See you there………..

Beer Yoga:

In ancient Israel, it came to pass that a trader by the name of Abraham Com did take unto himself a young wife by the name of Dot. And Dot Com was a comely woman, broad of shoulder and long of leg. Indeed, she had been called 'Amazon Dot Com.'

And she said unto Abraham, her husband, "Why doth thou travel far from town to town with thy goods when thou can trade without ever leaving thy tent?"

And Abraham did look at her as though she were several saddle bags short of a camel load, but simply said, "How, dear?"And Dot replied, "I will place drums in all the towns and drums in between to send messages saying what you have for sale and they will reply telling you which hath the best price. And the sale can be made on the drums and delivery made by Uriah's Pony Stable (UPS)."

Abraham thought long and decided he would let Dot have her way with the drums. And the drums rang out and were an immediate success. Abraham sold all the goods he had at the top price, without ever moving from his tent. But this success did arouse envy. A man named Maccabia did secrete himself inside Abraham's drum and was accused of insider trading. And the young man did take to Dot Com's trading as doth the greedy horsefly take to camel dung. They were called Nomadic Ecclesiastical Rich Dominican Siderites, or NERDS for short.

And lo, the land was so feverish with joy at the new riches and the deafening sound of drums that no one noticed that the real riches were going to the drum maker, one Brother William of Gates, who bought up every drum company in the land. And indeed did insist on making drums that would work only with Brother Gates' drumheads and drumsticks.

And Dot did say, "Oh, Abraham, what we have started is being taken over by others."

And as Abraham looked out over the Bay of Ezekiel, or as it came to be known "eBay" he said, "We need a name that reflects what we are."

And Dot replied, "Young Ambitious Hebrew Owner Operators."

"YAHOO," said Abraham.

And that is how it all began. It wasn't Al Gore after all.

I have several cats and I was buying a large bags of Whiskas in the local supermarket.

Whilst I was standing in the queue at the checkout a woman behind me asked me if I had a cat.

On impulse, I told her that no, I was starting The Whiskas Diet again, although I probably shouldn't because I'd ended up in the hospital the last time I tried it, but that I'd lost 50 pounds before I awoke in intensive care with tubes coming out of most of my orifices and IVs in both arms.

I told her that it was essentially a perfect diet and the way that it works is to load your trouser pockets with Whiskas dried cat food and simply eat a handful every time you feel hungry. I explained that the food is nutritionally complete so I was going to try it again.

I have to mention here that practically everyone in the queue was by now enthralled with my story, particularly the man who was behind her.

Horrified, she asked if I'd ended up in the hospital in that condition because I had been poisoned by the cat food.

I told her no, it was because I'd been sitting in the road licking my arse when a car hit me.

I thought one guy was going to have a heart attack he was laughing so hard as he staggered out of the doors.

Stupid cow...........why else would I buy cat food??

The vast majority of the population are not criminals, paedophiles or terrorists. Why then does the government insist on treating us as criminals or potential criminals? What happened to ‘innocent until proven guilty’?

The government and the media are using the science of fear to oppress and terrify ordinary citizens into giving up their rights and their freedom in the name of protecting society from obscure threats. The fear of crime and terrorists and the media reporting thereof vastly outweighs the actual risk of ever being a victim of violent crime or terrorism yet the papers and the TV are full of scary reports of planned atrocities, inner city violence and every media report on the internet would have you believe that the net is crawling with paedophiles and hackers and that if you so much as log on, or leave your children unsupervised for a minute or two…….you will become a victim.

We now live in a surveillance society. For the past couple of years the British government has been extremely aggressive in installing surveillance cameras — CCTV on high streets, speeding cameras on highways, and so on. If you are a typical British citizen, your actions are captured on camera hundreds of times a day, and you can be watched with suspicion even without the government having any probable cause to suspect you of anything. Effectively it is now illegal to take pictures of police officers (with the justification being the possibility of terrorist abduction of officers). The erosion of civil liberties in Britain has been short and sharp.

