Monday, November 23, 2009

Hello WordPress, God speed Blogger.

I am happy to announce that I am finally moving my blog from Blogger to WordPress. Yes you heard it right, Roy Mitsuoka blog site will have a new look and a new domain name. I will be quite busy with this work, as such my blog will not be updated for about few weeks.

Even so, the new domain is still in progress. I am also searching and woking with old buddies of mine for a new design for my blog. If you have any new templates in mind, feel free to submit me a suggestion.

Few weeks, be on WordPress. See you at WordPress.

Iran: Preps for Strike on Nuke Sites

Iran today began large-scale air defense war games aimed at protecting its nuclear facilities from attack, state TV reported, as an air force commander boasted the country could deter any military strike by Israel.

It said the five-day drill will cover an area a third of the size of Iran and spread across the central, western and southern parts of the country.

Gen. Ahmad Mighani, head of an air force unit in charge of responding to threats to Iran's air space, said Saturday the war games would cover regions where Iran's nuclear facilities are located.

The drill involves Iran's elite Revolutionary Guard, the paramilitary Basij forces affiliated with the Guard as well as army units.

The United States and its European allies accuse Iran of embarking on a nuclear weapons program. Iran denies the charge and insists the program is only for peaceful purposes.

Israel has not ruled out military action to stop Iran from obtaining nuclear weapons.

The commander of the Guard's air force, Gen. Amir Ali Hajizadeh, meanwhile sought on Sunday to play down the significance of Israel's threats against his country, saying they amounted to psychological warfare.

"We are sure they are not able to do anything against us since they cannot predict our reaction," Hajizadeh was quoted as saying by the Guard's official Web site, Sephahnews.

"If their fighter planes could escape from Iran's air defense system, their bases will be hit by our devastating surface-to-surface missiles before they land," he said.

Also today, Iran's defense minister, Gen. Ahmad Vahidi, said Iran planned to pursue designing and producing its own air defense missiles, according to the official IRNA news agency.

His comments were apparently in response to the delay in the delivery from Russia of S-300 anti-aircraft missiles, meant to be a key component of Iran's air defense.

Iran complains that the delay is apparently the result of Israeli and U.S. pressure.

Israel and the United States have opposed the missile deal out of fear Iran could use the system to significantly boost air defenses at its nuclear sites — including its main uranium enrichment plant at Natanz.

Commenting on this week's war games, a senior Obama administration official urged Iran to engage with the international community.

"We would prefer that the Iranian regime follow through on their offer to engage," said Ellen Tauscher, the U.S. undersecretary of state for arms control and international security.

"It is more important for them to build confidence with the international community," she said at a news conference Sunday at the Halifax International Security Forum in Nova Scotia.

Brazil: World Should Engage, Not Isolate Iran

Engaging, not isolating Iran is the way to push for peace and stability in the Middle East, said Brazilian President Luis Inacio Lula da Silva as he headed into private talks Monday with his increasingly alienated Iranian counterpart.

For Silva, President Mahmoud Ahmadinejad's first-ever visit to Brazil provides an opportunity to boost the international political clout of South America's largest nation.

For Ahmadinejad, it could provide some sorely needed political legitimacy for his nation as it engages in large-scale war games aimed at protecting its nuclear facilities from attack and refuses to back down from developing a nuclear program.

Oil prices rose above $78 a barrel Monday amid deepening tensions in the Middle East following the start of the war games and boasts by an air force commander that Iran could deter any military strike by Israel.

Silva, who has defended Iran's nuclear program, didn't mention the war games ahead of his meeting with Ahmadinejad but gave him a big bear hug and called for diplomacy to push for peace in the Middle East and ease tensions between Iran, the United States and other nations.

"There's no point in leaving Iran isolated," the Brazilian leader said on his weekly radio program hours before the two met. "It's important that someone sits down with Iran, talks with Iran and tries to establish some balance so that the Middle East can return to a certain sense of normalcy."

