July 2008

From akeg on Flickr.

From VNUNET via Packetstorm:

H D Moore, who crafted the original DNS exploit module, said in a blog posting that an attacker managed to run the cache-poisoning attack on a server belonging to AT&T’s internet service in Austin, Texas.

As a result of the attack, servers at BreakingPoint Systems, the network security firm which employs Moore as director of security research, redirected employee machines from Google.com to a third-party site loaded with advertisements.

Apparently no real damage caused by it for them, but there must be loads of other users on AT&T’s DNS-servers.

I’m all for full disclosure but this is really affecting a lot of people. We are seeing a big increase in infected computers and the DNS flaw might be what’s behind this (but I have no concrete proof of it).

Anyhow, admins at larger ISP’s better get patching now if they haven’t started already.

Cheers,

From Niko1900 on Flickr.

You can always move to Finland, our scandinavian neighbour that does not do mass surveillance of their citizens.

From infopankki.fi:

Citizens of Nordic and EU countries

Nationals of Sweden, Norway, Denmark and Iceland (i.e. the Nordic Countries) can enter and reside in Finland without a residence permit. Also, a work permit is not required from citizens of the Nordic Countries that want to find salaried employment in Finland.

Nationals of an EU or an EEA country can reside, work, practise a profession or study in Finland for three months without any particular procedure involving authorities. You must register your rights of residency if the stay exceeds the duration of three months. See the Info Bank page on the Citizens of EU Member States for more information.

The only downside (apart from leaving your birth country ) is their extremely diffuse and hard to understand language

And also, of course, they have their share of strange political issues. Heh.

Cheers,

Excellent music and an illustration of the wide involvement all over Sweden.

Found the news over at Meadow Music (sorry, it’s in Swedish) and you can also download the song “Nytt land” (A new country) from them free of charge!

See also:
Martin Bentancourt’s MySpace page
David Silva’s MySpace page

Nice with some positive vibes for once

Before the FRA-law was being passed as fast as if it was burning through parliament, I had never engaged myself politically as actively as I have been during the last couple of months.

The same thing goes for a lot of other people. People from all political flanks. Right, Left, Green, Liberal… Everyone…

And all this cross-political-borders engagement because a Government that I helped put in majority are trying to break our constitution and violate our human rights.

I mean, their own party members are starting to turn against their leaders sitting in the government.

I wonder if they regret their actions?

Update: Sent some FRA info to BoingBoing yesterday and it got published. Wonderful! More attention to this Swedish privacy debacle!

And take Åkesson with you please!

Sten Tolgfors (Minister of Defense) and Ingvar Åkesson (Director of the Swedish National Defence Radio Establishment (FRA)) has together almost completely discredited the sitting Government (which I liked until the started pushing laws that impede human rights and our constitution).

Now Tolgfors declares in a swedish debate article that no single person is being monitored, and by doing that he unintentionally implies that they are really doing surveillance of all citizens. He also repeats the same things that has been said before and alread broken down by other debaters and bloggers. One of these things are that traffic that does not match (the secret) algorithms used by FRA will be thrown away, and once again misses the point that once their supercomputers look at the traffic the breach of privacy is complete.

At the (almost) same time Ingvar Åkesson set out to hunt down one of the bloggers that are putting up the biggest fight, Henrik Alexandersson (HAX), and reports him to the Justice chancellor for publishing secret documents. These documents shows that The Radio Defense Agency has been monitoring swedish citizens since 1996 (!!!). One of them details 103 persons (including religious and financial leaders) that was being monitored and the other one is a breif of surveillance carried out on people that had business and educational contacts within Russia.

Of course, this was not a very good move. The response from bloggers and the Swedish Pirate party was to re-publish these documents and link to them on hundreds of blogs.

This was also enough to wake another “blog-quake” here in Sweden and put even harder press on the Government.

I personally can not believe that these people are still at their current positions. In other countries revelations and lies like those that are now being revealed would force the involved to resign immediately. If not voluntarily, then by force by the Prime Minister. And about the PM, where the hell is he in this debate? Total silence.

Sweden is going from a democratic state to something like DDR in 500mph.. I wonder where (or if) this is going end.

A small sidenote to this debate is that some political parties are going to suggest (one suggested, another one being readied for submission) the following laws:

* Police DNA registration of all citizens born after 1975 (3 million people, no joke, swedish link)
* A snitch law that would make it illegal not to report seeing a crime (swedish link again), this would bring the Soviet era back but this time here.

[irony] Niceness! [/irony].

What are the Swedish politicians thinking? I haven’t got a clue. I hope they have one… or maybe not, that might make this more frightening.

From CNET:

On July 8, IOActive researcher Dan Kaminsky disclosed a flaw in the DNS but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured that it would take about 30 days for that to happen.

The 30-day mark just happened to coincide with his speaking engagement at Black Hat in Las Vegas on August 6.

But on Monday, fellow Black Hat presenter Halvar Flake attacked Kaminsky’s plea that a security flaw such as this be kept a secret. Flake then proceeded to lay out what he thought the flaw was. Turns out, he was right and laid the foundation for others to create and publicize an exploit.

Other than what was linked in that article another exploit has also been added to the Packet storm exploit archive. Both of these are Metasploit modules and HD Moore (founder of the Metasploit project) is listed as one of the exploits authors.

Cheers and happy patching!

Cory Doctorow - Photo: Bart Nagel

…by Cory Doctorow at the American Library Association conference.

Great references and points that in many ways relate to our current surveillance debate in Sweden.

View the speech as video (via Boing Boing!).

Back from the west coast (it was great, but a bit windy at times) and decided to change the design template of the site. Switched over to “Tarski” and it seems to be running fine so far.

If anyone notices anything out of order or in other ways strange, plz drop me a note!

In other news…

The FRA-law (mass-surveillance of all Swedish citizens) protesting is still going strong and those opposing the law are gaining wind:

The Local: “Liberal Party FRA-law revolt widens”
The Local: “Snoop law to be tried in European court”
The Local: “State agency ‘violated freedom of religion’”

And one that is not yet on “The Local”, Russian politicians and media are starting to have strong open critiscism as the FRA-agency has openly declared that russian traffic is the primary target. They see it as a possibility of government financed industrial espionage as almost 80% of russian internet traffic is routed through Swedish backbones.

Again, when will the (rest of) Swedish politicians start to listen?

Vacation time!

Going to the west coast for some camping.

See y’all in 1-2 weeks

The debating and protesting is still going strong in Sweden about the newly passed mass surveillance law (dubbed the “FRA-law” after the organization that will do the monitoring).

Now some of the largest privately owned telecom and IT companies are joining the critics and writes

“… The concerns outlined above have already had very real consequences for Swedish competitiveness. Sweden’s position as one of the leading knowledge and IT nations is under threat regardless of whether or not the Prime Minister believes that the law has been misunderstood.

Few dispute the need for a functioning information intelligence agency, but the damage caused by the signals intelligence law will have severe implications for Swedish industry. Why should Sweden have the most far-reaching information intelligence legislation in Europe, and possibly the world? …”

in a recent debate article.

When will the politicians start to listen? The Swedish people wants their human rights untouched!