A bus rolled down a deep ravine in central Bolivia early Wednesday morning, killing at least 20 passengers and injuring 26, according to news reaching here from La Paz.
Police said the bus plunged into a 30-meter-deep ravine on the road from the capital of La Paz to the central city of Cochabamba.
The injured have been sent to a nearby hospital. Many are in a serious condition and police fear the death toll could rise.
Details and cause of the accident would be released later, police said.
Nani Roma won the first stage of the Dakar Rally in a BMW and David Casteu of France led home the bikes on a Saturday marred by the first death of a fan in four years.
Roma finished the shortened stage from Colon to Cordoba 2 minutes, 7 seconds ahead of Spanish countryman Carlos Sainz in a Volkswagen, and 2:50 in front of BMW teammate Stephane Peterhansel. Giniel De Villiers of South Africa, the 2009 champion, was 4:31 off the lead in a Volkswagen.
“It’s only just the start,” Roma said. “We haven’t really had a battle with the VWs yet. There is still a lot of the race to go. In any case, it was a good special stage for warming up.”
The fatality occurred when a woman watching the rally was struck by a 4×4 driven by Mirco Schultis and partner Ulrich Leardi, who veered off course in north central Argentina.
Norberto Brusa, a spokesman for Rio Cuarto Hospital, said 28-year-old Natalia Sonia Gallardo died from injuries suffered in the crash. Brusa said four other people were injured, but the extent of the injuries was not immediately available.
A witness to the accident told the television station TN that fans were standing outside a secure area reserved for spectators.
“There was no place and the police did not stop people,” said the witness, identified as Gaston Harriague. “The fields around there are all private. They are not permitted places.”
French motorcyclist Pascal Terry died last year in the rally, which is widely regarded as one of motorsport’s most dangerous events.
The stage was trimmed by 30 miles to 124 miles because of flooding at the start, and Peterhansel, a nine-time winner of the Dakar, led early. But Roma, who won the race on a motorbike in 2004, took over the lead after about 30 miles, and kept extending it, while Sainz passed Peterhansel after the midpoint.
Casteu won the 104-mile bike stage in 1 hour, 50 minutes, 42 seconds, only three seconds ahead of fellow French rider Cyril Despres and 12 seconds in front of Spanish rider Marc Coma. Despres and Coma, who have shared victories in the past four Dakars, swapped leads until Casteu came through at the end.
Casteu, a former teammate of Despres but riding for French constructor Sherco, said he was urged by his mechanic before the stage “to make an impact.”
“So I attacked, attacked and attacked,” Casteu said. “I had a great time.”
Despres said he was content just to get through the first day of racing.
“I had butterflies in my stomach this morning because on the last two Dakars, each time my first day was terrible,” he said. “So I’m really happy to have finished. The time I managed wasn’t too bad and, more importantly, I didn’t have any problems.”
Sunday’s second stage takes the racers to La Rioja as the rally moves northwest toward the Chilean border.
The rally, which finishes on Jan. 16 in Buenos Aires, was moved to South America in 2009 because of safety concerns and the possibility of a terrorist attack in Africa.
South Korea’s Yonhap News Agency announced on Monday it will invite leaders of members of the Organization of Asia-Pacific News Agencies (OANA) to a summit set to be held here in April.
The four-day regional meeting, formally titled “OANA Summit Congress”, is expected to gather leaders from 40 member news agencies of the organization during April 21-24, and representatives from four other associations of news agencies outside the region also will attend as an observer, Yonhap said.
The announcement came in a New Year address by Yonhap’s president Park Jung-chan.
Under the theme of “Challenges and opportunity for news agencies,” the summit will focus on seeking ways to jointly cope with the rapidly changing media landscape, and map out joint future strategies, Park said.
Yonhap is set to mark its 30th founding anniversary in 2010, Park said, adding that the agency will take the summit as an opportunity to promote the G-20 summit scheduled for November in Seoul among the regional news agencies, and heighten its status as a rapidly growing global media company among the world’s leading news agencies.
Park also stressed that the attendees will have opportunity to visit South Korea’s major industrial and tourist sites, which willh elp deepen their understandings about the nation.
