Needless to say, the Computer Online Forensic Evidence Extractor (COFEE) is super-illegal for the average Joe to use, and the breach last month has opened up the floodgates for countermeasures. DECAF is a lightweight app for Windows that deletes temporary files, clears all COFEE logs, disables USB drives, and contaminates or spoofs a variety of MAC addresses once the COFEE software is detected. Future versions could also add features that allow users to remotely lock down protected systems.

Of course, the two guys behind DECAF have not released the source code for the app citing fears that the signatures might be reverse engineered. That means it could be riddled with software that can do God-knows-what to your computer. In this case, it's probably best to switch to Tea—or some other drink that hasn't been corrupted. [DECAF via The Register via Wired UK Image via Gimme Coffee]

As soon as the email archives' contents were made publicly available, arguments broke out. Was there proof of data manipulation that could flip the entire climate debate topsy-turvy? Were scientists at the university working to keep works by climate skeptics out of journals? Answers to either question are unclear. According to New Scientist, there was no evidence of actual data manipulation, but some of the email exchanges could be construed as attempts to suppress some research.

No matter how those questions wind up being resolved, in the end the trouble doesn't seem to be in the contents of the emails or in the data, but in the fact that the Climate Research Unit restricted access to the climate data to those it deemed "bona fide researchers." Maybe some of the accusations the unit faced could've been avoided had the data been more freely shared in the first place. [New Scientist]

Photo by coda

Update: Apparently Time Warner has put a "temporary patch" into place while they figure out a permanent solution. [Wired]

"They can't seem to secure my account," Mitnick told The Register. "And then instead of doing something about it, they try to kill the messenger and want to boot me off their network when all I want them to do is to secure my account so no one gets access to my phone records."

Mitnick said the cellular account has been repeatedly breached over the years, despite a wide range of countermeasures he's followed to prevent the attacks. In recent years, he's committed the password to memory and has deliberately not shared it with anyone or kept it stored on a computer. ...

"There are so many ways into these networks," he said. "They have to take some responsibility, not just silence the people that are filing complaints."

An AT&T spokeswoman didn't immediately have a comment. She said she would have to check whether customer passwords are encrypted when stored on AT&T servers.

Oh, how comforting! Nice to know security is AT&T's top priority.

Update: And here's AT&T's response:

We investigated Mr. Mitnick's claims and determined they were without any foundation. We refused Mr. Mitnick's demands for money, but did offer to let him out of his contractual obligations so that he could find a carrier that he would be comfortable with.

We require that any systems containing sensitive information regarding passwords encrypt the data. In addition, we send reminders to our customers explaining the importance of using complex, hard to guess passwords and changing them frequently.

Good to know about encrypted passwords, but what's this about demands for money? They didn't even really address the main issue here. [The Register via Boing Boing Gadgets]

The flaw involves invisible SMS bursts that allow hackers to gain total control over your phone. The two dudes who discovered it plan on unveiling it at the Black Hat conference on Thursday. They say they told Apple about it a month ago, but nothing's been done.

So how do you prevent your phone from being hijacked? Well, if you get a text containing only a single square character, turn your phone off. Fast.

Hey Apple, wanna fix this please? That'd be great. Thanks. [Forbes]

The technique is a form of keylogging, which is nothing new, but in an interesting twist hackers have figured out a non-traditional way to replicate the process using nothing but the electric signals created with each keystroke. Oh, and even if you aren't plugged into a socket, they they can still log keystrokes remotely using a laser.

Called the "power-line exploit," the two-part technique is outlined in a Network World article ominously headlined "How to use electrical outlets and cheap lasers to steal data," and will be but one of several nefarious data-stealing methods on display at Black Hat USA 2009 in Las Vegas later this month.

Network World explains:

In the power-line exploit, the attacker grabs the keyboard signals that are generated by hitting keys. Because the data wire within the keyboard cable is unshielded, the signals leak into the ground wire in the cable, and from there into the ground wire of the electrical system feeding the computer. Bit streams generated by the keyboards that indicate what keys have been struck create voltage fluctuations in the grounds.

