InfoSec News

AT&T today announced a new practice area and portfolio of specialized services around wireless healthcare monitoring and electronic medical record data exchange.
 
Scott McNealy has kept a low profile since Oracle bought his company earlier this year, but on Wednesday the former chairman and CEO of Sun Microsystems shared some thoughts on the acquisition.
 
By default, all packets of data traveling across a local-area network (LAN) are created equal. If all of the traffic on a network is text- or file-transfer-based, the system is workable--and no one notices when a 40MB file is delayed by 50 milliseconds as more bandwidth is made available to all users and applications.
 
iOS users, long accustomed to working around the platform's notorious lack of Flash support, could be in for a breath of fresh air with the recent approval and release of the Flash-video-playing Skyfire Web Browser for iOS.
 
NetSupport Manager Gateway HTTP Protocol Information disclosure vulnerability
 
Oracle MySQL 'COM_FIELD_LIST' Command Packet Security Bypass Vulnerability
 
Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
 
Oracle MySQL 'TEMPORARY InnoDB' Tables Denial Of Service Vulnerability
 
When networking hardware failed at PayPal on Friday morning and its recovery systems lagged in responding, things got hectic at Shop By System, an online seller of computer accessories and components based in South Dakota.
 
Intel on Wednesday said it would release in the first quarter next year Core VPro processors for business desktops and laptops that incorporate a host of new security and management features.
 
Oracle has apparently raised the price of an entry-level MySQL subscription significantly.
 
Beware! Load Angry Birds (pricing varies with phone OS) onto your phone and your productivity will be shot. Your spouse or significant other will feel overlooked. Your children will cry for your attention. You, meanwhile, will be blissfully unaware of everything except an intense desire to fling cute-looking, angry birds at contented cartoony pigs who have stolen the birds' eggs and seek shelter in a variety of structures.
 
Apple has not proved that rival phone maker Nokia infringed Apple patents, the staff of the U.S. International Trade Commission said in a pre-trial memo last week.
 
Apple has released the final code to developers for iOS 4.2. The new OS version, due out later this month, brings several key features already on iPhones and iPod touches to the iPad tablet. Among them are several key enterprise management and security additions.
 
Facebook today unveiled features for mobile software for Android devices, giving users single sign-on and making it easier for them to share locations. And it again knocked down rumors it's developing a phone.
 
If you use a Web-based e-mail client like Gmail or Yahoo, you've probably encountered this hassle before: you click a mailto link on a Web page, then watch while Windows tries to open Outlook, Windows Live Mail, or some other desktop program you don't use and haven't configured. Error messages (and possibly cursing) ensue.
 
Roger Sessions, CTO of ObjectWatch and an expert in software architecture, argues that the increasing complexity of our IT systems will be our undoing. In fact, he just recently got a patent for a methodology that helps deal with complex IT systems. Network World Editor in Chief John Dix recently caught up with Sessions to get his take on the extent of the problem and possible solutions.
 
Microsoft Internet Explorer CSS Tags Remote Code Execution Vulnerability
 
Microsoft has confirmed a targeted attack against a new zero-day vulnerability in Internet Explorer.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Microsoft today warned that attackers are targeting Internet Explorer (IE) with an exploit of a critical unpatched vulnerability in all current versions of the browser.
 
OpenSSL 'EVP_VerifyFinal' Function Signature Verification Vulnerability
 
The open-source BI (business intelligence) project BIRT has surpassed 10 million downloads and one million developers, project sponsor Actuate announced on Wednesday.
 
Although online advertising is on the upswing and growing this year, AOL's revenue plunged in the third quarter, dragged down by a significant drop in its advertising business.
 
PEAR Sendmail 'From' Parameter Arbitrary Argument Injection Vulnerability
 
PEAR Sendmail 'Recipient' Parameter Arbitrary Argument Injection Vulnerability
 
GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability
 
CVE-2010-3863: Apache Shiro information disclosure vulnerability
 
Siloed certification programs, mostly dedicated to a vendor, just don't cut it anymore. CIO magazine publisher emeritus Gary Beach thinks IT execs should hold a standardized certification like other professionals.
 
