Michigan man charged with selling counterfeit Microsoft software

A man from Michigan was arraigned in a U.S. federal court on Thursday on charges of mail fraud and selling counterfeit software worth over US$1.2 million that he purchased from China and Singapore, the U.S Department of Justice said Thursday.

Bruce Alan Edward, 48, of Atlanta, Michigan, was charged in an indictment returned on Oct. 24 and unsealed on Nov. 1 by the federal grand jury in Bay City, Michigan, DOJ said in a statement. He was arraigned on Thursday in U.S. District Court for the Eastern District of Michigan.

Edward allegedly distributed counterfeit copies of Office 2003 Professional and Windows XP Professional by selling copyrighted works on eBay and then using the U.S. Postal Service to deliver the counterfeit software, according to the indictment which charges Edward with five counts of criminal copyright infringement and one count of mail fraud.

The indictment charges Edward with making more than $140,000 between May 2008 and September 2010 by selling more than 2,500 copies of counterfeit Microsoft software that had a retail value of over $1.2 million.

If convicted of all counts in the indictment, Edward faces a maximum of 45 years in prison and $1.5 million in fines, DOJ said. He could also have to forfeit all criminal proceeds and counterfeit items and any property used to commit the alleged criminal activity, if convicted.

Software piracy has been on the decline in the U.S., but the commercial value of software piracy in the country still adds up to almost $10 billion, with 31 percent of computer users admitting to pirating software, Business Software Alliance, an antipiracy industry group, said in August. Since January, BSA settled a number of cases of unlicensed software including eight cases representing a value of more than $2.5 million, it said. 

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John's e-mail address is john_ribeiro@idg.com

Read more »

Iranian minister faces US sanctions for Internet censorship

The U.S. on Thursday said it ordered sanctions against Iran's Minister of Communication and Information Technology, Reza Taghipour, and other entities and persons responsible for engaging in censorship in their country.

Taghipour is blamed by the U.S. for ordering the jamming of satellite television broadcasts and restricting Internet connectivity, according to a statement from the U.S. Department of State.

Iran has for some time considered separating its own internal networks from the global Internet describing it as unsafe. Earlier this year, the Iranian Students' News Agency quoted Taghipour as saying that the Internet is an "unsafe network," and that Iran would use local software to create a national grid.

The Iranian government has also put restrictions on Internet users, according to civil rights groups.

Others sanctioned by the U.S. are Iran's Ministry of Culture and Islamic Guidance and its Press Supervisory Board, which are said by the U.S. to have limited freedom of expression through their censorship and closure of newspapers and the detention of journalists. The Department of State said it is also designating key individuals and entities "responsible for assisting the regime in its crackdown on and censorship of the Iranian people."

The actions were taken under Section 403 of the Iran Threat Reduction and Syria Human Rights Act of 2012, signed by U.S. President Barack Obama in August, and executive order 13628, which Obama signed into effect on Oct. 9.

As a result of the action, "U.S. persons are prohibited from engaging in transactions involving the designated individuals or entities, and all designated individuals and members of designated entities are subject to a ban on travel to the United States," the Department of State said. The action also blocks, or freezes, the property and interests in property of the designated individuals or entities.

The U.S. has already imposed a number of sanctions on Iran in connection with its nuclear program, which Iran insists is for peaceful purposes, but the U.S. holds may lead to Iran building a nuclear bomb.

The sanctions on Thursday which target "individuals and entities who have engaged in censorship or other activities with respect to Iran on or after June 12, 2009" was included in one of three orders sanctioning a total of 17 individuals and entities, including those charged with terrorism and with proliferation of weapons of mass destruction.

Read more »

China Telecom aims to upgrade to LTE FDD, but authorities will decide

As China continues trials of its 4G networks using the government-backed LTE TDD technology, mobile operator China Telecom is aiming to go another route and deploy LTE FDD technology for its upcoming 4G networks.

