Eideard

British intelligence has hacked into an al-Qaeda online magazine and replaced bomb-making instructions with a recipe for cupcakes.

The cyber-warfare operation was launched by MI6 and GCHQ in an attempt to disrupt efforts by al-Qaeda in the Arabian Peninsular to recruit “lone-wolf” terrorists with a new English-language magazine…

When followers tried to download the 67-page colour magazine, instead of instructions about how to “Make a bomb in the Kitchen of your Mom” by “The AQ Chef” they were greeted with garbled computer code.

The code, which had been inserted into the original magazine by the British intelligence hackers, was actually a web page of recipes for “The Best Cupcakes in America” published by the Ellen DeGeneres chat show.

Written by Dulcy Israel and produced by Main Street Cupcakes in Hudson, Ohio, it said “the little cupcake is big again” adding: “Self-contained and satisfying, it summons memories of childhood even as it’s updated for today’s sweet-toothed hipsters.”

It included a recipe for the Mojito Cupcake – “made of white rum cake and draped in vanilla buttercream”- and the Rocky Road Cupcake – “warning: sugar rush ahead!”

Hilarious. One of the very few, very rare incidents of hacktivism worth reporting.

Ever dreamt of controlling a dot-gov or dot-edu? A hacker is selling access to dozens of military, government, and university Websites for $55-499 a piece.

Discovered by security firm Imperva, the hacker advertises varying fees, services, and proofs for cracking into .mil, .gov, and .edu sites around the world.

The priciest, access to the homepage of the U.S. Army, National Guard, and Army Forces, goes for $499 each, followed by access of university and governmental Websites. You’ll also find passes to the Italian Official Government Website for $99 or a Taiwanese educational center for $88…

Brian Krebs of Krebson Security said he saw the back-end evidence of the hacks and found them legit.

“Amid all of the media and public fascination with threats like Stuxnet and weighty terms such as “cyberwar,” it’s easy to overlook the more humdrum and persistent security threats, such as Web site vulnerabilities. But none of these distractions should excuse U.S. military leaders from making sure their Websites aren’t trivially hackable by script kiddies,” he wrote on his blog.

You wonder if the official webmanagers of all these sites even keep up-to-date with the world of patches?

Har!

Former U.S. Special Counsel Scott Bloch has been charged with criminal contempt of Congress…

Longtime POGO fans will recall that Bloch was the head of the Office of Special Counsel (OSC), an independent federal agency tasked with protecting whistleblowers from retaliation. POGO and others were highly critical of Bloch for routinely ignoring and dismissing whistleblower complaints, abusing his authority, and turning the agency’s mission on its head by retaliating against his own staff.

The charges filed today allege that Bloch withheld key information from the House Committee on Oversight and Government Reform as it was investigating Bloch’s use of a private tech company to delete files from OSC computers. Investigators suspected he was destroying evidence related to allegations that he had used his office for political purposes and retaliated against career staff. FBI agents raided his offices in May 2008, seizing computers and documents belonging to Bloch and his staff. Bloch was forced to resign from the OSC several months later…

Bloch’s other greatest hits include:

Distributing an internal newsletter in which he instructed his female employees to avoid wearing tight clothes, and advised both men and women to wear “conservative watches”;

Assembling a task force to help create the impression that the OSC was engaged in a multi-faceted investigation of the White House, as Bloch himself was under investigation;

Assigning interns to close out hundreds of whistleblower retaliation complaints; and

Ignoring federal air marshals and countless other whistleblowers who were the victims of retaliation.

Though a group of Republican Party hacks stretching back to Watergate days have already founded a “Scott Bloch Defense Fund” it appears that Bloch is going to plead guilty.

I guess even with the defense fund he couldn’t come up with a Dick Cheney-style army of lawyers.

WordPress blogs, one of the most prevalent among custom install blogs (and used by organisations including Downing Street and the Daily Telegraph) are vulnerable – and being hit – by a worm that affects any old (ie before 2.8.4) version.

As Matt Mullenweg, who has played a key part in the development and commercialisation of WordPress, points out, it’s not much fun if you get hit:

“Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts…”

And, as a widely used open source application relying on PHP, it is vulnerable to attack. The latest one uses SQL injection via the “registered user” element, and so on.

Its vulnerabilities have been noted: it’s got them.

The attacks are getting more frequent (as are the updates to close holes). At least upgrading is easier using the WordPress Automatic Upgrade plugin – it’s a lifesaver which backs up and updates your WordPress blog in place.

Once the updates have been made and blogs secured or cleaned up (which may be harder in some cases than others) then the questions will begin.

The questions generally asked – including those in this article from the Guardian – scare the hell out of beginners and the ignorant. But, whatever software you use for whatever purpose – you do your updates, automatically or otherwise. Especially those dealing with security.

I’m OK with that.

The Illinois State Senate Thursday convicted Gov. Rod R. Blagojevich on a sprawling article of impeachment that charged him with abusing his power. The vote prompted the governor’s immediate and permanent ouster and ended nearly two months of political spectacle in which he sought unsuccessfully to salvage his reputation and career here and across the country.

Overdue.