The question was: Where did you meet your spouse? A fact that is readily available in the now flooded stream of Palin info on the web—they met in high school, and that's all it took to start the shitstorm. The 4chan post also further illustrates that the whole thing was done by someone well over their head:

yes I was behind a proxy, only one, if this shit ever got to the FBI I was fucked, I panicked, i still wanted the stuff out there but I didn’t know how to rapidshit all that stuff, so I posted the pass on /b/, and then promptly deleted everything, and unplugged my internet and just sat there in a comatose state

Read the complete post over at Wired, and pick up an excellent primer to making sure your email and other online accounts are as secure as possible with this great guide by our friends at Lifehacker. [Threat Level, Lifehacker]

The so-called GST posted a menacing message at cmsmon.cern.ch, the website of the Compact Muon Solenoid Experiment team, which apparently closed with: "We are 2600 - dont mess with us." (Clearly, they didn't let proper punctuation get in the way of their dastardly schemes.) Eventually they were fended off. CERN spokesman James Gillies said, "There seems to be no harm done. From what they can tell, it was someone making the point that CMS was hackable."

But even if they had broken through to the next network, it isn't clear whether they could've commenced Operation: Space-Time Rift. Says the UK Telegraph:

If they had hacked into a second computer network, they could have turned off parts of the vast detector and, said the insider, "it is hard enough to make these things work if no one is messing with it."

In related news, here's yet another nervous LHC joke. [Telegraph UK - Thanks Jason and Henry!]

The team, assembled by intelligence blogger Jeff Carr and called "Gray Goose" (ha!) includes folks with a pretty impressive collective resume that lists several big names—Microsoft, Dept. of Homeland Security, Lexis-Nexis security, among others. They will scour the network data that's already been released, as well as comb the blog presence of the shady Russian Business Network, thought to be Russia's most lethal hacker guns for hire.

Carr says: "Although our collection and analysis effort is still nascent, it has already demonstrated [that] in matters of sufficient import, collaboration can occur on both sides of the [intelligence community's] black gate." Whether this type of "investigation" borders on actual clandestine hacking itself is another matter, but as of now, Gray Goose's mission seems to be to analyze data that's already out there for more answers. Citizen's arrest! Citizen's arrest! [Danger Room]

The company has an academic paper explaining how their tags work, for those of us more programming literate. Each 64 bit challenge-response duo is random and generated on demand. Pairs are then uploaded to a main database for authentication purposes. According to Verayo, even if information is copied onto a new chip, it'll have a different challenge and response. One possible point of attack already identified—if someone breaks into the main database and harvests all existing challenge-response information, what happens then? [Verayo via Slashdot]

A Cisco fiber switch (top) handles all of the traffic on the 20 megabit internet link, and the whole thing runs behind an OpenBSD firewall. Around 40 Aruba AP-70 access points distribute the network, which are basically only radios hooked to AC power; they receive all configuration info from the main network system to prevent WAP takeovers:

The whole thing sits behind this padlocked chain fence, which is manned by a 24/7 armed security guard.

Hit up Threat Level for the full set, including a portrait of Tomoe the German Shepherd, the Goons' last line of defense. [Threat Level photos by Dave Bullock via /.]

At least, that's what the Massachusetts Bay Transportation Authority's lawsuit against the students, their professor and the university claims. They argue that the students actually ran afoul of the federal Computer Fraud and Abuse Act because one of the fare cards "constitutes a computer," and that because the MBTA works with the Department of Homeland Security, national security, yadda yadda. End result, the judge agreed and gagged the students for at least 10 days, so they couldn't give their talk (you can still check out the presentation here though). The students say that they believed the matter had been resolved before the restraining order was filed, and didn't realize that the MBTA wanted a full copy of the presentation.