CIO magazine Editor in Chief Maryfran Johnson on CIOs who mean business and the lessons they learned that helped them succeed.
 
Consumers who buy the Samsung Galaxy Tab from Verizon Wireless without a contract will pay less than European consumers for the device, but they will pay more for accessing the Internet.
 
Want to learn how to be a stand-out panelist? The best ones speak up, stand out and have fun.
 
Check out the debut of our exclusive column about the comings, goings, ups and downs of CIOs.
 
Halloween-based spam and SEO poisoning was the prime delivery method of cybercriminals pushing fake antivirus and other malware onto PC users.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The Problem
Drive-by Downloads have been a problem for a number of years now. This avenue of attack has become more popular as attackers have developed more techniques to direct visitors to their exploit websites. The three most common scenarios are: Search Engine poisoning, malicious forum posts, and malicious flash ads. These are complex, multi-step attacks that build upon each other to eventually install some sort of malware on the victim's machine. I call this series of steps the Chain of Compromise (I've also heard this described as the kill-chain.) It's our job as the defense to break that chain as early as possible. If we allow it to complete, then we have a real incident on our hands.
Countermeasures
There are a number of system countermeasures that you could use to defeat drive-by attacks. I've got an incomplete list below comparing their average cost to install, both monetarily and a vague measure of the amount of technical effort required.






Countermeasure


Cost


Tinker-Factor




Anti-Virus


Free to $80 USD


Low




Web-filter


Free to Thounsands


Medium to High




Alternative Browser


Free


Low to Medium




No-script


Free


Medium




Adblocker


Free


Low




Flashblock


Free


Low




OpenDNS


Free


Medium




Alternative Document Viewer


Free


Low to Medium




Executable Whitelist


Free to Hundreds


High




Full-proxied Environment


Hundreds to Thousands


Medium to High




IPS


Free to Thousands


Medium to High




Disable Administrator rights


Free


Low to Medium




Masqurade User-Agent


Free


Low




DEP/ASLR


Free


Low to Medium








Anti-Virus: not much to say about this, everyone has it now, and it's the countermeasure that gets the most attention by attackers. It's easily evaded with minimal effort.



Web-filter: this could be on the system itself, or injected through a web proxy. Free options include K9



Alternative Browser: something other than IE or Firefox. By moving to a less-popular browser you stepping out of the line of fire in most cases. At least is reduces your attack surface to your office/document viewers (e.g. Flash, Acrobat, etc.)



No-script: allows you to block execution of javascript on new/unknown sites.



Adblocker: typically used to avoid annoying advertisements, a bit controvertial since websites are supported by their ad revenue, but more often becoming a necessity due to poor quality-control/security-measures by ad-servers.



Flashblock: like no-script, but for flash. Allows you to run flash when you need it, and block it from unknown/unexpected sources.



OpenDNS: if you use OpenDNS for your domain name resolution, it can block requests to suspicious/malicious destinations.



Alternative Document Viewer: use an alternative PDF viewer to avoid a number of Adobe Acrobat vulnerabilities and avoid executing unnecessary code. You'll likely lose the ability to use interactive PDF forms, but you could always keep a copy of Acrobat Reader handy for the few times you need it.



Executable Whitelist: this is ideal defense against unknown code executing on your system. It's also extremely difficult to maintain over time.



Full-proxied Environment: don't let your systems have direct access to the Internet. Proxy all out-bound requests. This is extremely effective against most backdoors and infected systems reaching out to command and control servers via something other than HTTP/HTTPS (those ofen hijack the browser for this purpose and thus inherit the proxy settings.)



IPS: Either a host-based or network-based IPS system capable of blocking known exploits.



Disable Administrator Rights: is the victim account is not running as administrator some of the follow-on damage from a compromise can be limited. However, this does not prevent the compromise in most cases.



Masquerade User-Agent: some browsers and some add-ins allow you to alter the user-agent and other identifying information to thwart targeted attacks.



DEP/ASLR: Data Execution Prevention or Address Space Layout Randomization helps protect Internet Explorer from certain classes of exploits at the cost of some functionality.


