than in all of 2007, according to a report released yesterday by a nonprofit group that works to prevent fraud.

Identity Theft Resource Center of San Diego found that 449 U.S. businesses, government agencies and universities have reported a loss or theft of consumer data this year. Last year, the center tallied 446 breaches involving 127 million consumer records. About 90 million of those records were attributed to a single retail chain, TJX, which operates T.J. Maxx stores.

Once a person is being monitored, pattern-recognition software first identifies their typical behaviour, such as repeated calls to certain numbers over a period of a few months. The software can then identify any deviations from the norm and flag up unusual activities, such as transactions with a foreign bank, or contact with someone who is also under surveillance, so that analysts can take a closer look.

However, it is far from clear whether the technology will prove accurate. Security experts warn that data-fusion technologies tend to produce a huge number of false positives, flagging up perfectly innocent people as suspicious...."If you're looking for burglars in a run-down district where 50 per cent of men have a criminal conviction, you may find plenty. But if you're trying to find terrorists among airline passengers - where they are extremely rare - then almost all your hits will be false."

Surveillance made easy
09:00 23 August 2008
NewScientist.com news service
Laura Margottini

"THIS data allows investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time."

So said the UK Home Office last week as it announced plans to give law-enforcement agencies, local councils and other public bodies access to the details of people's text messages, emails and internet activity. The move followed its announcement in May that it was considering creating a massive central database to store all this data, as a tool to help the security services tackle crime and terrorism.

Revealed: 8 million victims in the world's biggest cyber heist

AN international criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than £2.8billion in illegal funds.

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007.

Amounting to a complete identity-theft kit, the stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment.

Fish Tale Has DNA Hook: Students Find Bad Labels
By JOHN SCHWARTZ

Many New York sushi restaurants and seafood markets are playing a game of bait and switch, say two high school students turned high-tech sleuths.

In a tale of teenagers, sushi and science, Kate Stoeckle and Louisa Strauss, who graduated this year from the Trinity School in Manhattan, took on a freelance science project in which they checked 60 samples of seafood using a simplified genetic fingerprinting technique to see whether the fish New Yorkers buy is what they think they are getting.

They found that one-fourth of the fish samples with identifiable DNA were mislabeled. A piece of sushi sold as the luxury treat white tuna turned out to be Mozambique tilapia, a much cheaper fish that is often raised by farming. Roe supposedly from flying fish was actually from smelt. Seven of nine samples that were called red snapper were mislabeled, and they turned out to be anything from Atlantic cod to Acadian redfish, an endangered species.

“It’s unprecedented access for bloggers, yes, but it’s certainly not equal access,” said Ms. Spaulding, who learned last week that Pam’s House Blend would receive two extra credentials. “What, pray tell, is the big secret?”

The annoyance felt by many bloggers is familiar to those who previously attended conventions as correspondents for smaller print publications. “This is very reminiscent of being at the low end of the totem pole,” said Micah Sifry, the co-founder of the group blog Techpresident.com, who formerly wrote for The Nation magazine and attended his first convention in 1984. “They can’t buy a sky box, they’re scrambling.”

The Year of the Political Blogger Has Arrived
By AMANDA M. FAIRBANKS

WHEN Pam Spaulding heard from two contributors to her blog, Pam’s House Blend, that they couldn’t afford to attend the Democratic National Convention, she knew that historic times called for creative measures.

Getting convention credentials for her blog, a news site for the gay, lesbian, bisexual and transgender community, was the easy part. As air fare, lodging and incidentals began piling up, paying for the trip to Denver became the bigger obstacle.

For Ms. Spaulding, 45, who works full time as an IT manager at Duke University Press in Durham, N.C., blogging is her passion, an unpaid hobby she pursues at nights and on weekends. So she called on her 5,500 daily readers to help raise funds: “Send the Blend to Denver” reads the ChipIn widget on her blog’s home page that tracks donations from readers; so far they have pledged more than $5,000 to transport Ms. Spaulding and three other bloggers to the convention.

