Romney starts fall campaign visiting storm victims

JEAN LAFITTE, La. (AP) ? Republican Mitt Romney launched the final leg of his quest for the White House by visiting storm-battered Louisiana on Friday. He drove through a town that was flooded by Hurricane Isaac in part because it's still outside the vast flooding protection system built with federal funds after Hurricane Katrina devastated New Orleans.

Just hours after accepting the presidential nomination at the Republican National Convention in Tampa, Fla., Romney swooped into this fishing community, where Isaac brought severe flooding to the area earlier in the week before being downgraded to a tropical storm.

Romney, who chatted with a handful of storm victims and shook hands with first responders, didn't have too much to say. "I'm here to learn and obviously to draw some attention to what's going on here," Romney told Republican Louisiana Gov. Bobby Jindal, who he accompanied to the Jean Lafitte town hall to meet with emergency workers. "So that people around the country know that people down here need help."

That snippet of conversation represented the bulk of Romney's public remarks in Louisiana on Friday.

His host, Jindal, is now calling on the federal government to expand the rebuilt flood protection system that prevented serious flooding in New Orleans during this week's storm. That system, built after flooding from Katrina devastated much of New Orleans, cost the Army Corps of Engineers $14.5 billion. It doesn't extend as far as Jean Lafitte, which is situated in Jefferson Parish, and has been affected by a series of hurricanes, including Katrina, Rita, Cindy and now Isaac.

"It is absolutely critical that the Corps, and certainly our delegation working them, but that the Corps and the federal government look at those other levees," Jindal said Thursday. Lafitte is included in a proposed ring levee that the state hopes to build, but there are no concrete plans to build yet.

Romney was silent on whether, as president, he would support paying for such an expansion. Romney's running mate, Wisconsin Rep. Paul Ryan, has proposed eliminating $10 billion a year in disaster spending and requiring Congress to pay for emergencies by cutting from elsewhere in the budget. That proposal was blocked by GOP leaders.

Hurricane Isaac is blamed for at least six deaths in Louisiana and Mississippi. It submerged hundreds of homes, forced thousands of others to evacuate and cut power to nearly half of Louisiana's homes and businesses.

Romney didn't speak to reporters as he toured Jean Lafitte on Friday. The Romney campaign refused to say whether he would support additional funding for the levees, saying only that the GOP nominee "recognizes the importance of disaster prevention and would seek to ensure that we have the infrastructure we need to keep all Americans safe."

Jindal did explain the issue to Romney as they climbed into the Republican nominee's SUV and began their tour.

"It (the levee system) performs well, but the areas here ? the other areas ..." Jindal said, trailing off because Romney jumped in.

"Are outside, outside that levee system," Romney said.

Romney's motorcade, including trucks equipped to drive through high water, edged gingerly down Jean Lafitte Boulevard, a main road.

Accompanied by National Guard vehicles, the caravan inched through water that at some points was a foot or more deep, submerging gas stations, flooding homes and covering front laws. Residents stood in the water and watched the motorcade pass.

Flood protection was clearly on the minds of residents. A man who waved a neon yellow sign reading "Mitt is Our Man" wondered why levees had not been able to protect the low-lying areas of this fishing community.

"It has really destroyed us," the man said to Romney after the motorcade stopped on the side of the road. "I don't know why we can't come up with something that saves all."

Up the street, a giant pink sign hung on the balcony of a flooded house. "Where is our levee protection?" it read.

Romney and Jindal spent close to an hour meeting with first responders and local officials. Romney shook hands with National Guardsmen outside the U.S. Post Office and talked with a local resident, Jodie Chiarello, 42, who lost her home in Isaac's flooding.

"He just told me to, um, there's assistance out there," Chiarello said of her conversation with Romney. "He said, go home and call 211." That's a public service number offered in many states.

Chiarello said she will likely seek some other shelter because her home was submerged in the flooding. She expressed frustration about the town's lack of flood protection.

"We live outside the levee protection that's why we get all this water because they close the floodgates up front and all they're doing is flooding us out down here," she said. "It's very frustrating, very. We go through Katrina and Rita and now we're going through Cindy, Lee and now Isaac."

Romney's last-minute visit, announced less than 12 hours after he became the Republican nominee, took him to the disaster area ahead of his Democratic rival, President Barack Obama. The president was following with his own visit to Louisiana on Monday, the White House announced.

Romney went at Jindal's invitation, his campaign said. Jindal, a Republican, told reporters Romney had been in touch several days ago to ask how he could help with storm relief and Jindal suggested Romney come down and see the damage for himself. He said he had extended an invitation to Obama as well.

"We welcome them both," Jindal said.

Jindal insisted that he would stay focused on the storm's aftermath during both men's visits.

"We're not talking politics," he said. "That's not the right time to do that. We're solely focused on the hurricane and the response."

White House spokesman Jay Carney, asked what a private citizen like Romney could accomplish by visiting a disaster area, said he wasn't sure how to answer the question but that drawing attention to the affected area was "important."

Romney spokesman Kevin Madden said Romney's visit could focus people on "the needs of the affected region, particularly the need for charitable donations and resources to aid relief efforts."

Back in Washington, Democrats seized on the trip to accuse Republicans of supporting cuts in federal disaster funding that the Gulf Coast will now need to recover from Isaac.

"It is the height of hypocrisy for Mitt Romney and Paul Ryan to make a pretense of showing sympathy for the victims of Hurricane Isaac when their policies would leave those affected by this disaster stranded and on their own," said Senate Majority Leader Harry Reid, D-Nev., in a written statement.

Louisiana Sen. Mary Landrieu said she welcomed Romney to her home state but pushed him on disaster funding.

"I hope as he witnesses recovery in action, he will reflect upon his party's approach to funding disaster response," she said. "Had the plan advocated by his running mate Congressman Paul Ryan and Congressman Eric Cantor prevailed, there would be no money readily available to provide assistance for this, or any other disaster."

__

Associated Press writers Steve Peoples in Tampa, Fla., Melinda Deslatte in Baton Rouge, La., and Cain Burdeau in New Orleans contributed to this report.

Follow Kasie Hunt on Twitter at http://www.twitter.com/kasie

Source: http://news.yahoo.com/romney-starts-fall-campaign-visiting-storm-victims-003809256--election.html

obama dog doug hutchison larry brown kevin hart thomas kinkade brewers pat summit

Huguely gets 23 years in death of Yeardley Love

Steve Helber / AP

George Huguely V is led to court for his sentencing in Charlottesville, Va., Thursday.

By Kari Huus, NBC News

A judge in Virginia imposed a 23-year prison sentence on George W. Huguely V, a former University of Virginia lacrosse player convicted in the alcohol-fueled beating death of ex-girlfriend Yeardley Love in 2010, The Associated Press reported Thursday.?

Love's body was found on May 3, 2010, face down on a bloody pillow in her apartment near the university where she was also a student and lacrosse player, Reuters reported.?

Huguely, a 24-year-old from Chevy Chase, Md., was convicted in February of second-degree murder as well as grand larceny for stealing a computer from Love?s apartment.

---

University of Virginia via AP

Yeardley Love, who died in May 2010 at the hands of her sometimes boyfriend, George Huguely V. Huguely was convicted of manslaughter in February and sentenced to 23 years in prison on Thursday.

Prosecutors said Huguely entered the apartment while Love was sleeping, kicked in her bedroom door and then slammed her head against the wall. She was?22 and about to graduate.

Huguely's defense team said there was no evidence that he intended to kill Love, of Cockeysville, Md., and suggested instead that she had suffocated on the bloody pillow.

The jury recommended a 25-year sentence for the murder and an additional one year for the theft. The defense sought a 14-year sentence, the AP reported.?

Love?s family is seeking more than $29 million in damages from the state and university officials, alleging they did not properly handle a separate incident in 2009 when Huguely attacked a lacrosse teammate while drunk, Businessweek reported.? The family has also filed a lawsuit against Huguely, the report said.

Follow Kari Huus on Facebook

More content from NBCNews.com:

Follow US News from NBCNews.com on Twitter and Facebook

?

Source: http://usnews.nbcnews.com/_news/2012/08/30/13571569-former-uva-lacrosse-player-huguely-gets-23-years-in-death-of-ex-girlfriend-yeardley-love?lite

miranda lambert reba mcentire acm awards luke bryan april fools global payments the killing

Scotiabank acquires ING Bank of Canada for $3.1 billion

TORONTO, CANADA (BNO NEWS) -- Scotiabank on Wednesday announced the purchase of ING Bank of Canada from Netherlands-based parent ING Group for $3.126 billion in cash.

The definitive agreement is expected to result in a net investment by Scotiabank of approximately $1.9 billion after deducting the excess capital currently at ING Bank of Canada.?

ING Bank of Canada has approximately $40 billion in assets, $30 billion in deposits, 1.8 million customers, and over 1,100 employees, being Canada's the 8th largest bank.?

Rick Waugh, President and CEO of Scotiabank stated that ING Bank of Canada will benefit from "the backing of a strong, stable Canadian shareholder with the additional resources to enable it to expand and grow."