Ahmadinejad is the third high-ranking Middle Eastern leader to visit Brazil in recent weeks. Israeli President Shimon Peres and Palestine Authority chief Mahmoud Abbas were here shortly before him. During his radio show, Silva proposed a soccer game next March pitting Brazil's national team against a team comprising Israelis and Palestinians.

Silva, a deft negotiator whose skills were honed as a union leader, says a new tact is needed with the Iranians. It may not be as embracing as Venezuela's Hugo Chavez, a close ally whom Ahmadinejad will also visit during his South America tour.

But it also shouldn't be as punitive as the U.S. or European approach, Silva said.

"I told President (Barack) Obama, I told President (Nicolas) Sarkozy, I told (German) Chancellor Angela Merkel that we will not get good things out of Iran if we corner them. You need to create space to talk," Silva said last month.

The Iranian leader will next visit allies in Bolivia and Venezuela to shore up more South American support.

"With Brazil he gets more bang for his buck in the sense you're getting legitimacy from a more mainstream player," said Daniel Brumberg, an Iran expert at the Washington-based United States Institute of Peace. "One would hope Brazil's diplomacy would be skillful enough to get certain types of messages across to the Iranians and not just give Ahmadinejad the red-carpet treatment."

Ahmadinejad said Sunday that the two countries may discuss cooperation in the nuclear field, where Iran is under intense international pressure to stop uranium enrichment for fear that it is developing atomic weapons.

"We can build partnerships to build nuclear plants," he said in an interview with Brazil's Globo TV News. "Our two countries need nuclear power to generate electricity. Both Brazil and Iran are entitled to benefit from nuclear technology."

Iran says its nuclear program is for peaceful purposes. Ahmadinejad said in Sunday's interview that critics are politically motivated and believe only wealthy countries should have the technology.

Several dozen Ahmadinejad supporters and opponents held demonstrations in Brasilia on Monday, a day after about 500 people gathered at Rio de Janeiro's Ipanema Beach to protest his visit.

Groups representing gays, Afro-Brazilian artists, Christians, Jews, and Holocaust survivors carried protest banners and a giant cage Sunday containing white balloons, which they said was a symbol of Iran's "repressed values."

The Iranian leader has called for the destruction of Israel and repeated in Sunday's interview that homosexuality goes against human nature.

Israel is voicing concern about Iran's push in Latin America. Israeli Foreign Minister Avigdor Lieberman visited Brazil and Argentina in July and Israeli President Shimon Peres visited the same nations last week - the first such high-level visits in decades.

Brazil has the world's seventh-largest uranium reserves and enriches it for its own nuclear energy program. The nation has flatly said it would not sell enriched uranium to Iran, or any other nation.

In addition to encouraging Brazil to press Iran on its uranium enrichment, the U.S. State Department said it hopes Brazil raises the case of three American hikers being held in Iran after they crossed an unmarked border while hiking in Iraqi Kurdistan in July. Ahmadinejad didn't mention the hikers during his interview with Globo TV.

Security by Accident, or Security by Design? by Paul Ducklin

I can't imagine blaming anyone other than the author for last week's iPhone virus outbreak. The virus wasn't an accident -- the self-confessed creator wrote and disseminated the virus quite deliberately.

However, the virus only infects apostate iPhones whose owners have removed Apple's restrictive software cocoon -- so-called jailbroken devices. Additionally, the virus only infects iPhones which have not been properly secured after liberation. So there are many who blame the virus on the the jailbreakers, claiming they brought the problem on themselves.

And a few observers have even blamed the virus author's mobile phone operator, claiming that the company should have been using Network Address Translation (NAT) on its 3G network as a security measure which would have prevented the virus.

This is a curious argument, and it begs two questions: what is NAT, and what security purpose, if any, is is supposed to serve?