[If the laptop is unplugged], attackers point a cheap laser, slightly better than what is used in laser pointers, at a shiny part of a laptop or even an object on the table with the laptop. A receiver is aligned to capture the reflected light beam and the modulations that are caused by the vibrations resulting from striking the keys.

Which is precisely why I blog and work in a Faraday cage. In my underwear with stains on my shirt, naturally, as Best Buy revealed earlier. [Network World via CrunchGear]

Moss, also known as Dark Tangent, founded both the DefCon and Black Hat hacker conferences in addition to legit security work—most notably at Ernst and Young, one of those giant corporations that provides auditors, attorneys, brokers, designers, and lots more to other companies. He's a sort of godfather of hackers, a pioneer who uses his underground skills in mostly above-ground ways.

As the Obama administration has been placing a heavier focus on cybersecurity, it's an extremely smart move to ask one of the world's foremost professional hackers to assist on the Department of Homeland Security Advisory Council. He's got enough expertise to really be able to offer some help, but he's also not a dangerous hacker—one analyst called him "as corporate as hiring someone out of Microsoft," meaning that for the hacking world, Moss is hardly a loose cannon. But that's exactly why it's also a smart political choice. Picking a hacker seems like an edgy choice, but Moss is a guy who's worked for Fortune 500 companies, not someone who's working in his basement to bring down the power grid.

We're looking forward to seeing cybersecurity finally advance, and this kind of guy is just what we need to get ourselves back on track. [CNET]

The target of the attack seems to have been the trove of social security numbers, around 97,000 of which were stolen. SSNs can be used to access bank accounts, open credit cards, and even have new driver's licenses printed. The original hacking took place a month ago, from around April 6th to the 9th, and the university was only able to make their students (and former students; the accessed files go back to 1999) aware of the infiltration on the 21st.

FBI and other police have been notified and are investigating the crime, but we're not aware of any leads. The break-in was only discovered thanks to a sort of "signature" left by one of the hackers, so they may be too sneaky to have left a trail that can be followed. Let's hope they're dumber than they appear. The school has set up a site (here) to update the public with more information as it comes in. [AP]

At the moment, cybersecurity is incredibly important (Obama compared it to nuclear and biological weapons in terms of its danger to national security) and, from the looks of it, incredibly badly managed. To start with, the Department of Homeland Security is officially in charge of cybersecurity, except when they aren't. For example, the National Security Agency has been exerting more power and controlling more and more of the cybersecurity efforts, and the Department of Defense sometimes either manages it themselves or contracts it out to private companies.

Some of these private companies aren't so great at it, which is how the last breach happened: A firm in Turkey and one other unnamed ally nation screwed up and allowed the maybe-Chinese-maybe-not hackers to copy terabytes of data on the $300 billion fighter jet project. That's not even getting into the myriad other organizations that run their own separate cybersecurity, from the Air Force to the CIA.

Defense Secretary Robert Gates plans to announce the creation of a Cyber Command to orchestrate all of these separate entities and impose some kind of order and standards on the whole bureaucratic mess. The Cyber Command (we will never get tired of typing that) will be under the umbrella of the Department of Homeland Security, and Homeland Security will probably receive a lot of extra funding for the additional unit.

Likely to head the Cyber Command is current NSA director Gen. Keith Alexander, who recently spoke at a cybersecurity conference promoting a sort of team strategy wherein the NSA would handle certain aspects and Homeland Security certain others.

We know military reorganization isn't as sexy as HACKERS HACK FIGHTER JET (WITH HACKING!) stories, but this kind of work will hopefully get our cybersecurity up to speed so we don't have to worry about the safety of our secret awesome fighter jets. [Wall Street Journal, CNET]

Much of this country's geography is remote, and beyond the reach of cellphone coverage, making American satellites an ideal, if illegal, communications option. The problem goes back more than a decade, to the mid-1990s, when Brazilian radio technicians discovered they could jump on the UHF frequencies dedicated to satellites in the Navy's Fleet Satellite Communication system, or FLTSATCOM. They've been at it ever since.

