The Fail 0verflow teams (formerly known as WiiPhonies) announced at the Chaos Communication Congress in Berlin that they have hacked the PS3 and exposed Sony’s private key. Now any game or software can be signed by the public private key and it will run on the PS3.

They first broke the loader’s Chain of Trust.

memcpy(rvk_isolated, rvk_shared,*((int*)(rvk_shared + 0xlc)))

Then they found a flaw in Sony’s signing software, as satirized in the presentation with an xkcd comic; a constant number instead of a random value was used for each signature…

int getRandomNumber()
{
	return 4; 	//chosen by fair dice roll
			//guaranteed to be random
}

I wrote about SB 1411 last summer and wondered if the Governor would sign it into law. He did, and it went into effect January 1st, 2011.

Malicious digital impersonation is now a misdemeanor with fines up to $1000 and a year in jail.

I now wonder if this law will be used to prosecute cases like Michael Largent’s, who in 2008 opened 58,000 brokerage accounts under fake identities. He ran afoul of the USA PATRIOT Act identity verification requirement for financial firms and was charged with computer fraud, wire fraud and mail fraud. He impersonated cartoon characters, so presumably it would not apply, although I am certain he still could be accused of malicious digital impersonation (pretending to be Daffy Duck for financial gain).

LARGENT used false names, addresses, driver’s license numbers, and social security numbers, including the names of known cartoon and comic book characters to open the accounts. When the deposits occurred, he would transfer the funds into his own bank accounts or onto prepaid debit cards, without the authorization or knowledge of his victims. As a result, LARGENT fraudulently obtained or attempted to obtain tens of thousands of dollars, which he used for personal expenses.

SB 1411, according to the bill’s author, seems to be targeted only at stopping harassment and defamation.

I explained last month in LOIC Exposes Attackers that the Anonymous attack tool of choice was not anonymous — it does not hide the IP address of attackers.

Now an affidavit on the Smoking Gun shows how the FBI and German Federal Criminal Police (BKA) are using logs to track down the IRC servers that initiated the attack on PayPal.

Log files showed that the commands to execute the DDoS on PayPal actually came from IP address 72.9.153.42. Below are the log entries from the server as provided by the BKA…Based on my experience and training, I know that companies providing co-location facilities do not always label or externally identify the computer servers at their facilities with their IP address. Therefore, as part of the process of identifying the computer system that I seek to search, I may be forced to check each system belonging to the target customer until I have determined that it is the computer to be searched.

I find it hard to believe that the agent would rely on an external label even if one existed on the equipment. It is even stranger to hear the absence of labels used as a reason to widen the scope of a search. The affidavit copy ends with an ominous half-sentence:

This check may involve a check of the network traffic emanating from each system or, in the worst case scenario, the

…network traffic emanating from every system in the company? Is that like a warrant to install surveillance on an apartment that includes the caveat that the entire city might have to be tapped? Where is page 6?

There was the ludicrous accusation last year by Egypt of Mossad-trained attack sharks to hurt their tourism industry. Then there was the rock accused by Lebanon of being an Israeli listening device.

Now Saudi Arabia is getting in on the action. They report, according to the Israelis, that a vulture has been detained for being Mossad spy. Like the rock in Lebanon, the Saudi proof of a nefarious plot comes from a clearly-labeled tag on the bird:

A vulture tagged by scientists at Tel Aviv University has strayed into Saudi Arabian territory, where it was promptly arrested on suspicion of being a Mossad spy, Israeli and Saudi media reported Tuesday.

The bird was found in a rural area of the country wearing a transmitter and a leg bracelet bearing the words “Tel Aviv University”, according to the reports, which surfaced first in the Israeli daily Ma’ariv.

Although these tags indicate that the bird was part of a long-term research project into migration patterns, residents and local reporters told Saudi Arabia’s Al-Weeam newspaper that the matter seemed to be a “Zionist plot.”

The vulture also flew in a strange circular pattern, indicating it possible CIA connections. One of its wings was shorter than the other, which suggests German BND training, and a slightly larger beak than normal says the French DGSE probably raised the bird.

Either the Israelis are really doing a good job of feeding neighboring states misinformation to make them “cry wolf” until they lose all credibility, or they are feeding the rest of the world misinformation about their neighbor states…or those countries are coming up with these stories all on their own and Israel is more than happy to share them.

Although I searched Saudi and Arab news sources, I found no mention at all about the vulture. Nothing on Al Jazeera (they headlined a story on “risky cuts” that led to the BP Gulf disaster). I guess you could say the only thing even close on Al Jazeera is a story about a foiled Turkey ‘hijacking’.

I did, however, find a million or so American sites repeating the Israeli story.