"This in turn will provide our shareholders with a new source of incremental earnings beginning in year one, and a new deposit base to further diversify our funding," he added.

As part of the transaction, Scotiabank announced a public offering of 29 million common shares at $52 on a bought deal basis for gross proceeds of $1.5 billion in order to fund the acquisition.

This acquisition is subject to regulatory approvals and is expected to close at the end of the year.?

(Copyright 2012 by BNO News B.V. All rights reserved. Info: sales@bnonews.com.)

Source: http://wireupdate.com/scotiabank-acquires-ing-bank-of-canada-for-3-1-billion.html

john mccain game changer selection sunday corned beef recipe time change daylight savings rpi

The SmartPhone Who Loved Me: FinFisher Goes Mobile? ? The ...

Download PDF version

This post describes our work analyzing several samples which appear to be mobile variants of the FinFisher Toolkit, and ongoing scanning we are performing that has identified more apparent FinFisher command and control servers.

Introduction

Earlier this year, Bahraini Human Rights activists were targeted by an email campaign that delivered a sophisticated Trojan. In From Bahrain with Love: FinFisher?s Spy Kit Exposed? we characterized the malware, and suggested that it appeared to be FinSpy, part of the FinFisher commercial surveillance toolkit. Vernon Silver concurrently reported our findings in Bloomberg, providing background on the attack and the analysis, and highlighting links to FinFisher?s parent company, Gamma International.

After these initial reports, Rapid7, a Boston-based security company, produced a follow-up analysis that identified apparent FinFisher Command and Control (C&C) servers on five continents. After the release of the Rapid7 report, Gamma International representatives spoke with Bloomberg and The New York Times? Bits Blog, and denied that the servers found in 10 countries were instances of their products.

Following these analyses, we were contacted by both the security and activist communities with potentially interesting samples. From these, we identified several apparent mobile Trojans for the iOS, Android, BlackBerry, Windows Mobile and Symbian platforms. Based on our analysis, we found these tools to be consistent in functionality with claims made in the documentation for the FinSpy Mobile product, a component of the FinFisher toolkit. Several samples appear to be either demo versions or ?unpackaged? versions ready to be customized, while others appear to be samples in active use.

Promotional literature describes this product as providing:

• Recording of common communications like Voice Calls, SMS/MMS and Emails
• Live Surveillance through silent calls
• File Download (Contacts, Calendar, Pictures, Files)
• Country Tracing of Target (GPS and Cell ID)
• Full Recording of all BlackBerry Messenger communications
• Covert Communications with Headquarters

In addition to analysis of these samples, we are conducting an ongoing scan for FinFisher C&C servers, and have identified potential servers in the following countries: Bahrain, Brunei, the Czech Republic, Ethiopia, Indonesia, Mongolia, Singapore, the Netherlands, Turkmenistan, and the United Arab Emirates (UAE).

Mobile Trojans

iOS

It was developed for Arm7, built against iOS SDK 5.1 on OSX 10.7.3 and it appears that it will run on iPhone 4, 4S, iPad 1, 2, 3, and iPod touch 3, 4 on iOS 4.0 and up.

The bundle is called ?install_manager.app? and the contents of it are:

99621a7301bfd00d98c222a89900aeef ./data
1f73ebf8be52aa14d4d4546fb3242728 ./_CodeSignature/CodeResources
9273880e5baa5ac810f312f8bd29bd3f ./embedded.mobileprovision
2cbe06c89dc5a43ea0e0600ed496803e ./install_manager
23b7d7d024abb0f558420e098800bf27 ./PkgInfo
11e4821d845f369b610c31592f4316d9 ./Info.plist
ce7f5b3d4bfc7b4b0da6a06dccc515f2 ./en.lproj/InfoPlist.strings
3fa32da3b25862ba16af040be3451922 ./ResourceRules.plist

Investigation of the Mach-0 binary ?install_manager? reveals the text ?FinSpy?:

Further references to ?FinSpy? were identified in the binary:

/Users/adm/Code/development/FinSpyV2/src/iOS/CoreTarget/
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/main.m
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/zip/ioapi.c
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/zip/unzip.c
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/zip/crypt.h
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/zip/zip.c
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/zip/ZipArchive.mm
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/../../../CoreTarget/CoreTarget/GIFileOps.mm
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/../../../CoreTarget/CoreTarget/GIFileOps+Zip.m
/Users/adm/Code/development/FinSpyV2/src/iOS/Installer/install_manager/install_manager/../../../CoreTarget/CoreTarget/GIPath.mm

Additionally, it appears that a developer?s certificate belonging to Martin Muench, who is described in The New York Times as Managing Director of Gamma International GmbH and head of the FinFisher product portfolio, is used:

An ad-hoc distribution profile is present: ?testapp?:

UUID: ?E0A4FAD7-E414-4F39-9DB3-5A845D5124BC?.
Will expire on 02.04.2013.
The profile matches the bundle ID (home.install-manager).
The profile was signed by 3 certificates.
The profile may be used by one developer:
Developer Certificate ?iPhone Distribution: Martin Muench?.
This certificate was used to sign the bundle.

The code signature contains 3 certificates:

Certificate ?Apple Root CA?:
Will expire on 09.02.2035.
Your keychain contains this root certificate.
Certificate ?Apple Worldwide Developer Relations Certification Authority?:
Will expire on 14.02.2016.
Certificate ?iPhone Distribution: Martin Muench?:
Will expire on 03.04.2013.
SHA1 fingerprint: ?1F921F276754ED8441D99FB0222A096A0B6E5C65?.

The Application has been provisioned to run on the following devices, represented here by their Unique Device Identifiers (UDID):

31b4f49bc9007f98b55df555b107cba841219a21,
73b94de27cb5841ff387078c175238d6abac44b2,
0b47179108f7ad5462ed386bc59520da8bfcea86,
320184fb96154522e6a7bd86dcd0c7a9805ce7c0,
11432945ee0b84c7b72e293cbe9acef48f900628,
5a3df0593f1b39b61e3c180f34b9682429f21b4f,
b5bfa7db6a0781827241901d6b67b9d4e5d5dce8

The file is hidden using Spring Board options, and on execution the sample writes out logind.app to /System/Library/CoreServices. ?logind? exists on OSX but not normally on iOS.

It then installs: /System/Library/LaunchDaemons/com.apple.logind.plist

This creates persistence on reboot. It launches the logind process, then deletes install_manager.app.

On reboot it runs early in the boot process with ID 47:

This then drops SyncData.app. This application is signed, and the provisioning stipulates:

?Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.?

Further legal analysis would be necessary to determine whether the program violated the terms of use at the time of its creation.

This application appears to provide functionality for call logging:

/Users/adm/Code/development/FinSpyV2/src/iOS/CoreTarget/CoreTarget/MobileLoggingDataTLV.m
_OBJC_METACLASS_$_MobileLoggingDataTLV
_OBJC_CLASS_$_MobileLoggingDataTLV

Exfiltration of contacts:

/Users/adm/Code/development/FinSpyV2/src/iOS/CoreTarget/CoreTarget/GIAddressBookModule.m
/Users/adm/Library/Developer/Xcode/DerivedData/CoreTarget-gqciilooqcckafgxlngvjezpbymr/Build/Intermediates/CoreTarget.build/Release-iphoneos/SyncData.build/Objects-normal/armv7/GIAddressBookModule.o
-[XXXVIII_cI getAddresses:]
/Users/adm/Code/development/FinSpyV2/src/iOS/CoreTarget/CoreTarget/GIAddressBookModuleData.m

Target location enumeration:

@_OBJC_CLASS_$_CLLocationManager
/Users/adm/Code/development/FinSpyV2/src/iOS/CoreTarget/CoreTarget/GILocationManager.m
/Users/adm/Library/Developer/Xcode/DerivedData/CoreTarget-gqciilooqcckafgxlngvjezpbymr/Build/Intermediates/CoreTarget.build/Release-iphoneos/SyncData.build/Objects-normal/armv7/GILocationManager.o

As well as arbitrary data exfiltration, SMS interception and more.

SyncData.app exfiltrates base64 encoded data about the device (including the IMEI, IMSI etc) to a remote cellular number.

The ?logind? process attempts to talk to a remote command and control server, the configuration information for which appears to be stored in base64 encoded form in ?SyncData.app/84C.dat?.

The _CodeSignature/CodeResources file suggests that install manager drops logind.app, SyncData.app and Trampoline.app (Trampoline.app has not been examined).

org.logind.ctp.archive/logind.app/logind
org.logind.ctp.archive/SyncData.app/SyncData
org.logind.ctp.archive/trampoline.app/trampoline

Android

The Android samples identified come in the form of APKs.

