Former users of Megaupload have at least two more weeks to worry about what will happen to their data. Despite the government’s indications that the Megaupload user data could be deleted by Thursday, Megaupload’s data hosting services, Carpathia Hosting and Cogent Communications, have agreed to preserve users’ files for a minimum...

In the wake of the MegaUpload shutdown many of the site’s users have complained about the personal files that were lost as collateral damage. From work-related data to personal photos, the raid disabled access to hundreds of thousands, perhaps millions, of files that are clearly not infringing. A recent announcement by the US Attorney...

The activist hacker group Anonymous attacked three Mexican government websites on Friday in protest at a proposed bill that seeks to toughen local laws about online file-sharing. The affected sites belong to the Interior Ministry, the Senate and the Chamber of Deputies. The homepage of the Interior Ministry remained offline by mid-afternoon. “We...

The government debate over the Stop Online Piracy Act may have taken a break for the holidays, with the hearings in the House of Representatives apparently delayed until an unspecified date next year, but just in case you thought the debate online might calm down, Anonymous has entered the fray.

In a statement released earlier this week, Anonymous announced OpBlackOut, a plan to “replace the face of the internet with a clear message about how we feel about censorship.” Calling SOPA “an oppressive new law that will allow the Federal Government of the United States to shut down, arrest, fine and prosecute any website and its operator(s) at the behest of corporations who can and do stand to profit from weaponized citizenship,” Anonymous is planning OpBlackOut as a response in which front pages of sympathetic websites will be replaced by an image they call “a simple, clear protest page” to stand united against the potential passing of SOPA.

The image calls for Internet users to “assertively prevent SOPA from being enacted,” adding “Remember, we are the people, this is our voice, no system can exist that we do not support.” The aim of the campaign, according to the Anonymous release, is in part to “Get people talking” and “Put the truth not only where it can be seen, but where it cannot be avoided,” with the group suggesting that followers coordinate information with those participating in Occupy protests. Two days after the start of the protest, it doesn’t seem to have caught on, but it may just be early days. Whether or not the protest will do anything to affect the House of Representatives’ debate, of course, is another matter altogether.

This is the newest Chinese drone. It seems much more advanced than what anyone imagined. Apparently, Bruce Wayne is now working for the Chinese military, which is pushing hard trying to match the US industry capabilities. They’re getting close.

They seem to be working in two variants of this drone. The first one is called Crossbow, the stealth model. The second is called Wing Blade—pictured here. It adds extended wings and winglets to the Crossbow design.

There’s no more information about the drone, but I will not be surprised to see it flying in a few years. While they are still behind the United States’ military power, the West can’t underestimate the incredibly fast evolving Chinese aerospace industry. Heck, give them a RQ-170 Sentinel and they will have their drones flying in a year.

Copying or not copying, they are getting there. [Sinodefence via Flight Global]

The United States should be more open about its development of offensive cyber weapons and spell out when it will use them as it grapples with an increasing barrage of attacks by foreign hackers, the former No. 2 uniformed officer in the U.S. military said.

“We’ve got to step up the game; we’ve got to talk about our offensive capabilities and train to them; to make them credible so that people know there’s a penalty to this,” said James Cartwright, the four-star Marine Corps general who retired in August as thevice chairman of the Joint Chiefs of Staff.

Cartwright, who raised the profile of cyber security issues while still in uniform, told Reuters in an interview that the increasing intensity and frequency of network attacks by hackers underscored the need for an effective deterrent.

“You can’t have something that’s a secret be a deterrent. Because if you don’t know it’s there, it doesn’t scare you,” Cartwright, now a fellow at the Washington-based Center for Strategic and International Studies, said in one of his first interviews after leaving office.

Current and former U.S. officials are tight-lipped about any specific weapons. But it is widely acknowledged the United States has both offensive and defensive ways to respond to escalating and increasingly destructive attacks from overseas.

Underscoring the threat, this week an arm of the U.S. intelligence community released a report identifying China and Russia as the most active and persistent nations that are using cyber espionage to steal U.S. trade and technology secrets.

Cartwright said it was important to send a strong signal to potential adversaries that the United States viewed responding to cyber attacks as its “right to self-defense,” even if hackers were using a server in a third country.