The Chinese government has yet to issue 4G licenses to operators. But China Telecom, with 152 million mobile subscribers, wants to upgrade its existing 3G networks to LTE FDD technology, said Xu Fei a spokesman for China Telecom on Friday.

For the past year, the company has been running trials using an LTE FDD (Frequency-Division Duplex) network in the Chinese city of Guangzhou, Xu added.

LTE FDD is a variant of 4G LTE technology currently dominant in use among mobile operators across the world.

China, however, is pushing the development of LTE TDD (Time-Division Duplex), a variant which is based on the country's own 3G technology called TD-SCDMA (Time-Division Synchronous Code Division Multiple Access).

LTE TDD trials are already under way in the country and will be expanded to 100 cities in China next year. Rival operator China Mobile stands to benefit the most. The company currently uses the TD-SCDMA standard in its 3G networks, and is expected to upgrade them to 4G using LTE TDD technology.

China Telecom, on the other hand, uses CDMA2000 3G networks, a technology widely used outside the country. But no operators have yet to upgrade from a 3G CDMA network to 4G using solely LTE TDD, Xu said.

"The FDD-LTE technology is more mature," he said. "So we think this is the better road for us to take."

China Telecom, however, won't be the one to decide that. The Chinese government has the final say when it issues the 4G licenses, Xu said.

In September, a Chinese official signaled the government could issue those licenses near the end of next year.

Read more »

Judge to consider Samsung's questions about jury foreman

A court in California said Thursday that it would consider Samsung Electronics' concern that the foreman of the jury deciding a patent infringement lawsuit between Apple and Samsung had concealed information.

A jury in California decided in August that the South Korean company must pay Apple US$1.05 billion for infringing several of its patents in Samsung smartphones and tablets.

Samsung has, however, asked for a new trial of the case, alleging that the foreman of the jury, Velvin Hogan, was untruthful and biased. In the voir dire, a court procedure of questioning prospective jurors for potential bias, Hogan did not mention that he had been sued by his former employer, Seagate, for breach of contract after he failed to repay a promissory note in 1993 and filed for bankruptcy six months later, according to the filing on Oct. 2.

Samsung has a "substantial strategic relationship with Seagate," and is the single largest direct shareholder of the hard drive manufacturer after selling it a business division last year, it said in the filing.

On Oct. 30, Samsung filed a motion to compel Apple to disclose the circumstances and timing of Apple's discovery of certain information regarding the jury foreman.

Judge Lucy H. Koh of the District Court for the Northern District of California, San Jose division, wrote in her order on Thursday that the court will consider the questions "of whether the jury foreperson concealed information during voir dire, whether any concealed information was material, and whether any concealment constituted misconduct."

"An assessment of such issues is intertwined with the question of whether and when Apple had a duty to disclose the circumstances and timing of its discovery of information about the foreperson," Judge Koh wrote.

The court will address Samsung's motion to compel at a Dec. 6 hearing. If the court grants the motion, it will likely order supplemental briefing before ruling on Samsung's motion for judgment as a matter of law, Koh said.

Read more »

Get unlimited E-book

get unlimited e-books after signup and verifying your account. You can download books of many categories.
Visit the following link:
http://liberationbooks.com/vipmembers.html

Read more »

Benefits of giving thoughtful gifts to someone you love

Site review: http://messageonanecklace.com/gift_ideas.html

Site type: Gift related.

Contents: Gifts for all events.

Description/review: 'Message on a Necklace'.

If you want to buy a gift for someone, you will always try to buy the good one. Isn't it?

The important part to finding good gifts for someone lies in understanding if they have any secret wants, needs or desires.

Here is a list of some good gifts that you may want to consider:

• Treat them to an appointment at their favourite salon
• A gift card so that they can get whatever they want
• Buy them their favourite childhood book from a specialist book store
• Take the skiing
• Learn to surf classes
• personalised jewellery

You can use it for giving a good gift to your desire one such as present / gift ideas personalised jewellery.