Yonhap said the Democratic People’s Republic of Korea’s Korean Central News Agency is expected to attend the Seoul summit, paving the ground for new round of inter-Korean media cooperation.
The OANA was formed in 1961 on the initiative of UNESCO to secure direct and free exchange of news between the news agencies of a region inhabited by more than one half of the world’s population. At present OANA brings together 40 news agencies from 33 countries, according to OANA’s website.
Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn’t even recognize the terms phishing, cybercrime, data breach, or botnet. Let’s revisit the top security horrors of the past ten years, and try to remember what we learned from each.
1. Cyberwar
What started out small ended up pretty big. Back in February 2000, a Canadian teenager named Mafiaboy used automated floods of incomplete Internet traffic to cause several sites–including Amazon, CNN, Dell, eBay, and Yahoo–to grind to a halt, in what is called a distributed denial of service (DDoS) attack.
Michael Calce, aka Mafiaboy, pleaded guilty to 55 of 66 counts of mischief and was sentenced to eight months detention. Calce later wrote a book about his experience, entitled Mafiaboy: How I Cracked the Internet and Why It’s Still Broken. Some experts say that all security threats progress through a cycle that moves from fun to profit to politics, and DDoS attacks were no different: Opportunist criminals next started using DDoS to hold various gambling sites for ransom.
In May 2007, DDoS attacks turned political, with hundreds of online Russian sympathizers blocking Estonian government Websites, all because a World War II memorial had been relocated. The attacks continued through the summer until Computer Emergency Response Teams (CERT) from various nations mitigated them. The following year, Russian organized crime targeted the government of Georgia with a DDoS attack.
While some people think the United States might not be ready for the upcoming cyberwars, experts from CERT are now advising the U.S. government on how better to protect its infrastructure based on the attacks we’ve seen thus far.
2. Malware Makes Strange Bedfellows
Viruses and worms have always been around, but in the summer of 2001 one aggressive worm threatened to shut down the official White House Website. Code Red, so named because the discoverer was drinking “Code Red” cola from Mountain Dew at the time, warranted an unprecedented joint press conference with the FBI’s National Infrastructure Protection Center, the U.S. CERT, the Federal Computer Incident Response Center (FedCIRC), the Information Technology Association of America (ITAA), the SANS Institute, and Microsoft.
Two years later, Microsoft again teamed with the U.S. Secret Service, the FBI, and later Interpol to offer a $250,000 reward for information leading to the arrest of those responsible for SoBig, MSBlast, and other major viruses at the time.
Such public-private cooperation is rare, but it happened again in early 2009 when Conficker was poised to wreak havoc on the Internet at midnight on April 1. That didn’t happen, thanks in part to a unique coalition of rival antivirus companies that collaborated with government agencies under the Conficker Working Group name. To this day, this group continues to monitor the worm. Organizations are stronger when they team up against a common enemy, and even security companies can put aside their differences for the common good.
3. MySpace, Facebook, and Twitter Attacks
At the beginning of the decade, security experts at businesses had to struggle with employees’ use of instant messaging from AOL, Webmail from Yahoo, and peer-to-peer networks. These applications poked holes in corporate firewalls, opening various ports that created new vectors for malware.
The battle initally focused on server port 80; but by the end of the decade, the top concerns were Facebook, Twitter, and other Web 2.0 applications.
In 2005, a teenager authored the Samy worm on MySpace, which highlighted a central problem of Web 2.0–that user-contributed content could contain malware. Even as Facebook endured a few privacy snafus, it also had its own worm, called Koobface.
In 2009, Twitter came of age, too, attracting its own malware and highlighting the dangers of shortened URLs–with them, you can’t see what’s waiting on the other side. Twitter also suffered from spam…or did Guy Kawasaki really send you that porn link?
4. Organized Viruses and Organized Crime
After the Melissa virus struck in 1999, e-mail-borne viruses peaked the following year with ILOVEYOU, which clogged e-mail servers worldwide within 5 hours. (See “The World’s Worst Viruses” for more about a clutch of the decade’s early offenders.)
