Secret Code For Kindergartners

How dumb is this?

‘Pizza’ Party Codeword May Have Doomed CIA Spies

All the CIA’s Lebanon spies wanted was a slice. What they got, allegedly, was a big intelligence failure.

Hezbollah may have just rolled up the CIA’s network of spies devoted to cracking the secrets of the Lebanese Shiite extremist group. If so, it’s because of one of the stupidest, least secure code words in history.

According to ABC News, Hezbollah operatives figured out that CIA informants who had infiltrated the Iranian proxy group were meeting with their agency handlers at a Beirut Pizza Hut. How could Hezbollah deduce that location? “The CIA used the codeword ‘PIZZA’ when discussing where to meet with the agents,” ABC reports.

See also:
Exclusive: CIA Spies Caught, Fear Execution in Middle East
CIA in Lebanon damaged by capture of spies by Hezbollah
The Pizza Hut Connection: CIA Exposes Own Spies in Iran and Lebanon
CIA’s ‘pizza’ blunders leave informants facing execution
Iran and Hezbollah Caught All the CIA Spies at Pizza Hut
Iran and Hezbollah Caught CIA Spies at a Pizza Hut in Beirut
American ‘Pizza Hut’ Spies Captured in Lebanon
CIA informants in Iran, Lebanon outed over ‘pizza code-word’ blunders
Hezbollah unraveling CIA spy network in Lebanon
CIA spy ring busted in Iran and Lebanon
Reports: U.S. Operatives Caught In Lebanon, Iran
White House: No Comment on Spies Outed in Iran, Lebanon
Hezbollah uncovers CIA informants
CIA spies captured in Lebanon
‘CIA spies busted in Iran, Lebanon’

What were they thinking? It’s unfortunate that people working for us have or are about to lose their lives over something this stupid and easily avoidable. Not only is it extremely damaging to our intelligence gathering efforts, but it’s also going to have a chilling effect on future recruitment efforts. Seriously, who wants to work for amateurs, especially if your life depends on it?

/taking the intelligence out of Central Intelligence Agency

Don’t Get Caught In The Crossfire

The Duqu virus is squarely aimed at Iran’s nuclear program. Unless you’re connected with Iran’s nuclear program, your chances of being directly targeted are extremely low. However, Microsoft was freaked out enough to issue a security bulletin for Windows users. So, better safe than sorry, protect yourself against the possibility of becoming collateral damage in an epic, upcoming attack.

Microsoft issues Duqu virus workaround for Windows

Microsoft has issued a temporary fix to the pernicious Duqu virus — also known as “Son of Stuxnet” — which could affect users of Windows XP, Vista, Windows 7 as well as Windows Server 2008.

The company promised the security update earlier this week as it races to deal with the virus, which targets victims via email with a Microsoft Word attachment. The virus is not in the email, but in the attachment itself. A Symantec researcher said if a user opens the Word document, the attacker could take control of the PC, and nose around in an organization’s network to look for data, and the virus could propagate itself.

See also:
Microsoft Security Advisory (2639658)
Microsoft software bug linked to ‘Duqu’ virus
Microsoft Provides Workaround Patch for Duqu Malware
Microsoft announces workaround for the Duqu exploit
Microsoft Issues Temporary Duqu Workaround, Plans 4 Patch Tuesday Fixes
Six Ways to Protect Yourself from Duqu
Microsoft Airs Temporary Fix to Defeat Duqu Worm
Microsoft Releases Temporary Plug For Duqu
Duqu exploits same Windows font engine patched last month, Microsoft confirms
5 Things To Do To Defend Against Duqu
Microsoft issues temporary ‘fix-it’ for Duqu zero-day
Patch Tuesday: Fix for ‘Duqu’ zero-day not likely this month

Is it just me or doesn’t it seem a bit more than odd that Microsoft, a company with close ties to and a past history of working with U.S. intelligence agencies, would publicly issue a workaround to defend against a specific piece of malware that, by many accounts, is being actively and currently used by U.S. intelligence agencies to set up and facilitate an upcoming attack, in cyberspace or otherwise, against Iran’s nuclear program? I mean, it’s not like the Iranians can’t read English, why help them defend against Duqu? Hmmm, something’s not quite right here.

/whatever’s going on, and something is going on, it’s way above my pay grade, but when the endgame comes, don’t forget to duck

Calling A Spade A Spade

Outgoing Joint Chiefs chairman Mike Mullen finally said, in public, what everybody already knows, Pakistan is the enemy, not our ally.

Mullen Blames Pakistan Intelligence for Attack

The top U.S. military officer on Thursday accused Pakistan’s powerful intelligence agency of backing extremists in planning and executing the assault on the U.S. Embassy in Afghanistan last week and a truck bomb attack that wounded 77 American soldiers days earlier.