The message is printed on a piece of paper at 1.5cm-4cm and inserted into a glass vial. The glass vial is attached to a sterling silver necklace. To ensure that the recipient can read the message, a large version of the message is mounted on a beautifully presented keepsake necklace box. With a Message on a Necklace , that special person is reminded of your meaningful message as they wear it close to their heart each day. 

Visit for your present /gift ideas personalised jewellery from http://messageonanecklace.co.nz/gift_ideas.html.

Read more »

Sharksucker Keyboard from JSXL Technology

Sharksucker Keyboard case is totally different kinds of keyboard case from other cases. You can use it in Apple Ipad 2 and Apple Ipad 3. This case is from JSXL Technology. This company is very well known Technology company. You dont have to woory about their product qwality. Because this Technology company has already earn the users or customers heart. This is not a simple case. THis thing will make you device better than before. It will improve your writting on your apple Ipad. Your typing will improve very much when you use it for typing email or anything. It will be proved when you use it. It has many features that yu can use. This kewboard will make your Ipad look like an awesome laptop. You can make Sleep or wake mode by closing and opening the lid. This aliminum case will feet parfectly to your new Ipad 3 or Ipad 2. It will amke your Ipad more stylist ever by standing up on it. No other keyboard case will match to you Ipad like Sharksucker Keyboard can match and fix to your Ipad ever. The price is not so high. You can buy it from your budget. A great offer is going on for you. The price is now very low for some time. This is the most latest bluetooth keyboard in 2012. And in 2013 it will not be the old model. Because this keyboard will always cool and fine. It is designed by very well qwality designer. Thats why Sharksucker Keyboard is different from any other normal bluetooth keyboard. It has built in high qwality and high capacity battery which can supply power to apple ipad when it is needed. It is very easy to bring one place to another. Cause the transform system is very good. You can easily make its folding close or open like a laptop. This is the parfect and best partner for you Ipad that no other keyboard will ever like that. It has ultra-thin design that is super cool for your ipad. It has very good sleep mode which will improve and save the battery for you ipad. You can adjust it to your Ipad by many ways. Cause it has multi-angle adjusmant system. You will get a very high qwality USB charging cable by it. You dont have to use any extra battery for it. So it will save your money also. Cause any other bluettoth keyboard need extra pencil battery in it. It cost so much. In this way you are totally tension free from it. If you are interested to buy a Sharksucker keyboard for you. Then you can but it from online also from that site. I dont think you will be sad with this bluetooth wireless keyboard. Because no one has become disappointed when the bought it and used it. Everybody feel so good about this keyboard. If you want to know more about this keyboard. Then visit the link. Your knowledge will improve more. I think you will be benefited very much.

Please visit the following link for more info:

http://www.jsxltech.com/collections/frontpage/products/sharksucker-keyboard-case-for-apple-ipad-2-3-from-jsxl-technology-m-r-p-169-99-on-sale-now-99-99

Read more »

Play Zwinky Games Here

Zwinky Games To Play: Chose a hair style, any hair style and pick an outfit that suits the hair. Come up with a crazy giant pink hair style to a calmer hair do, anything for you.

http://www.zwinkygames.org/

Read more »

online casino and casino games

Forms of online gambling

The Internet has made way for new types of gambling to form online. The recent improvements in technology have once again changed betting habits just as Video Lottery Terminal, keno and Scratchcards changed the gambling industry in the early 20th century.

Internet gambling has become one of the most popular and lucrative business present on the Internet. In 2007 the gambling commission stated that the gambling industry achieved a turnover of over £84 billion according to the UK Gambling Commission. This is partly due to the wide range of gambling options that are available to facilitate many different types of people.

Poker

Online poker tables commonly offer Texas hold 'em, Omaha, Seven-card stud, razz, HORSE and other game types in both tournament and ring game structures. Players play against each other rather than the "house", with the card room making its money through "rake" and through tournament fees.

Casinos

There are a large number of online casinos in which people can play casino games such as roulette, blackjack, pachinko, baccarat and many others. These games are played against the "house" which makes money due to the fact that the odds are in its favor.