Some of the more crazy Big Brother schemes that are already in place or are planned for the near future include compulsory ID with biometrics (despite the fact that most security experts agree that this does nothing to combat organised crime or terrorism, costs a fortune and is in most cases technologically unworkable…), a database of everything (go figure!), innocent peoples DNA being stored in the DNA crime database for 12 years (just in case they might commit a crime) and the monitoring of ALL civilian communication and internet channels.

This has to stop. We have to fight back to protect our freedom, our civil liberties and our right to privacy.

If you do nothing else, consider supporting civil liberty groups like:

Liberty http://www.liberty-human-rights.org.uk

Civil Liberty http://www.civilliberty.org.uk/

Electronic Privacy Information Center http://epic.org/

If you want to do more lobby your local MP or write to newspapers and the government to get your voice heard.

Most importantly – stop them being able to intrude into your lives and your data.

Encrypt your e-mail. Encrypt your instant messaging. Encrypt your computer. Encrypt your memory sticks. Encrypt your cell phone calls.

Use proven strong encryption.

http://www.pgp.com

http://www.adalia.ee/crypto-phone/kryptoCOM.html

http://www.securstar.com/products_phonecrypt.php?gclid=CLnZza-DyJoCFQEEZgodi0LY2g

http://www.dpl-surveillance-equipment.com/100602.html

http://www.a-gss.com/?p=50

http://www.alibaba.com/product-free/104720420/Encrypt_Voice_Encoder_For_Nokia_And.html

http://my-symbian.com/s60v3/software/applications.php?name=CryptoGraf_Messaging&fldAuto=294&faq=15

http://www.secway.fr/us/products/simplite_msn/home.php

Feel free to pm me if you need advice or help with encryption technologies.

Ben

Communications firms are being asked to record all internet contacts between people as part of a modernisation in UK police surveillance tactics.

The home secretary scrapped plans for a database but wants details to be held and organised for security services.

The new system would track all e-mails, phone calls and internet use, including visits to social network sites.

The Tories said the Home Office had "buckled under Conservative pressure" in deciding against a giant database.

Announcing a consultation on a new strategy for communications data and its use in law enforcement, Jacqui Smith said there would be no single government-run database.

Communications data is an essential tool for law enforcement agencies to track murderers and paedophiles, save lives and tackle crime

Jacqui Smith
Home Secretary

But she also said that "doing nothing" in the face of a communications revolution was not an option.

The Home Office will instead ask communications companies - from internet service providers to mobile phone networks - to extend the range of information they currently hold on their subscribers and organise it so that it can be better used by the police, MI5 and other public bodies investigating crime and terrorism.

Ministers say they estimate the project will cost £2bn to set up, which includes some compensation to the communications industry for the work it may be asked to do.

"Communications data is an essential tool for law enforcement agencies to track murderers, paedophiles, save lives and tackle crime," Ms Smith said.

"Advances in communications mean that there are ever more sophisticated ways to communicate and we need to ensure that we keep up with the technology being used by those who seek to do us harm.

"It is essential that the police and other crime fighting agencies have the tools they need to do their job, However to be clear, there are absolutely no plans for a single central store."

'Contact not content'

Communication service providers (CSPs) will be asked to record internet contacts between people, but not the content, similar to the existing arrangements to log telephone contacts.

REASONS TO CHANGE WHAT CAN BE KEPT

More communication via computers rather than phones

Companies won't always keep all data all the time

Anonymity online masks criminal identities

More online services provided from abroad

Data held in many locations and difficult to find

Source: Home Office consultation

But, recognising that the internet has changed the way people talk, the CSPs will also be asked to record some third party data or information partly based overseas, such as visits to an online chatroom and social network sites like Facebook or Twitter.

Security services could then seek to examine this data along with information which links it to specific devices, such as a mobile phone, home computer or other device, as part of investigations into criminal suspects.

The plan expands a voluntary arrangement under which CSPs allow security services to access some data which they already hold.

The security services already deploy advanced techniques to monitor telephone conversations or intercept other communications, but this is not used in criminal trials.

Ms Smith said that while the new system could record a visit to a social network, it would not record personal and private information such as photos or messages posted to a page.

