Intel and ops report

AKI: Al-Qaeda 'enlisting widows as suicide bombers'

xxxxxxxxxxxxxxxxxxxxxx

Amid debate over how much data companies like Google and Yahoo should gather about people who surf the Web, one new company is drawing attention — and controversy — by boasting that it will collect the most complete information of all.

The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person's Internet service provider. The trick for Phorm is to gain access to that data, and it is trying to negotiate deals with telephone and cable companies, like AT&T, Verizon and Comcast, that provide broadband service to millions.

http://cryptome.org/phorm-vile.htm

http://snipurl.com/22du0

xxxxxxxxxxxxxxxxxxxxxxxxxxx

The U.S. Department of Homeland Security announced on Thursday that it had chosen Rod Beckström -- a risk-software entrepreneur, author and global activist -- to become the first director of the newly created National Cyber Security Center (NCSC).

http://www.securityfocus.com/brief/708?ref=rss

http://snipurl.com/22du2

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Cyber attacks against Tibetan communities
Published: 2008-03-21,
Last Updated: 2008-03-22 12:26:51 UTC
by Maarten Van Horenbeeck (Version: 4)

There is lots of media coverage on the protests in Tibet. Something that lies under the surface, and rarely gets a blip in the press, are the various targeted cyber attacks that have been taking place against these various communities recently.

These attacks are not limited to various Tibetan NGOs and support groups. They have been reported dating back to 2002, and even somewhat before that, and have affected several other communities, including Falun Gong and the Uyghurs.

The attacks generally start with a very trustworthy looking e-mail, being spoofed as originating from a known contact, to someone within a community. Some impressive social engineering tricks are used:

* Messages make a strong statement on a well known individual or group, but do not mention its name. The attachment is then named after that individual. A state of 'cognitive dissonance' is invoked between the reader's pre-existent beliefs and the statement. There's a natural urge to click on the attachment to confirm that belief;
* The writing style of the purported sender is usually well researched to have the message look as believable as possible;
* The content of the document actually matches closely what was discussed in the e-mail message;
* Having legitimate, trusted, users actually forward along a message back into the community.

The messages contain an attachment which exploits a client side vulnerability. Generally these are:

* CHM Help files with embedded objects;
* Acrobat Reader PDF exploits;
* Microsoft Office exploits;
* LHA files exploiting vulnerabilities in WinRAR;
* Exploitation of an ActiveX component through an attached HTML file.

http://isc.sans.org/diary.html?storyid=4177&rss

http://snipurl.com/22du6

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

• From SMTP to HTTP to FTP

  - 16 hours ago

  A year or two ago, the malware author's preferred way of spreading their wares was via e-mail attachments. We all remember mass outbreaks like Bagle, Mydoom and Warezov. Well, sending EXE attachments in e-mail doesn...

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx