uncompiled.com

Subject: DN: www.cryptome.org; Registrar: Network Solutions; Host: Network Solutions – Demand for Immediate Take Down – Notice of Infringing Activity – MS Ref. 304277
Date: Thu, 25 Feb 2010 12:22:59 -0500
From: “DMCA”
To: “John Young”

We would like to notify you that Microsoft has contacted us regarding www.cryptome.org. Microsoft has withdrawn their DMCA complaint. As a result www.cryptome.org has been reactivated and this matter has been closed. Please allow time for the reactivation to propagate throughout the various servers around the world.

Linda L. Larsen, Designated Agent
Network Solutions, LLC
Telephone: 703.668.5615
Facsimile: 703.668.5959
Email: dmca[at]networksolutions.com

_________

Subject: DN: www.cryptome.org; Registrar: Network Solutions; Host: Network Solutions – Demand for Immediate Take Down – Notice of Infringing Activity – MS Ref. 304277
Date: Thu, 25 Feb 2010 13:09 -0500
To: “DMCA”
From: “John Young”

Dear Ms. Larsen,

You may know we are publishing our email exchanges to help readers understand the process. Could you describe means by which Microsoft withdrew their DMCA complaint?

Regards,

John Young

__________

Subject: RE: DN: www.cryptome.org; Registrar: Network Solutions; Host: Network Solutions – Demand for Immediate Take Down – Notice of Infringing Activity – MS Ref. 304277
Date: Thu, 25 Feb 2010 13:24:52 -0500
From: “DMCA”
To: “John Young”

We received an email from Microsoft’s counsel withdrawing the complaint. Accordingly, we restored access and notified you of our action.

If you have any questions, please feel free to call me.

Linda L. Larsen, Designated Agent
Network Solutions, LLC
Telephone: 703.668.5615
Facsimile: 703.668.5959
Email: dmca[at]networksolutions.com

__________

Subject: RE: DN: www.cryptome.org; Registrar: Network Solutions; Host: Network Solutions – Demand for Immediate Take Down – Notice of Infringing Activity – MS Ref. 304277
Date: Thu, 25 Feb 2010 13:42 -0500
To: “DMCA”
From: “John Young”

Could we get a copy of the Microsoft email? For the public record.

Thanks, John

__________

Subject: DN: www.cryptome.org; Registrar: Network Solutions; Host: Network Solutions – Demand for Immediate Take Down – Notice of Infringing Activity – MS Ref. 304277
Date: Thu, 25 Feb 2010 14:09:47 -0500
From: “DMCA”
To: “John Young”

Mr. Young,

Pursuant to your request, attached please find the email correspondence containing Microsoft’s withdrawal of its “takedown request”.

Respectfully,

Linda L. Larsen, Designated Agent
Network Solutions, LLC
Telephone: 703.668.5615
Facsimile: 703.668.5959
Email: dmca[at]networksolutions.com

__________

X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: from opsmail.prod.netsol.com ([10.221.32.60]) by nsiva-exchange4.CORPIT.NSI.NET with Microsoft SMTPSVC(6.0.3790.3959); Wed, 24 Feb 2010 22:47:25 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-_=_NextPart_003_01CAB5CD.3E340480″
Received: from corpcm3 (corpcm3.mgt.netsol.com [10.221.32.102]) by opsmail.prod.netsol.com (8.12.10/8.12.10) with ESMTP id o1P3lOsM023759 for ; Wed, 24 Feb 2010 22:47:24 -0500 (EST)
Received: from [10.253.64.77] ([10.253.64.77:43581] helo=networksolutions.com) by corpcm3 (envelope-from ) (ecelerity 2.2.2.41 r(31179/31189)) with ESMTP id E2/39-15380-3C2F58B4; Wed, 24 Feb 2010 22:47:15 -0500
Received: (qmail 23471 invoked from network); 25 Feb 2010 03:45:41 -0000
Received: from dchost2.cov.com (HELO CBIEXI02DC.cov.com) (216.200.93.137) by tip2.lb.netsol.com with SMTP; 25 Feb 2010 03:45:41 -0000
Received: from cbiexm02sf.cov.com ([172.16.160.88]) by CBIEXI02DC.cov.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 24 Feb 2010 22:46:57 -0500
Content-class: urn:content-classes:message
Subject: Re: Ticket Number 1-452132847
Date: Wed, 24 Feb 2010 22:46:56 -0500
Message-ID: <54F83DC1AC2D7443AA904FFD32E2DAA40877B437[at]cbiexm02sf.cov.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Re: Ticket Number 1-452132847
Thread-Index: Acq06IFo420gHHQPThWg1v/l3yM7TAAAjYcAAABtzJAAABl6EAAAmcd6ADcZlUA=
From: “Cox, Evan”
To: “DMCA”
Cc: “internet4[at]microsoft-antipiracy.com”

Dear Ms. Larsen:

I am outside counsel to Microsoft Corporation. I am writing to confirm my telephone message left with your nighttime operator at 7:45 PST this evening to withdraw Microsoft’s takedown request with respect to the file available at http://cryptome.org/isp-spy/microsoft-spy.zip which is the subject of the correspondence below.

While Microsoft has a good faith belief that the distribution of the file that was made available at that address infringes Microsoft’s copyrights, it was not Microsoft’s intention that the takedown request result in the disablement of web acess to the entire cryptome.org website on which the file was made available.

Accordingly, on behalf of Microsoft, I am hereby withdrawing the takedown request and asking that Network Solutions restore internet access to http: cryptome.org as soon as possible.

I can be reached at 415-640-5145 if you wish to discuss this request.