"What we are talking about is who is at one end [of a communication] and who is at the other - and how they are communicating," she said.

HAVE YOUR SAY

This is a waste of time and money on an unprecedented scale

Sean, Manchester

Existing legal safeguards under the Regulation of Investigatory Powers Act would continue to apply. Requests to see the data would require top level authorisation within a public body such as a police force. The Home Office is running a separate consultation on limiting the number of public authorities that can access sensitive information or carry out covert surveillance.

'Orwellian'

Liberal Democrat home affairs spokesman Chris Huhne said: "I am pleased that the Government has climbed down from the Big Brother plan for a centralised database of all our emails and phone calls.

"However, any legislation that requires individual communications providers to keep data on who called whom and when will need strong safeguards on access.

"It is simply not that easy to separate the bare details of a call from its content. What if a leading business person is ringing Alcoholics Anonymous, or a politician's partner is arranging to hire a porn video?

"There has to be a careful balance between investigative powers and the right to privacy."

DATA CONSULTATION

Download the document [676 KB]

Most computers will open this document automatically, but you may need Adobe Reader

Download the reader here

Shadow home secretary Chris Grayling said: "The big problem is that the government has built a culture of surveillance which goes far beyond counter terrorism and serious crime. Too many parts of Government have too many powers to snoop on innocent people and that's really got to change.

"It is good that the home secretary appears to have listened to Conservative warnings about big brother databases. Now that she has finally admitted that the public don't want their details held by the State in one place, perhaps she will look at other areas in which the Government is trying to do precisely that."

Guy Herbert of campaign group NO2ID said: "Just a week after the home secretary announced a public consultation on some trivial trimming of local authority surveillance, we have this: a proposal for powers more intrusive than any police state in history.

"Ministers are making a distinction between content and communications data into sound-bite of the year. But it is spurious.

"Officials from dozens of departments and quangos could know what you read online, and who all your friends are, who you emailed, when, and where you were when you did so - all without a warrant."

The consultation runs until 20 July 2009.

http://news.bbc.co.uk/2/hi/uk_news/politics/8020039.stm

If your data is online, it is not private. Oh, maybe it seems private.

Certainly, only you have access to your e-mail. Well, you and your ISP.

And the sender's ISP. And any backbone provider who happens to route that mail from the sender to you. And, if you read your personal mail from work, your company. And, if they have taps at the correct points, the NSA and any other sufficiently well-funded government intelligence organization -- domestic and international.

You could encrypt your mail, of course, but few of us do that. Most of us now use webmail. The general problem is that, for the most part, your online data is not under your control. Cloud computing and software as a service exacerbate this problem even more.

Your webmail is less under your control than it would be if you downloaded your mail to your computer. If you use Salesforce.com, you're relying on that company to keep your data private. If you use Google Docs, you're relying on Google. This is why the Electronic Privacy Information Center recently filed a complaint with the Federal Trade

Commission: many of us are relying on Google's security, but we don't know what it is.

This is new. Twenty years ago, if someone wanted to look through your correspondence, he had to break into your house. Now, he can just break into your ISP. Ten years ago, your voicemail was on an answering machine in your office; now it's on a computer owned by a telephone company.

Your financial accounts are on remote websites protected only by passwords; your credit history is collected, stored, and sold by companies you don't even know exist.

And more data is being generated. Lists of books you buy, as well as the books you look at, are stored in the computers of online booksellers.

Your affinity card tells your supermarket what foods you like. What were cash transactions are now credit card transactions. What used to be an anonymous coin tossed into a toll booth is now an EZ Pass record of which highway you were on, and when. What used to be a face-to-face chat is now an e-mail, IM, or SMS conversation -- or maybe a conversation inside Facebook.

Remember when Facebook recently changed its terms of service to take further control over your data? They can do that whenever they want, you know.

We have no choice but to trust these companies with our security and privacy, even though they have little incentive to protect them. Neither ChoicePoint, Lexis Nexis, Bank of America, nor T-Mobile bears the costs of privacy violations or any resultant identity theft.