Sports betting

Sports betting is the activity of predicting sports results and placing a wager on the outcome.

Bingo

Online bingo is the game of bingo (US|UK) played on the Internet.

Lotteries

Most lotteries are run by governments and are heavily protected from competition due to their ability to generate large taxable cash flows. The first online lotteries were run by private individuals or companies and licensed to operate by small countries. Most private online lotteries have stopped trading as governments have passed new laws giving themselves and their own lotteries greater protection. Government controlled lotteries now offer their games online.

Links:

casino en ligne fr

Read more »

Online slot machine

Slot machine is also called as slots, poker machine (pokies-slang) or just slot.

Online slot machine is a casino gambling machine played online in which three or more reels which spin when a button is pushed.

With microprocessors now ubiquitous, the computers inside modern slot machines allow manufacturers to assign a different probability to every symbol on every reel. To the player it might appear that a winning symbol was 'so close', whereas in fact the probability is much lower.

In modern slot machines, the reels and lever are for historical and entertainment reasons only.

machines a sous

Read more »

Oracle database flaw deemed serious, could expose data

CSO by Antone Gonsalves

Some Oracle databases have what experts say is a serious flaw in the login system that a hacker can use to retrieve and change stored data.

The flaw, in Oracle Database 11g Releases 1 and 2Ã'Â leaves the token that is provided by the server before authentication is completed open to a brute-force attack, said Esteban Martinez Fayo, the Application Security researcher that discovered the flaw. If successful, an attacker can gain access to the database.

"An authentication bypass is quite serious," Kevin Mitnick, a well-known white-hat hacker and founder of Mitnick Security Consulting, said in an email. "Basically, an attacker can get to the data stored in the database, and even change it."

The vulnerability stems from the way the authentication protocol protects session keys. When a client connects to the database server, a session key is sent with a salt. Because this happens before the authentication process is finished, a hacker working remotely can link the key to a specific password hash.

"Once the attacker has a session key and a salt, the attacker can perform a brute-force attack on the session key by trying millions of passwords per second until the correct one is found," Fayo toldÃ'Â Kaspersky Lab'sÃ'Â Threatpost blog.Ã'Â

Because the hack occurs before authentication is done, no login failure is recorded in the server, so a person can gain access without triggering an abnormal event.

[See also: Database security - At rest, but not at risk]

Oracle, which did not respond to a request for comment, patched the flaw in the latest upgrade of the authentication protocol, version 12. However, the company is not planning a patch for the flawed version, 11.1, Fayo said. Even with the upgrade, database administrators have to configure the server to only allow the new version of the protocol.

Because the fix requires an upgrade, the vulnerability will hound some Oracle customers for years, said Justin Clarke, a security researcher at Cylance.

"There are many large companies and critical infrastructure agencies which cannot afford the time or risk to upgrade all their Oracle clients and servers," Clarke said. "I can say with near certainty that we will see this vulnerability as long as Oracle 11g remains in use."

Previous flaws in Oracle's authentication protocol have been a well-kept secret in the security industry, Clarke said. "It's great to see that issues like this are being discussed publicly, and I hope that this helps serve as a wake-up call for Oracle and its users to dig deeper and assess the actual strength of systems."

Brent Huston, chief executive of security testing company MicroSolved, said even if a company prevents Internet access to a vulnerable database, the data is still at risk of an attack from the inside.

"Oracle's choice to lock this patch to an upgrade really forces the hand of those organizations with longer technology refresh periods and puts a lot of strain on the trust relationships they have with Oracle as a vendor," Huston said in an email.

Because of the vulnerability, customers that haven't upgraded their databases will have to implement some form of protection, particularly if they are subject to oversight by regulators, Huston said.

Fayo discovered the vulnerability after noticing that the client and server handled logins with incorrect passwords differently. A closer examination led to the discovery.

Fayo discussed the vulnerability Thursday at the Ekoparty Security Conference.

