At the beginning of the second half of 2006, British Telecom began the migration of approximately 350,000 customers in the Cardiff, Bridgend and Pontypridd areas (UK) to an extraordinary new telecommunications network, a network that will radically transform the way in which we communicate. But what exactly is 21CN?

The initial release of our 21CN article series is now available at the following location.

http://www.2600uk.com/21st-century-network/

Be sure to check back as more articles and announcements are released and additional information becomes available.

Computer hackers have exploited weaknesses in the security technology of a Puerto Rican bank to siphon hundreds of thousands of US dollars (euros) out of two U.S. Virgin Islands government accounts, a finance official said Thursday.

Hackers accessed the U.S. Caribbean territory’s accounts with banking giant Banco Popular, making numerous small withdrawals for up to two months until government officers discovered the thefts totaling US$500,000 (euro399,010) in August, Finance Commissioner Bernice Turnbull said.

Read the full story here

Trend Micro, a pretty big AV company have announced that thousands of government computers may be compromised with bot infections. Among those listed are the Department of Defense, the Navy Network Information Center, the Pittsburgh Supercomputing Center, Argonne National Laboratory, and the Navy Regional Data Automation Center.

Their research comes from the analysis of 60Terabytes of data from their Behavioral Analysis Security Engine (BASE), including a massive amount of spam email in addition to aggregated data from network connections on netflow enabled networks and dns queries. Some of the organisations listed have disputed the finding and research team is now rechecking their findings.

Trend Micro estimates there are 70 million hacked zombie computers worldwide and that each month 8 to 9 million are used to send spam. Also 60% of the compromised computers are primarily used to send spam, the remainder for more nefarious purposes.

Sources: Trend Micro: Thousands Of Government Computers Infected By Bots and Trend Micro Goes After Botnets

The Bureau of Industry and Security (BIS) is the US gov department that accepts paperwork on dual use tech for export approval. Basicly, anything crypto that isn’t mass marketed goes through them.

As part of the process they receive detailed plans of how devices work which they keep on computer.

It is these computers that were hacked from src ips in China. Whether the actual hackers were in china or whether that was just an intemediate node is anyones guess. Its also not known what information was taken. However, the US has took it seriously enough to take all the department’s systems offline pending a reinstall rather than attempt to clean the rootkits that were used. This is the second breach the gov have admitted to since July.

Source: Bureau of Industry and Security Hacked and Chinese Hackers Hit Commerce Department
And for anyone that knows me… ‘Hi!’
This is the first of hopefully many regular posts…

Some nice-looking screenshots of Microsoft’s next version of Windows Mobile - codenamed ‘Crossbow’ - have popped up on the web to show the upcoming operating system’s swankier graphics.

The images come courtesy of MSMobileNews, which has a selection of shots on offer. Meanwhile, the similarly names MSMobiles has a smaller pic showing Windows Mobile 6.0/Windows Mobile 2007’s Vista-like folder icons.

The first report provides some Windows Mobile release information, though the data was first made public in April this year. Specifically, Crossbow is due to ship to OEMs in Q4 to allow them plenty of time to get devices ready for the OS’ introduction in late Q1/early Q2 2007. Crossbow is expected to give gadgets more a better telephony experience and to improve its messaging technology.

Come Q4 2007, and Microsoft will release ‘Photon’, the follow up to Crossbow, to developers. Photon is said to sport a new Windows CE foundation. It’s due to be launched to the public Q1/Q2 2008.

Source : The Register - Vista-inspired Windows Mobile 6 spied on web

From The Register’s John Leyden:

The Swiss government is “considering” the use of a spyware application called Superintendent Trojan to eavesdrop on IP telephony conversation, Heise Security reports.

Swiss firm ERA IT Solutions said it hopes to supply the Superintendent Trojan only to government agencies, a policy it hopes will leave it off malware blacklists compiled by anti-virus and anti-spyware developers.

Even if we accept ERA’s assertion that the use of the technology would be restricted to government agencies, anti-virus firms would be honour bound to blacklist the app if any of their customers complained about it.

As well as allowing VoIP calls to be monitored, the software is surreptitiously turning on the built-in microphones or webcams on target PCs. All this assumes, of course, that the software can be successfully planted in the first place - a tricky proposition without physical access to a PC, as HP leak gum-shoes might attest.