You can read about traditional NAT, which was first codified as RFC1631 in 1994, in RFC3022, published in 2001. NAT's primary objective was to make 32-bit IP numbers go further, in order to buy us time to update to IPv6. (Given that IPv6 adoption is still very limited, 15 years later, NAT has obviously achieved this goal.)

The basic idea is simple: take a single, public IP number issued by your ISP, and assign this number to a router at your network edge. Give all the PCs inside your network a range of non-unique, private IP numbers, and let the router translate all outbound packets so they appear to come from the network address of the router itself. Similarly, let the router translate and redirect all reply packets to the network address of the originating PC. And there you have it: Network Address Translation.

One side-effect of this behaviour is that inbound connection requests must be aimed at the router, since it has your network's only public-facing IP number. Until you instruct the router which inbound requests should be forwarded to which internal servers, inbound connections can't be accepted -- the router simply doesn't know where to send them.

So, as RFC3022 points out, "traditional NAT can be viewed as providing a privacy mechanism, as sessions are uni-directional from private hosts and the actual addresses of the private hosts are not visible to external hosts." In other words, by default, NAT limits the extent to which your network structure is visible to outsiders, and prevents outsiders from connecting into your network.

However, it is a large -- and, in my opinion, unwarranted -- leap of faith to consider NAT to be a security measure. Indeed, the original RFC authors seem to agree, warning that "unfortunately, NAT reduces the number of options for providing security." In particular, NAT makes it much more difficult to track troublesome behaviour back to source -- including security violations -- since the IP address of any offending host is masked by the NATting router.

In short, NAT is a necessary evil in contemporary networking, since we don't have enough IPv4 addresses for every device on the internet. Used responsibly, NAT can increase your resilience to external attack, because of its systematic resistance to unwanted inbound connections. But it is a snake-oil substitute for a proper network security regimen. It was designed to help the internet stretch further, not to make it more secure.

In particular, the PCs inside a NATted network enjoy no protection from each other because of NAT. Even if NAT helps to stop a virus like Conficker from sneaking into your LAN through your router, it won't stop the virus from wandering around inside your LAN if it gets in via other means. Indeed, when Conficker was widespread earlier this year, most organisational outbreaks I dealt with seem to have entered quietly on infected USB keys, and then spread liberally across the intranet -- whether the network was NATted or not.

Remember: security doesn't happen by accident.

(Nor do viruses, so don't try to shift the blame away from the people who create them in the first place.)

Intego Security Memo – November 23, 2009 (Jailbroken iPhone Worm Creates Botnet, Copies Personal Data)

Exploit: iPhone/iBotnet.A

Discovered: November 21, 2009

Risk: Medium

Description: For the third time this month, malware targeting the iPhone has surfaced. The first such malware changed wallpaper on iPhones1, and the second harvested personal data from iPhones2. This new malware, that Intego calls iBotnet.A, is by far the most sophisticated iPhone malware yet: it is not only a worm, capable of spreading across a network, but also hijacks iPhones or iPod touches for use in a botnet.

It is important to note that standard, non-jailbroken iPhones or iPod touches are not at risk; it is extremely dangerous to jailbreak an iPhone because of the vulnerabilities that this process creates. (Estimates suggest that 6-8% of iPhones are jailbroken.) Jailbroken iPhones at risk are those where ssh is installed, and where the default password has not been changed.

This worm starts by searching its local network, as well as a number of IP address ranges, for available devices to infect. The address ranges it scans include those of ISPs in the Netherlands, Portugal, Hungary, Australia, and if an appropriately unprotected iPhone is found, the worm can copy itself to these devices.

When active on an iPhone, the iBotnet worm changes the root password for the device (from “alpine” to “ohshit”), in order to prevent users from later changing that password themselves. It then connects to a server in Lithuania, from which it downloads new files and data, and to which it sends data recovered from the infected iPhone. The worm sends both network information about the iPhone and SMSs to the remote server. It is capable of downloading data, including executables that it uses to run and carry out its actions, as well as new files, providing botnet capabilities to infected devices. (A botnet is a network of infected computers or devices that can be controlled by hackers to attack other computers, serve malware, send spam, serve pages or images, and much more.)