2e96e343ac10f5d9ace680e456c083e4eceb108f7209aa1e849f11a239e7a682
0d798ca0b2d0ea9bad251125973d8800ad3043e51d4cc6d0d57b971a97d3af2d
72a522d0d3dcd0dc026b02ab9535e87a9f5664bc5587fd33bb4a48094bce0537

The application appears to install itself as ?Android Services?:

It requests the following permissions:

android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.WRITE_SMS
android.permission.RECEIVE_MMS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.PROCESS_OUTGOING_CALLS
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.WAKE_LOCK
android.permission.CHANGE_WIFI_STATE
android.permission.MODIFY_PHONE_STATE
android.permission.BLUETOOTH
android.permission.RECEIVE_WAP_PUSH

The first 200 files in the apk are named ?assets/Configurations/dummsX.dat?, where X is a number from 0-199. The files are 0 bytes in length. The file header entries in the compressed file are normal, but the directory header entries contain configuration information.

The code in the my.api.Extractor.getConfiguration() method opens up the APK file and searches for directory entry headers (PK\x01\x02) then copies 6 bytes from the entry starting at offset 36. These are the ?internal file attributes? and ?external file attributes? fields. The code grabs these sequences until it hits a 0 value.This creates a base64 encoded string.

The app decodes this string and stores it in a file named 84c.dat (similar to the iOS sample discussed earlier).

Here?s the output from one of the samples:

KQIAAJBb/gAhAgAAoDOEAAwAAABQE/4AAAAAABAAAABgV/4AAAAAAAAAAAAMAAAAQBX+AAAAAAAPAAAAcFj+AG1qbV9BTkQMAAAAQGGEACwBAAANAAAAkGSEAIKHhoGDJgAAAHA3gABkZW1vLWRlLmdhbW1hLWludGVybmF0aW9uYWwuZGUbAAAAcDeAAGZmLWRlbW8uYmxvZ2Rucy5vcmcMAAAAQDiAAFAAAAAMAAAAQDiAAFcEAAAMAAAAQDiAAFgEAAAVAAAAcGOEACs0OTE3MjY2NTM4MDAWAAAAcGqEACs0OTg5NTQ5OTg5OTA4DwAAAHBmhABtam1fQU5EDAAAAEBlhACmNqEPDAAAAEAh/gAoBAAADAAAAEANgAB7AAAADAAAAEBohAAAAAAADAAAAEA7gAAAAAAACgAAAJBghACtEAoAAACQYoQAwAAJAAAAsGeEAAAIAAAAkMZxAIwAAACQeYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQEAAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPQAAAJA0RQA1AAAAoDNFAAwAAABAQUUA6AMAAAwAAABAQEUALAEAAAkAAAAwQkUAAAwAAACQZIQAh4aFgQ==

The Base64 decoded hexdump is:

Note that the hostnames demo-de.gamma-international.de and ff-demo.blogdns.org are suggestive of a demo or pre-customisation version of the FinSpy Mobile tool and are similar to domains identified in our previous report.

We identified samples structurally similar to this sample that spoke to servers in the United Kingdom and the Czech Republic:

Sample: 0d798ca0b2d0ea9bad251125973d8800ad3043e51d4cc6d0d57b971a97d3af2d
Command and Control: 212.56.102.38
Country: United Kingdom
Company: PlusNet Technologies

Sample: 2e96e343ac10f5d9ace680e456c083e4eceb108f7209aa1e849f11a239e7a682
Command and Control: 80.95.253.44
Country: Czech Republic
Company: T-Systems Czech Republic

Note that the Czech sample speaks to the same command and control server previously identified by Rapid7.

Symbian

Samples for Nokia?s Symbian platform were identified:

1e7e53b0d5fabcf12cd1bed4bd9ac561a3f4f6f8a8ddc5d1f3d2f3e2e9da0116 Symbian.sisx
eee80733f9664384d6bac4d4e27304748af9ee158d3c2987af5879ef83a59da0 mysym.sisx

The first sample (?Symbian.sisx?) identifies itself as ?System Update? and appears to have been built on the 29th of May 2012, at 14:20:57 UTC.

Click to enlarge

The certificate is registered to a jd@cyanengineeringservices.com. WHOIS information indicates that www.cyanengineeringservices.com was anonymously registered (date of first registration: 07-Mar-07) with GoDaddy using Domains By Proxy. Although it includes an attractive front page that states ?Mobile Software Development? for ?Windows Mobile, iPhone, Android, Symbian and Blackberry,? all links (e.g. ?Products? ?About Us? or ?Contacts?) lead to an ?under construction? blank page.

The sample contains the following components:

Click to enlarge

The file ?c:\sys\bin\updater.exe? provides the main implant functionality. This requests the following capabilities¹:

PowerMgmt
ReadDeviceData
TrustedUI
SwEvent
NetworkServices
ReadUserData
WriteUserData
Location

Of special note is the use of TrustedUI. As mentioned in the security section of the Nokia developer notes for Symbian:

?Trusted UI dialogs are rare. They must be used only when confidentiality and security are critical: for instance for password dialogs. Normal access to the user interface and the screen does not require this.?

The second sample (?mysym.sisx?) identifies itself as ?Installation File? and appears to be signed by the ?Symbian CA I? for ?Cyan Engineering Services SAL (offshore),? unlike the previous sample, which was registered to jd@cyanengineeringservices.com.

Click to enlarge

We identified ?Cyan Engineering Services SAL (offshore)? as also listed as the registrant on the parked domain www.it-intrusion.com, (Created: 08-Dec-11, also with GoDaddy). However, it-intrusion.com does not have a protected registrant. The registrant is listed² as a company based in Beirut, Lebanon:

Cyan Engineering Services SAL (offshore)
Broadway Center, 7th Floor
Hamra Street ? Chouran 1102-2050
Beirut, Beirut 00000
Lebanon
Domain Domain Name: IT-INTRUSION.COM
Created: 08-Dec-11
Expires: 08-Dec-13
Updated: 08-Dec-11
Administrative Contact: Debs, Johnny

The registrant information for Cyan Engineering Services SAL also connects to Gamma: the name ?Johnny Debs? is associated with Gamma International: a Johnny Debs was listed as representing Gamma at the October 2011 Milpol in Paris, and the name occurs elsewhere in discussions of FinFisher.

Examination of this sample reveals the domain demo-01.gamma-international.de potentially indicating a demo or pre-customisation copy.

The phone number +60123839897 also shows up in the sample. It has a Malaysian country code.

Blackberry

The identified samples contained the following files:

rlc_channel_mode_updater.cod
rlc_channel_mode_updater-1.cod
rlc_channel_mode_updater.jad

The .cod files are signed by RIM?s RBB, RCR, and RRT keys. RBB stands for ?RIM BlackBerry Apps API,? which allows manipulation of BlackBerry apps, RCR stands for ?RIM Crypto API,? which allows access to crypto libraries, and RRT stands for ?RIM Runtime API,? which allows access to other phone functionality such as sending SMS messages.

The signature process is described in RIM?s documentation [pdf] about the Blackberry Signing Authority. First, a developer registers a public key with the Blackberry Signing Authority. In order to obtain a signed application, the developer submits a signature request (including his identity and a hash of the binary) signed with his private key to the Signing Authority. The Signing Authority verifies that the signer is authorized to make requests, and, if so, replies with a copy of the hash signed with the relevant RIM private key. The developer then appends the signature to his binary.

The .jad file contains the following hashes for the .cod files:

RIM-COD-SHA1-1: 2d 0a a2 b3 54 97 f7 35 fb 40 77 8e e1 ca 7f 8f 3e a0 aa 04
RIM-COD-SHA1: 0f 3b d8 d1 84 da 35 4e 10 94 89 c0 d6 08 70 ad 5e 7a f3 e0

The .jad file also contains a blob of base64 encoded data with the key ?RIM-COD-Config.? This data contains the URL of the command & control server, TCP ports, phone numbers to exfiltrate data to via SMS, identifiers for the Trojan and target, active modules, and various other configuration parameters.