Altogether the plan seems fraught with difficulties, without even considering whether evidence obtained via such covert methods would be legally submittable.

Charles Gudet, the head of the Special Services Department at UVEK (the Swiss government department in charge of telecoms, among other things), told Sonntags Zeitung there’s no basis for using such Trojan techniques under federal wiretap laws (such as the Federal Post and Telecommunications Surveillance Act). However, local laws and federal police procedures permit the use of software wiretaps providing surveillance has being authorised by a court.

Source: The Register - Swiss gov ‘mulls’ spyware to tap VoIP calls

The U.S. Air Force is preparing to create a new command to develop techniques for fighting in cyberspace. Air Force Print News reported Oct. 5 that Air Force leaders will gather in Washington in early November to discuss the plans. On Dec. 7, 2005, cyberspace became an official Air Force domain after Secretary of the Air Force Michael W. Wynne and Chief of Staff of the Air Force Gen. T. Michael Moseley introduced a new mission statement.

The statement informed Air Force personnel that their new mission was to “deliver sovereign options for the defense of the United States of America and its global interests — to fly and fight in air, space and cyberspace.”

Moseley said that Air Force leaders establishing a new “cyber command” to be responsible for fighting in that domain, commenting: “To deliver the full spectrum of effects we will evolve a coherent enterprise, with war fighting ethos, ready to execute any mission in peace, crisis and war. We will foster a force of 21st Century warriors, capable of delivering the full spectrum of kinetic and non-kinetic, lethal and non-lethal effects across all three domains. This is why we are standing up an operational command for cyberspace, capable of functioning as a supported or supporting component of the joint force.”

Read more here

The following text is taken from Paul Joseph Watson & Alex Jones/Prison Planet.com

Each time a new flash application requests permission to run on newer computers, you will notice that a privacy setting box pops up asking if the particular website you are surfing can access your microphone and webcam. Though the webcam is external, the microphone is internal and is a standard feature of all new models.

Now Google have announced that they will use in-built microphones to listen in on user’s background noise, be it television, music or radio - and then direct advertising at them based on their preferences.

“The idea is to use the existing PC microphone to listen to whatever is heard in the background, be it music, your phone going off or the TV turned down. The PC then identifies it, using fingerprinting, and then shows you relevant content, whether that’s adverts or search results, or a chat room on the subject,” reports the Register.

Google’s ceaseless drive to dominate Microsoft and reap untold profits has come at the expense of privacy as the company jettison’s its “don’t be evil” mandate and merges itself into a proxy NSA outfit, creating all the tools necessary for the state to suffocate its subjects under an inescapable high-tech panopticon control grid.

Yesterday, Google Labs opened up the beta version of their CodeSearch search engine, giving way to an influx of pro-hack comments.

The, long awaited, CodeSearch facility enables users to lookup chunks of public source code, something thats sure to put the fjear mode : ON into the likes of Krugle, Codease and co.

Of course, pulling serverside source from webpages has been a dream of most hackers at one time or another, and Googles CodeSearch certainly lends its hand in doing so.

Consider the following search queries which will yield numerous results for unchecked GET variables, which could prove useful when employing Cross Site Scripting (XSS) attack vectors.

file:process.php "include($"

result: http://tinyurl.com/rrmh2

"include($_GET"

result: http://tinyurl.com/rdpl9

Not to mention the insertion of the following regex which outputs a mediocre 22,500 email addresses - making Google CodeSearch every spammers wet dream.

(Chris McClelland, of AJAXPress. stating over 11million emails from the string “@” - funny, we only found 9.5million, and half of those were not email related.)


^[a-zA-Z]([.]?([[:alnum:]_-]+)*)?@([[:alnum:]\-_]+\.)+[a-zA-Z]{2,4}$


result: http://tinyurl.com/ftz3u

Further, Google CodeSearch could prove to be somewhat of an engine for distributing “bad” code to unsuspecting programming/scripting newbies. “Google Code Search could also prove to be a tool for malware writers to distribute their code”, Adds Google Blogs, Steve Bryant, with a bit of realism to the whole security issue.

From man2600@gmail….

There will be no Manchester 2600 meeting this month for obvious
reasons.

The next Manchester 2600 Meeting will be the 3rd November 2006

Thanks

Manchester 2600

Obvious reasons being the BrumCon 2006 hacker conference. www.brum2600.net