In fact, everyone from truck drivers to drug dealers to soccer fans have hijacked the system to increase the range of their communications or coordinate operations. Because the practice is so widespread, eradicating it on the ground is probably not going to have a major impact. However, it does illustrate the woeful obsolescence of military satellite technology. [Wired]

Basically, when you type your PIN into an ATM, the PIN is encrypted by the bank, only to be decrypted by your own bank, who (hopefully) approves the transaction. That leaves two ways for these thieves to get access to swathes of PINs. First, they can install malware to copy the PINs in the brief time they're decrypted, while they're sitting in a bank's memory cache waiting to be authorized. Banks typically rely on anti-virus software to catch this kind of attack, and resourceful hackers have taken advantage of this inattention. The second way involves a piece of software that tricks the bank's security software into providing the decryption key for the PINs.

This kind of thievery isn't a huge problem yet, but experts are concerned that it may become more prevalent, and the solution may require a fairly extensive overhaul of these security systems. That kind of upgrade costs a lot of money, and we all know that banks are sort of not doing that well these days. Check out the full read, it's a little bit scary and pretty interesting. [Wired]

A senior intelligence official told the Journal that "The Chinese have attempted to map our infrastructure, such as the electrical grid," along with the Russians. What's scary is that it's not just a few isolated points, but it's happening all across the whole country. Oh, and that the utility companies actually running the grid had absolutely no idea.

The reason US intelligence—who detected the intrusions and informed the utility companies—suspects the Commies is because the attacks are so sophisticated. They left behind backdoor software designed to muck up the works that "f we go to war with them, they will try to turn them on." And if you've seen Live Free or Die Hard, you know what happens when hackers go after our infrastructure. People die, Justin Long cries and cars run into helicopters. It's absolute chaos. I pray to god when that day comes, Bruce Willis is not sipping cocktails on a beach earning 20 percent Alan Rickman. [WSJ]

OK, Joel Johnson's comment on this video was funnier than mine.

Every time I hit "Save" in Movable Type I pause and mouth "Bingo".

It's true, too, though I've seen him jazz it up with a squinted blow to his finger guns.

UPDATE: For whatever reason, Current video doesn't like our site. So either check out the clip HERE or over at bbGadgets. Your call. [via bbGadgets]

The scariest thing about the Conficker worm is that literally millions of infected Windows PCs could be linked together to do its bidding. The second scariest thing is that no one really knows what its creator is going to do with this virtual army on April 1, when it's scheduled to contact a server for instructions. It's so bad, Microsoft has a running $250,000 bounty for the author, dead or alive. (Well, they probably want him alive, but they hate his guts.)

The New York Times' John Markoff rounded up some of the more ingeniously evil possibilities in a compelling article, the most sinister being a "Dark Google," postulated by University of California at San Diego researcher Stefan Savage, that would let bad people scour zombie machines all around the world for data to sell to other bad people.

But let's back up a bit. Conficker—whose weird name is a combination of "configuration" and a slightly more polite word for f***er, according to Urban Dictionary—actually began life as a lowly, "not very successful" worm in November, says Vincent Weafer, VP at Symantec Security Response. Weafer told us it exploited a Microsoft remote server vulnerability that had already been announced and patched the previous month, so the only systems that were vulnerable were the ones that weren't up to date.

The B release, pushed in December, on the other hand, was "wildly successful," says Weafer, infecting millions of unpatched computers because it's an aggressive little bastard—the first worm in years on a scale like Blaster. It has built-in p2p capabilities, and brute forces its way into open shared folders or printers, so it can crawl an office network quickly. It also piggybacks onto USB flash and hard drives. On top of all that, it's designed to be incredibly resilient, killing security software, disabling Windows Update, and digging down deep.