Decoding this reveals the following servers and phone numbers:

118.xx.xx.186 ? Indonesia
+6281310xxxxx4 ? Indonesia
+49456xxxxx6 ? Germany

Upon installation, the user is presented with the following screen:

As evidenced by the above screenshot, the app is listed as:

TellCOM Systems LTD
Common Communication Update DSCH/USCH V32

Directly after installing, the application requests enhanced permissions:

The following screen pops up showing the requested permissions:

Scrolling down reveals:

After the user accepts these permissions, the sample attempts to connect to both Internet-based and SMS-based command & control servers. Another sample we analyzed appeared to write a debug log to the device?s filesystem. The following information was observed written to the log regarding communication with command & control services.

net.rmi.device.api.fsmbb.phone.PhoneInterface ? connecting to http://demo-01.gamma-international.de:1111/ping/XXXXXXXXXXXX;deviceside=true failed: net.rim.device.cldc.io.dns.DNSException: DNS error DNS error

net.rmi.device.api.fsmbb.core.com.protocol.HeartbeatProtocolSMS ? Heartbeat type 11 (1346097705922)+ core hb content: XXXXX/123456783648138/666666553648138/12e/666/0/0///

net.rmi.device.api.fsmbb.core.com.SMSCommunication ? 1346097743 Success: texting to: //+XXXXXXXXXX msg: XXXXX

net.rmi.device.api.fsmbb.core.com.protocol.HeartbeatProtocolSMS ? Heartbeat type 11 (1346097705922)+ extended hb content: XXXXX/123456783648138/XXXXX/999/420/B9700 5.0.

net.rmi.device.api.fsmbb.core.com.SMSCommunication ? 1346097743 Success: texting to: //+XXXXXXXXXX msg: XXXXX

We decompiled the Blackberry sample. We provide a high-level overview of the more interesting classes that we successfully decompiled:

net.rmi.device.api.fsmbb.config.ApnDatabase
net.rmi.device.api.fsmbb.config.ApnDatabase$APN

These appeared to contain a database comprising the following GSM APNs. The significance of this database is that it only includes a small set of countries and providers:

Germany: web.vodafone.de, internet.t-mobile
Indonesia: indosatgprs, AXIS, telkomsel, www.xlgprs.net, 3gprs
Brazil: claro.com.br, wapgprs.oi.com.br, tim.br
Mexico: wap.telcel.com

net.rmi.device.api.fsmbb.core.AppMain

This appears to do the main app installation, as well as uninstallation. Installation includes negotiating for enhanced permissions, base64-decoding the ?RIM-COD-Config? configuration, and setting up and installing the Configuration. If the configuration contains a ?removal date,? then automatic removal is scheduled for this time. Installation also involves instantiating ?listener? modules, as specified below:

net.rmi.device.api.fsmbb.core.listener.AddressBookObserver

This appears to listen for changes to the address book. It implements the net.rim.blackberry.api.pim.PIMListListener interface.

net.rmi.device.api.fsmbb.core.listener.CallObserver.*

This implements:

net.rim.blackberry.api.phone.PhoneListener
net.rim.blackberry.api.phone.phonelogs.PhoneLogListener
net.rim.device.api.system.KeyListener

This module logs and manipulates phone events, and appears to enable ?remote listening? functionality, where the FinSpy Master can silently call an infected phone to listen to conversation in its vicinity (this is referred to as a SpyCall in the code). The module has a facility to hide incoming calls by manipulating the UI, cancelling buzzer and vibration alerts, and toggling the backlight. Upon instantiation, the module calls ?*43#? to enable call waiting. If a remote listening call from the master is active, then legitimate incoming calls will trigger call waiting. The module detects these legitimate incoming calls, and places the SpyCall call on call waiting, presenting the legitimate incoming call to the user.

net.rmi.device.api.fsmbb.core.listener.EmailObserver

?

This appears to record sent and received email messages.

net.rmi.device.api.fsmbb.core.listener.MessengerObserver (Module #68)

?

This seems to record BBM messages. It appears to do this by periodically checking the path ?file:///store/home/user/im/BlackBerry Messenger/?

net.rmi.device.api.fsmbb.core.listener.SMSObserver

?

This module implements:

net.rim.blackberry.api.sms.SendListener
net.rim.blackberry.api.sms.OutboundMessageListener

Contrary to its name, OutboundMessageListener allows listening for both incoming and outgoing SMS messages. This module also checks for incoming SMS commands from the FinSpy Master. These commands can include an ?emergency configuration? update, that can include new addresses and phone numbers for the FinSpy Master.

net.rmi.device.api.fsmbb.core.listener.WAObserver (Module #82)

?

This appears to monitor WhatsApp, the popular proprietary cross-platform messaging application. It locates the WhatsApp process ID by searching for module names that contain the string ?WhatsApp.?

At some point, the module calls getForegroundProcessId to see if the WhatsApp process ID is in the foreground. If so, it seems to take a screenshot of the WhatsApp application, via Display.Screenshot. It appears that this screenshot is checked via ?.equals? to see if there is any new information on the WhatsApp screen. If there is new information, the screenshot is then JPEG encoded via JPEGEncodedImage.encode.

net.rmi.device.api.fsmbb.core.com.*

?

Appears to contain the mechanics of communication with the command & control server, including the plaintext TLV-based wire protocol.

Windows Mobile

The Windows Mobile samples we identified are:

2ccbfed8f05e6b50bc739c86ce4789030c6bc9e09c88b7c9d41cbcbde52a2455
507e6397e1f500497541b6958c483f8e8b88190407b307e997a4decd5eb0cd3a
1ff1867c1a55cf6247f1fb7f83277172c443442d174f0610a2dc062c3a873778

All the samples appeared similar, most likely belonging to the same branch release. The relevant parts of the binary are stored in five different resources:

• The first resource contains an OMA Client Provisioning XML file, which is used to store root certificates for running privileged/unprivileged code on the device. In this case it only contained some default example values shipped with Microsoft Windows Mobile SDK.
• The second resource contains the actual dropped payload which contains all the Trojan functionalities.
• The third resource contains a binary configuration file.
• The fourth and fifth resources contain two additional DLL files which are dropped along with the payload.

The main implant is dropped as ?services.exe? with the libraries dropped as mapiwinarm.dll and mswservice.dll.

The payload has the following attributes:

File size: 186640 bytes
SHA256: 4b99053bc7965262e8238de125397d95eb7aac5137696c7044c2f07b175b5e7c

This is a multi-threaded and modular engine which is able to run and coordinate a series of events providing interception and monitoring capabilities. When the application starts, a core initialization function is invoked, responsible for preparing execution and launching the main thread.

The main thread consequently runs a set of core components on multiple threads:

• Routines responsible for handling the ?heartbeat? notifications.
• Routines which control the execution of the Trojan and its components while monitoring the status of the device.
• A routine which can be used to ?wake up? the device.
• A component which handles emergency SMS communications.
• A routine that initializes the use of the Radio Interface Layer.
• A core component that manages a set of surveillance modules.

The Trojan utilises a ?Heartbeat Manager?, which is a set of functions and routines that, depending on the status of the device or monitored events, communicates notifications back to the command and control server.

These beacons are sent according the following events:

• First beacon.
• A specified time interval elapsing.
• The device has low memory.
• The device has low battery.
• The device changed physical location.
• The Trojan has recorded data available.
• The device has connected to a cellular network.
• The device has a data link available.
• The device connects to a WiFi network.
• An incoming / outgoing call starts.
• The Mobile Country Code (MCC) or Mobile Network Code (MNC) ID changed.
• The Trojan is being uninstalled.
• The SIM changes.

Notifications are sent via SMS, 3G and WiFi, according to availability. Consistent with other platforms, the windows mobile version appears to use base64 encoding for all communications.

In response to such notifications, the implant is able to receive and process commands such as:

STOP_TRACKING_CMD
START_TRACKING_CMD
RESEND_FIRST_HEARTBEAT_TCPIP_CMD
RESEND_FIRST_HEARTBEAT_SMS_CMD
REMOVE_LICENSE_INFO_CMD
KEEP_CONNECTION_ALIVE_CMD IGNORED b/c it?s an SMS answer
KEEP_CONNECTION_ALIVE_CMD
REMOVE_AT_AGENT_REQUEST_CMD
REMOVE_AT_MASTER_REQUEST_CMD
REMOVE_MAX_INFECTION_REACHED_CMD

The command and control server is defined in the configuration file found in the third resource of the dropper. In this sample, the sample connected to the domain: demo-04.gamma-international.de

This suggests that such sample is either a demo version or ?unpackaged? version ready to be customized.

Together with a DNS or IP command and control server, each sample appears to be provided with two phone numbers which are used for SMS notifications.

The core surveillance and offensive capabilities of the Trojan are implemented through the use of several different modules. These modules are initialized by a routine we called ModulesManager, which loads and launches them in separate threads:

There are multiple modules available, including:

• AddressBook: Providing exfiltration of details from contacts stored in the local address book.
• CallInterception: Used to intercept voice calls, record them and store them for later transmission.
• PhoneCallLog: Exfiltrates information on all performed, received and missed calls stored in a local log file.
• SMS: Records all incoming and outgoing SMS messages and stores them for later transmission.
• Tracking: Tracks the GPS locations of the device.

Call Interception

In order to manipulate phone calls, the Trojan makes use of the functions provided by RIL.dll, the Radio Interface Layer.

Some of the functions imported and used can be observed below:

PhoneCallLog

In order to exfiltrate call logs, the Trojan uses functions provided by the Windows Mobile Phone Library.

Using PhoneOpenCallLog() and PhoneGetCallLogEntry(), the implant is able to retrieve the following struct for each call being registered by the system:

typedef struct {
DWORD cbSize;
FILETIME ftStartTime;
FILETIME ftEndTime;
IOM iom;
BOOL fOutgoing:1;
BOOL fConnected:1;
BOOL fEnded:1;
BOOL fRoam:1;
CALLERIDTYPE cidt;
PTSTR pszNumber;
PTSTR pszName;
PTSTR pszNameType;
PTSTR pszNote;
DWORD dwLogFlags;
CEIOD iodContact;
CEPROPID pidProp;
} CALLLOGENTRY, * PCALLLOGENTRY;

This contains timestamps, numbers, names and other data associated with a call.