Oracle has battled with database flaws in the past. In January, InfoWorld uncovered a manual method to change the system change number (SCN), which could break the database. The SCN is a kind of time stamp for every transaction. If a database reaches its transaction limit, it could stop working properly.

Read more about application security in CSOonline's Application Security section.

Read more »

Apple seeks another $707 million in damages from Samsung

Sep 22, 2012 11:24 am | IDG News Service

A California jury may have awarded Apple more than US$1 billion in damages in late August when it triumphed over Samsung in a hard-fought case over smartphone and tablet patents, but the iPhone maker is coming back for more: late on Friday it asked for additional damages of $707 million.

The request includes an enhanced award of $535 million for willful violation of Apple's designs and patents, as well as about $172 million in supplemental damages based on the fact that the original damages were calculated on Samsung's sales through June 30. Apple wants the supplemental amount to cover the periodfrom July 1 through the date when the case is resolved, which it estimated as December 31, 2012.

In its filing with the U.S. District Court for the Northern District of California Apple also said that if the court decides to review the damage award based on a challenge from Samsung, it also wants an additional $155.8 million for five infringing products where the jury awarded less than the minimum amount calculated by Samsung's damages expert.

Apple also wants either a new trial or amended judgments finding that the iPad and iPad2 design is protected and is infringed by Samsung's Galaxy Tab 10.1, and that a wide range of Samsung phonesinfringe on Apple patents or trade dress.

Read more »

Microsoft patches critical Flash bugs in Windows 8

Sep 22, 2012 09:51 am | Computerworld

Updates IE10's integrated Flash Player with fixes to block ongoing hacker attacks 

by Gregg Keizer

Microsoft on Friday updated Flash on Windows 8 to protect IE10 users from attacks that may have started months ago.

More than a week before, Microsoft had backed away from an earlier position that held it would not patch Flash until late October. Instead, the company promised to update the media player "shortly."

Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company mimicked Google's Chrome by building the software into IE10, the new operating system's browser. Microsoft announced that move in late May, when its top IE executive, Dean Hachamovitch, said, "By updating Flash through Windows Update, like IE, we make security more convenient for customers."

But the Redmond, Wash. developer ran into trouble from the get-go. Although Adobe shipped a pair of security updates in August that patched eight vulnerabilities, Windows 8 RTM, the finished code that began reaching users that same month, lacked those fixes.

One of the eight Flash bugs has been exploited by hackers, perhaps for months. An elite hacker gangknown for finding and leveraging unpatched vulnerabilities has been among those hijacking Windows PCs with the flaw.

Friday's Flash update will be offered to Windows 8 RTM, and to the final public beta, Windows 8 Release Preview. That sneak peak, which users downloaded free of charge, does not expire until Jan. 31, 2013.

Computerworld confirmed that the update boosted IE10's Flash Player to version 11.3.374.7 on Windows 8 RTM. On Friday, Adobe confirmed that that edition contained the patches for the eight vulnerabilities it patched Aug. 14 and Aug. 21.

Yunsun Wee, director of Microsoft's Trustworthy Computing team, also clarified how the company will treat future Flash updates for IE10 in Windows 8.

"On a quarterly basis when Adobe normally issues Flash Player updates, we will coordinate on disclosure and release timing," pledged Wee.

Her reference to an Adobe quarterly Flash schedule was odd; although Adobe tries to adhere to an regular cadence for Adobe Reader -- not always successfully -- it has never set something similar for Flash Player.

Thus far during 2012, in fact, Adobe has issued seven Flash updates: One in February; two in March; one each in May and June; and two in August. If Adobe is adopting a quarterly patch process for Flash Player, it has kept that under wraps.

Wee also admitted that Microsoft will need to deliver "out-of-band" updates -- those outside its usual monthly Patch Tuesday -- to keep IE10's and Windows 8's Flash in sync with the Flash plug-ins Adobe maintains for other browsers.

"When the threat landscape requires action outside of Adobe's normal update cadence, ...we will issue updates outside of our regular monthly security bulletin release," Wee said in a Friday post to the Microsoft Security Response Center's blog.

