Archives by date

You are browsing the site archives by date.

Unclear if US strike killed Shebab leader

US forces have carried out air strikes against senior members of Somalia’s al-Qaeda-linked Shebab rebels, with casualties reported but uncertainty over the fate of the group’s leader.


The Pentagon confirmed on Tuesday that an “operation” was carried out the previous day against the hardline militia, and that it was “assessing the results”.

“The Americans carried out a major air strike targeting a gathering by senior Al-Shebab officials, including their leader Abu-Zubayr,” said Abdukadir Mohamed Nur, governor for southern Somalia’s Lower Shabelle region.

Abu-Zubayr is the often-used name for Shebab supreme commander Ahmed Abdi Godane, listed by the US State Department as one of the world’s eight top terror fugitives.

If confirmed, Godane’s death would be a major blow for the Shebab – although Somali officials said late Tuesday they were still trying to establish who was killed.

“The Shebab suffered big casualties during the attack. We can’t give further details until we get additional information on the exact number of casualties, but what I know is that the target was the leadership,” government spokesman Ridwan Haji Abdiweli told reporters.

Washington has carried out a series of drone missile strikes in the past, including attacks reportedly targeting Godane.

“We are assessing the results of the operation,” Pentagon Press Secretary Rear Admiral John Kirby said in a statement.

The Shebab refused to be drawn on speculation that Godane had been killed.

“Let the Americans say that they have killed Shebab’s leader,” a senior Shebab official said.

“So far the Americans just gave us rumours.”

The air strike comes days after African Union (AU) troops and government forces launched “Operation Indian Ocean”, a major offensive aimed at seizing key ports from the Islamist rebels and cutting off one of their key sources of revenue – multi-million dollar exports of charcoal.

“They were meeting to discuss the current offensive in the region,” Nur said.

“There were casualties inflicted on the militants.”

Nur said the strike hit a Shebab hideout used as a training camp for suicide bombers a in remote village of the Lower Shabelle region, south of the capital Mogadishu and seat of Somalia’s internationally-backed but fragile government.

On Saturday, the AU mission in Somalia, AMISOM, said it had captured the town of Bulomarer, some 160 kilometres southwest of Mogadishu.

The town was the scene of an attempted raid by French commandos in January 2013 to free an intelligence agent being held hostage.

The bid failed and resulted in the death of two members of the French special forces as well as the hostage.

AMISOM and Somali government troops were also seen on roads towards Barawe, the last major port held by the hardline Islamists,.

As the offensive gathers pace, authorities in Mogadishu said they were willing to give “misled” Shebab members one last chance to surrender.

“They can surrender within 45 days, but anyone who stands against that offer will be recognised as a criminal and brought to justice,” Somalia’s minister for national security, Khalif Ahmed Ereg, told reporters.

Godane, 37, who reportedly trained in Afghanistan with the Taliban, took over the leadership of the Shebab in 2008 after then chief Adan Hashi Ayro was killed by a US missile strike.

Al-Qaeda chief Ayman al-Zawahiri has recognised Godane as the head of the “mujahedeen” in East Africa, although letters released after Osama bin Laden’s death show the late Saudi Islamist leader had lower regard for the Somali’s abilities.

He is included in a third category of men on whom information warrants a $US7 million ($A7.57 million) reward from the US, alongside Nigeria’s Boko Haram leader, but under the Taliban’s Mullah Omar, for whom a tip is worth up to $US10 million, and Zawahiri, who fetches $US25 million.

Celebrity photo hack: Blame Apple for its disregard for user security

In the wake of the theft of the private data and photos of dozens of celebrities, there is at least one major culprit.


Not the alleged leakers, though obviously they’re to blame, but the company that has most prominently overstated its security in the first place: Apple.

Apple is currently delighted that people are talking about how you shouldn’t take naked photos of yourself in the first place, but make no mistake: Apple has been provably irresponsible with users’ security. It is currently unclear how the naked photos were gathered—most likely through a number of different methods and different servers over a period of months if not years.

What is clear is that Apple has had a known security vulnerability in its iCloud service for months and has been careless about protecting its users. Apple patched this vulnerability shortly after the leak, so even if we’re not sure of exactly how the photos got hacked, evidently Apple thinks it might have had something to do with it. Whether or not this particular vulnerability was used to gather some of the photos—Apple is not commenting, as usual, but the ubiquity and popularity of Apple’s products certainly points to the iCloud of being a likely source—its existence is reason enough for users to be deeply upset at their beloved company for not taking security seriously enough. Here are five reasons why you should not trust Apple with your nude photos or, really, with any of your data.

1. The vulnerability is Security 101 stuff.

Up until Monday, Apple had a significant and known brute-force vulnerability in its Find My iPhone service, where you type in your Apple ID and password on your computer in order to locate your iPhone on a map. Most services that use passwords, from Facebook to Google to banks, will lock your account or at least throttle logon attempts after a certain number of failed access tries to prevent a person who is not you from making endless guesses at common passwords.