Tracking

The physical tracking of the device uses the GPS Intermediate Driver functions available on the Windows Mobile/CE platform:

Click to enlarge

After a successful GPSOpenDevice() call, it invokes GPSGetPosition() which gives access to a GPS_POSITION struct containing the following information:

typedef struct _GPS_POSITION {
DWORD dwVersion;
DWORD dwSize;
DWORD dwValidFields;
DWORD dwFlags;
SYSTEMTIME stUTCTime;
double dblLatitude;
double dblLongitude;
float flSpeed;
float flHeading;
double dblMagneticVariation;
float flAltitudeWRTSeaLevel;
float flAltitudeWRTEllipsoid;
GPS_FIX_QUALITY FixQuality;
GPS_FIX_TYPE FixType;
GPS_FIX_SELECTION SelectionType;
float flPositionDilutionOfPrecision;
float flHorizontalDilutionOfPrecision;
float flVerticalDilutionOfPrecision;
DWORD dwSatelliteCount;
DWORD rgdwSatellitesUsedPRNs[GPS_MAX_SATELLITES];
DWORD dwSatellitesInView;
DWORD rgdwSatellitesInViewPRNs[GPS_MAX_SATELLITES];
DWORD rgdwSatellitesInViewElevation[GPS_MAX_SATELLITES];
DWORD rgdwSatellitesInViewAzimuth[GPS_MAX_SATELLITES];
DWORD rgdwSatellitesInViewSignalToNoiseRatio[GPS_MAX_SATELLITES];
} GPS_POSITION, *PGPS_POSITION;

This provides the latitude and longitude of the current location of the device.

Command and Control Server Scanning Results

Following up on our earlier analysis, we scanned IP addresses in several countries looking for FinSpy command & control servers. At a high level, our scans probed IP addresses in each country, and attempted to perform the handshake distinctive to the FinSpy command and control protocol. If a server responded to the handshake, we marked it as a FinSpy node. We expect to release our scanning tools with a more complete description of methodology in a follow-up blog post.

Our scanning yielded two key findings. First, we have identified several more countries where FinSpy Command and Control servers were operating. Scanning has thus far revealed two servers in Brunei, one in Turkmenistan?s Ministry of Communications, two in Singapore, one in the Netherlands, a new server in Indonesia, and a new server in Bahrain.

Second, we have been able to partially replicate the conclusions of an analysis by Rapid7, which reported finding FinSpy command & control servers in ten countries: Indonesia, Australia, Qatar, Ethiopia, Czech Republic, Estonia, USA, Mongolia, Latvia, and the UAE. We were able to confirm the presence of FinSpy on all of the servers reported by Rapid7 that were still available to be scanned. We confirmed FinSpy servers in Indonesia, Ethiopia, USA, Mongolia, and the UAE. The remaining servers were down at scanning time. We also noted that the server in the USA appeared to be an IP-layer proxy (e.g., in the style of Network Address Translation)³.

Rapid7?s work exploited a temporary anomaly in FinSpy command & control servers. Researchers at Rapid7 noticed that the command & control server in Bahrain responded to HTTP requests with the string ?Hallo Steffi.? This behavior did not seem to be active on Bahrain?s server prior to the release of our analysis. Rapid7 looked at historical scanning information, and noticed that servers in ten other countries had responded to HTTP requests with ?Hallo Steffi? at various times over the previous month. While the meaning of this string and the reason for the temporary anomaly are unknown, a possible explanation is that this was a testing deployment of a server update, and the ?Hallo Steffi? message indicated successful receipt of the update. After the publication of Rapid7?s analysis, the behavior began to disappear from FinSpy servers.

Details of Observed Servers

Table 1: New Servers

Country	IP	Ports	Owner
Singapore	203.175.168.2	21, 53, 443, 4111	HostSG
Singapore	203.211.137.105	21, 53, 80, 443, 4111	Simple Solution System Pte Ltd
Bahrain	89.148.15.15	22, 53, 80, 443, 4111	Batelco
Turkmenistan	217.174.229.82	22, 53, 80, 443, 4111, 9111	Ministry of Communications
Brunei	119.160.172.187	21	Telekom Brunei
Brunei	119.160.128.219	4111, 9111	Telekom Brunei
Indonesia	112.78.143.34	22, 53, 80, 443, 9111	Biznet ISP
Netherlands	164.138.28.2	80, 1111	Tilaa VPS Hosting

Table 2: Confirmed Rapid7 Servers

Country	IP	Ports	Owner
USA	54.248.2.220	80	Amazon EC2
Indonesia	112.78.143.26	22, 25, 53, 80, 443, 4111	Biznet ISP
Ethiopia	213.55.99.74	22, 53, 80, 443, 4111, 9111	Ethio Telecom
Mongolia	202.179.31.227	53, 80, 443	Mongolia Telecom
UAE	86.97.255.50	21, 22, 53, 443, 4111	Emirates Telecommunications Corporation

It is interesting to note that the USA server on EC2 appeared to be an IP-layer proxy. This judgment was made on the basis of response time comparisons⁴.

Conclusions + Recommendations

The analysis we have provided here is a continuation of our efforts to analyze what appear to be parts of the FinFisher product portfolio. We found evidence of the functionality that was specified in the FinFisher promotional materials. The tools and company names (e.g. Cyan Engineering Services SAL) found in their certificates also suggest interesting avenues for future research.

These tools provide substantial surveillance functionality; however, we?d like to highlight that, without exploitation of the underlying platforms, all of the samples we?ve described require some form of interaction to install. As with the previously analyzed FinSpy tool this might involve some form of socially engineered e-mail or other delivery, prompting unsuspecting users to execute the program. Or, it might involve covert or coercive physical installation of the tool, or use of a user?s credentials to perform a third-party installation.

We recommend that all users run Anti-Virus software, promptly apply (legitimate) updates when they become available, use screen locks, passwords and device encryption (when available). Do not run untrusted applications and do not allow third parties access to mobile devices.

As part of our ongoing research, we have notified vendors, as well as members of the AV community.

Footnotes

¹ A list of Nokia capabilities can be found here.
²http://www.whoisentry.com/domain/it-intrusion.com
³ See Appendix A.
⁴ See Appendix A.

Appendix A

The server was serving FinSpy on port 80, and SSH on port 22. We measured the SYN/ACK RTT on both ports and compared. The results for port 80:

hping -S -p 80 54.248.2.220
HPING 54.248.2.220 (wlan0 54.248.2.220): S set, 40 headers + 0 data bytes
len=44 ip=54.248.2.220 ttl=24 DF id=0 sport=80 flags=SA seq=0 win=5840 rtt=1510.2 ms
len=44 ip=54.248.2.220 ttl=23 DF id=0 sport=80 flags=SA seq=1 win=5840 rtt=740.4 ms
len=44 ip=54.248.2.220 ttl=25 DF id=0 sport=80 flags=SA seq=2 win=5840 rtt=753.4 ms
len=44 ip=54.248.2.220 ttl=24 DF id=0 sport=80 flags=SA seq=3 win=5840 rtt=1001.6 ms

The results for port 22:

hping -S -p 22 54.248.2.220
HPING 54.248.2.220 (wlan0 54.248.2.220): S set, 40 headers + 0 data bytes
len=44 ip=54.248.2.220 ttl=49 DF id=0 sport=22 flags=SA seq=0 win=5840 rtt=125.7 ms
len=44 ip=54.248.2.220 ttl=49 DF id=0 sport=22 flags=SA seq=1 win=5840 rtt=124.3 ms
len=44 ip=54.248.2.220 ttl=49 DF id=0 sport=22 flags=SA seq=2 win=5840 rtt=123.3 ms
len=44 ip=54.248.2.220 ttl=50 DF id=0 sport=22 flags=SA seq=3 win=5840 rtt=127.2 ms

The comparison reveals that port 80 TCP traffic was likely being proxied to a different computer.

Acknowledgements

This is a Morgan Marquis-Boire and Bill Marczak production.

Windows mobile sample analysis by Claudio Guarnieri.

Additional Analysis

Thanks to Pepi Zawodsky for OSX expertise and assistance.
Thanks to Jon Larimer and Sebastian Porst for Android expertise.

Additional Thanks

Special thanks to John Scott-Railton.
Additional thanks to Marcia Hofmann and the Electronic Frontier Foundation.
Tip of the hat to John Adams for scanning advice.

About Morgan Marquis-Boire

Morgan Marquis-Boire is a Technical Advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto. He works as a Security Engineer at Google specializing in Incident Response, Forensics and Malware Analysis.

