|Ken Novak's Weblog
Purpose of this blog: to retain annotated bookmarks for my future reference, and to offer others my filter technology and other news. Note that this blog is categorized. Use the category links to find items that match your interests.
Subscribe to get this blog by e-mail.
New: Read what I'm reading on Bloglines.
Friday, July 11, 2003
Trojan Hijacks PCs to Peddle Porn
: Very sophisticated trojan, installed on possibly thousands of computers already: "The trick lies in a sophisticated Trojan horse program placed on the remote systems and used by the spammer, according to Stewart. He obtained a copy of the program from an infected system belonging to an employee of one of LURHQ's customers. The program, which Stewart dubbed "migmaf," acts as both a proxy server for spam and a reverse proxy server for a master Web server serving the spoofed and pornographic content, Stewart says." It contains DNS service tricks as well. 8:33:54 PM
The perfect bungle: Much information on the Bush administration bungling of post-war planning. "The small circle of senior civilians in the Defense Department who dominated planning for postwar Iraq failed to prepare for the setbacks that have erupted over the past two months. The officials didn't develop any real postwar plans because they believed that Iraqis would welcome U.S. troops with open arms and Washington could install a favored Iraqi exile leader as the country's leader. The Pentagon civilians ignored CIA and State Department experts who disputed them, resisted White House pressure to back off from their favored exile leader and when their scenario collapsed amid increasing violence and disorder, they had no backup plan. ..
One senior defense official told Knight Ridder that the failure of Pentagon civilians to set specific objectives - short-, medium- and long-term - for Iraq's stabilization and reconstruction after Saddam Hussein's regime fell even left U.S. military commanders uncertain about how many and what kinds of troops would be needed after the war. In contrast, years before World War II ended, American planners plotted extraordinarily detailed blueprints for administering postwar Germany and Japan, designing everything from rebuilt economies to law enforcement and democratic governments." Meanwhile, a State Dept group that broght together experts and drew up plans was completely ignored. 7:36:37 PM
Vulnerabilities in the CALEA wiretap network:
"The Federal Bureau of Investigation administers the Communications Assistance to Law Enforcement Act (CALEA), which was passed by Congress in 1994. .. CALEA made the phone companies and pager companies and Internet companies responsible for building into their equipment the capability to tap all types of communications on the order of a judge or -- in the case of foreign surveillance -- of the U.S. Attorney General. Every telephone switch installed in the U.S. since 1995 is supposed to have this surveillance capability, paid for, by the way, with $500 million of your tax dollars. Not only can the authorities listen to your phone calls, they can follow those phone calls back upstream and listen to the phones from which calls were made. They can listen to what you say while you think you are on hold. This is scary stuff.
But not nearly as scary as the way CALEA's own internal security is handled. The typical CALEA installation on a Siemens ESWD or a Lucent 5E or a Nortel DMS 500 runs on a Sun workstation sitting in the machine room down at the phone company. The workstation is password protected, but it typically doesn't run Secure Solaris. It often does not lie behind a firewall. Heck, it usually doesn't even lie behind a door. It has a direct connection to the Internet because, believe it or not, that is how the wiretap data is collected and transmitted. And by just about any measure, that workstation doesn't meet federal standards for evidence integrity.
And it can be hacked. And it has been. Israeli companies, spies, and gangsters have hacked CALEA for fun and profit, as have the Russians and probably others, too. They have used our own system of electronic wiretaps to wiretap US, because you see that's the problem: CALEA works for anyone who knows how to run it." So, we've already built a system that empowers our adversaries to bug our own phones, and created a network subject to abuse by police, both by selectively omitting taps and overusing them 12:43:37 PM