Now we'll see how these countermeasures stack up against the attackers in a few scenarios.
Scenario 1: Search Engine Poisoning
In our first scenario, the attackers have set up a network of compromised websites that redirect the visitor to one of their exploit servers. The exploit server has some javascript on it that effectively scans the potential victim for the versions of the browser, java, flash, and PDF client. Based on the results of the scan and the geo-location of the victim's IP address the exploit server launches a targeted attack against any vulnerable browser, java, flash or PDF client on the system. If this attack is successful, the victims machine will download a payload from their payload server. This is exploit-as-a-service, where this criminal group offers the delivery of another criminal group's payload to a certain number of IP addresses in a certain geographical region. This is how they make their money: they build an maintain the infrastructure of redirect servers, exploit servers, and download servers, this infrastructure is then rented out to other groups. In addition to building the infrastructure, they also spend a lot of time promoting their redirect sites in common search engines.
So, in our scenario, our victim goes to their favorite search engine looking for holiday cookie recipes and in their search results are a number of links that lead to one of our attacker's redirect sites. Let's say the victim queues up a number of requests in their browser tabs.

The browser will open up a connection to one of the redirect sites, it will have a meta-refresh, or iframe, or return a 302 to direct the user to the exploit site.
The exploit-site delivers a set of javascript routines to the browser.
These routines identify version information for: the browser, java, flash and PDF reader.
The exploit server returns the exploit that is most likely to succeed.
The victim's application is exploited and commanded to pull down and execute the downloader code (either from the exploit site itself, or the downloader site)
The downloader code is executed on the system, this downloads additional payload and executes this on the victim's system.
Victim's system now needs to be re-imaged.

Use this table below to map out which countermeasures are effective at which stage in the attack. Keep in mind that the earlier you break the chain, the better it is for your environment. Compare this to the costs above and see if you can identify the best defense strategy for this scenario.
Key: - denotes no impact, Potential means that under the best conditions the countermeasure is effective, Likely means it's effective more often, and Complete is near-certain that it works.








Redirect Site


Exploit Site


Java-script Recon


Browser Exploit


Flash Exploit


PDF Exploit


Download Site


Downloader code


Secondary Payload


Command and Control Established




Anti-Virus


-


-


-


-


-


-


-


Potential


Potential


-




Web-filter


Potential


Potential


-

-

-


-


Potential


-


-


Potential




Alternative Browser


-


-


-


Likely


-


-


-


-


-


-




No-script


-


-


Complete


-


-


-

-

-


-


-




Adblocker


-


-


-


-


-


-


-


-


-


-




Flashblock


-


-


-


-


Complete


-


-


-


-


-




OpenDNS


Potential


Potential


-


-


-


-


Potential


-


-


Potential




Alternative Document Viewer


-


-


-


-


-


Potential


-


-


-


-




Executable Whitelist

-
-

-


-


-


-


-


Complete


Complete


-




Full-proxied Environment


-


-


-


-


-


-


-


-


-


Likely




IPS


-


-


Possible


Likely


Possible


Possible


-


Possible


Possible


Possible




Disable Administrator rights


-


-


-


-


-


-


-


-


-


-




Masquerade User-Agent


-


-


-


Possible


-


-


-


-


-


-




DEP/ASLR


-


-


-


Possible


-


-

-

-


-


-




Scenario 2: Malicious Forum Post
In our second scenario, our same attacker group is hosting an exploit infrastructure and getting paid to install malicious payloads. Instead of using search engine poisoning and redirect sites, they are exploiting vulnerabilities in common forum software to inject iframes into forum posts. Here our victim is reading up on solutions to a pesky automobile problem, and is search internet forums for advice. They happen upon a thread that one of the attackers has placed a malicious comment. This kicks off the series of events very similar to Scenario 1.