The Electronic Frontier Foundation is currently repping the students, and says that the judge came to "a very, very wrong conclusion" and that the decision "has a tremendous chilling effect on sharing this sort of research. . . . And we intend to fight it with everything we've got." [Wired, WSJ, The Tech via Alley Insider]

The online attacks came on Thursday, a day before fighting began on Friday. Similar DoS attacks on Georgian government sites also struck in July, and if you've seen this video of a Russian MiG-29 shooting down a Georgian UAV, you know these countries are not the greatest of friends. But in much the same way that invading forces have traditionally targeted media outlets first, this type of pre-invasion online warfare attack is surely to become SOP—whether carried out by rogue groups like the RBN or the attacking governments themselves. Or both.

RBNexploit is announcing a conference call with Georgian president Mikheil Saakashvili later today for more details. [Ars Technica]

Gawker Media polls require Javascript; if you're viewing this in an RSS reader, click through to view in your Javascript-enabled web browser.

According to the DA and the Orange County Sheriff, Khan and fellow student Tanvir Singh committed their crimes between January and May 2008, breaking into the school on numerous times using a stolen key. The brilliant Khan also attempted to steal a teacher's password to push his grades and those of 12 other students. All of this while both were exchanging text messages discussing their activities the whole time.

Apparently, the smartymorons pushed their C, D and F grades to As and Bs, hoping that nobody would notice. However, when Khan was denied admission to the University of California, he went back to school to ask for a new transcript. It was then when all his crude plan went to hell.

Being a bad student, the school administrators noticed the new stellar grade record, starting the investigation that has ended in this court case, and Khan's potential 38-year degree in laundry systems, cooking and inter-personal communication, with a second major in shower plumbing, sponsored by California's state prison system. [CRN via The Inquirer]

You can find, fix, target, and engage an enemy. A target could be a [computer] network... or it could be physical, with a [geographical] location. But we need the capabilities, just like we have in kinetic warfare, to engage targets when necessary. It could be either a kinetic or non-kinetic effect you want to achieve. And we need the ability to provide either.

It depends on our target; it depends on our rules of engagement—are we conducting open warfare with an adversary? If that's the case, then we don't really need to be discreet about it. When we drop a JDAM [Joint DIrect Attack Munition aka "big mofo guided bomb"] and leave a big smoking hole, that's not very discreet.

If I can [locate] it and I can take it out with a kinetic attack ... and it meets the rules of engagement, then that might be the preferred method.

I can already imagine the IRC chats "Noob!? See if you can firewall this, bozo!" [Defense Tech]

The FBI op, named Cisco Raider, was a two-year-old operation that targeted illegal distributors of fake network hardware, mostly manufactured in China. With the help of their Chinese counterparts and Cisco Systems, the FBI has so far executed 39 search warrants and confiscated roughly 3,500 network components.

The FBI is still not sure whether the counterfeit goods were distributed for profit or for reasons more insidious. Though Cisco says none of the counterfeited goods contained spyware, the threat of hackers infiltrating our systems is very real.

Modern circuits have billions of parts, so it's incredibly hard to detect the tweaked bits that could help nefarious foes take over our military infrastructure. And once the cyber-terrorists take over, who're we going to call? John McClane? [New York Times]

Gawker Media polls require Javascript; if you're viewing this in an RSS reader, click through to view in your Javascript-enabled web browser.

I'm Mr T, you pantyhose suckas! [Wired]

This laptop is a good case study for any forensics group/company/individual that wants to prove how cool they are, and a live example, not canned of what a typical incident responce sitchiation [sic] would look like.

The CCC got its hands on Schauble's prints thanks to a sympathiser, who scarpered with a glass used by the minister during a panel discussion and handed it over to the hackers. Dirk Engling, a spokesman for CCC, defended the group's actions, claiming it was a warning shot, and that fingerprints "certainly [did] not [belong] in the e-Pass."

Along with Minister Schauble's fingerprint, the group also published a wish-list of other politicians whose biometric data they'd like to get their mitts on—including German Chancellor Angela Merkel, and the Prime Minister of Bavaria, Guenther Beckstein—as well as a guide on how to capture someone's fingerprints from a glass successfully.