As e-mail spam filters improved to block bulk mailings, malicious coders looked elsewhere, turning to self-propagating worms like MSBlast, which exploited a flaw in Remote Procedure Call messages, and Sasser, which exploited a flaw in Internet Information Services (IIS). About this time, viruses and worms began using Simple Mail Transfer Protocol (SMTP) to bypass e-mail filters so that the compromised machines could spew pharmaceutical spam to random addresses on the Net.
Shortly after Microsoft’s Reward program netted Sven Jaschen, author of Netsky and Sasser, in 2004, the image of a single author creating viruses in a parents’ basement fell out of favor, replaced by organized crime operations with financial ties to porn and bulk pharmaceutical companies. (In 2005, PCWorld wrote a series on the problem, “Web of Crime.”) Groups such as the Russian Business Network (RBN) ran sophisticated spam campaigns, including pump-and-dump penny-stock spam.
5. Botnets
With the financial backing of organized crime syndicates came widespread and clever innovations in malware.
In 2007, the Storm worm–which began like any other virus–started talking to other Storm-compromised computers, forming a network of compromised computers all using the Overnet peer-to-peer protocol. This protocol allowed the operator to send out a spam campaign or to use the compromised computers to launch a DDoS attack.
Storm was not alone. Nugache, another virus, was building a botnet, too. And there were others. Today, botnets have spread to the Mac OS and Linux operating systems. The chances are approaching 50/50 that you might have at least one bot on one of your computers now.
Dave & Busters, Hannaford Brothers, Heartland Payment Systems, and TJX, to name just a few. One man, Albert Gonzalez, pleaded guilty for most of these heists, and was implicated in others. Gonzalez and his crew entered malicious code through the Web-facing sites of these major companies. In turn, the malware infiltrated the internal network, where it could look for unencrypted credit card data.
To combat such data breaches, in 2005 the Payment Card Industry (PCI) produced 12 requirements that all of its member merchants must follow; the PCI Security Council updates those requirements every two years. What lies ahead is end-to-end encryption of the credit card data, so that your personal information is never in the clear from cash register to card brand.
7. Gone Phishing
More effective than spam, yet short of a full-blown data breach, is phishing. The idea here is that a creatively designed e-mail can lure you into visiting a believable-looking site designed solely to steal your personal information. Often these sites use “fast flux,” the ability to switch domains quickly so that you can’t lead law enforcement back to the site.
Using logos and designs from banks and e-commerce sites, some phishing sites seem entirely realistic, a vast improvement over the crude pages full of misspellings of a few years ago. The best defense? Don’t click!
8. Old Protocol, New Problem
Behind the Internet are protocols, some of which today perform functions far beyond what they were originally designed to do. Perhaps the most well-known of the overextended protocols is the Domain Name System (DNS), which, as IOActive researcher Dan Kaminisky explained in 2008, could be vulnerable to various forms of attack, including DNS cache poisoning.
DNS converts a Website’s common name (for example, www.pcworld.com) into its numerical server address (for example, 123.12.123.123). Cache poisoning means that the stored address for a common name could be incorrect, thus leading a user to a compromised site rather than to the intended site–and the user had no way to know. Kaminsky managed to keep the flaw known to a limited group of companies for about six months, and then rolled out a coordinated series of patches that seemed to address many of the more serious vulnerabilities.
Similarly, researcher Marsh Ray of PhoneFactor discovered a hole within SSL/TLS, one that allows for man-in-the-middle attacks while authenticating the two parties. This wasn’t a vendor-specific problem, but a protocol-level flaw. Ray, like Kaminsky, also set about coordinating a patch among affected vendors. However, a second researcher stumbled upon roughly the same thing, so Ray felt compelled to come forward with his vulnerability, even though some of the patches are still to come.
Disclosures such as these have hastened the move to newer standards, such as DNSSEC, which authenticates data in the DNS system, and a newer version of SSL/TLS. Look for the replacement of existing protocols to continue in the coming years.
9. Microsoft Patch Tuesdays
A decade ago, Microsoft released its patches only as needed. Sometimes that was late on a Friday afternoon, which meant that bad guys had all weekend to reverse-engineer the patch and exploit the vulnerability before system administrators showed up for work on Monday.