“We’ve got to get that done, because otherwise everything is a free shot at us and there’s no penalty for it,” he said.

His comments come as the Obama administration debates the rules of engagement for cyberspace, now seen as a fifth domain for military operations, joining air, land, sea and space.

Earlier this year, the White House released a new cyber strategy that said that, when warranted, the United States would respond to hostile acts in cyberspace “as it would to any other threat to our country.”

Now the military must work out exactly how to implement that. Key questions include how forthright Washington will be about work on offensive computer network attack weapons; what would constitute an act of war; and operational plans for training, testing and using of its electronic arsenal.

PENTAGON PRIORITY

Recent attacks on U.S. corporations such as Google Inc, the Nasdaq stock exchange, Lockheed Martin Corp, and RSA, the security division of EMC Corp, have given government officials and lawmakers a renewed sense of urgency about addressing threats to U.S. computer networks.

Cartwright’s concerns are widely shared by U.S. military and law enforcement officials, who are alarmed by the lack of adequate network security they see in corporate America.

General Martin Dempsey, chairman of the Joint Chiefs of Staff, told lawmakers at a classified briefing on Tuesday that improving cyber security was an increasingly important priority.

“He prominently mentioned cyber security as a growing threat … something that needs to be much higher up on our national security priority lists than it has been in the past,” Representative Adam Smith, the top Democrat on the House Armed Services Committee, told reporters after the briefing.

U.S. Army General Keith Alexander, director of the National Security Agency and U.S. Cyber Command, last month said U.S. military officials would finalize new rules of engagement and operational planes for cyber space in coming months.

QUESTIONS ABOUT DETERRENCE

Experts say any deterrent posture must be carefully crafted, but that is particularly true in cyberspace.

David Smith, a fellow at the Potomac Institute for Policy Studies and former U.S. diplomat engaged in talks with the former Soviet Union, said a deterrence policy had to be crafted very carefully to establish a credible threat of possible action without being too specific.

“You deter by keeping a level of uncertainty,” Smith told Reuters. “To craft a good deterrent posture, you sort of tell people the kinds of things you have, and roughly, what the response would be if the interest of the United States were threatened, basically, that nothing is off the table.”

Unlike the nuclear arena, where it was fairly easy to determine who had launched a ballistic missile attack, attribution remains an enormous challenge in cyberspace, where hackers can mask their identities.

Eric Sterner, a former Pentagon official and fellow at the conservative Marshall Institute think tank, said being too clear about what would provoke a response would invite hackers to test the limits up to that point.

“As soon as you declare a red line, you’re essentially telling people that everything up to that line is OK,” Sterner said.

Cartwright said it would probably take hackers two to five years before they could disable a large percentage of the banking industry or the U.S. electrical grid. But even a smaller attack could undermine confidence in financial markets, he said.

Establishing a deterrent posture now would help stem the endless tide of attacks coming from overseas, he said.

Not happy with their massive CCTV network, UK law enforcement is taking Big Brother to the next level. Soon UK police will be rolling out a Man in the Middle scenario that will fool your cell phone into thinking it’s communicating with the provider’s tower so that they can easily intercept phone calls, SMS messages, and possibly log data.

Created by Datong Intelligence LED, this technology includes a small suitcase sized device that can be easily deployed wherever on a moments notice, say areas of civil unrest. Once the unit is deployed it can cover an area of up to 10 sq km allowing law enforcement the option to secretly intercept / monitor all mobile communications before passing it off to the real network or disable all mobile phones in the coverage area outright. While it’s obvious that law enforcement would use this technology during times of civil unrest, many are worried that this technology once deployed may not be shut down (given the abuse of CCTV and news that England wants to ban those who participate in civil unrest off of Facebook and Twitter this scenario it not too far fetched).

Datong also has contracts in the United States government as well as dozens of other countries around the world

Hackers playing around with hidden code inside iOS 5 have managed to enable a feature that allows panoramic photography on iPhones. The functionality was not intended for public use, but jailbreakers thought otherwise.

In what may be considered a violation of Apple’s end user license agreement (EULA), iOS 5 customers can jailbreak their iPhones, visit Cydia and download a tool that enables a restricted feature inside the software.

