The first cybercime treaty

A U.S. Senate panel on Tuesday approved the world's first treaty
targeting “cybercrime,” clearing the way for a floor vote later this
year.

All nine members of the Foreign Relations Committee who were present
said by voice vote that they broadly agreed with the Council of Europe
Convention on Cybercrime, handing a hard-won victory to software
companies that are eager for the U.S. to ratify it.

Because U.S. law already includes much of what the treaty requires, the
Senate's consent would be largely symbolic. The document requires
nations to adopt laws governing search and seizure of stored data,
surreptitious Internet wiretapping, cross-border assistance, and
retention of Internet provider records upon police demand.

Get the details at the Computer Crime Research Center.

Advertisements

Wi-Fi Protected Access 2 by The Cable Guy

Wi-Fi Protected Access 2 (WPA2), as described in Wi-Fi Protected Access 2 (WPA2) Overview,
the May 2005 The Cable Guy article, is a product certification
available through the Wi-Fi Alliance that certifies wireless equipment
as being compatible with the IEEE 802.11i standard.

The IEEE
802.11i standard formally replaces Wired Equivalent Privacy (WEP) in
the original IEEE 802.11 standard with a specific mode of the Advanced
Encryption Standard (AES) known as the Counter Mode Cipher Block
Chaining-Message Authentication Code (CBC-MAC) protocol (CCMP). CCMP
provides both data confidentiality (encryption) and data integrity.
This article describes the details of the WPA2 implementation of AES
CCMP for encryption, decryption, and data integrity validation of
802.11 wireless frames.

Great Article in the August edition of the The Cable Guy.

UPDATE: Furor over Cisco IOS router exploit erupts at Black Hat

Although Cisco and Internet Security Systems had abruptly cancelled a planned technical talk
and demo at the Black Hat Conference to reveal how unpatched Cisco
routers can be remotely compromised, the researcher who had originally
uncovered the problem went ahead with the talk anyway, igniting a spate
of lawsuits against himself and the Black Hat Conference.

Michael Lynn, the research analyst at ISS who was asked to resign
after his presentation detailing how an attacker can exploit flaws in
unpatched Cisco routers to gain total control over them, said he felt
compelled to reveal the information because “I felt I had to do what’s
right for the country and the national infrastructure.”

Cisco
and ISS, claiming it was premature to release the research, saw it
differently and immediately filed a lawsuit aimed at compelling him not
to discuss the subject further. The Black Hat Conference was also
served with a lawsuit by the two companies for allowing Lynn to discuss
the exploits associated with Cisco routers.

The efforts by Cisco and ISS to put a lid on the information about
Cisco router exploits that Lynn revealed may be futile. Some attendees
at the conference believe the original CD which containing the detail
is already in circulation. In addition, some security professionals
attending the Black Hat Conference said they were grateful for Lynn’s
audacity.

Read the full back and forth on Network World.  Wow, I am missing some fun down at Black Hat this year.  You bet I won't miss it next year.

Cisco tries to silence researcher

Cisco has taken legal action to keep a researcher from further discussing a hack into its router software.

The networking giant and Internet Security Systems jointly filed a
request Wednesday for a temporary restraining order against Michael
Lynn and the organizers of the Black Hat security conference. The
motion came after Lynn showed in a presentation how attackers could
take over Cisco routers — a problem that he said could bring the
Internet to its knees.

The filing in US District Court for the Northern District of California
asks the court to prevent Lynn and Black Hat from “further disclosing
proprietary information belonging to Cisco and ISS,” said John Noh, a
Cisco spokesman.

Get the scoop on ZDNet UK.

Microsoft "Genuine Advantage" cracked in 24h

AV sez, “This week, Microsoft started requiring users to verifiy their
serial number before using Windows Update. This effort to force users
to either buy XP or tell them where you got the illegal copy is called
'Genuine Advantage.' It was cracked within 24 hours.”

Before pressing 'Custom' or 'Express' buttons paste this text to the address bar and press enter: >

javascript:void(window.g_sDisableWGACheck='all')

It turns off the trigger for the key check.

On Boing Boing and UNEASYsilence.

Cell Phone Tower Search

Towers are registered with the FCC.
We've taken the information and compiled it into a searchable database,
and displayed it with Google Maps to give you a graphical interface to
see towers in your area. Unfortunately, many towers are independantly
owned and leased to carriers. Therefore, if the towers are private, it
is not possible to know which carrier or carriers it is being leased to
at the moment.

Another great Google Maps hack.  Cell Phone Tower Search

EarthLink Drops Spam Charges against Two Defendants

Atlanta-based EarthLink has dropped
allegations of illegal spamming against two individuals, Alyx Sachs, a
former television producer for Geraldo Rivera, and Albert Ahdoot, whom
the company had claimed were part of the notorious Alabama Spam Gang.
“As a result they were publicly reported in the most negative light by
over 200 news organizations — naming them as some of the world's most
notorious spammers and thieves,” the two men's lawyer, Paul Sigelman,
said in a release on Tuesday. “EarthLink now believes they were victims
of a massive and sophisticated campaign of identity theft and that they
were, in fact, unaware of and had no role in spamming,” Sigelman said.
The Alabama Spam Gang was convicted in January of violating federal and
state Computer Systems and civil RICO laws, including the use of stolen
credit cards, identity theft, and phony Internet accounts to send out
over 250 million junk emails.

Get the full scoop on biz.Yahoo

EDITED There is a correction posted:

In the news release, Wrongfully Accused: Earthlink Dismisses for Mistaken
Identity, Says Company and Its Founders Are Not 'The Alabama Spam Gang,' Says
Defense Attorney Paul Sigelman, issued earlier today by Paul Sigelman over PR
Newswire, we are advised by the company that the phone number for Lisa Fein,
should read “+1-702-966-0182” rather than “+1-702-996-0182” as originally
issued inadvertently.