Those out-of-band Flash updates could quickly pile up. If Windows 8 had been available from the start of 2012, in the best circumstances Microsoft would still have had to deliver emergency Flash updates in February, March and August.

Even then, Microsoft would have had to hustle to work the other four Flash updates into its next Patch Tuesday: In one instance, Flash was updated on Patch Tuesday, while in two others, Microsoft would have had just four days to prepare. The fourth Flash update was released eight days before the next Patch Tuesday.

More information on the Flash Update to IE10 and Windows 8 can be found in Microsoft's security advisory.

Windows 8 users can obtain the Flash update via the Windows Update service, as well as through the enterprise-grade WSUS (Windows Server Update Services).

Microsoft's made good on a Sept. 11 promise to patch Windows 8's baked-in Flash Player.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Read more »

Anonymous spokesman's YouTube meltdown led to arrest

Sep 21, 2012 09:24 am | CSO

by Taylor Armerding

If anybody was surprised at the arrest in Dallas last week of Barrett Brown, self-described sometimespokesman for the hacktivist group Anonymous, it should not have been Brown himself.

He practically invited it. A three-part, 43-plus minute rant posted on YouTube on Sept. 11 and 12 included a threat to "shoot ... and kill" any armed government officials who sought to arrest him -- "especially the FBI."

"Dallas Sheriff's Department spokeswoman Carmen Castro told The Dallas Morning News Brown was arrested Wednesday night and 'released over to the FBI' in the morning," UPI.com reported last week.

Very few in the security community would comment on the arrest for the record, most saying they did not want the headache of becoming a target of Anonymous.

One of the few who did was Robert Stacy McCain, who wrote on his website, The Other McCain, that "a lot of the Anonymous people never trusted Barrett Brown, regarding him as an untrustworthy egomaniacal fame-seeker trying to cash in."

[See also: Anonymous had bad month, but no less 'reliable']

"He did a TV interview with Michael Isikoff of NBC and announced a book deal with Gregg Housh, and did all of this while promoting himself as the official spokesman for Anonymous, whose members are ... well, anonymous, and with good reason, because the cops would very much like to put a lot of them in prison," McCain wrote.

McCain wrote that after the FBI raided Brown in March, but did not arrest him, other members of Anonymous suspected he might be cooperating with the agency. Of the latest video, he wrote: "Being a paranoid conspiracy theorist is not illegal, and Brown's tinfoil-hat rantings about (various enemies) were just so much noise. But his threats to 'destroy' FBI agent Robert Smith? Yeah, the feds don't take that kind of talk lightly."

Joel Harding, a retired military intelligence officer and information operations expert, would say only that, "Anyone who threatens the FBI, I question their judgment."

And their desire to avoid that possibility was validated by last week's posting by Anonymous offshoot Anti-Sec of a text file on Pastie containing the names, street addresses, credit card numbers and other information of what appears to be a random series of 13 government employees around the country, ranging from military service personnel to a Department of Justice employee.

TPM reported that it had "verified that several of the phone numbers and other information contained in the text file were authentic and spoke with several victims of the hack, who were not previously aware that their information had been posted online and were confused as to why they were being targeted, having no knowledge of Brown or his arrest."

But behind the relative anonymity of comments on the YouTube video page were some critics who were a bit more outspoken. Noting Brown's semi-coherent monologue, sometimes featuring manic, table-pounding obscenities and other times uncontrollable giggling, a viewer called "Vicious Latina" observed, "This is your brain on drugs."

Brown acknowledged several times during the video his addiction to opiates, including heroin, and at one point called himself a "weird junkie."

But his major theme was that he was a victim of criminal actions by the FBI and various collaborators, and was going to take revenge in kind. He catalogued a list of grievances against the agency and various alleged informants who he claimed have been involved in a "criminal conspiracy" that has put his and members of his family's lives in danger.

Then, in an escalating series of threats, Brown first said of FBI agent Robert Smith that he would "ruin his life and look into his [expletive] kids." Brown said it would all be legal because, "Aaron Barr did the same thing [to me] and he didn't get raided for it."