Sincerely,

Evan Cox
Counsel to Microsoft Corporation

Source

Cryptome, the whistleblower site that serves as a repository for “documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance”, has been taken down on Wednesday afternoon by its hosting provider, Network Solutions, which also had the domain “legally locked”.

What it means is that domain information can’t be modified and the domain name transferred – only the registration can be renewed. This action from Network solutions was motivated by a Digital Millennium Copyright Act (DMCA) complaint filed by Microsoft against Cryptonome and its owners, regarding the publication of their Global Criminal Compliance Handbook, a document that reveals to users things that Microsoft would not like to become common knowledge.

In it you can find information about what records are retained and for how long, and what information can and will be given to law enforcement and intelligence agencies if requested by subpoena. Microsoft is not the only company whose “spy guide” has been published by Cryptome, but it’s apparently the one with the most clout.

ReadWriteWeb reports that once the complaint was filed and they requested of Paul Young, one of the owners of Cryptome, to take the document off the website, he refused. So the ISP intervened with a warning that said that if the document wasn’t removed by Thursday, they would disable the site. And so they did – one day before the imposed deadline.

In the complaint, Microsoft states as the reason for their request an infringement of copyright laws. The Electronic Frontier Foundation (EFF), the well-known international digital rights watchdog group, spoke up: “We find it troubling that copyright law is being invoked here. Microsoft doesn’t sell this manual. There’s no market for this work. It’s not a copyright issue. John’s copying of it is fair use. We don’t do this anywhere else in speech law.”

Cryptome has been active since 1996, and this is the first time that someone has succeeded in their mission to shut it down. Young has filed a counter-notification, and we probably won’t have to wait long for the next installment of this story. If Microsoft doesn’t forward a notice of litigation, Network Solutions will reactivate the Website and unlock the domain in no more than 14 business days. In the meantime, the website is temporarily available here.

If you want to read Microsoft’s “spy guide”, you can download it at Wikileaks, who has also offered to to host Cryptome on their multi-jurisdictional network-outside the US.

Source

A vulnerability in the creation of symbolic links (symlinks) in the free Samba file and printer server can be exploited to attain access to files outside of predefined paths. Attackers can even get access to the system’s root directory (/). To exploit the flaw (directory traversing), attackers first have to have an account on the Samba server that includes write access to at least one share. However, if a share is defined as writeable for guests, the hole can even be exploited remotely without such an account on the server. Under standard settings, no shares are writeable for guests.

Using the link, an attacker can access any file with their current privileges – although anonymous/guest users are limited to the “nobody” account. Because Samba runs with root rights, all data can be read out and modified if the flaw is exploited. To create a specially prepared symlink, you do need a modified SMB client – Nikolaos Rangos (Kingcope), who discovered the flaw, has published a patch – or the module published on the weekend for the Metasploit framework.

The flaw was found in the current Samba 3.4.5 release and previous versions are also affected. The Samba developers have confirmed the flaw, but an update or patch have yet to be released. As a workaround, the developers recommend changing the option wide links under [global] from yes to no (wide links = no) and rebooting the server. According to the description by the Samba team, the flaw occurs because Samba allows symlinks to be created via Unix Extensions in the SMB/CIFS protocol. They therefore plan to have wide links = no as the standard in future versions.

Source

Microsoft claims recent Internet reports about vulnerabilities in its BitLocker security technology are exaggerated. “Success comes at a price,” wrote Microsoft senior director Paul Cooke, in a blog post Monday. That price, Cooke wrote, includes “greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker,” he said.

BitLocker is a drive encryption system that Microsoft introduced in 2007 with the introduction of Windows Vista. It’s also included in some versions of the new Windows 7 operating system, which debuted in October. Security bloggers, including researchers at Germany’s Fraunhofer Institute for Secure Information Technology, in recent days have published reports that PCs and laptops protected with BitLocker could be compromised in certain circumstances.

But Cooke said those circumstances covered scenarios that were highly unlikely to occur in real life. “This research is similar to other published attacks where the computer owner leaves a computer unattended in a hotel room and anyone with access to the room could tamper with the computer,” wrote Cooke. “This sort of attack poses a relatively low risk to folks who use BitLocker in the real world,” he said. Still, Cooke reminded Windows users that BitLocker is only one element of Microsoft’s multi-tiered approach to security.

“Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution,” said Cooke. “IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology. It requires end user education and physical security also play important roles,” Cooke wrote.

Source

Microsoft late has confirmed that an unpatched vulnerability exists in Windows 7, but is downplaying the problem, saying most users would be protected from attack by blocking two ports at the firewall.

In a security advisory, Microsoft acknowledged that a bug in SMB (Server Message Block), a Microsoft-made network file- and print-sharing protocol, could be used by attackers to cripple Windows 7 and Windows Server 2008 R2 machines.

The zero-day vulnerability was first reported by Canadian researcher Laurent Gaffie last Wednesday, when he revealed the bug and posted proof-of-concept attack code to the Full Disclosure security mailing list and his blog. According to Gaffie, exploiting the flaw crashes Windows 7 and Server 2008 R2 systems so thoroughly that the only recourse is to manually power off the computers.

Source

As recently posted to Full Disclosure:

Note: This is a toolkit by Microsoft meant to be used on a thumb
drive.

There are many open source tools already available, this is just an
all-in-one set. For the curious tinkerer.

Microsoft COFEE forensic toolkit: http://cryptome.org/cofee.zip
User guide: http://cryptome.org/cofee-guide.zip

Gary McKinnon / SOLO
“People faking autism after charges should receive total immunity
from prosecution”

Source