This loss of control over our data has other effects, too. Our protections against police abuse have been severely watered down. The courts have ruled that the police can search your data without a warrant, as long as others hold that data. If the police want to read the e-mail on your computer, they need a warrant; but they don't need one to read it from the backup tapes at your ISP.

This isn't a technological problem; it's a legal problem. The courts need to recognize that in the information age, virtual privacy and physical privacy don't have the same boundaries. We should be able to control our own data, regardless of where it is stored. We should be able to make decisions about the security and privacy of that data, and have legal recourse should companies fail to honor those decisions. And just as the Supreme Court eventually ruled that tapping a telephone was a Fourth Amendment search, requiring a warrant -- even though it occurred at the phone company switching office and not in the target's home or office -- the Supreme Court must recognize that reading personal e-mail at an ISP is no different.

This essay was originally published on the SearchSecurity.com website, as the second half of a point/counterpoint with Marcus Ranum.

http://searchsecurity.techtarget.com/magazinePrintFriendly/0,296905,sid14_gci1354832,00.html

or http://tinyurl.com/pnv8vq

A precious little girl walks into a pet shop and asks, “Excuthe me, do you have any widdle wabbits?”

The shopkeeper’s heart melts. He gets down on his knees so that he’s on the little girl’s level, and says “Do you want a widdle white wabbit, or a thoft fuffy bwack wabbit, or one like that widdle bwown wabbit over there?”

The little girl looks thoughtful, puts her finger on her chin, bites her cheek and replies: “I don’t weally fink my pyfon gives a phuk.”

The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Experts say many of these errors are not well understood by programmers. 

According to the SANS Institute in Maryland (http://www.sans.org/), just two of the errors led to more than 1.5m web site security breaches during 2008.

It is thought that this is the first time the industry has reached agreement on the worst things that can creep into software as it is being written.

More than 30 organisations, including the US National Security Agency, the Department of Homeland Security, Microsoft, and Symantec published the document.

THE TOP 25 MOST DANGEROUS PROGRAMMING ERRORS

CWE-20:Improper Input Validation

CWE-116:Improper Encoding or Escaping of Output

CWE-89:Failure to Preserve SQL Query Structure

CWE-79:Failure to Preserve Web Page Structure

CWE-78:Failure to Preserve OS Command Structure

CWE-319:Cleartext Transmission of Sensitive Information

CWE-352:Cross-Site Request Forgery

CWE-362:Race Condition

CWE-209:Error Message Information Leak

CWE-119:Failure to Constrain Operations within the Bounds of a Memory Buffer

CWE-642:External Control of Critical State Data

CWE-73:External Control of File Name or Path

CWE-426:Untrusted Search Path

CWE-94:Failure to Control Generation of Code

CWE-494:Download of Code Without Integrity Check

CWE-404:Improper Resource Shutdown or Release

CWE-665:Improper Initialization

CWE-682:Incorrect Calculation

CWE-285:Improper Access Control

CWE-327:Use of a Broken or Risky Cryptographic Algorithm

CWE-259:Hard-Coded Password

CWE-732:Insecure Permission Assignment for Critical Resource

CWE-330:Use of Insufficiently Random Values

CWE-250:Execution with Unnecessary Privileges

CWE-602:Client-Side Enforcement of Server-Side Security

Source: SANS Institute

"The top 25 list gives developers a minimum set of coding errors that must be eradicated before software is used by customers," said Chris Wysopal, chief technology officer with Veracode.

"There appears to be broad agreement on the programming errors," says SANS director, Mason Brown, "Now it is time to fix them."

"We need to make sure every programmer knows how to write code that is free of the top 25 errors."

"Then we need to make sure every programming team has processes in place to find and fix these problems [in existing code] and has the tools needed to verify their code is as free of these errors," he said.

Patrick Lincoln, director of the Computer Science Laboratory at SRI International, told the BBC that if programmers prevented these errors appearing in their code, it would deter the majority of hackers.

"This list is primarily for people who have first responsibility for designing a system. Veteran programmers have probably learnt the hard way whereas a brand new programmer will be making more basic errors."