A few hours ago hacker chpwn wrote on Twitter “Just submitted ‘Firebreak’ to Cydia to enable that panorama mode @conradev discovered for everyone, should be out tomorrow.”

Two hours later, he returned with the following tweet: “Firebreak (enable the hidden iOS 5 panorama) is now out in Cydia! (Also, a quick appslide update for Notification Center issues is out.)”

Although jailbreaking has been deemed legal in the United States, using jailbreaks to enable otherwise restricted functionality may fall outside the boundaries of said legality.

The Panorama mode works pretty much as you’d expect it to. The newly-enabled option appears in the Camera menu on iOS 5. Users just select Panorama mode and then move their phone about to capture more than the camera can see when stationary.

The software then stitches the ends together and churns up images like the one displayed to the left.

As the high-res photo shows, the feature seems to be incomplete, hence Apple’s decision to hold it back until it’s ready.

If Apple is not only working on bug fixes with iOS 5.0.1, but also new features, the Panorama mode may turn up in future software updates.

Apple is evidently testing the possibility of implementing this in iOS, so it’s only reasonable to assume it will eventually be released to the public.

The Defence Advanced Research Projects Agency (DARPA) came to the conclusion that the networks which encapsulate the most sensitive information the United States has to offer are highly vulnerable in front of cyber attacks, so they decided to have a meeting to discuss the ways in which this infrastructure can be best protected.

In their own terms, they seek the “elite of the cybercommunity,” including visionary hackers, professionals and academics from all sorts of businesses. In other words, anyone who thinks they can help.

“Few revolutionary strategic advantages resulted from operating in a vacuum,” said Daniel Kaufman, office director of DARPA’s Information Innovation Office at the time when the meeting was announced. 

“The pace, impact and reach of cyber demands collaboration. That’s why DARPA has invested heavily in cyber research that spans the performer spectrum and makes it easier for those with ground-breaking innovative cyber solutions to work with us.” 

On November 7 the “frank discussion” took place, around 700 people taking part at the meeting, but according to Wired, there were more representatives of the security industry than hackers.

Many security experts already had their chance to prove they can properly protect the government’s assets but most of them failed and that’s why DARPA is looking for someone who’s been on the other side and came back.

They are asking Congress for $208 million (145 million EUR) each year to fund their hunger for a watertight cyber security, and the sum is expected to grow in the next five years.

Hackers are already working for the agency, such as the well-known Peiter “Mudge” Zatko of the L0pht Collective, but it will remain to be seen if others are willing to join.

On the other hand, if we think of the sums involved, some visionaries might turn up to put all their knowledge on the state’s table.

Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft’s ASP.Net platform. About 180,000 pages have been affected so far, securityresearchers say.

Attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rr.nu, according to security researchers at Armorize who discovered the attack. From there, the iframe attempts to plant malware on the visitor’s PC via a number of browser drive-by exploits.

A drive-by exploit will load malware without a visitor’s knowledge or participation (no need to open a file or click on a link). Fortunately, the attackers are using known exploits, with patches available, so the attack can only be successful if a visitor is using an outdated, unpatched browser without the latest version of Adobe PDF, Adobe Flash, or Java.

Unfortunately, Armorize says that only a few of the most popular antivirus vendors can detect the dropped malware, according to the Virustotal web site. Virtustotal is a security monitoring service offered by Hispasec Sistemas that analyzes suspicious files and URLs. At this time, it says that 6 antivirus packages out of the 43 it monitors can detect this latest SQL injection attack. These are AntiVir, ByteHero, Fortinet, Jiangmin, McAfee, and McAfee-GW-Edition.

The attack is targeting users whose default browser language is English, French, German, Italian, Polish, or Breton. One of the sites accessed via the iframe is in Russia; the other is in the United States and is hosted by HostForWeb.com, Armorize says. Some of the planted malware accesses a site hosted in the United States, too.

Microsoft has been offering ASP.Net programmers information on how to protect against SQL injection attacks since at least 2005. In an article on MSDN that discusses preventing SQL injection attacks with SQL Server 2008 R2, Microsoft says, “Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.”

Companies running ASP.Net websites should validate that they have not become unwitting hosts of this latest attack.