On 30th August, the Home Office conclude their musing of, as yet, un-included portions of the Regulation of Investigatory Powers Act (2000). Portions that will give police not only full access to peoples encrypted data, but full a history of a person’s communications records.

Further Information: Spyblog Conference Details & information

Blackberry devices are under scrutiny once again as, director of research for Germany’s Praetorian Global, Jesse D’Aguanno demonstrates its effectiveness as a hacking tool at this years DefCon. D’Aguanno plans to release a software suite later this month that will allow an attacker to penetrate a companies Intranet with veritable ease. The vunerability occurs as there is little to no segmentation between the Blackberry device and the internal network.

More Information : http://www.praetoriang.net/presentations/blackjack.html

The Register is reporting on a new scandal involving the Royals. From the article: “Police have arrested three men - including a reporter from the News of the World - as part of an investigation into allegations that the phone calls of staff working for Prince Charles were intercepted.”

Source : The Register - Three quizzed in Royal phone tap probe

In a very controversial move, long time ISP AOL; have released the search details of 657,427 of its users for “research purposes”. Realising what a bollocks up they’ve made, AOL have now pulled the data, although it is still available via The Pirate Bay.

“AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the ability to analyse all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.”

Notes Michael Arrington of TechCrunch.

News giant, Reuters are currently on the run after a story on a blog, little green footballs, outted the media monolith for faking and digitally enhancing some of the photos that they distribute. Now under heavy investigation, Reuter’s photographer Adnan Hajj, has been found to stage photographs as well as digitally edit them to appeal to western society.

To make matters worse, other pictures from Reuters are now under scrutiny, as it would appear that Adnan Hajj isn’t the only person to touch up his pictures. Numerous web sites are covering the story, though I somehow doubt that it will make mainstream news - a case of the media censoring the media’s censoring, so to speak.

More information and analysis can be found at:
http://www.littlegreenfootballs.com/weblog/weblog.php
http://powerlineblog.com/archives/014929.php
http://drinkingfromhome.blogspot.com/2006/08/extreme-makeover-beirut-edition.html
http://mypetjawa.mu.nu/archives/184206.php

Owners of the .cm Top Level Domain, Cameroon, have stumbled across a controversial new business model. Noticing that their TLD is only one letter short of .com, the Cameroons have now added a wildcard entry to their DNS records pointing all unresolved queries to an ad-based search engine. Unfortunately, ICANN has little control over what a country can do with its own TLD, unlike the earlier attempt by Verisign on the actual .com TLD

Aiding the fight against malware, Google have added a new feature to its search results. Now flagging sites that are suspect of carrying malware, spyware and all other kinds of naughtyware, Google is giving users the option to steer clear by giving them an early warning and offering an alternative search result.

The feature employs a list of known reprobates as determined by the Stop Badware Coalition, of which Google is a member. Upon clicking an offending link, users are presented with a warning and the option to continue or go someplace else.

At this years Black Hat conference in New York, security consultant Brendan O’Connor displayed a proof of concept attack against a Xerox printer. Exploiting vulnerabilities in the printers embedded software; O’Connor was able to snoop on the traffic being passed to the device. During the conference O’Connor highlighted the importance of security in embedded software and pointed out the huge amount of sensitive information that could be leaked if such an attack occurred. Xerox has released a patch for their WorkCenter printers but O’Connor maintains that the issue is not fully resolved.

espo812 of slashdot reports “A story from Washingtonpost.com says, ‘The Senate has ratified a treaty under which the United States will join more than 40 other countries, mainly from Europe, in fighting crimes committed via the Internet.’ Ars Technica says it’s the ‘World’s Worst Internet Law.’”

From the Ars story: “According to the EFF, ‘The treaty requires that the U.S. government help enforce other countries’ ‘cybercrime’ laws–even if the act being prosecuted is not illegal in the United States. That means that countries that have laws limiting free speech on the Net could oblige the F.B.I. to uncover the identities of anonymous U.S. critics, or monitor their communications on behalf of foreign governments. American ISPs would be obliged to obey other jurisdictions’ requests to log their users’ behaviour without due process, or compensation.”

Source : Slashdot - U.S. Senate Ratifies Cybercrime Treaty

The Register is running a two-page article on the cloning of the new biometric passports that are becoming widely implemented. Lukas Grunwald, from Germany’s DN-Systems consultants, demonstrated, at Black Hat, the ease to which a biometric passport can be fraudulently cloned. What may be even more surprising, is that the, widely available, ICAO documentation actually outlines the technical processes in quite a lot of detail.

To read more, please follow this link to The Register