Apple itself will do this in most places—but not through its Find My iPhone service, where hackers are allowed unlimited attempts at guessing passwords. You can endlessly try password after password as quick as you like. Once a correct Apple ID password is confirmed through Find My iPhone, a hacker then has access to your iCloud account.  So a hacker could simply run an automated tool and knock on the door enough times with password guesses until he broke through. Even a decent password, like “[email protected]!” would still be vulnerable to this sort of attack. The Find My iPhone vulnerability doesn’t really rise to the level of a bug, since limiting brute-force attacks is part of the basic security design of any system—or should be.

2. The vulnerability was publicly known since May.

A Russian security group called HackApp released iBrute, a proof-of-concept tool to exploit this vulnerability, on Aug. 30. But don’t blame them, because the celebrity hacking probably took place quite a while before that. The Register publicized the lack of any sort of limit on iCloud logon attempts in May, and Apple did nothing about it, giving hackers plenty of time to bash away at accounts. Even after iBrute was publicly released, Apple didn’t patch the vulnerability until Sept. 1 and did nothing to secure accounts in the meantime. I cannot fathom how the company left this one out in the wild for months, and I suspect it will cost someone at Apple his or her job.

3. Apple defaults users into the cloud.

Clouds are wispy and ephemeral, the very opposite of secure, so why would you want to store anything in them? No one particularly does: Cloud storage has been forced on users because it suits tech companies, not because it’s what’s best for consumers. But Apple makes it very hard not to store photos in its cloud, nude or otherwise. Camera Roll automatically backs up photos (all photos) to the cloud by default, and Apple makes it difficult for average users to change the default. It’s worked. And it’s too bad, because whatever you store on the cloud has far less legal and security protection than what’s on your own computer.

Even deleting photos from your phone doesn’t delete them from the cloud, as security expert Nik Cubrilovic pointed out on Twitter. (The American Civil Liberty Union’s Christopher Soghoian has wisely suggested a “private photo” feature that doesn’t upload certain photos to the cloud.) Defaulting to the cloud is like checking baggage on an airline: People might look through your stuff, and even steal it. And like the airlines, Apple’s liability is strictly limited by the extremely generous (to Apple) agreement you sign when you purchase any of its products.

The false sense of security Apple creates by offering two-factor authentication and then not enforcing it is appalling.

4. Apple does not encourage two-factor authentication.

Two-factor authentication, in which physical possession of a particular device (like a phone) is necessary to log in to an account, is one of the most common and effective supplements to the problematic security of regular passwords. Google, Yahoo, Facebook, Twitter, and many other services offer two-factor, though rarely by default. Still, as the Daily Dot writes, “For reasons that defy all logic, Apple makes it extraordinarily difficult to enable two-step verification,” making users wait three days just to turn it on. (In other words, if you had found out about the vulnerability on Aug. 30, you couldn’t have protected yourself until Sept. 2.) 

Apple barely publicizes its two-factor authentication and has not encouraged users to adopt it. Apple controls the default user experience for its products, and it has the responsibility for that default to be reasonably secure—which it currently is not.

5. Two-factor authentication wouldn’t have worked anyway.

Even if you were a celebrity who had enabled two-factor authentication, it wouldn’t have helped in this case because Apple doesn’t enforce two-factor authentication for iCloud logons even if you have it turned on as was reported by Ars Technica all the way back in May of 2013. Apple primarily uses two-factor to prevent credit card purchases, not to protect the privacy of your data. Though probably the least exploited loophole (due to the difficulty of using Apple’s two-factor in the first place), this is perhaps the most sheerly irresponsible security decision Apple has made. The false sense of security created by offering two-factor and then not enforcing it is appalling.

These are all problems Apple has known about for months, if not years, and did nothing to stop. Apple’s two-factor is still fundamentally broken, so even today Apple is still misrepresenting the security it can offer to its users. This is not to excuse any other services that may have been compromised, nor the hackers themselves. But whether or not any of these problems were directly responsible for the leak, Apple users, from Jennifer Lawrence to corporate executives to laptop musicians to you, should be out for blood, and other companies should use this as a lesson to double- and triple-check their own security stories. Apple will probably survive though. IPhones are so cool and pretty.

David Auerbach is a writer and software engineer based in New York. 

© Slate 2014


Djokovic, Murray renew rivalry in U.S. Open blockbuster

Sixteen years after they first met in a junior competition in France, the pair are set to lock horns for the 21st time as professionals, their sixth grand slam clash but at the earliest stage of the lot.


World number one Novak Djokovic will enter the match as the favourite, having reached the last eight without dropping a set, while Murray looked back on form in beating Jo-Wilfried Tsonga to make the quarter-finals.

Murray beat Djokovic in the 2012 U.S. Open final and in the 2013 Wimbledon final and despite his form, the Serb is well aware of how tough a match he faces.

“I think Andy also performs his best in the grand slams,” said Djokovic, who is 12-8 lifetime versus Murray. “In the big matches, as the tournament progresses, he’s still fit. He still plays very high quality tennis. That’s what I expect him to do.”

The pair are the only two men to have reached at least the quarter-finals of all four grand slams this year.