The worm also gives each infected iPhone a unique identifier; this to be able to reconnect easily to any iPhones on which valuable information is found, but also to ensure that only infected iPhones can connect to the server. Finally, it changes an entry in the iPhones /etc/hosts file for a Dutch bank web site, to lead Dutch users who connect to this bank site to a bogus site, presumable to harvest user names and passwords.

Means of protection: Intego VirusBarrier X5 detects and eradicates this malware, which it identifies it as iPhone/iBotnet.A, on iPhones that it can scan from Macs with VirusBarrier X5 installed, with its virus definitions dated November 22, 2009 or later. The only other way to remove this malware is to totally wipe and restore the iPhone using iTunes.

We would like to stress that users who jailbreak their iPhones are exposing themselves to known vulnerabilities that are being exploited by code that is circulating in the wild. If users install ssh, they should change the default password, which is widely known. While the number of iPhones attacked may be minimal, the amount of personal data that can be compromised, and the ability of this new worm to create a botnet, strongly suggests that iPhone users should stick with their stock configurations and not jailbreak their devices.

Intego thanks Scott McIntyre, Chief Security Officer of the Dutch ISP XS4ALL, for his help in isolating and analyzing this worm.

Sunday, November 22, 2009

Hasan had Intensified Contact with Cleric: Suspect Raised Prospect of Financial Transfers by Carrie Johnson, Spencer Hsu, and Ellen Nakashima

In the months before the deadly shootings at Fort Hood, Army Maj. Nidal M. Hasan intensified his communications with a radical Yemeni American cleric and began to discuss surreptitious financial transfers and other steps that could translate his thoughts into action, according to two sources briefed on a collection of secret e-mails between the two.

The e-mails were obtained by an FBI-led task force in San Diego between late last year and June but were not forwarded to the military, according to government and congressional sources. Some were sent to the FBI's Washington field office, triggering an assessment into whether they raised national security concerns, but those intercepted later were not, the sources said.

Hasan's contacts with extremist imam Anwar al-Aulaqi began as religious queries but took on a more specific and concrete tone before he moved to Texas, where he allegedly unleashed the Nov. 5 attack that killed 13 people and wounded nearly three dozen, said the sources who were briefed on the e-mails, speaking on the condition of anonymity because the case is sensitive and unfolding. One of those sources said the two discussed in "cryptic and coded exchanges" the transfer of money overseas in ways that would not attract law enforcement attention.

"He [Hasan] clearly became more radicalized toward the end, and was having discussions related to the transfer of money and finances . . .," said the source, who spoke at length in part because he was concerned the public accounting of the events has been incomplete. "It became very clear toward the end of those e-mails he was interested in taking action."

Senate Armed Services Committee Chairman Carl M. Levin (D-Mich.) said Friday that he would investigate the handling of the e-mails -- 18 or 19 in all -- and why military officials were not aware of them before the deadly attack. Levin told reporters after a briefing from Pentagon staff members that "there are some who are reluctant to call it terrorism, but there is significant evidence that it is."

Bits and pieces of Hasan's communications with Aulaqi have become public since the Fort Hood massacre, but the sources provided the most detailed description yet of the messages. The e-mails will help investigators determine whether Hasan's alleged actions were motivated by psychological deterioration or inspired by radical religious views he found online and through e-mail exchanges with Aulaqi.

The sources said the e-mail correspondence is particularly troubling because Aulaqi, who has been on the law enforcement radar for years, is considered by U.S. officials to be an al-Qaeda supporter who has inspired terrorism suspects in Britain, Canada and the United States. Lawmakers and counterterrorism experts have questioned why no one in the government interceded earlier given Aulaqi's history and Hasan's military position.