The C release came out this past month. It doesn't go after new machines—it's actually a payload for computers already infected with B. It transformed Conficker from a sneezing pandemic into a seriously nasty plague. With C, its p2p powers are extended further, with digital code-signing, so it only accepts trusted code updates from itself. That means security experts can't simply inject code to neutralize it. The patch also made Conficker better at killing security software. And it expanded the scope of the domains it tries to contact for instructions from 250 to 50,000, completely neutralizing security experts' previous tactic of seizing the domains. There's effectively no way to the cut the head off of this demon snake. The stage is set: On April 1, Conficker will reach out for the millions-strong zombienet's next set of instructions.

So what will happen? Well, no one knows for sure. Conficker's creator can do whatever he wants with his army. Launch massive denial-of-service attacks, setup the "Dark Google" syndicate, target millions of new machines, or generate a tidal wave of spam that'll crash against servers all over the world.

Most likely though, Weafer told us, Conficker's creator is motivated by money—they'll rent it out. And if Conficker's used as a massive doomsday tool, they'll "quickly lose the ability to make money" with it. A low key operation harnessing the power of computers that are mainly located in developing nations may not have a big impact, though it would certainly set a terrible precedent: Whatever Conficker's results, they will lead others to develop this idea in frightening new directions.

Conficker's innovative approach that utilizes p2p, code-signing and a distributed domain setup will very possibly serve as inspiration to other malware writers, who Weafer said "you can bet" are watching Conficker's success very closely, just as Conficker's creators have clearly learned from past malware. It's like evil open source.

That doesn't mean April 1 will be a "digital Pearl Harbor." If your machine is patched and up to date, the Microsoft Report's Ed Bott tells us, you'll probably be totally fine. And yes, you can get rid of it if you happen to be infected. There is an outside chance Conficker could turn into a massive parallel computer that borders on self-aware, come April 1, but more than likely, the day will come and go without you noticing anything weird, just some extra spam in your box for some V@ltr3xxx.

Still something you still wanna know? Send any questions about worms, V14GRA, or Jason Chen's pants to tips@gizmodo.com, with "Giz Explains" in the subject line.

According to the blog of Outdustry—a music industry consultancy firm in China—the market is getting inundated with this pirate cards, with prices falling quickly. You can find $200 iTunes Music cards in Taobao for as low as $10, and the blog is reporting prices of $2.60.

Nobody knows what this means for Apple yet. For sure, a change of the formula that generates the vouchers looks like a definitive possibility, but that won't solve the situation of legal cards already in the market. [Outdustry and Taobao via MusicAlly]

The following is a retelling of an excellent—but far less judgmental—BBC News story:

Step 1: Two Belgian hackers show up at the Sumitomo Mitsui bank reception desk in London on Sept. 16, 2006, and asked for the bank's security chief, a Mr. O'Donoghue. ERROR: They were caught on closed-circuit camera, not just talking to but joking around with O'Donoghue, who even showed the two to a freakin' secure terminal.

Step 2: The so-called hackers used a USB key to log keystrokes on that terminal, and returned to retrieve the keystrokes—usernames and passwords of employees—themselves. ERROR: They had to return in person. O'Donoghue decided to cover the Belgians' tracks by cutting wires to CCTV cams, and even "enquired about creating extra access badges."

Step 3: On Friday, Oct. 1, they showed up and used the logins to attempt 10 cash transfers to accounts in Spain, Dubai, Hong Kong, Turkey and Israel. ERROR: They never actually learned how to fill out transfer forms, so the transfers didn't go through. (Also, they chose countries that sounded like Bond film locations, and they chose a target—Nomura Holdings—that sounded like the company Hans Gruber tried to rob in Die Hard.)

Step 4: Having failed, they went back again on Saturday. ERROR: They went back again on Saturday.

Step 5: On Monday, when the bank managers noticed around $320 million in failed bank transfers, they alerted authorities, who quickly zeroed in on, you guessed it, Security Chief O'Donoghue. ERROR: O'Donoghue should never have come back to work. Also, $320 million? Didn't they know about rounding up pennies?

Although the case against O'Donoghue and the Belgians seems open and shut, there's a lot more to this tale, including a dapper "self-styled lord of the manor" named Hugh Rodley, a money-laundering porn-shop owner named David Nash and a mysterious Swedish dame by the name of Inger Britt Marie Malmros. I am not making any of this up.