Professor Olu Agbi said "greedy" Australians who tried to partake in these crimes - even though they are scams - should be arrested as well.

"People who send their money are as guilty as those who are asking them to send the money," he said.

Jail the 'greedy' scam victims, says Nigerian diplomat
Asher Moses
August 22, 2008

THE Nigerian high commissioner says people who are ripped off by so-called Nigerian scams are just as guilty as the fraudsters and should be jailed.

Responding to a story in yesterday's Herald, which revealed Australians lose at least $36 million a year to the online scams, Sunday Olu Agbi said Australians had failed to heed repeated warnings not to deal with shady characters on the internet.

Okay, not really...the attack targets the browser, not the operating system.

Security researcher Aviv Raff has created a proof-of-concept demo to show how easy it is to use Flash with ActionScript code to load (persistently) a malicious URL into a target clipboard.   (BEWARE: If you click on the demo link, your clipboard is automatically hijacked and will only be released if the browser window is closed).

The link to the proof of concept demo is on the other side of the main link...I didn't post it, even though it's just a demonstration, because you should only click such things willfully. 

Adobe Flash ads launching clipboard hijack attack
Posted by Ryan Naraine @ 2:52 pm

Malicious hackers are using booby-trapped Flash banner ads to hijack clipboards for use in rogue security software attacks.

In the Web attacks, which target Mac, Windows and Linux users running Firefox, IE and Safari, hackers are seizing control of the machine’s clipboard and using a hard-to-delete URL that points to a fake anti-virus program.

According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.

If you are logging in to your Gmail account from different locations and you would like to benefit from this option only when you are using unsecured networks, you can force it by manually typing https://mail.google.com before you log in. This will access the SSL version of Gmail and it will be persistent over your entire session and not only during authentication.

Gmail Account Hacking Tool

A tool that automatically steals IDs of non-encrypted sessions and breaks into Google Mai has been presented at the Defcon hackers’ conference in Las Vegas.

Last week Google introduced a new feature in Gmail that allows users to permanently switch on SSL and use it for every action involving Gmail, and not only, authentication. Users who did not turn it on now have a serious reason to do so as Mike Perry, the reverse engineer from San Francisco who developed the tool is planning to release it in two weeks.

Totally stolen

The Rise Of The Droids

August 11, 2008: The U.S. Air Force is, for the first time, converting a fighter wing from manned (F-16) combat aircraft, to unmanned ones (the MQ-9 Reaper.) The conversion, for the 174th Fighter Wing, has been in the works for three years, and the last combat sorties in manned aircraft were flown last week, by members of the 174th serving in Iraq.

The air force has already converted several combat wings to fly Predators which, while armed (with two 107 pound Hellfire missiles), are considered reconnaissance aircraft. The Reaper is considered a combat aircraft, optimized for seeking out and destroying ground targets. Jet powered combat UAVs are in development. It's only a matter of time before UAVs take over air superiority, strategic bombing and suppression of enemy air defenses duties as well.

Google News informs us that the Russians are invading the South

Apple removes $1,000 featureless iPhone application
4:41 PM, August 7, 2008

Eight iPhone owners have joined an elite clan: Their Apple gadget is running a program that cost nearly $1,000.

When the iPhone first hit the market in June 2007, those who paid the $499 entry price -- and signed the two-year AT&T contract -- owned a status symbol. A year later, we have the iPhone 3G, Apple's speedier, sleeker and, most important, less expensive smart phone, which introduced a section for downloading third-party applications. Now that the phone is affordable enough for a wider audience, a new status symbol has emerged: a seemingly useless application called I Am Rich.

The tests suggest that if the microchips are vulnerable to cloning then bogus biometrics could be inserted in fake or blank passports. 

‘Fakeproof’ e-passport is cloned in minutes
Steve Boggan

New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.

Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged.

In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.