Forum iframe


Exploit Site


Java-script Recon


Browser Exploit


Flash Exploit


PDF Exploit


Download Site


Downloader code


Secondary Payload


Command and Control Established




Anti-Virus


-


-


-


-


-


-


-


Potential


Potential


-




Web-filter

-

Potential


-


-


-


-


Potential


-


-


Potential




Alternative Browser


-


-


-


Likely


-


-


-


-


-


-




No-script


-


-


Complete


-


-


-


-


-


-


-




Adblocker

-
-

-


-


-


-


-


-


-


-




Flashblock

-

-


-


-


Complete


-


-


-


-


-




OpenDNS

--

Potential


--


-


-


-


Potential


-


-


Potential




Alternative Document Viewer


-

-
-

-


-


Potential


-


-


-


-




Executable Whitelist


-


-


-


-


-


-


-


Complete


Complete


-




Full-proxied Environment


-


-


-


-


-


-


-


-


-


Likely




IPS


-


-


Possible


Likely


Possible


Possible


-


Possible


Possible


Possible




Disable Administrator rights


-


-


-


-


-


-


-

-

-


-




Masquerade User-Agent

-
-

-


Possible


-


-


-


-


-


-




DEP/ASLR

-
-

-


Possible


-


-


-


-


-


-




There's really not much different in this table, so an effective strategy targeting malicious search engine results is similarly effective against malicious forum posts
Scenario 3: Malicious Flash Ad
Much like the above two scenarios, but this one differs in how the victim reaches the exploit. In this case, during their lunch hour they browse over to their favorite news website. It's in your company's web-proxy whitelist because it's a trusted site. Unfortunately, that website's advertisement broker didn't detect the redirect code hidden in the flash ad, so now your victim, who didn't click on the advertisement, is silently redirected to the exploit site.









Visit Exploited News Site


View Malicious Ad


Exploit Site


Java-script Recon


Browser Exploit


Flash Exploit


PDF Exploit


Download Site


Downloader code


Secondary Payload


Command and Control Established




Anti-Virus


-


-


-


-


-


-


-


-


Potential


Potential


-




Web-filter


-


Potential


Potential


-


-


-


-


Potential


-


-


Potential




Alternative Browser


-


-


-


-


Likely


-


-


-


-


-


-




No-script


-


-


-


Complete


-


-


-


-


-


-


-




Adblocker


-


Likely


-


-


-


-


-


-


-


-


-




Flashblock


-


Complete


-


-


-


Complete


-


-


-


-


-




OpenDNS


-


Potential


Potential


-


-


-


-


Potential


-


-


Potential




Alternative Document Viewer


-


-


-


-


-


-


Potential


-


-


-


-




Executable Whitelist


-


-


-


-


-


-


-


-


Complete


Complete


-




Full-proxied Environment


-


-


-


-


-


-


-


-


-


-


Likely




IPS


-


-


-


Possible


Likely


Possible


Possible


-


Possible


Possible


Possible




Disable Administrator rights


-


-


-


-


-


-


-


-


-


-


-




Masquerade User-Agent


-


-


-


-


Possible


-


-


-


-


-


-




DEP/ASLR


-


-


-


-


Possible


-


-


-


-


-


-




Example Strategies
My parents' computer was compromised last week by Smart Engine (a FakeAV program.) They were running an up-to-date patched version of Windows 7 running Internet Explorer and anti-virus. So, they really didn't stand a chance. The default strategy of: move to firefox and install no-script wasn't a viable option because I didn't want to have late night phone-calls talking them through how to enable javascript so they could get a random website working. My option was to focus more on OpenDNS and K9 to help keep them from getting redirected to known malicious websites to begin with. Yes, they're machine is likely to get popped again but it's a bit less likely, and I don't have the certainty of increased familial tech-support calls.
If you look at the tables above, you'll note that the average user running Internet Explorer, Shockwave, and Acrobat Reader relying only on Anti-virus doesn't stand much of a chance. On the other end of the spectrum, an environment that relies only upon Executable Whitelist will certainly break the compromise chain, but very late within the event and at a likely-large cost of effort. When we give advice we often recommend, firefox since it can support addons like adblock, flashblock, and no-script. When we make such recommendations it never fails that someone will complain how their environment and circumstances are different. This is the primary motivator behind my capabilities-matrix approach. You can evaluate what countermeasures are appropriate/affordable/possible in your situation and perhaps help determine if the payoff of a countermeasure is worth the investment.
A Note About Virtualization and Sandboxing
An alternative strategy to breaking the chain of compromise is to make it a non-issue if the machine gets compromised. This is where one-use virtual sessions (or something like DeepFreeze) come into play. If you want to reimage/rebuild they system after every work session that too is a pretty good strategy of making the drive-by exploit problem go away. It's all about what works for your environment and organization.

