Russian company releases commercial iOS decryption toolset - Ars Technica

The first commercially available set of tools for cracking the encryption and passwords on iOS devices has been made available by Russian security company ElcomSoft. One part of their software is a password breaker, while another part, available only to law enforcement and forensic agencies, is able to extract numbers used to create the encryption keys for iOS data to render decrypted images of the device.

The decryption tool requires access to the device in question, but once it's in hand, a few different kinds of keys need can be scraped from it, including the unique device key (UID) and escrow keys calculated using the UID and escrow pairing records. If the device is only protected by a 4-digit passcode, the program then only needs to brute-force its way through that to get access to all of the decryptable information.

iOS was never much of a security fortress (as we've noted numerous times) and even this new tool uses a variation of a previously discovered method. Charlie Miller, of Pwn2Own fame and a principal research consultant with Accuvant, even pointed out to Ars that the Fraunhofer Institute for Secure Information Technology detailed a very similar method in a research paper they put out in February. However, their tools are not for sale.

If your phone or tablet regularly comes under scrutiny of the law, Miller adds that this commercially available toolset is fairly simple to route by using a long, complex password rather than a 4-digit code to protect your data. The ElcomSoft method comes with a password breaker, but much of its efficiency is derived from defining limits on the possible guesses, such as variations on a certain word.

While "beating it out of you" will remain the superior method of password obtainment for the average law enforcer, the password breaker could still come in handy for when you can't remember which characters in your leetspeak password were numbers, and which were letters.

Russian Security Firm Breaks iOS Encryption - Kelly Hodgkins

You know that iPhone you are holding. The one with the password and encryption. I hate to tell you, but it's been cracked.

Russian security firm Elcomsoft is behind this crack and the team over there is smart. They took a brute-force password cracker and bundled it with a decryption tool that uses established methods to crack iOS devices. The firm is now selling the toolset commercially to individuals, governments and law enforcement.

If a thief gets a hold of your iPad or encrypted iTunes backup, don't worry about it spilling all your secrets. Elcomsoft will only sell the decryption tool to official agencies like law enforcement and the system needs both your backup and the iOS device to get any sensitive information.

Yeah, the password cracker may be available to anyone with a credit card, but a thief would have to be pretty hard-core to wait for a brute-force attack to guess the right combination. That's assuming you didn't take the easy was out by using a simple passcode like 1-2-3-4. [Ars Technica]

CAIR: Realistic homeland security drills are raaaaaacist - From Michelle Malkin

CAIR is beside itself over homeland security drills in Minneapolis that used actors playing jihadists who — Allah forbid! — looked like actual jihadists.

The Star Tribune reports:

A national Muslim civil rights group is asking the head of Homeland Security to investigate the use of stereotypes after a man who appeared to be of Middle East descent was used in a recent security drill at the Minneapolis-St. Paul International Airport.

The Council on American-Islamic Relations (CAIR) on Monday renewed a request that Secretary of Homeland Security Janet Napolitano review “the use of outside trainers who offer hostile, stereotypical and grossly inaccurate information about Muslims and Islam.”

The organization has previously asked the Obama administration, the Department of Defense and Congress to provide oversight for apparent “widespread anti-Muslim bias in the training of law enforcement and security and military personnel nationwide.”

According to information released Monday by MSP airport police, the May 12 security test included a device in a shaving kit made to look like a bomb. It was a cylinder with wires connected to a wrist watch. The device was brought to a passenger security checkpoint, according to airport Police Sgt. Mark Ledbetter, one of the responding officers.

“Upon arriving [at the checkpoint],” Ledbetter wrote in his report, “TSA [Transportation Security Administration] screeners were out with a male who appeared to be Middle Eastern in descent or Indian/Pakistani.”

Yes, in the interest of social justice and pandering to Islamophobia-phobia, there must be a higher proportion of homeland security drill actors who look like Brooklyn Decker and fewer who look like Mohamed O. Muhamud and his ilk.

Flashback:

The “broad strata” of 9/11 jihadists.

Photoshop: David Lunde

Flashback: This is what CAIR wants…

The caption at Flickr (hat tip – reader KH):

From the photograher, Dean Shaddock:

This was captured as I collected my things from airport security (Detroit Metro Concourse A). I think of it as something like a Rorschach test. Is an elderly Catholic nun being frisked by a Muslim security agent the celebration of blind justice? Or is it simply an admission of absurdity?

NATO Reps Meet in Scotland to Discuss Afghanistan

NATO defense ministers and diplomats have met in Edinburgh, Scotland to discuss the future of the alliance's mission in Afghanistan. Hosted by Britain, the now familiar call for greater participation from some European states was one of the main themes. For VOA, Tom Rivers reports from London.

The Edinburgh meeting allowed the participants to take stock of the still tough and what will likely be a lengthy stay in Afghanistan.