Massive faux-CNN spam blitz uses legit sites to deliver fake Flash
More than 1,000 hacked sites serving up phony update; Adobe issues warning
Gregg Keizer

August 6, 2008 (Computerworld) More than a thousand hacked Web sites are serving up fake Flash Player software to users duped into clicking on links in mail that's part of a massive spam attack masquerading as CNN.com news notifications, security researchers said today.

The bogus messages, which claim to be from the CNN.com news Web site, include links to what are supposedly the day's Top 10 news stories and Top 10 news video clips from the cable network. Clicking on any of those links, however, brings up a dialog that says an incorrect version of Flash Player has been detected and that tells users they needed to update to a newer edition, said Sam Masiello, vice president of information security at Denver-based security company MX Logic Inc.

Unfortunately it's also a perfect metophor for our national infrastructure.

The state payroll system is based on the COBOL, or Common Business Oriented Language, programming language – a code first introduced in 1959 and popularized in the 1960s and 1970s.

California state computers can't handle pay cut, controller says
By Kevin Yamamura
Published 12:00 am PDT Tuesday, August 5, 2008

If Gov. Arnold Schwarzenegger wants to issue minimum-wage checks to 200,000 state workers in less than a month, he may want to rehire any semi-retired computer programmers he terminated last week.

The massive pay cut would exhaust the state's antiquated payroll system, which is built on a Vietnam-era computer language so outdated that many college students don't even bother to learn it anymore.

Democratic state Controller John Chiang said Monday it would take at least six months to reconfigure the state's payroll system to issue blanket checks at the federal minimum wage of $6.55 per hour, though Schwarzenegger insists such a change should occur this month.

Experts say Chiang isn't joking when he describes the state's payroll system as a computing relic on par with vacuum tubes and floppy disks.

Micro blogging site Twitter is the latest target of cyber criminals who are increasingly finding fertile ground on social networks.

A fake Twitter profile with a malicious payload has been spotted by security firm Kaspersky.

It purports to link to a pornographic video but downloads a fake version of Adobe Flash which installs programs capable of stealing data.

The attack is believed to be the first to target Twitter.

Social net

The attack is believed to have originated in Brazil because of the language it uses, the servers it calls on to download trojans and the e-mail address used to collect stolen data.

It enabled the subprime mortgage bubble and collapse. I'm sure it will be at least as helpful for the medical insurance companies.

Also, if I recall correctly, there's health information on your credit report...yup, check the bolded line from this, on employment background checks:

Aren't some of my personal records confidential?

The following types of information may be useful for an employer to make a hiring decision. However, under the federal Fair Credit Reporting Act, the employer is required to get your permission before obtaining the records. (See PRC Fact Sheet 11, "From Cradle to Grave: Government Records and Your Privacy," www.privacyrights.org/fs/fs11-pub.htm)

--------------->8---snip-snip!!---8<---------------

• Medical records. In California and many states, medical records are confidential. There are only a few instances when a medical record can be released without your knowledge or authorization. The FCRA also requires your specific permission for the release of medical records. If employers require physical examinations after they make a job offer, they will have access to the results. The Americans with Disabilities Act allows a potential employer to inquire only about your ability to perform specific job functions. (42 USC §12101)

The FCRA is the Fair Credit Reporting Act, and I don't think the FCRA compels credit agencies to show YOU that information at all...after all, it's not credit information.

Oh, right...this is what brought all that on...

Prescription Data Used To Assess Consumers
Records Aid Insurers but Prompt Privacy Concerns
By Ellen Nakashima
Washington Post Staff Writer
Monday, August 4, 2008; A01

Health and life insurance companies have access to a powerful new tool for evaluating whether to cover individual consumers: a health "credit report" drawn from databases containing prescription drug records on more than 200 million Americans.

Collecting and analyzing personal health information in commercial databases is a fledgling industry, but one poised to take off as the nation enters the age of electronic medical records. While lawmakers debate how best to oversee the shift to computerized records, some insurers have already begun testing systems that tap into not only prescription drug information, but also data about patients held by clinical and pathological laboratories.

