[ECP] Educational CyberPlayGround NetHappenings Newsletter

<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
[ECP] Educational CyberPlayGround NetHappenings Mailing List 1989

*Link to the Educational CyberPlayGround
http://www.edu-cyberpg.com

*Link to the Educational CyberPlayGround Blog:
http://blog.edu-cyberpg.com/

*Find your School in the ECP K-12 School Directory
http://www.edu-cyberpg.com/schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>

Greetings,

Happy Reading for today,

<Karen>


The current bill being debated is not the Protect America Act which
was passed into law last year (and suffers from the flaws pointed out
here
Technical analysis of the risks of the surveillance infrastructure envisioned by the US Protect America Act
but the FISA Amendments Act (S. 2248). GovTrack.us provides all sorts of
neat bells and whistles (like RSS feeds) for Congressional activity.
For example, for the FISA Am. Act:
http://www.govtrack.us/congress/bill.xpd?bill=s110-2248


1)
Sensitive info lives on in old computers
source
Yet another consequence of the falling housing market may be a rise in
identity theft.
As mortgage companies are forced out of business, many are selling off
their computers without properly deleting the sensitive financial
information stored on their hard drives. The result is that borrowers'
credit reports may fall into the hands of hackers, according to computer
security experts.
"It's extremely unlikely they are wiping those disks properly," said
Matthew Curtin, founder of Interhack, a security consulting firm in
Columbus, Ohio.
Even deleted files are often easy to reconstruct. Curtin said his firm
routinely recovers financial and medical records from second-hand
computers.
Gregory Evans, a cyber-security expert in Marina Del Ray, Calif., said
he went to a swap meet late last year and bought a $500 computer from a
former mortgage company. With a $19 undelete program, he was able to
retrieve credit reports on 300 people.
He was also able to recover the user names and passwords that several of
the mortgage company's former employees used to access the credit
bureaus. <snip>

2)
>German police Skype-hacking leaked
http://www.techworld.com/security/news/index.cfm?newsID=11257
German police have hired a company to create Trojans capable of
capturing traffic from Skype and SSL, leaked documents appear to show.
The two scanned documents [1], which appear on the Wikileaks website in
their German form, are difficult to verify, but one appears to describe
how a security company, Digitask, was asked to create a Skype Capture
Unit based around Trojans planted on targeted PCs covertly transferring
data to a remote server.>

DOD considers prohibiting personal use of networks
http://www.fcw.com/online/news/151440-1.html
The Defense Department is considering a policy that would banish all
traffic not proven to be purely official DOD business from its networks,
said Lt. Gen. Charles Croom, director of the Defense Information Systems
Agency, last week at the Institute for Defense and Government
Advancements Network Centric Warfare 2008 conference in Washington.


3)
OpenSecurityFoundation.org
>OSVDB API and enhanced cross-referencing
We are pleased to announce the OSVDB API beta.
Integration and cross-referencing with OSVDB just got a lot easier via the new
application programming interface (API), which can provide multiple result
formats to fit various needs. Queries can be run against any number of
correlation factors, including CVE ID, Microsoft Bulletin ID, Bugtraq ID, and a
host of other common reference points. The API is also under constant
development, particularly during beta, and suggestions for improvements are
quickly and easily implemented by the OSVDB development team.

Some technical details about the API include:

It is a RESTful interface to the OSVDB database
It returns your choice of XML or CSV
Allows OSVDB ID correlation to a growing list of other references and
integrators products
And importantly, it is free - though donations are appreciated.
See: http://osvdb.org/blog/?p=221 for full announcement, or
http://osvdb.org/api/about for more information

4)
>Since writing about how professors are finding celebrity on YouTube, several people wrote in to point
us to other efforts to offer lecture videos online. So here are a couple of more, with some updates on what they are up to:

* Research Channel: This non-profit consortium of colleges and universities broadcasts video of campus lectures and presentations in a variety of formats. Its largest reach comes from its satellite and cable-TV channel, which reaches more than 30-million homes in the U.S. But the group has long had a Web presence as well, and its leaders say the online audience is growing rapidly. Amy Philipson, executive director of Research Channel, says to look for the channel to offer its videos on YouTube soon. And she says they've recently set up a page on iTunesU, the educational section of Apple's iTunes Store.