Starting in the fall of 2003, Microsoft released its patches on a simple schedule: the second Tuesday of every month. What has become known as “Patch Tuesday” has, over the last six years, produced a crop of fresh patches every month, except for four. Oracle patches quarterly, and Adobe recently announced that it would patch quarterly, on or near Microsoft’s Patch Tuesday. Apple remains the only major vendor that doesn’t adhere to a regular cycle for its patches.
10. Paid Vulnerability Disclosure
Independent researchers have debated for years whether to go public with a newly found flaw or to stay with the vendor until a patch is created. In some cases the vendor doesn’t get back to the researcher, or doesn’t make publication of the flaw enough of a priority, so the researcher goes public. On the other side of the fence, criminals certainly don’t go public, knowing that such vulnerability information is worth serious money on the black market.
After years of back and forth, in recent times one or two security companies have decided to pay researchers to stay quiet; in exchange, the company works with the necessary vendor to see that the patch is produced in a timely fashion and that clients of the company get details of the flaw sooner than the general public.
For instance, at the CanSecWest Applied Security Conference, Tipping Point Technologies annually awards $10,000 to the researcher who can hack a given system. And payment-for-vulnerabilities programs have matured in recent years. For example, in Microsoft’s December 2009 Patch Tuesday release, all five of the Internet Explorer vulnerabilities patched can be attributed to the iDefense Zero Day Initiative program.
The political crisis in Honduras “expanded” the impact of the global recession on Honduras’ economy, the Economic Commission for Latin America and the Caribbean (ECLAC) said Monday.
The Santiago-based ECLAC said that apart from the unstable political situation in the country, the military coup against ousted President Manuel Zelaya also had a negative impact on Honduras’ economy, which is highly dependent on external aid.
“Honduras is submerged in a deep political polarization, and strong restrictions on its economic growth are visible, which are the product of the events that occurred in 2009,” the ECLAC said.
From June 28 when the coup broke out till Nov. 30, Honduras had lost more than 1.1 billion U.S. dollars in aid, according to the Honduran Social Forum on External Debt and Development.
The domestic political stalemate has also diverted the country’s attention from revealing an anti-crisis plan against the backdrop of the global financial crisis.
Given the grave economic situation of the nation, the ECLAC noted that the new government, led by President-elect Porfirio Lobo who has not been largely recognized by the international community, would face a very difficult situation.
According to the ECLAC, the gross domestic product (GDP) of Honduras is expected to end the year 2009 with a contraction of 3 percent, against the previously forecasted growth of 2.5 percent.
Meanwhile, the Central Bank of Honduras (BCH) projected a worse outcome, between minus 1 and minus 2 percent, explaining that the Honduran economy as a whole had contracted by 3.2 percent from January to September.
Additionally, during that period, the country’s economy had decreased 34.7 percent in terms of the construction sectors. These sectors suffered a “lack of financing and the reduction of the capital incomes through the direct foreign investments” that dropped by 40 percent, the BCH added.
“It reflects the negative effects of the world recession, and the uncertainty produced by the internal political crisis,” the central bank explained.
Moreover, “due to the drop of the incomes and the impossibility of getting external financing,” the ECLAC said the internal debt has grown almost 80 percent.
Also, the lack of foreign investments and the 11 percent reduction of remittances contributed to a greater governmental deficit, which has risen from 2.4 percent of the GDP to 4.5 percent.
A drop in the imports of goods and services by 22 percent might also exacerbate the plight, while 650,000 people in the country are living in extreme poverty.
As for next year, Honduras has projected negative growth, and its external debt of 3.6 billion dollars has become almost unpayable.
Although the international community has promised Honduras a package of financial aid, Lobo stressed earlier this month that international aid worth at least 2 billion U.S. dollars would be at stake if the political crisis in his country was not solved.
The fund, according to the president-elect, was related to the aid programs of many countries and organizations, including the Central American Bank for Economic Integration (CABEI) and the Inter-American Development Bank (IDB).
Islamabad police have taken strict security measure for Muahramul Haram, one of the four months on the Islamic Lunar Calendar declared sacred in the holy book (Qur’an) as the capital city of Pakistan is the second target of terrorism after Peshawar, the provincial capital of the North West Frontier Province (NWFP).