Post written by Morgan Marquis-Boire

Tagged: Bahrain, Brunei, Ethiopia, Indonesia, Mongolia, Netherlands, Singapore, Turkmenistan, UAE, US

Source: https://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile/

Stephanie Rice Meet the Pyro Karen Klein jerry sandusky Colorado fires supreme court college board

Article on health - HEALTH, BEAUTY & FITNESS

The signs and symptoms are mood shifts, irritability, lack of appetite or elevated appetite, and often insomnia. Another exciting report was the truth that males with low sperm counts were stated to possess a minimum of a 50% increase as well as reported enhanced libido. For those who cannot invest in these changes, they are able to look for medicines or any other natural way of cholesterol reduction for example taking cholesterol supplements. Today, we all know a little more about the health advantages of chia seed products, plus they could possibly be present in most nutrition stores and grocery stores. You will find also potential health problems for employees active in the repair of leaking structures, sometimes needing steps to handle these place of article work hazards. The Apollo Munich guidelines were declared because the best among various medical health insurance plans presently open to clients by Hindustan Occasions. Just like shoplifting boosts the price of products inside a store article on health setting the amount of delinquent health medical bills boosts the cost of medical costs to any or all. Getting these details along with you whenever you enter a doctor? s office arms you with inquiries to request your physician about treatment and possible undesirable unwanted effects associated with a treatment. The idea of covering sickness in insurance, apart from just accidents or sudden disabilities, started in 1866, but never was effectively passed before the year 1890. 6) Acknowledge the impact that using tobacco might have on insurance rates. It is simple to find numerous health quality recipes on the web using bok choy by simply typing it to your internet internet search engine. Private health plans can cover you if you achieve involved with a piece- place accident. Without scaremongering, you will find places on the planet where health care facilities are possibly very fundamental or hard to obtain. They are able to begin with high nicotine content, and lower the strength with time, potentially to zero nicotine content. You may also work individually on contract grounds for various organizations. Not something I? d want up to now. Subscribe article on health to swimming training at the local pool or health club if you? re just getting began. Furthermore, we? re regularly categorizing helpful plants, developing new supplement formulas and going through the suggestions to conclude the value in our health items. The standard problems connected with black mold, include: fever, frequent head aches, bad throat, flu, and respiratory system problems. Radiation Sickness Gamma sun rays will be the primary reason when individuals are afflicted by radiation sickness, reviews the Merck Online Medical Manual. Those sites of experienced agents offer all of the assets essential to request quotes from various insurance companies, do a comparison and choose the best plan. mercy Next time put forth the supermarket, rather than purchasing ground meat that? s 15 % body fat select a slimmer version. Patients can certainly access the practice? s interactive social networking sites to speak using the practice along with other patients. Prepare at 300 for 25- 25 minutes Put 1 tablespoon cheese on each going back 10 mins. To be able to completely understand what you? re registering for and to make sure that the insurance on provider is systems doing so on its obligations to pay for a specific amount towards medical costs, it? s very vital that you comprehend the terms. This really is due to why you will find some discount rates supplied by some colleges and you will obtain the advantages mercy health systems of them. Students will have the ability to merge their work knowledge about the understanding of healthcare systems disseminated within our virtual learning conditions.

Related Post Article on health

Private medical health insurance plans are more stringent than other such plans prior to being recognized, the clients undergo detailed medical check- ups. The Immediate remedies to general maladies prevent occurrences of malignant complications. Paleo Diet Hair: It Will get Worse Before It Will get Better Many doctors Some companies, for example USANA, allow you to sell their items, plus they do all of the footwork and research for you personally. Carrying Rarely will they check health care problems where it? s been made as well as what it? s made from: you realize the small All of the different individuals have their very own different needs if this involves medical health insurance plans, so obtaining the right and finest

Source: http://curryrecipe-jp.net/health-2/article-on-health-2/

whitney houston funeral judi dench alicia keys bobby brown leaves funeral donnie mcclurkin whitney houston funeral live stream kevin costner whitney houston

Security at Paralympics lighter but still tight

Workmen position a Mandeville official Paralympic mascot as preparations are made at the Olympic Park ahead of the 2012 Paralympics, Tuesday, Aug. 28, 2012, in London. The Paralympics will start with the opening ceremony on Aug. 29. (AP Photo/Kirsty Wigglesworth)

Workmen position a Mandeville official Paralympic mascot as preparations are made at the Olympic Park ahead of the 2012 Paralympics, Tuesday, Aug. 28, 2012, in London. The Paralympics will start with the opening ceremony on Aug. 29. (AP Photo/Kirsty Wigglesworth)

The Agitos, the official symbol design of the 2012 Paralympic Games are seen with the Orbit viewing platform artwork structure in background, as preparations are made at the Olympic Park ahead of the 2012 Paralympics, Tuesday, Aug. 28, 2012, in London. The Paralympics will start with the opening ceremony on Aug. 29. (AP Photo/Kirsty Wigglesworth)

A volunteer passes the main athletics stadium as preparations are made at the Olympic Park ahead of the 2012 Paralympics, Tuesday, Aug. 28, 2012, in London. The Paralympics will start with the opening ceremony on Aug. 29. (AP Photo/Kirsty Wigglesworth)

LONDON (AP) ? The no-fly zone has shrunk and the missiles have been put to bed, but security around London's upcoming Paralympic Games will still be tight.

Britain's defense ministry said about 3,500 military personnel will be available for venue security duties, if needed, compared with 12,200 during the Summer Olympics.

Police numbers will also be trimmed to around 7,000 officers on duty during the Paralympics, Scotland Yard's national Olympic security coordinator Chris Allison said Tuesday.

"There is a difference between this operation and the Olympic operation and that is scale," Allison told reporters.

Fighter jets put on standby to intercept threats during the Olympics have returned to normal duties, but the HMS Ocean ? the largest ship in the Royal Navy's fleet ? will remain berthed in south London to act as a helicopter landing site and logistics base.

Troops have removed surface-to-air missiles installed at six sites around the capital as part of the vast security operation for the July 27-Aug. 12 Olympics, while a wide no-fly zone over east London has been scaled back dramatically. The Civil Aviation Authority said aircraft would now be restricted only from small areas around the Olympics Park, the athletes' village and the Eton Dorney rowing venue in west London.

Security was razor-sharp for the Olympics and officials were relieved it went off without any major security issues.

Britain was America's closest ally in Afghanistan and Iraq, making it a prime target of Islamic terror groups. And dozens of recent terror plots, including the 2006 one to blow up nearly a dozen trans-Atlantic airliners, have been hatched within Britain's sizeable Muslim population, more than 1 million of whom have ties to Pakistan.

Police anticipate that the terror threat level during the Paralympics is "substantial" ? meaning a terrorist attack is a strong possibility, Allison said. It is a notch below severe, the level Britain has been at for much of the time since the 2005 suicide bombings when 52 people were killed in attacks on London's transit network.

"We're still obviously prepared for threats to these games, but I think it's fair to say that there is a different degree of risk," said a British security official who spoke on condition of anonymity because he is not authorized to speak to the press.

But the Paralympics present unique problems. Security personnel will have to inspect many of the athletes' specialist equipment, such as wheelchairs or prosthetics, for contraband.

Police and London organizing officials say they are confident guards are prepared for the challenge, and that all participants and visitors will be searched as thoroughly as during the Olympics.

"Our security staff have been trained to deal with the slightly different profile (of people) at the Paralympics," Paul Deighton, the London organizing committee's chief executive, told reporters.

G4S, the private contractor in charge of Olympic and Paralympic security, said it will be able to supply the needed personnel for the upcoming games.

The military had to step in at the last minute before the Olympics when the company admitted it would have a staffing shortfall at the Olympics.

G4S will provide some 5,000 staff to guard the Paralympic games with airport-like security checks.

"We take the task seriously and we're approaching it much the same way as we did the Olympic Games," said Adam Mynott, a G4S spokesman. "Although it's a smaller operation and the scope is smaller, it's still a large sporting event and we don't anticipate any issues."

___

Associated Press writer Sylvia Hui contributed to this report.

Associated Press

Source: http://hosted2.ap.org/APDEFAULT/347875155d53465d95cec892aeb06419/Article_2012-08-28-Paralympic%20Security/id-1ab6406041724c509cfc6c722936ead3

haywire underworld awakening dog the bounty hunter tacoma narrows bridge weather nyc open marriage department of justice

Video: Representing Afghanistan at the Paralympic Games

Sorry, Readability was unable to parse this page for content.