In his last congressional testimony before he retires next week, Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, insisted that the Haqqani insurgent network “acts as a veritable arm” of Pakistan’s Inter-Services Intelligence agency, undermining the uneasy U.S.-Pakistan relationship forged in the terror fight and endangering American troops in the nearly 10-year-old war in Afghanistan.

See also:
Mullen says Pakistani spies are tied to U.S. Embassy raid
Panetta, Mullen hammer Pakistan over Haqqani network
Mullen Accuses Pakistan’s Intel Service of Aiding Attack on Embassy in Kabul
Mullen, Panetta slam Pakistan over attacks
Mullen blames Pakistan intelligence for attack
Mullen Accuses Pakistan Of Exporting Violence To Afghanistan
Mike Mullen: Pakistan is ‘exporting’ terror
Cell phones link Pakistan to U.S. embassy attack
U.S.-Pakistan Ties Plunge to New Low After Mullen’s Testimony
Mullen’s comments about Pakistan are baseless: Mukhtar
Pakistan fires back at Mike Mullen
Pakistan’s Army Head Blasts Mullen Comments as ‘Baseless’
Pakistan army chief denies US claims of complicity with militants, calls charges ‘unfortunate’
Pakistan Outraged Over Admiral Mullen’s Accusations of Terror Link
Pakistan says US risks ‘losing an ally’
Pakistan warns U.S.: “You will lose an ally”
Is Pakistan America’s Ally?

Pakistan can deny, protest, and be outraged by the truth all they want. The evidence is overwhelming that the ISI aids and harbors terrorists that are constantly attacking, wounding, and killing U.S. forces in the region. There’s enough smoking guns to fill a National Guard armory. Need more proof that the ISI cooperates closely with terrorists? Just remember where and under what circumstances Osama bin Laden was found, ’nuff said. Pakistan is threatening to cease being our ally? Well, with allies like Pakistan, who needs enemies?

/by the way, the attack on the U.S. Embassy was a blatant act of war, the road to victory in Afghanistan clearly winds through Pakistan, do we want to win or tuck tail like the Soviets?

Give It Up For Islam, Or Die

In Iran, and most other Muslim countries, you can freely practice any religion you want without repercussions, as long as it’s Islam.

Iranian Pastor Could Face Death

The former pastor of a network of Christian house churches in Iran has been told to exchange his faith for his life, according to news reports and human rights groups.

“We are dismayed over reports that the Iranian courts are requiring Youcef Nadarkhani to recant his Christian faith or face the death penalty for apostasy,” wrote U.S. Department of State Spokeswoman Victoria Nuland in a recent press statement.

Mr. Nadarkhani was arrested in his home city of Rasht on October 13, 2009 while attempting to register his church after protesting compulsory Islamic religious instruction in Iranian public schools. Christian Solidarity Worldwide, a human rights group, reports that he was originally charged with protesting, however, the charges against the 32-year-old convert to Christianity were later changed to apostasy and evangelizing Muslims.

See also:
BREAKING NEWS: Iran’s Supreme Court “Confirms” Pastor’s Death Sentence
Death sentence for Christian convert in Iran
Unofficial Translation of Pastor Youcef Nadakhani’s Verdict
Iranian Man Faces Death over Religious Conversion
Yousef Nadarkhani to Be Executed for Faith
Pastor Youcef Nadarkhani’s Death Sentence
Iran: A convert from Islam, Iranian pastor risks the death penalty
U.S. Condemns Iran For Threatening To Execute Pastor
Christian Pastor Facing Execution in Iran
Iran: Supreme Court upholds death sentence for Christian priest

Hey, how about that religion of peace and tolerance? What a sick joke. Can you just imagine the international uproar if courts in Christian countries started sentencing converts to Islam to death?

/evil is as evil does and no religion does evil like Islam, just read the daily news

Is Our Back Door Open?

Gee, I wonder which computer component manufacturing country might be responsible for this? Hmmm, let me think.

(you might want to skip to 51:47)

U.S. Suspects Contaminated Foreign-Made Components Threaten Cyber Security

Some foreign-made computer components are being manufactured to make it easier to launch cyber attacks on U.S. companies and consumers, a security official at the the Department of Homeland Security said.

“I am aware of instances where that has happened,” said Greg Schaffer, who is the Acting Deputy Undersecretary National Protection and Programs Director at the DHS.

Schaffer did not say where specifically these components are coming from or elaborate on how they could be manufactured in such a way as to facilitate a cyber attack.