* UChannel: Princeton University's Woodrow Wilson School of Public and International Affairs runs this Web-video network that pulls together audio and video recordings of campus talks. The effort started back in 2005. Donna M. Liu, director for strategic initiatives for Princeton's Woodrow Wilson School, says that UChannel was on YouTube long before the University of California at Berkeley set up its channel there. And the group even offers a Facebook application that pops lecture videos into your online social profile.

* DoFlick: On a much, much smaller scale, recent graduates of the University of Maryland at College Park set up this site featuring instructional videos about science and engineering. One of the founders, Luis Corzo, says the site is getting about 5,000 to 10,000 visits per month. One of the stars of the site so far is Richard E. Berg, a professor of practice at College Park who produces videos of physics demonstrations.

Finally, I produced a short video report with footage from some of lectures featured in my previous article. What's your favorite lecture video online? --Jeffrey R. Young

5)
Slashdot reports on a new Web site from Stanford computer scientists that shows off their new 3-D modeling algorithm. The algorithm, available online, takes 2-D photos and creates 3-D models. According to an article from the Stanford Report, "The applications of extracting 3-D models from 2-D images, the researchers say, could range from enhanced pictures for online real-estate sites to quickly creating environments for video games and improving the vision and dexterity of mobile robots as they navigate through the spatial world." --Hurley Goodall

6)
Defunct Spy Satellite Falling From Orbit
http://www.salon.com/wires/ap/2008/01/26/D8UDPIDG0_dead_satellite/index.html
WASHINGTON -- A large U.S. spy satellite has lost 
power and propulsion and could hit the Earth in late February or 
March, government officials said Saturday.
The satellite, which no longer can be controlled, could contain 
hazardous materials, and it is unknown where on the planet it might 
come down, they said. The officials spoke on condition of anonymity 
because the information is classified as secret.
"Appropriate government agencies are monitoring the situation," said 
Gordon Johndroe, a spokesman for the National Security Council. 
"Numerous satellites over the years have come out of orbit and fallen 
harmlessly. We are looking at potential options to mitigate any 
possible damage this satellite may cause."

7)
Voter Education Fraud
http://www.edu-cyberpg.com/Technology/vote.html
The folly of the rush to e-voting has become increasingly clear over
the past year. An  opinion piece that I wrote summarizing the
situation and suggesting a plausible course change was printed today
in the Journal News. It can be viewed at
http://www.lohud.com/apps/pbcs.dll/article?AID=/20080127/OPINION/801270311/1076/OPINION03

8)
Hackers attacked Scientology with 220 Mbps DDoS
<http://www.rlslog.net/hackers-attacked-scientology-with-220-mbps-ddos/>
A group of hackers calling itself “Anonymous” has hit the Church of 
Scientology’s Web site with an online attack. The attack was launched 
Jan. 19 by Anonymous, which is seeking media attention to help “save 
people from Scientology by reversing the brainwashing,” according to a 
Web page maintained by Anonymous (offline now). The attacks were 
spurred by the Church’s efforts to remove video of movie star Tom 
Cruise professing his admiration for the religion, according to an 
Anonymous video manifesto posted to Youtube. “For the good of your 
followers, for the good of mankind and for our own enjoyment, we shall 
proceed to expel you from the Internet and systematically dismantle 
the Church of Scientology in its present form,” a creepy computerized 
voice states in the video. Anonymous followed up this dispatch with a 
second video blasting the media for failing to completely report the 
group’s criticisms of the church. This video was taken down Friday by 
Youtube, citing a “terms of use violation.”
Anonymous has managed to generate a measurable attack against the 
Scientology.org Web site. Over the past few days, the site was hit 
with several DDOS (distributed denial-of-service) attacks, which 
flooded it with as much as 220 Mbps of traffic, according to Jose 
Nazario, a senior security engineer with Arbor Networks, whose company 
compiles data on Internet attacks. The Anonymous campaign shows some 
level of organization. “220 Mbps is probably about in the middle of 
attack sizes,” Nazario said. “It’s not just one or two guys hanging 
out in the university dorms doing this.” On average, the attacks 
lasted about 30 minutes and used up 168 Mbps of bandwidth. In the past 
year, Arbor has seen attacks on other sites hit 40 Gbps, or 200 times 
the strength of the Anonymous event.