Iraqi Hackers crack Military Dones

For now, insurgents have only gained access to the video feeds from drones, but it appears that using off-the-shelf hacking tools they have gained valuable intelligence about American military operations in Iraq. This highlights the fact the age of dual-use technology is not just about making better toys available to the rest of us, but also about putting sub-standard security into some of our military hardware. This needs to be rethought before any war with a "real" enemy.

Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

U.S. officials say there is no evidence that militants were able to take control of the drones or otherwise interfere with their flights. Still, the intercepts could give America's enemies battlefield advantages by removing the element of surprise from certain missions and making it easier for insurgents to determine which roads and buildings are under U.S. surveillance.

U.S. enemies in Iraq and Afghanistan have used off-the-shelf programs to intercept video feeds from Predator unmanned aircraft.
The drone intercepts mark the emergence of a shadow cyber war within the U.S.-led conflicts overseas.

Critical Internet Explorer Flaw Discovered

There are many reasons why I recommend that friends switch from Internet Explorer to an alternative browsers like Safari, Firefox, or Chrome. But the most prominent has to be the ongoing litany of security failures seen in Microsoft's flagship internet product. Consider this new vulnerability reported yesterday, which allows an attacker to run arbitrary code on the target system. (i.e. An attacker can download a program to your computer and run it.) That such a vulnerability exists is not itself noteworthy. What is unique is this blurb from the alert.

The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected.

This means the vulnerability is in every supported version of Internet Explorer including the most recent builds running on Vista. Most flaws of this type are specific to a given version, introduced by some well-meaning developer. This one was missed back since at least Exporer 5.

For your own safety, please choose an alternative browser today.

Update 3:05 PM EST: Microsoft has apparently issued a patch to address the vulnerability. I'm staying on Firefox and Chrome for a while myself. Safari on my Mac.

Word Document Gives Hackers Access to State Department

This seems amazing to me and yet it shouldn't surprise me with all of the extra features and integration with its other products that Microsoft includes in Office. Apparently, a state department employee opened up a Word document they got in e-mail and it leaked information to hackers.