The lawyer hired by the CCC sees it like this: "If journalists and citizens were to do what the government is doing—that is, the collection and use of biometric data—then the prosecutor would be knocking at their doors." Meanwhile, a po-faced spokeswoman for the Interior Ministry, refused to rule out legal action against the fingerprint-stealing hackers. [Heise online via Slashdot]

Monitors of the Epilepsy Foundation's board responded quickly and managed to take down all the offending posts about 12 hours after the attacks began. Though the foundation reports that nobody was killed by the prank, a handful of people were adversely effected. It's like Snow Crash with fewer katanas and more 15-year-old kids who need to be pummeled in the face. Where's Hiro when we need him?

RyAnne Fultz, a 33-year-old IT worker in Ohio, clicked on a forum post that caused her screen to suddenly be overtaken by a pattern of various colored squares flashing rapidly. The assault made her "lock up," she said.

"I don't fall over and convulse, but it hurts," she told Wired. "I was on the phone when it happened, but I couldn't move and couldn't speak."

Very circumstantial evidence points to Anonymous, the infamous hacker clan with a grudge against the Church of Scientology. But, even with my limited knowledge of the hacking world, they don't sound like the right culprit to me. Though various members of Anonymous are pricks, they're also sanctimonious pricks. I've never head of them doing anything without loudly attaching a cause to it first. [Wired]

A Russian security researcher known only as "John Wane" (sic) says that his team has developed a system that correctly identifies the images from Yahoo's CAPTCHA system 35% of the time. According to one analyst, the irony is that the image recognition used to fight off the current generation of image-embedded spam will now be used to create the next wave of spam itself.

Yahoo apparently confirmed that this was the case:

We are aware of attempts being made toward automated solutions for CAPTCHA images and continue to work on improvements as well as other defenses.

At the hacking convention DefCon, security firm Tipping Point gave a presentation outlining various SCADA vulnerabilities, and others in the know are claiming that these vulnerabilities are leading to major electronic extortion of utility companies, to the tune of hundreds of millions of dollars.

Meanwhile, the CIA is questioning whether or not SCADA is the vulnerability in question.

I'm just hoping that said hackers live next door to me, and that therefore my power is safe and sound. [forbes]

Security specialists at F-Secure have drawn up a report with three maps that create—perhaps unintentionally—a compelling narrative of the way malware reflects the changing economic situation around the globe.

Back in the day (1986 to 2003), computer viruses mainly came from developed, predominantly white regions, US, Europe and Australia, along with India. There were anomalies like the Philippines-originated "Love Bug," but by and large, it seemed computer viruses could be chalked up as a by-product of the technological success of the post-industrial world. The hackers themselves were effete, tea-sipping "hobbyists," out to perfect their skills—not steal millions.
Next came the pros from Eastern Europe, China and Brazil. For the past four or five years, it's been a full-on assault from the regions where high-level computer skills are plentiful, but legit employment opportunities like those found at Redmond, Mountain View or Cupertino are slim to none. Broadband roll-out and a border-free internet have given these guys plenty of opportunities for targeted attacks with cash money—okay, credit-card and bank-account info—as the deliberate end result.In the future, though, new e-criminals will most likely operate out of regions that seem a bit more surprising, such as Mexico and Africa. Part of the reason is that internet usage is fast increasing in those areas, while the requisite IT job growth or technological-age legal system that naturally keep the ruffians in check are not developing as fast. Pour a little political discord on top of that, and you've got one hell of a haven for hackers.

India will also see a resurgence in criminal activity, mainly because the job opportunities will never keep up with the number of people being trained with high-level computer skills, in spite of the country's rapid growth.[F-Secure]

Don't expect to see an inconvenient bulge in Al's pants (metaphorically speaking) however, as the hacking is only visible in the website's sort code, rather than in plain sight on the ex-VP's blog. It's a technique used by cyber scammers in the hope of increasing their search engine ratings.