"The real dedicated serial attacker will probably find a way in even if all these errors were removed. But a high school hacker with malicious intent - ankle-biters if you will - would be deterred from breaking in."

Previously, most advice has focused on vulnerabilities that can result from programming errors. The top 25 list examines the actual programming errors themselves.

The US Office of the Director of National Intelligence, the principal adviser to the President, the National Security Council and the Homeland Security Council also lent their support to the list.

In a statement, they said: "We believe that integrity of hardware and software products is a critical for cyber security. "

"Creating more secure software is a fundamental aspect of system and network security, given that the federal government and the nation's critical infrastructure depend on commercial products for business operations."

"The top 25 is an important component of an overall security initiative for our country. We applaud this effort and encourage the utility of this tool through other venues such as cyber education."

http://news.bbc.co.uk/

By Angus Crawford
BBC News

Service providers will have to store information for 12 months

Rules forcing internet companies to keep details of every e-mail sent in the UK are a waste of money and an attack on civil liberties, say critics.

From March all internet service providers (ISPs) will by law have to keep information about every e-mail sent or received in the UK for a year.

Human rights group Liberty says it is worried what will happen next.

The Home Office insists the data, which does not include e-mails' content, is vital for crime and terror inquiries.

Some three billion e-mails are thought to be sent each day in the UK.

Safe keeping

Shami Chakrabarti, director of Liberty, said ISPs already kept the information on a voluntary basis.

"The thing we have to worry about is what happens next because the government is already mooting plans not just to leave this stuff with the providers but to create a central government database where they hold all the information.

"I'm afraid we just don't trust any government or any organisation to keep that much very sensitive information about us all and to keep it safe."

WHAT IS BEING PROPOSED?

To keep details of every e-mail sent in the UK for a year

Internet Service Providers will have to record who sent the email, to whom and when

The e-mail's content will not be stored

Data can be accessed by more than 600 public bodies, such as the police and councils, if they make a valid request

Part of a European Commission directive

Critics of the new rules also include an association of internet service providers and computer experts.

Dr Richard Clayton, a security researcher at the University of Cambridge's computer lab, said the money could have been better spent.

He said:"There's going to be a record of every single e-mail which arrived addressed to you and all the e-mails you sent out via your ISP.

"That, of course, includes all the spam.

"I'd have liked to see more bobbies on an electronic beat investigating internet crimes.

"There are much better things to do to spend our billions on than snooping on everybody in the country just on the off-chance that they're a criminal."

The new rules are due to come into force on 15 March, as part of a European Commission directive which could affect every ISP in the country.

The firms will have to store the information and make it available to any public body which makes a lawful request, which could include police, local councils and health authorities.

To help set up the system the government may end up paying ISPs between £25m and £70m.

The rules already apply to telephone companies, which routinely hold much of the data for billing.

The Earl of Northesk, a Conservative peer on the House of Lords science and technology committee, said it meant anyone's movements could be traced 24 hours a day.

"This degree of storage is equivalent to having access to every second, every minute, every hour of your life," he said.

"People have to worry about the scale, the virtuality of your life being exposed to about 500 public authorities.

The position as to what the ISPs are to do is not clear

Malcolm Hutty
London Internet Exchange

"Under Article 8 of the European Convention on Human Rights, privacy is a fundamental right... it is important to protect the principle of privacy because once you've lost it, it's very difficult to recover."

The Home Office said the data was a vital tool for investigation and intelligence gathering.

"It will allow investigators to identify suspects, examine their contacts, establish relationships between conspirators and place them in a specific location at a certain time.

"Implementing the EC directive will enable UK law enforcement to benefit fully from historical communications data in increasingly complex investigations and will enhance our national security."

'Better things'

But the industry itself has concerns about how the new rules will work.

Malcolm Hutty, from LINX (London Internet Exchange), a membership association for ISPs, said: "The position as to what the ISPs are to do is not clear."

He said on paper the law applied to all companies, but the Home Office has been saying informally that small ISPs would be exempt.