Amid insecurity and fresh wave of terrorism, officials in Pakistan have finalized strict security measures during Muhramul Harram in Islamabad and other parts of the country.
Talking to Xinhua, Bin Yamin, Deputy Inspector General (DIG) Operations, Islamabad Police, said that after Peshawar, Islamabad is the next target of terrorists, adding that therefore security was beefed up inside and around the city as huge processions are expected to be carried out during Muharam.
Bin Yamin said that metal detectives and other equipment have been installed at all points of gatherings for Muharram. He said that entry and exit points for processions were specified.
The DIG said that Quick Response Force, Anti-terrorist Squad and 82 police commandos along with more than 7,000 cops were deployed on various locations of the capital city, adding that in Islamabad certain sensitive areas were identified and its security was tightened.
The senior police official maintained that a suicide attacker failed to hit his target on Thursday night because of the foolproof security in the city.
Meanwhile, various locations in Islamabad were barricaded and barbed wire was around sensitive points and offices. Besides deployment of additional policemen, Senior Superintendent Police (SSP) Islamabad Tahir Alam Khan would supervise all the security arrangements during the processions and Majalis (gathering) and in this regard a control room has also been set up in his office.
Sources inside the religious circles said that 149 processions would be brought out during Muharram and 773 Majalis would be held during the holy month in the twin cities, Islamabad and Rawalpindi.
Security in the volatile city, Peshawar, was beefed up as well. In a telephonic conversation with Xinhua, Sahibzada Anees, Deputy Commissioner (DC) of Peshawar said that in the history of Pakistan the days of Muharramul Haram were noted as sensitive because of violence.
“So security in Muharram always remains on top of the government’s agenda,” he stated.
Anees said that the provincial officials were aware that Peshawar was the major victim in the recent wave of suicide attacks, so, special steps were taken to minimize threat of violence in the city, which is also lying adjacent to the Federally Administered Tribal Areas (FATA), the cradle of militancy in Pakistan.
Commenting on the security plan for Peshawar, he said that from security point of view, the city was divided into three areas that is the city itself, its outskirts and the bordering areas adjacent to the Pakistani tribal areas.
He declined to give detailed plan of his security, however, clarified that CCTVs were installed and fire brigades, hospitals, security agencies and other related institutions were put on high alert.
Police would guard Imambargahs, place of worship of the Shia sect, and the routes of processions. NWFP government has already banned entry of 200 Ulema to Peshawar during Muharram, because of security situation and their religious affiliation.
The NWFP police have clarified that personnel of the Pakistan army would remain standby in aid of the frontier police and their services would be utilized in case of any untoward happening during Muharram.
Reports suggest that more than 3,000 policemen were deployed inside the city to keep the law and order intact in the city.
Meanwhile, security plans for other cities in the country were also chalked out. Talking to media men, Pervez Rathore, Capital City Police Officer (CCPO) of Lahore, the capital of the Punjab province, has said that police have identified 184 possible trouble spots in the city, in order to maintain a peaceful atmosphere and sectarian harmony in the provincial metropolis during Muharramul Harram.
Rathore further said that police officers and more than 12,000 police Jawans would provide security cover to 4,000 Majalis and 640 processions, while armed personnel would also be deployed to provide security to different programs to be held in the city and its outskirts.
In Quetta, the provincial capital of the Balochistan province, 4,000 officials of law enforcing agencies would be deployed to maintain law and order in the provincial capital during MuharramulHarram.
Police sources in Quetta said that 1,800 police cops would perform security duty around Imambargahs and places where Majalis would be held.
Meanwhile strict security measures have also been taken in Karachi, capital of the Sindh province in southern part of Pakistan.
Official statistics suggest that 4,098 Majalis (gathering) would be held including 3,823 of Fiqh Jafaria (Shia sect of Muslims) and 275 of Sunni sect of Muslims while 1,228 processions would be taken out from various areas of the city.
It was learned that extra-ordinary security has been made for Ulema (religious scholars) and citizens, along routes of various processions and central procession, and at all mosques, Imambargahs and places of Majalis.