UPDATE: to add IPS, Disable Administrator Rights, and Masquerade User-Agent countermeasures.
UPDATE: added DEP/ASLR
UPDATE: added Virtualization and Sandboxing
UPDATE: replaced none with - in tables to improve legibility. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Juha-Matti reports that an odd Shockwave vulnerability has been identified (http://secunia.com/advisories/42112/.) I call it odd because it's not the typical download crafted flash file and it executes code. The victim has to open the Shockwave settings window while having the malicious website open. It's a new hurdle, but I'm not sure that it's insurmountable.
There is currently no CVE or response from Adobe. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft has announced a vulnerability in all currently-supported versions of Internet Explorer (6 through 8) that could allow the execution of arbitrary code (advisory 2458511- http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx.) This would likely be leveraged in a drive-by-exploit scenario. They state that DEP (Data Execution Prevention) and Protected Mode are mitigating factors.
I'm still collecting more details so this will be updated as more details become available.
UPDATE: Symantec has details on the targeted attack here: http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
UPDATE2: Added MSRC Blog link.
UPDATE3: Added CVSS Base.
CVSS Base: 9.3

Exploit code: non-public, but reported to have attacks in the wild.

Workarounds: available, DEP, EMET, and CSS-override.

Patches: unavailable

IDS signatures: pending (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Oracle Cloud API will offer a set of standard interfaces for building a cloud stack
 
Tuesday was a tough day for a handful of U.S. candidates with technology backgrounds, with two former tech CEOs and the current chairman of a House of Representatives subcommittee focused on Internet policy beaten during the election.
 
Adobe Shockwave Player 'Shockwave Settings' Memory Corruption Vulnerability
 
[Onapsis Security Advisory 2010-010] Oracle Virtual Server Agent Local Privilege Escalation
 
[Onapsis Security Advisory 2010-009] Oracle Virtual Server Agent Remote Command Execution
 
[Onapsis Security Advisory 2010-008] Oracle Virtual Server Agent Arbitrary File Access
 
[ MDVSA-2010:202-1 ] krb5
 
Nicholas Negroponte, chairman of One Laptop Per Child said that the XO-3 tablet computer will debut sometime in February 2011, about 45 days later than originally planned.
 
With help from the U.S. National Science Foundation, Johns Hopkins builds a data mining supercomputer
 
digiSHOP 'id' Parameter SQL Injection Vulnerability
 
Sometimes you gotta bend the rules. And when it comes to technology, some rules are begging to get bent.
 
Two years ago almost nobody had heard of Android. Now it's nearly ubiquitous among smartphone users, and it's on track to become the most popular mobile operating system in the United States. When it comes to business use, though, Android still has some growing to do. Here's how to keep your Android phones and tablets safe from malware and hackers.
 
The U.K.'s data protection watchdog said Wednesday that Google violated the law with its Street View Wi-Fi collection program, but it is letting the company off with a warning and not imposing a fine.
 

Internal threats remain a challenge
ITWeb (blog)
He indicated that the current thinking for an information security model is one that includes a core unit, the corporate Information Security (Infosec) team ...

 
Coworkers, bosses, and hardware mishaps make for memorable IT experiences in InfoWorld's Off the Record blog
 
Developers still see it as the future, but they think it is currently overhyped and vendor-driven
 
Creative Labs announced entry-level media tablets with 7-inch and 10-inch touchscreens, with prices ranging from $249 to $319.
 
WebMatrix combines excellent all-in-one installation, gallery of templates, and coding shortcuts to speed the development, deployment of Windows-based websites
 
Apple users may want to take a look at the new Microsoft Office for Mac 2011, which boasts an improved interface and increased performance.
 
Apple users may want to take a look at the new Microsoft Office for Mac 2011, which boasts an improved interface and increased performance.
 
A startup led by people who worked with and at Microsoft on Internet Explorer will soon release an add-on that lets customers run the aged IE6 within the newer IE8 browser.
 
Google on Tuesday said it won preliminary approval to settle a class-action lawsuit related to alleged privacy violations caused by its Buzz service.
 