He said they were now left "in limbo", fearful of legal action if at some time in the future as the company became bigger, they were then expected to collect the data.

Reports have suggested the government has even bigger plans for data retention called the Interception Modernisation Programme.

It could involve one central database, gathering details on every text sent, e-mail sent, phone call made and website visited.

Consultation on the plans is due to begin later this year.

In a country where people are stabbed on the street every day by crackhead thugs and the economy is taking a nosedive don't you think that the government would have better things to spend 70 million on?

Well done Gordon. Stalin would be proud of you. Another triumph of ignorant New Labour social control policy. I urge everyone to start encrypting EVERY single e-mail communication, however routine, sent from or to the UK. Use strong encryption, www.pgp.com is one of the best but there are open source (free) alternatives.

Do not let the Government get away with this further invasion and monitoring of what is supposed to be a free society. With the amount of information breaches by UK Government Agencies lately they cannot be trusted with your personal information or to maintain sensitive databases.

Ben

Robert                   Gordon

The United States abandoned a nuclear weapon beneath the ice in northern Greenland following a crash in 1968, a BBC investigation has found.

Declassified Video

Its unique vantage point - perched at the top of the world - has meant that Thule Air Base has been of immense strategic importance to the US since it was built in the early 1950s, allowing a radar to scan the skies for missiles coming over the North Pole.

The Pentagon believed the Soviet Union would take out the base as a prelude to a nuclear strike against the US and so in 1960 began flying "Chrome Dome" missions. Nuclear-armed B52 bombers continuously circled over Thule - and could head straight to Moscow if they witnessed its destruction.

Greenland is a self-governing province of Denmark but the carrying of nuclear weapons over Danish territory was kept secret.

'Darker story'

But on 21 January 1968, one of those missions went wrong.

Pilots recount Thule crash

We reunited two of the pilots, John Haug and Joe D'Amario, 40 years on to tell the story of how their plane ended up crashing on the ice a few miles out from the base.

In the aftermath, military personnel, local Greenlanders and Danish workers rushed to the scene to help.

Eventually, a remarkable operation would unfold over the coming months to recover thousands of tiny pieces of debris scattered across the frozen bay, as well as to collect some 500 million gallons of ice, some of it containing radioactive debris.

A declassified US government video, obtained by the BBC, documents the clear-up and gives some ideas of the scale of the operation.

The high explosives surrounding the four nuclear weapons had detonated but without setting off the actual nuclear devices, which had not been armed by the crew.

The Pentagon maintained that all four weapons had been "destroyed".

This may be technically true, since the bombs were no longer complete, but declassified documents obtained by the BBC under the US Freedom of Information Act, parts of which remain classified, reveal a much darker story, which has been confirmed by individuals involved in the clear-up and those who have had access to details since.

The documents make clear that within weeks of the incident, investigators piecing together the fragments realised that only three of the weapons could be accounted for.

Even by the end of January, one document talks of a blackened section of ice which had re-frozen with shroud lines from a weapon parachute. "Speculate something melted through ice such as burning primary or secondary," the document reads, the primary or secondary referring to parts of the weapon.

By April, a decision had been taken to send a Star III submarine to the base to look for the lost bomb, which had the serial number 78252. (A similar submarine search off the coast of Spain two years earlier had led to another weapon being recovered.)

But the real purpose of this search was deliberately hidden from Danish officials.

One document from July reads: "Fact that this operation includes search for object or missing weapon part is to be treated as confidential NOFORN", the last word meaning not to be disclosed to any foreign country.

"For discussion with Danes, this operation should be referred to as a survey repeat survey of bottom under impact point," it continued.

'Failure'

But the underwater search was beset by technical problems and, as winter encroached and the ice began to freeze over, the documents recount something approaching panic setting in.

US 'abandoned nuclear bomb'

As well as the fact they contained uranium and plutonium, the abandoned weapons parts were highly sensitive because of the way in which the design, shape and amount of uranium revealed classified elements of nuclear warhead design.

But eventually, the search was abandoned. Diagrams and notes included in the declassified documents make clear it was not possible to search the entire area where debris from the crash had spread.