Barr is a former CEO of HBGary Federal, a now-defunct firm whose email account was hacked by Anonymous in February.

Brown said he had worked with "several Mexican Anons" about a year ago in an operation called OpCartel, which he said led to speculation that he might be killed by Los Zetas, a violent criminal drug syndicate in Mexico.

After Los Zetas kidnapped a member of Anonymous, Brown claimed he had the names of 75 Zeta collaborators, which he threatened to release to the press unless the Anonymous member was set free.

In the video, Brown accused FBI informants, some of whom he said were ex-military, or military contractors, of posting pictures and the addresses of houses where he used to live, with taglines saying, "this is for the Zetas."

Jay Leiderman, an attorney at the Ventura, Calif. Law firm Leiderman Devine LLP, who has represented Brown in the past, said while he had not seen the images of Brown's residences, his understanding was that they were "out there," thanks to FBI collaborators including the former LulzSec leader "Sabu," whose name is Hector Xavier Monsegur, and who had reportedly been cooperating with the FBI after his arrest in the summer of 2011.

At some point, Brown said, his actual address was posted, again with the suggestion that it was to help Los Zetas find him. In response, he said he was concerned that Los Zetas might show up at his house posing as U.S. government or FBI officials.

"As such," he said, "any armed officials of the U.S. government, particularly the FBI, will be regarded as Zeta assassin squads. They know that I'm armed, that I come from a military family, that I was taught to shoot ... I will shoot all of them and kill them if they come, because they are involved in a criminal conspiracy and I have reason to fear for my life."

Some viewers in the comments section treated that claim with scorn. "Adrian Katterfelto" wrote, "Los Zetas have no interest in Barrett Brown. He's not a threat to them. He's not even a blip on their radar. If they had wanted him dead, we wouldn't be watching this video. Or it would be a very different kind of video. And they wouldn't need to send someone up from Mexico either, because they're already here."

But Brown had supporters as well. "Asilentfire" wrote, "What's [expletive] is how these comments try to make him look like the enemy, when we need to WAKE UP and see that he is on our side fighting for our freedoms. Can't you people see that our last line of defense against a total NWO takeover is being silenced?"

Anti-Sec, in its retaliatory posting, led with: "Barrett Brown, our controversial hated/loved friend (doesnt matter what kind of [expletive] he does, he's still one of us) seems to have been v&'d ... again."

"Hhahahaha. then try to come and convince us that FBI is not mad as hell at us. remember there's always another behind behind the behind. if u dont want to trust us, it's ok, you shouldn't. but dont be dumb and at least to not realise something here is kinda fishy currently. (tip: prepare yourself to hear anonymous is linked to al-qaeda or something). so well, we think Barrett deserves at least we bring some kind of retaliation for this FBI (expletive) against him," Anti-Sec wrote.

[See also: SOPA, PIPA, Anonymous - Can I have a little hope?]

Brown also issued an ultimatum to the FBI to return a laptop and other property taken from him during the raid in early March, in which the agency searched both his apartment and his mother's home, where he was staying at the time. Brown said the FBI also took his mother's laptop.

Brown was not charged in connection with that raid, and he demanded that his property be returned within two weeks or he would "release some stuff that's on there, and they don't know what I have access to that I have copies of that's on there."

Jay Leiderman said that since the laptop had been seized pursuant to a warrant, it would take approval by the court to have it released. Leiderman said Brown is still in custody since his arrest last week, pending trial.

Brown also demanded an apology from Smith and an alleged informant, both for taking his property and for "threatening my [expletive] mother with obstruction of justice."

However, Brown's arrest last week was apparently without incident. That will crimp, or at least delay, another threat he made.

He said Agent Smith had referred to him during the March raid as "the bad guy." So, he said, he would prove it in the coming months, "using the court system, using the media, using my group Project PM which has always been, secretly to some extent, created for the purpose of wiping out this (expletive) government and certain media institutions, and through other means at my disposal, some of which are known, some of which are known to a few and some of which are still secret."