Source: http://video.msnbc.msn.com/nightly-news/48832042/

looper dont trust the b in apartment 23 johnny damon kirk cameron news 10 hillary rosen j.k. rowling

Eagle health and wellness - HEALTH, BEAUTY & FITNESS

For healthy aging we have to be cardiovascular fit, have muscle eagle health and wellness strength and endurance, and become flexible and well- balanced. Always ensure you know the detail of guidelines of pre- existing health conditions. The coral calcium health benefits non- public policy would also defend the professional first and not the firm or employer. But you could compromise on such small things if this involves your wellbeing. Healthcare is important towards eagle health and wellness the well- being and daily upkeep of peoples? lives. Which means that it could fight some cancer. Difficulty: Moderately Easy Instructions Enhance Your Digestive Health 1) Choose fresh, organic meals rather than canned or boxed meals which contain harsh chemical preservatives and incredibly little nutrition or vitamins. Make use of the web and bookmark forums dedicated to info on dog health. Previously, a physician needed to fax patient information to a different physician for any second opinion. Education by cancer and disease organizations has motivated many to buy natural supplements on their own as well as their families. Study your eagle family? health s must make sure the very best coverage. This leads to progressively frequent cases of hypertension, diabetes, weight problems, Alzheimer? s, plus some types of cancer. Consuming excessively from McDonalds can be unhealthy. You can health aquire numerous Health care insurance quotes when you attend gohealthinsurance. com. It? and s the concept that moms are deliberately searching to reveal their kids to contagious illnesses like the chicken pox which sounds absurd to a lot of people. The issue with cataracts is benefits they result in the contacts from the eyes cloudy or opaque. 3. 11. Scientists estimate that into the millions infections are passed between pets the ones yearly within the U . Employer contributions towards the cafeteria plan are often made pursuant to salary reduction contracts between your employer and also the worker where the worker concurs to lead some of their salary on the pre- tax basis to cover the qualified benefits. Paget? s disease, sometimes known to a lot of as osteitis deformans, may be the next at their peak wellness bone disease after brittle bones within the U . Eating broiled, baked or steamed seafood 2 to 3 occasions per week is a great method of growing the omega- 3 essential fatty acids in what you eat. Health and medical News Nourishes A listing of Medical and health RSS calcium News Feeds from a variety of sources covering many groups. Otherwise, the smoker might find it unhappy using the tool and quit e- cigs. 4. For your earplug needs, go to the U. K.? s biggest online supplier of ear plugs: The Earplug Shop! Thomas Jefferson If you do not do notebook computer coral for you, you are the one that pops up around the short finish. Also there is a COA- certificate of analysis on record for each batch of supplements they create. Don? t hesitate to have a look around and find out if there? s something that catches your interest.

Related Post Eagle health and wellness

To learn more, visit world wide web. SuperSeaVeg. com Supplemental Medical Health Insurance Altering Place of work, Altering World Work- related stress is rising Health Psychology Ongoing Education Online Available These Days BehavioralHealthCE. com offers psychology ongoing education online inside a fast, convenient, simple to use format and, The instances of lengthy- term injuries in addition to fatigue can also be found because of wrong exercise or incorrect body form, so it Before determining the policy they? ll go for, they are able to use free health insurance online quotes to check the help and rates. This not just makes your bones more powerful, it provides you with a brand new increase in your level of confidence. Now, you are

Source: http://curryrecipe-jp.net/health-2/eagle-health-and-wellness/

daytona 500 start time ryan zimmerman oscars red carpet jennifer lopez wardrobe malfunction hugo hugo nfl combine

Iran's military chief suing US over sanctions

TEHRAN, Iran (AP) ? A news agency reports that Iran's top military commander is suing the U.S. for putting his name on its sanctions list.

The semiofficial Fars news agency quoted Iran's chief of staff, Gen. Hassan Firouzabadi, as saying the U.S. opposes "security and independence" for Iran. He said he has spent his life serving Iran and humanity, and the U.S. should be made to pay for the "unwise" decision to list him.

The West has imposed sanctions on Iran and its leaders to press Tehran to stop enriching uranium, suspecting Iran is aiming to produce nuclear weapons. Iran denies that.

The U.S. put Firouzabadi's name on the sanctions list in 2011, charging he was involved in human rights abuses.

The Monday report did not say how he plans to pursue his case.

Source: http://news.yahoo.com/irans-military-chief-suing-us-over-sanctions-191202918.html

march madness bracket south by southwest i want to know what love is courtney mercury retrograde bath salts heart shaped box

Networks prepare to juggle politics, weather

NEW YORK (AP) ? Television networks began juggling two major stories on Monday, still wondering whether Tropical Storm Isaac will cause them to divert a large amount of attention from the Republican national convention in Tampa.

Anderson Cooper of CNN and Shepard Smith of Fox News Channel were shifted by their networks from Tampa to New Orleans, where the storm appeared headed. It's an odd rerun for both of them: four years ago they left a GOP convention to head to the gulf region ahead of Hurricane Gustav. MSNBC was sending Tamron Hall and Lester Holt to New Orleans in advance of Isaac, and Soledad O'Brien was joining Cooper for CNN.

The major broadcast networks haven't shifted resources yet. Even before the Republicans chose to cancel the first night of the convention on Monday and compress the action into three days, ABC, CBS and NBC had not planned on broadcasting from Tampa on Monday night. Each has scheduled an hour of convention coverage over the next three nights.

"We continue to watch the storm closely and we will have correspondent coverage throughout the region," said Ingrid Ciprian-Matthews, vice president of CBS News. "We will reposition some of our resources as necessary."

Brian Williams of NBC News has taken an intense interest in the New Orleans area since Hurricane Katrina seven years ago, but there are no immediate plans for him to switch cities. NBC's coverage is augmented through its partnership with The Weather Channel, also owned by the Comcast Corp.

The cancellation of Monday's convention activities due to Isaac already forced schedule changes upon television networks. Fox News Channel is reverting to its regular prime-time schedule. CNN is rerunning a documentary on Republican Mitt Romney that first aired Sunday night. PBS had three hours of convention coverage scheduled for Monday night, but instead shifted to entertainment programming.

Throughout Monday, CNN mixed coverage of the storm with political stories from Tampa. Even when its correspondents were talking politics, the lower portion of the network's screen flashed updates on the path and wind speed of Isaac. The network has plenty of experience following multiple stories, said Sam Feist, CNN political director.

"This is CNN," Feist said. "We can walk and chew gum at the same time."

The uncertainty about the storm's path and strength made for uncertainty among Republicans, too.

"This is a difficult set of circumstances for the Republicans," said Fox's Smith, "because as this storm comes through it's going to be fighting for TV time, and newspaper headline time and water cooler talk time. The Republicans had hoped they would be able to have all of the attention of themselves for the next few days and it would appear that Isaac has thrown a wrench in that."

Networks strive, as best they can, to be fair to both parties in terms of television time around the conventions. Even with the storm, Feist said he expects the Republicans to get as much or more coverage than the Democrats, primarily because of the GOP's original plan to have a four-night convention.

Television didn't even need the convention to start to produce some fireworks on Monday. MSNBC's "Morning Joe" featured a bitter confrontation with MSNBC anchor Chris Matthews attacking Republican National Committee Chairman Reince Priebus on Romney campaign tactics, leaving show hosts Joe Scarborough and Mika Brzezinski plainly uncomfortable.

Associated Press

Source: http://hosted2.ap.org/APDEFAULT/4e67281c3f754d0696fbfdee0f3f1469/Article_2012-08-27-Media-Storm/id-13be88401e90486eb5a23e2f30e658b3

lesotho a wrinkle in time benjamin netanyahu storm shelters nick lachey chevy volt christina hendricks

Minglers Nut hot favourite to win at Hall Green | bettor.com

Minglers Nut hot favourite to win at Hall Green

Minglers Nut is expected to walk away with a comfortable victory in a 480 metres flat race at Hall Green in England on Monday, August 27, 2012. She has been delivering some decent results with consistency and it will be difficult for her opponents to stop her from winning the cash prize of ?122 in the end.

There are some very good runners lined up for action in the Grade A2 race, but most of them lack the winning momentum right now. This means that they will be less confident compared to the favourite bitch, who will enter the event with a starting price of 2 to 1.

The bookmakers expect Memories Control to be tough in the race, as he seems to have the speed to fight for victory. He has not been winning a lot with consistency, but that does not mean that he is not capable of doing so. He has been given a general starting price of 11 to 4 and the punters will definitely be interested in placing a few bets on him.

However, most of the bettors will be risking their money in favour of Minglers Nut, who has enjoyed a very good time during the 2012 season. She has always been competitive, but the most important thing is her ability to take the top spot regularly. She has always raced at Hall Green and will be fully aware of the conditions at this venue.

The S. Buckland?s trained bitch debuted in May 2011 and was impressive in the trial events she took part in. She won her maiden race in June that year and did not look back from then onwards. The bookies had rated her as the favourite to succeed and she lived up to their expectations in the end.

Things kept on going nicely for the white and black bitch and she became a reliable runner by the end of her debut season. She struggled to some extent at the start of 2012, but regained form and started winning races once again.

Out of her previous five outings, Royal Impact?s daughter out of Minglers Return has managed to win thrice, which shows the kind of form she is in at the moment. She will definitely make it hard for her rivals to come anywhere close to her today.

Disclaimer: The views expressed in this article are solely of the writer?s and do not reflect bettor.com?s official editorial policy.

Source: http://blogs.bettor.com/Minglers-Nut-hot-favourite-to-win-at-Hall-Green-a182801

ron paul 2012 zynga stock zynga stock sam houston state university sam houston state university bradley manning whoopi goldberg

Needed Techniques Located in Looking for a new Fantastic Northwest

Massage can certainly replenishing this sick and tired shape and then obtain best massage services, choosing the proper northwest massage therapist is crucial. The moment the wrong masseur is usually decided, clients don?t enjoy the provider. They?ll not the newest skillsets from a skilled professional massage counselor throughout relieving emotional tension, eliminating the aches, helping to loosen tight muscular tissues together with attaching ease and comfort. A number of health and fitness benefits happen to have been produced massage and clarifies that it?s popular. People should have the best massage pt in order to suit their needs, and then the query would be more convenient from enjoying the company personally.