Reports from Gilgit-Baltistan in northern Pakistan, reveal that25 walk-through gates would be installed in the capital city Gilgit.
Monitoring of different areas through close circuit camera would continue on the occasion in Gilgit-Baltistan.
A battalion of army would be ready to assist the provincial police besides paramilitary forces during mourning processions. Arial surveillance by helicopters would also be made on the occasion.
It is worth to note that Pakistan has a long history of sectarian violence during Muharramul Harram and threats of terrorism as well as violence are eminent as crackdown against militants is going on in parts of the country.
The programs of Muharramul Haram would come to end on Dec. 28.
China would enhance supports to small and medium enterprises (SMEs) next year with preferential tax policy and easier channels to raise fund, a senior official said Thursday.
Li Yizhong, Minister of Industry and Information Technology, told members of the National People’s Congress (NPC) Standing Committee that the government has set up a special fund under the central budget to promote the development of SMEs and increased input into the fund each year.
The government earmarked 10.89 billion yuan (1.59 billion U.S. dollars) from the central budget to support SMEs development this year, more than doubled from 4.99 billion yuan in 2008, Li said.
At the end of September, China has 10.3 million registered enterprises, of which the SMEs accounted for more than 99 percent, he said.
According to China’s regulation, SMEs refers to enterprises whose annual business revenue is below 300 million yuan. But in retail and accommodation industry, the maximum annual business revenue is 150 million yuan for an SME.
The SMEs, hit hard by the global financial crisis, were recovering thanks to the government’s economic stimulus package, Li said. Their output during the January-September period this year equaled to about 60 percent of the country’s gross domestic product.
According to Li, small low-profit enterprises with an annual taxable income not exceeding 30,000 yuan could next year calculate their taxable income at 50 percent of the actual income and pay enterprise income tax at a rate of 20 percent.
China’s anti-graft chief He Guoqiang on Tuesday called on authorities to further clean up corruption in the construction sector to protect people’s interests and contribute to steady and relatively fast economic development.
The country’s discipline inspection authorities had investigated 3,517 graft cases linked to the construction sector since July, and had punished 1,521 people involved, He, head of the Communist Party of China (CPC) Central Commission for Discipline Inspection, said in a meeting in Beijing.
Close to 800 civil servants had been formally prosecuted, said He, member of the Standing Committee of the CPC Central Committee Political Bureau.
Noting that China’s crackdown on construction-related corruption had seen initial success, He admitted that the sector still had “a few noticeable problems” which had upset the market economy order, impaired the interests of the people, and led to corruption problems.
According to He, China had launched a two-year campaign to fight corruption and misconduct in the construction sector, and year 2010 was crucial to this campaign.
Authorities should strengthen supervision over government-invested construction projects and those using state construction funds, he said.
He also urged to step up effectiveness of the supervision and investigation. Government and party department should coordinate with each other in order to ensure the success of the campaign, he said.
A senior leader of the Communist Party of China (CPC) on Friday stressed the need of strengthening inspection to intensify intra-party supervision and maintain discipline.
He Guoqiang, member of the Standing Committee of the CPC Central Committee Political Bureau and head of the CPC Central Commission for Discipline Inspection, made the remarks during a meeting of the central leading group set up for the CPC’s inspection work.
Intra-party inspection was formulated as part of the CPC’s intra-party supervision mechanism in 2003.
Intra-party inspection is key to enforcing the CPC’s disciplines, stepping up party building and maintaining social stability, He said.
He urged inspection authorities to give top priority to the enforcement of the party’s political disciplines.
Chinese President Hu Jintao recently called for the whole nation to make further advancement in reform of the cadre and personnel system.
Vice President Xi Jinping, also a Standing Committee member of the Political Bureau of the Communist Party of China (CPC) Central Committee, made the indications on the issue as well, noting that more achievement should be made in building a scientific cadre’s selection and appointment system.
The CPC central committee has approved the outline of deepening the reform of cadre and personnel system (2010-2020) and it has been formally released. The plan put forward the goal and major tasks of the reform in next ten years.
The plan stressed the importance in dealing key issues concerning leadership and cadre cultivation, in making correct standard of cadre appointment and in improving the public credibility of cadre selection.