Murray said there were unlikely to be many surprises between the two but in his column with the New York Times, he said the weather could be significant, a reference, perhaps, to the 2012 final when he coped better with the wind than Djokovic.

“You can’t just have the same tactics every single time you play him,” said Murray. “There needs to be some adjustments depending on the surface and the conditions. We’ll see what those are Wednesday.”

Japan’s Kei Nishikori will be hoping to rebound from his marathon win in the previous round, which equalled the latest ever U.S. Open finish of 7:26 a.m. BST (0626 GMT), when he takes on third seed Stan Wawrinka of Switzerland.

Women’s top seed Serena Williams plays Italy’s 11th seed Flavia Pennetta for a place in the semi-finals while Victoria Azarenka, the runner-up in each of the past two years, faces Russia’s Ekaterina Makarova.

(Editing by Frank Pingue)

Misbah mea culpa after Sri Lanka disaster

Pakistan’s cricket captain Misbah-ul Haq has admitted his failure with the bat was a “big factor” in his team’s disastrous tour of Sri Lanka.


Pakistan were beaten 2-0 in the Tests and lost the three match one-day series 2-1 in August.

Veteran Misbah has held Pakistan’s frail batting order together since being appointed captain in 2010, and was the world’s leading scorer in one-day cricket last year with 1373 runs.

But age appeared to be catching up with the 40-year-old in Sri Lanka where he scratched out a total of just 67 runs over both Tests and the same in the three one-dayers.

“If I take pressure it won’t solve the problem, my contribution as a batsman was not there and it was a big factor,” he said on Tuesday.

“I should do more work on my basics and try to come back in form as soon as possible because when you play as a senior batsman in the team your contribution is very important.”

Newly appointed coach Waqar Younis and batting coach Grant Flower have come under fire since the losses but Misbah said it was too early to pronounce judgment.

“Whatever staff is with you, they try to help you and do the hard work with the players and work with the team, but sometimes when you come into such a situation where results don’t come, it needs some time… before the next series we have time to eradicate whatever weaknesses we have.”

Misbah and Younis met Pakistan Cricket Board chairman Shaharyar Khan on Tuesday to plan for their next two series against Australia and New Zealand – both in United Arab Emirates.

Pakistan plan to hold a training camp later this month to tune up for the series against Australia, which starts with a Twenty20 international in Dubai on October 5.

Asylum seekers fill jobs Australians refuse to do

Tamil asylum seekers have filled jobs in regional south-east Queensland that locals refuse to do, cleaning up garbage dumps and rubbish from roadsides.


The Western Downs, about 300 kilometres West of Brisbane, is prime agricultural land and experiencing a coal seam gas boom.

“We’ve very little unemployment across the Western Downs, we’re under three percent, that’s tremendous. We’ve a huge energy sector here, a very vibrant and prosperous agricultural sector,” said mayor Ray Brown.

Listen: Stefan Armbruster talks to workers at Western Downs.

The unemployment rate is less than half the national or Queensland levels but the downside is low-paid, low-skilled work is left undone.

The Tamils were paid above award wages for their clean-up efforts.

Critics said the jobs should go to locals not asylum seekers but mayor Ray Brown had a simple answer.

“The first reaction they offer is how come you don’t employ our own people, well I’m sorry but our own people aren’t prepared to do it, it’s as simple as that,” he said.

“We’ve tried through work for the dole, volunteer organisations, service groups, and community sports groups and pay them accordingly, but look this is a great outcome for our communities, they’ve seen what’s occurred here and they’re very happy too.”

Over the past months, four Tamil asylum seekers have regularly travelled to the Western Downs from Logan, south of Brisbane.

“I like to keep busy, I like to support myself, I like working and I don’t want to stay in my home, I like to keep busy,” said one, named Puchu.

He and fellow Tamils Mohan, Jenny and Raja were still waiting to hear if Australia would accept their refugee claims or send them back to Sri Lanka.

They arrived before August 2012, when the federal government removed work rights for bridging visas.

“These guys they’ll get up for you at 2 o’clock in the morning; they’ll get up for you at anytime during the day; they’re more than happy to help and don’t even want money for it sometimes,” said Trent Ker from the refugee settlement agency Access, which secured them the work.

“You explain to them that’s not what we are asking, we’re asking just asking you to come into work. They’re amazing, I’ve never seen anything like it in my life.”

Environmental regulations required councils to keep dumps clean or face fines of up to $1 million.

Mayor Ray Brown met the four Tamils at the Moonie waste-transfer station to thank them for their efforts.

“It’s a great opportunity to catch up with you all and thank you because we’ve tried very hard over the years to get community groups to do this, and to me this is a win-win, while you get your paper work in order,” he told them.

Mr Ker said that was were the downside came in.

“The major challenge is not the language or them doing the job, the biggest challenge is when they get rejected by Immigration, that really touches my heart,” he said.

“You build these relationship with them and see what sort of people they are and Australia sends these people back. That’s the hardest thing for me, to see these people go through that. It’s just heartbreaking.”