InfoSec News: Cops: Hacker posted stolen X-rated pics on Facebook: http://www.computerworld.com/s/article/9194500/Cops_Hacker_posted_stolen_X_rated_pics_on_Facebook
By Robert McMillan IDG News Service November 2, 2010
A 23-year-old California man was expected to appear in court Tuesday, after police say he broke into the Web mail accounts of more than 3,000 [...]
 
InfoSec News: Youth charged after cracking school board database: http://www.torontosun.com/news/canada/2010/11/02/15914046.html
By Kate Dubinski QMI Agency November 2, 2010
LONDON, Ont. — It'll take the London region's public school board more than three weeks to fix a privacy breach created in about an hour - way [...]
 
InfoSec News: Taiwan military intel officer, 'double agent' detained for espionage: http://mdn.mainichi.jp/mdnnews/international/news/20101102p2g00m0in089000c.html
Mainichi Japan November 2, 2010
TAIPEI (Kyodo) -- A Taiwanese military intelligence officer and an alleged double agent for China were in custody Tuesday as investigators [...]
 
InfoSec News: Disgraced Tour winner Landis to stand trial for hacking: http://www.bangkokpost.com/news/sports/204561/disgraced-tour-winner-landis-to-stand-trial-for-hacking
Bangkok Post 3/11/2010
American Floyd Landis, who was stripped of his victory in the 2006 Tour de France for doping, and his coach Arnie Baker have been ordered to [...]
 
InfoSec News: Hackers tap SCADA vuln search engine: http://www.theregister.co.uk/2010/11/02/scada_search_engine_warning/
By Dan Goodin in San Francisco The Register 2nd November 2010
A search engine that indexes servers and other internet devices is helping hackers to find industrial control systems that are vulnerable [...]
 

Posted by InfoSec News on Nov 02

http://www.theregister.co.uk/2010/11/02/scada_search_engine_warning/

By Dan Goodin in San Francisco
The Register
2nd November 2010

A search engine that indexes servers and other internet devices is
helping hackers to find industrial control systems that are vulnerable
to tampering, the US Computer Emergency Readiness Team has warned.

The year-old site known as Shodan makes it easy to locate
internet-facing SCADA, or supervisory control and...
 

Posted by InfoSec News on Nov 02

http://www.computerworld.com/s/article/9194500/Cops_Hacker_posted_stolen_X_rated_pics_on_Facebook

By Robert McMillan
IDG News Service
November 2, 2010

A 23-year-old California man was expected to appear in court Tuesday,
after police say he broke into the Web mail accounts of more than 3,000
women and posted sexually explicit images of many of them on Facebook.

George Samuel Bronk was arrested Friday following an investigation
involving...
 

Posted by InfoSec News on Nov 02

http://www.torontosun.com/news/canada/2010/11/02/15914046.html

By Kate Dubinski
QMI Agency
November 2, 2010

LONDON, Ont. — It'll take the London region's public school board more
than three weeks to fix a privacy breach created in about an hour - way
too long for a basic security feature, says one technology specialist.

London police criminally charged a 15-year-old self-described hacker
with breaking into the Thames Valley District...
 

Posted by InfoSec News on Nov 02

http://mdn.mainichi.jp/mdnnews/international/news/20101102p2g00m0in089000c.html

Mainichi Japan
November 2, 2010

TAIPEI (Kyodo) -- A Taiwanese military intelligence officer and an
alleged double agent for China were in custody Tuesday as investigators
probe the latest espionage scandal to hit Taiwan's defense establishment
and assess the damage to its intelligence network.

The detained officer, identified by local media as Col. Lo Chi-cheng,...
 

Posted by InfoSec News on Nov 02

http://www.bangkokpost.com/news/sports/204561/disgraced-tour-winner-landis-to-stand-trial-for-hacking

Bangkok Post
3/11/2010

American Floyd Landis, who was stripped of his victory in the 2006 Tour
de France for doping, and his coach Arnie Baker have been ordered to
stand trial in France for computer hacking.

Landis and Baker are subject to an international arrest warrant and
stand charged of "fraudulently breaking into a computer...
 


Internet Storm Center Infocon Status