But Schaffer’s comment confirms that the U.S. government believes some electronics manufacturers have included parts in products that could make U.S. consumers and corporations more vulnerable to targeted cyber attacks.

A device tampered with prior to distribution or sale could act as a “Trojan horse” in the opening wave of an international cyberwar. Contaminated products could be used to jeopardize the entire network.

See also:
DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools
Tomorrow’s cyberwarfare may be carried out by pre-infected electronics: DHS
Malware Comes with Many Gadgets, Homeland Security Admits
Supply chain security – DHS finds imported software and hardware contain attack tools
U.S. official says pre-infected computer tech entering country
Homeland Security Admits Hidden Malware in Foreign-Made Devices
Homeland Security Finds Your Electronic Device Poses Risks?
Threat of destructive coding on foreign-manufactured technology is real
Homeland Security Official: Some Foreign-Made Electronics Compromise Cybersecurity
White House’s Cyberspace Policy Review (PDF)

So, Mr. Schaffer “did not say where specifically these components are coming from.” Well, here, let me help, it’s obviously China. There, how hard was that? The next question is, what are we doing about it?

Our national power grid, electronics infrastructure, you name it, very few of the critical components are manufactured in the U.S. anymore and if there exists a series of back doors, enabling a hostile country, like China, to preemptively take it all down at once, we’re in serious, catastrophic trouble territory, so far up the proverbial [expletive deleted] creek without a paddle we’re no longer visible. And we’d be down for the count too, because we don’t have the U.S. manufacturing capability to pick ourselves up off the canvas

/the end game scenario this revelation portends would make Pearl Harbor look like a sorority pillow fight

Super Bot

This sure looks like a nasty piece of work.

Massive botnet ‘indestructible,’ say researchers

A new and improved botnet that has infected more than four million PCs is “practically indestructible,” security researchers say.

“TDL-4,” the name for both the bot Trojan that infects machines and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said.

. . .

TDL-4 infects the MBR, or master boot record, of the PC with a rootkit — malware that hides by subverting the operating system. The master boot record is the first sector — sector 0 — of the hard drive, where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks.

Because TDL-4 installs its rootkit on the MBR, it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

But that’s not TDL-4’s secret weapon.

What makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

See also:
TDL4 – Top Bot
Sophisticated TDL-4 Botnet Has 4.5 Million Infected Zombies
‘Indestructible’ rootkit enslaves 4.5m PCs in 3 months
TDL-4 creates 4.5 million PC ‘indestructible’ botnet
Security Researchers Discover the Mother of All Botnets
TDL-4: The ‘indestructible’ botnet?
There’s a Botnet Called TDL-4 That’s Virtually Indestructable
‘Indestructible’ Botnet Enslaves 4.5 Million PCs
‘Indestructible’ Zombie PC Botnet Borrows Exploit From Israeli, U.S. Cyberweapon
Have cybercriminals created the perfect botnet — undetectable and indestructible?

If you ever needed a reason and reminder to keep your operating system, anti-virus, and anti-spywware software patched and up to date, this would be a good one.

/remember, if you’re not part of the solution, you’re potentially part of the problem

Oops, They Did It Again!

Despite having nearly an entire month to get their act together, Sony’s apparently still wearing their security pants down around their ankles.

Sony Hacked Yet Again

Hard as it may be to believe, Sony has been hacked yet again.

According to a report in the Wall Street Journal, So-net Entertainment Corp., a Japanese ISP owned by the technology giant, said that hackers accessed its customer rewards site earlier this week and stole customers’ redeemable gift points worth about $1,225.

The incident is the latest in a weeks-long string of hacks and breaches of security for Sony. The trouble began on April 19, when the company began investigating and ultimately discovered a massive breach of security on its PlayStation Network, a cyberscandal that compromised the personal information of more than 100 million users.

See also:
Sony’s Security Nightmare Not Over, Hacked Again
Fresh security glitch adds to Sony’s woes
Sony hit again with two hacks
Sony hacked twice in one day, this time $1225 was stolen from accounts in Japan
Sony subsidiary So-net reports data breach
Yep, Looks Like Sony’s Been Hacked Again
Sony Faces Another Hack Attack
Sony hacked again
Sony Hacked Again, Server Hosting Credit Card Phishing Site
Do You Own A Sony HackStation?

And if all this hacking wasn’t bad enough . . .

Sony Can’t Guarantee PlayStation Network Security

Sony CEO Howard Stringer says he cannot guarantee the security of his company’s videogame network. . . . maintaining security is a “never-ending process,” and he cannot say that anyone is “100 percent secure.”

/not exactly confidence inspiring, I’ll be taking a pass on Sony products for the foreseeable future