Please go to the BBC and read more—there's even a video. [BBC News]

The software itself is disguised as a "toolbar" that car owners would need to download in order to see their crime and atone. But it's actually another trojan horse virus, one that installs endless popup windows and fake "antivirus" software and all that other garbage. It would be clever if it weren't so horribly, horribly mean. But as this technique is being used in something called Grand Forks, North Dakota, couldn't the punks be caught? After all, somebody's gotta be running around slapping fake tickets on random windshields, and how many people could there really be in Grand Forks? Eight? Nine? [Jalopnik]

The attack has been lamely dubbed "The Curse of Silence" and it's pretty simple. Due to a glitch in the way that the S60 messaging client handles text messaging, any message from a sender with a name length of over 32 characters, and a small identifier that flags the message as "Internet Electronic Mail." This combination of otherwise rare circumstances causes the messaging client to silently stop receiving any SMSes until the device undergoes a factory reset.

The exploit is very, very easy to carry out and can damage phones running S60 versions 2.6-3.1, which covers a huge swatch of Nokia's product line. Tobias Engel and the Chaos Computer club, who found the bug, released the details to Nokia a few weeks before passing them on to the public, but as of yet there is no official fix, though our tipster says this third-party program does the trick. Check below for a list of affected phones, and have a look over at the Register for a slightly more in-depth description of the exploit. [Tobias Engel—Thanks, Pauli]

S60 3rd Edition, Feature Pack 1 (S60 3.1):
Nokia E90 Communicator
Nokia E71
Nokia E66
Nokia E51
Nokia N95 8GB
Nokia N95
Nokia N82
Nokia N81 8GB
Nokia N81
Nokia N76
Nokia 6290
Nokia 6124 classic
Nokia 6121 classic
Nokia 6120 classic
Nokia 6110 Navigator
Nokia 5700 XpressMusic

S60 3rd Edition, initial release (S60 3.0):
Nokia E70
Nokia E65
Nokia E62
Nokia E61i
Nokia E61
Nokia E60
Nokia E50
Nokia N93i
Nokia N93
Nokia N92
Nokia N91 8GB
Nokia N91
Nokia N80
Nokia N77
Nokia N73
Nokia N71
Nokia 5500
Nokia 3250

S60 2nd Edition, Feature Pack 3 (S60 2.8):
Nokia N90
Nokia N72
Nokia N70

S60 2nd Edition, Feature Pack 2 (S60 2.6):
Nokia 6682
Nokia 6681
Nokia 6680
Nokia 6630

Yes, all we have here is an annotated hour-long PowerPoint, and yes, almost all of the content is of interest only to the actual haxxors that gathered at 25C3 to watch, but for me, it's a thrill to hear these guys talk about the software that we've covered and used ourselves for so long. It's also a thrill to hear little tidbits like the 180 IP addresses inside apple that the Dev Team guys have tracked as frequent updaters of Pwnage and Quickpwn.

Up until this weekend in Berlin, most of the iPhone Dev Team had never met each other in person. And I only wish we could have gotten a quick camera pan over to the guys identified as the team members who wish to remain anonymous—in the corner, wearing "PwnApple" t-shirts, speaking Russian. [hackaday via BBG]

The first part of the plan was simple—Nicholas Lakes and Viachelav Berkovich, two Russian immigrants, hacked the low-security government-run Safersys.org, which lists approved safe trucking firms. They'd go in and replace the phone number and address of a legitimate company. Posing as that company, they would take an order to deliver a load, then subcontract the job to some other trucker.

Once the subcontractor delivered the goods, the client would pay Lakes and Berkovich directly, and they'd disappear with the cash. The poor subcontractor, the hardest-hit of the victims, would go to the legit company in search of payment. The legit company of course knew nothing about the deal.

Even though the two men ran this fraud for three years, and raked in $500,000, they should have known they'd be caught eventually. The plan was flawed in that it left too many people scratching their heads every single time. Someone sooner or later was bound to trace the phone calls and track the paper trail back to the source. [Threat Level]