Given his success in recent years, the last thing he needs is medication to combat impotence, depression and herpes. Seven years ago, following the debacle of the 2000 Presidential Election, perhaps, but certainly not now. [PC World]

The hackers will be set to work on Wi-Fi and Bluetooth networks that will replicate conventional corporate system setups. The goodies up for grabs by the victorious, besides unconditional respect from the entire geek community, have yet to be confirmed. We are pretty sure the incentive will be fitting, so if you got the smarts, get your ass to Bangkok. [AirRaid2 via The Raw Feed]

I can understand why Apple made the decision to make the Nike+ Sport Kit not work with the iPhone (providing a reason to buy an iPod Nano, preventing possible damage to a $399 device, differentiating products, whatever), but iPhone users still want this thing to work with their phones. After all, the phone's flash-based, relatively small and light (if you use an armband), and should work perfectly with the kit—in theory.

Is making the kit work with the iPhone possible? Can you access the 30-pin accessory port with the iPhone? If you can, is it possible to interface with this thing using the iPod nano as reference? Is this a pipe dream, or could this possibly be done?

If enough people get behind this idea, there could even be a bounty set up to reward the hacker(s) that enable this. Let's see where we can take this.

Make points out that the law could easily encompass network monitoring systems, and that since the ban, Kismac WiFi detection software has shut down. Here is the note left on Kismac's site:

With the introduction of §202c German politicians proved their complete incompetence. Law in Germany: possession of child pornography - two years imprisonment. Distribution of security software is half as bad. Even worse politicians still believe in the successful ban of digital information, obviously not reckoning globalization.
We are heading straight to a country I do not want to be living in.

However, since most GPS devices don't yet have traffic integration (the one that came with our car doesn't), this won't be a huge deal yet. But when these prankers find out how to inject messages that tell you there's a gigantic traffic jam on one freeway in order to move everyone to another—and thus clearing up traffic on the first—people will start to worry. – Jason Chen

Satellite navigation users at risk for false messages [ComputerWorld]

EM-SEC says they successfully tested the paint in their labs. Perhaps our British friends might benefit from bathing in this paint. – Louis Ramirez

Press Release [via Reg Hardware]

The only reason anyone would use this is if their computer is so far gone from Spyware or adware that they can't really fix it by themselves, and want to kill off their internet connection when they're not actively using the machine to protect from "Hackers". Otherwise, just enabling or disabling your network connection on your computer would accomplish the same effect, saving your $40 in the process. – Jason Chen

Product Page [Databreaker via Gadgets Weblog via Uber Gizmo]

Attacking a series of root servers with boatloads of denial-of-service attacks, it was the most extensive and deliberate attack on the whole of the internets in the web's history. What, you didn't notice? That's because it didn't really do anything, at least not anything that normal users noticed. You hear that, hackers? The score stands at internet: 1, greasy hackers: 0. Why don't you stick to phishing MySpace passwords and leave the rest of us alone? –Adam Frucci

Hackers attack heart of the net [BBC]

His suggestions for Zune hacking, leading to its world domination, after the jump.

Let people transform the Zune into an Xbox game controller, a TV remote control, a portable presentation device, a wireless PC hard drive or a Vista gadget emulator. Give me a wireless keyboard and a Zune version of Pocket Outlook, and I'll never buy another iPod. Build ClearType into Zune and make it the ultimate eBook reader (and sell eBooks on Zune Marketplace).

Zune: So you want to be an iPod killer [ComputerWorld]

Like one of those Go Go dancers behind a metal blast shield, Vista is coy and sexy only to those who insert 50 cents. So, if you want a unique GUI experience, please don't hack Vista—or download a version that's already been hacked. Instead, you should pony up for an iMac and BootCamp and enjoy all the animated windows you can stand.

Vista won't show fancy side to pirates [News.com]

More Prius Fun! The Secret BEEP Code Revealed & Advanced Diagnostic Readouts [Treehugger]