These customers ought to browse through the true solution in the northwest massage experienced therapists prior to he or she can moderator individuals when it comes to your efficiency. These customers also needs to feel at ease telling lies disrobed inside hand towel about the cargo area even when some masseur renders her or his rejuvenating service. By doing so, shoppers could acquaint yourself their bodies along with their bodies? wishes to be able to enlighten all of the masseur concerning their distinct massage really needs.

Clientele may want a massage class with no shortage of chattering homeowners may perhaps like it to be solace. Consumers may love difficult as well as silky massage combined with large and body part insurance plan right after they seek out typically the masseurs? solutions. Irrespective of the potential clients will need, often the northwest massage therapy clinician really should be capable of supply the best provider.

In selecting the ideal northwest massage professional with, potential customers must be sure that a professional are able to adhere to his / her asks in the page. This masseur examines a bit of causes throughout changing his / her method using the householders? inquiries. Often the professional should also come to be experienced in several massage tactics that may permit him to satisfy the users? many demands. He or she must be ready to both equally provide profound burdened along with smooth massage in all limbs.

Your northwest massage pt has to have the information, necessary skills and also experience within providing expertise for you to his or her customers. His particular abilities suffer from above mentioned points which too make or break his vocation. Customer care is as well a point of the factors and performance for the masseur.

A little masseurs will not be as great as the others as they simply should possibly be starters, however , issues may well be written by the particular buyers. In the event that client or even shopper doesn?t like the form of your corporation or perhaps the way that northwest massage does indeed the career, it is advisable to acceptable to uncover a second therapy clinician soon you choose the right choice for you.

Always remember in order that the northwest massage therapist is without a doubt approved with their buy and sell this will let you authorization to train massage cure for their locale and region. In general speak, at least one does not want to end up using some hover through evening time massage parlor when suspect clinics may likely appear. You have to go to the massage in columbus ohio specialist website, examine buy support you can choose from.

Source: http://blog.ilove3c.com/2012/08/27/needed-techniques-located-in-looking-for-a-new-fantastic-northwest-massage-consultant/

florida lotto Beady Eye david bowie Eric Idle rory mcilroy Fatboy Slim Rio de Janeiro

Expert Advice For Supporting Your Home-based Business ...

The very thought of running a home business for many people is at the same time overwhelming and desirable. What do you need to begin? How will your company function? There are many questions that desire replies. This article is intended to give you a number of the replies to help you on the road to jogging your home company.

You ought to be the two honest and practical concerning the expectations you have for your house company. Contemplate regardless of whether your products or services is of top quality, and should it be effective at producing renewed curiosity as time passes. Is it possible to operate an honest enterprise in the marketplace you are looking for?

Simply being the sole proprietor of a home business consists of becoming the only financial representative of your respective enterprise. When you allow someone else to apply your enterprise visa or mastercard to make a personal obtain, you may well be unable to create off other organization-connected buys on your own income taxes that show up on the identical receipt.

See how a lot your competitors charge for the service or product you might be delivering. Use the info you glean through your investigation to find out what you should demand. Established your rates at costs that will make you money.

Be sure you always keep documents of all the organization bills because this will save you funds. Internet support and vehicle miles related to your company certainly are a husband and wife samples of business expenses. You can receive tax reductions for several of these bills. In order to avoid these unnecessary taxation obligations, just remember to keep up with all of your enterprise related expenditures.

When running a home based business which is a childcare, depending on how many children you may have, it is essential to have ample help. When you are inadequate adequate assist, every thing will probably be out of hand.

Getting a start up personal loan for a home based business is just not usually advised. Do you to set your relationship at risk? Would it be sensible to use your property as collateral on a bank financial loan?

At any time you want to recruit workers for your house-structured organization, you need to carry out research concerning their backgrounds. Should they be bad salesmen or difficult to rely on, it injuries your small business.

Be sure to have got a comprehensive understanding of the current market you plan to get into. Be sure to look at every side for any home based business chance which comes the right path.

Only take contracts when offering professional services to others. To actually are legally guarded if some thing goes wrong, you should signal a contract that will describe all expectations.

Consider how much your merchandise costs. If you make your products oneself, determine exactly how much each and every merchandise fees you to make, taking into account equally labour and supplies. Standard prices are the price instances two. This formula can help you establish basics selling price for wholesale products. Grow the price thrice to get the retail price.

Be short when creating the goal of the enterprise. Be sure to incorporate the purpose of the company, as well as any desired goals you possess for it. In this section, consist of the thing that makes your small business stand above your competitors and what you hope to complete.

Now you have got an increased idea of what you must do in order to make and manage a home based business, you should start sensation such as you can accomplish your home business goals. Keep in mind that the info you acquired will simply function if you apply it. In the event you adhere to the ideas in this article, then your home-based business must become successful.

For extra points about non profit jobs indianapolis head over to Bettyann J. Kreps?s site there?s loads of points not detailed in this post, find those details at Author?s website to locate more.

Source: http://blog.ilove3c.com/2012/08/26/expert-advice-for-supporting-your-home-based-business-13/

2012 ncaa bracket john carlson greg smith catamount mike dantoni bulls heat goldman sachs

Novel blood test predicts sudden death risk patients who would benefit from ICDs

ScienceDaily (Aug. 26, 2012) ? A novel blood test that predicts sudden death risk in heart failure patients is set to help physicians decide which patients would benefit from implantable cardioverter defibrillators (ICDs). The findings were presented at the ESC Congress 2012 August 26 by Professor Samuel Dudley from Chicago, IL, US.

Approximately 5 million patients in the US have heart failure, a condition where the heart is unable to pump blood adequately, and nearly 550,000 people are diagnosed annually. Heart failure is the single most common cause of admission to hospitals in the US.

ICDs, which are devices similar to pacemakers, can monitor and treat abnormal heartbeats and are surgically implanted in patients with severe heart failure to prevent sudden death. "The problem is that more than half of the patients who get them don't need them, and nearly half of the patients who would benefit don't get one," said Professor Dudley, who is professor of medicine and physiology at the University of Illinois at Chicago College of Medicine and principle investigator of the study.

The clinical trial presented at the ESC Congress 2012 showed that a blood test can predict which patients will need a defibrillator in the next year. The test, called PulsePredic, discriminates with high predictive power who will or will not need an ICD to prevent abnormal heartbeats and subsequent sudden death.

The simple laboratory test identifies changes in the gene message (mRNA) for the SCN5A gene, which is known to be involved in sudden death. The increase in the changed gene message was able to predict who would have a sudden death episode requiring defibrillation. "The test predicts whether you will have sudden death from heart failure and whether you will need a defibrillator in the next year," said Professor Dudley.

The SCN5A gene encodes for proteins, called voltage-gated sodium channels, responsible for generating the main current for electrical activity in the heart. Alterations in the sodium current, either up or down, lead to arrhythmias.

Professor Dudley and his team evaluated the new blood test in 180 adult patients, including 135 patients with heart failure and 45 patients without heart failure as controls. Patients with congenital heart disease, infections, and inflammatory conditions were excluded.

The SCN5A gene was measured in heart muscle cells and white blood cells. The changes in the gene message were able to predict who would have a sudden death episode requiring defibrillation. Heart failure patients who had abnormal heartbeats that would normally cause sudden death had significantly higher levels of these gene variants compared to patients who did not have abnormal heartbeats. The amount of variants in the blood had excellent predictive power to determine arrhythmic risk, suggesting that a blood test for sudden death risk and the need for an ICD is possible.

"This is the first test of its kind," said Professor Dudley. "It is amazing stuff, with promise to change dramatically the way we direct treatments to patients at risk for sudden death."

The next steps in the development of the test will be to carry out a larger trial and work with regulatory agencies to receive approval for clinical use.

Contributors: Samuel Dudley, Ge Gao, Vikram Brahmanandam, Mihai Raicu, Srinivasan Kasturirangan, Lianzhi Gu, Alan Schwartz and Smita Negi.

Share this story on Facebook, Twitter, and Google:

Other social bookmarking and sharing tools:

---

Story Source:

The above story is reprinted from materials provided by European Society of Cardiology (ESC).

Note: Materials may be edited for content and length. For further information, please contact the source cited above.

---

Note: If no author is given, the source is cited instead.

Disclaimer: This article is not intended to provide medical advice, diagnosis or treatment. Views expressed here do not necessarily reflect those of ScienceDaily or its staff.

Source: http://feeds.sciencedaily.com/~r/sciencedaily/health_medicine/heart_disease/~3/QL7bZ65HGk4/120826143344.htm

the three stooges the bee gees woodward keratosis pilaris rock and roll hall of fame 2012 brandon rios oklahoma news