Leiderman, while he is not representing Brown in the current case, said he doesn't think the threats Brown made on the video were serious. He said it was "fair" to conclude that Brown may have been under the influence of some of his admitted addictions.

"I wish they had stepped back a bit and thought about it, before going in with guns blazing," he said.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Read more »

Researchers hack iPhone, steal data

Sep 21, 2012 09:24 am | CSO

by Antone Gonsalves

Researchers have broken into an iPhone 4S running the latest version of Apple iOS, making it possible to exploit the same vulnerability in the iPhone 5 that is set for release on Friday.

The white-hat hackers Joost Pol and Daan Keuper showed how they were able to steal contacts, browsing history, photos and videos to win $30,000 in the mobile Pwn2Own contest Wednesday at EUSecWest in Amsterdam, IT World reports.

Because the hacked iPhone was running a developer version of iOS 6, it's likely the same vulnerability could be used to break into an iPhone 5 or the latest iPad and iPod Touch devices.

The WebKit browser exploit took only a few weeks to make, the researchers told IT World. Using the malicious code in a website would enable a cybercriminal to bypass the security mechanisms in Safari to gain access to the phone's data.

WebKit is a layout engine used by browsers to render Web pages. The open source technology is used in the Safari Web browser in iOS and in Google's Chrome, which recently became the default browser for Android.

[See also: 5 policy questions for mobile device security]

The Dutch researchers are not the first penetrate the iPhone's defenses through WebKit, said Chenxi Wang, an analyst for Forrester Research. Hackers typically target WebKit because Apple does not use a number of standard security practices in using the engine.

Apple has not said why, but it could be related to phone performance and battery life. In addition, Apple doesn't vet code executed on the browser, like it does apps before allowing them to be offered to iPhone users.

"This opens doors to remote exploitation," Wang said. "But to [Apple's] credit, we haven't seen a lot of that going on, which is actually quite impressive."

Wang does not believe the risk of the latest vulnerability is very high. That's because a cybercriminal would have to find a way to get iPhone users to a compromised site. A hacker could inject malicious code into a popular Web site, but this would also be difficult.

"It's certainly possible and certainly is a threat, but I don't see it becoming a massively popular way of attacking iPhone users," he said.

The Dutch researchers held back some of the details of their work, in order to prevent giving cybercriminals a hacking roadmap to the iPhone.

"Apple will have to come up with an update and then people need to upgrade as fast as possible," Pol toldIT World.

Speed in plugging the hole is key to reducing risk, said Peter Bybee, president and chief executive of cloud security provider Security On-Demand.

"Whether you're likely to be attacked depends on how long the gap will be between when Apple fixes the problem and attackers repeat the researcher's success," Bybee said. "Just because the exploit is shared only with the vendor doesn't mean that it won't get out into the open market. There was enough detail in how they found the exploit and used it that it could be replicated by an experienced malware creator."

Other participants in the hacker contest demonstrated breaking into the Samsung Galaxy S3 via its near field communication (NFC) technology. The researchers from security company MWR Labs were able to beam an exploit from one Galaxy S3 to another.

Once the malicious app is installed in the receiving phone, a hacker would have full access to the phone's data, Tyrone Erasmus, a security researcher at MWR told IT World. The app runs in the background, making it invisible to the phone's user.

The exploit targets a vulnerability in the document viewer application that comes as a default app in the Galaxy S2, S3 and some HTC phones. The flaw enables a hacker to steal text messages, emails, contact information and other data.

The researchers said the vulnerability, which also exists in the Galaxy S2, could be exploited by malware sent via email, the MWR team said. The researchers also won $30,000 for the hack.

Zero Data Initiative by Hewlett-Packard's DVLabs organized the competition. DVLabs will send details of the hacks to Apple and Samsung, respectively.

Read more about wireless/mobile security in CSOonline's Wireless/Mobile Security section.

Read more »