On hand for the discussions were the defense and foreign ministers from countries with deployments in the troubled southern part of Afghanistan.

Hosting the conference was British Defense Minister Des Browne who once again said greater burden sharing would certainly be welcomed.

"Could other countries do more? Could we do with more? Yes, of course we could but the other side of the coin, of course, is that I am a politician and I am a realist and I understand you, known, the dynamics of alliances that are made up of countries of different political make-ups and governments of different types," he said. "I mean some of the governments are not there because of minority governments. They have a political will, but they do not have political process to deliver."

Britain is the largest contributor of after the United States with 7,800 troops deployed.
Among those attending the Scottish meeting, was U.S. Defense Secretary Robert Gates who believes that some in Europe have lost sight of why allied troops are there.

He wants NATO to adopt and publish a short statement spelling out clearly why forces are still there six years after the Taliban was ousted from power.

A NATO heads of government meeting will take place in April and leaders there are expected to firm up the alliance's strategy for Afghanistan.

Gates warns that gains made over the years can be lost unless a comprehensive military, economic and diplomatic package is set in motion.

Specifically, he says 3,500 trainers are needed for the Afghan police and the army needs 16 helicopters.

Over the past 18 months, Taliban insurgents have increased their attacks in the south, employing a variety of tactics including roadside and suicide bombings and kidnappings.

Source: http://www.globalsecurity.org/military/library/news/2007/12/mil-071214-voa07.htm

Two California men enter guilty pleas on terror charges

14 December 2007: Two of four men indicted in August 2005 for plotting to attack U.S. military facilities, Israeli government facilities and Jewish synagogues in the Los Angeles area pleaded guilty to terrorism charges today. Kevin JAMES, a/k/a Shakyh Shahaab MURSHID and Levar WASHINGTON, a/k/a Abdur RAHMAN appeared before a court in Santa Ana and pleaded guilty to conspiring to wage war against the United States. Both will be sentenced next year.

In a statement released by Justice Department officials, the third man, Gregory Patterson, a/k/a Bilal, was expected to enter a plea of guilty on Monday to one charge of conspiracy to commit terrorism. The fourth member of the group, Hammad SAMANA, a U.S. resident from Pakistan, was assessed as unfit to stand trial. He is currently receiving psychiatric care at a federal prison, according to the US Attorney's Office.

According to the indictment, JAMES (MURSHID) founded an Islamic terrorist group in 1997 while incarcerated at California State Prison-Sacramento, and recruited other inmates for the organization identified as Jam’iyyat Ul-Islam Is-Saheeh,, or JIS. In 2004, he recruited Levar WASHINGTON. Upon being released from prison, WASHINGTON began recruiting other co-conspirators to plot terrorist acts and commit armed robberies – the latter to fund purchases of firearms, ammunition and explosives.

Beginning sometime about December 2004, WASHINGTON, PATTERSON and SAMANA targeted and conducted Internet research on and surveillance of U.S. military facilities in the Los Angeles area as part of their plot to kill U.S. military personnel. In July 2005, Patterson and Samana allegedly used computers to research military targets in the Los Angeles area, while Samana drafted a document listing Israeli and U.S. targets in Los Angeles. In addition to the U.S. military targets, the co-conspirators specifically targeted Israeli and Jewish facilities in the Los Angeles area, including the Israeli Consulate, El Al and synagogues. They also allegedly engaged in firearms and physical training, in preparation for attacks.

Source: http://www.homelandsecurityus.com/LAfour121407

Mudslide closes Oregon Highway 30 after dam breaks

A mudslide closed U.S. Highway 30 after a cracked dam broke open above Woodson in Columbia County. Earlier Tuesday, the Oregon Department of Forestry requested that ODOT close the highway because of the potential for a slide in this area at Eilertsen Creek.

Source: http://www.dailyastorian.com/main.asp?SectionID=2&SubSectionID=398&ArticleID=47478&TM=24384.42

Work begins on Chain of Rocks levee berms

Work has started on another phase of large berms of sand and dirt designed to improve the Chain of Rocks Canal levee. The goal of the $46.4 million project is to make the levee, owned by the U.S. Army Corps of Engineers, capable of withstanding a 500-year flood. When new FEMA maps come out in March, they are expected to show that the Chain of Rocks levee system and four other metro-east levee systems do not meet the new standards for whether a levee is capable of withstanding a 100-year flood. The corps has been adding berms at the Chain of Rocks levee for the past couple of years, and at the current level of federal funding, the work is expected to continue another five years. The project also includes adding relief wells, which allow water to get out from below the levee without causing erosion, and a new water-pumping station. In the current phase of work, an 18-acre berm of sand and dirt is being built along the east side of the Chain of Rocks Canal levee, north of Interstate 270.

Source: http://www.bnd.com/news/local/story/201357.html