We tracked down a number of officials who were involved in dealing with the aftermath of the incident.

One was William H Chambers, a former nuclear weapons designer at the Los Alamos nuclear laboratory who once ran a team dealing with accidents, including the Thule crash.

"There was disappointment in what you might call a failure to return all of the components," he told the BBC, explaining the logic behind the decision to abandon the search.

"It would be very difficult for anyone else to recover classified pieces if we couldn't find them."

The view was that no-one else would be able covertly to acquire the sensitive pieces and that the radioactive material would dissolve in such a large body of water, making it harmless.

Other officials who have seen classified files on the accident confirmed the abandonment of a weapon.

The Pentagon declined to comment on the investigation, referring back to previous official studies of the incident.

But the crash, clear-up and mystery of the lost bomb have continued to haunt those involved at the time - and those who live in the region now - with continued concerns over the environmental and health impact of the events of that day in 1968.

From BBC News 

By Gordon Corera
BBC News security correspondent, northern Greenland

The American military and intelligence communities are increasingly worried that would-be Bin Ladens might gather in a virtual world, to plan a real-life attack. But the spies haven't given many details, about how it might be done. Now, a Pentagon researcher has laid out how such a terror plot might unfold. The planning ground is World of Warcraft. The main target of this possibly nuclear strike: the White House.

There's been no public proof to date of terrorists hatching plots in virtual worlds. But online spaces likeWorld of Warcraft are making some spooks, generals and Congressmen extremely nervous. They imagine terrorists rehearsing attacks in these worlds, just like the U.S. military trains with commercial shoot-em-up games. They worry that the massively multiplayer games make it incredibly easy to gather plotters from around the world. But, mostly, virtual worlds are nerve-wracking to spies because they're so hard to monitor. The accounts are pseudonymous. The access is global. The jargon is thick. And most of the spy agencies' employees aren't exactly level-70 shamans.

In a presentation late last week at the Director of National Intelligence Open Source Conference in Washington, Dr. Dwight Toavs, a professor at the Pentagon-funded National Defense University, gave a bit of a primer on virtual worlds to an audience largely ignorant about what happens in these online spaces. Then he launched into a scenario, to demonstrate how a meatspace plot might be hidden by in-game chatter.

In it, two World of Warcraft players discuss a raid on the "White Keep" inside the "Stonetalon Mountains." The major objective is to set off a "Dragon Fire spell" inside, and make off with "110 Gold and 234 Silver" in treasure. "No one will dance there for a hundred years after this spell is cast," one player, "war_monger," crows.

Except, in this case, the White Keep is at 1600 Pennsylvania Avenue. "Dragon Fire" is an unconventional weapon. And "110 Gold and 234 Silver" tells the plotters how to align the game's map with one of Washington, D.C.

The fictional plot was originally developed by Dan Arey, for the Director of National Intelligence's Summer Hard Problems workshop, or SHARP. And its details are a little fuzzy. The terminology doesn't matchWorld of Warcraft lingo, all that precisely. There is no "White Keep" in World of Warcraft; "Dragon Fire" is a spell in EverQuest, the old-school role-playing game, not WoW. But the banter is reminiscent enough of World of Warcraft talk, to give outsiders an idea of how such a conversation might go down -- and how hard it would be to identify.

Steven Aftergood, the Federation of the American Scientists analyst who's been following the intelligence community for years, wonders how realistic these sorts of scenarios are, really. "This concern is out there. But it has to be viewed in context. It's the job of intelligence agencies to anticipate threats and counter them. With that orientation, they're always going to give more weight to a particular scenario than an objective analysis would allow," he tells Danger Room. "Could terrorists use Second Life? Sure, they can use anything. But is it a significant augmentation? That's not obvious. It's a scenario that an intelligence officer is duty-bound to consider. That's all."

Toavs, for one, believes that spies will have to spend more time in virtual worlds like WoW, if they want to have a hope of keeping tabs on what goes on inside 'em. Which means, some day soon, we might find secret agents in World of Warcraft, along with the druids and orcs and night elves.