The disclosures came as investigators in the FBI and the Army's Criminal Investigation Division continue to interview witnesses and execute search warrants in and around the Army's largest post, in Killeen, Tex., and elsewhere.

This week Defense Secretary Robert M. Gates launched a department-wide review to determine whether military procedures hinder the identification of service members who pose a threat to their fellow troops.

Hasan faces 13 charges of premeditated murder. He is scheduled to have his first formal court hearing Saturday, in his hospital room in the intensive care unit at the Brooke Army Medical Center in San Antonio, where he is recovering from gunshot wounds that have left him paralyzed.

Hasan's contacts with Aulaqi were not publicly disclosed until after the shootings, which the cleric subsequently praised, calling the Army psychiatrist a "hero" in a posting on his Web site.

In the months before the shootings, the two discussed how Hasan could make several transactions of less than $10,000, a threshold for reporting to U.S. authorities, according to the source who spoke extensively. Hasan did not explicitly vow to fund terrorist activities or evade tax and reporting laws for contributions, the source said.

"I believe they were interested in the money for operational-type aspects, and knowing that he had funds and wouldn't be around to use them, they were very eager to get those funds," he said.

To date, investigators have not unearthed evidence that Hasan sent money to charities with strong or suspected ties to Islamist militant groups, but they are continuing to probe his financial dealings as one aspect of a many-pronged case, other sources cautioned.

The FBI obtained the e-mails pursuant to court-ordered wiretaps, according to a former intelligence official. After receiving a wiretap order, Internet providers generally set up accounts that allow cloned copies of e-mails to go to the government agency in real time. Stored e-mails also may be provided with a search warrant.

In this case, a first batch of Hasan's e-mails was sent by agents in San Diego to the bureau's Washington field office, where a terrorism task force began to assess them in December. But months later, additional messages emerged, according to government and congressional sources. Those e-mails were reviewed only in San Diego, where authorities determined they did not pose a national security risk. The FBI said last week, without going into details about the process, that "all of the e-mails were known."

Hasan's commanding officer ordered him to "pre-trial confinement" on Friday, John Galligan, the suspect's attorney, said in an interview at his Belton, Tex., office. Galligan described pre-trial confinement as the strictest confinement in military court and said it usually means the suspect is locked in a military jail. Because Hasan is paralyzed and has substantial medical needs, Galligan said he will ask for his client to remain in intensive care under guarded supervision.

"He's in a hospital bed," Galligan said. "He's not going to get up and walk away."

In several of their applications for search warrants, authorities are approaching the matter as a regular criminal investigation rather than invoking special legal authority available in terrorism cases, the sources said.

What, if anything, authorities on the task force and in the Army should have done differently after Hasan emerged as a possible problem is the subject of multiple congressional and executive branch investigations, including one ordered by President Obama.

At a congressional hearing Thursday, Sen. Joseph I. Lieberman (I-Conn.), chairman of the Homeland Security and Governmental Affairs Committee, said that Hasan had conducted a "homegrown terrorist attack" -- a conclusion investigators have yet to reach.

But several current and former investigators who handle high-profile cases said that not citing terrorism as a possible motivation for Hasan at this stage may be a function of the legal standards imposed by prosecutors preparing the search applications.

Investigators within the FBI and the Defense Department continue to operate on the theory that Hasan acted alone, though they have demonstrated interest in his relationships with other soldiers including Duane Reasoner Jr., a convert to Islam who dined with Hasan at a local restaurant in the months before the attack.

Saturday, November 21, 2009

When the Iranian Clergy Switch Sides by Thomas Barnett

ARTICLE: Future Perfect, By Geneive Abdo, Newsweek , Nov 18, 2009

This fits nicely with the mullahs-have-lost-power scenario unfolding. Khamenei has so sold his soul to the Revolutionary Guard that the clergy are slowly coming to the conclusion that the faith would be better served detached from the government.

When this happens, a major portion of the clergy then switch over to the green movement and we get a Poland / Solidarnosc scenario that moves with great power.