The laptop did not contain Social Security numbers, credit card numbers or fingerprint or iris images used to verify identities at the checkpoints, Beer said.

Oh, good...

The laptop contained personal information on applicants to the program, including names, address and birth dates, and in some cases driver's license, passport or green card numbers, the company said.

Oh, damn!

Missing SFO Laptop With Sensitive Data Found

SAN FRANCISCO INT'L AIRPORT (CBS 5 / AP / BCN) ― The company that runs a fast-pass security prescreening program at San Francisco International Airport said Tuesday that it found a laptop containing the personal information of 33,000 people more than a week after it apparently went missing.

The Transportation Security Administration announced late Monday that it had suspended new enrollments to the program, known as Clear, after the unencrypted computer was reported stolen at SFO.

The indictment alleges that after they collected the data, the conspirators concealed the data in encrypted computer servers that they controlled in Eastern Europe and the United States. They allegedly sold some of the credit and debit card numbers, via the Internet, to other criminals in the United States and Eastern Europe.

TJX identity theft saga continues: 11 charged with pilfering millions of credit cards
Submitted by Layer 8 on Tue, 08/05/2008 - 2:48pm.

The Justice Department charged 11 people in connection with the massive credit and debit card number theft from various retailers, including TJX, BJs and OfficeMax.

The group charged were involved in the theft of more than 40 million credit and debit card numbers that officials said they is the largest identity-theft case ever prosecuted by the Department of Justice.

In an indictment returned today by a federal grand jury in Boston, Albert "Segvec" Gonzalez, of Miami, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft and conspiracy for his role in the scheme. Charges were also brought on related charges against Christopher Scott and Damon Patrick Toey, both of Miami, the DOJ said.  Gonzalez was previously arrested by the Secret Service in 2003 for access device fraud. During the course of this investigation, the Secret Service discovered that Gonzalez, who was working as a confidential informant for the agency, was criminally involved in the case. Because of the size and scope of his criminal activity, Gonzalez faces a maximum penalty of life in prison if he is convicted of all the charges alleged in the Boston indictment.

Others from Estonia, China and Belarus were also charged.

 

This was the third time in his 10 years with FCPL that the FBI has come to the library seeking records, Batson said. It was the first time they came without a court order....

"They had an awful lot of information," he said, but he was not allowed to discuss specifics.

"It was a decision I made on my experience and the information given to me," he said.

 

FBI seizes local Md. library computers
August 3, 2008 - 9:41am

The FBI removed computer records from the C. Burr Artz Library this week, a library official confirmed Saturday.

Darrell Batson, director of Frederick County Public Libraries, said two FBI employees came to the downtown Frederick library either Wednesday or Thursday. The agents removed two public computers from the library's second floor. They told him they were taking the units back to their office in Washington, D.C., Batson said.

It's Troll Day on the net!

Since libel lawsuits are mostly about clearing one's name, Solove finds himself lamenting the lost ritual of duels, which he describes as an elaborate nonjudicial way of settling disputes that rarely actually got to the shooting phase.

Yale Students' Lawsuit Unmasks Anonymous Trolls, Opens Pandora's Box
By Ryan Singel
07.30.08

"Women named Jill and Hillary should be raped."

Those are the words of "AK-47" -- a poster to the college-admissions web forum AutoAdmit.com. AK-47 was one of a handful of students heaping misogynist scorn on women attending the nations' top law schools in 2007, in posts so vile they spurred a national debate on the limits of online anonymity, and an unprecedented federal lawsuit aimed at unmasking and punishing the posters.

Now lawyers for two female Yale Law School students have ascertained AK-47's real identity, along with the identities of other AutoAdmit posters, who all now face the likely publication of their names in court records -- potentially marking a death sentence for the comment trolls' budding legal careers even before the case has gone to trial.